diff --git a/webapp/services/callback/InAppPurchase.php b/webapp/services/callback/InAppPurchase.php
index fa4cb5d1..c9872a42 100644
--- a/webapp/services/callback/InAppPurchase.php
+++ b/webapp/services/callback/InAppPurchase.php
@@ -204,9 +204,24 @@ class InAppPurchase {
         $this->_rspOk();
     }
 
-    private function verifySign()
+    private function verifySign($data)
     {
+        $channel = $data['channel'];
+        $records = $data['records'];
+        $sign = $data['sign'];
 
+        $strings = array();
+        foreach ($records as $record) {
+            ksort($record);
+            foreach($record as $key => $val){
+                array_push($strings, $key . '=' . $val);
+            }
+        }
+        $signStr = 'channel=' . $channel . '&' . implode("&", $strings);
+        error_log('InAppPurchase verify ' . $signStr);
+
+        $signature = hash_hmac('sha256', $singStr, BUY_SERVER_PKEY);
+        return $sign == $signature;
     }
 
 }