CN107659581A - A kind of resource transfer method and apparatus - Google Patents
A kind of resource transfer method and apparatus Download PDFInfo
- Publication number
- CN107659581A CN107659581A CN201710996687.2A CN201710996687A CN107659581A CN 107659581 A CN107659581 A CN 107659581A CN 201710996687 A CN201710996687 A CN 201710996687A CN 107659581 A CN107659581 A CN 107659581A
- Authority
- CN
- China
- Prior art keywords
- key
- interface
- resource
- request
- cloud service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of resource transfer method and apparatus.It is related to cloud computing technology;Solve the problems, such as api interface exposure and easily by malicious attack.This method includes:The key parameter of cloud service to be called is obtained from service provider;Resource is asked to the cloud service using the key parameter, so that the cloud service is verified according to the key parameter to originator identity legitimacy.Technical scheme provided by the invention is applied to the safety guarantee to third party's open source calling interface, realizes the protection to application program and data safety.
Description
Technical field
The present invention relates to cloud computing technology, espespecially a kind of resource transfer method and apparatus.
Background technology
Because the api interface that cloud computing service externally provides has leak, service provider allows third party should by web
With Program Interfaces (API) come access application and data.However, many Application developers do not have appropriate guarantor
Protect this access way so that application program and data are in danger, and application program may be inveigled to allow attacker
Pass through API Access customer data.
The content of the invention
In order to solve the above-mentioned technical problem, the invention provides a kind of resource transfer method and apparatus, in interface interchange side
Need during the cloud service resource for calling service provider to provide, it is necessary to first apply for a key to service provider, in calling cloud
Key parameter is passed to during service, the key progress to receiving is required for before each interface method execution of service provider
Match somebody with somebody, the match is successful just allows interface method to perform, and otherwise disregards.Solve api interface exposure and easily by malicious attack
Problem, it is achieved thereby that the protection to application program and data safety.
The invention provides a kind of resource transfer method, including:
The key parameter of cloud service to be called is obtained from service provider;
Resource is asked to the cloud service using the key parameter, so that the cloud service is according to the key parameter pair
Originator identity legitimacy is verified.
Preferably, the step of key parameter that cloud service to be called is obtained from service provider, includes:
Key request is sent to service provider;
Receive the key parameter that the service provider answers the key request to issue.
Preferably, the information for calling the interface used during the cloud service is carried in the key request.
Preferably, the key with calling the interface used during the cloud service to match is included in the key parameter.
Present invention also offers a kind of resource transfer method, including:
The resource request that receiving interface called side is sent, key parameter is carried in the resource request;
The key parameter is matched;
When the match is successful, judge that interface interchange side's identity is legal, it is allowed to call resource in the interface interchange side.
Preferably, the resource request that receiving interface called side is sent, the step of key parameter is carried in the resource request
Before rapid, in addition to:
Receiving interface called side sends key request, is carried in the key request and calls what is used during cloud service to connect
The information of mouth;
The key request is answered, key parameter is issued to the interface interchange side, is included and calling in the key parameter
The key that the interface used during the cloud service matches.
Present invention also offers a kind of resource transfer device, including:
Key Acquisition Module, for obtaining the key parameter of cloud service to be called from service provider;
Resource request module, for asking resource to the cloud service using the key parameter, for the cloud service
Originator identity legitimacy is verified according to the key parameter.
Preferably, the Key Acquisition Module includes:
Key requesting unit, for sending key request to service provider, calling is carried in the key request
The information of the interface used during the cloud service;
Parameter receiving unit, the key parameter for answering the key request to issue for receiving the service provider are described
The key with calling the interface used during the cloud service to match is included in key parameter.
Present invention also offers a kind of resource transfer device, including:
Resource request receiving module, the resource request sent for receiving interface called side, takes in the resource request
Band key parameter;
Authentication module, for being matched to the key parameter;
Interface administration module, for when the match is successful, judging that interface interchange side's identity is legal, it is allowed to the interface
Called side calls resource.
Preferably, the device also includes:
Key request receiving module, key request is sent for receiving interface called side, is carried in the key request
There is the information for calling the interface used during cloud service;
Parameter issues module, and for answering the key request, key parameter, the key are issued to the interface interchange side
The key with calling the interface used during the cloud service to match is included in parameter.
The invention provides a kind of resource transfer method and apparatus, interface interchange side obtains to be called from service provider
Cloud service key parameter, to cloud service ask resource when, using the key parameter, so that the cloud service is according to institute
Key parameter is stated to verify originator identity legitimacy;Accordingly, the resource that cloud service receiving interface called side is sent please
Ask, the key parameter is matched, when the match is successful, judge that interface interchange side's identity is legal, it is allowed to described to connect
Mouth called side calls resource.Solve the problems, such as api interface exposure and easily by malicious attack, it is achieved thereby that to application program and
The protection of data safety.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification
Obtain it is clear that or being understood by implementing the present invention.The purpose of the present invention and other advantages can be by specification, rights
Specifically noted structure is realized and obtained in claim and accompanying drawing.
Brief description of the drawings
Accompanying drawing is used for providing further understanding technical solution of the present invention, and a part for constitution instruction, with this
The embodiment of application is used to explain technical scheme together, does not form the limitation to technical solution of the present invention.
Fig. 1 is a kind of schematic flow sheet for resource transfer method that embodiments of the invention one provide;
Fig. 2 is a kind of structural representation for resource transfer device that embodiments of the invention two provide;
Fig. 3 is the structural representation of Key Acquisition Module 201 in Fig. 2;
Fig. 4 is the structural representation for another resource transfer device that embodiments of the invention two provide;
Fig. 5 is a kind of realization principle schematic diagram for resource transfer method that embodiments of the invention three provide.
Embodiment
For the object, technical solutions and advantages of the present invention are more clearly understood, below in conjunction with accompanying drawing to the present invention
Embodiment be described in detail.It should be noted that in the case where not conflicting, in the embodiment and embodiment in the application
Feature can mutually be combined.
Can be in the computer system of such as one group computer executable instructions the flow of accompanying drawing illustrates the step of
Perform.Also, although logical order is shown in flow charts, in some cases, can be with suitable different from herein
Sequence performs shown or described step.
Because the api interface that cloud computing service externally provides has leak, service provider allows third party should by web
With Program Interfaces (API) come access application and data.However, many Application developers do not have appropriate guarantor
Protect this access way so that application program and data are in danger, and application program may be inveigled to allow attacker
Pass through API Access customer data.
In order to solve the above problems, the embodiment provides a kind of resource transfer method, API external to cloud service
Call safety to be applied with reinforcement measure, for each the interface of cloud service can be called to set a key (to be produced for addition close
Key), interface interchange side is before cloud service is asked, it is necessary first to key is obtained, can be according to the interface assignment being related to when calling with being somebody's turn to do
The key of Interface Matching, incoming key parameter is needed during each calling interface in interface interchange side, each of service provider connects
Mouth method is required for matching the key received before performing, and the match is successful just allows interface method to perform to cloud resource
Call, otherwise disregard.This method can effectively prevent exposed api interface by malicious attack, so as to protect application program
And data safety.
First with reference to accompanying drawing, embodiments of the invention one are illustrated.
The embodiments of the invention provide a kind of resource transfer method, is taken in interface interchange side by third party's interface interchange cloud
During business, by the key authentication interface interchange side identity of service provider's offer, the safety management of external interface is realized, specific stream
Journey as shown in figure 1, including:
Step 101, interface interchange side obtain the key parameter of cloud service to be called from service provider;
This step specifically includes:
1st, interface interchange direction service provider sends key request, is carried in the key request and calls the cloud
The information of the interface used during service;
2nd, service provider's receiving interface called side transmission key request, the key parameter for answering the key request to issue,
The key with calling the interface used during the cloud service to match is included in the key parameter.
3rd, interface interchange side receives the service provider and answers the key parameter that the key request issues.
Preferably, key can use user and password and Key to carry out special encryption, further enhance security.
Step 102, interface interchange side ask resource using the key parameter to the cloud service, for the cloud service
Originator identity legitimacy is verified according to the key parameter;
The resource request that step 103, service provider's receiving interface called side are sent, to key parameter progress
Match somebody with somebody;
Specifically, the interface used when service provider is according to interface interchange side's request call cloud resource, determines the interface
Key, carry out matching with the key carried in resource request and compare.The determining interface called side identity when comparison result is consistent
Legal, this calls safety;Otherwise determining interface called side identity is illegal, calls dangerous.
Step 104, when the match is successful, judge that interface interchange side's identity is legal, it is allowed to the interface interchange side adjust
Use resource.
Accordingly, inconsistent in comparing result, when it fails to match, determining interface called side identity is illegal.It there may be peace
Full sex chromosome mosaicism.Request can be refused or docking port is closed, to ensure quickly to respond to malicious attack.Can also
Send alarm.
Below in conjunction with the accompanying drawings, embodiments of the invention two are illustrated.
The embodiments of the invention provide a kind of resource transfer device, its structure as shown in Fig. 2 including:
Key Acquisition Module 201, for obtaining the key parameter of cloud service to be called from service provider;
Resource request module 202, for asking resource to the cloud service using the key parameter, so that the cloud takes
Business is verified according to the key parameter to originator identity legitimacy.
Preferably, the Key Acquisition Module 201 structure as shown in figure 3, including:
Key requesting unit 2011, for sending key request to service provider, carried in the key request
Call the information of the interface used during the cloud service;
Parameter receiving unit 2012, the key parameter for answering the key request to issue for receiving the service provider,
The key with calling the interface used during the cloud service to match is included in the key parameter.
Resource transfer device as shown in figures 2 and 3, can be integrated in third party entity, need to dispatch cloud clothes in third party
During resource of being engaged in, the security of third party's access is managed.
The embodiment of the present invention additionally provides a kind of resource transfer device, its structure as shown in figure 4, including:
Resource request receiving module 401, the resource request sent for receiving interface called side, in the resource request
Carry key parameter;
Authentication module 402, for being matched to the key parameter;
Interface administration module 403, for when the match is successful, judging that interface interchange side's identity is legal, it is allowed to described
Call resource in interface interchange side.
Preferably, the device also includes:
Key request receiving module 404, key request is sent for receiving interface called side, is taken in the key request
With the information for calling the interface used during cloud service;
Parameter issues module 405, and for answering the key request, key parameter is issued to the interface interchange side, described
The key with calling the interface used during the cloud service to match is included in key parameter.
Resource transfer device as shown in Figure 4, the entity that cloud service resource is provided can be integrated in or pipe is carried out to cloud service
In the entity of reason, corresponding function is realized by the entity.
Below in conjunction with the accompanying drawings, embodiments of the invention three are illustrated.
The embodiments of the invention provide a kind of resource transfer method, it is desirable to which interface interchange side (third party) must be first to service
Provider registers/applied a key by the self-designed algorithm generation of service provider, and interface interchange side (third party) is every
Incoming key parameter is required for during secondary interface interchange, is required for before each interface method execution of service provider to receiving
Key matched, cipher key match success just allow interface method perform, otherwise disregard.Realization principle as shown in figure 5,
Specific implementation process is as follows:
(1) interface interchange side (third party) is needed first to the key of one energy normal use of service provider's application for registration;
(2) key parameter of application is passed to during interface interchange side (third party) each calling interface;
(3) each interface method of service provider matches before execution to the key received, cipher key match
Success just allows interface method to perform, and otherwise disregards.
The embodiment provides a kind of resource transfer method and apparatus, interface interchange side obtains from service provider
The key parameter of cloud service to be called is taken, when asking resource to cloud service, using the key parameter, so that the cloud takes
Business is verified according to the key parameter to originator identity legitimacy;Accordingly, cloud service receiving interface called side is sent
Resource request, the key parameter is matched, when the match is successful, judges that interface interchange side's identity is legal, permit
Perhaps resource is called in described interface interchange side.Solve the problems, such as api interface exposure and easily by malicious attack, it is achieved thereby that corresponding
With the protection of program and data safety.
Key service provider's generation, is provided, the key has only by applying as the interface interchange side of service user
One property and safety guarantee, the other users of no key can not access the interface of service provider's offer, prevent malicious attacker
Cloud resource access rights can not be obtained, significantly increase the security guarantee of api interface.Due to api interface method, and key
Equal service provider provides so that the interface interchange side of unregistered application key be difficult call api interface carry out malicious attack or
Person obtains customer data information.
Although disclosed herein embodiment as above, described content be only readily appreciate the present invention and use
Embodiment, it is not limited to the present invention.Technical staff in any art of the present invention, taken off not departing from the present invention
On the premise of the spirit and scope of dew, any modification and change, but the present invention can be carried out in the form and details of implementation
Scope of patent protection, still should be subject to the scope of the claims as defined in the appended claims.
Claims (10)
- A kind of 1. resource transfer method, it is characterised in that including:The key parameter of cloud service to be called is obtained from service provider;Resource is asked to the cloud service using the key parameter, for the cloud service according to the key parameter to initiating Person's identity legitimacy is verified.
- 2. resource transfer method according to claim 1, it is characterised in that cloud to be called is obtained from service provider The step of key parameter of service, includes:Key request is sent to service provider;Receive the key parameter that the service provider answers the key request to issue.
- 3. resource transfer method according to claim 2, it is characterised in that carried in the key request and call institute State the information of the interface used during cloud service.
- 4. resource transfer method according to claim 3, it is characterised in that in the key parameter include with described in calling The key that the interface used during cloud service matches.
- A kind of 5. resource transfer method, it is characterised in that including:The resource request that receiving interface called side is sent, key parameter is carried in the resource request;The key parameter is matched;When the match is successful, judge that interface interchange side's identity is legal, it is allowed to call resource in the interface interchange side.
- 6. resource transfer method according to claim 5, it is characterised in that the resource that receiving interface called side is sent please Ask, in the resource request carry key parameter the step of before, in addition to:Receiving interface called side sends key request, carries in the key request interface for calling and being used during cloud service Information;Answer the key request, key parameter issued to the interface interchange side, included in the key parameter with described in calling The key that the interface used during cloud service matches.
- A kind of 7. resource transfer device, it is characterised in that including:Key Acquisition Module, for obtaining the key parameter of cloud service to be called from service provider;Resource request module, for using the key parameter to the cloud service ask resource, for the cloud service according to The key parameter is verified to originator identity legitimacy.
- 8. resource transfer device according to claim 7, it is characterised in that the Key Acquisition Module includes:Key requesting unit, for sending key request to service provider, carried in the key request described in calling The information of the interface used during cloud service;Parameter receiving unit, the key parameter for answering the key request to issue for receiving the service provider, the key The key with calling the interface used during the cloud service to match is included in parameter.
- A kind of 9. resource transfer device, it is characterised in that including:Resource request receiving module, the resource request sent for receiving interface called side, is carried close in the resource request Key parameter;Authentication module, for being matched to the key parameter;Interface administration module, for when the match is successful, judging that interface interchange side's identity is legal, it is allowed to the interface interchange Call resource in side.
- 10. resource transfer device according to claim 9, it is characterised in that the device also includes:Key request receiving module, key request is sent for receiving interface called side, tune is carried in the key request The information of the interface used during with cloud service;Parameter issues module, and for answering the key request, key parameter, the key parameter are issued to the interface interchange side In include the key that the interface that uses matches during with calling the cloud service.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710996687.2A CN107659581A (en) | 2017-10-19 | 2017-10-19 | A kind of resource transfer method and apparatus |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710996687.2A CN107659581A (en) | 2017-10-19 | 2017-10-19 | A kind of resource transfer method and apparatus |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107659581A true CN107659581A (en) | 2018-02-02 |
Family
ID=61119342
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710996687.2A Pending CN107659581A (en) | 2017-10-19 | 2017-10-19 | A kind of resource transfer method and apparatus |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107659581A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108418814A (en) * | 2018-02-12 | 2018-08-17 | 广州市贝聊信息科技有限公司 | Interface authentication method, apparatus and computer readable storage medium based on dubbo frames |
CN110995756A (en) * | 2019-12-20 | 2020-04-10 | 广州酷狗计算机科技有限公司 | Method and device for calling service |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102299930B (en) * | 2011-09-19 | 2014-09-10 | 北京无限新锐网络科技有限公司 | Method for ensuring security of client software |
CN105516055A (en) * | 2014-09-23 | 2016-04-20 | 腾讯科技(深圳)有限公司 | Data access method, data access device, target device, and management server |
CN106453519A (en) * | 2016-09-21 | 2017-02-22 | 合网络技术(北京)有限公司 | Interface call method and device |
-
2017
- 2017-10-19 CN CN201710996687.2A patent/CN107659581A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102299930B (en) * | 2011-09-19 | 2014-09-10 | 北京无限新锐网络科技有限公司 | Method for ensuring security of client software |
CN105516055A (en) * | 2014-09-23 | 2016-04-20 | 腾讯科技(深圳)有限公司 | Data access method, data access device, target device, and management server |
CN106453519A (en) * | 2016-09-21 | 2017-02-22 | 合网络技术(北京)有限公司 | Interface call method and device |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108418814A (en) * | 2018-02-12 | 2018-08-17 | 广州市贝聊信息科技有限公司 | Interface authentication method, apparatus and computer readable storage medium based on dubbo frames |
CN110995756A (en) * | 2019-12-20 | 2020-04-10 | 广州酷狗计算机科技有限公司 | Method and device for calling service |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10387639B2 (en) | Apparatus and method for API authentication using two API tokens | |
RU2652425C1 (en) | Payment verification method, device and system | |
US10225246B2 (en) | Certificate acquiring method and device | |
CN109729523B (en) | Terminal networking authentication method and device | |
CN109905350B (en) | Data transmission method and system | |
US20160125180A1 (en) | Near Field Communication Authentication Mechanism | |
CN110278084B (en) | eID establishing method, related device and system | |
TW201729562A (en) | Server, mobile terminal, and internet real name authentication system and method | |
CN108040044A (en) | A kind of management method and system for realizing eSIM card security authentications | |
CN106161028A (en) | Safety chip, communication terminal and the method improving communication security | |
US20140330689A1 (en) | System and Method for Verifying Online Banking Account Identity Using Real-Time Communication and Digital Certificate | |
WO2021088659A1 (en) | Electronic signature loading method and device | |
CN109600337A (en) | Method for processing resource, device, system and computer-readable medium | |
CN107659581A (en) | A kind of resource transfer method and apparatus | |
US20110154436A1 (en) | Provider Management Methods and Systems for a Portable Device Running Android Platform | |
US20220150703A1 (en) | Asserting user, app, and device binding in an unmanaged mobile device | |
US10972605B2 (en) | Signature based communication authentication | |
US9462471B2 (en) | Identification of call participants | |
CN110830264B (en) | Service data verification method, server, client and readable storage medium | |
CN115879074A (en) | Identity authentication method, device and system based on block chain | |
CN106534047A (en) | Information transmitting method and apparatus based on Trust application | |
CN106603237A (en) | Security payment method and apparatus | |
CN104935430A (en) | Processing method and device for client business | |
KR101323816B1 (en) | Method and system for providing authentication service in portable terminal | |
CN113704742B (en) | Method and system for preventing device verification from leaking user privacy |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180202 |