CN109120631B - Function calling system, method, device and storage medium - Google Patents

Function calling system, method, device and storage medium Download PDF

Info

Publication number
CN109120631B
CN109120631B CN201811023798.6A CN201811023798A CN109120631B CN 109120631 B CN109120631 B CN 109120631B CN 201811023798 A CN201811023798 A CN 201811023798A CN 109120631 B CN109120631 B CN 109120631B
Authority
CN
China
Prior art keywords
functional component
function calling
function
domain
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811023798.6A
Other languages
Chinese (zh)
Other versions
CN109120631A (en
Inventor
陈格生
黄春华
蒋瑞欢
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Keda Technology Co Ltd
Original Assignee
Suzhou Keda Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Keda Technology Co Ltd filed Critical Suzhou Keda Technology Co Ltd
Priority to CN201811023798.6A priority Critical patent/CN109120631B/en
Publication of CN109120631A publication Critical patent/CN109120631A/en
Application granted granted Critical
Publication of CN109120631B publication Critical patent/CN109120631B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 

Abstract

The application relates to a function calling system, a method, a device and a storage medium, belonging to the technical field of communication, wherein the system comprises: n-level service domains, wherein at least one service domain comprises m platform domains; each platform domain includes at least one functional component; the first functional component generates verification information according to the current first moment; encrypting the function calling parameter according to the verification information, and generating a function calling request according to the first moment and the encrypted function calling parameter; sending a function call request to the second functional component; the second functional component acquires a function calling request; determining whether the function calling request is valid according to the first moment; when the function calling request is valid, decrypting the encrypted function calling parameter according to the first moment, and executing corresponding calling operation according to the decrypted function calling parameter; the verification efficiency of the first function component can be improved, the safety of the function calling request in different network transmission processes can be improved, and the forwarding problem of the function calling request can be solved.

Description

Function calling system, method, device and storage medium
Technical Field
The application relates to a function calling system, a method, a device and a storage medium, belonging to the technical field of communication.
Background
Distributed systems refer to systems that utilize high-speed computer networks to connect physically distributed functional components together into a logical unity. The distributed system is composed of a plurality of service domains of a hierarchy, and each service domain can be clustered by a plurality of platform domains to provide services for users. Each platform domain may include at least one functional component, and different functional components may be invoked with each other throughout the distributed system.
When different functional components are called each other, the calling may be implemented by calling an Application Programming Interface (API) point to point. Such as: the first functional component enables calling the second functional component by calling an API of the second functional component. In this case, when the first functional component calls the second functional component, the second functional component needs to authorize the first functional component.
Currently, the second functional component authorizes the first functional component in a centralized authorization manner. Namely, the legitimacy of the call request sent by each first functional component is verified through the authentication center; the first functional component is allowed to call the second functional component only if the call request is legitimate.
However, as the number of the first functional components increases, the workload of the authentication center also increases; and as the load on the authentication center increases, the efficiency of processing the authorization decreases. In addition, the function call request may be captured, tampered, imitated by a malicious person in the network transmission process, and frequently sent by the malicious person many times to attack the second functional component, thereby compromising the system data security.
Disclosure of Invention
The application provides a function calling system, a function calling method, a function calling device and a storage medium, which can solve the problems of large workload, low efficiency and low safety when the authentication center uniformly verifies the validity of verification requests sent by various first functional components. The application provides the following technical scheme:
in a first aspect, a function calling system is provided, where the system includes n-level service domains, where at least one service domain includes m platform domains, and n is a positive integer; m is an integer greater than or equal to 0; each platform domain includes at least one functional component;
the first functional component is used for generating verification information according to the current first moment; encrypting a function calling parameter according to the verification information; generating a function calling request according to the first moment and the encrypted function calling parameters; sending the function calling request to a second functional component;
the second functional component is used for acquiring the function calling request; determining whether the function calling request is valid according to the first moment; and when the function calling request is effective, decrypting the encrypted function calling parameter according to the first moment, and executing corresponding calling operation according to the decrypted function calling parameter.
Optionally, the first functional component and the second functional component belong to different platform domains in the same service domain; alternatively, the first and second electrodes may be,
the first functional component and the second functional component belong to the same platform domain in the same service domain; alternatively, the first and second electrodes may be,
the first functional component belongs to a first service domain, and the second functional component belongs to a second service domain; the first functional component and the second functional component belong to the same platform domain, and the platform domain belongs to the first service domain or the second service domain; alternatively, the first and second electrodes may be,
the first functional component belongs to a first service domain, and the second functional component belongs to a second service domain; the first functional component and the second functional component belong to different platform domains, the different platform domains belong to the first service domain or belong to the second service domain; alternatively, the first and second electrodes may be,
the first functional component belongs to a first platform domain in a first service domain and the second functional component belongs to a second platform domain in a second service domain.
Optionally, the platform domain to which the first functional component belongs further includes a first forwarding component, and the first forwarding component establishes a communication connection with the second functional component; the first functional component is used for sending the function calling request to the second functional component through the first forwarding component;
alternatively, the first and second electrodes may be,
the platform domain to which the first functional component belongs further comprises a first forwarding component, the platform domain to which the second functional component belongs further comprises a second forwarding component, and the first forwarding component and the second forwarding component establish communication connection; the first functional component is used for sending the function calling request to the second forwarding component through the first forwarding component; and the second forwarding component is used for sending the function calling request to the second functional component.
Optionally, the network to which the first functional component is connected is different from the network to which the second functional component is connected.
Optionally, the second functional component is configured to:
detecting whether the time difference between the second moment when the function calling request is received and the first moment is less than or equal to a duration threshold value or not;
and when the time difference is smaller than or equal to the time length threshold, determining that the function calling request is valid, decrypting the function calling parameter, triggering and executing the steps of decrypting the encrypted function calling parameter according to the first moment and executing corresponding calling operation according to the decrypted function calling parameter.
Optionally, the verification information further includes an encryption key, and the second functional component is further configured to:
detecting whether the encrypted function calling parameter encrypted by the encryption key and the first moment can be decrypted;
and when the encrypted function calling parameter can be decrypted and the time difference is less than or equal to the time length threshold, determining that the function calling request is valid, triggering and executing the steps of decrypting the encrypted function calling parameter according to the first time and executing corresponding calling operation according to the decrypted function calling parameter.
In a second aspect, a function calling method is provided, for use in a first functional component of a platform domain, where the platform domain is one of m platform domains included in at least one service domain in an n-level service domain; n is a positive integer, and m is an integer greater than or equal to 0; the method comprises the following steps:
generating verification information according to the current first moment;
encrypting a function calling parameter according to the verification information;
generating a function calling request according to the first moment and the encrypted function calling parameters;
and sending the function calling request to a second functional component, wherein the function calling request is used for determining whether the function calling request is valid according to the first moment by the second functional component, decrypting the encrypted function calling parameter according to the first moment when the function calling request is valid, and executing corresponding calling operation according to the decrypted function calling parameter.
In a third aspect, a function calling method is provided, for use in a second functional component of a platform domain, where the platform domain is one of m platform domains included in at least one service domain in an n-level service domain; n is a positive integer, and m is an integer greater than or equal to 0; the method comprises the following steps:
acquiring a function calling request sent by a first function component; the function calling request is generated by the first functional component according to the verification information and the encrypted function calling parameter; the verification information is generated according to a first moment, and the encrypted function calling parameter is obtained by encrypting the function calling parameter according to the verification information;
determining whether the function calling request is valid according to the first moment indicated by the verification information in the function calling request;
when the function calling request is valid, decrypting the encrypted function calling parameter according to the verification information;
and executing corresponding calling operation according to the decrypted function calling parameter.
In a fourth aspect, a function invoking apparatus is provided, configured to be used in a first functional component of a platform domain, where the platform domain is one of m platform domains included in at least one service domain in an n-class service domain; n is a positive integer, and m is an integer greater than or equal to 0; the device comprises:
the information generation module is used for generating verification information according to the current first moment;
the information encryption module is used for encrypting the function calling parameter according to the verification information;
the request generation module is used for generating a function calling request according to the verification information and the encrypted function calling parameters;
and the request sending module is used for sending the function calling request to a second functional component, wherein the function calling request is used for determining whether the function calling request is valid according to the first moment by the second functional component, decrypting the encrypted function calling parameter according to the first moment when the function calling request is valid, and executing corresponding calling operation according to the decrypted function calling parameter.
In a fifth aspect, a function calling apparatus is provided, for use in a second functional component of a platform domain, where the platform domain is one of m platform domains included in at least one service domain in an n-level service domain; n is a positive integer, and m is an integer greater than or equal to 0; the device comprises:
the request acquisition module is used for acquiring a function calling request sent by the first functional component; the function calling request is generated by the first functional component according to the verification information and the encrypted function calling parameter; the verification information is generated according to a first moment, and the encrypted function calling parameter is obtained by encrypting the function calling parameter according to the verification information;
the information verification module is used for determining whether the function calling request is valid according to the first moment indicated by the verification information in the function calling request;
the information decryption module is used for decrypting the encrypted function calling parameters according to the verification information when the function calling request is valid;
and the operation execution module is used for executing corresponding calling operation according to the function calling request and the decrypted function calling parameter when the function calling request is valid.
In a sixth aspect, a function invocation apparatus is provided, the apparatus including a processor and a memory; the memory stores therein a program that is loaded and executed by the processor to implement the function call method of the second aspect; or, implementing the function call method of the third aspect.
A seventh aspect provides a computer-readable storage medium in which a program is stored, the program being loaded and executed by the processor to implement the function call method of the second aspect; or, implementing the function call method of the third aspect.
The beneficial effect of this application lies in: generating verification information according to the current first moment by the first functional component; encrypting the function calling parameter according to the verification information to generate a function calling request; sending a function call request to the second functional component; acquiring a function call request by the second functional component; determining whether the function calling request is valid according to the first moment indicated by the verification information in the function calling request; when the function calling request is valid, decrypting the function calling parameter, and executing corresponding calling operation according to the function calling request and the decrypted function calling parameter; in the network transmission process of the calling request from the first functional component to the second functional component, the function calling parameter is always in an encrypted state, so that the possibility that calling parameter information is falsified and imitated in the transmission process is prevented, and the safety problem of the calling request in different network transmission processes can be solved; the second functional component carries out timeliness verification on the calling request, so that the problem that the same calling request is repeatedly sent for many times is prevented, the system can be prevented from being attacked, and the safety of system data can be ensured; the problems of large workload and low efficiency when the authentication center uniformly verifies the validity of the verification requests sent by the first functional components can be solved; the second functional assembly can determine whether the function calling request is valid according to the first moment in the function calling request, so that the authentication center does not need to be configured to verify the first functional assembly, a decentralized verification mode is realized, and the verification efficiency of the first functional assembly can be improved.
The foregoing description is only an overview of the technical solutions of the present application, and in order to make the technical solutions of the present application more clear and clear, and to implement the technical solutions according to the content of the description, the following detailed description is made with reference to the preferred embodiments of the present application and the accompanying drawings.
Drawings
Fig. 1 is a schematic structural diagram of a function call system according to an embodiment of the present application;
FIG. 2 is a diagram illustrating a function call scenario provided by an embodiment of the present application;
FIG. 3 is a diagram illustrating a function call scenario provided by another embodiment of the present application;
FIG. 4 is a diagram illustrating a function call scenario provided by another embodiment of the present application;
FIG. 5 is a diagram illustrating a function call scenario provided by another embodiment of the present application;
FIG. 6 is a diagram illustrating a function call scenario provided by another embodiment of the present application;
FIG. 7 is a diagram illustrating a function call scenario provided by another embodiment of the present application;
FIG. 8 is a diagram illustrating a function call scenario provided by another embodiment of the present application;
FIG. 9 is a diagram illustrating a function call method according to an embodiment of the present application;
FIG. 10 is a flow diagram of a method for function invocation provided by one embodiment of the present application;
FIG. 11 is a flow diagram of a method for function invocation provided by another embodiment of the present application;
FIG. 12 is a block diagram of a function calling device provided by one embodiment of the present application;
FIG. 13 is a block diagram of a function invocation device provided in one embodiment of the present application;
fig. 14 is a block diagram of a function calling device according to an embodiment of the present application.
Detailed Description
The following detailed description of embodiments of the present application will be described in conjunction with the accompanying drawings and examples. The following examples are intended to illustrate the present application but are not intended to limit the scope of the present application.
The function calling system provided by the application can be applied to a video conference scene, a bank deposit and management scene, an electronic commerce scene and the like, and the application scene of the function calling system is not limited in the embodiment.
Fig. 1 is a schematic structural diagram of a function call system according to an embodiment of the present application, and as shown in fig. 1, the system at least includes: the n-class service domain 120, n is a positive integer (in fig. 1, n is illustrated as 3).
The n-tier service domain 120 is a cluster of platform domains that logically divides one or more platform domains. The service domain 120 of the first of the n-level service domains 120 is a core domain. The core domain may be considered as a special service domain 120, i.e. the top level service domain of the n-level service domain 120. Optionally, there is at least one service domain 120 that also includes a user domain. The user domain refers to users having the same attribute, and is a logical concept. Users in the same user domain may have unified administrative and setup rights. Such as: the user domain is composed of users in a company, the user domain has the same available service or authority, and the administrator of the user domain can manage all the users in the user domain.
The core domain is communicatively coupled to at least one second level service domain 120, each second level service domain 120 is communicatively coupled to at least one third level service domain 120, … … and so on, and each nth-1 level service domain 120 is communicatively coupled to at least one nth level service domain 120.
There is at least one service domain 120 including m platform domains, m being an integer greater than or equal to 0. The platform domain includes at least one functional component.
Wherein a functional component is a component into which one or more applications are logically divided by function. Optionally, each functional component may provide at least one function; different functional components may belong to the same application; or may belong to a different application. Alternatively, the functional components may be implemented as hardware, software, or a combination of hardware and software components. The functional component is a component of an application layer (or a business layer), and the functional component is used for providing application services for a user, such as: provide function call services, and the like.
Illustratively, assume that the platform domain includes a first functional component and a second functional component, and the first functional component requests to invoke the second functional component.
The first functional component is used for generating verification information according to the current first moment; encrypting the function call parameter according to the verification information; generating a function calling request according to the first moment and the encrypted function calling parameter; sending a function call request to the second functional component;
the second functional component is used for acquiring a function calling request; determining whether the function calling request is valid according to the first moment; and when the function calling request is effective, decrypting the encrypted function calling parameter according to the first moment, and executing corresponding calling operation according to the decrypted function calling parameter.
The second functional component carries out timeliness verification on the calling request, so that the problem that the same calling request is repeatedly sent for many times is prevented, the system can be prevented from being attacked, and the safety of system data can be ensured; the problems of large workload and low efficiency when the authentication center uniformly verifies the validity of the verification requests sent by the first functional components can be solved; the second functional assembly can determine whether the function calling request is valid according to the first moment in the function calling request, so that the authentication center does not need to be configured to verify the first functional assembly, a decentralized verification mode is realized, and the verification efficiency of the first functional assembly can be improved.
Optionally, the calling scenario in which the first functional component calls the second functional component includes, but is not limited to, the following:
the first method comprises the following steps: referring to fig. 2, a first functional component 201 and a second functional component 202 belong to different platform domains 204 in the same service domain 203. At this time, the first functional component 201 calls an Application Programming Interface (API) corresponding to the second functional component 202 to implement the call to the second functional component 202.
And the second method comprises the following steps: referring to fig. 3, a first functional component 301 and a second functional component 302 belong to the same platform domain 304 in the same service domain 303. At this time, the first functional component 301 calls an Application Programming Interface (API) corresponding to the second functional component 302 to implement the call to the second functional component 302.
And the third is that: referring to fig. 4, a first functional component 401 belongs to a first service domain 402, and a second functional component 403 belongs to a second service domain 404; the first functional component 401 and the second functional component 403 belong to the same platform domain 405. The platform domain 405 belongs to the first service domain 402 or to the second service domain 404.
At this time, if the platform domain 405 belongs to the first service domain 402, the second functional component 403 is a virtual module in the second service domain 404, that is, the second service domain 404 virtually calls the platform domain 405 in the first service domain 402, so as to implement virtual calling of the second functional component 403; if the platform domain 405 belongs to the second service domain 404, the first functional component 401 is a virtual module in the first service domain 402, that is, the first service domain 402 virtually calls the platform domain 405 in the second service domain 404, thereby implementing virtual calling of the first functional component 401. This call scenario is the same as the second call scenario.
And fourthly: referring to fig. 5, a first functional component 501 belongs to a first service domain 502, and a second functional component 503 belongs to a second service domain 504; the first functional component 501 and the second functional component 502 belong to different platform domains 505, and the different platform domains 505 belong to a first service domain or belong to a second service domain.
At this time, if a different platform domain 505 belongs to the first service domain 502, the second functional component 503 is a virtual module in the second service domain 504, that is, the second service domain 504 virtually calls the platform domain 505 to which the second functional component 503 belongs in the first service domain 502, thereby implementing virtual calling of the second functional component 503; if a different platform domain 505 belongs to the second service domain 504, the first functional component 501 is a virtual module in the first service domain 502, that is, the first service domain 502 virtually calls the platform domain 505 belonging to the first functional component 501 in the second service domain 504, thereby implementing virtual calling of the second functional component 503. This calling scenario is the same as the first calling scenario.
And a fifth mode: referring to FIG. 6, a first functional component 601 belongs to a first platform domain 603 in a first service domain 602; the second functional component 604 belongs to a second platform domain 606 in a second service domain 605. At this time, the first functional component 601 may call an API corresponding to the second functional component 604 in the second platform domain 606 to implement the call to the second functional component 604.
According to the five scenarios, the scenario in which the first functional component calls the second functional component can be summarized as the following two scenarios:
the first method comprises the following steps: referring to fig. 7, a first functional component and a second functional component belong to the same platform domain; and the second method comprises the following steps: referring to fig. 8, the first functional component and the second functional component belong to different platform domains.
In the above calling scenario, the network to which the first functional component is connected is the same as or different from the network to which the second functional component is connected.
Optionally, when the network connected to the first functional component is the same as the network connected to the second functional component, the first functional component may directly communicate with the second functional component, so as to implement transmission of the function call request.
Optionally, when the network to which the first functional component is connected is different from the network to which the second functional component is connected, the function call request needs to be forwarded between the first functional component and the second functional component through at least one forwarding component.
Optionally, the forwarding component may obtain basic data of the function call system, where the basic data is data used when the function call system is deployed, such as: internet Protocol addresses (IP addresses) of the service domains 120, hierarchical relationships between the service domains 120, and the like, and the forwarding component can establish communication connection according to its own basic data. Forwarding components are distinct from functional components, forwarding components are network-level components, and forwarding components are used for data transmission across a network, such as: the function call request is transmitted across the network.
Referring to the transmission diagram of the function call request shown in fig. 9, it is assumed that a first functional component 901 in the platform domain 1 needs to call a second functional component 902 in the platform domain 2, a network to which the first functional component 901 is connected is a local area network 1, and a network to which the second functional component 902 is connected is a local area network 2, at this time, the first functional component 901 and the second functional component 902 cannot directly communicate, and forwarding of the first forwarding component 903 and the second forwarding component 904 is needed to implement communication.
Referring to fig. 9, after the first functional component 901 generates the function call request, the manner of forwarding the function call request includes, but is not limited to, the following:
first (refer to path 1 in fig. 9): the platform domain to which the first functional component 901 belongs further comprises a first forwarding component 903, and the platform domain to which the second functional component 902 belongs further comprises a second forwarding component 904. The first forwarding component 903 in platform domain 1 communicates directly with the second forwarding component 904 in platform domain 2. The first forwarding component and the second forwarding component may be hardware, software, or a combination of hardware and software when actually implemented. At this point, the first forwarding component 903 forwards the function call request directly to the second forwarding component 904, which is forwarded by the second forwarding component 904 to the second functional component 902.
Second (refer to path 2 in fig. 9): the platform domain to which the first functional component 901 belongs further comprises a first forwarding component 903, and the platform domain to which the second functional component 902 belongs further comprises a second forwarding component 904. A first forwarding component 903 in platform domain 1 communicates with a second forwarding component 904 in platform domain 2 through a forwarding component in the core platform domain. At this point, the first forwarding component 903 forwards the function call request to the forwarding component in the core platform domain, and the forwarding component forwards the function call request to the second forwarding component 904, and then the second forwarding component 904 forwards the function call request to the second functional component 902.
Third (refer to path 3 in fig. 9): the platform domain to which the first functional component 901 belongs further comprises a first forwarding component 903, and the first forwarding component 903 and the second functional component 902 establish a communication connection. At this time, the first functional component 901 sends a function call request to the second functional component 902 through the first forwarding component 903.
Of course, the forwarding manner of the function call request may also include other manners, such as: the first functional component 901 forwards the function call request to the forwarding component in the core platform domain through the first forwarding component 903, and then forwards the function call request to the second functional component 902 through the forwarding component in the core platform domain.
Optionally, in this embodiment, communication connection is established between the upper and lower platform domains in a wired or wireless manner.
Fig. 10 is a flowchart of a function calling method according to an embodiment of the present application, and this embodiment explains an example in which the method is applied to the function calling system shown in fig. 1. The method at least comprises the following steps:
1001, a first functional component generates verification information according to a current first moment; encrypting the function call parameter according to the verification information; generating a function calling request according to the first moment and the encrypted function calling parameter; a function call request is sent to the second functional component.
In one example, the first functional component splices the first time and a pre-stored encryption key to obtain the verification information. At the moment, the first function component encrypts the function calling request by using the first moment and the encryption key to obtain encrypted function calling parameters; and then, carrying the first time and the encrypted function calling parameters in the function calling request.
In another example, the first functional component takes the first time as the verification information. At the moment, the first function component encrypts the function calling request at the first moment to obtain an encrypted function calling parameter; and then, carrying the first time and the encrypted function calling parameters in the function calling request.
Of course, the first functional component may also generate the verification information and the function call request in other manners, which is not described in detail herein.
Step 1002, a second functional component acquires a function calling request; determining whether the function calling request is valid according to the first moment; and when the function calling request is effective, decrypting the encrypted function calling parameter according to the first moment, and executing corresponding calling operation according to the decrypted function calling parameter.
Optionally, the second functional component determines whether the function call request is valid according to the first time, including but not limited to the following implementation manners:
the first mode is as follows: the second functional component detects whether the time difference between the second moment when the function calling request is received and the first moment is less than or equal to a duration threshold value; when the time difference is smaller than or equal to the time length threshold, determining that the function calling request is valid; and when the time difference is larger than the duration threshold, determining that the function calling request is invalid.
The duration threshold is the maximum duration from the time when the first functional component sends the function call request to the time when the second functional component receives the function call request. Therefore, if the verification information is intercepted by a malicious person and forwarded to the second functional component, the time difference between the second moment and the first moment is larger than the time length threshold value and is not effective any more because the forwarding process of the verification information passes the process of acquiring and retransmitting by the malicious person. The duration threshold may be set by a developer according to an empirical value, and different forwarding paths (refer to 3 paths in fig. 9) of the function call request may correspond to different duration thresholds, and the value of the duration threshold is not limited in this embodiment, for example: the duration threshold may be 0.5s, 0.3s, etc.
In a second manner, the verifying information further includes an encryption key, and the determining, by the second functional component, whether the function call request is valid according to the first time includes: detecting whether the encrypted function calling parameter encrypted by the encryption key and the first moment can be decrypted or not, and detecting whether the time difference between the second moment when the function calling request is received and the first moment is less than or equal to a duration threshold or not; when the encrypted function calling parameter can be decrypted and the time difference between the second moment and the first moment when the function calling request is received is less than or equal to the time length threshold value, determining that the function calling request is valid; and when the encrypted function calling parameter cannot be decrypted or the time difference between the second moment and the first moment is greater than the duration threshold, determining that the function calling request is invalid.
Detecting whether the encrypted function calling parameter can be decrypted, comprising: and decrypting the encrypted function calling parameter by using the decryption key corresponding to the first time and the encryption key.
Wherein, the encryption key and the decryption key can be the same; alternatively, the present embodiment may be different, and this is not limited to this.
Optionally, when the second functional component determines that the function call request is invalid, an authentication failure notification may be returned to the first functional component, where the authentication failure notification is used to notify the first functional component that the function call request is invalid.
Optionally, after the second functional component executes the corresponding call operation according to the function call parameter, the operation result may also be returned to the first functional component. The operation result is used to indicate whether the call operation was successful.
Optionally, when the function request is valid, the second functional component decrypts the encrypted function call parameter according to the first time, including but not limited to the following cases:
in the first case: the encrypted function calling parameter is encrypted by the first time and a pre-stored encryption key, and the second functional component decrypts the encrypted function calling parameter by using a decryption key corresponding to the first time and the encryption key.
In the second case: the encrypted function call parameter is encrypted at the first time, and the second functional component decrypts the encrypted function call parameter by using the first time.
Optionally, the function call parameters include, but are not limited to: the function type and/or the function calling time period, and of course, the function calling parameter may also include other contents, which are not listed here. The second functional component executes corresponding calling operation according to the decrypted function calling parameter, and the method comprises the following steps: the second functional component calls the function type indicated by the function calling parameter; and/or the second functional component calls the function within the function call time period indicated by the function call parameter.
In summary, in the function call method provided in this embodiment, the first functional component generates the verification information according to the current first time; encrypting the function call parameter according to the verification information; generating a function calling request according to the first moment and the encrypted function calling parameter; sending a function call request to the second functional component; acquiring a function call request by the second functional component; determining whether the function calling request is valid according to the first moment; when the function calling request is valid, decrypting the function calling parameter according to the first moment, and executing corresponding calling operation according to the decrypted function calling parameter; in the network transmission process of the calling request from the first functional component to the second functional component, the function calling parameter is always in an encrypted state, so that the possibility that calling parameter information is falsified and imitated in the transmission process is prevented, and the safety problem of the calling request in different network transmission processes can be solved; in addition, the second functional component carries out timeliness verification on the calling request, so that the problem that the same calling request is repeatedly sent for multiple times is prevented, the system can be prevented from being attacked, and the safety of system data can be ensured; the problems of large workload and low efficiency when the authentication center uniformly verifies the legality of the verification request sent by each first functional component can be solved; the second functional assembly can determine whether the function calling request is valid according to the first moment in the function calling request, so that the authentication center does not need to be configured to verify the first functional assembly, a decentralized verification mode is realized, and the verification efficiency of the first functional assembly can be improved.
Optionally, based on the above embodiment, the first functional component may forward the function call request to the second functional component through at least one forwarding component.
Fig. 11 is a flowchart of a function calling method according to an embodiment of the present application, where the method is applied to the function calling system shown in fig. 1, and a platform domain to which a first functional component belongs includes a first forwarding component, a platform domain to which a second functional component belongs includes a second forwarding component, and a communication connection is established between the first forwarding component and the second forwarding component in this embodiment. After step 1001, the method further comprises the following steps:
in step 1101, the first forwarding component obtains a function call request, and sends the function call request to the second forwarding component.
And a communication connection is pre-established between the first forwarding assembly and the second forwarding assembly.
Alternatively, the first forwarding component and the second functional component may communicate directly without performing this step.
In step 1102, the second forwarding component sends the function call request to the second functional component, and performs step 1002.
Optionally, after the second functional component executes the corresponding call operation according to the function call request and the function call parameter, the second functional component may further send the operation result to the first functional component through the second forwarding component and the first forwarding component.
In this embodiment, by setting at least one forwarding component to request for function invocation and establishing communication connection between the at least one forwarding component, the problem that the function invocation request cannot be forwarded due to the fact that a network connected with a first function component is different from a network connected with a second function component can be avoided; cross-network transmission of function call requests may be implemented.
The foregoing embodiment only schematically illustrates the forwarding process of the function call request, and in actual implementation, the forwarding path of the function call request may also be other paths, such as: path 2 or path 3 in fig. 9, etc., the present embodiment does not limit the forwarding process of the function call request.
Fig. 12 is a block diagram of a function invocation apparatus provided in an embodiment of the present application, where the apparatus is applied to a first functional component of a platform domain in the function invocation system shown in fig. 1, where the platform domain is one of m platform domains included in at least one service domain in an n-class service domain; n is a positive integer, and m is an integer greater than or equal to 0; the device at least comprises the following modules: an information generating module 1210, an information encrypting module 1220, a request generating module 1230, and a request transmitting module 1240.
An information generating module 1210 for generating verification information according to a current first time;
an information encryption module 1220, configured to encrypt a function call parameter according to the verification information;
a request generating module 1230, configured to generate a function call request according to the verification information and the encrypted function call parameter;
a request sending module 1240, configured to send the function call request to a second function component, where the function call request is used for the second function component to determine whether the function call request is valid according to the first time, and when the function call request is valid, decrypt the encrypted function call parameter according to the first time, and execute a corresponding call operation according to the decrypted function call parameter.
For relevant details reference is made to the above-described method embodiments.
Fig. 13 is a block diagram of a function invocation apparatus according to an embodiment of the present application, where the apparatus is applied to a second functional component of a platform domain in the function invocation system shown in fig. 1, where the platform domain is one of m platform domains included in at least one service domain in an n-class service domain; n is a positive integer, and m is an integer greater than or equal to 0; the device comprises: a request acquisition module 1310, an information verification module 1320, an information decryption module 1330, and an operation execution module 1340.
A request obtaining module 1310, configured to obtain a function call request sent by a first function component; the function calling request is generated by the first functional component according to the verification information and the encrypted function calling parameter; the verification information is generated according to a first moment, and the encrypted function calling parameter is obtained by encrypting the function calling parameter according to the verification information;
an information verification module 1320, configured to determine whether the function call request is valid according to the first time indicated by the verification information in the function call request;
an information decryption module 1330, configured to decrypt the encrypted function call parameter according to the verification information when the function call request is valid;
the operation executing module 1340 is configured to, when the function calling request is valid, execute a corresponding calling operation according to the function calling request and the decrypted function calling parameter.
For relevant details reference is made to the above-described method embodiments.
It should be noted that: in the function invoking device provided in the above embodiments, only the division of the above functional components is taken as an example when the function is invoked, and in practical applications, the function allocation may be completed by different functional components as needed, that is, the internal structure of the function invoking device is divided into different functional components to complete all or part of the functions described above. In addition, the function calling device and the function calling method provided by the above embodiments belong to the same concept, and specific implementation processes thereof are detailed in the method embodiments and are not described herein again.
FIG. 14 is a block diagram of a function invocation apparatus, which may be a core domain in the function invocation system shown in FIG. 1, according to an embodiment of the present application; alternatively, it may be a platform domain. The apparatus includes at least a processor 1401 and a memory 1402.
Processor 1401 may include one or more processing cores, such as: 4 core processors, 14 core processors, etc. The processor 1401 may be implemented in at least one hardware form of DSP (Digital Signal Processing), FPGA (Field-Programmable Gate Array), and PLA (Programmable Logic Array). Processor 1401 may also include a main processor and a coprocessor, where the main processor is a processor for Processing data in an awake state, and is also referred to as a Central Processing Unit (CPU); a coprocessor is a low power processor for processing data in a standby state.
Memory 1402 may include one or more computer-readable storage media, which may be non-transitory. Memory 1402 may also include high speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In some embodiments, a non-transitory computer readable storage medium in memory 1402 is used to store at least one instruction for execution by processor 1401 to implement the function call method provided by the method embodiments herein.
In some embodiments, the function calling device may further include: a peripheral interface and at least one peripheral. The processor 1401, the memory 1402 and the peripheral interface may be connected by a bus or signal lines. Each peripheral may be connected to the peripheral interface via a bus, signal line, or circuit board. Illustratively, peripheral devices include, but are not limited to: radio frequency circuitry, power supplies, and the like.
Of course, the function calling device may also include fewer or more components, which is not limited in this embodiment.
Optionally, the present application further provides a computer-readable storage medium, in which a program is stored, and the program is loaded and executed by a processor to implement the function calling method of the above-mentioned method embodiment.
Optionally, the present application further provides a computer product, which includes a computer-readable storage medium, in which a program is stored, and the program is loaded and executed by a processor to implement the function calling method of the above-mentioned method embodiment.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. A function calling system, characterized in that, the system comprises n-level service domains, at least one service domain comprises m platform domains, n is a positive integer; m is an integer greater than or equal to 0; each platform domain includes at least one functional component;
the first functional component is used for generating verification information according to the current first moment; encrypting a function calling parameter according to the verification information; generating a function calling request according to the first moment and the encrypted function calling parameters; sending the function calling request to a second functional component;
the second functional component is used for acquiring the function calling request; determining whether the function calling request is valid according to the first moment; and when the function calling request is effective, decrypting the encrypted function calling parameter according to the first moment, and executing corresponding calling operation according to the decrypted function calling parameter.
2. The system of claim 1,
the first functional component and the second functional component belong to different platform domains in the same service domain; alternatively, the first and second electrodes may be,
the first functional component and the second functional component belong to the same platform domain in the same service domain; alternatively, the first and second electrodes may be,
the first functional component belongs to a first service domain, and the second functional component belongs to a second service domain; the first functional component and the second functional component belong to the same platform domain, and the platform domain belongs to the first service domain or the second service domain; alternatively, the first and second electrodes may be,
the first functional component belongs to a first service domain, and the second functional component belongs to a second service domain; the first functional component and the second functional component belong to different platform domains, the different platform domains belong to the first service domain or belong to the second service domain; alternatively, the first and second electrodes may be,
the first functional component belongs to a first platform domain in a first service domain and the second functional component belongs to a second platform domain in a second service domain.
3. The system of claim 1,
the platform domain to which the first functional component belongs further comprises a first forwarding component, and the first forwarding component and the second functional component are established with communication connection; the first functional component is used for sending the function calling request to the second functional component through the first forwarding component;
alternatively, the first and second electrodes may be,
the platform domain to which the first functional component belongs further comprises a first forwarding component, the platform domain to which the second functional component belongs further comprises a second forwarding component, and the first forwarding component and the second forwarding component establish communication connection; the first functional component is used for sending the function calling request to the second forwarding component through the first forwarding component; and the second forwarding component is used for sending the function calling request to the second functional component.
4. The system of claim 3, wherein the network to which the first functional component is connected is different from the network to which the second functional component is connected.
5. The system according to any one of claims 1 to 4, wherein the second functional component is configured to:
detecting whether the time difference between the second moment when the function calling request is received and the first moment is less than or equal to a duration threshold value or not;
and determining that the function calling request is valid when the time difference is smaller than or equal to the time length threshold, triggering and executing the steps of decrypting the encrypted function calling parameter according to the first time and executing corresponding calling operation according to the decrypted function calling parameter.
6. The system of claim 5, wherein the authentication information further comprises an encryption key, and wherein the second functional component is further configured to:
detecting whether the encrypted function calling parameter encrypted by the encryption key and the first moment can be decrypted;
and determining that the function calling request is valid when the encrypted function calling parameter can be decrypted and the time difference is less than or equal to the time length threshold, triggering and executing the steps of decrypting the encrypted function calling parameter according to the first time and executing corresponding calling operation according to the decrypted function calling parameter.
7. A function calling method is used in a first function component of a platform domain, wherein the platform domain is one of m platform domains included in at least one service domain in n-level service domains; n is a positive integer, and m is an integer greater than or equal to 0; the method comprises the following steps:
generating verification information according to the current first moment;
encrypting a function calling parameter according to the verification information;
generating a function calling request according to the first moment and the encrypted function calling parameters;
and sending the function calling request to a second functional component, wherein the function calling request is used for determining whether the function calling request is valid according to the first moment by the second functional component, decrypting the encrypted function calling parameter according to the first moment when the function calling request is valid, and executing corresponding calling operation according to the decrypted function calling parameter.
8. A function calling method is used in a second functional component of a platform domain, wherein the platform domain is one of m platform domains included in at least one service domain in n-level service domains; n is a positive integer, and m is an integer greater than or equal to 0; the method comprises the following steps:
acquiring a function calling request sent by a first function component; the function calling request is generated by the first functional component according to the first moment and the encrypted function calling parameter; the encrypted function calling parameter is obtained by encrypting the function calling parameter according to the first moment;
determining whether the function calling request is valid according to the first moment;
when the function calling request is valid, decrypting the encrypted function calling parameter according to the first moment;
and executing corresponding calling operation according to the decrypted function calling parameter.
9. A function calling apparatus, comprising a processor and a memory; the memory stores therein a program that is loaded and executed by the processor to implement the function calling method according to claim 7; or, implementing the function call method of claim 8.
10. A computer-readable storage medium, characterized in that the storage medium stores a program for implementing the function calling method according to claim 7 when the program is executed by a processor; or, implementing the function call method of claim 8.
CN201811023798.6A 2018-09-04 2018-09-04 Function calling system, method, device and storage medium Active CN109120631B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811023798.6A CN109120631B (en) 2018-09-04 2018-09-04 Function calling system, method, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811023798.6A CN109120631B (en) 2018-09-04 2018-09-04 Function calling system, method, device and storage medium

Publications (2)

Publication Number Publication Date
CN109120631A CN109120631A (en) 2019-01-01
CN109120631B true CN109120631B (en) 2021-05-14

Family

ID=64861870

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811023798.6A Active CN109120631B (en) 2018-09-04 2018-09-04 Function calling system, method, device and storage medium

Country Status (1)

Country Link
CN (1) CN109120631B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104270470A (en) * 2014-10-24 2015-01-07 杭州高达软件***股份有限公司 Remote service invocation method, device and system
CN104780176A (en) * 2015-04-28 2015-07-15 中国科学院微电子研究所 Method and system for safely calling representational state transition application programming interface
CN105306534A (en) * 2015-09-21 2016-02-03 拉扎斯网络科技(上海)有限公司 Information verification method based on open platform and open platform
CN106357782A (en) * 2016-09-29 2017-01-25 苏州科达科技股份有限公司 Multilevel architecture for data synchronization, data synchronization method and fault handling method
CN106375458A (en) * 2016-09-08 2017-02-01 上海银天下科技有限公司 Service call system, method and device
CN108012267A (en) * 2016-10-31 2018-05-08 华为技术有限公司 A kind of method for network authorization, relevant device and system
CN108429725A (en) * 2017-02-15 2018-08-21 财团法人资讯工业策进会 Authentication server, authentication method, and computer storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10498531B2 (en) * 2016-05-23 2019-12-03 Apple Inc. Electronic subscriber identity module (eSIM) provisioning error recovery

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104270470A (en) * 2014-10-24 2015-01-07 杭州高达软件***股份有限公司 Remote service invocation method, device and system
CN104780176A (en) * 2015-04-28 2015-07-15 中国科学院微电子研究所 Method and system for safely calling representational state transition application programming interface
CN105306534A (en) * 2015-09-21 2016-02-03 拉扎斯网络科技(上海)有限公司 Information verification method based on open platform and open platform
CN106375458A (en) * 2016-09-08 2017-02-01 上海银天下科技有限公司 Service call system, method and device
CN106357782A (en) * 2016-09-29 2017-01-25 苏州科达科技股份有限公司 Multilevel architecture for data synchronization, data synchronization method and fault handling method
CN108012267A (en) * 2016-10-31 2018-05-08 华为技术有限公司 A kind of method for network authorization, relevant device and system
CN108429725A (en) * 2017-02-15 2018-08-21 财团法人资讯工业策进会 Authentication server, authentication method, and computer storage medium

Also Published As

Publication number Publication date
CN109120631A (en) 2019-01-01

Similar Documents

Publication Publication Date Title
EP3308520B1 (en) System, apparatus and method for managing lifecycle of secure publish-subscribe system
CN112422532B (en) Service communication method, system and device and electronic equipment
US20200396060A1 (en) Identity Management Method, Device, Communications Network, And Storage Medium
CN111737366B (en) Private data processing method, device, equipment and storage medium of block chain
JP2019526993A (en) Network function virtualization system and verification method
CN108259413B (en) Method for obtaining certificate and authenticating and network equipment
CN108111497A (en) Video camera and server inter-authentication method and device
JP2024501578A (en) Key provisioning methods and related products
Jamal et al. Reliable access control for mobile cloud computing (MCC) with cache-aware scheduling
CN110138765B (en) Data processing method, data processing device, computer equipment and computer readable storage medium
CN107819888B (en) Method, device and network element for distributing relay address
Ferdous et al. Threat taxonomy for Cloud of Things
CN109120631B (en) Function calling system, method, device and storage medium
CN109802927B (en) Security service providing method and device
US8699710B2 (en) Controlled security domains
WO2018157787A1 (en) Password initialization method for preset account and related device
US11171786B1 (en) Chained trusted platform modules (TPMs) as a secure bus for pre-placement of device capabilities
CN117527267B (en) Method and system for controlling remote data based on secret calculation
CN114329574B (en) Encrypted partition access control method and system based on domain management platform and computing equipment
EP4340297A1 (en) Service function authorization
WO2019015563A1 (en) Initialization credentials generating method and device for virtual network function (vnf)
US11451520B2 (en) Private network and application provisioning system
CN117879819A (en) Key management method, device, storage medium, equipment and computing power service system
CN116545759A (en) Cipher text interaction method based on key agreement, computer equipment and storage medium
WO2023089438A1 (en) Correlating remote attestation quotes with a virtualized network function (vnf) resource allocation event

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant