[go: up one dir, main page]

CN110569138B - Remote service calling method, response method, device, electronic equipment and server - Google Patents

Remote service calling method, response method, device, electronic equipment and server Download PDF

Info

Publication number
CN110569138B
CN110569138B CN201910871763.6A CN201910871763A CN110569138B CN 110569138 B CN110569138 B CN 110569138B CN 201910871763 A CN201910871763 A CN 201910871763A CN 110569138 B CN110569138 B CN 110569138B
Authority
CN
China
Prior art keywords
remote service
content
server
instruction
service content
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201910871763.6A
Other languages
Chinese (zh)
Other versions
CN110569138A (en
Inventor
郭子亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority to CN201910871763.6A priority Critical patent/CN110569138B/en
Publication of CN110569138A publication Critical patent/CN110569138A/en
Application granted granted Critical
Publication of CN110569138B publication Critical patent/CN110569138B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/547Remote procedure calls [RPC]; Web services

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)

Abstract

本申请实施例公开了一种远程服务调用方法、响应方法、装置、电子设备及服务器。所述方法包括:获取所需调用的远程服务内容;对所述远程服务内容进行加密,得到加密后的远程服务内容;基于指定的通信协议生成远程服务调用请求,所述远程服务调用请求中携带有所述加密后的远程服务内容,且所述远程服务调用请求的目的地址为基于目标统一资源标识获得;将所述远程服务调用请求发送到所述目的地址对应的服务端,以用于所述服务端执行与所述远程服务调用请求所对应的服务。通过上述方式使得,对于从目标统一资源标识触发的远程服务调用请求中的内容可以进行加密发送,从而提升远程服务内容在传输过程中的安全性。

Figure 201910871763

The embodiments of the present application disclose a remote service invocation method, a response method, an apparatus, an electronic device, and a server. The method includes: acquiring the remote service content to be invoked; encrypting the remote service content to obtain the encrypted remote service content; generating a remote service invocation request based on a specified communication protocol, the remote service invocation request carrying There is the encrypted remote service content, and the destination address of the remote service invocation request is obtained based on the target uniform resource identifier; the remote service invocation request is sent to the server corresponding to the destination address for all The server executes the service corresponding to the remote service invocation request. Through the above method, the content in the remote service invocation request triggered from the target uniform resource identifier can be encrypted and sent, thereby improving the security of the remote service content in the transmission process.

Figure 201910871763

Description

远程服务调用方法、响应方法、装置、电子设备及服务器Remote service invocation method, response method, device, electronic device and server

技术领域technical field

本申请涉及计算机技术领域,更具体地,涉及一种远程服务调用方法、响应方法、装置、电子设备及服务器。The present application relates to the field of computer technology, and more particularly, to a remote service invocation method, response method, apparatus, electronic device, and server.

背景技术Background technique

随着网络时代的到来,更多的电子设备之间的服务可以相互的调用。而其中的REST Web应用服务就是一种RPC(远程过程调用)服务,其通过向指定的网络地址发送请求来完成某个远程服务调用。而相关的远程服务调用过程中,对于所调用内容通常是依靠所采用的通信协议本身所定义的规则进行的加密,造成远程服务调用过程中所传输的数据的安全性还有待提升。With the advent of the Internet era, more services between electronic devices can call each other. The REST Web application service is an RPC (remote procedure call) service, which completes a remote service call by sending a request to a specified network address. In the related remote service invocation process, the invocation content is usually encrypted by the rules defined by the adopted communication protocol itself, resulting in that the security of the data transmitted in the remote service invocation process needs to be improved.

发明内容SUMMARY OF THE INVENTION

鉴于上述问题,本申请提出了一种远程服务调用方法、响应方法、装置、电子设备及服务器,以改善上述问题。In view of the above problems, the present application proposes a remote service invocation method, a response method, an apparatus, an electronic device and a server to improve the above problems.

第一方面,本申请提供了一种远程服务调用方法,应用于客户端,所述方法包括:获取所需调用的远程服务内容;对所述远程服务内容进行加密,得到加密后的远程服务内容;基于指定的通信协议生成远程服务调用请求,所述远程服务调用请求中携带有所述加密后的远程服务内容,且所述远程服务调用请求的目的地址为基于目标统一资源标识获得;将所述远程服务调用请求发送到所述目的地址对应的服务端,以用于所述服务端执行与所述远程服务调用请求所对应的服务。In a first aspect, the present application provides a method for invoking a remote service, which is applied to a client. The method includes: acquiring the content of the remote service to be invoked; and encrypting the content of the remote service to obtain the encrypted remote service content ; Generate a remote service invocation request based on a specified communication protocol, the remote service invocation request carries the encrypted remote service content, and the destination address of the remote service invocation request is obtained based on the target uniform resource identifier; The remote service invocation request is sent to the server corresponding to the destination address, so that the server can execute the service corresponding to the remote service invocation request.

第二方面,本申请提供了一种远程服务响应方法,应用于服务端,所述方法包括:获取远程服务调用请求中携带的加密后的远程服务内容;执行解密后的所述远程服务内容,得到执行结果;对所述执行结果进行签名,得到签名后的执行结果;基于指定的通信协议生成回复信息,所述回复信息携带有所述签名后的执行结果;将所述回复信息返回给发送所述远程服务调用请求的客户端。In a second aspect, the present application provides a remote service response method, which is applied to a server. The method includes: acquiring encrypted remote service content carried in a remote service invocation request; executing the decrypted remote service content, Obtain the execution result; sign the execution result to obtain the signed execution result; generate reply information based on the specified communication protocol, the reply information carries the signed execution result; return the reply information to the sender The client of the remote service invocation request.

第三方面,本申请提供了一种远程服务调用装置,所述装置包括:调用内容获取单元,用于获取所需调用的远程服务内容;内容加密单元,用于对所述远程服务内容进行加密,得到加密后的远程服务内容;请求生成单元,用于基于指定的通信协议生成远程服务调用请求,所述远程服务调用请求中携带有所述加密后的远程服务内容,且所述远程服务调用请求的目的地址为基于目标统一资源标识获得;信息通信单元,用于将所述远程服务调用请求发送到所述目的地址对应的服务端,以用于所述服务端执行与所述远程服务调用请求所对应的服务。In a third aspect, the present application provides an apparatus for invoking a remote service, the apparatus comprising: an invocation content acquisition unit for acquiring the remote service content to be invoked; and a content encryption unit for encrypting the remote service content , obtain the encrypted remote service content; the request generation unit is used to generate a remote service invocation request based on a specified communication protocol, the remote service invocation request carries the encrypted remote service content, and the remote service invocation request The destination address of the request is obtained based on the target uniform resource identifier; the information communication unit is used to send the remote service invocation request to the server corresponding to the destination address, so that the server can perform and call the remote service. Request the corresponding service.

第四方面,本申请提供了一种远程服务响应装置,所述装置包括:请求解析单元,用于获取远程服务调用请求中携带的加密后的远程服务内容;服务执行单元,用于执行解密后的所述远程服务内容,得到执行结果;签名单元,用于对所述执行结果进行签名,得到签名后的执行结果;响应生成单元,用于基于指定的通信协议生成回复信息,所述回复信息携带有所述签名后的执行结果;通信单元,用于将所述回复信息返回给发送所述远程服务调用请求的客户端。In a fourth aspect, the present application provides a remote service response device, the device comprising: a request parsing unit for acquiring encrypted remote service content carried in a remote service invocation request; a service execution unit for executing decrypted The remote service content of the remote service is obtained, and the execution result is obtained; the signature unit is used to sign the execution result to obtain the signed execution result; the response generation unit is used to generate reply information based on the specified communication protocol, and the reply information carrying the signed execution result; a communication unit, configured to return the reply information to the client that sent the remote service invocation request.

第五方面,本申请提供了一种电子设备,包括一个或多个处理器以及存储器;一个或多个程序被存储在所述存储器中并被配置为由所述一个或多个处理器执行以实现上述的方法。In a fifth aspect, the present application provides an electronic device comprising one or more processors and a memory; one or more programs are stored in the memory and configured to be executed by the one or more processors to Implement the above method.

第六方面,本申请提供了一种计算机可读存储介质,所述计算机可读存储介质中存储有程序代码,其中,在所述程序代码被处理器运行时执行上述的方法。In a sixth aspect, the present application provides a computer-readable storage medium, where a program code is stored in the computer-readable storage medium, wherein the above method is executed when the program code is executed by a processor.

本申请提供的一种远程服务调用方法、响应方法、装置、电子设备及服务器,在获取所需调用的远程服务内容后,会先对所述远程服务内容进行加密,得到加密后的远程服务内容,然后再基于指定的通信协议生成携带有所述加密后的远程服务内容且指向目标统一资源标识所标识的目的地址的远程服务调用请求,将所述远程服务调用请求发送到所述目的地址对应的服务端,以用于所述服务端执行与所述远程服务调用请求所对应的服务,进而通过上述方式使得,对于从目标统一资源标识触发的远程服务调用请求中的内容可以进行加密发送,从而提升远程服务内容在传输过程中的安全性。In a remote service invocation method, response method, device, electronic device and server provided by the present application, after obtaining the remote service content to be invoked, the remote service content will be encrypted first, and the encrypted remote service content will be obtained. , and then generate a remote service invocation request that carries the encrypted remote service content and points to the destination address identified by the target uniform resource identifier based on the specified communication protocol, and sends the remote service invocation request to the destination address corresponding to The server is used for the server to execute the service corresponding to the remote service invocation request, so that the content in the remote service invocation request triggered from the target uniform resource identifier can be encrypted and sent by the above method, Thereby, the security of the remote service content in the transmission process is improved.

附图说明Description of drawings

为了更清楚地说明本申请实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the technical solutions in the embodiments of the present application more clearly, the following briefly introduces the drawings that are used in the description of the embodiments. Obviously, the drawings in the following description are only some embodiments of the present application. For those skilled in the art, other drawings can also be obtained from these drawings without creative effort.

图1示出了本申请实施例提出的一种客户端与服务端交互的示意图;FIG. 1 shows a schematic diagram of interaction between a client and a server according to an embodiment of the present application;

图2示出了提出的一种客户端所发送的远程服务内容被截取的示意图;Fig. 2 shows the schematic diagram that the remote service content sent by a proposed client is intercepted;

图3示出了一种客户端所发送的远程服务内容在网关出被转换为明文进行后续传输的示意图;3 shows a schematic diagram of the remote service content sent by the client being converted into plaintext for subsequent transmission at the gateway;

图4示出了本申请一实施例提出的一种远程服务调用方法的流程图;FIG. 4 shows a flowchart of a remote service invocation method proposed by an embodiment of the present application;

图5示出了本申请一实施例提出的一种远程服务调用方法中计算出过程的处理方式的选择示意图;FIG. 5 shows a schematic diagram of selection of a processing method of a calculation process in a remote service invocation method proposed by an embodiment of the present application;

图6示出了本申请另一实施例提出的一种远程服务调用方法的流程图;FIG. 6 shows a flowchart of a remote service invocation method proposed by another embodiment of the present application;

图7示出了本申请另一实施例提出的一种远程服务调用方法中基于json格式的远程服务调用指令和对应的指令参数的示意图;7 shows a schematic diagram of a json format-based remote service invocation instruction and corresponding instruction parameters in a remote service invocation method proposed by another embodiment of the present application;

图8示出了本申请另一实施例提出的一种远程服务调用方法中基于json格式的远程服务调用指令和对应的指令参数合并后的示意图;FIG. 8 shows a schematic diagram of combining a remote service invocation instruction based on json format and corresponding instruction parameters in a remote service invocation method proposed by another embodiment of the present application;

图9示出了本申请另一实施例提出的一种远程服务调用方法中一具体实施方式的示意图;FIG. 9 shows a schematic diagram of a specific implementation manner of a remote service invocation method proposed by another embodiment of the present application;

图10示出了本申请再一实施例提出的一种远程服务调用方法的流程图;FIG. 10 shows a flowchart of a method for invoking a remote service proposed by yet another embodiment of the present application;

图11示出了本申请又一实施例提出的一种远程服务调用方法的流程图;FIG. 11 shows a flowchart of a remote service invocation method proposed by another embodiment of the present application;

图12示出了本申请实施例提出的一种远程服务调用装置的结构框图;FIG. 12 shows a structural block diagram of a remote service invocation apparatus proposed by an embodiment of the present application;

图13示出了本申请再一实施例提出的一种远程服务调用装置的结构框图;FIG. 13 shows a structural block diagram of a remote service invocation apparatus proposed by still another embodiment of the present application;

图14示出了本申请另一实施例提出的一种远程服务调用装置的结构框图;FIG. 14 shows a structural block diagram of a remote service invocation apparatus proposed by another embodiment of the present application;

图15示出了本申请实时中的用于执行根据本申请实施例的远程服务调用方法的电子设备的结构框图;15 shows a structural block diagram of an electronic device for executing the remote service invocation method according to an embodiment of the present application in real time of the present application;

图16示出了本申请实时中的用于保存或者携带实现根据本申请实施例的远程服务调用方法的程序代码的存储单元。FIG. 16 shows a storage unit in real time of the present application for storing or carrying program codes for implementing the remote service invocation method according to the embodiment of the present application.

具体实施方式Detailed ways

下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. Obviously, the described embodiments are only a part of the embodiments of the present application, but not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative work fall within the protection scope of the present application.

随着信息系统的发展,信息系统业务也随之增多,当我们的系统访问量增大、业务增多时,我们会发现一台单机运行此系统已经无法承受。那么我们可以将信息系统业务拆分成几个互不关联的服务,分别部署在各自机器上,使得每个机器都可以运行一种或多种服务,以划清逻辑并减小单个机器的压力。那么在这种情况下,就需要一种协议来支持不同的机器之间相互进行服务的调用。进而,RPC(Remote Procedure Call Protocol)协议应运而生。With the development of the information system, the business of the information system also increases. When the number of visits to our system increases and the business increases, we will find that a single machine running this system can no longer afford it. Then we can split the information system business into several unrelated services and deploy them on their own machines, so that each machine can run one or more services, in order to clear the logic and reduce the pressure on a single machine . In this case, a protocol is needed to support mutual service calls between different machines. Furthermore, the RPC (Remote Procedure Call Protocol) protocol came into being.

RPC采用客户端/服务端模式。其中吗,请求远程调用服务的程序就是一个客户端,而服务提供程序就是一个服务端。首先,调用进程发送一个有进程参数的调用信息到服务进程,然后等待应答信息。在服务端,进程保持睡眠状态直到调用信息的到达为止。当一个调用信息到达,服务端获得进程参数,计算结果,发送答复信息,然后等待下一个调用信息,最后,客户端调用过程接收答复信息,获得进程结果,然后调用执行继续进行。例如,如图1所示,在整个远程服务调用过程中,会调用客户端句柄,执行传送参数,并且会调用本地的通信模块传递网络消息到远程主机(服务端)。服务端句柄得到消息并取得参数进而执行与该参数对应的远程过程,且执行的过程将结果返回服务端句柄,服务端句柄返回结果,调用远程主机(服务端)的通信模块传回本地主机(客户端),客户端句柄由本地通信模块接收返回结果。RPC adopts the client/server model. Among them, the program that requests the remote call service is a client, and the service provider is a server. First, the calling process sends a call message with process parameters to the server process, and then waits for a reply message. On the server side, the process stays asleep until the call message arrives. When a call message arrives, the server obtains the process parameters, calculates the result, sends a reply message, and then waits for the next call message. Finally, the client calls the process to receive the reply message, obtain the process result, and then call execution to continue. For example, as shown in Figure 1, in the entire remote service invocation process, the client handle will be called, the parameters will be transferred, and the local communication module will be called to transfer network messages to the remote host (server). The server handle gets the message and parameters and then executes the remote process corresponding to the parameter, and the executed process returns the result to the server handle, the server handle returns the result, and the communication module of the remote host (server) is called to return it to the local host ( client), the client handle is received and returned by the local communication module.

而发明人在对相关的远程服务调用的工作过程的研究中发现,目前客户端与服务端之间所采用的通信协议可能并不具备对传输的内容进行加密功能,甚至即使具有对所传输的内容进行加密的功能,也无法有效的对远程服务调用过程中所传输的数据起到较好的安全性保护。例如,如图2所示,即使客户端采用的具有加密功能的HTTPS协议(或者其他通信协议,例如,FTP协议)进行数据传输,但是在客户端使用了HTTPS代理与服务端的通信情况下,其中的HTTPS代理可能会因为收到中间攻击而造成远程服务调用过程中所传输的数据泄露。再例如,如图3所示,对于客户端所传输的远程服务调用过程中的数据在传输到服务端所属的服务内部域的HTTPS网关处时会被解密为明文,进而使得HTTPS网关与服务端之间所传输的数据为明文,进而会造成所传输的数据被窃听。However, the inventor found in the research on the working process of the related remote service invocation that the communication protocol currently used between the client and the server may not have the function of encrypting the transmitted content, even if it has the function of encrypting the transmitted content. The function of encrypting the content cannot effectively protect the data transmitted during the remote service invocation. For example, as shown in Figure 2, even if the client uses the encrypted HTTPS protocol (or other communication protocols, such as the FTP protocol) for data transmission, in the case where the client uses the HTTPS proxy to communicate with the server, where HTTPS proxies may leak data transmitted during remote service calls due to a man-in-the-middle attack. For another example, as shown in Figure 3, the data transmitted by the client during the remote service invocation process will be decrypted into plaintext when transmitted to the HTTPS gateway of the service internal domain to which the server belongs, thereby enabling the HTTPS gateway and the server. The data transmitted between them is plaintext, which will cause the transmitted data to be eavesdropped.

因此,发明人提出了本申请中的在获取所需调用的远程服务内容后,会先对所述远程服务内容进行加密,得到加密后的远程服务内容,然后再基于指定的通信协议生成携带有所述加密后的远程服务内容且指向目标统一资源标识所标识的目的地址的远程服务调用请求,进而提升远程服务调用请求所携带的远程服务内容在传输过程中的安全性的远程服务调用方法、响应方法、装置、电子设备及服务器。Therefore, the inventor proposes that in the present application, after obtaining the remote service content to be called, the remote service content will be encrypted first to obtain the encrypted remote service content, and then based on the specified communication protocol, the The encrypted remote service content is directed to the remote service invocation request of the destination address identified by the target uniform resource identifier, and the remote service invocation method for improving the security of the remote service content carried by the remote service invocation request in the transmission process, Response method, apparatus, electronic device and server.

下面将结合附图具体描述本申请的各实施例。The embodiments of the present application will be described in detail below with reference to the accompanying drawings.

请参阅图4,本申请实施例提供的一种远程服务调用方法,应用于客户端,所述方法包括:Referring to FIG. 4 , a method for invoking a remote service provided by an embodiment of the present application is applied to a client, and the method includes:

步骤S110:获取所需调用的远程服务内容。Step S110: Obtain the content of the remote service to be called.

可以理解的是,远程服务调用是由客户端一侧向服务端发起的,以便客户端一侧可以调用服务端一侧的服务。那么客户端在生成发送给服务端的远程服务调用请求之前,需要先确定自己所需要调用的服务是什么,那么客户端可以先执行获取所需调用的远程服务内容。It can be understood that the remote service call is initiated by the client side to the server side, so that the client side can call the service on the server side. Then, before the client generates a remote service invocation request sent to the server, it needs to determine what service it needs to call, and then the client can first execute to obtain the content of the remote service to be invoked.

例如,客户端需要调用服务端对获取的数据进行计算。那么在这种情况下,获取的远程服务内容就可以包括所需计算的数据以及所需要的计算方式。再例如,客户端需要调用服务端对一个文件中的内容进行去重处理,那么在这种情况下,获取的远程服务内容就可以包括需要去重的文件,以及进行去重处理的调用指令。可以理解的是,对于其中的所需要调用的服务可以对应配置有一个唯一性的标识,那么在这种方式下,服务端在接收到客户端发送的远程服务调用请求后,通过判断其中的唯一性的标识就可以确定本次客户端需要调用的服务是哪一个。For example, the client needs to call the server to calculate the acquired data. Then, in this case, the acquired remote service content may include the required calculation data and the required calculation method. For another example, the client needs to call the server to deduplicate the content in a file. In this case, the acquired remote service content may include the file to be deduplicated and the invocation instruction for deduplication. It can be understood that a unique identifier can be configured for the service that needs to be called. In this way, after receiving the remote service invocation request sent by the client, the server determines the unique identifier. The identifier of the property can determine which service the client needs to call this time.

其中,触发客户端执行获取所需调用的远程服务内容的方式也可以有多种。There may also be various manners for triggering the client to perform the acquisition of the content of the remote service that needs to be called.

作为一种方式,可以基于自动化的事件来触发。As one approach, it can be triggered based on automated events.

对于客户端以外的应用程序或者客户端本身在运行的过程中,如果需要借助客户端所在电子设备以外的设备进行数据的处理,就可以看做一个基于自动化的事件来触发的方式。在这种方式下,客户端或者客户端以外的应用程序就可以借助客户端发送一个远程服务调用请求,以便可以调用其他的设备中的服务。例如,客户端运行在第一电子设备中,在该第一电子设备中还包括有应用程序A,而应用程序A在运行过程中需要调用函数A进行计算。那么该应用程序A就可以将调用函数A的需求以及输入到函数A的输入数据发送到客户端,进而客户端实现获取远程服务内容(函数A以及输入数据)。For applications other than the client or during the running of the client itself, if data processing needs to be performed by means of a device other than the electronic device where the client is located, it can be regarded as an automation-based event triggering method. In this way, a client or an application program other than the client can send a remote service invocation request with the help of the client, so that services in other devices can be invoked. For example, the client runs in a first electronic device, and the first electronic device also includes an application program A, and the application program A needs to call the function A for calculation during the running process. Then, the application A can send the requirement of calling function A and the input data input to the function A to the client, and then the client can obtain the content of the remote service (function A and the input data).

作为另外一种方式,可以基于用户的操作而触发。Alternatively, it can be triggered based on user actions.

在这种方式中,客户端可以配置有用于用户触控的控件。具体的,客户端中可以对将要执行的计算内容进行分解,分解得到多个计算过程,而当这多个计算过程均被执行后,表征该计算内容完成。那么在这种方式下,客户端可以给每个计算过程都配置一个选择控件,以便用户选择是由客户端在本地执行该计算过程,还是通过远程服务调用的方式来执行该计算过程。例如,如图5所示,对于其中的分解后的计算过程A、计算过程B以及计算过程C。均各自对应有本地和远程这两个选择控件。若对应于计算过程A,用户选择了本地,那么客户端后续在执行计算过程A的时候,客户端会直接在本地进行计算。而若对应于计算过程B,用户选择了远程,那么客户端后续在执行计算过程B的时候,客户端会根据计算过程B获取所需调用的远程服务内容。In this way, the client can be configured with controls for user touch. Specifically, the calculation content to be executed may be decomposed in the client to obtain multiple calculation processes, and when the multiple calculation processes are all executed, it indicates that the calculation content is completed. In this way, the client can configure a selection control for each calculation process, so that the user can choose whether to execute the calculation process locally by the client or to execute the calculation process by means of a remote service call. For example, as shown in FIG. 5 , for the decomposed calculation process A, calculation process B and calculation process C. There are two selection controls, local and remote, respectively. If the user selects local for the calculation process A, then when the client executes the calculation process A, the client will directly perform the calculation locally. However, if the user selects remote corresponding to the calculation process B, when the client subsequently executes the calculation process B, the client will obtain the content of the remote service that needs to be called according to the calculation process B.

步骤S120:对所述远程服务内容进行加密,得到加密后的远程服务内容。Step S120: Encrypt the remote service content to obtain encrypted remote service content.

其中,为了进一步的使得客户端所调用的远程服务内容有较好的安全性,而不会被其他设备劫持或者监听,那么客户端对于获取到的远程服务内容会进行加密。其中,客户端可以有多种方式对远程服务内容进行加密。Among them, in order to further enable the remote service content called by the client to have better security without being hijacked or monitored by other devices, the client will encrypt the acquired remote service content. The client can encrypt the remote service content in various ways.

作为一种方式,客户端可以基于本地存储的静态秘钥对远程服务内容进行加密。可以理解的是,静态秘钥可以理解为从被存储到客户端开始就一直保持不变的秘钥。那么在这种方式下,后续服务端在接收到客户端发送的远程服务调用请求后,也会基于与该静态秘钥对应的秘钥进行解密。可选的,若客户端采用的静态秘钥为对称加密方式的秘钥,那么与该静态秘钥对应的秘钥与静态秘钥是相同的。可选的,若客户端采用的静态秘钥为非对称加密方式的秘钥,那么与该静态秘钥对应的秘钥为对应的非对称秘钥。As one approach, the client can encrypt the remote service content based on a locally stored static key. It can be understood that a static key can be understood as a key that remains unchanged from the time it is stored to the client. In this way, after receiving the remote service invocation request sent by the client, the subsequent server will also decrypt based on the secret key corresponding to the static secret key. Optionally, if the static key used by the client is a symmetric encryption key, the key corresponding to the static key is the same as the static key. Optionally, if the static key used by the client is an asymmetric encryption key, the key corresponding to the static key is the corresponding asymmetric key.

作为另外一种方式,客户端可以基于定期从服务端获取的动态秘钥对远程服务内容进行加密。可以理解的是,动态秘钥是指会定期进行更新的秘钥。例如,客户端可以以每个小时或者甚至更短时间为一个周期从服务端请求当前最新的秘钥,进而在每次对远程服务内容进行加密时,基于当前本地存储的最新的秘钥进行加密。As another way, the client can encrypt the remote service content based on the dynamic key obtained from the server periodically. Understandably, a dynamic key refers to a key that is updated on a regular basis. For example, the client can request the current latest key from the server every hour or even a shorter period, and then encrypt based on the current locally stored latest key every time the remote service content is encrypted .

可以理解的是,为了使得客户端定期所请求的秘钥为最新的秘钥,那么服务端也会定期进行秘钥的更新,并且服务端更新秘钥的周期可以与客户端的请求周期相同。例如,服务端可以每间隔半个小时或者一个小时就更新一次秘钥,然后向所有的客户端广播当前秘钥已更新的消息,进而使得客户端可以随之向服务端请求最新的秘钥。此外,服务端也可以直接通过广播消息将最新的秘钥广播给客户端。那么通过动态秘钥的方式,可以使得远程服务内容进行加密的秘钥可以定期更新,使得即使某一个秘钥被其他非法用户破解获取到,也无法轻易获取到基于更新后的其他秘钥加密的远程服务内容,进而记进一步的提升了远程服务内容在传输过程中的安全性。It is understandable that, in order to make the secret key periodically requested by the client to be the latest secret key, the server will also periodically update the secret key, and the period for the server to update the secret key can be the same as the client's request period. For example, the server can update the secret key every half an hour or an hour, and then broadcast a message that the current secret key has been updated to all clients, so that the client can request the latest secret key from the server accordingly. In addition, the server can also directly broadcast the latest key to the client through a broadcast message. Then, through the method of dynamic secret key, the secret key encrypted by the remote service content can be updated regularly, so that even if a secret key is obtained by other illegal users, it is impossible to easily obtain the encrypted secret key based on the updated other secret key. The remote service content further improves the security of the remote service content in the transmission process.

其中,需要说明的是,服务端可以根据多种方式来确定秘钥的更新周期。Among them, it should be noted that the server can determine the update period of the secret key according to various methods.

作为一种方式,服务端可以根据后台维护人员配置的周期进行秘钥的更新。例如,后台维护人员配置的秘钥更新周期为1个小时,那么服务端就会按照1个小时的周期更新秘钥,对应的客户端也可以每间隔1个小时获取到最新的秘钥。As a way, the server can update the secret key according to the period configured by the background maintainer. For example, if the key update cycle configured by the background maintenance personnel is 1 hour, then the server will update the key according to the cycle of 1 hour, and the corresponding client can also obtain the latest key every 1 hour.

作为另外一种方式,服务端可以根据当前的远程服务调用频率来确定秘钥的更新周期。可以理解的是,若当前远程服务调用的频率并无高,例如,平均每间隔1个小时才会有一次调用,但是若服务端每间隔10分钟就更新一次秘钥,那么势必会造成极大的资源浪费。因为,即使服务端密集的进行秘钥的更新,但是客户端并未有效使用更细后的秘钥,甚至有的更新后的秘钥还未被使用,就已经被新的秘钥替换了。那么通过根据当前的远程服务调用频率来确定秘钥的更新周期,既可以提升更新后的秘钥的利用率,也可以提升远程服务内容在传输过程中的安全性。As another way, the server can determine the update cycle of the secret key according to the current remote service invocation frequency. It is understandable that if the current frequency of remote service calls is not high, for example, there is only one call every 1 hour on average, but if the server updates the secret key every 10 minutes, it will inevitably cause great waste of resources. Because, even though the server intensively updates the secret key, the client does not use the finer secret key effectively, and even some updated secret keys have been replaced by new secret keys before they are used. Then, by determining the update cycle of the secret key according to the current remote service invocation frequency, it can not only improve the utilization rate of the updated secret key, but also improve the security of the remote service content during the transmission process.

可选的,服务端更新秘钥的周期的长度与当前的远程服务调用频率成反比。即当前的远程服务调用频率越高,那么服务端更新秘钥的周期的越短。可以理解的是,对于服务端而言,可以对应有多个客户端都会进行远程服务调用,那么当客户端进行频繁的远程服务调用时,所需传输给服务端的远程服务内容在一定时间段内也就越多,那么所传输的远程服务内容被抓包或者截取的概率也就越大。那么在这种方式下,服务端通过更高频率的更新秘钥,对应的,客户端通过更高频率的获取服务端最新的秘钥,可以更大程度上保证所传输远程服务内容的安全性。实例性的,在服务端,检测到当前的远程服务调用次数为第一目标次数,那么配置当前的秘钥更新周期为每m分钟更新一次,当检测到当前的远程服务调用次数为第二目标次数,那么配置当前的秘钥更新周期为每n分钟更新一次,其中,第一目标次数大于第二目标次数,m小于n。Optionally, the length of the period for the server to update the secret key is inversely proportional to the current remote service invocation frequency. That is, the higher the current remote service invocation frequency, the shorter the period for the server to update the secret key. It can be understood that, for the server, there can be multiple clients that will make remote service calls. When the client makes frequent remote service calls, the remote service content that needs to be transmitted to the server is within a certain period of time. The more there are, the greater the probability that the transmitted remote service content will be captured or intercepted. In this way, the server can update the secret key more frequently, and correspondingly, the client can obtain the latest secret key from the server more frequently, which can ensure the security of the transmitted remote service content to a greater extent. . Illustratively, on the server side, it is detected that the current number of remote service calls is the first target number, then the current key update cycle is configured to be updated every m minutes, and when it is detected that the current number of remote service calls is the second target number number of times, then configure the current key update cycle to be updated every n minutes, where the first target number of times is greater than the second target number of times, and m is less than n.

步骤S130:基于指定的通信协议生成远程服务调用请求,所述远程服务调用请求中携带有所述加密后的远程服务内容,且所述远程服务调用请求的目的地址为基于目标统一资源标识获得。Step S130: Generate a remote service invocation request based on a specified communication protocol, the remote service invocation request carries the encrypted remote service content, and the destination address of the remote service invocation request is obtained based on the target uniform resource identifier.

可以理解的是,客户端与服务端之间会基于一定的通信协议进行通信。那么客户端在生成远程服务调用请求时,就会基于当前与客户端协定的通信协议来生成远程服务调用请求。例如,客户端与服务端之间协定的采用HTTP协议或者HTTPS协议进行通信,那么客户端会对应的基于HTTP协议或者HTTPS协议来生成远程服务调用请求。例如,对于基于HTTP协议或者HTTPS协议,其都包括header部分和body部分。那么加密后的远程服务内容可以存放在其中的body部分。It can be understood that the communication between the client and the server will be based on a certain communication protocol. Then, when the client generates the remote service invocation request, it will generate the remote service invocation request based on the communication protocol currently agreed with the client. For example, if the agreement between the client and the server uses the HTTP protocol or the HTTPS protocol to communicate, the client will generate a remote service call request based on the HTTP protocol or the HTTPS protocol correspondingly. For example, for the protocol based on HTTP or HTTPS, it includes a header part and a body part. Then the encrypted remote service content can be stored in the body part of it.

其中,需要说明的是,无论客户端是基于何种通信协议生成远程服务调用请求,都需要先获取到服务端的网络地址。那么在本实施例中,客户端可以基于多种方式来获取到服务端的目的地址。It should be noted that, no matter what communication protocol the client uses to generate the remote service invocation request, the network address of the server needs to be obtained first. Then, in this embodiment, the client can obtain the destination address of the server based on various methods.

作为一种方式,客户端获取有多个统一资源标识URI(Uniform ResourceIdentifier)。需要先说明的是,统一资源标识是一个用于标识某一互联网资源名称的字符串,该种标识允许客户端对互联网(包括本地和互联网)的资源通过特定的协议进行交互操作。那么在本实施例中,配置的统一资源标识可以用于标记服务端的网络地址。In one way, the client obtains multiple Uniform ResourceIdentifiers (URIs). It should be noted first that the uniform resource identifier is a character string used to identify the name of a certain Internet resource, and the identifier allows the client to interact with resources on the Internet (including local and Internet) through a specific protocol. Then, in this embodiment, the configured uniform resource identifier may be used to mark the network address of the server.

可选的,对于同一个服务端可以支持不同的客户端来进行远程服务调用,而对应的,同一个客户端也可以到不同的服务端进行远程服务调用,那么在这种方式下,客户端通过获取当前的目标统一资源标识,即可获取到当前所要进行远程服务调用的服务端。其中,需要说明的是,统一资源标识除了可以标识服务端的网络地址外,还可以标识不同的远程服务内容。例如,统一资源标识可以通过其包括的指定字段的值来表征远程服务内容。那么在这种方式下,客户端在确定所需要的远程服务内容后,即可将指定字段的值表征的远程服务内容与客户端确定的所需要的远程服务内容相同的统一资源标识确定为目标统一资源标识,进而同时获取到确定的目标统一资源标识所指定的目标地址作为服务端的网络地址。Optionally, the same server can support different clients to make remote service calls, and correspondingly, the same client can also make remote service calls to different servers, then in this way, the client By obtaining the current target uniform resource identifier, the server that is currently invoking the remote service can be obtained. It should be noted that, in addition to identifying the network address of the server, the uniform resource identifier can also identify different remote service contents. For example, the Uniform Resource Identifier may characterize the remote service content by the value of the specified field it includes. Then in this way, after the client determines the required remote service content, the client can determine the uniform resource identifier of the same remote service content represented by the value of the specified field and the required remote service content determined by the client as the target The uniform resource identifier is obtained, and the target address specified by the determined target uniform resource identifier is obtained as the network address of the server at the same time.

例如,客户端本地存储有统一资源标识A、统一资源标识B以及统一资源标识C。其中,统一资源标识A表征的目的地址指向服务端A,统一资源标识B表征的目的地址指向服务端B,统一资源标识C表征的目的地址指向服务端C。那么当客户端在获取到远程服务内容,并且判断所获取的远程服务内容与统一资源标识C的指定字段所表征的远程服务内容相同的情况下,会将统一资源标识C作为目标统一资源标识,进而将服务端C的网络地址作为所生成的远程服务调用请求的目的地址。For example, the client locally stores the uniform resource identifier A, the uniform resource identifier B, and the uniform resource identifier C. The destination address represented by the uniform resource identifier A points to the server A, the destination address represented by the uniform resource identifier B points to the server B, and the destination address represented by the uniform resource identifier C points to the server C. Then, when the client obtains the remote service content and judges that the obtained remote service content is the same as the remote service content represented by the specified field of the uniform resource identifier C, it will use the uniform resource identifier C as the target uniform resource identifier, Further, the network address of the server C is used as the destination address of the generated remote service invocation request.

步骤S140:将所述远程服务调用请求发送到所述目的地址对应的服务端,以用于所述服务端执行与所述远程服务调用请求所对应的服务。Step S140: Send the remote service invocation request to the server corresponding to the destination address, so that the server executes the service corresponding to the remote service invocation request.

本申请提供的一种远程服务调用方法,在获取所需调用的远程服务内容后,会先对所述远程服务内容进行加密,得到加密后的远程服务内容,然后再基于指定的通信协议生成携带有所述加密后的远程服务内容且指向目标统一资源标识所标识的目的地址的远程服务调用请求,将所述远程服务调用请求发送到所述目的地址对应的服务端,以用于所述服务端执行与所述远程服务调用请求所对应的服务,进而通过上述方式使得,对于从目标统一资源标识触发的远程服务调用请求中的内容可以进行加密发送,避免了远程服务内容在传输途中因为通信协议本身的内容加密方式不够安全而造成的安全性问题,从而提升远程服务内容在传输过程中的安全性。In a method for invoking a remote service provided by this application, after acquiring the content of the remote service to be invoked, the content of the remote service will be encrypted first to obtain the content of the encrypted remote service, and then the content of the remote service will be generated based on the specified communication protocol. A remote service invocation request that has the encrypted remote service content and points to the destination address identified by the target uniform resource identifier, sends the remote service invocation request to the server corresponding to the destination address for use in the service The terminal executes the service corresponding to the remote service invocation request, and through the above method, the content in the remote service invocation request triggered from the target uniform resource identifier can be encrypted and sent, so as to avoid the remote service content in the transmission process due to communication The security problem caused by the content encryption method of the protocol itself is not secure enough, thereby improving the security of the remote service content during the transmission process.

请参阅图6,本申请实施例提供的一种远程服务调用方法,应用于客户端,所述方法包括:Referring to FIG. 6, a remote service invocation method provided by an embodiment of the present application is applied to a client, and the method includes:

步骤S210:获取所需调用的远程服务内容。Step S210: Obtain the content of the remote service to be called.

需要说明的是,远程服务内容表征的是客户端期望服务端执行何种动作,以及服务端在执行所指定的动作时以怎样的参数执行。例如,客户端期望服务端对指定的文件的内容中重复的中文字符进行去重。那么这里的“去重”即为客户端期望服务端执行的动作,而这里的“中文字符”就是期望服务端在去重过程中的所基于的参数。再例如,客户端期望服务端调用指定的函数块进行数值计算,而这个函数块需要有一个输入值,那么这个“输出值”就是期望服务端调用指定的函数块进行数值计算过程中所基于的参数。It should be noted that the content of the remote service represents what action the client expects the server to perform, and what parameters the server uses to perform the specified action. For example, the client expects the server to deduplicate repeated Chinese characters in the content of the specified file. Then the "de-duplication" here is the action that the client expects the server to perform, and the "Chinese character" here is the parameter based on which the server is expected to be in the process of de-duplication. For another example, the client expects the server to call the specified function block for numerical calculation, and this function block needs to have an input value, then this "output value" is the basis for the expected server to call the specified function block for numerical calculation. parameter.

基于上述内容,作为一种方式,所述获取所需调用的远程服务内容的步骤包括:获取基于目标数据交换格式排布的远程服务调用指令;获取基于所述目标数据交换格式排布的所述远程服务调用指令对应的指令参数;将所述远程服务调用指令与所述远程服务调用指令对应的指令参数进行合并,将合并后的基于所述目标数据交换格式排布的内容作为远程服务内容。Based on the above content, as one way, the step of acquiring the content of the remote service to be invoked includes: acquiring the remote service invocation instruction arranged based on the target data exchange format; The instruction parameter corresponding to the remote service invocation instruction; the remote service invocation instruction and the instruction parameter corresponding to the remote service invocation instruction are combined, and the combined content arranged based on the target data exchange format is used as the remote service content.

其中,需要说明的是,所包括的远程服务调用指令即为客户端期望服务端所进行的操作,而该远程服务调用指令对应的指令参数即为客户端期望服务端在执行操作时所基于的参数。其中,目标数据交换格式可以有多种,例如,可以为json或者xml等数据交换格式。如图7所示,示出了一种json格式的远程服务内容。在该远程服务内容中common内容块用于存储远程服务调用指令。例如,图中common内容块中的“Action”字段对应的内容为远程服务调用指令。而Specific内容块中的内容即为远程服务调用指令对应的指令参数。It should be noted that the included remote service invocation instruction is the operation that the client expects the server to perform, and the instruction parameter corresponding to the remote service invocation instruction is the basis on which the client expects the server to perform the operation. parameter. The target data exchange format may be various, for example, it may be a data exchange format such as json or xml. As shown in FIG. 7 , a remote service content in json format is shown. The common content block in the remote service content is used to store remote service invocation instructions. For example, the content corresponding to the "Action" field in the common content block in the figure is a remote service invocation instruction. The content in the Specific content block is the command parameter corresponding to the remote service invocation command.

其中,作为一种方式,所述远程服务调用指令包括指令项以及所述指令项对应的指令内容,所述指令参数包括参数项以及所述参数项对应的参数内容,所述将所述远程服务调用指令与所述远程服务调用指令对应的指令参数进行合并的步骤包括:将所述远程服务调用指令与所述远程服务调用指令对应的指令参数按照排列顺序进行合并;将所述指令项与所述参数项的字符均转换为小写字符;将所述指令内容以及所述参数内容中的指定字符删在所述指令内容以及所述参数内容中的结束位置配置换行符。In one way, the remote service invocation instruction includes an instruction item and instruction content corresponding to the instruction item, and the instruction parameter includes a parameter item and parameter content corresponding to the parameter item. The step of merging the invocation instruction with the instruction parameters corresponding to the remote service invocation instruction includes: merging the remote service invocation instruction and the instruction parameters corresponding to the remote service invocation instruction in an order of arrangement; The characters of the parameter items are all converted to lowercase characters; the specified characters in the instruction content and the parameter content are deleted and a line break is configured at the end position of the instruction content and the parameter content.

例如,请再参阅图7,对于远程服务调用指令中的“"Action":"XXXX"”,其中的“Action”可以看做指令项,而其中的“XXXX”可以看作指令内容。类似的,其中的“Arg1”、“Arg2”以及“Arg3”均为参数项,而其中的“alias/mydek”、“1234”以及“1234字节数据的hex值”均为参数内容。For example, referring to FIG. 7 again, for ""Action":"XXXX"" in the remote service invocation instruction, "Action" in it can be regarded as an instruction item, and "XXXX" in it can be regarded as an instruction content. Similarly, "Arg1", "Arg2" and "Arg3" are all parameter items, and "alias/mydek", "1234" and "hex value of 1234-byte data" are all parameter contents.

那么对于进行合并以后的形式可以参见如图8所示的内容。Then, for the form after merging, please refer to the content shown in FIG. 8 .

步骤S220:对所述远程服务内容进行签名,得到签名后的远程服务内容。Step S220: Sign the remote service content to obtain the signed remote service content.

可以理解的是,本实施例对远程服务内容进行签名的作用是避免远程服务内容在传输途中被篡改。其中,客户端可以基于多种方式对远程传输内容进行签名。可选的,客户端可以基于hash算法(例如、MD5,SHA1和SHA256)对远程传输内容进行签名。It can be understood that, the function of signing the remote service content in this embodiment is to prevent the remote service content from being tampered with during transmission. Among them, the client can sign the remote transmission content based on various methods. Optionally, the client can sign the remote transmission content based on a hash algorithm (eg, MD5, SHA1 and SHA256).

步骤S230:对所述签名后的远程服务内容进行加密,得到加密后的远程服务内容。Step S230: Encrypt the signed remote service content to obtain the encrypted remote service content.

可以理解的是,客户端对签名后的远程服务内容进行加密,可以进一步的使得其中的远程服务内容具有更好的安全性。而在本申请实施例中,客户端可以基于多种方式来对签名后的远程服务内容的进行加密。It can be understood that, the client encrypts the signed remote service content, which can further make the remote service content therein have better security. In this embodiment of the present application, the client may encrypt the signed remote service content based on various methods.

作为一种方式,所述对所述签名后的远程服务内容进行加密,得到加密后的远程服务内容的步骤包括:获取所述目标统一资源标识中目标字段的值,其中,不同的统一资源标识所表征的目的地址不同,且所包括的目标字段的值不同,不同的所述目标字段的值所对应的加密算法不同;获取与所述目标字段的值对应的加密算法;基于所述加密算法对所述签名后的远程服务内容进行加密,得到加密后的远程服务内容。As a method, the step of encrypting the signed remote service content to obtain the encrypted remote service content includes: acquiring the value of the target field in the target uniform resource identifier, wherein different uniform resource identifiers The represented destination addresses are different, and the values of the included target fields are different, and the encryption algorithms corresponding to different values of the target fields are different; the encryption algorithm corresponding to the value of the target field is obtained; based on the encryption algorithm The signed remote service content is encrypted to obtain the encrypted remote service content.

可以理解的是,不同的统一资源标识所表征的可以调用的远程服务是不同的。那么在这种方式中,不同的统一资源标识也可以对应有不同的加密算法,进而进一步的提升远程服务内容的安全性。例如,对于前面示例性所列举的文件去重服务以及调用函数块进行计算的服务可以对应不同的加密算法进行对应的远程服务内容进行加密。It can be understood that the callable remote services represented by different uniform resource identifiers are different. In this way, different uniform resource identifiers can also correspond to different encryption algorithms, thereby further improving the security of the remote service content. For example, for the file deduplication service and the service that invokes the function block for calculation, the corresponding remote service content can be encrypted corresponding to different encryption algorithms.

再例如,在有多个服务端的情况下,不同的服务端可以负责执行不同的远程服务内容。例如,可以配置其中一个服务端专门负责文件处理,而配置另外的服务端提供函数块进行数值计算,还可以配置另外的服务端负责进行网络信息爬取。那么在这种方式下,可以对应不同的服务端配置不同的加密算法。例如,客户端获取的远程服务内容为调用服务端处理文件,那么最终的远程服务调用请求会发送到负责文件处理的服务端,进而可以基于加密算法A对远程服务内容进行加密。而若客户端获取的远程服务内容为调用服务端进行函数计算,那么最终的远程服务调用请求会发送到负责提供函数块计算的服务端,进而可以基于加密算法B对远程服务内容进行加密。For another example, in the case of multiple servers, different servers may be responsible for executing different remote service contents. For example, one server can be configured to be responsible for file processing, another server can be configured to provide function blocks for numerical calculation, and another server can be configured to be responsible for crawling network information. In this way, different encryption algorithms can be configured for different servers. For example, if the remote service content obtained by the client is to call the server to process files, the final remote service invocation request will be sent to the server responsible for file processing, and then the remote service content can be encrypted based on encryption algorithm A. If the remote service content obtained by the client is to call the server to perform function computing, the final remote service call request will be sent to the server responsible for providing function block computing, and then the remote service content can be encrypted based on encryption algorithm B.

步骤S240:基于指定的通信协议生成远程服务调用请求,所述远程服务调用请求中携带有所述加密后的远程服务内容,且所述远程服务调用请求的目的地址为基于目标统一资源标识获得。Step S240: Generate a remote service invocation request based on the specified communication protocol, the remote service invocation request carries the encrypted remote service content, and the destination address of the remote service invocation request is obtained based on the target uniform resource identifier.

步骤S250:将所述远程服务调用请求发送到所述目的地址对应的服务端,以用于所述服务端执行与所述远程服务调用请求所对应的服务。Step S250: Send the remote service invocation request to the server corresponding to the destination address, so that the server can execute the service corresponding to the remote service invocation request.

示例性的,如图9所示,示出了一种具体的实施方式。在该方式中客户端与服务端之间基于HTTP/HTTPS协议进行通信。其中,组装命令参数可以理解为步骤S210中的获取所需调用的远程服务内容。然后基于HMAC签名的方式对远程服务内容进行签名,对于签名后的远程服务内容再基于PKCS7方式进行加密(客户端内置服务端的证书ServiceCertificate)。那么对应的,服务端对于接收到的远程服务调用请求,进行解析后,同样基于PKCS7方式进行进行解密,以及基于HMAC签名的方式进行验签。Exemplarily, as shown in FIG. 9, a specific implementation is shown. In this way, the communication between the client and the server is based on the HTTP/HTTPS protocol. Wherein, the assembly command parameter can be understood as obtaining the content of the remote service to be called in step S210. Then, the remote service content is signed based on the HMAC signature method, and the signed remote service content is encrypted based on the PKCS7 method (the client's built-in server certificate ServiceCertificate). Correspondingly, after parsing the received remote service invocation request, the server also decrypts based on the PKCS7 method, and performs signature verification based on the HMAC signature method.

对于服务端,服务端对于执行结果可以基于AES-256-GCM方式进行加密,并同样基于HMAC签名进行签名。那么对应的,客户端会基于HMAC签名的方式进行验签,并同样基于AES-256-GCM方式进行解密。For the server, the server can encrypt the execution result based on the AES-256-GCM method, and also sign based on the HMAC signature. Correspondingly, the client will verify the signature based on the HMAC signature method, and decrypt it based on the AES-256-GCM method.

本申请提供的一种远程服务调用方法,在获取基于指定数据交换格式生成的所需调用的远程服务内容后,会先对所述远程服务内容进行签名,然后对签名后的内容再进行加密,得到加密后的远程服务内容,然后再基于指定的通信协议生成携带有所述加密后的远程服务内容且指向目标统一资源标识所标识的目的地址的远程服务调用请求,将所述远程服务调用请求发送到所述目的地址对应的服务端,以用于所述服务端执行与所述远程服务调用请求所对应的服务,进而通过上述方式使得,对于从目标统一资源标识触发的远程服务调用请求中的内容可以进行加密发送,从而提升远程服务内容在传输过程中的安全性。In a method for invoking a remote service provided by the present application, after acquiring the content of the remote service to be invoked generated based on a specified data exchange format, the content of the remote service is first signed, and then the signed content is encrypted. Obtain the encrypted remote service content, and then generate a remote service invocation request that carries the encrypted remote service content and points to the destination address identified by the target uniform resource identifier based on the specified communication protocol, and the remote service invocation request. It is sent to the server corresponding to the destination address, so that the server executes the service corresponding to the remote service invocation request, and then through the above method, for the remote service invocation request triggered from the target uniform resource identifier The content of the remote service can be encrypted and sent, thereby improving the security of the remote service content during transmission.

请参阅图10,本申请实施例提供的一种远程服务调用方法,应用于客户端,所述方法包括:Referring to FIG. 10 , a remote service invocation method provided by an embodiment of the present application is applied to a client, and the method includes:

步骤S310:获取所需调用的远程服务内容。Step S310: Obtain the content of the remote service to be called.

步骤S320:对所述远程服务内容进行加密,得到加密后的远程服务内容。Step S320: Encrypt the remote service content to obtain the encrypted remote service content.

步骤S330:获取伪远程服务内容,所述伪远程服务内容与所述所需调用的远程服务内容不同。Step S330: Acquire pseudo-remote service content, where the pseudo-remote service content is different from the desired remote service content.

需要说明的是,本实施例中的伪远程服务内容为用于干扰其他非法人员对真正的远程服务内容进行判断的内容。例如,客户端实际要进行的是调用服务端的函数块进行函数计算,那么这里的伪远程服务内容就可以是调用服务端进行文件的处理。再例如,若客户端实际要进行的是调用服务端进行文件的处理,那么这里的伪远程服务内容就可以是调用服务端进行网络信息爬取。It should be noted that, the pseudo-remote service content in this embodiment is content used to interfere with other illegal persons' judgment of the real remote service content. For example, what the client actually wants to do is to call the function block of the server to perform function calculation, then the content of the pseudo-remote service here can be to call the server to process files. For another example, if what the client actually wants to do is to call the server to process files, then the content of the pseudo-remote service here can be to call the server to crawl network information.

步骤S340:将所述伪远程服务内容与所述加密后的远程服务内容进行拼接得到目标远程服务内容,且所述伪远程服务内容和所述加密后的远程服务内容之间配置有间隔字符,以用于所述服务端进行字符分割。Step S340: splicing the pseudo-remote service content and the encrypted remote service content to obtain the target remote service content, and a spacer character is configured between the pseudo-remote service content and the encrypted remote service content, for character segmentation by the server.

需要说明的是,让伪远程服务内容以明文的形式进行传输,有利于迷惑其他非法人员。原因在于,当其他非法人员通过设备截取到目标远程服务内容后,可能较为容易的可以获取到明文的伪远程服务内容,就可能会误以为这就是客户端实际所发送的远程服务内容,而较为容易忽视已经加密的真正的远程服务内容,进而起到对真正的远程服务内容的保护作用。It should be noted that transmitting the content of the pseudo-remote service in plaintext is beneficial to confuse other illegal persons. The reason is that when other illegal personnel intercept the target remote service content through the device, it may be easier to obtain the plaintext pseudo-remote service content, and they may mistakenly think that this is the remote service content actually sent by the client, while the It is easy to ignore the encrypted real remote service content, so as to protect the real remote service content.

可以理解的是,加密后的远程服务内容(真正的远程服务内容)和伪远程服务内容都会放在后续生成的远程服务调用请求中的同一个字段中。那么在所述伪远程服务内容和所述加密后的远程服务内容之间配置有间隔字符可以是的服务端可以确定如何进行字符分割,以便区别伪远程服务内容和加密后的远程服务内容。It is understandable that both the encrypted remote service content (real remote service content) and the pseudo-remote service content are placed in the same field in the subsequently generated remote service invocation request. Then, the server, which may be configured with space characters between the pseudo remote service content and the encrypted remote service content, may determine how to perform character segmentation, so as to distinguish the pseudo remote service content from the encrypted remote service content.

步骤S350:基于指定的通信协议生成远程服务调用请求,所述远程服务调用请求中携带有所述目标远程服务内容,且所述远程服务调用请求的目的地址为基于目标统一资源标识获得。Step S350: Generate a remote service invocation request based on the specified communication protocol, the remote service invocation request carries the target remote service content, and the destination address of the remote service invocation request is obtained based on the target uniform resource identifier.

步骤S360:将所述远程服务调用请求发送到所述目的地址对应的服务端,以用于所述服务端执行与所述远程服务调用请求所对应的服务。Step S360: Send the remote service invocation request to the server corresponding to the destination address, so that the server executes the service corresponding to the remote service invocation request.

本申请提供的一种远程服务调用方法,在获取所需调用的远程服务内容后,会先对所述远程服务内容进行加密,得到加密后的远程服务内容,然后会获取不同于该加密后的远程服务内容的伪远程服务内容,进而将所述伪远程服务内容与所述加密后的远程服务内容进行拼接得到目标远程服务内容,然后再基于指定的通信协议生成携带有所述目标远程服务内容且指向目标统一资源标识所标识的目的地址的远程服务调用请求,将所述远程服务调用请求发送到所述目的地址对应的服务端,以用于所述服务端执行与所述远程服务调用请求所对应的服务,进而通过上述方式使得,对于从目标统一资源标识触发的远程服务调用请求中的内容可以进行加密发送,从而提升远程服务内容在传输过程中的安全性。In a method for invoking a remote service provided by the present application, after obtaining the content of the remote service to be called, the content of the remote service is encrypted first to obtain the content of the remote service after encryption, and then the content of the remote service that is different from the encrypted content is obtained. The pseudo-remote service content of the remote service content, and then splicing the pseudo-remote service content and the encrypted remote service content to obtain the target remote service content, and then generating the target remote service content based on the specified communication protocol. And point to the remote service invocation request of the destination address identified by the target uniform resource identifier, and send the remote service invocation request to the server corresponding to the destination address, so that the server can execute the remote service invocation request. The corresponding service, and further through the above method, the content in the remote service invocation request triggered from the target uniform resource identifier can be encrypted and sent, thereby improving the security of the remote service content in the transmission process.

请参阅图11,本申请实施例提供的一种远程服务调用方法,应用于服务端,所述方法包括:Referring to FIG. 11 , a method for invoking a remote service provided by an embodiment of the present application is applied to a server, and the method includes:

步骤S410:获取远程服务调用请求中携带的加密后的远程服务内容。Step S410: Obtain the encrypted remote service content carried in the remote service invocation request.

步骤S420:执行解密后的所述远程服务内容,得到执行结果。Step S420: Execute the decrypted remote service content to obtain an execution result.

步骤S430:对所述执行结果进行签名,得到签名后的执行结果。Step S430: Sign the execution result to obtain a signed execution result.

步骤S440:基于指定的通信协议生成回复信息,所述回复信息携带有所述签名后的执行结果。Step S440: Generate reply information based on the specified communication protocol, where the reply information carries the signed execution result.

步骤S450:将所述回复信息返回给发送所述远程服务调用请求的客户端。Step S450: Return the reply information to the client that sent the remote service invocation request.

本申请提供的一种远程服务响应方法,执行解密后的所述远程服务内容,得到执行结果后,对所述执行结果进行签名,得到签名后的执行结果,然后基于指定的通信协议生成回复信息,所述回复信息携带有所述签名后的执行结果,将所述回复信息返回给发送所述远程服务调用请求的客户端,进而通过上述方式使得执行结果可有不完全依靠通信协议本身具有的加密方式进行信息安全的保护,从而提升远程服务内容在传输过程中的安全性。In a remote service response method provided by the present application, the decrypted remote service content is executed, after obtaining the execution result, the execution result is signed, the signed execution result is obtained, and then reply information is generated based on a specified communication protocol , the reply information carries the signed execution result, and the reply information is returned to the client that sent the remote service invocation request, so that the execution result may have a result that does not depend entirely on the communication protocol itself. The encryption method is used to protect the information security, thereby improving the security of the remote service content during the transmission process.

请参阅图12,本申请实施例提供的一种远程服务调用装置,所述装置包括:Referring to FIG. 12 , a remote service invocation apparatus provided by an embodiment of the present application includes:

调用内容获取单元510,用于获取所需调用的远程服务内容。The calling content obtaining unit 510 is used to obtain the content of the remote service to be called.

作为一种方式,调用内容获取单元510,具体用于获取基于目标数据交换格式排布的远程服务调用指令;获取基于所述目标数据交换格式排布的所述远程服务调用指令对应的指令参数;将所述远程服务调用指令与所述远程服务调用指令对应的指令参数进行合并,将合并后的基于所述目标数据交换格式排布的内容作为远程服务内容。In one way, calling the content obtaining unit 510 is specifically configured to obtain the remote service invocation instruction arranged based on the target data exchange format; and obtain instruction parameters corresponding to the remote service invocation instruction arranged based on the target data exchange format; The remote service invocation instruction and the instruction parameter corresponding to the remote service invocation instruction are combined, and the combined content arranged based on the target data exchange format is used as the remote service content.

具体的,在一种方式中,所述远程服务调用指令包括指令项以及所述指令项对应的指令内容,所述指令参数包括参数项以及所述参数项对应的参数内容,调用内容获取单元510,具体用于将所述远程服务调用指令与所述远程服务调用指令对应的指令参数按照排列顺序进行合并;将所述指令项与所述参数项的字符均转换为小写字符;将所述指令内容以及所述参数内容中的指定字符删除;在所述指令内容以及所述参数内容中的结束位置配置换行符。Specifically, in one mode, the remote service invocation instruction includes an instruction item and instruction content corresponding to the instruction item, the instruction parameter includes a parameter item and the parameter content corresponding to the parameter item, and the content acquisition unit 510 is called. , which is specifically used to combine the remote service invocation instruction and the instruction parameters corresponding to the remote service invocation instruction in order of arrangement; convert the characters of the instruction item and the parameter item into lowercase characters; Delete the specified characters in the content and the parameter content; configure a newline character at the end position in the instruction content and the parameter content.

内容加密单元520,用于对所述远程服务内容进行加密,得到加密后的远程服务内容。The content encryption unit 520 is configured to encrypt the remote service content to obtain encrypted remote service content.

作为一种方式,内容加密单元520,具体用于对所述远程服务内容进行签名,得到签名后的远程服务内容;对所述签名后的远程服务内容进行加密,得到加密后的远程服务内容。In one way, the content encryption unit 520 is specifically configured to sign the remote service content to obtain the signed remote service content; and encrypt the signed remote service content to obtain the encrypted remote service content.

其中,进一步的,内容加密单元520,具体用于获取所述目标统一资源标识中目标字段的值,其中,不同的统一资源标识所表征的目的地址不同,且所包括的目标字段的值不同,不同的所述目标字段的值所对应的加密算法不同;获取与所述目标字段的值对应的加密算法;基于所述加密算法对所述签名后的远程服务内容进行加密,得到加密后的远程服务内容。Wherein, further, the content encryption unit 520 is specifically configured to obtain the value of the target field in the target uniform resource identifier, wherein the destination addresses represented by different uniform resource identifiers are different, and the values of the included target fields are different, The encryption algorithms corresponding to different values of the target fields are different; the encryption algorithms corresponding to the values of the target fields are obtained; the signed remote service content is encrypted based on the encryption algorithm, and the encrypted remote service content is obtained. Service Content.

请求生成单元530,用于基于指定的通信协议生成远程服务调用请求,所述远程服务调用请求中携带有所述加密后的远程服务内容,且所述远程服务调用请求的目的地址为基于目标统一资源标识获得。The request generation unit 530 is configured to generate a remote service invocation request based on a specified communication protocol, the remote service invocation request carries the encrypted remote service content, and the destination address of the remote service invocation request is unified based on the target Resource ID is obtained.

如图13所示,请求生成单元530,包括:As shown in Figure 13, the request generating unit 530 includes:

伪内容获取子单元531,用于获取伪远程服务内容,所述伪远程服务内容与所述所需调用的远程服务内容不同。The pseudo-content obtaining subunit 531 is configured to obtain pseudo-remote service content, where the pseudo-remote service content is different from the desired remote service content.

内容合并子单元532,用于将所述伪远程服务内容与所述加密后的远程服务内容进行拼接得到目标远程服务内容,且所述伪远程服务内容和所述加密后的远程服务内容之间配置有间隔字符,以用于所述服务端进行字符分割。The content merging subunit 532 is configured to splicing the pseudo-remote service content and the encrypted remote service content to obtain the target remote service content, and between the pseudo-remote service content and the encrypted remote service content A spacer character is configured for the server to perform character segmentation.

请求生成子单元533,用于基于指定的通信协议生成远程服务调用请求,所述远程服务调用请求中携带有所述目标远程服务内容。The request generating subunit 533 is configured to generate a remote service invocation request based on a specified communication protocol, where the remote service invocation request carries the target remote service content.

信息通信单元540,用于将所述远程服务调用请求发送到所述目的地址对应的服务端,以用于所述服务端执行与所述远程服务调用请求所对应的服务。The information communication unit 540 is configured to send the remote service invocation request to the server corresponding to the destination address, so that the server can execute the service corresponding to the remote service invocation request.

请参阅图14,本申请实施例提供的一种远程服务调用装置600,所述装置600包括:Referring to FIG. 14, a remote service invocation apparatus 600 provided by an embodiment of the present application, the apparatus 600 includes:

请求解析单元610,用于获取远程服务调用请求中携带的加密后的远程服务内容;a request parsing unit 610, configured to obtain the encrypted remote service content carried in the remote service invocation request;

服务执行单元620,用于执行解密后的所述远程服务内容,得到执行结果;a service execution unit 620, configured to execute the decrypted remote service content to obtain an execution result;

签名单元630,用于对所述执行结果进行签名,得到签名后的执行结果;a signature unit 630, configured to sign the execution result to obtain the signed execution result;

响应生成单元640,用于基于指定的通信协议生成回复信息,所述回复信息携带有所述签名后的执行结果;a response generating unit 640, configured to generate reply information based on a specified communication protocol, where the reply information carries the signed execution result;

通信单元650,用于将所述回复信息返回给发送所述远程服务调用请求的客户端A communication unit 650, configured to return the reply information to the client that sent the remote service invocation request

需要说明的是,本申请中装置实施例与前述方法实施例是相互对应的,装置实施例中具体的原理可以参见前述方法实施例中的内容,此处不再赘述。It should be noted that the apparatus embodiments in the present application correspond to the foregoing method embodiments, and the specific principles in the apparatus embodiments may refer to the content in the foregoing method embodiments, which will not be repeated here.

下面将结合图15对本申请提供的一种电子设备进行说明。An electronic device provided by the present application will be described below with reference to FIG. 15 .

请参阅图15,基于上述的远程服务调用方法、装置,本申请实施例还提供的另一种可以执行前述远程服务调用方法的电子设备100。电子设备100包括相互耦合的一个或多个(图中仅示出一个)处理器102、存储器104以及网络模块106。其中,该存储器104中存储有可以执行前述实施例中内容的程序,而处理器102可以执行该存储器104中存储的程序。Referring to FIG. 15 , based on the foregoing remote service invocation method and apparatus, an embodiment of the present application further provides another electronic device 100 that can execute the foregoing remote service invocation method. The electronic device 100 includes one or more (only one shown in the figure) a processor 102, a memory 104, and a network module 106 that are coupled to each other. Wherein, the memory 104 stores a program that can execute the content in the foregoing embodiments, and the processor 102 can execute the program stored in the memory 104 .

其中,处理器102可以包括一个或者多个处理核。处理器102利用各种接口和线路连接整个电子设备100内的各个部分,通过运行或执行存储在存储器104内的指令、程序、代码集或指令集,以及调用存储在存储器104内的数据,执行电子设备100的各种功能和处理数据。可选地,处理器102可以采用数字信号处理(Digital Signal Processing,DSP)、现场可编程门阵列(Field-Programmable Gate Array,FPGA)、可编程逻辑阵列(ProgrammableLogic Array,PLA)中的至少一种硬件形式来实现。处理器102可集成中央处理器(CentralProcessing Unit,CPU)、图像处理器(Graphics Processing Unit,GPU)和调制解调器等中的一种或几种的组合。其中,CPU主要处理操作系统、用户界面和应用程序等;GPU用于负责显示内容的渲染和绘制;调制解调器用于处理无线通信。可以理解的是,上述调制解调器也可以不集成到处理器102中,单独通过一块通信芯片进行实现。The processor 102 may include one or more processing cores. The processor 102 uses various interfaces and lines to connect various parts of the entire electronic device 100, and executes by running or executing the instructions, programs, code sets or instruction sets stored in the memory 104, and calling the data stored in the memory 104. Various functions of the electronic device 100 and processing data. Optionally, the processor 102 may use at least one of digital signal processing (Digital Signal Processing, DSP), field-programmable gate array (Field-Programmable Gate Array, FPGA), and programmable logic array (Programmable Logic Array, PLA). implemented in hardware. The processor 102 may integrate one or a combination of a central processing unit (Central Processing Unit, CPU), a graphics processing unit (Graphics Processing Unit, GPU), a modem, and the like. Among them, the CPU mainly handles the operating system, user interface and application programs, etc.; the GPU is used for rendering and drawing of the display content; the modem is used to handle wireless communication. It can be understood that, the above-mentioned modem may not be integrated into the processor 102, and is implemented by a communication chip alone.

存储器104可以包括随机存储器(Random Access Memory,RAM),也可以包括只读存储器(Read-Only Memory)。存储器104可用于存储指令、程序、代码、代码集或指令集。存储器104可包括存储程序区和存储数据区,其中,存储程序区可存储用于实现操作系统的指令、用于实现至少一个功能的指令(比如触控功能、声音播放功能、图像播放功能等)、用于实现下述各个方法实施例的指令等。存储数据区还可以存储终端100在使用中所创建的数据(比如电话本、音视频数据、聊天记录数据)等。The memory 104 may include random access memory (Random Access Memory, RAM), or may include read-only memory (Read-Only Memory). Memory 104 may be used to store instructions, programs, codes, sets of codes, or sets of instructions. The memory 104 may include a stored program area and a stored data area, wherein the stored program area may store instructions for implementing an operating system, instructions for implementing at least one function (such as a touch function, a sound playback function, an image playback function, etc.) , instructions for implementing the following method embodiments, and the like. The storage data area may also store data created by the terminal 100 during use (such as phone book, audio and video data, chat record data) and the like.

所述网络模块106用于接收以及发送电磁波,实现电磁波与电信号的相互转换,从而与通讯网络或者其他设备进行通讯,例如和音频播放设备进行通讯。所述网络模块106可包括各种现有的用于执行这些功能的电路元件,例如,天线、射频收发器、数字信号处理器、加密/解密芯片、用户身份模块(SIM)卡、存储器等等。所述网络模块106可与各种网络如互联网、企业内部网、无线网络进行通讯或者通过无线网络与其他设备进行通讯。上述的无线网络可包括蜂窝式电话网、无线局域网或者城域网。例如,网络模块106可以与基站进行信息交互。The network module 106 is used for receiving and sending electromagnetic waves, realizing mutual conversion between electromagnetic waves and electrical signals, so as to communicate with a communication network or other devices, for example, communicate with an audio playback device. The network module 106 may include various existing circuit elements for performing these functions, eg, antennas, radio frequency transceivers, digital signal processors, encryption/decryption chips, subscriber identity module (SIM) cards, memory, etc. . The network module 106 can communicate with various networks such as the Internet, an intranet, a wireless network, or communicate with other devices through a wireless network. The aforementioned wireless network may include a cellular telephone network, a wireless local area network, or a metropolitan area network. For example, the network module 106 may exchange information with the base station.

请参考图16,其示出了本申请实施例提供的一种计算机可读存储介质的结构框图。该计算机可读介质800中存储有程序代码,所述程序代码可被处理器调用执行上述方法实施例中所描述的方法。Please refer to FIG. 16 , which shows a structural block diagram of a computer-readable storage medium provided by an embodiment of the present application. The computer-readable medium 800 stores program codes, and the program codes can be invoked by the processor to execute the methods described in the above method embodiments.

计算机可读存储介质800可以是诸如闪存、EEPROM(电可擦除可编程只读存储器)、EPROM、硬盘或者ROM之类的电子存储器。可选地,计算机可读存储介质800包括非易失性计算机可读介质(non-transitory computer-readable storage medium)。计算机可读存储介质800具有执行上述方法中的任何方法步骤的程序代码810的存储空间。这些程序代码可以从一个或者多个计算机程序产品中读出或者写入到这一个或者多个计算机程序产品中。程序代码810可以例如以适当形式进行压缩。The computer readable storage medium 800 may be an electronic memory such as flash memory, EEPROM (Electrically Erasable Programmable Read Only Memory), EPROM, hard disk, or ROM. Optionally, the computer-readable storage medium 800 includes a non-transitory computer-readable storage medium. Computer readable storage medium 800 has storage space for program code 810 to perform any of the method steps in the above-described methods. These program codes can be read from or written to one or more computer program products. Program code 810 may be compressed, for example, in a suitable form.

本申请提供的一种远程服务调用方法、响应方法、装置、电子设备及服务器,在获取所需调用的远程服务内容后,会先对所述远程服务内容进行加密,得到加密后的远程服务内容,然后再基于指定的通信协议生成携带有所述加密后的远程服务内容且指向目标统一资源标识所标识的目的地址的远程服务调用请求,将所述远程服务调用请求发送到所述目的地址对应的服务端,以用于所述服务端执行与所述远程服务调用请求所对应的服务,进而通过上述方式使得,对于从目标统一资源标识触发的远程服务调用请求中的内容可以进行加密发送,避免了远程服务内容在传输途中因为通信协议本身的内容加密方式不够安全而造成的安全性问题,从而提升远程服务内容在传输过程中的安全性。In a remote service invocation method, response method, device, electronic device and server provided by the present application, after obtaining the remote service content to be invoked, the remote service content will be encrypted first, and the encrypted remote service content will be obtained. , and then generate a remote service invocation request that carries the encrypted remote service content and points to the destination address identified by the target uniform resource identifier based on the specified communication protocol, and sends the remote service invocation request to the destination address corresponding to The server is used for the server to execute the service corresponding to the remote service invocation request, so that the content in the remote service invocation request triggered from the target uniform resource identifier can be encrypted and sent by the above method, The security problem caused by the insufficient security of the content encryption method of the communication protocol itself during the transmission of the remote service content is avoided, thereby improving the security of the remote service content in the transmission process.

最后应说明的是:以上实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不驱使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围。Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, but not to limit them; although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand: it can still be Modifications are made to the technical solutions described in the foregoing embodiments, or some technical features thereof are equivalently replaced; and these modifications or replacements do not drive the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of the present application.

Claims (7)

1. A remote service calling method applied to a client side is characterized by comprising the following steps:
acquiring remote service content required to be called;
signing the remote service content to obtain signed remote service content;
acquiring values of target fields in target uniform resource identifiers, wherein different uniform resource identifiers represent different destination addresses, different uniform resource identifiers comprise different values of the target fields, and different encryption algorithms corresponding to the different values of the target fields are different;
acquiring an encryption algorithm corresponding to the value of the target field from locally stored encryption algorithms, wherein the locally stored encryption algorithms are updated encryption algorithms acquired by the client from a server periodically;
encrypting the signed remote service content based on the encryption algorithm to obtain encrypted remote service content;
generating a remote service call request based on a specified communication protocol, wherein the remote service call request carries the encrypted remote service content, and the destination address of the remote service call request is obtained based on the target uniform resource identifier;
and sending the remote service calling request to a server corresponding to the destination address so that the server executes the service corresponding to the remote service calling request.
2. The method of claim 1, wherein the step of obtaining the remote service content to be invoked comprises:
acquiring a remote service calling instruction arranged based on a target data exchange format;
acquiring instruction parameters corresponding to the remote service call instruction arranged based on the target data exchange format;
and combining the remote service call instruction with an instruction parameter corresponding to the remote service call instruction, and taking the combined content arranged based on the target data exchange format as the remote service content.
3. The method according to claim 2, wherein the remote service call instruction comprises an instruction item and an instruction content corresponding to the instruction item, the instruction parameter comprises a parameter item and a parameter content corresponding to the parameter item, and the step of combining the remote service call instruction and the instruction parameter corresponding to the remote service call instruction comprises:
combining the remote service call instruction and instruction parameters corresponding to the remote service call instruction according to an arrangement sequence;
converting the characters of the instruction item and the parameter item into lower case characters;
deleting specified characters in the instruction content and the parameter content;
and arranging a line feed character at the end position in the instruction content and the parameter content.
4. The method of claim 1, wherein generating a remote service invocation request based on a specified communication protocol comprises:
acquiring pseudo remote service content, wherein the pseudo remote service content is different from the remote service content required to be called;
splicing the pseudo remote service content and the encrypted remote service content to obtain target remote service content, wherein interval characters are configured between the pseudo remote service content and the encrypted remote service content for the server to perform character segmentation;
and generating a remote service calling request based on a specified communication protocol, wherein the remote service calling request carries the target remote service content.
5. A remote service invocation apparatus, characterized in that said apparatus comprises:
the calling content acquisition unit is used for acquiring remote service content to be called;
the content encryption unit is used for signing the remote service content to obtain the signed remote service content; acquiring values of target fields in target uniform resource identifiers, wherein different uniform resource identifiers represent different destination addresses, different uniform resource identifiers comprise different values of the target fields, and different encryption algorithms corresponding to the different values of the target fields are different; acquiring an encryption algorithm corresponding to the value of the target field from a locally stored encryption algorithm, wherein the locally stored encryption algorithm is an updated encryption algorithm which is acquired by a client from a server periodically; encrypting the signed remote service content based on the encryption algorithm to obtain encrypted remote service content;
a request generating unit, configured to generate a remote service invocation request based on a specified communication protocol, where the remote service invocation request carries the encrypted remote service content, and a destination address of the remote service invocation request is obtained based on the target uniform resource identifier;
and the information communication unit is used for sending the remote service calling request to a server corresponding to the destination address so that the server can execute the service corresponding to the remote service calling request.
6. An electronic device comprising one or more processors and memory;
one or more programs are stored in the memory and configured to be executed by the one or more processors to implement the method of any of claims 1-4.
7. A computer-readable storage medium, having a program code stored therein, wherein the program code when executed by a processor performs the method of any of claims 1-4.
CN201910871763.6A 2019-09-16 2019-09-16 Remote service calling method, response method, device, electronic equipment and server Expired - Fee Related CN110569138B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910871763.6A CN110569138B (en) 2019-09-16 2019-09-16 Remote service calling method, response method, device, electronic equipment and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910871763.6A CN110569138B (en) 2019-09-16 2019-09-16 Remote service calling method, response method, device, electronic equipment and server

Publications (2)

Publication Number Publication Date
CN110569138A CN110569138A (en) 2019-12-13
CN110569138B true CN110569138B (en) 2022-06-17

Family

ID=68780170

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910871763.6A Expired - Fee Related CN110569138B (en) 2019-09-16 2019-09-16 Remote service calling method, response method, device, electronic equipment and server

Country Status (1)

Country Link
CN (1) CN110569138B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105721512A (en) * 2016-05-06 2016-06-29 深圳前海大数点科技有限公司 Remote process calling system and method thereof
CN106656953A (en) * 2016-09-23 2017-05-10 焦点科技股份有限公司 Method for realizing safe interface calling between systems based on Internet
CN109960594A (en) * 2017-12-14 2019-07-02 苏宁云商集团股份有限公司 Method without intrusively transmitting tracking id when Java far call C is serviced

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101094057A (en) * 2006-06-20 2007-12-26 国际商业机器公司 Content dividing method, device and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105721512A (en) * 2016-05-06 2016-06-29 深圳前海大数点科技有限公司 Remote process calling system and method thereof
CN106656953A (en) * 2016-09-23 2017-05-10 焦点科技股份有限公司 Method for realizing safe interface calling between systems based on Internet
CN109960594A (en) * 2017-12-14 2019-07-02 苏宁云商集团股份有限公司 Method without intrusively transmitting tracking id when Java far call C is serviced

Also Published As

Publication number Publication date
CN110569138A (en) 2019-12-13

Similar Documents

Publication Publication Date Title
CN112788012B (en) Log file encryption method, device, storage medium and electronic equipment
US20160269176A1 (en) Key Configuration Method, System, and Apparatus
CN103209202B (en) For transmitting the method and apparatus of data
CN108540433B (en) User identity verification method and device
WO2018177124A1 (en) Service processing method and device, data sharing system and storage medium
CN107483383B (en) Data processing method, terminal, background server and storage medium
US11070533B2 (en) Encrypted server name indication inspection
CN113434905B (en) Data transmission method and device, computer equipment and storage medium
CN113923655B (en) Data decryption receiving method and device based on adjacent nodes
CN113761566A (en) A data processing method and device
CN112699391B (en) Target data sending method and privacy computing platform
CN110378128A (en) Data ciphering method, device and terminal device
CN111193704B (en) HTTP communication method, device and readable storage medium
US12079613B2 (en) Processing system and method for updating firmware online
CN113726743B (en) A detection method, device, equipment and medium of a network replay attack
CN109120576B (en) Data sharing method and device, computer equipment and storage medium
CN110569138B (en) Remote service calling method, response method, device, electronic equipment and server
CN117595987A (en) Message transmission method, system, electronic equipment and readable storage medium
CN114338629A (en) Data processing method, device, equipment and medium
CN103873245A (en) Virtual machine system data encryption method and apparatus
CN119853935A (en) Data transmission method, device, storage medium and equipment
CN111835519A (en) A covert communication method based on public blockchain
CN107623571B (en) Handshake processing method, client and server
CN113992669A (en) A distributed data distribution method for trusted messages in industry
CN109120631B (en) Function calling system, method, device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20220617