diff --git a/common/include/dm_anonymous.h b/common/include/dm_anonymous.h
index 2078a4bd9161d53153a4785ea2dbd03f3e6e85c8..447e310d793acb48ebe953aa981d6d01e2108bd2 100644
--- a/common/include/dm_anonymous.h
+++ b/common/include/dm_anonymous.h
@@ -103,6 +103,7 @@ bool IsValueExist(const std::multimap<std::string, int32_t> unorderedmap, const
 bool IsDmCommonNotifyEventValid(DmCommonNotifyEvent dmCommonNotifyEvent);
 std::string SafetyDump(const JsonItemObject &jsonObj);
 std::string GetSubStr(const std::string &rawStr, const std::string &separator, int32_t index);
+bool IsJsonValIntegerString(const JsonItemObject &jsonObj, const std::string &key);
 } // namespace DistributedHardware
 } // namespace OHOS
 #endif // OHOS_DM_ANONYMOUS_H
diff --git a/common/src/dm_anonymous.cpp b/common/src/dm_anonymous.cpp
index 5ba04e5f32516e5b3301b580424c3b19c49dd35b..0bf73567f010750bfb57fe9a1edc37ef4f86b9a2 100644
--- a/common/src/dm_anonymous.cpp
+++ b/common/src/dm_anonymous.cpp
@@ -395,5 +395,19 @@ std::string GetSubStr(const std::string &rawStr, const std::string &separator, i
     LOGE("get failed");
     return "";
 }
+
+bool IsJsonValIntegerString(const JsonItemObject &jsonObj, const std::string &key)
+{
+    if (!IsString(jsonObj, key)) {
+        LOGE("%{public}s is not string", key.c_str());
+        return false;
+    }
+    std::string retValStr = jsonObj[key].Get<std::string>();
+    if (!IsNumberString(retValStr)) {
+        LOGE("%{public}s is not number", key.c_str());
+        return false;
+    }
+    return true;
+}
 } // namespace DistributedHardware
 } // namespace OHOS
\ No newline at end of file
diff --git a/services/implementation/src/authentication/dm_auth_manager.cpp b/services/implementation/src/authentication/dm_auth_manager.cpp
index 4f57da8427d3abbff47669f1bf8420fb8b5887ab..00b4bc81926a64d27ebfcea70b634ca5fd5cea01 100644
--- a/services/implementation/src/authentication/dm_auth_manager.cpp
+++ b/services/implementation/src/authentication/dm_auth_manager.cpp
@@ -215,12 +215,15 @@ int32_t DmAuthManager::CheckAuthParamVaildExtra(const std::string &extra, const
         LOGE("CONN_SESSION_TYPE_HML, CheckHmlParamValid failed");
         return ERR_DM_INPUT_PARA_INVALID;
     }
-
     if (jsonObject.IsDiscarded() || !jsonObject.Contains(TAG_BIND_LEVEL) ||
-        !IsInt32(jsonObject, TAG_BIND_LEVEL)) {
+        !IsString(jsonObject, TAG_BIND_LEVEL)) {
         return DM_OK;
     }
-    int32_t bindLevel = jsonObject[TAG_BIND_LEVEL].Get<int32_t>();
+    if (!IsJsonValIntegerString(jsonObject, TAG_BIND_LEVEL)) {
+        LOGE("TAG_BIND_LEVEL is not integer string.");
+        return ERR_DM_INPUT_PARA_INVALID;
+    }
+    int32_t bindLevel = std::atoi(jsonObject[TAG_BIND_LEVEL].Get<std::string>());
     if (static_cast<uint32_t>(bindLevel) > APP || bindLevel < INVALID_TYPE) {
         LOGE("bindlevel error %{public}d.", bindLevel);
         return ERR_DM_INPUT_PARA_INVALID;
@@ -326,8 +329,8 @@ void DmAuthManager::ParseJsonObject(JsonObject &jsonObject)
         if (IsString(jsonObject, APP_THUMBNAIL)) {
             authRequestContext_->appThumbnail = jsonObject[APP_THUMBNAIL].Get<std::string>();
         }
-        if (IsInt32(jsonObject, TAG_BIND_LEVEL)) {
-            authRequestContext_->bindLevel = jsonObject[TAG_BIND_LEVEL].Get<int32_t>();
+        if (IsJsonValIntegerString(jsonObject, TAG_BIND_LEVEL)) {
+            authRequestContext_->bindLevel = std::atoi(jsonObject[TAG_BIND_LEVEL].Get<std::string>());
         }
         authRequestContext_->closeSessionDelaySeconds = 0;
         if (IsString(jsonObject, PARAM_CLOSE_SESSION_DELAY_SECONDS)) {