WO2019148717A1 - Device and method for verifying request validity, and computer readable storage medium - Google Patents

Device and method for verifying request validity, and computer readable storage medium Download PDF

Info

Publication number
WO2019148717A1
WO2019148717A1 PCT/CN2018/089183 CN2018089183W WO2019148717A1 WO 2019148717 A1 WO2019148717 A1 WO 2019148717A1 CN 2018089183 W CN2018089183 W CN 2018089183W WO 2019148717 A1 WO2019148717 A1 WO 2019148717A1
Authority
WO
WIPO (PCT)
Prior art keywords
registration
information
interface
server
request
Prior art date
Application number
PCT/CN2018/089183
Other languages
French (fr)
Chinese (zh)
Inventor
张迪
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2019148717A1 publication Critical patent/WO2019148717A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/629Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Definitions

  • the present application relates to the field of data communication technologies, and in particular, to a verification apparatus, method, and computer readable storage medium for requesting legality.
  • server group of the business system different servers provide different services for the operation of the business system, and the servers in the group provide services by opening some interfaces, and other servers can implement corresponding functions by calling these interfaces.
  • an authentication server is generally set to control the permissions of each server, and the calls of the interfaces of the servers to other servers are pre-configured. Permission, and store permission data, each time the server receives an interface call request sent by another server, the server needs to send the request to the authentication server, and the authentication server verifies the permission of the request according to the stored permission data, and The verification result is returned to the server, and the server responds to the interface call request according to the verification result.
  • the verification process in this manner is cumbersome, and each request sent by the server is verified at the third-party authentication server, which not only causes The authentication server needs to maintain a large amount of rights management data, and the response to the interface call request is slow and the processing efficiency is low due to the frequent call of the interface between the servers.
  • the present application provides a verification apparatus, method and computer readable storage medium for requesting legality, the main purpose of which is to simplify the verification process of request validity and improve the response speed of the interface call.
  • the present application provides a verification apparatus for requesting legality, the apparatus comprising a memory and a processor, wherein the memory stores a legality verification program executable on the processor, the legal
  • the verification procedure is implemented by the processor to implement the following steps:
  • the host information of the server is consistent with the registered host information and the requested interface information is consistent with the registration interface information, it is determined that the interface call request is legal.
  • the present application further provides a verification method for request legality, and the method includes:
  • the host information of the server is consistent with the registered host information and the requested interface information is consistent with the registration interface information, it is determined that the interface call request is legal.
  • the present application further provides a computer readable storage medium having a legality verification program stored thereon, the legality verification program being configurable by one or more processors The steps of the verification method performed to implement the legality of the request as described above.
  • the verification device, the method, and the computer-readable storage medium of the request for validity of the request when the server sends an interface call request to the server where the requested interface is located, the request carries the registration certificate sent by the server where the requested interface is located.
  • Information when the server where the requested interface receives the interface call request sent by another server, obtains the host information of the server, the requested interface information, and the registration credential information from the interface call request, and decrypts the registration credential information to obtain the The registration host information and the registration interface information, if the host information and the interface information in the request are consistent with the registered host information and the registration interface information in the registration credential information, determine that the interface call request is legal, and the solution in the present application directly passes the interface.
  • FIG. 1 is a schematic diagram of a preferred embodiment of a verification device for requesting legality
  • FIG. 2 is a schematic diagram of a program module of a legality verification program in an embodiment of a verification device for requesting legality;
  • FIG. 3 is a flow chart of a preferred embodiment of a verification method for requesting legality in the present application.
  • the application provides a verification device for requesting legality.
  • a schematic diagram of a preferred embodiment of a verification apparatus for requesting legality is provided.
  • the verification device requesting the validity may be any one of the server groups.
  • the verification device for the validity of the request includes at least a memory 11, a processor 12, a communication bus 13, and a network interface 14.
  • the memory 11 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (for example, an SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like.
  • the memory 11 may in some embodiments be an internal storage unit of a verification device requesting legitimacy, such as a hard disk of the verification device requesting legality.
  • the memory 11 may also be an external storage device that requests a verification device for legality, such as a plug-in hard disk equipped with a verification device for requesting legality, a smart memory card (SMC), Secure Digital (SD) card, Flash Card, etc.
  • SMC smart memory card
  • SD Secure Digital
  • the memory 11 may also include both an internal storage unit of the verification device requesting legality and an external storage device.
  • the memory 11 can be used not only for storing application software installed in a verification device requesting legality and various types of data, such as codes of a legality verification program, but also for temporarily storing data that has been output or is to be output.
  • the processor 12 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor or other data processing chip for running program code or processing stored in the memory 11. Data, such as performing a legality verification program.
  • CPU Central Processing Unit
  • controller microcontroller
  • microprocessor or other data processing chip for running program code or processing stored in the memory 11.
  • Data such as performing a legality verification program.
  • Communication bus 13 is used to implement connection communication between these components.
  • the network interface 14 can optionally include a standard wired interface, a wireless interface (such as a WI-FI interface), and is typically used to establish a communication connection between the device and other electronic devices.
  • a standard wired interface such as a WI-FI interface
  • Figure 1 shows only the verification device with the legality verification procedure and the request legitimacy of components 11-14, but it should be understood that not all of the illustrated components are required to be implemented, alternative implementations may be more or more Less components.
  • the device may further include a user interface
  • the user interface may include a display
  • an input unit such as a keyboard
  • the optional user interface may further include a standard wired interface and a wireless interface.
  • the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch sensor, or the like.
  • the display may also be suitably referred to as a display screen or display unit for displaying information processed in a verification device requesting legality and a user interface for displaying visualization.
  • a memory check program is stored in the memory 11; when the processor 12 executes the legality check program stored in the memory 11, the following steps are implemented:
  • a server configured with an interface for other server calls is called a verification device, and the verification device itself is a server in a server group, and may also be sent to other servers in the server group.
  • the interface invokes the request, at which point the requested server acts as a check device.
  • the verification device pre-distributes the registration credential information to other servers that have permission to invoke the interface provided by the server.
  • the verification device has three interfaces API1, API2, and API3, and there are multiple servers in the server group, assuming a server group.
  • the server A has the right to invoke the interface API1, and the registration of the right to invoke the interface API1 of the server A is completed in the verification device, and the corresponding registration voucher information is generated and sent to the server A.
  • the registration credential information includes host information of the server A and interface information for identifying the interface API1.
  • the host information of the server A and the interface information for identifying the interface API1 are encrypted according to an encryption algorithm to generate registration credential information.
  • the registration credential information is generated in one-to-one correspondence and sent to each server for storage; or, in other embodiments, the server initiates a registration request to the verification device before the interface is first called, and the verification device responds to the registration request according to the registration request.
  • the server's call permission is registered.
  • the registration host information and the registration interface information are obtained from the registration request; and the registration host information and the registration interface information are encrypted according to a preset encryption algorithm to obtain a ciphertext registration certificate. And performing a displacement process on the characters in the ciphertext registration voucher according to the preset first displacement rule, using the result of the displacement process as the registration voucher information; and transmitting the registration voucher information to the server for the server.
  • the registration credential information is added to the originating interface call request when the interface call request is initiated.
  • the preset encryption algorithm can be implemented in various embodiments, such as AES (Advanced Encryption Standard) algorithm, BASE64 algorithm, and the like.
  • the first displacement rule in this embodiment refers to changing the position of some characters in the encrypted character string to prevent other devices from cracking the encryption result and tampering with the registration voucher information.
  • the first displacement rule can have various embodiments, for example, exchanging odd-numbered bits of a string with even-numbered bits that are one bit larger, or moving the position of a character at a specific position in the string, and the like. In other embodiments, it is also possible to encrypt using only the encryption algorithm, and the displacement processing is performed without using the displacement rule.
  • a plurality of registration credential information may be stored in one server, and the registration credential information is respectively corresponding to each of the callable interfaces.
  • the server needs to invoke an interface provided by another server to perform a corresponding operation, the server obtains registration credential information corresponding to the interface to be called and adds it to the interface call request.
  • the verification device acquires the host information of the sender server, the requested interface information, and the registration credential information from the request.
  • the host information includes information such as a host name and a user name.
  • the interface provided by the server may be a restful interface based on a REST (Representational State Transfer) framework, and the REST is an HTTP-based (Hyper Text Transfer Protocol). Protocol)
  • REST Real-Representational State Transfer
  • HTTP-based Hyper Text Transfer Protocol
  • Decrypting the registration credential information and acquiring registration host information and registration interface information included in the registration credential information.
  • the host information of the server is consistent with the registered host information and the requested interface information is consistent with the registration interface information, it is determined that the interface call request is legal.
  • the verification device decrypts the obtained registration voucher information, obtains the registration host information and the registration interface information included in the registration voucher information, and determines whether the interface information in the interface call request is consistent with the registration interface information, and whether the host information is related to the registration host. The information is consistent. If the information is consistent, the interface call request is considered to be legal. Otherwise, the interface call request is invalid, and the response information that the request is invalid is sent to the server.
  • the verification device is required to perform decryption according to a decryption algorithm corresponding to the encryption algorithm used in registration, and the used key is stored in the verification device, and each verification device has The unique key, the requesting server can not decrypt the received registration voucher information, and can not tamper with the registration voucher information, thus ensuring the security of the information, thereby ensuring the accuracy of the legality verification method. .
  • the step of decrypting the registration credential information, and acquiring the registration host information and the registration interface information included in the registration credential information includes: following a second displacement rule pair corresponding to the first displacement rule
  • the character in the registration voucher information is subjected to a displacement process to obtain a ciphertext registration voucher; the ciphertext registration voucher is decrypted according to a preset decryption algorithm corresponding to the preset encryption algorithm, and the registration host information and registration are obtained. Interface information.
  • the registration credential information is decrypted in accordance with the reverse process of the encryption operation to obtain the registered host information and the registration interface information.
  • the legality verification program may be further executed by the processor to obtain registration host information and the registration request from the registration request when receiving the registration request sent by the server After the step of registering the interface information, the following steps are also implemented:
  • the mapping relationship between the user information and the interface information is pre-configured in the verification device, and when the user information included in the registration request has an association relationship with the requested interface, The registration step will continue, otherwise the login failure message will be returned to the server, prompting the server that the registration request is invalid.
  • the verification device rejects the server's call to the interface and sends a prompt message to the server that the call failed.
  • the legality verification program may be further executed by the processor to implement the following steps after determining that the interface call request is legal:
  • the interface call request sent by the server also carries a service operation that needs to be performed by the method provided by the interface. After determining that the interface call request is legal, the operation operation is performed by the operation method provided by the interface, and the operation result is obtained and sent to the server. .
  • the server In the verification device for requesting the validity of the request, when the server sends an interface call request to the server where the requested interface is located, the server carries the registration credential information sent by the server where the requested interface is located, where the requested interface is located.
  • the server ie, the verification device
  • the host information of the server, the requested interface information, and the registration credential information are obtained from the interface call request, and the registration credential information is decrypted to obtain the included Registering the host information and registering the interface information. If the host information and the interface information in the request are consistent with the registered host information and the registration interface information in the registration credential information, it is determined that the interface call request is legal.
  • the interface is directly invoked through the interface.
  • the information contained in the request itself is verified, and the registration voucher information is sent by the server where the requested interface is encrypted, and is decrypted by the same server during verification, thereby ensuring that the registration voucher information is not Tampering, and does not need to pass the third
  • the legality verification program may also be divided into one or more modules, and one or more modules are stored in the memory 11 and executed by one or more processors (this implementation)
  • the processor 12 is executed to complete the application.
  • the module referred to in the present application refers to a series of computer program instruction segments capable of performing a specific function, and is used to describe the legality verification program in the verification device for requesting legality. The implementation process.
  • FIG. 2 it is a schematic diagram of a program module of a legality verification program in an embodiment of a verification device for requesting validity of the present application.
  • the legality verification program may be divided into the acquisition module 10 Decryption module 20 and execution module 30, illustratively:
  • the obtaining module 10 is configured to: when receiving an interface call request sent by a server in the server group, obtain host information, requested interface information, and registration credential information of the server from the interface call request, where the registration The voucher information is sent by the verification device;
  • the decryption module 20 is configured to: perform decryption processing on the registration credential information, and obtain registration host information and registration interface information included in the registration credential information;
  • the execution module 30 is configured to: if the host information of the server is consistent with the registered host information, and the requested interface information is consistent with the registration interface information, determine that the interface call request is legal.
  • the present application also provides a verification method for requesting legality.
  • FIG. 3 it is a flowchart of a preferred embodiment of the verification method for legality of the request of the present application.
  • the method may be performed by a device, which may be implemented by software and/or hardware, and the method of the present embodiment will be described hereinafter with a request legality verification device as an execution body of the method.
  • the verification method of the request validity includes:
  • Step S10 when receiving an interface call request sent by a server in the server group, obtaining host information, requested interface information, and registration credential information of the server from the interface call request, where the registration credential information is The server where the requested interface is delivered is delivered.
  • a server configured with an interface for other server calls is called a verification device
  • the verification device itself is a server in a server group, and may also be sent to other servers in the server group.
  • the interface invokes the request, at which point the requested server acts as a check device.
  • the verification device pre-distributes the registration credential information to other servers that have permission to invoke the interface provided by the server.
  • the verification device has three interfaces API1, API2, and API3, and there are multiple servers in the server group, assuming a server group.
  • the server A has the right to invoke the interface API1, and the registration of the right to invoke the interface API1 of the server A is completed in the verification device, and the corresponding registration voucher information is generated and sent to the server A.
  • the registration credential information includes host information of the server A and interface information for identifying the interface API1.
  • the host information of the server A and the interface information for identifying the interface API1 are encrypted according to an encryption algorithm to generate registration credential information.
  • the registration credential information is generated in one-to-one correspondence and sent to each server for storage; or, in other embodiments, the server initiates a registration request to the verification device before the interface is first called, and the verification device responds to the registration request according to the registration request. The server's call permission is registered.
  • the registration host information and the registration interface information are obtained from the registration request; and the registration host information and the registration interface information are encrypted according to a preset encryption algorithm to obtain a ciphertext registration certificate. And performing a displacement process on the characters in the ciphertext registration voucher according to the preset first displacement rule, using the result of the displacement process as the registration voucher information; and transmitting the registration voucher information to the server for the server.
  • the registration credential information is added to the originating interface call request when the interface call request is initiated.
  • the preset encryption algorithm can have multiple implementations, AES (Advanced Encryption Standard) algorithm, BASE64 algorithm, and the like.
  • the first displacement rule in this embodiment refers to changing the position of some characters in the encrypted character string to prevent other devices from cracking the encryption result and tampering with the registration voucher information.
  • the first displacement rule can have various embodiments, for example, exchanging odd-numbered bits of a string with even-numbered bits that are one bit larger, or moving the position of a character at a specific position in the string, and the like. In other embodiments, it is also possible to encrypt using only the encryption algorithm, and the displacement processing is performed without using the displacement rule.
  • a plurality of registration credential information may be stored in one server, and the registration credential information is respectively corresponding to each of the callable interfaces.
  • the server needs to invoke an interface provided by another server to perform a corresponding operation, the server obtains registration credential information corresponding to the interface to be called and adds it to the interface call request.
  • the verification device acquires the host information of the sender server, the requested interface information, and the registration credential information from the request.
  • the host information includes information such as a host name and a user name.
  • the interface provided by the server may be a restful interface based on a REST (Representational State Transfer) framework, and the REST is an HTTP-based (Hyper Text Transfer Protocol). Protocol)
  • REST Real-Representational State Transfer
  • HTTP-based Hyper Text Transfer Protocol
  • Step S20 Perform decryption processing on the registration credential information, and obtain registration host information and registration interface information included in the registration credential information.
  • Step S30 If the host information of the server is consistent with the registered host information and the requested interface information is consistent with the registration interface information, it is determined that the interface call request is legal.
  • the verification device decrypts the obtained registration voucher information, obtains the registration host information and the registration interface information included in the registration voucher information, and determines whether the interface information in the interface call request is consistent with the registration interface information, and whether the host information is related to the registration host. The information is consistent. If the information is consistent, the interface call request is considered to be legal. Otherwise, the interface call request is invalid, and the response information that the request is invalid is sent to the server.
  • the verification device is required to perform decryption according to a decryption algorithm corresponding to the encryption algorithm used in registration, and the used key is stored in the verification device, and each verification device has The unique key, the requesting server can not decrypt the received registration voucher information, and can not tamper with the registration voucher information, thus ensuring the security of the information, thereby ensuring the accuracy of the legality verification method. .
  • the step of decrypting the registration credential information, and acquiring the registration host information and the registration interface information included in the registration credential information includes: following a second displacement rule pair corresponding to the first displacement rule
  • the character in the registration voucher information is subjected to a displacement process to obtain a ciphertext registration voucher; the ciphertext registration voucher is decrypted according to a preset decryption algorithm corresponding to the preset encryption algorithm, and the registration host information and registration are obtained. Interface information.
  • the registration credential information is decrypted in accordance with the reverse process of the encryption operation to obtain the registered host information and the registration interface information.
  • the method further includes the following steps:
  • the mapping relationship between the user information and the interface information is pre-configured in the verification device, and when the user information included in the registration request has an association relationship with the requested interface, The registration step will continue, otherwise the login failure message will be returned to the server, prompting the server that the registration request is invalid.
  • the verification device rejects the server's call to the interface and sends a prompt message to the server that the call failed.
  • the method further includes the following steps:
  • the interface call request sent by the server also carries a service operation that needs to be performed by the method provided by the interface. After determining that the interface call request is legal, the operation operation is performed by the operation method provided by the interface, and the operation result is obtained and sent to the server. .
  • the server when the server sends an interface call request to the server where the requested interface is located, the server carries the registration credential information sent by the server where the requested interface is located, where the requested interface is located.
  • the server ie, the verification device
  • the host information of the server, the requested interface information, and the registration credential information are obtained from the interface call request, and the registration credential information is decrypted to obtain the included Registering the host information and registering the interface information. If the host information and the interface information in the request are consistent with the registered host information and the registration interface information in the registration credential information, it is determined that the interface call request is legal.
  • the interface is directly invoked through the interface.
  • the information contained in the request itself is verified, and the registration voucher information is sent by the server where the requested interface is encrypted, and is decrypted by the same server during verification, thereby ensuring that the registration voucher information is not Tampering, and does not need to pass the third
  • the embodiment of the present application further provides a computer readable storage medium, where the legality verification program is stored, and the legality verification program can be executed by one or more processors, Implement the following operations:
  • the host information of the server is consistent with the registered host information and the requested interface information is consistent with the registration interface information, it is determined that the interface call request is legal.
  • the technical solution of the present application which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM as described above). , a disk, an optical disk, including a number of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the methods described in the various embodiments of the present application.
  • a terminal device which may be a mobile phone, a computer, a server, or a network device, etc.

Abstract

The present application discloses a device for verifying request validity, comprising a memory and a processor, wherein the memory stores a validity verification program executable on the processor, and when the program is executed by the processor, the following steps are implemented: when an interface call request sent by a server in a server group is received, obtaining, from the interface call request, host information of the server, requested interface information and registration credential information; decrypting the registration credential information, and obtaining registered host information and registered interface information comprised in the registration credential information; if the host information of the server is consistent with the registered host information and the requested interface information is consistent with the registered interface information, determining that the interface call request is valid. The present application further provides a method for verifying request validity and a computer readable storage medium. The present application simplifies the process of verifying request validity, improving the response to the interface call.

Description

请求合法性的校验装置、方法及计算机可读存储介质Checking device, method and computer readable storage medium for requesting legality
本申请基于巴黎公约申明享有2018年02月05日递交的申请号为201810109486.0、名称为“请求合法性的校验装置、方法及计算机可读存储介质”的中国专利申请的优先权,该中国专利申请的整体内容以参考的方式结合在本申请中。The present application is based on the priority of the Chinese Patent Application entitled "Registration Device, Method and Computer-Readable Storage Media for Requesting Legality", which is filed on February 5, 2018, with the application number of 2011018109486.0, which is filed on February 5, 2018. The entire content of the application is incorporated herein by reference.
技术领域Technical field
本申请涉及数据通信技术领域,尤其涉及一种请求合法性的校验装置、方法及计算机可读存储介质。The present application relates to the field of data communication technologies, and in particular, to a verification apparatus, method, and computer readable storage medium for requesting legality.
背景技术Background technique
在业务系统的服务器群组中,不同的服务器为业务系统的运行提供不同的服务,群组中的服务器会通过开放一些接口提供服务,其他服务器可以通过调用这些接口实现对应的功能。In the server group of the business system, different servers provide different services for the operation of the business system, and the servers in the group provide services by opening some interfaces, and other servers can implement corresponding functions by calling these interfaces.
但是,并不是每一台服务器都具有调用这些接口的权限,现有技术中,一般是设置一台认证服务器对各台服务器的权限进行管控,预先配置好各台服务器对其他服务器的接口的调用权限,并存储权限数据,服务器每一次接收到其他服务器发送的接口调用请求时,需要将该请求发送到该认证服务器,由认证服务器根据存储的权限数据对该请求的权限进行校验,并将校验结果返回给服务器,由该服务器根据校验结果对接口调用请求进行响应,这种方式的校验过程繁琐,服务器发送的每一个请求都要在第三方认证服务器处进行校验,不仅造成认证服务器处需要维护大量的权限管理数据,而且还会由于服务器之间的接口调用频繁,而造成对接口调用请求的响应速度慢,处理效率低下。However, not every server has the right to call these interfaces. In the prior art, an authentication server is generally set to control the permissions of each server, and the calls of the interfaces of the servers to other servers are pre-configured. Permission, and store permission data, each time the server receives an interface call request sent by another server, the server needs to send the request to the authentication server, and the authentication server verifies the permission of the request according to the stored permission data, and The verification result is returned to the server, and the server responds to the interface call request according to the verification result. The verification process in this manner is cumbersome, and each request sent by the server is verified at the third-party authentication server, which not only causes The authentication server needs to maintain a large amount of rights management data, and the response to the interface call request is slow and the processing efficiency is low due to the frequent call of the interface between the servers.
发明内容Summary of the invention
本申请提供一种请求合法性的校验装置、方法及计算机可读存储介质,其主要目的在于简化请求合法性的校验过程,提高对接口调用的响应速度。The present application provides a verification apparatus, method and computer readable storage medium for requesting legality, the main purpose of which is to simplify the verification process of request validity and improve the response speed of the interface call.
为实现上述目的,本申请提供一种请求合法性的校验装置,该装置包括 存储器和处理器,所述存储器中存储有可在所述处理器上运行的合法性校验程序,所述合法性校验程序被所述处理器执行时实现如下步骤:To achieve the above object, the present application provides a verification apparatus for requesting legality, the apparatus comprising a memory and a processor, wherein the memory stores a legality verification program executable on the processor, the legal The verification procedure is implemented by the processor to implement the following steps:
在接收到服务器群组中的服务器发送的接口调用请求时,从所述接口调用请求中获取该服务器的主机信息、请求的接口信息以及注册凭证信息,其中,所述注册凭证信息由所述校验装置下发;Receiving, by the interface call request, the host information of the server, the requested interface information, and the registration credential information, where the registration voucher information is obtained by the school, when receiving an interface call request sent by a server in the server group The inspection device is issued;
对所述注册凭证信息进行解密处理,获取所述注册凭证信息中包含的注册主机信息和注册接口信息;Decrypting the registration credential information, and acquiring registration host information and registration interface information included in the registration credential information;
若所述服务器的主机信息与所述注册主机信息一致且所述请求的接口信息与所述注册接口信息一致,则判定所述接口调用请求合法。If the host information of the server is consistent with the registered host information and the requested interface information is consistent with the registration interface information, it is determined that the interface call request is legal.
此外,为实现上述目的,本申请还提供一种请求合法性的校验方法,该方法包括:In addition, to achieve the above object, the present application further provides a verification method for request legality, and the method includes:
在接收到服务器群组中的服务器发送的接口调用请求时,从所述接口调用请求中获取该服务器的主机信息、请求的接口信息以及注册凭证信息,其中,所述注册凭证信息由请求的接口所在的服务器下发;Receiving, by the interface call request, the host information of the server, the requested interface information, and the registration credential information, where the registration credential information is requested by the interface, when receiving an interface call request sent by a server in the server group The server where it is delivered;
对所述注册凭证信息进行解密处理,获取所述注册凭证信息中包含的注册主机信息和注册接口信息;Decrypting the registration credential information, and acquiring registration host information and registration interface information included in the registration credential information;
若所述服务器的主机信息与所述注册主机信息一致且所述请求的接口信息与所述注册接口信息一致,则判定所述接口调用请求合法。If the host information of the server is consistent with the registered host information and the requested interface information is consistent with the registration interface information, it is determined that the interface call request is legal.
此外,为实现上述目的,本申请还提供一种计算机可读存储介质,所述计算机可读存储介质上存储有合法性校验程序,所述合法性校验程序可被一个或者多个处理器执行,以实现如上所述的请求合法性的校验方法的步骤。In addition, in order to achieve the above object, the present application further provides a computer readable storage medium having a legality verification program stored thereon, the legality verification program being configurable by one or more processors The steps of the verification method performed to implement the legality of the request as described above.
本申请提出的请求合法性的校验装置、方法及计算机可读存储介质,服务器在向请求的接口所在的服务器发送接口调用请求时,在请求中携带请求的接口所在的服务器下发的注册凭证信息,请求的接口所在的服务器接收到其他服务器发送的接口调用请求时,从该接口调用请求中获取服务器的主机信息、请求的接口信息以及注册凭证信息,对注册凭证信息解密处理以获取其中包含的注册主机信息和注册接口信息,若请求中的主机信息、接口信息分别与注册凭证信息中的注册主机信息、注册接口信息一致,则判定接口调用请求合法,本申请的方案中,直接通过接口调用请求本身所包含的信息进行校验,并且其中的注册凭证信息是由请求的接口所在的服务器经过加密后 下发的,在校验时由同一台服务器进行解密,保证了注册凭证信息不会被篡改,并且不需要通过第三方认证服务器校验,也不需要维护大量的权限数据,简化了请求合法性的校验过程,进而提高对接口调用的响应速度。The verification device, the method, and the computer-readable storage medium of the request for validity of the request, when the server sends an interface call request to the server where the requested interface is located, the request carries the registration certificate sent by the server where the requested interface is located. Information, when the server where the requested interface receives the interface call request sent by another server, obtains the host information of the server, the requested interface information, and the registration credential information from the interface call request, and decrypts the registration credential information to obtain the The registration host information and the registration interface information, if the host information and the interface information in the request are consistent with the registered host information and the registration interface information in the registration credential information, determine that the interface call request is legal, and the solution in the present application directly passes the interface. Invoking the information contained in the request itself for verification, and the registration voucher information is sent by the server where the requested interface is encrypted, and is decrypted by the same server during verification, thereby ensuring that the registration voucher information is not Tampered and not It needs to be verified by a third-party authentication server, and does not need to maintain a large amount of permission data, which simplifies the verification process of request validity, thereby improving the response speed of the interface call.
附图说明DRAWINGS
图1为本申请请求合法性的校验装置较佳实施例的示意图;1 is a schematic diagram of a preferred embodiment of a verification device for requesting legality;
图2为本申请请求合法性的校验装置一实施例中合法性校验程序的程序模块示意图;2 is a schematic diagram of a program module of a legality verification program in an embodiment of a verification device for requesting legality;
图3为本申请请求合法性的校验方法较佳实施例的流程图。3 is a flow chart of a preferred embodiment of a verification method for requesting legality in the present application.
本申请目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The implementation, functional features and advantages of the present application will be further described with reference to the accompanying drawings.
具体实施方式Detailed ways
应当理解,此处所描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。It is understood that the specific embodiments described herein are merely illustrative of the application and are not intended to be limiting.
本申请提供一种请求合法性的校验装置。参照图1所示,为本申请请求合法性的校验装置较佳实施例的示意图。The application provides a verification device for requesting legality. Referring to FIG. 1, a schematic diagram of a preferred embodiment of a verification apparatus for requesting legality is provided.
在本实施例中,请求合法性的校验装置可以是服务器群组中的任意一台服务器。该请求合法性的校验装置至少包括存储器11、处理器12,通信总线13,以及网络接口14。In this embodiment, the verification device requesting the validity may be any one of the server groups. The verification device for the validity of the request includes at least a memory 11, a processor 12, a communication bus 13, and a network interface 14.
其中,存储器11至少包括一种类型的可读存储介质,所述可读存储介质包括闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、磁性存储器、磁盘、光盘等。存储器11在一些实施例中可以是请求合法性的校验装置的内部存储单元,例如该请求合法性的校验装置的硬盘。存储器11在另一些实施例中也可以是请求合法性的校验装置的外部存储设备,例如请求合法性的校验装置上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,存储器11还可以既包括请求合法性的校验装置的内部存储单元也包括外部存储设备。存储器11不仅可以用于存储安装于请求合法性的校验装置的应用软件及各类数据,例如合法性校验程序的代码等,还可以用于暂时地存储 已经输出或者将要输出的数据。The memory 11 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (for example, an SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like. The memory 11 may in some embodiments be an internal storage unit of a verification device requesting legitimacy, such as a hard disk of the verification device requesting legality. In other embodiments, the memory 11 may also be an external storage device that requests a verification device for legality, such as a plug-in hard disk equipped with a verification device for requesting legality, a smart memory card (SMC), Secure Digital (SD) card, Flash Card, etc. Further, the memory 11 may also include both an internal storage unit of the verification device requesting legality and an external storage device. The memory 11 can be used not only for storing application software installed in a verification device requesting legality and various types of data, such as codes of a legality verification program, but also for temporarily storing data that has been output or is to be output.
处理器12在一些实施例中可以是一中央处理器(Central Processing Unit,CPU)、控制器、微控制器、微处理器或其他数据处理芯片,用于运行存储器11中存储的程序代码或处理数据,例如执行合法性校验程序等。The processor 12, in some embodiments, may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor or other data processing chip for running program code or processing stored in the memory 11. Data, such as performing a legality verification program.
通信总线13用于实现这些组件之间的连接通信。 Communication bus 13 is used to implement connection communication between these components.
网络接口14可选的可以包括标准的有线接口、无线接口(如WI-FI接口),通常用于在该装置与其他电子设备之间建立通信连接。The network interface 14 can optionally include a standard wired interface, a wireless interface (such as a WI-FI interface), and is typically used to establish a communication connection between the device and other electronic devices.
图1仅示出了具有合法性校验程序以及组件11-14的请求合法性的校验装置,但是应理解的是,并不要求实施所有示出的组件,可以替代的实施更多或者更少的组件。Figure 1 shows only the verification device with the legality verification procedure and the request legitimacy of components 11-14, but it should be understood that not all of the illustrated components are required to be implemented, alternative implementations may be more or more Less components.
可选地,该装置还可以包括用户接口,用户接口可以包括显示器(Display)、输入单元比如键盘(Keyboard),可选的用户接口还可以包括标准的有线接口、无线接口。可选地,在一些实施例中,显示器可以是LED显示器、液晶显示器、触控式液晶显示器以及OLED(Organic Light-Emitting Diode,有机发光二极管)触摸器等。其中,显示器也可以适当的称为显示屏或显示单元,用于显示在请求合法性的校验装置中处理的信息以及用于显示可视化的用户界面。Optionally, the device may further include a user interface, the user interface may include a display, an input unit such as a keyboard, and the optional user interface may further include a standard wired interface and a wireless interface. Optionally, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch sensor, or the like. The display may also be suitably referred to as a display screen or display unit for displaying information processed in a verification device requesting legality and a user interface for displaying visualization.
在图1所示的装置实施例中,存储器11中存储有合法性校验程序;处理器12执行存储器11中存储的合法性校验程序时实现如下步骤:In the device embodiment shown in FIG. 1, a memory check program is stored in the memory 11; when the processor 12 executes the legality check program stored in the memory 11, the following steps are implemented:
在接收到服务器群组中的服务器发送的接口调用请求时,从所述接口调用请求中获取该服务器的主机信息、请求的接口信息以及注册凭证信息,其中,所述注册凭证信息由所述校验装置下发。Receiving, by the interface call request, the host information of the server, the requested interface information, and the registration credential information, where the registration voucher information is obtained by the school, when receiving an interface call request sent by a server in the server group The inspection device is issued.
本实施例的以下方案中,将配置有接口可供其他服务器调用的服务器称为校验装置,校验装置本身是服务器群组中的一台服务器,也可以向服务器群组中的其他服务器发送接口调用请求,此时,被请求的服务器作为校验装置。In the following solution in this embodiment, a server configured with an interface for other server calls is called a verification device, and the verification device itself is a server in a server group, and may also be sent to other servers in the server group. The interface invokes the request, at which point the requested server acts as a check device.
校验装置预先将注册凭证信息下发到有权限调用该服务器提供的接口的其他服务器,例如校验装置有三个接口API1、API2和API3,在服务器群组有多台服务器,假设服务器群组中的服务器A有调用接口API1的权限,则预先在校验装置中完成对服务器A调用接口API1的权限的注册,生成对应的注 册凭证信息并下发到服务器A。注册凭证信息中包含有服务器A的主机信息和用于标识接口API1的接口信息,例如,按照加密算法对服务器A的主机信息和用于标识接口API1的接口信息加密生成注册凭证信息。The verification device pre-distributes the registration credential information to other servers that have permission to invoke the interface provided by the server. For example, the verification device has three interfaces API1, API2, and API3, and there are multiple servers in the server group, assuming a server group. The server A has the right to invoke the interface API1, and the registration of the right to invoke the interface API1 of the server A is completed in the verification device, and the corresponding registration voucher information is generated and sent to the server A. The registration credential information includes host information of the server A and interface information for identifying the interface API1. For example, the host information of the server A and the interface information for identifying the interface API1 are encrypted according to an encryption algorithm to generate registration credential information.
其中,关于在校验装置中对服务器A调用接口API1的权限的注册,可以有多种实施方式,例如,在校验装置中预先根据各个接口的信息以及可以调用这些接口的服务器的主机信息,一一对应地生成注册凭证信息并下发到各个服务器进行存储;或者,在其他实施例中,由服务器在首次调用接口之前,主动向校验装置发起注册请求,校验装置根据注册请求对该服务器的调用权限进行注册。Wherein, regarding the registration of the authority to invoke the interface API1 to the server A in the verification device, there may be various implementation manners, for example, in the verification device, according to the information of each interface and the host information of the server that can call these interfaces, The registration credential information is generated in one-to-one correspondence and sent to each server for storage; or, in other embodiments, the server initiates a registration request to the verification device before the interface is first called, and the verification device responds to the registration request according to the registration request. The server's call permission is registered.
作为一种实施方式,在接收到服务器发送的注册请求时,从注册请求中获取注册主机信息和注册接口信息;按照预设加密算法对注册主机信息和注册接口信息进行加密处理得到密文注册凭证,并按照预设的第一变位规则对密文注册凭证中的字符进行变位处理,将变位处理的结果作为注册凭证信息;将注册凭证信息发送至所述服务器,以供所述服务器在发起接口调用请求时,将所述注册凭证信息添加至发起的接口调用请求中。预设加密算法可以有多种实施方式,例如AES(Advanced Encryption Standard,高级加密标准)算法、BASE64算法等。此外,在对注册主机信息和注册接口信息加密之前,将注册主机信息中包含的多个信息以及注册接口信息组合起来,信息之间可以利用“|”进行区分。本实施例中的第一变位规则是指对加密得到的字符串中的部分字符的位置进行变更,以防止其他设备破解加密结果并对注册凭证信息进行篡改。第一变位规则可以有多种实施方式,例如,将字符串的奇数位和比它大一位的偶数位互相交换,或者,移动字符串中特定位置处的字符的位置等等。在其他实施例中,也可以只使用加密算法加密即可,不使用变位规则进行变位处理。As an implementation manner, when receiving the registration request sent by the server, the registration host information and the registration interface information are obtained from the registration request; and the registration host information and the registration interface information are encrypted according to a preset encryption algorithm to obtain a ciphertext registration certificate. And performing a displacement process on the characters in the ciphertext registration voucher according to the preset first displacement rule, using the result of the displacement process as the registration voucher information; and transmitting the registration voucher information to the server for the server The registration credential information is added to the originating interface call request when the interface call request is initiated. The preset encryption algorithm can be implemented in various embodiments, such as AES (Advanced Encryption Standard) algorithm, BASE64 algorithm, and the like. In addition, before encrypting the registered host information and the registration interface information, the plurality of information included in the registered host information and the registration interface information are combined, and the information can be distinguished by using "|". The first displacement rule in this embodiment refers to changing the position of some characters in the encrypted character string to prevent other devices from cracking the encryption result and tampering with the registration voucher information. The first displacement rule can have various embodiments, for example, exchanging odd-numbered bits of a string with even-numbered bits that are one bit larger, or moving the position of a character at a specific position in the string, and the like. In other embodiments, it is also possible to encrypt using only the encryption algorithm, and the displacement processing is performed without using the displacement rule.
可以理解的是,一台服务器中可能存储有多个注册凭证信息,这些注册凭证信息分别与各个可以调用的接口一一对应。服务器在需要调用其他服务器提供的接口执行对应的操作时,获取与要调用的接口对应的注册凭证信息添加到接口调用请求中。校验装置在接收到服务器群组中的其他服务器发送的接口调用请求时,从该请求中获取发送方服务器的主机信息、请求的接口信息以及注册凭证信息。其中,上述主机信息包括主机名、用户名等信息。It can be understood that a plurality of registration credential information may be stored in one server, and the registration credential information is respectively corresponding to each of the callable interfaces. When the server needs to invoke an interface provided by another server to perform a corresponding operation, the server obtains registration credential information corresponding to the interface to be called and adds it to the interface call request. When receiving the interface call request sent by another server in the server group, the verification device acquires the host information of the sender server, the requested interface information, and the registration credential information from the request. The host information includes information such as a host name and a user name.
需要说明的是,在一些实施例中,服务器提供的接口可以是基于REST(Representational State Transfer,表述性状态转移)框架的restful接口,而REST是一种基于HTTP(Hyper Text Transfer Protocol,超文本传输协议)的REST软件架构,因此,服务器发送的接口调用请求为HTTP请求。It should be noted that, in some embodiments, the interface provided by the server may be a restful interface based on a REST (Representational State Transfer) framework, and the REST is an HTTP-based (Hyper Text Transfer Protocol). Protocol) The REST software architecture, therefore, the interface call request sent by the server is an HTTP request.
对所述注册凭证信息进行解密处理,获取所述注册凭证信息中包含的注册主机信息和注册接口信息。Decrypting the registration credential information, and acquiring registration host information and registration interface information included in the registration credential information.
若所述服务器的主机信息与所述注册主机信息一致且所述请求的接口信息与所述注册接口信息一致,则判定所述接口调用请求合法。If the host information of the server is consistent with the registered host information and the requested interface information is consistent with the registration interface information, it is determined that the interface call request is legal.
校验装置对获取到的注册凭证信息进行解密处理,获取注册凭证信息中包含的注册主机信息和注册接口信息,判断接口调用请求中的接口信息是否与注册接口信息一致,主机信息是否与注册主机信息一致,若一致,则认为接口调用请求合法,否则,判定接口调用请求不合法,向服务器发送请求不合法的响应信息。具体地,关于对注册凭证信息的解密操作,需要校验装置按照与注册时使用的加密算法对应的解密算法进行解密,使用的密钥存储在校验装置中,每一台校验装置都有独有的密钥,请求方服务器无法对接收到的注册凭证信息解密,也就不能对注册凭证信息中的篡改,保证了信息的安全性,进而保证了这种合法性校验方式的准确性。具体地,对所述注册凭证信息进行解密处理,获取所述注册凭证信息中包含的注册主机信息和注册接口信息的步骤包括:按照与所述第一变位规则对应的第二变位规则对所述注册凭证信息中的字符进行变位处理,获取密文注册凭证;按照与所述预设加密算法对应的预设解密算法对所述密文注册凭证进行解密处理,获取注册主机信息和注册接口信息。在解密时,按照与加密操作相反的过程对注册凭证信息进行解密获取注册主机信息和注册接口信息。The verification device decrypts the obtained registration voucher information, obtains the registration host information and the registration interface information included in the registration voucher information, and determines whether the interface information in the interface call request is consistent with the registration interface information, and whether the host information is related to the registration host. The information is consistent. If the information is consistent, the interface call request is considered to be legal. Otherwise, the interface call request is invalid, and the response information that the request is invalid is sent to the server. Specifically, regarding the decryption operation of the registration credential information, the verification device is required to perform decryption according to a decryption algorithm corresponding to the encryption algorithm used in registration, and the used key is stored in the verification device, and each verification device has The unique key, the requesting server can not decrypt the received registration voucher information, and can not tamper with the registration voucher information, thus ensuring the security of the information, thereby ensuring the accuracy of the legality verification method. . Specifically, the step of decrypting the registration credential information, and acquiring the registration host information and the registration interface information included in the registration credential information includes: following a second displacement rule pair corresponding to the first displacement rule The character in the registration voucher information is subjected to a displacement process to obtain a ciphertext registration voucher; the ciphertext registration voucher is decrypted according to a preset decryption algorithm corresponding to the preset encryption algorithm, and the registration host information and registration are obtained. Interface information. At the time of decryption, the registration credential information is decrypted in accordance with the reverse process of the encryption operation to obtain the registered host information and the registration interface information.
可选地,在一些实施例中,合法性校验程序还可被所述处理器执行,以在从在接收到所述服务器发送的注册请求时,从所述注册请求中获取注册主机信息和注册接口信息的步骤之后,还实现如下步骤:Optionally, in some embodiments, the legality verification program may be further executed by the processor to obtain registration host information and the registration request from the registration request when receiving the registration request sent by the server After the step of registering the interface information, the following steps are also implemented:
从所述注册请求中获取用户信息,根据预先设置的用户信息与接口信息之间的映射关系判断所述用户信息与所述注册接口信息之间是否具有关联关系;若是,则执行按照预设加密算法对注册主机信息进行加密处理得到第一密文注册凭证,并对所述第一密文注册凭证中的字符按照预设的变位规则进 行变位处理的步骤;若否,则向所述服务器返回注册失败的提示信息。Acquiring the user information from the registration request, and determining whether there is an association relationship between the user information and the registration interface information according to a mapping relationship between the preset user information and the interface information; if yes, performing encryption according to a preset Encrypting the registered host information to obtain a first ciphertext registration voucher, and performing a process of displacing the characters in the first ciphertext registration voucher according to a preset variogram; if not, proceeding to the The server returns a message indicating that the registration failed.
在由服务器主动发起注册请求的实施例中,在校验装置中预先配置用户信息与接口信息之间的映射关系,当注册请求中包含的用户信息与其请求的接口之间有关联关系时,才会继续执行注册的步骤,否则向服务器返回注册失败的提示信息,提示服务器本次注册请求为无效请求。In an embodiment in which the registration request is initiated by the server, the mapping relationship between the user information and the interface information is pre-configured in the verification device, and when the user information included in the registration request has an association relationship with the requested interface, The registration step will continue, otherwise the login failure message will be returned to the server, prompting the server that the registration request is invalid.
可选地,作为一种实施方式,若所述服务器的主机信息与所述注册主机信息不一致,及/或所述请求的接口信息与所述注册接口信息不一致,则判定所述接口调用请求不合法。校验装置拒绝该服务器对接口的调用,并向服务器发送调用失败的提示信息。Optionally, as an implementation manner, if the host information of the server is inconsistent with the registered host information, and/or the requested interface information is inconsistent with the registration interface information, determining that the interface call request is not legitimate. The verification device rejects the server's call to the interface and sends a prompt message to the server that the call failed.
进一步地,作为一种实施方式,合法性校验程序还可被所述处理器执行,以在判定所述接口调用请求合法的步骤之后,还实现如下步骤:Further, as an implementation manner, the legality verification program may be further executed by the processor to implement the following steps after determining that the interface call request is legal:
调用所述接口信息对应的接口,执行与所述接口调用请求对应的业务操作并将操作结果返回至所述服务器。Invoking an interface corresponding to the interface information, performing a business operation corresponding to the interface call request, and returning the operation result to the server.
在服务器发送的接口调用请求中,还携带有需要通过接口提供的方法执行的业务操作,在判定接口调用请求合法之后,通过该接口提供的操作方法执行该业务操作,获取操作结果并发送至服务器。The interface call request sent by the server also carries a service operation that needs to be performed by the method provided by the interface. After determining that the interface call request is legal, the operation operation is performed by the operation method provided by the interface, and the operation result is obtained and sent to the server. .
本实施例提出的请求合法性的校验装置,服务器在向请求的接口所在的服务器发送接口调用请求时,在请求中携带请求的接口所在的服务器下发的注册凭证信息,请求的接口所在的服务器(即校验装置)接收到其他服务器发送的接口调用请求时,从该接口调用请求中获取服务器的主机信息、请求的接口信息以及注册凭证信息,对注册凭证信息解密处理以获取其中包含的注册主机信息和注册接口信息,若请求中的主机信息、接口信息分别与注册凭证信息中的注册主机信息、注册接口信息一致,则判定接口调用请求合法,本申请的方案中,直接通过接口调用请求本身所包含的信息进行校验,并且其中的注册凭证信息是由请求的接口所在的服务器经过加密后下发的,在校验时由同一台服务器进行解密,保证了注册凭证信息不会被篡改,并且不需要通过第三方认证服务器校验,也不需要维护大量的权限数据,简化了请求合法性的校验过程,进而提高对接口调用的响应速度。In the verification device for requesting the validity of the request, when the server sends an interface call request to the server where the requested interface is located, the server carries the registration credential information sent by the server where the requested interface is located, where the requested interface is located. When the server (ie, the verification device) receives the interface call request sent by another server, the host information of the server, the requested interface information, and the registration credential information are obtained from the interface call request, and the registration credential information is decrypted to obtain the included Registering the host information and registering the interface information. If the host information and the interface information in the request are consistent with the registered host information and the registration interface information in the registration credential information, it is determined that the interface call request is legal. In the solution of the present application, the interface is directly invoked through the interface. The information contained in the request itself is verified, and the registration voucher information is sent by the server where the requested interface is encrypted, and is decrypted by the same server during verification, thereby ensuring that the registration voucher information is not Tampering, and does not need to pass the third Check the authentication server does not need to maintain a large number of permissions data, simplifying the process of verification of the legality of the request, and to improve the response speed of the interface calls.
可选地,在其他的实施例中,合法性校验程序还可以被分割为一个或者 多个模块,一个或者多个模块被存储于存储器11中,并由一个或多个处理器(本实施例为处理器12)所执行以完成本申请,本申请所称的模块是指能够完成特定功能的一系列计算机程序指令段,用于描述合法性校验程序在请求合法性的校验装置中的执行过程。Optionally, in other embodiments, the legality verification program may also be divided into one or more modules, and one or more modules are stored in the memory 11 and executed by one or more processors (this implementation) For example, the processor 12) is executed to complete the application. The module referred to in the present application refers to a series of computer program instruction segments capable of performing a specific function, and is used to describe the legality verification program in the verification device for requesting legality. The implementation process.
例如,参照图2所示,为本申请请求合法性的校验装置一实施例中的合法性校验程序的程序模块示意图,该实施例中,合法性校验程序可以被分割为获取模块10、解密模块20和执行模块30,示例性地:For example, as shown in FIG. 2, it is a schematic diagram of a program module of a legality verification program in an embodiment of a verification device for requesting validity of the present application. In this embodiment, the legality verification program may be divided into the acquisition module 10 Decryption module 20 and execution module 30, illustratively:
获取模块10用于:在接收到服务器群组中的服务器发送的接口调用请求时,从所述接口调用请求中获取该服务器的主机信息、请求的接口信息以及注册凭证信息,其中,所述注册凭证信息由所述校验装置下发;The obtaining module 10 is configured to: when receiving an interface call request sent by a server in the server group, obtain host information, requested interface information, and registration credential information of the server from the interface call request, where the registration The voucher information is sent by the verification device;
解密模块20用于:对所述注册凭证信息进行解密处理,获取所述注册凭证信息中包含的注册主机信息和注册接口信息;The decryption module 20 is configured to: perform decryption processing on the registration credential information, and obtain registration host information and registration interface information included in the registration credential information;
执行模块30用于:若所述服务器的主机信息与所述注册主机信息一致且所述请求的接口信息与所述注册接口信息一致,则判定所述接口调用请求合法。The execution module 30 is configured to: if the host information of the server is consistent with the registered host information, and the requested interface information is consistent with the registration interface information, determine that the interface call request is legal.
上述获取模块10、解密模块20和执行模块30等程序模块被执行时所实现的功能或操作步骤与上述实施例大体相同,在此不再赘述。The functions or operation steps of the above-mentioned acquisition module 10, the decryption module 20, and the execution module 30 are substantially the same as those of the foregoing embodiment, and are not described herein again.
此外,本申请还提供一种请求合法性的校验方法。参照图3所示,为本申请请求合法性的校验方法较佳实施例的流程图。该方法可以由一个装置执行,该装置可以由软件和/或硬件实现,下文中以请求合法性校验装置作为该方法的执行主体对本实施例的方法进行说明。In addition, the present application also provides a verification method for requesting legality. Referring to FIG. 3, it is a flowchart of a preferred embodiment of the verification method for legality of the request of the present application. The method may be performed by a device, which may be implemented by software and/or hardware, and the method of the present embodiment will be described hereinafter with a request legality verification device as an execution body of the method.
在本实施例中,请求合法性的校验方法包括:In this embodiment, the verification method of the request validity includes:
步骤S10,在接收到服务器群组中的服务器发送的接口调用请求时,从所述接口调用请求中获取该服务器的主机信息、请求的接口信息以及注册凭证信息,其中,所述注册凭证信息由请求的接口所在的服务器下发。Step S10, when receiving an interface call request sent by a server in the server group, obtaining host information, requested interface information, and registration credential information of the server from the interface call request, where the registration credential information is The server where the requested interface is delivered is delivered.
本实施例的以下方案中,将配置有接口可供其他服务器调用的服务器称为校验装置,校验装置本身是服务器群组中的一台服务器,也可以向服务器群组中的其他服务器发送接口调用请求,此时,被请求的服务器作为校验装置。校验装置预先将注册凭证信息下发到有权限调用该服务器提供的接口的 其他服务器,例如校验装置有三个接口API1、API2和API3,在服务器群组有多台服务器,假设服务器群组中的服务器A有调用接口API1的权限,则预先在校验装置中完成对服务器A调用接口API1的权限的注册,生成对应的注册凭证信息并下发到服务器A。注册凭证信息中包含有服务器A的主机信息和用于标识接口API1的接口信息,例如,按照加密算法对服务器A的主机信息和用于标识接口API1的接口信息加密生成注册凭证信息。其中,关于在校验装置中对服务器A调用接口API1的权限的注册,可以有多种实施方式,例如,在校验装置中预先根据各个接口的信息以及可以调用这些接口的服务器的主机信息,一一对应地生成注册凭证信息并下发到各个服务器进行存储;或者,在其他实施例中,由服务器在首次调用接口之前,主动向校验装置发起注册请求,校验装置根据注册请求对该服务器的调用权限进行注册。In the following solution in this embodiment, a server configured with an interface for other server calls is called a verification device, and the verification device itself is a server in a server group, and may also be sent to other servers in the server group. The interface invokes the request, at which point the requested server acts as a check device. The verification device pre-distributes the registration credential information to other servers that have permission to invoke the interface provided by the server. For example, the verification device has three interfaces API1, API2, and API3, and there are multiple servers in the server group, assuming a server group. The server A has the right to invoke the interface API1, and the registration of the right to invoke the interface API1 of the server A is completed in the verification device, and the corresponding registration voucher information is generated and sent to the server A. The registration credential information includes host information of the server A and interface information for identifying the interface API1. For example, the host information of the server A and the interface information for identifying the interface API1 are encrypted according to an encryption algorithm to generate registration credential information. Wherein, regarding the registration of the authority to invoke the interface API1 to the server A in the verification device, there may be various implementation manners, for example, in the verification device, according to the information of each interface and the host information of the server that can call these interfaces, The registration credential information is generated in one-to-one correspondence and sent to each server for storage; or, in other embodiments, the server initiates a registration request to the verification device before the interface is first called, and the verification device responds to the registration request according to the registration request. The server's call permission is registered.
作为一种实施方式,在接收到服务器发送的注册请求时,从注册请求中获取注册主机信息和注册接口信息;按照预设加密算法对注册主机信息和注册接口信息进行加密处理得到密文注册凭证,并按照预设的第一变位规则对密文注册凭证中的字符进行变位处理,将变位处理的结果作为注册凭证信息;将注册凭证信息发送至所述服务器,以供所述服务器在发起接口调用请求时,将所述注册凭证信息添加至发起的接口调用请求中。预设加密算法可以有多钟实施方式,AES(Advanced Encryption Standard,高级加密标准)算法、BASE64算法等。此外,在对注册主机信息和注册接口信息加密之前,将注册主机信息中包含的多个信息以及注册接口信息组合起来,信息之间可以利用“|”进行区分。本实施例中的第一变位规则是指对加密得到的字符串中的部分字符的位置进行变更,以防止其他设备破解加密结果并对注册凭证信息进行篡改。第一变位规则可以有多种实施方式,例如,将字符串的奇数位和比它大一位的偶数位互相交换,或者,移动字符串中特定位置处的字符的位置等等。在其他实施例中,也可以只使用加密算法加密即可,不使用变位规则进行变位处理。As an implementation manner, when receiving the registration request sent by the server, the registration host information and the registration interface information are obtained from the registration request; and the registration host information and the registration interface information are encrypted according to a preset encryption algorithm to obtain a ciphertext registration certificate. And performing a displacement process on the characters in the ciphertext registration voucher according to the preset first displacement rule, using the result of the displacement process as the registration voucher information; and transmitting the registration voucher information to the server for the server The registration credential information is added to the originating interface call request when the interface call request is initiated. The preset encryption algorithm can have multiple implementations, AES (Advanced Encryption Standard) algorithm, BASE64 algorithm, and the like. In addition, before encrypting the registered host information and the registration interface information, the plurality of information included in the registered host information and the registration interface information are combined, and the information can be distinguished by using "|". The first displacement rule in this embodiment refers to changing the position of some characters in the encrypted character string to prevent other devices from cracking the encryption result and tampering with the registration voucher information. The first displacement rule can have various embodiments, for example, exchanging odd-numbered bits of a string with even-numbered bits that are one bit larger, or moving the position of a character at a specific position in the string, and the like. In other embodiments, it is also possible to encrypt using only the encryption algorithm, and the displacement processing is performed without using the displacement rule.
可以理解的是,一台服务器中可能存储有多个注册凭证信息,这些注册凭证信息分别与各个可以调用的接口一一对应。服务器在需要调用其他服务器提供的接口执行对应的操作时,获取与要调用的接口对应的注册凭证信息添加到接口调用请求中。校验装置在接收到服务器群组中的其他服务器发送 的接口调用请求时,从该请求中获取发送方服务器的主机信息、请求的接口信息以及注册凭证信息。其中,上述主机信息包括主机名、用户名等信息。It can be understood that a plurality of registration credential information may be stored in one server, and the registration credential information is respectively corresponding to each of the callable interfaces. When the server needs to invoke an interface provided by another server to perform a corresponding operation, the server obtains registration credential information corresponding to the interface to be called and adds it to the interface call request. When receiving the interface call request sent by another server in the server group, the verification device acquires the host information of the sender server, the requested interface information, and the registration credential information from the request. The host information includes information such as a host name and a user name.
需要说明的是,在一些实施例中,服务器提供的接口可以是基于REST(Representational State Transfer,表述性状态转移)框架的restful接口,而REST是一种基于HTTP(Hyper Text Transfer Protocol,超文本传输协议)的REST软件架构,因此,服务器发送的接口调用请求为HTTP请求。It should be noted that, in some embodiments, the interface provided by the server may be a restful interface based on a REST (Representational State Transfer) framework, and the REST is an HTTP-based (Hyper Text Transfer Protocol). Protocol) The REST software architecture, therefore, the interface call request sent by the server is an HTTP request.
步骤S20,对所述注册凭证信息进行解密处理,获取所述注册凭证信息中包含的注册主机信息和注册接口信息。Step S20: Perform decryption processing on the registration credential information, and obtain registration host information and registration interface information included in the registration credential information.
步骤S30,若所述服务器的主机信息与所述注册主机信息一致且所述请求的接口信息与所述注册接口信息一致,则判定所述接口调用请求合法。Step S30: If the host information of the server is consistent with the registered host information and the requested interface information is consistent with the registration interface information, it is determined that the interface call request is legal.
校验装置对获取到的注册凭证信息进行解密处理,获取注册凭证信息中包含的注册主机信息和注册接口信息,判断接口调用请求中的接口信息是否与注册接口信息一致,主机信息是否与注册主机信息一致,若一致,则认为接口调用请求合法,否则,判定接口调用请求不合法,向服务器发送请求不合法的响应信息。具体地,关于对注册凭证信息的解密操作,需要校验装置按照与注册时使用的加密算法对应的解密算法进行解密,使用的密钥存储在校验装置中,每一台校验装置都有独有的密钥,请求方服务器无法对接收到的注册凭证信息解密,也就不能对注册凭证信息中的篡改,保证了信息的安全性,进而保证了这种合法性校验方式的准确性。具体地,对所述注册凭证信息进行解密处理,获取所述注册凭证信息中包含的注册主机信息和注册接口信息的步骤包括:按照与所述第一变位规则对应的第二变位规则对所述注册凭证信息中的字符进行变位处理,获取密文注册凭证;按照与所述预设加密算法对应的预设解密算法对所述密文注册凭证进行解密处理,获取注册主机信息和注册接口信息。在解密时,按照与加密操作相反的过程对注册凭证信息进行解密获取注册主机信息和注册接口信息。The verification device decrypts the obtained registration voucher information, obtains the registration host information and the registration interface information included in the registration voucher information, and determines whether the interface information in the interface call request is consistent with the registration interface information, and whether the host information is related to the registration host. The information is consistent. If the information is consistent, the interface call request is considered to be legal. Otherwise, the interface call request is invalid, and the response information that the request is invalid is sent to the server. Specifically, regarding the decryption operation of the registration credential information, the verification device is required to perform decryption according to a decryption algorithm corresponding to the encryption algorithm used in registration, and the used key is stored in the verification device, and each verification device has The unique key, the requesting server can not decrypt the received registration voucher information, and can not tamper with the registration voucher information, thus ensuring the security of the information, thereby ensuring the accuracy of the legality verification method. . Specifically, the step of decrypting the registration credential information, and acquiring the registration host information and the registration interface information included in the registration credential information includes: following a second displacement rule pair corresponding to the first displacement rule The character in the registration voucher information is subjected to a displacement process to obtain a ciphertext registration voucher; the ciphertext registration voucher is decrypted according to a preset decryption algorithm corresponding to the preset encryption algorithm, and the registration host information and registration are obtained. Interface information. At the time of decryption, the registration credential information is decrypted in accordance with the reverse process of the encryption operation to obtain the registered host information and the registration interface information.
可选地,在一些实施例中,从在接收到所述服务器发送的注册请求时,从所述注册请求中获取注册主机信息和注册接口信息的步骤之后,该方法还包括如下步骤:Optionally, in some embodiments, after the step of obtaining the registration host information and the registration interface information from the registration request when receiving the registration request sent by the server, the method further includes the following steps:
从所述注册请求中获取用户信息,根据预先设置的用户信息与接口信息之间的映射关系判断所述用户信息与所述注册接口信息之间是否具有关联关 系;若是,则执行按照预设加密算法对注册主机信息进行加密处理得到第一密文注册凭证,并对所述第一密文注册凭证中的字符按照预设的变位规则进行变位处理的步骤;若否,则向所述服务器返回注册失败的提示信息。Acquiring the user information from the registration request, and determining whether there is an association relationship between the user information and the registration interface information according to a mapping relationship between the preset user information and the interface information; if yes, performing encryption according to a preset Encrypting the registered host information to obtain a first ciphertext registration voucher, and performing a process of displacing the characters in the first ciphertext registration voucher according to a preset variogram; if not, proceeding to the The server returns a message indicating that the registration failed.
在由服务器主动发起注册请求的实施例中,在校验装置中预先配置用户信息与接口信息之间的映射关系,当注册请求中包含的用户信息与其请求的接口之间有关联关系时,才会继续执行注册的步骤,否则向服务器返回注册失败的提示信息,提示服务器本次注册请求为无效请求。In an embodiment in which the registration request is initiated by the server, the mapping relationship between the user information and the interface information is pre-configured in the verification device, and when the user information included in the registration request has an association relationship with the requested interface, The registration step will continue, otherwise the login failure message will be returned to the server, prompting the server that the registration request is invalid.
可选地,作为一种实施方式,若所述服务器的主机信息与所述注册主机信息不一致,及/或所述请求的接口信息与所述注册接口信息不一致,则判定所述接口调用请求不合法。校验装置拒绝该服务器对接口的调用,并向服务器发送调用失败的提示信息。Optionally, as an implementation manner, if the host information of the server is inconsistent with the registered host information, and/or the requested interface information is inconsistent with the registration interface information, determining that the interface call request is not legitimate. The verification device rejects the server's call to the interface and sends a prompt message to the server that the call failed.
进一步地,作为一种实施方式,在判定所述接口调用请求合法的步骤之后,该方法还包括如下步骤:Further, as an implementation manner, after determining that the interface call request is legal, the method further includes the following steps:
调用所述接口信息对应的接口,执行与所述接口调用请求对应的业务操作并将操作结果返回至所述服务器。Invoking an interface corresponding to the interface information, performing a business operation corresponding to the interface call request, and returning the operation result to the server.
在服务器发送的接口调用请求中,还携带有需要通过接口提供的方法执行的业务操作,在判定接口调用请求合法之后,通过该接口提供的操作方法执行该业务操作,获取操作结果并发送至服务器。The interface call request sent by the server also carries a service operation that needs to be performed by the method provided by the interface. After determining that the interface call request is legal, the operation operation is performed by the operation method provided by the interface, and the operation result is obtained and sent to the server. .
本实施例提出的请求合法性的校验方法,服务器在向请求的接口所在的服务器发送接口调用请求时,在请求中携带请求的接口所在的服务器下发的注册凭证信息,请求的接口所在的服务器(即校验装置)接收到其他服务器发送的接口调用请求时,从该接口调用请求中获取服务器的主机信息、请求的接口信息以及注册凭证信息,对注册凭证信息解密处理以获取其中包含的注册主机信息和注册接口信息,若请求中的主机信息、接口信息分别与注册凭证信息中的注册主机信息、注册接口信息一致,则判定接口调用请求合法,本申请的方案中,直接通过接口调用请求本身所包含的信息进行校验,并且其中的注册凭证信息是由请求的接口所在的服务器经过加密后下发的,在校验时由同一台服务器进行解密,保证了注册凭证信息不会被篡改,并且不需要通过第三方认证服务器校验,也不需要维护大量的权限数据,简化了请求合法性的校验过程,进而提高对接口调用的响应速度。In the verification method of the request validity of the present embodiment, when the server sends an interface call request to the server where the requested interface is located, the server carries the registration credential information sent by the server where the requested interface is located, where the requested interface is located. When the server (ie, the verification device) receives the interface call request sent by another server, the host information of the server, the requested interface information, and the registration credential information are obtained from the interface call request, and the registration credential information is decrypted to obtain the included Registering the host information and registering the interface information. If the host information and the interface information in the request are consistent with the registered host information and the registration interface information in the registration credential information, it is determined that the interface call request is legal. In the solution of the present application, the interface is directly invoked through the interface. The information contained in the request itself is verified, and the registration voucher information is sent by the server where the requested interface is encrypted, and is decrypted by the same server during verification, thereby ensuring that the registration voucher information is not Tampering, and does not need to pass the third Check the authentication server does not need to maintain a large number of permissions data, simplifying the process of verification of the legality of the request, and to improve the response speed of the interface calls.
此外,本申请实施例还提出一种计算机可读存储介质,所述计算机可读存储介质上存储有合法性校验程序,所述合法性校验程序可被一个或多个处理器执行,以实现如下操作:In addition, the embodiment of the present application further provides a computer readable storage medium, where the legality verification program is stored, and the legality verification program can be executed by one or more processors, Implement the following operations:
在接收到服务器群组中的服务器发送的接口调用请求时,从所述接口调用请求中获取该服务器的主机信息、请求的接口信息以及注册凭证信息,其中,所述注册凭证信息由所述校验装置下发;Receiving, by the interface call request, the host information of the server, the requested interface information, and the registration credential information, where the registration voucher information is obtained by the school, when receiving an interface call request sent by a server in the server group The inspection device is issued;
对所述注册凭证信息进行解密处理,获取所述注册凭证信息中包含的注册主机信息和注册接口信息;Decrypting the registration credential information, and acquiring registration host information and registration interface information included in the registration credential information;
若所述服务器的主机信息与所述注册主机信息一致且所述请求的接口信息与所述注册接口信息一致,则判定所述接口调用请求合法。If the host information of the server is consistent with the registered host information and the requested interface information is consistent with the registration interface information, it is determined that the interface call request is legal.
本申请计算机可读存储介质具体实施方式与上述请求合法性的校验装置和方法各实施例基本相同,在此不作累述。The specific embodiment of the computer readable storage medium of the present application is substantially the same as the foregoing embodiment of the verification apparatus and method for requesting legality, and will not be described herein.
需要说明的是,上述本申请实施例序号仅仅为了描述,不代表实施例的优劣。并且本文中的术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、装置、物品或者方法不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、装置、物品或者方法所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、装置、物品或者方法中还存在另外的相同要素。It should be noted that the foregoing serial numbers of the embodiments of the present application are merely for the description, and do not represent the advantages and disadvantages of the embodiments. And the terms "including", "comprising", or any other variations thereof are intended to encompass a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a plurality of elements includes not only those elements but also Other elements listed, or elements that are inherent to such a process, device, item, or method. An element that is defined by the phrase "comprising a ..." does not exclude the presence of additional equivalent elements in the process, the device, the item, or the method that comprises the element.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在如上所述的一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本申请各个实施例所述的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the foregoing embodiment method can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is better. Implementation. Based on such understanding, the technical solution of the present application, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM as described above). , a disk, an optical disk, including a number of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the methods described in the various embodiments of the present application.
以上仅为本申请的优选实施例,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本申请的专利保护范围内。The above is only a preferred embodiment of the present application, and is not intended to limit the scope of the patent application, and the equivalent structure or equivalent process transformations made by the specification and the drawings of the present application, or directly or indirectly applied to other related technical fields. The same is included in the scope of patent protection of this application.

Claims (20)

  1. 一种请求合法性的校验装置,其特征在于,所述装置包括存储器和处理器,所述存储器上存储有可在所述处理器上运行的合法性校验程序,所述合法性校验程序被所述处理器执行时实现如下步骤:A verification device for requesting legality, characterized in that the device comprises a memory and a processor, and the memory stores a legality verification program executable on the processor, the legality check The program implements the following steps when executed by the processor:
    在接收到服务器群组中的服务器发送的接口调用请求时,从所述接口调用请求中获取该服务器的主机信息、请求的接口信息以及注册凭证信息,其中,所述注册凭证信息由所述校验装置下发;Receiving, by the interface call request, the host information of the server, the requested interface information, and the registration credential information, where the registration voucher information is obtained by the school, when receiving an interface call request sent by a server in the server group The inspection device is issued;
    对所述注册凭证信息进行解密处理,获取所述注册凭证信息中包含的注册主机信息和注册接口信息;Decrypting the registration credential information, and acquiring registration host information and registration interface information included in the registration credential information;
    若所述服务器的主机信息与所述注册主机信息一致且所述请求的接口信息与所述注册接口信息一致,则判定所述接口调用请求合法。If the host information of the server is consistent with the registered host information and the requested interface information is consistent with the registration interface information, it is determined that the interface call request is legal.
  2. 如权利要求1所述的请求合法性的校验装置,其特征在于,所述合法性校验程序还可被所述处理器执行,以在所述对所述注册凭证信息进行解密处理,获取所述注册凭证信息中包含的注册主机信息和注册接口信息的步骤之后,还实现如下步骤:The apparatus for verifying the validity of a request according to claim 1, wherein the legality verification program is further executable by the processor to perform decryption processing on the registration credential information to obtain After the step of registering the host information and registering the interface information included in the registration credential information, the following steps are also implemented:
    若所述服务器的主机信息与所述注册主机信息不一致,及/或所述请求的接口信息与所述注册接口信息不一致,则判定所述接口调用请求不合法。If the host information of the server is inconsistent with the registered host information, and/or the requested interface information is inconsistent with the registered interface information, it is determined that the interface call request is invalid.
  3. 如权利要求1所述的请求合法性的校验装置,其特征在于,所述合法性校验程序还可被所述处理器执行,以在所述在接收到服务器群组中的服务器发送的接口调用请求时,从所述接口调用请求中获取该服务器的主机信息、请求的接口信息以及注册凭证信息的步骤之前,还实现如下步骤:The apparatus for verifying the validity of a request according to claim 1, wherein said legality verification program is further executable by said processor to be transmitted by said server in said group of receiving servers When the interface invokes the request, before the step of obtaining the host information of the server, the requested interface information, and the registration credential information from the interface call request, the following steps are also implemented:
    在接收到所述服务器发送的注册请求时,从所述注册请求中获取注册主机信息和注册接口信息;Obtaining registration host information and registration interface information from the registration request when receiving the registration request sent by the server;
    按照预设加密算法对注册主机信息和注册接口信息进行加密处理得到密文注册凭证,并按照预设的第一变位规则对所述密文注册凭证中的字符进行变位处理,将变位处理的结果作为注册凭证信息;Encrypting the registered host information and the registration interface information according to a preset encryption algorithm to obtain a ciphertext registration certificate, and performing a displacement processing on the characters in the ciphertext registration voucher according to a preset first displacement rule, and displacing the characters The result of the processing is used as registration voucher information;
    将所述注册凭证信息发送至所述服务器,以供所述服务器在发起接口调用请求时,将所述注册凭证信息添加至发起的接口调用请求中。Sending the registration credential information to the server, for the server to add the registration credential information to the originating interface call request when initiating an interface call request.
  4. 如权利要求2所述的请求合法性的校验装置,其特征在于,所述合法性校验程序还可被所述处理器执行,以在所述在接收到服务器群组中的服务 器发送的接口调用请求时,从所述接口调用请求中获取该服务器的主机信息、请求的接口信息以及注册凭证信息的步骤之前,还实现如下步骤:The apparatus for verifying the validity of a request according to claim 2, wherein said legality verification program is further executable by said processor to be transmitted by said server in said group of receiving servers When the interface invokes the request, before the step of obtaining the host information of the server, the requested interface information, and the registration credential information from the interface call request, the following steps are also implemented:
    在接收到所述服务器发送的注册请求时,从所述注册请求中获取注册主机信息和注册接口信息;Obtaining registration host information and registration interface information from the registration request when receiving the registration request sent by the server;
    按照预设加密算法对注册主机信息和注册接口信息进行加密处理得到密文注册凭证,并按照预设的第一变位规则对所述密文注册凭证中的字符进行变位处理,将变位处理的结果作为注册凭证信息;Encrypting the registered host information and the registration interface information according to a preset encryption algorithm to obtain a ciphertext registration certificate, and performing a displacement processing on the characters in the ciphertext registration voucher according to a preset first displacement rule, and displacing the characters The result of the processing is used as registration voucher information;
    将所述注册凭证信息发送至所述服务器,以供所述服务器在发起接口调用请求时,将所述注册凭证信息添加至发起的接口调用请求中。Sending the registration credential information to the server, for the server to add the registration credential information to the originating interface call request when initiating an interface call request.
  5. 如权利要求3所述的请求合法性的校验装置,其特征在于,所述合法性校验程序还可被所述处理器执行,以在所述在接收到所述服务器发送的注册请求时,从所述注册请求中获取注册主机信息和注册接口信息的步骤之后,还实现如下步骤:The apparatus for verifying the validity of a request according to claim 3, wherein said legality verification program is further executable by said processor to perform said registration request sent by said server After obtaining the registration host information and the registration interface information from the registration request, the following steps are also implemented:
    从所述注册请求中获取用户信息,根据预先设置的用户信息与接口信息之间的映射关系判断所述用户信息与所述注册接口信息之间是否具有关联关系;Obtaining the user information from the registration request, and determining whether there is an association relationship between the user information and the registration interface information according to a mapping relationship between the preset user information and the interface information;
    若是,则执行按照预设加密算法对注册主机信息进行加密处理得到第一密文注册凭证,并对所述第一密文注册凭证中的字符按照预设的变位规则进行变位处理的步骤;If yes, performing the step of performing encryption process on the registration host information according to the preset encryption algorithm to obtain the first ciphertext registration certificate, and performing the displacement processing on the characters in the first ciphertext registration voucher according to the preset displacement rule ;
    若否,则向所述服务器返回注册失败的提示信息。If not, the prompt information of the registration failure is returned to the server.
  6. 如权利要求3所述的请求合法性的校验装置,其特征在于,所述对所述注册凭证信息进行解密处理,获取所述注册凭证信息中包含的注册主机信息和注册接口信息的步骤包括:The apparatus for verifying the validity of the request according to claim 3, wherein the step of decrypting the registration credential information, and acquiring the registered host information and the registration interface information included in the registration credential information includes: :
    按照与所述第一变位规则对应的第二变位规则对所述注册凭证信息中的字符进行变位处理,获取密文注册凭证;Performing a displacement process on the characters in the registration voucher information according to the second displacement rule corresponding to the first displacement rule to obtain a ciphertext registration voucher;
    按照与所述预设加密算法对应的预设解密算法对所述密文注册凭证进行解密处理,获取注册主机信息和注册接口信息。Decrypting the ciphertext registration voucher according to a preset decryption algorithm corresponding to the preset encryption algorithm, and acquiring registration host information and registration interface information.
  7. 如权利要求5所述的请求合法性的校验装置,其特征在于,所述对所述注册凭证信息进行解密处理,获取所述注册凭证信息中包含的注册主机信息和注册接口信息的步骤包括:The apparatus for verifying the validity of the request according to claim 5, wherein the step of decrypting the registration credential information, and acquiring the registered host information and the registration interface information included in the registration credential information includes: :
    按照与所述第一变位规则对应的第二变位规则对所述注册凭证信息中的字符进行变位处理,获取密文注册凭证;Performing a displacement process on the characters in the registration voucher information according to the second displacement rule corresponding to the first displacement rule to obtain a ciphertext registration voucher;
    按照与所述预设加密算法对应的预设解密算法对所述密文注册凭证进行解密处理,获取注册主机信息和注册接口信息。Decrypting the ciphertext registration voucher according to a preset decryption algorithm corresponding to the preset encryption algorithm, and acquiring registration host information and registration interface information.
  8. 一种请求合法性的校验方法,其特征在于,所述方法包括:A verification method for requesting legality, characterized in that the method comprises:
    在接收到服务器群组中的服务器发送的接口调用请求时,从所述接口调用请求中获取该服务器的主机信息、请求的接口信息以及注册凭证信息,其中,所述注册凭证信息由请求的接口所在的服务器下发;Receiving, by the interface call request, the host information of the server, the requested interface information, and the registration credential information, where the registration credential information is requested by the interface, when receiving an interface call request sent by a server in the server group The server where it is delivered;
    对所述注册凭证信息进行解密处理,获取所述注册凭证信息中包含的注册主机信息和注册接口信息;Decrypting the registration credential information, and acquiring registration host information and registration interface information included in the registration credential information;
    若所述服务器的主机信息与所述注册主机信息一致且所述请求的接口信息与所述注册接口信息一致,则判定所述接口调用请求合法。If the host information of the server is consistent with the registered host information and the requested interface information is consistent with the registration interface information, it is determined that the interface call request is legal.
  9. 如权利要求8所述的请求合法性的校验方法,其特征在于,所述对所述注册凭证信息进行解密处理,获取所述注册凭证信息中包含的注册主机信息和注册接口信息的步骤之后,所述方法还包括:The method for verifying the validity of a request according to claim 8, wherein the step of decrypting the registration voucher information and acquiring the registration host information and the registration interface information included in the registration voucher information The method further includes:
    若所述服务器的主机信息与所述注册主机信息不一致,及/或所述请求的接口信息与所述注册接口信息不一致,则判定所述接口调用请求不合法。If the host information of the server is inconsistent with the registered host information, and/or the requested interface information is inconsistent with the registered interface information, it is determined that the interface call request is invalid.
  10. 如权利要求8所述的请求合法性的校验方法,其特征在于,所述在接收到服务器群组中的服务器发送的接口调用请求时,从所述接口调用请求中获取该服务器的主机信息、请求的接口信息以及注册凭证信息的步骤之前,所述方法还包括如下步骤:The method for verifying the validity of a request according to claim 8, wherein when the interface call request sent by the server in the server group is received, the host information of the server is obtained from the interface call request. Before the step of requesting interface information and registering credential information, the method further includes the following steps:
    在接收到所述服务器发送的注册请求时,从所述注册请求中获取注册主机信息和注册接口信息;Obtaining registration host information and registration interface information from the registration request when receiving the registration request sent by the server;
    按照预设加密算法对注册主机信息和注册接口信息进行加密处理得到密文注册凭证,并按照预设的第一变位规则对所述密文注册凭证中的字符进行变位处理,将变位处理的结果作为注册凭证信息;Encrypting the registered host information and the registration interface information according to a preset encryption algorithm to obtain a ciphertext registration certificate, and performing a displacement processing on the characters in the ciphertext registration voucher according to a preset first displacement rule, and displacing the characters The result of the processing is used as registration voucher information;
    将所述注册凭证信息发送至所述服务器,以供所述服务器在发起接口调用请求时,将所述注册凭证信息添加至发起的接口调用请求中。Sending the registration credential information to the server, for the server to add the registration credential information to the originating interface call request when initiating an interface call request.
  11. 如权利要求9所述的请求合法性的校验方法,其特征在于,所述在接收到服务器群组中的服务器发送的接口调用请求时,从所述接口调用请求 中获取该服务器的主机信息、请求的接口信息以及注册凭证信息的步骤之前,所述方法还包括如下步骤:The method for verifying the validity of a request according to claim 9, wherein when the interface call request sent by the server in the server group is received, the host information of the server is obtained from the interface call request. Before the step of requesting interface information and registering credential information, the method further includes the following steps:
    在接收到所述服务器发送的注册请求时,从所述注册请求中获取注册主机信息和注册接口信息;Obtaining registration host information and registration interface information from the registration request when receiving the registration request sent by the server;
    按照预设加密算法对注册主机信息和注册接口信息进行加密处理得到密文注册凭证,并按照预设的第一变位规则对所述密文注册凭证中的字符进行变位处理,将变位处理的结果作为注册凭证信息;Encrypting the registered host information and the registration interface information according to a preset encryption algorithm to obtain a ciphertext registration certificate, and performing a displacement processing on the characters in the ciphertext registration voucher according to a preset first displacement rule, and displacing the characters The result of the processing is used as registration voucher information;
    将所述注册凭证信息发送至所述服务器,以供所述服务器在发起接口调用请求时,将所述注册凭证信息添加至发起的接口调用请求中。Sending the registration credential information to the server, for the server to add the registration credential information to the originating interface call request when initiating an interface call request.
  12. 如权利要求8所述的请求合法性的校验方法,其特征在于,所述在接收到所述服务器发送的注册请求时,从所述注册请求中获取注册主机信息和注册接口信息的步骤之后,该方法还包括如下步骤:The method for verifying the validity of a request according to claim 8, wherein the step of acquiring the registration host information and the registration interface information from the registration request after receiving the registration request sent by the server The method further includes the following steps:
    从所述注册请求中获取用户信息,根据预先设置的用户信息与接口信息之间的映射关系判断所述用户信息与所述注册接口信息之间是否具有关联关系;Obtaining the user information from the registration request, and determining whether there is an association relationship between the user information and the registration interface information according to a mapping relationship between the preset user information and the interface information;
    若是,则执行按照预设加密算法对注册主机信息进行加密处理得到第一密文注册凭证,并对所述第一密文注册凭证中的字符按照预设的变位规则进行变位处理的步骤;If yes, performing the step of performing encryption process on the registration host information according to the preset encryption algorithm to obtain the first ciphertext registration certificate, and performing the displacement processing on the characters in the first ciphertext registration voucher according to the preset displacement rule ;
    若否,则向所述服务器返回注册失败的提示信息。If not, the prompt information of the registration failure is returned to the server.
  13. 如权利要求10所述的请求合法性的校验方法,其特征在于,所述对所述注册凭证信息进行解密处理,获取所述注册凭证信息中包含的注册主机信息和注册接口信息的步骤包括:The method for verifying the validity of a request according to claim 10, wherein the step of decrypting the registration voucher information, and acquiring the registration host information and the registration interface information included in the registration voucher information includes: :
    按照与所述第一变位规则对应的第二变位规则对所述注册凭证信息中的字符进行变位处理,获取密文注册凭证;Performing a displacement process on the characters in the registration voucher information according to the second displacement rule corresponding to the first displacement rule to obtain a ciphertext registration voucher;
    按照与所述预设加密算法对应的预设解密算法对所述密文注册凭证进行解密处理,获取注册主机信息和注册接口信息。Decrypting the ciphertext registration voucher according to a preset decryption algorithm corresponding to the preset encryption algorithm, and acquiring registration host information and registration interface information.
  14. 如权利要求12所述的请求合法性的校验方法,其特征在于,所述对所述注册凭证信息进行解密处理,获取所述注册凭证信息中包含的注册主机信息和注册接口信息的步骤包括:The method for verifying the validity of a request according to claim 12, wherein the step of decrypting the registration voucher information, and acquiring the registration host information and the registration interface information included in the registration voucher information includes: :
    按照与所述第一变位规则对应的第二变位规则对所述注册凭证信息中的 字符进行变位处理,获取密文注册凭证;And locating characters in the registration credential information according to a second variability rule corresponding to the first variability rule to obtain a ciphertext registration voucher;
    按照与所述预设加密算法对应的预设解密算法对所述密文注册凭证进行解密处理,获取注册主机信息和注册接口信息。Decrypting the ciphertext registration voucher according to a preset decryption algorithm corresponding to the preset encryption algorithm, and acquiring registration host information and registration interface information.
  15. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有合法性校验程序,所述合法性校验程序可被一个或者多个处理器执行,以实现如下步骤:A computer readable storage medium, wherein the computer readable storage medium stores a legality verification program, and the legality verification program can be executed by one or more processors to implement the following steps:
    在接收到服务器群组中的服务器发送的接口调用请求时,从所述接口调用请求中获取该服务器的主机信息、请求的接口信息以及注册凭证信息,其中,所述注册凭证信息由所述校验装置下发;Receiving, by the interface call request, the host information of the server, the requested interface information, and the registration credential information, where the registration voucher information is obtained by the school, when receiving an interface call request sent by a server in the server group The inspection device is issued;
    对所述注册凭证信息进行解密处理,获取所述注册凭证信息中包含的注册主机信息和注册接口信息;Decrypting the registration credential information, and acquiring registration host information and registration interface information included in the registration credential information;
    若所述服务器的主机信息与所述注册主机信息一致且所述请求的接口信息与所述注册接口信息一致,则判定所述接口调用请求合法。If the host information of the server is consistent with the registered host information and the requested interface information is consistent with the registration interface information, it is determined that the interface call request is legal.
  16. 如权利要求15所述的计算机可读存储介质,其特征在于,所述合法性校验程序还可被所述处理器执行,以在所述对所述注册凭证信息进行解密处理,获取所述注册凭证信息中包含的注册主机信息和注册接口信息的步骤之后,还实现如下步骤:A computer readable storage medium according to claim 15, wherein said legality verification program is further executable by said processor to perform said decryption processing on said registration voucher information to obtain said After the steps of registering the host information and registering the interface information included in the registration credential information, the following steps are also implemented:
    若所述服务器的主机信息与所述注册主机信息不一致,及/或所述请求的接口信息与所述注册接口信息不一致,则判定所述接口调用请求不合法。If the host information of the server is inconsistent with the registered host information, and/or the requested interface information is inconsistent with the registered interface information, it is determined that the interface call request is invalid.
  17. 如权利要求15所述的计算机可读存储介质,其特征在于,所述合法性校验程序还可被所述处理器执行,以在所述在接收到服务器群组中的服务器发送的接口调用请求时,从所述接口调用请求中获取该服务器的主机信息、请求的接口信息以及注册凭证信息的步骤之前,还实现如下步骤:A computer readable storage medium as recited in claim 15, wherein said legality verification program is further executable by said processor to invoke an interface sent by said server in said receiving server group At the request, before the step of obtaining the host information of the server, the requested interface information, and the registration credential information from the interface call request, the following steps are also implemented:
    在接收到所述服务器发送的注册请求时,从所述注册请求中获取注册主机信息和注册接口信息;Obtaining registration host information and registration interface information from the registration request when receiving the registration request sent by the server;
    按照预设加密算法对注册主机信息和注册接口信息进行加密处理得到密文注册凭证,并按照预设的第一变位规则对所述密文注册凭证中的字符进行变位处理,将变位处理的结果作为注册凭证信息;Encrypting the registered host information and the registration interface information according to a preset encryption algorithm to obtain a ciphertext registration certificate, and performing a displacement processing on the characters in the ciphertext registration voucher according to a preset first displacement rule, and displacing the characters The result of the processing is used as registration voucher information;
    将所述注册凭证信息发送至所述服务器,以供所述服务器在发起接口调用请求时,将所述注册凭证信息添加至发起的接口调用请求中。Sending the registration credential information to the server, for the server to add the registration credential information to the originating interface call request when initiating an interface call request.
  18. 如权利要求16所述的计算机可读存储介质,其特征在于,所述合法性校验程序还可被所述处理器执行,以在所述在接收到服务器群组中的服务器发送的接口调用请求时,从所述接口调用请求中获取该服务器的主机信息、请求的接口信息以及注册凭证信息的步骤之前,还实现如下步骤:The computer readable storage medium of claim 16 wherein said legality verification program is further executable by said processor to invoke an interface sent by said server in said receiving server group At the request, before the step of obtaining the host information of the server, the requested interface information, and the registration credential information from the interface call request, the following steps are also implemented:
    在接收到所述服务器发送的注册请求时,从所述注册请求中获取注册主机信息和注册接口信息;Obtaining registration host information and registration interface information from the registration request when receiving the registration request sent by the server;
    按照预设加密算法对注册主机信息和注册接口信息进行加密处理得到密文注册凭证,并按照预设的第一变位规则对所述密文注册凭证中的字符进行变位处理,将变位处理的结果作为注册凭证信息;Encrypting the registered host information and the registration interface information according to a preset encryption algorithm to obtain a ciphertext registration certificate, and performing a displacement processing on the characters in the ciphertext registration voucher according to a preset first displacement rule, and displacing the characters The result of the processing is used as registration voucher information;
    将所述注册凭证信息发送至所述服务器,以供所述服务器在发起接口调用请求时,将所述注册凭证信息添加至发起的接口调用请求中。Sending the registration credential information to the server, for the server to add the registration credential information to the originating interface call request when initiating an interface call request.
  19. 如权利要求17所述的计算机可读存储介质,其特征在于,所述合法性校验程序还可被所述处理器执行,以在所述在接收到所述服务器发送的注册请求时,从所述注册请求中获取注册主机信息和注册接口信息的步骤之后,还实现如下步骤:The computer readable storage medium of claim 17, wherein the legality verification program is further executable by the processor to, upon receiving the registration request sent by the server, After the step of obtaining the registration host information and the registration interface information in the registration request, the following steps are also implemented:
    从所述注册请求中获取用户信息,根据预先设置的用户信息与接口信息之间的映射关系判断所述用户信息与所述注册接口信息之间是否具有关联关系;Obtaining the user information from the registration request, and determining whether there is an association relationship between the user information and the registration interface information according to a mapping relationship between the preset user information and the interface information;
    若是,则执行按照预设加密算法对注册主机信息进行加密处理得到第一密文注册凭证,并对所述第一密文注册凭证中的字符按照预设的变位规则进行变位处理的步骤;If yes, performing the step of performing encryption process on the registration host information according to the preset encryption algorithm to obtain the first ciphertext registration certificate, and performing the displacement processing on the characters in the first ciphertext registration voucher according to the preset displacement rule ;
    若否,则向所述服务器返回注册失败的提示信息。If not, the prompt information of the registration failure is returned to the server.
  20. 如权利要求17所述的计算机可读存储介质,其特征在于,所述对所述注册凭证信息进行解密处理,获取所述注册凭证信息中包含的注册主机信息和注册接口信息的步骤包括:The computer readable storage medium according to claim 17, wherein the step of decrypting the registration voucher information and acquiring the registration host information and the registration interface information included in the registration voucher information comprises:
    按照与所述第一变位规则对应的第二变位规则对所述注册凭证信息中的字符进行变位处理,获取密文注册凭证;Performing a displacement process on the characters in the registration voucher information according to the second displacement rule corresponding to the first displacement rule to obtain a ciphertext registration voucher;
    按照与所述预设加密算法对应的预设解密算法对所述密文注册凭证进行解密处理,获取注册主机信息和注册接口信息。Decrypting the ciphertext registration voucher according to a preset decryption algorithm corresponding to the preset encryption algorithm, and acquiring registration host information and registration interface information.
PCT/CN2018/089183 2018-02-05 2018-05-31 Device and method for verifying request validity, and computer readable storage medium WO2019148717A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810109486.0 2018-02-05
CN201810109486.0A CN108449315B (en) 2018-02-05 2018-02-05 Request validity verifying device, method and computer readable storage medium

Publications (1)

Publication Number Publication Date
WO2019148717A1 true WO2019148717A1 (en) 2019-08-08

Family

ID=63191475

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/089183 WO2019148717A1 (en) 2018-02-05 2018-05-31 Device and method for verifying request validity, and computer readable storage medium

Country Status (2)

Country Link
CN (1) CN108449315B (en)
WO (1) WO2019148717A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112596823A (en) * 2020-12-23 2021-04-02 支付宝(杭州)信息技术有限公司 Safety control method and device and electronic equipment
CN112612630A (en) * 2020-12-29 2021-04-06 太平金融科技服务(上海)有限公司 System call processing method and device, computer equipment and storage medium
CN113850987A (en) * 2020-12-11 2021-12-28 广东朝歌智慧互联科技有限公司 System for detecting product quality
CN117708864A (en) * 2024-02-06 2024-03-15 深圳和润达科技有限公司 Intelligent management method and device for medium bit machine applied to cell formation component equipment

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109857488B (en) * 2019-02-14 2022-05-27 百度在线网络技术(北京)有限公司 Application program call control method and device, terminal and readable storage medium
CN110222531B (en) * 2019-05-31 2023-07-07 创新先进技术有限公司 Method, system and equipment for accessing database
CN110995756B (en) * 2019-12-20 2022-07-05 广州酷狗计算机科技有限公司 Method and device for calling service
CN111083541B (en) * 2019-12-30 2022-10-04 深圳Tcl数字技术有限公司 Interface calling method and device, smart television and readable storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103490892A (en) * 2013-08-28 2014-01-01 广东数字证书认证中心有限公司 Digital signing method and system, application server and cloud cipher server
CN104579657A (en) * 2013-10-11 2015-04-29 北大方正集团有限公司 Method and device for identity authentication
CN105187449A (en) * 2015-09-30 2015-12-23 北京恒华伟业科技股份有限公司 Interface calling method and device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8209191B2 (en) * 2000-03-17 2012-06-26 United States Postal Service Methods and systems for linking an electronic address to a physical address of a customer
CN101339595B (en) * 2008-05-20 2011-08-10 北京深思洛克软件技术股份有限公司 Device for operation by using permission control software
CN101729514B (en) * 2008-10-23 2012-11-21 华为技术有限公司 Method, device and system for implementing service call
CN103179089A (en) * 2011-12-21 2013-06-26 富泰华工业(深圳)有限公司 System and method for identity authentication for accessing of different software development platforms
CN106529979A (en) * 2016-12-05 2017-03-22 深圳微众税银信息服务有限公司 Enterprise identity authentication method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103490892A (en) * 2013-08-28 2014-01-01 广东数字证书认证中心有限公司 Digital signing method and system, application server and cloud cipher server
CN104579657A (en) * 2013-10-11 2015-04-29 北大方正集团有限公司 Method and device for identity authentication
CN105187449A (en) * 2015-09-30 2015-12-23 北京恒华伟业科技股份有限公司 Interface calling method and device

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113850987A (en) * 2020-12-11 2021-12-28 广东朝歌智慧互联科技有限公司 System for detecting product quality
CN113850987B (en) * 2020-12-11 2023-04-28 广东朝歌智慧互联科技有限公司 System for detecting product quality
CN112596823A (en) * 2020-12-23 2021-04-02 支付宝(杭州)信息技术有限公司 Safety control method and device and electronic equipment
CN112596823B (en) * 2020-12-23 2023-03-21 支付宝(杭州)信息技术有限公司 Safety control method and device and electronic equipment
CN112612630A (en) * 2020-12-29 2021-04-06 太平金融科技服务(上海)有限公司 System call processing method and device, computer equipment and storage medium
CN117708864A (en) * 2024-02-06 2024-03-15 深圳和润达科技有限公司 Intelligent management method and device for medium bit machine applied to cell formation component equipment

Also Published As

Publication number Publication date
CN108449315B (en) 2021-02-19
CN108449315A (en) 2018-08-24

Similar Documents

Publication Publication Date Title
WO2019148717A1 (en) Device and method for verifying request validity, and computer readable storage medium
US20210367795A1 (en) Identity-Linked Authentication Through A User Certificate System
US9742570B2 (en) Securing multimedia content via certificate-issuing cloud service
US9917829B1 (en) Method and apparatus for providing a conditional single sign on
US9838205B2 (en) Network authentication method for secure electronic transactions
EP3602991B1 (en) Mechanism for achieving mutual identity verification via one-way application-device channels
US9906369B2 (en) System and method of cryptographically signing web applications
US9231925B1 (en) Network authentication method for secure electronic transactions
TWI475860B (en) Portable device association
JP6138791B2 (en) Stateless application notification
US9621524B2 (en) Cloud-based key management
US10356079B2 (en) System and method for a single sign on connection in a zero-knowledge vault architecture
WO2019095567A1 (en) Single sign-on verification device, method, and computer readable storage medium
US20140096213A1 (en) Method and system for distributed credential usage for android based and other restricted environment devices
US20160050193A1 (en) System and methods for secure communication in mobile devices
WO2017069915A1 (en) Systems and methods for providing confidentiality and privacy of user data for web browsers
CN112671720B (en) Token construction method, device and equipment for cloud platform resource access control
JP2004048679A (en) Session key security protocol
US10257171B2 (en) Server public key pinning by URL
KR102137122B1 (en) Security check method, device, terminal and server
CN104463584A (en) Method for achieving mobile terminal App safety payment
US20240039707A1 (en) Mobile authenticator for performing a role in user authentication
KR102171377B1 (en) Method of login control
KR20190114505A (en) Single sign on service authentication method and system using token management demon
JP2023532976A (en) Method and system for verification of user identity

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18903298

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 03/11/2020)

122 Ep: pct application non-entry in european phase

Ref document number: 18903298

Country of ref document: EP

Kind code of ref document: A1