CN117610065A - Verification method and device for call request, electronic equipment and storage medium - Google Patents

Verification method and device for call request, electronic equipment and storage medium Download PDF

Info

Publication number
CN117610065A
CN117610065A CN202311370291.9A CN202311370291A CN117610065A CN 117610065 A CN117610065 A CN 117610065A CN 202311370291 A CN202311370291 A CN 202311370291A CN 117610065 A CN117610065 A CN 117610065A
Authority
CN
China
Prior art keywords
application
service request
verification
called
identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311370291.9A
Other languages
Chinese (zh)
Inventor
陈旭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianyi Electronic Commerce Co Ltd
Original Assignee
Tianyi Electronic Commerce Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianyi Electronic Commerce Co Ltd filed Critical Tianyi Electronic Commerce Co Ltd
Priority to CN202311370291.9A priority Critical patent/CN117610065A/en
Publication of CN117610065A publication Critical patent/CN117610065A/en
Pending legal-status Critical Current

Links

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Abstract

The invention discloses a verification method and device for a call request, electronic equipment and a storage medium, wherein the verification method comprises the following steps: and under the condition that the target application signs up for the target product, receiving a calling request, analyzing the calling request to obtain an application identifier, extracting sign information related to the application identifier and a called interface identifier set from a preset database, authorizing the called interfaces indicated by each called interface identifier in the called interface identifier set based on the sign information to obtain an authorization result, checking the service request under the condition that the authorization result indicates that all the called interfaces are authorized successfully, and releasing the service request under the condition that the checking is passed. The invention solves the technical problems that the call request cannot be effectively checked in the related art, and the system is easy to be attacked maliciously.

Description

Verification method and device for call request, electronic equipment and storage medium
Technical Field
The present invention relates to the field of software technologies, and in particular, to a verification method and apparatus for a call request, an electronic device, and a storage medium.
Background
In order to meet the requirement of the external merchant on the call of each functional module of the organization system, the external merchant is required to access the organization system, so that the organization system is prevented from being broken down due to the malicious attack call of the external merchant, and the call request of the external merchant is required to be checked.
However, in the related art, only the external request traffic is checked, and whether the external request traffic has permission to call the related interface cannot be determined, so that the accuracy of the checking result of the checking of the external request traffic is low, and the organization system is easy to be attacked maliciously.
In view of the above problems, no effective solution has been proposed at present.
Disclosure of Invention
The embodiment of the invention provides a verification method and device for a call request, electronic equipment and a storage medium, which at least solve the technical problem that the call request cannot be effectively verified in the related art, and a system is easy to be attacked maliciously.
According to an aspect of an embodiment of the present invention, there is provided a verification method of a call request, including: receiving a call request under the condition that a target application signs a contract for a target product, wherein the target application is used for initiating a service request, the target application is corresponding to an application identifier, and the call request at least comprises: the service request and the application identifier; analyzing the calling request to obtain the application identifier, and extracting subscription information associated with the application identifier and a called interface identifier set from a preset database; authorizing the called interfaces indicated by each called interface identifier in the called interface identifier set based on the subscription information to obtain an authorization result; and checking the service request under the condition that the authorization result indicates that all the called interfaces are authorized successfully, and releasing the service request under the condition that the check is passed.
Optionally, before receiving the call request, the method further includes: receiving merchant information, wherein the merchant information comprises: merchant attribute information and business information; verifying the merchant information, and creating an application based on the service information under the condition that the verification is passed; and generating the application identifier for the application, and storing the application identifier into the preset database.
Optionally, after generating the application identifier for the application, the method further includes: determining a product corresponding to the application based on the service information, wherein the product comprises: the interfaces are used for being called when the service request initiated by the application is processed; controlling the application to sign a contract on the product, and generating the sign information of the application, wherein the sign information comprises: the signing validity duration of the application and each interface; generating an application key of the application under the condition that the application signs up the product; and storing the subscription information and the application key into the preset database.
Optionally, after generating the application key of the application, in the case that the signing of the product by the application is completed, the method further includes: acquiring a preset document of the product, and determining a preset interface set related to the service request initiated by the application, wherein the preset document comprises: product information, interface information; judging whether the service request needs encryption or not based on the interface information corresponding to each preset interface in the preset interface set; under the condition that the service request needs to be encrypted, encrypting the service request and the application identifier by adopting the application key; and generating the call request based on the encrypted service request and the application identifier.
Optionally, based on the subscription information, authorizing the called interface indicated by each called interface identifier in the called interface identifier set to obtain an authorization result, including: determining the signing effective duration corresponding to the called interface based on the signing information; judging whether the signing of the target application and the called interface is valid or not based on the signing valid duration; determining to authorize the called interface if the subscription of the target application and the called interface is valid; and under the condition that the authorization of all the called interfaces is completed, recording the authorization result as authorization success.
Optionally, the step of verifying the service request includes: performing time stamp verification on the service request; under the condition that the time stamp passes the verification, the application key of the target application is adopted to carry out signature verification on the service request; and under the condition that the signature verification passes, determining that the service request is verified to pass.
Optionally, the verification method further includes: under the condition that the service request is not checked, intercepting the service request and determining a cause of failure of the check; and returning the verification failure reasons to the target application.
According to another aspect of the embodiment of the present invention, there is also provided a verification apparatus for a call request, including: the receiving unit is used for receiving a call request under the condition that the target application signs the target product, wherein the target application is used for initiating a service request, the target application is corresponding to an application identifier, and the call request at least comprises: the service request and the application identifier; the analyzing unit is used for analyzing the calling request to obtain the application identifier, and extracting subscription information associated with the application identifier and a called interface identifier set from a preset database; the authorization unit is used for authorizing the called interfaces indicated by each called interface identifier in the called interface identifier set based on the subscription information to obtain an authorization result; and the verification unit is used for verifying the service request under the condition that the authorization result indicates that all the called interfaces are authorized successfully, and releasing the service request under the condition that the verification is passed.
Optionally, the verification device further includes: the first receiving module is used for receiving merchant information before receiving the call request under the condition that the target application signs up for the target product, wherein the merchant information comprises: merchant attribute information and business information; the first verification module is used for verifying the merchant information and creating an application based on the service information under the condition that the verification is passed; the first generation module is used for generating the application identifier for the application and storing the application identifier into the preset database.
Optionally, the verification device further includes: a first determining module, configured to determine, based on the service information, a product corresponding to the application after the application identifier is generated for the application, where the product includes: the interfaces are used for being called when the service request initiated by the application is processed; the first signing module is configured to control the application to sign a sign on the product, and generate signing information of the application, where the signing information includes: the signing validity duration of the application and each interface; the second generation module is used for generating an application key of the application under the condition that the application signs up the product; and the first storage module is used for storing the subscription information and the application key into the preset database.
Optionally, the verification device further includes: the first obtaining module is configured to obtain a preset document of the product after generating an application key of the application when the application completes signing the product, and determine a preset interface set related to the service request initiated by the application, where the preset document includes: product information, interface information; the first judging module is used for judging whether the service request needs to be encrypted or not based on the interface information corresponding to each preset interface in the preset interface set; the first encryption module is used for encrypting the service request and the application identifier by adopting the application key under the condition that the service request needs to be encrypted; and the third generation module is used for generating the call request based on the encrypted service request and the application identifier.
Optionally, the authorization unit includes: the second determining module is used for determining the signing effective duration corresponding to the called interface based on the signing information; the second judging module is used for judging whether the signing of the target application and the called interface is valid or not based on the signing valid duration; a third determining module, configured to determine that the invoked interface is authorized when the subscription of the target application with the invoked interface is valid; and the first recording module is used for recording the authorization result as authorization success under the condition that the authorization of all the called interfaces is completed.
Optionally, the verification unit includes: the first verification module is used for performing time stamp verification on the service request; the second checking module is used for carrying out signature checking on the service request by adopting the application key of the target application under the condition that the time stamp checking is passed; and the fourth determining module is used for determining that the service request passes the verification under the condition that the signature passes the verification.
Optionally, the verification device further includes: the first interception module is used for intercepting the service request and determining a verification failure reason under the condition that the verification of the service request is not passed; and the first return module is used for returning the verification failure reasons to the target application.
According to another aspect of the embodiment of the present invention, there is further provided a computer readable storage medium, where the computer readable storage medium includes a stored computer program, where when the computer program runs, the device where the computer readable storage medium is controlled to execute the verification method of any one of the call requests described above.
According to another aspect of the embodiment of the present invention, there is also provided an electronic device, including one or more processors and a memory, where the memory is configured to store one or more programs, and when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement a method for checking any one of the call requests.
In the method, when a target application signs up for a target product, a call request is received, the call request is analyzed to obtain an application identifier, subscription information related to the application identifier and a called interface identifier set are extracted from a preset database, the called interfaces indicated by each called interface identifier in the called interface identifier set are authorized based on the subscription information to obtain an authorization result, the service request is checked when the authorization result indicates that all the called interfaces are authorized successfully, and the service request is released when the check is passed. In the method, after signing a target product by a target application, analyzing a received call request to obtain an application identifier of the target application, extracting signing information related to the application identifier and a called interface identifier set from a preset database, authorizing the called interfaces indicated by each called interface identifier according to the signing information, checking service requests carried by the call request if an authorization result indicates that all the called interfaces are authorized successfully, and releasing the service requests to complete corresponding service processing if the authorization result passes, so that interface granularity authorization check of a system can be realized, the accuracy of the check result is improved, external malicious attacks are effectively avoided, and the technical problems that the call requests cannot be effectively checked and the system is easily attacked maliciously in related technologies are solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiments of the invention and together with the description serve to explain the invention and do not constitute a limitation on the invention. In the drawings:
FIG. 1 is a flow chart of an alternative method of verification of a call request according to an embodiment of the invention;
FIG. 2 is a schematic diagram of an alternative authorization verification process for a service invocation interface, in accordance with an embodiment of the invention;
FIG. 3 is a schematic diagram of an alternative call request verification apparatus in accordance with an embodiment of the invention;
fig. 4 is a block diagram of a hardware structure of an electronic device (or mobile device) for invoking a verification method of a request according to an embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be noted that, related information (including but not limited to user equipment information, user personal information, etc.) and data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present disclosure are information and data authorized by a user or sufficiently authorized by each party, and the collection, use and processing of related data need to comply with related laws and regulations and standards of related areas, and are provided with corresponding operation entries for the user to select authorization or rejection.
The invention uses the service authorization mechanism to authorize the external call flow, the flow which does not pass the authorization check is refused, the flow which passes the authorization verification is allowed to enter the downstream business system to execute the corresponding business operation, the problem of authorizing and verifying the external flow is effectively solved, and the request can be distinguished whether to be allowed or blocked, thereby ensuring the safety and the reliability of the system.
In the invention, the merchant is allowed to create the application program and bind the application program to the product (namely a group of interfaces), the unique identifier of the application program is used as an input parameter, authorization verification is performed on the interfaces, and the request flow is allowed to be transmitted to a downstream service system for further processing only after successful verification, so that when a calling function is disclosed to an external merchant, the authorization verification can be performed on the granularity of the interfaces, and malicious attacks can be effectively prevented.
The present invention will be described in detail with reference to the following examples.
Example 1
According to an embodiment of the present invention, there is provided an embodiment of a verification method of a call request, it being noted that the steps shown in the flowchart of the drawings may be performed in a computer system such as a set of computer executable instructions, and although a logical order is shown in the flowchart, in some cases the steps shown or described may be performed in an order different from that herein.
FIG. 1 is a flow chart of an alternative method of verifying a call request, as shown in FIG. 1, according to an embodiment of the invention, the method comprising the steps of:
step S101, receiving a call request under the condition that a target application signs up for a target product, wherein the target application is used for initiating a service request, the target application corresponds to an application identifier, and the call request at least comprises: service request and application identification.
Step S102, analyzing the calling request to obtain an application identifier, and extracting subscription information associated with the application identifier and a called interface identifier set from a preset database.
Step S103, based on the subscription information, authorizing the called interfaces indicated by each called interface identifier in the called interface identifier set to obtain an authorization result.
Step S104, checking the service request when the authorization result indicates that all called interfaces are authorized successfully, and releasing the service request when the check is passed.
Through the steps, when the target application signs up for the target product, a call request is received, the call request is analyzed to obtain an application identifier, subscription information related to the application identifier and a called interface identifier set are extracted from a preset database, the called interfaces indicated by each called interface identifier in the called interface identifier set are authorized based on the subscription information to obtain an authorization result, the service request is checked when the authorization result indicates that all the called interfaces are authorized successfully, and the service request is released when the check is passed. In the embodiment of the invention, after the target application signs the target product, analyzing the received call request to obtain the application identifier of the target application, extracting the sign information related to the application identifier and the called interface identifier set from the preset database, authorizing the called interfaces indicated by each called interface identifier according to the sign information, if the authorization result indicates that all the called interfaces are authorized successfully, checking the service request carried by the call request, and if the authorization result indicates that all the called interfaces are authorized successfully, releasing the service request to complete corresponding service processing, thereby realizing the interface granularity authorization check of the system, improving the accuracy of the check result, effectively avoiding external malicious attacks, and further solving the technical problems that the call request cannot be effectively checked in the related technology and the system is easy to be attacked maliciously.
Embodiments of the present invention will be described in detail with reference to the following steps.
An optional embodiment, before receiving the call request, in a case that the target application signs up for the target product, further includes: receiving merchant information, wherein the merchant information comprises: merchant attribute information and business information; verifying the merchant information, and creating an application based on the service information under the condition that the verification is passed; and generating an application identifier for the application, and storing the application identifier into a preset database.
In the embodiment of the invention, if an external caller needs to call a mechanism system to process service, a corresponding application needs to be created first, specifically: the external caller may first log into the open portal platform of the institution system and then input merchant information (the merchant information includes merchant attribute information, service information, such as merchant business license, merchant address, etc., service information of a service type, etc.), and then verify the received merchant information (e.g., validity, authenticity, etc. of the verification information) by the institution system, and if the verification is passed, create an application (i.e., create an application of a corresponding type according to a service type that needs to be performed) according to the service information, and generate an application identifier (i.e., an application unique identifier) for the application, and store the application identifier to a preset database for subsequent use.
In the embodiment of the invention, the external calling party can newly establish a plurality of applications according to different service types.
Optionally, after generating the application identifier for the application, further comprising: determining a product corresponding to the application based on the service information, wherein the product comprises: the interfaces are interfaces which are required to be called when processing service requests initiated by the application; the control application signs a contract on the product to generate application signing information, wherein the signing information comprises: applying the signing valid duration with each interface; under the condition that the signing of the product by the application is completed, generating an application key of the application; and storing the subscription information and the application key into a preset database.
In the embodiment of the invention, after the application is created, a product (namely a group of interfaces) needs to be signed up by entering a signing interface, specifically: the method comprises the steps of determining a product corresponding to an application according to service information (namely selecting a product capable of realizing service functions according to the service information), wherein the product comprises a plurality of interfaces, each interface is an interface which needs to be called when a service request initiated by the application is processed so as to realize the required service functions), and then controlling the application to sign a contract on the product so as to generate sign information corresponding to the application, wherein the sign information comprises: the duration of the subscription with each interface is applied. After signing the product by the application, an application key of the application can be generated, and then the signing information and the application key are required to be stored in a preset database and are associated with an application identifier of the application so as to be convenient for subsequent use.
Optionally, after generating the application key of the application, in the case that the signing of the product by the application is completed, the method further includes: acquiring a preset document of a product, and determining a preset interface set related to a service request initiated by an application, wherein the preset document comprises: product information, interface information; judging whether the service request needs encryption or not based on interface information corresponding to each preset interface in the preset interface set; under the condition that the service request needs to be encrypted, encrypting the service request and the application identifier by adopting an application key; and generating a call request based on the encrypted service request and the application identifier.
In the embodiment of the invention, after the signing of the application and the product is completed, a call request can be generated according to a use document (namely a preset document, wherein the preset document comprises product information (such as information of functions, use and the like of the product) and interface information (such as information of involved interfaces including parameters, security level and the like)), and specifically comprises the following steps: the method comprises the steps of firstly acquiring a preset document of a product, determining a preset interface set related to a service request initiated by an application, judging whether the service request needs to be encrypted (for example, if the security level is higher, encryption is needed) according to interface information corresponding to each preset interface in the preset interface set, encrypting the service request and an application identifier by using an application key if the service request needs to be encrypted, and generating a calling request according to the encrypted service request and the encrypted application identifier.
Step S101, receiving a call request under the condition that a target application signs up for a target product, wherein the target application is used for initiating a service request, the target application corresponds to an application identifier, and the call request at least comprises: service request and application identification.
In the embodiment of the invention, after the target application (the target application can initiate a service request and corresponds to an application identifier) signs up on the target product, a call request (the call request comprises the service request, the application identifier and the like) can be constructed, and then the call request is sent to the unified flow inlet for authorization verification (namely, the call request is received under the condition that the target application signs up on the target product, so that the follow-up authorization verification is facilitated).
Step S102, analyzing the calling request to obtain an application identifier, and extracting subscription information associated with the application identifier and a called interface identifier set from a preset database.
In the embodiment of the invention, after receiving the call request, the unified flow inlet can analyze the call request to obtain the unique application identifier in the parameter (namely, analyze the call request to obtain the application identifier), extract the subscription information associated with the application identifier and the called interface identifier set from the storage medium (namely, a preset database), and then call the authorization system to carry out service authorization verification.
Step S103, based on the subscription information, authorizing the called interfaces indicated by each called interface identifier in the called interface identifier set to obtain an authorization result.
Optionally, based on the subscription information, authorizing the called interface indicated by each called interface identifier in the called interface identifier set to obtain an authorization result, including: determining the signing effective duration corresponding to the called interface based on the signing information; judging whether the signing of the target application and the called interface is valid or not based on the signing valid duration; under the condition that the signing of the target application and the called interface is effective, determining to authorize the called interface; and under the condition that the authorization of all the called interfaces is completed, recording the authorization result as authorization success.
In the embodiment of the invention, after receiving the authorization request, the authorization system can query the subscription information of the external calling party on the open portal platform from the storage medium, analyze whether the subscription content is in the validity period (namely, determine the subscription validity duration corresponding to the called interface based on the subscription information, and judge whether the subscription of the target application and the called interface is valid based on the subscription validity duration), if the subscription of the target application and the called interface is valid, the authorization of the called interface can be determined, and after the authorization of all the called interfaces is completed, the authorization result is recorded as authorization success, otherwise, the authorization result is recorded as authorization failure, and finally the authorization result is returned to the unified flow inlet.
Step S104, checking the service request when the authorization result indicates that all called interfaces are authorized successfully, and releasing the service request when the check is passed.
Optionally, the step of verifying the service request includes: performing time stamp verification on the service request; under the condition that the time stamp verification is passed, the application key of the target application is adopted to carry out signature verification on the service request; and in the case that the signature verification passes, determining that the verification passes on the service request.
In the embodiment of the invention, after the authorization result indicates that all called interfaces are authorized successfully, the service request needs to be checked, specifically: the method comprises the steps of performing timestamp verification on a service request (namely judging whether the time length from service request generation to verification exceeds a preset time length threshold value, if yes, the service request can be maliciously tampered and needs to be intercepted, if not, the timestamp verification is passed), if the timestamp verification is passed, performing signature verification on the service request by using an application key of a target application (namely, using the application key to judge whether the signature of the service request is tampered or not, and if not, signature verification is passed), and if the signature verification is passed, determining that the service request is passed, and releasing the service request so that the service request can call downstream services to finish service processing.
Optionally, the verification method further includes: under the condition that the service request is not checked, intercepting the service request and determining the reason of failure in checking; and returning the verification failure reasons to the target application.
In the embodiment of the invention, if the verification of the service request is not passed, the service request is possibly tampered, the service request needs to be intercepted, the verification failure reason (such as that the signature is not passed or the timestamp is not passed) can be determined, and then the verification failure reason is returned to the target application, so that the target application can adjust the service request in time, and the service request is reinitiated.
The following detailed description is directed to alternative embodiments.
In the embodiment of the invention, the problem of authorization verification of external flow is required to be solved, and whether the request is released or not is distinguished through verification, so that the safety and the reliability of the system are provided. In this embodiment, the merchant may newly create an application, control the application to bind the product (the set of interfaces), and then complete authorization verification of the interfaces by transmitting the unique identifier of the application, and after the authorization verification, put the current request flow to the downstream service system to complete service processing, thereby preventing malicious attack from being invoked.
FIG. 2 is a schematic diagram of an optional authorization verification process for a service call interface according to an embodiment of the present invention, as shown in FIG. 2, the specific process is as follows:
(1) An external caller may log into an open platform (H5 page, a web page format page), enter merchant information to create an application, and generate an application unique identification id for the application, where the external caller may create multiple applications.
(2) After creating the application, the user enters a signing interface to sign up the product (a group of interfaces) and generates an application key.
(3) After signing, service calling requests, such as https, are initiated to the unified flow portal according to the use document of the product: application id.
(4) After receiving the service call request, the unified flow inlet analyzes the application unique identifier id in the request, extracts the unique identifier of the called interface from the storage medium, and then calls the authorization system to carry out service authorization verification.
(5) After receiving the authorization request, the authorization system synchronizes the product subscription information of an external caller in an open portal from the application management system, analyzes whether the subscription content is in the validity period, and returns the authorization verification result to the unified flow inlet.
(6) After a series of checks (such as time stamp checks) are performed on the unified flow inlet, whether the current request is released is judged, and if the current request passes the checks, the current request is released to the service system for processing.
In the embodiment of the invention, the method for carrying out authorization verification on the service call interface is provided, the authorization verification can be carried out on the granularity of the interface, the unauthorized call of an external calling party can be effectively prevented, the whole authorization interaction process is simpler, required authorization parameters are more simplified, and in addition, the whole authorization verification and encryption and decryption verification process is decoupled, so that the whole process is more efficient and maintainability is higher.
The following describes in detail another embodiment.
Example two
The verification device for call request provided in this embodiment includes a plurality of implementation units, each implementation unit corresponding to each implementation step in the first embodiment.
FIG. 3 is a schematic diagram of an alternative call request checking apparatus according to an embodiment of the present invention, as shown in FIG. 3, the checking apparatus may include: a receiving unit 30, a parsing unit 31, an authorizing unit 32, a checking unit 33, wherein,
the receiving unit 30 is configured to receive a call request when the target application signs a contract for the target product, where the target application is used to initiate a service request, and the target application corresponds to an application identifier, and the call request at least includes: service request and application identification;
The parsing unit 31 is configured to parse the call request to obtain an application identifier, and extract subscription information associated with the application identifier and a called interface identifier set from a preset database;
an authorization unit 32, configured to authorize, based on the subscription information, the called interfaces indicated by each called interface identifier in the called interface identifier set, and obtain an authorization result;
and the verification unit 33 is configured to verify the service request if the authorization result indicates that all the invoked interfaces are authorized successfully, and release the service request if the verification is passed.
In the verification device, when the target application signs up for the target product, the receiving unit 30 may receive the call request, the analyzing unit 31 analyzes the call request to obtain the application identifier, extracts the sign information associated with the application identifier and the set of called interface identifiers from the preset database, authorizes the called interfaces indicated by each called interface identifier in the set of called interface identifiers based on the sign information by the authorizing unit 32, obtains the authorization result, verifies the service request when the authorization result indicates that all called interfaces are authorized successfully, and releases the service request when the verification passes. In the embodiment of the invention, after the target application signs the target product, analyzing the received call request to obtain the application identifier of the target application, extracting the sign information related to the application identifier and the called interface identifier set from the preset database, authorizing the called interfaces indicated by each called interface identifier according to the sign information, if the authorization result indicates that all the called interfaces are authorized successfully, checking the service request carried by the call request, and if the authorization result indicates that all the called interfaces are authorized successfully, releasing the service request to complete corresponding service processing, thereby realizing the interface granularity authorization check of the system, improving the accuracy of the check result, effectively avoiding external malicious attacks, and further solving the technical problems that the call request cannot be effectively checked in the related technology and the system is easy to be attacked maliciously.
Optionally, the verification device further includes: the first receiving module is configured to receive merchant information before receiving the call request when the target application completes signing the target product, where the merchant information includes: merchant attribute information and business information; the first verification module is used for verifying the merchant information and creating an application based on the service information under the condition that the verification is passed; the first generation module is used for generating an application identifier for the application and storing the application identifier into a preset database.
Optionally, the verification device further includes: the first determining module is configured to determine, based on the service information, a product corresponding to the application after generating the application identifier for the application, where the product includes: the interfaces are interfaces which are required to be called when processing service requests initiated by the application; the first signing module is used for controlling the application to sign a contract on the product and generating signing information of the application, wherein the signing information comprises: applying the signing valid duration with each interface; the second generation module is used for generating an application key of the application under the condition that the application signs up the product; the first storage module is used for storing the subscription information and the application key to a preset database.
Optionally, the verification device further includes: the first obtaining module is used for obtaining a preset document of the product after generating an application key of the application under the condition that the application signs up the product, and determining a preset interface set related to a service request initiated by the application, wherein the preset document comprises: product information, interface information; the first judging module is used for judging whether the service request needs to be encrypted or not based on the interface information corresponding to each preset interface in the preset interface set; the first encryption module is used for encrypting the service request and the application identifier by adopting the application key under the condition that the service request needs to be encrypted; and the third generation module is used for generating a call request based on the encrypted service request and the application identifier.
Optionally, the authorization unit includes: the second determining module is used for determining the signing effective duration corresponding to the called interface based on the signing information; the second judging module is used for judging whether the signing of the target application and the called interface is valid or not based on the signing valid duration; the third determining module is used for determining to authorize the called interface under the condition that the subscription of the target application and the called interface is effective; and the first recording module is used for recording the authorization result as authorization success under the condition that the authorization of all the called interfaces is completed.
Optionally, the verification unit includes: the first verification module is used for performing time stamp verification on the service request; the second checking module is used for carrying out signature checking on the service request by adopting an application key of the target application under the condition that the time stamp checking is passed; and the fourth determining module is used for determining that the service request is checked to pass under the condition that the signature check passes.
Optionally, the verification device further includes: the first interception module is used for intercepting the service request and determining the reason of failure in verification under the condition that the service request is not checked; and the first return module is used for returning the reasons of the verification failure to the target application.
The verification device may further include a processor and a memory, where the receiving unit 30, the analyzing unit 31, the authorizing unit 32, the verification unit 33, and the like are stored as program units, and the processor executes the program units stored in the memory to implement corresponding functions.
The processor includes a kernel, and the kernel fetches a corresponding program unit from the memory. The kernel can set one or more than one kernel parameters, and the kernel parameters are adjusted to check the service request when the authorization result indicates that all called interfaces are authorized successfully, and release the service request when the check is passed.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM), which includes at least one memory chip.
The present application also provides a computer program product adapted to perform, when executed on a data processing device, a program initialized with the method steps of: and under the condition that the target application signs up for the target product, receiving a calling request, analyzing the calling request to obtain an application identifier, extracting sign information related to the application identifier and a called interface identifier set from a preset database, authorizing the called interfaces indicated by each called interface identifier in the called interface identifier set based on the sign information to obtain an authorization result, checking the service request under the condition that the authorization result indicates that all the called interfaces are authorized successfully, and releasing the service request under the condition that the checking is passed.
According to another aspect of the embodiment of the present invention, there is also provided a computer readable storage medium, where the computer readable storage medium includes a stored computer program, where when the computer program is executed, the device on which the computer readable storage medium is located is controlled to execute the above-mentioned verification method of the call request.
According to another aspect of the embodiment of the present invention, there is also provided an electronic device including one or more processors and a memory for storing one or more programs, where the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the above-mentioned method for verifying a call request.
Fig. 4 is a block diagram of a hardware structure of an electronic device (or mobile device) for invoking a verification method of a request according to an embodiment of the present invention. As shown in fig. 4, the electronic device may include one or more (shown in fig. 4 as 402a, 402b, … …,402 n) processors 402 (the processors 402 may include, but are not limited to, a microprocessor MCU, a programmable logic device FPGA, etc. processing means), a memory 404 for storing data. In addition, the method may further include: a display, an input/output interface (I/O interface), a Universal Serial Bus (USB) port (which may be included as one of the ports of the I/O interface), a network interface, a keyboard, a power supply, and/or a camera. It will be appreciated by those of ordinary skill in the art that the configuration shown in fig. 4 is merely illustrative and is not intended to limit the configuration of the electronic device described above. For example, the electronic device may also include more or fewer components than shown in FIG. 4, or have a different configuration than shown in FIG. 4.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
In the foregoing embodiments of the present invention, the descriptions of the embodiments are emphasized, and for a portion of this disclosure that is not described in detail in this embodiment, reference is made to the related descriptions of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed technology content may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of the units, for example, may be a logic function division, and may be implemented in another manner, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely a preferred embodiment of the present invention and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present invention, which are intended to be comprehended within the scope of the present invention.

Claims (10)

1. A method for verifying a call request, comprising:
receiving a call request under the condition that a target application signs a contract for a target product, wherein the target application is used for initiating a service request, the target application is corresponding to an application identifier, and the call request at least comprises: the service request and the application identifier;
analyzing the calling request to obtain the application identifier, and extracting subscription information associated with the application identifier and a called interface identifier set from a preset database;
authorizing the called interfaces indicated by each called interface identifier in the called interface identifier set based on the subscription information to obtain an authorization result;
and checking the service request under the condition that the authorization result indicates that all the called interfaces are authorized successfully, and releasing the service request under the condition that the check is passed.
2. The method according to claim 1, wherein, in the case that the target application completes signing the target product, before receiving the call request, the method further comprises:
receiving merchant information, wherein the merchant information comprises: merchant attribute information and business information;
verifying the merchant information, and creating an application based on the service information under the condition that the verification is passed;
and generating the application identifier for the application, and storing the application identifier into the preset database.
3. The method of verification according to claim 2, further comprising, after generating the application identification for the application:
determining a product corresponding to the application based on the service information, wherein the product comprises: the interfaces are used for being called when the service request initiated by the application is processed;
controlling the application to sign a contract on the product, and generating the sign information of the application, wherein the sign information comprises: the signing validity duration of the application and each interface;
generating an application key of the application under the condition that the application signs up the product;
And storing the subscription information and the application key into the preset database.
4. A verification method according to claim 3, wherein, in the event that the signing of the product by the application is completed, generating an application key for the application further comprises:
acquiring a preset document of the product, and determining a preset interface set related to the service request initiated by the application, wherein the preset document comprises: product information, interface information;
judging whether the service request needs encryption or not based on the interface information corresponding to each preset interface in the preset interface set;
under the condition that the service request needs to be encrypted, encrypting the service request and the application identifier by adopting the application key;
and generating the call request based on the encrypted service request and the application identifier.
5. The method according to claim 1, wherein the step of authorizing the called interface indicated by each called interface identifier in the called interface identifier set based on the subscription information to obtain an authorization result includes:
Determining the signing effective duration corresponding to the called interface based on the signing information;
judging whether the signing of the target application and the called interface is valid or not based on the signing valid duration;
determining to authorize the called interface if the subscription of the target application and the called interface is valid;
and under the condition that the authorization of all the called interfaces is completed, recording the authorization result as authorization success.
6. The method of checking as set forth in claim 1, wherein the step of checking the service request includes:
performing time stamp verification on the service request;
under the condition that the time stamp passes the verification, the application key of the target application is adopted to carry out signature verification on the service request;
and under the condition that the signature verification passes, determining that the service request is verified to pass.
7. The method of verification according to claim 1, wherein the method of verification further comprises:
under the condition that the service request is not checked, intercepting the service request and determining a cause of failure of the check;
and returning the verification failure reasons to the target application.
8. A verification apparatus for a call request, comprising:
the receiving unit is used for receiving a call request under the condition that the target application signs the target product, wherein the target application is used for initiating a service request, the target application is corresponding to an application identifier, and the call request at least comprises: the service request and the application identifier;
the analyzing unit is used for analyzing the calling request to obtain the application identifier, and extracting subscription information associated with the application identifier and a called interface identifier set from a preset database;
the authorization unit is used for authorizing the called interfaces indicated by each called interface identifier in the called interface identifier set based on the subscription information to obtain an authorization result;
and the verification unit is used for verifying the service request under the condition that the authorization result indicates that all the called interfaces are authorized successfully, and releasing the service request under the condition that the verification is passed.
9. A computer readable storage medium, characterized in that the computer readable storage medium comprises a stored computer program, wherein the computer program, when run, controls a device in which the computer readable storage medium is located to perform the verification method of the call request according to any one of claims 1 to 7.
10. An electronic device comprising one or more processors and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of verifying a call request of any of claims 1-7.
CN202311370291.9A 2023-10-20 2023-10-20 Verification method and device for call request, electronic equipment and storage medium Pending CN117610065A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311370291.9A CN117610065A (en) 2023-10-20 2023-10-20 Verification method and device for call request, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311370291.9A CN117610065A (en) 2023-10-20 2023-10-20 Verification method and device for call request, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN117610065A true CN117610065A (en) 2024-02-27

Family

ID=89943267

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311370291.9A Pending CN117610065A (en) 2023-10-20 2023-10-20 Verification method and device for call request, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117610065A (en)

Similar Documents

Publication Publication Date Title
US11917074B2 (en) Electronic signature authentication system based on biometric information and electronic signature authentication method
CN106991298B (en) Access method of application program to interface, authorization request method and device
WO2015169158A1 (en) Information protection method and system
CN108616360B (en) User identity verification and registration method and device
CN105516969B (en) A kind of SMS safe verification method
CN111523147B (en) Block chain-based core method and related hardware
CN111666565A (en) Sandbox simulation test method and device, computer equipment and storage medium
CN104021467A (en) Method and device for protecting payment security of mobile terminal and mobile terminal
CN112507391A (en) Block chain-based electronic signature method, system, device and readable storage medium
CN112000951A (en) Access method, device, system, electronic equipment and storage medium
CN110688643A (en) Processing method for platform identity identification and authority authentication
CN108496323B (en) Certificate importing method and terminal
US20180374093A1 (en) Method for sending digital information
CN109448271A (en) A kind of no card withdrawal method, computer readable storage medium and server
CN111143822A (en) Application system access method and device
CN106911744A (en) The management method and managing device of a kind of image file
CN115310056A (en) Block chain-based digital collection issuing supervision method and device and storage medium
CN110535809B (en) Identification code pulling method, storage medium, terminal device and server
CN110599311A (en) Resource processing method and device, electronic equipment and storage medium
CN114338212A (en) Identity authentication token management method and device, electronic equipment and readable storage medium
CN111600701B (en) Private key storage method, device and storage medium based on blockchain
CN108965335B (en) Method for preventing malicious access to login interface, electronic device and computer medium
CN117610065A (en) Verification method and device for call request, electronic equipment and storage medium
KR101360843B1 (en) Next Generation Financial System
CN114584324A (en) Identity authorization method and system based on block chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination