diff --git a/webapp/services/callback/common/SignatureService.php b/webapp/services/callback/common/SignatureService.php
index 6529a162..4aea21e0 100644
--- a/webapp/services/callback/common/SignatureService.php
+++ b/webapp/services/callback/common/SignatureService.php
@@ -20,6 +20,11 @@ class SignatureService {
             myself()-_rspErr(self::ERRCODE);
             die();
         }
+        $sign = self::normalMd5Sign($_REQUEST, $row['secret_key'], array('_sign'));
+        if ($sign != $row['signature']) {
+            myself()-_rspErr(self::ERRCODE);
+            die();
+        }
     }
 
     public static function normalMd5Sign($params, $secretKey, $excludeKeys){