CN107659581A - A kind of resource transfer method and apparatus - Google Patents

A kind of resource transfer method and apparatus Download PDF

Info

Publication number
CN107659581A
CN107659581A CN201710996687.2A CN201710996687A CN107659581A CN 107659581 A CN107659581 A CN 107659581A CN 201710996687 A CN201710996687 A CN 201710996687A CN 107659581 A CN107659581 A CN 107659581A
Authority
CN
China
Prior art keywords
key
interface
resource
request
cloud service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710996687.2A
Other languages
Chinese (zh)
Inventor
陈春风
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201710996687.2A priority Critical patent/CN107659581A/en
Publication of CN107659581A publication Critical patent/CN107659581A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of resource transfer method and apparatus.It is related to cloud computing technology;Solve the problems, such as api interface exposure and easily by malicious attack.This method includes:The key parameter of cloud service to be called is obtained from service provider;Resource is asked to the cloud service using the key parameter, so that the cloud service is verified according to the key parameter to originator identity legitimacy.Technical scheme provided by the invention is applied to the safety guarantee to third party's open source calling interface, realizes the protection to application program and data safety.

Description

A kind of resource transfer method and apparatus
Technical field
The present invention relates to cloud computing technology, espespecially a kind of resource transfer method and apparatus.
Background technology
Because the api interface that cloud computing service externally provides has leak, service provider allows third party should by web With Program Interfaces (API) come access application and data.However, many Application developers do not have appropriate guarantor Protect this access way so that application program and data are in danger, and application program may be inveigled to allow attacker Pass through API Access customer data.
The content of the invention
In order to solve the above-mentioned technical problem, the invention provides a kind of resource transfer method and apparatus, in interface interchange side Need during the cloud service resource for calling service provider to provide, it is necessary to first apply for a key to service provider, in calling cloud Key parameter is passed to during service, the key progress to receiving is required for before each interface method execution of service provider Match somebody with somebody, the match is successful just allows interface method to perform, and otherwise disregards.Solve api interface exposure and easily by malicious attack Problem, it is achieved thereby that the protection to application program and data safety.
The invention provides a kind of resource transfer method, including:
The key parameter of cloud service to be called is obtained from service provider;
Resource is asked to the cloud service using the key parameter, so that the cloud service is according to the key parameter pair Originator identity legitimacy is verified.
Preferably, the step of key parameter that cloud service to be called is obtained from service provider, includes:
Key request is sent to service provider;
Receive the key parameter that the service provider answers the key request to issue.
Preferably, the information for calling the interface used during the cloud service is carried in the key request.
Preferably, the key with calling the interface used during the cloud service to match is included in the key parameter.
Present invention also offers a kind of resource transfer method, including:
The resource request that receiving interface called side is sent, key parameter is carried in the resource request;
The key parameter is matched;
When the match is successful, judge that interface interchange side's identity is legal, it is allowed to call resource in the interface interchange side.
Preferably, the resource request that receiving interface called side is sent, the step of key parameter is carried in the resource request Before rapid, in addition to:
Receiving interface called side sends key request, is carried in the key request and calls what is used during cloud service to connect The information of mouth;
The key request is answered, key parameter is issued to the interface interchange side, is included and calling in the key parameter The key that the interface used during the cloud service matches.
Present invention also offers a kind of resource transfer device, including:
Key Acquisition Module, for obtaining the key parameter of cloud service to be called from service provider;
Resource request module, for asking resource to the cloud service using the key parameter, for the cloud service Originator identity legitimacy is verified according to the key parameter.
Preferably, the Key Acquisition Module includes:
Key requesting unit, for sending key request to service provider, calling is carried in the key request The information of the interface used during the cloud service;
Parameter receiving unit, the key parameter for answering the key request to issue for receiving the service provider are described The key with calling the interface used during the cloud service to match is included in key parameter.
Present invention also offers a kind of resource transfer device, including:
Resource request receiving module, the resource request sent for receiving interface called side, takes in the resource request Band key parameter;
Authentication module, for being matched to the key parameter;
Interface administration module, for when the match is successful, judging that interface interchange side's identity is legal, it is allowed to the interface Called side calls resource.
Preferably, the device also includes:
Key request receiving module, key request is sent for receiving interface called side, is carried in the key request There is the information for calling the interface used during cloud service;
Parameter issues module, and for answering the key request, key parameter, the key are issued to the interface interchange side The key with calling the interface used during the cloud service to match is included in parameter.
The invention provides a kind of resource transfer method and apparatus, interface interchange side obtains to be called from service provider Cloud service key parameter, to cloud service ask resource when, using the key parameter, so that the cloud service is according to institute Key parameter is stated to verify originator identity legitimacy;Accordingly, the resource that cloud service receiving interface called side is sent please Ask, the key parameter is matched, when the match is successful, judge that interface interchange side's identity is legal, it is allowed to described to connect Mouth called side calls resource.Solve the problems, such as api interface exposure and easily by malicious attack, it is achieved thereby that to application program and The protection of data safety.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification Obtain it is clear that or being understood by implementing the present invention.The purpose of the present invention and other advantages can be by specification, rights Specifically noted structure is realized and obtained in claim and accompanying drawing.
Brief description of the drawings
Accompanying drawing is used for providing further understanding technical solution of the present invention, and a part for constitution instruction, with this The embodiment of application is used to explain technical scheme together, does not form the limitation to technical solution of the present invention.
Fig. 1 is a kind of schematic flow sheet for resource transfer method that embodiments of the invention one provide;
Fig. 2 is a kind of structural representation for resource transfer device that embodiments of the invention two provide;
Fig. 3 is the structural representation of Key Acquisition Module 201 in Fig. 2;
Fig. 4 is the structural representation for another resource transfer device that embodiments of the invention two provide;
Fig. 5 is a kind of realization principle schematic diagram for resource transfer method that embodiments of the invention three provide.
Embodiment
For the object, technical solutions and advantages of the present invention are more clearly understood, below in conjunction with accompanying drawing to the present invention Embodiment be described in detail.It should be noted that in the case where not conflicting, in the embodiment and embodiment in the application Feature can mutually be combined.
Can be in the computer system of such as one group computer executable instructions the flow of accompanying drawing illustrates the step of Perform.Also, although logical order is shown in flow charts, in some cases, can be with suitable different from herein Sequence performs shown or described step.
Because the api interface that cloud computing service externally provides has leak, service provider allows third party should by web With Program Interfaces (API) come access application and data.However, many Application developers do not have appropriate guarantor Protect this access way so that application program and data are in danger, and application program may be inveigled to allow attacker Pass through API Access customer data.
In order to solve the above problems, the embodiment provides a kind of resource transfer method, API external to cloud service Call safety to be applied with reinforcement measure, for each the interface of cloud service can be called to set a key (to be produced for addition close Key), interface interchange side is before cloud service is asked, it is necessary first to key is obtained, can be according to the interface assignment being related to when calling with being somebody's turn to do The key of Interface Matching, incoming key parameter is needed during each calling interface in interface interchange side, each of service provider connects Mouth method is required for matching the key received before performing, and the match is successful just allows interface method to perform to cloud resource Call, otherwise disregard.This method can effectively prevent exposed api interface by malicious attack, so as to protect application program And data safety.
First with reference to accompanying drawing, embodiments of the invention one are illustrated.
The embodiments of the invention provide a kind of resource transfer method, is taken in interface interchange side by third party's interface interchange cloud During business, by the key authentication interface interchange side identity of service provider's offer, the safety management of external interface is realized, specific stream Journey as shown in figure 1, including:
Step 101, interface interchange side obtain the key parameter of cloud service to be called from service provider;
This step specifically includes:
1st, interface interchange direction service provider sends key request, is carried in the key request and calls the cloud The information of the interface used during service;
2nd, service provider's receiving interface called side transmission key request, the key parameter for answering the key request to issue, The key with calling the interface used during the cloud service to match is included in the key parameter.
3rd, interface interchange side receives the service provider and answers the key parameter that the key request issues.
Preferably, key can use user and password and Key to carry out special encryption, further enhance security.
Step 102, interface interchange side ask resource using the key parameter to the cloud service, for the cloud service Originator identity legitimacy is verified according to the key parameter;
The resource request that step 103, service provider's receiving interface called side are sent, to key parameter progress Match somebody with somebody;
Specifically, the interface used when service provider is according to interface interchange side's request call cloud resource, determines the interface Key, carry out matching with the key carried in resource request and compare.The determining interface called side identity when comparison result is consistent Legal, this calls safety;Otherwise determining interface called side identity is illegal, calls dangerous.
Step 104, when the match is successful, judge that interface interchange side's identity is legal, it is allowed to the interface interchange side adjust Use resource.
Accordingly, inconsistent in comparing result, when it fails to match, determining interface called side identity is illegal.It there may be peace Full sex chromosome mosaicism.Request can be refused or docking port is closed, to ensure quickly to respond to malicious attack.Can also Send alarm.
Below in conjunction with the accompanying drawings, embodiments of the invention two are illustrated.
The embodiments of the invention provide a kind of resource transfer device, its structure as shown in Fig. 2 including:
Key Acquisition Module 201, for obtaining the key parameter of cloud service to be called from service provider;
Resource request module 202, for asking resource to the cloud service using the key parameter, so that the cloud takes Business is verified according to the key parameter to originator identity legitimacy.
Preferably, the Key Acquisition Module 201 structure as shown in figure 3, including:
Key requesting unit 2011, for sending key request to service provider, carried in the key request Call the information of the interface used during the cloud service;
Parameter receiving unit 2012, the key parameter for answering the key request to issue for receiving the service provider, The key with calling the interface used during the cloud service to match is included in the key parameter.
Resource transfer device as shown in figures 2 and 3, can be integrated in third party entity, need to dispatch cloud clothes in third party During resource of being engaged in, the security of third party's access is managed.
The embodiment of the present invention additionally provides a kind of resource transfer device, its structure as shown in figure 4, including:
Resource request receiving module 401, the resource request sent for receiving interface called side, in the resource request Carry key parameter;
Authentication module 402, for being matched to the key parameter;
Interface administration module 403, for when the match is successful, judging that interface interchange side's identity is legal, it is allowed to described Call resource in interface interchange side.
Preferably, the device also includes:
Key request receiving module 404, key request is sent for receiving interface called side, is taken in the key request With the information for calling the interface used during cloud service;
Parameter issues module 405, and for answering the key request, key parameter is issued to the interface interchange side, described The key with calling the interface used during the cloud service to match is included in key parameter.
Resource transfer device as shown in Figure 4, the entity that cloud service resource is provided can be integrated in or pipe is carried out to cloud service In the entity of reason, corresponding function is realized by the entity.
Below in conjunction with the accompanying drawings, embodiments of the invention three are illustrated.
The embodiments of the invention provide a kind of resource transfer method, it is desirable to which interface interchange side (third party) must be first to service Provider registers/applied a key by the self-designed algorithm generation of service provider, and interface interchange side (third party) is every Incoming key parameter is required for during secondary interface interchange, is required for before each interface method execution of service provider to receiving Key matched, cipher key match success just allow interface method perform, otherwise disregard.Realization principle as shown in figure 5, Specific implementation process is as follows:
(1) interface interchange side (third party) is needed first to the key of one energy normal use of service provider's application for registration;
(2) key parameter of application is passed to during interface interchange side (third party) each calling interface;
(3) each interface method of service provider matches before execution to the key received, cipher key match Success just allows interface method to perform, and otherwise disregards.
The embodiment provides a kind of resource transfer method and apparatus, interface interchange side obtains from service provider The key parameter of cloud service to be called is taken, when asking resource to cloud service, using the key parameter, so that the cloud takes Business is verified according to the key parameter to originator identity legitimacy;Accordingly, cloud service receiving interface called side is sent Resource request, the key parameter is matched, when the match is successful, judges that interface interchange side's identity is legal, permit Perhaps resource is called in described interface interchange side.Solve the problems, such as api interface exposure and easily by malicious attack, it is achieved thereby that corresponding With the protection of program and data safety.
Key service provider's generation, is provided, the key has only by applying as the interface interchange side of service user One property and safety guarantee, the other users of no key can not access the interface of service provider's offer, prevent malicious attacker Cloud resource access rights can not be obtained, significantly increase the security guarantee of api interface.Due to api interface method, and key Equal service provider provides so that the interface interchange side of unregistered application key be difficult call api interface carry out malicious attack or Person obtains customer data information.
Although disclosed herein embodiment as above, described content be only readily appreciate the present invention and use Embodiment, it is not limited to the present invention.Technical staff in any art of the present invention, taken off not departing from the present invention On the premise of the spirit and scope of dew, any modification and change, but the present invention can be carried out in the form and details of implementation Scope of patent protection, still should be subject to the scope of the claims as defined in the appended claims.

Claims (10)

  1. A kind of 1. resource transfer method, it is characterised in that including:
    The key parameter of cloud service to be called is obtained from service provider;
    Resource is asked to the cloud service using the key parameter, for the cloud service according to the key parameter to initiating Person's identity legitimacy is verified.
  2. 2. resource transfer method according to claim 1, it is characterised in that cloud to be called is obtained from service provider The step of key parameter of service, includes:
    Key request is sent to service provider;
    Receive the key parameter that the service provider answers the key request to issue.
  3. 3. resource transfer method according to claim 2, it is characterised in that carried in the key request and call institute State the information of the interface used during cloud service.
  4. 4. resource transfer method according to claim 3, it is characterised in that in the key parameter include with described in calling The key that the interface used during cloud service matches.
  5. A kind of 5. resource transfer method, it is characterised in that including:
    The resource request that receiving interface called side is sent, key parameter is carried in the resource request;
    The key parameter is matched;
    When the match is successful, judge that interface interchange side's identity is legal, it is allowed to call resource in the interface interchange side.
  6. 6. resource transfer method according to claim 5, it is characterised in that the resource that receiving interface called side is sent please Ask, in the resource request carry key parameter the step of before, in addition to:
    Receiving interface called side sends key request, carries in the key request interface for calling and being used during cloud service Information;
    Answer the key request, key parameter issued to the interface interchange side, included in the key parameter with described in calling The key that the interface used during cloud service matches.
  7. A kind of 7. resource transfer device, it is characterised in that including:
    Key Acquisition Module, for obtaining the key parameter of cloud service to be called from service provider;
    Resource request module, for using the key parameter to the cloud service ask resource, for the cloud service according to The key parameter is verified to originator identity legitimacy.
  8. 8. resource transfer device according to claim 7, it is characterised in that the Key Acquisition Module includes:
    Key requesting unit, for sending key request to service provider, carried in the key request described in calling The information of the interface used during cloud service;
    Parameter receiving unit, the key parameter for answering the key request to issue for receiving the service provider, the key The key with calling the interface used during the cloud service to match is included in parameter.
  9. A kind of 9. resource transfer device, it is characterised in that including:
    Resource request receiving module, the resource request sent for receiving interface called side, is carried close in the resource request Key parameter;
    Authentication module, for being matched to the key parameter;
    Interface administration module, for when the match is successful, judging that interface interchange side's identity is legal, it is allowed to the interface interchange Call resource in side.
  10. 10. resource transfer device according to claim 9, it is characterised in that the device also includes:
    Key request receiving module, key request is sent for receiving interface called side, tune is carried in the key request The information of the interface used during with cloud service;
    Parameter issues module, and for answering the key request, key parameter, the key parameter are issued to the interface interchange side In include the key that the interface that uses matches during with calling the cloud service.
CN201710996687.2A 2017-10-19 2017-10-19 A kind of resource transfer method and apparatus Pending CN107659581A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710996687.2A CN107659581A (en) 2017-10-19 2017-10-19 A kind of resource transfer method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710996687.2A CN107659581A (en) 2017-10-19 2017-10-19 A kind of resource transfer method and apparatus

Publications (1)

Publication Number Publication Date
CN107659581A true CN107659581A (en) 2018-02-02

Family

ID=61119342

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710996687.2A Pending CN107659581A (en) 2017-10-19 2017-10-19 A kind of resource transfer method and apparatus

Country Status (1)

Country Link
CN (1) CN107659581A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108418814A (en) * 2018-02-12 2018-08-17 广州市贝聊信息科技有限公司 Interface authentication method, apparatus and computer readable storage medium based on dubbo frames
CN110995756A (en) * 2019-12-20 2020-04-10 广州酷狗计算机科技有限公司 Method and device for calling service

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102299930B (en) * 2011-09-19 2014-09-10 北京无限新锐网络科技有限公司 Method for ensuring security of client software
CN105516055A (en) * 2014-09-23 2016-04-20 腾讯科技(深圳)有限公司 Data access method, data access device, target device, and management server
CN106453519A (en) * 2016-09-21 2017-02-22 合网络技术(北京)有限公司 Interface call method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102299930B (en) * 2011-09-19 2014-09-10 北京无限新锐网络科技有限公司 Method for ensuring security of client software
CN105516055A (en) * 2014-09-23 2016-04-20 腾讯科技(深圳)有限公司 Data access method, data access device, target device, and management server
CN106453519A (en) * 2016-09-21 2017-02-22 合网络技术(北京)有限公司 Interface call method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108418814A (en) * 2018-02-12 2018-08-17 广州市贝聊信息科技有限公司 Interface authentication method, apparatus and computer readable storage medium based on dubbo frames
CN110995756A (en) * 2019-12-20 2020-04-10 广州酷狗计算机科技有限公司 Method and device for calling service

Similar Documents

Publication Publication Date Title
US10387639B2 (en) Apparatus and method for API authentication using two API tokens
RU2652425C1 (en) Payment verification method, device and system
US10225246B2 (en) Certificate acquiring method and device
CN109729523B (en) Terminal networking authentication method and device
CN109905350B (en) Data transmission method and system
US20160125180A1 (en) Near Field Communication Authentication Mechanism
CN110278084B (en) eID establishing method, related device and system
TW201729562A (en) Server, mobile terminal, and internet real name authentication system and method
CN108040044A (en) A kind of management method and system for realizing eSIM card security authentications
CN106161028A (en) Safety chip, communication terminal and the method improving communication security
US20140330689A1 (en) System and Method for Verifying Online Banking Account Identity Using Real-Time Communication and Digital Certificate
WO2021088659A1 (en) Electronic signature loading method and device
CN109600337A (en) Method for processing resource, device, system and computer-readable medium
CN107659581A (en) A kind of resource transfer method and apparatus
US20110154436A1 (en) Provider Management Methods and Systems for a Portable Device Running Android Platform
US20220150703A1 (en) Asserting user, app, and device binding in an unmanaged mobile device
US10972605B2 (en) Signature based communication authentication
US9462471B2 (en) Identification of call participants
CN110830264B (en) Service data verification method, server, client and readable storage medium
CN115879074A (en) Identity authentication method, device and system based on block chain
CN106534047A (en) Information transmitting method and apparatus based on Trust application
CN106603237A (en) Security payment method and apparatus
CN104935430A (en) Processing method and device for client business
KR101323816B1 (en) Method and system for providing authentication service in portable terminal
CN113704742B (en) Method and system for preventing device verification from leaking user privacy

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180202