diff --git a/jsowell-admin/src/main/java/com/jsowell/web/controller/thirdparty/ThirdPartyBaseController.java b/jsowell-admin/src/main/java/com/jsowell/web/controller/thirdparty/ThirdPartyBaseController.java
index 990cd0539..24732b3ce 100644
--- a/jsowell-admin/src/main/java/com/jsowell/web/controller/thirdparty/ThirdPartyBaseController.java
+++ b/jsowell-admin/src/main/java/com/jsowell/web/controller/thirdparty/ThirdPartyBaseController.java
@@ -2,6 +2,7 @@ package com.jsowell.web.controller.thirdparty;
 
 import com.alibaba.fastjson2.JSON;
 import com.alibaba.fastjson2.JSONObject;
+import com.google.common.collect.Maps;
 import com.jsowell.common.annotation.Anonymous;
 import com.jsowell.common.core.controller.BaseController;
 import com.jsowell.common.exception.BusinessException;
@@ -11,6 +12,7 @@ import com.jsowell.pile.vo.ThirdPartySecretInfoVO;
 import com.jsowell.thirdparty.lianlian.common.CommonResult;
 import com.jsowell.thirdparty.platform.ThirdPartyPlatformService;
 import com.jsowell.thirdparty.platform.util.Cryptos;
+import com.jsowell.thirdparty.platform.util.GBSignUtils;
 import com.jsowell.thirdparty.service.ThirdpartySecretInfoService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
@@ -77,4 +79,46 @@ public class ThirdPartyBaseController extends BaseController {
         return JSONObject.parseObject(decrypt, targetClass);
     }
 
+    /**
+     * 校验签名
+     *
+     * verifySignature
+     */
+    protected boolean verifySignature(CommonParamsDTO dto) {
+        // 查询密钥
+        String operatorId = StringUtils.isNotBlank(dto.getOperatorID()) ? dto.getOperatorID() : dto.getPlatformID();
+        ThirdPartySecretInfoVO secretInfoVO = thirdpartySecretInfoService.queryByOperatorId(operatorId);
+        if (secretInfoVO == null) {
+            throw new BusinessException("1", "无此对接平台");
+        }
+        // 校验签名，使用响应方的密钥
+        String signSecret = secretInfoVO.getOurSigSecret();
+
+        Map<String, String> map = Maps.newLinkedHashMap();
+        String operatorID = dto.getOperatorID();
+        if (StringUtils.isNotBlank(operatorID)) {
+            map.put("OperatorID", operatorID);
+        }
+        String platformID = dto.getPlatformID();
+        if (StringUtils.isNotBlank(platformID)) {
+            map.put("PlatformID", platformID);
+        }
+        String data = dto.getData();
+        if (StringUtils.isNotBlank(data)) {
+            map.put("Data", data);
+        }
+        String timeStamp = dto.getTimeStamp();
+        if (StringUtils.isNotBlank(timeStamp)) {
+            map.put("TimeStamp", timeStamp);
+        }
+        String seq = dto.getSeq();
+        if (StringUtils.isNotBlank(seq)) {
+            map.put("Seq", seq);
+        }
+
+        // 计算sign
+        String sign = GBSignUtils.sign(map, signSecret);
+        return StringUtils.equals(dto.getSig(), sign);
+    }
+
 }
diff --git a/jsowell-admin/src/main/java/com/jsowell/web/controller/thirdparty/neimenggu/NMGController.java b/jsowell-admin/src/main/java/com/jsowell/web/controller/thirdparty/neimenggu/NMGController.java
index 29f3c14cb..efe50b6ed 100644
--- a/jsowell-admin/src/main/java/com/jsowell/web/controller/thirdparty/neimenggu/NMGController.java
+++ b/jsowell-admin/src/main/java/com/jsowell/web/controller/thirdparty/neimenggu/NMGController.java
@@ -2,6 +2,7 @@ package com.jsowell.web.controller.thirdparty.neimenggu;
 
 import com.alibaba.fastjson2.JSON;
 import com.jsowell.common.annotation.Anonymous;
+import com.jsowell.common.enums.thirdparty.ThirdPartyReturnCodeEnum;
 import com.jsowell.common.exception.BusinessException;
 import com.jsowell.pile.dto.QueryOperatorInfoDTO;
 import com.jsowell.pile.dto.QueryStationInfoDTO;
@@ -61,6 +62,9 @@ public class NMGController extends ThirdPartyBaseController {
     public CommonResult<?> queryOperatorInfo(@RequestBody CommonParamsDTO dto) {
         logger.info("内蒙古平台查询运营商信息 params:{}", JSON.toJSONString(dto));
         try {
+            if (!verifySignature(dto)) {
+                throw new BusinessException(ThirdPartyReturnCodeEnum.SIGN_ERROR);
+            }
             QueryOperatorInfoDTO paramDTO = parseParamsDTO(dto, QueryOperatorInfoDTO.class);
             Map<String, String> map = platformLogic.queryOperatorInfo(paramDTO);
             logger.info("内蒙古平台查询运营商信息 result:{}", JSON.toJSONString(map));
diff --git a/jsowell-common/src/main/java/com/jsowell/common/exception/BusinessException.java b/jsowell-common/src/main/java/com/jsowell/common/exception/BusinessException.java
index e55b9cdb0..a958b8777 100644
--- a/jsowell-common/src/main/java/com/jsowell/common/exception/BusinessException.java
+++ b/jsowell-common/src/main/java/com/jsowell/common/exception/BusinessException.java
@@ -1,5 +1,6 @@
 package com.jsowell.common.exception;
 
+import com.jsowell.common.enums.thirdparty.ThirdPartyReturnCodeEnum;
 import com.jsowell.common.enums.ykc.ReturnCodeEnum;
 import lombok.Data;
 
@@ -26,4 +27,9 @@ public class BusinessException extends RuntimeException{
 		this.code = code;
 		this.message = message;
 	}
+
+	public BusinessException(ThirdPartyReturnCodeEnum thirdPartyReturnCodeEnum) {
+		this.code = thirdPartyReturnCodeEnum.getRet();
+		this.message = thirdPartyReturnCodeEnum.getMsg();
+	}
 }