CN104113552B - A kind of platform authorization method, platform service end and applications client and system - Google Patents
A kind of platform authorization method, platform service end and applications client and system Download PDFInfo
- Publication number
- CN104113552B CN104113552B CN201410364874.5A CN201410364874A CN104113552B CN 104113552 B CN104113552 B CN 104113552B CN 201410364874 A CN201410364874 A CN 201410364874A CN 104113552 B CN104113552 B CN 104113552B
- Authority
- CN
- China
- Prior art keywords
- service end
- message
- platform service
- checking
- applications client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The embodiment of the invention discloses a kind of platform authorization method, platform service end and applications client and system, method includes:Receive applications client by first path sends first verify message and obtain applications client place terminal terminal iidentification;Mapping relations between the received random string of record and terminal iidentification;Receive the second checking message that applications client is sent by the second path;The authentication information of submission in registration process is read from database according to the identity for being received, and identity ciphering string is decrypted and verified, corresponding terminal iidentification is extracted from the mapping relations for being recorded according to random string if consistent, and corresponding user account information is obtained according to terminal iidentification;Access token is authorized according to user account information and authentication information generation, applications client is sent to.The technical scheme of the embodiment of the present invention can cause user to licensing process unaware, and can further improve the security of mandate.
Description
Technical field
The present invention relates to computer communication technology field, more particularly to a kind of platform authorization method, platform service end and should
With client and system.
Background technology
Open platform refers to being provided by website, towards third-party open infrastructure service platform, such as Baidu, rise
News, Ali, Sina weibo etc. open cloud platform.Third-party applications client is in order to obtain the various of these open platforms offer
The cloud ability and user data of high value, can all remove the open mandate interface for supporting each large platform to be provided, and be existed with obtaining user
To the mandate access token produced after this application client authorization on these platforms, and each large platform is called to carry by access token
The OpenAPI (Open Application Programming Interface, open application interface) of confession obtains this
Related data of the cloud ability and user that applications client needs on correspondence open platform.
In the prior art, user is before applications client mandate to needing first based on the existing Account Logon of the user platform,
Otherwise platform cannot know which user will be corresponding applications client mandate, and in order to ensure safety, be typically necessary
Applications client provides network view (WebView) or external browser to load the login mandate page that correspondence platform is provided
Face, user carries out login mandate in the login authorization page, so that applications client can not directly contact the account of user, close
The sensitive informations such as code.But such flow experience is very disagreeableness many times:
Firstth, due to needing to load a Web page (webpage) when authorizing, and the loading velocity of Web page is moved depending on user
The network speed of dynamic equipment, under most of 2G environment, the loading velocity of this page is extremely slow, and user needs to wait very long
Time can just see that login authorizes interface;
Secondth, because Web page is to be unified to provide by open platform end, third-party application usually cannot be to the page
Style, layout, content etc. carry out flexibly customizing, and many times, the style of this page can be with applications client itself
Style comes in and goes out very big so that third-party application is difficult to receive, especially in third party's game application;
3rd, applications client can cause Consumer's Experience drastically if being loaded by external browser and logging in mandate page
Decline, if loaded by WebView, third-party application is still that to have method to take the account of user input, password etc. quick
Sense information, its security is not high enough;
4th, one is realized when the applications client user data that the multiple open platforms of needs are provided simultaneously and cloud ability
During item function, the guiding user that must try every possible means carries out login mandate on multiple platforms in turn, will go out mandate is logged in every time
In the case that one logs in mandate interface, what such work basically can not effectively be carried out.Applications client it is required that
In the case that user is interference-free, the smooth licensing issue for completing multiple platforms could so obtain the conversion ratio of maximum.
The content of the invention
In view of this, the embodiment of the present invention provides a kind of platform authorization method, platform service end and applications client and is
System, to improve the mechanism that applications client obtains the mandate of platform service end.
In a first aspect, a kind of platform authorization method at platform service end is the embodiment of the invention provides, including:
Platform service end receives applications client and first is verified and message and obtain the application by what first path sent
The terminal iidentification of terminal where client, the first checking message includes random string;
The platform service end is remembered by the mapping relations between the random string for being received and the terminal iidentification
Record;
The platform service end receives the second checking message that the applications client is sent by the second path, and described the
Two checking message include the random string, and the applications client is carried out by predetermined encryption algorithm to authentication information
The identity ciphering string of generation is encrypted, and authentication information described in registration process is in the corresponding identity in the platform service end
Mark;
Read what is submitted in registration process from database according to the identity for being received in the platform service end
Authentication information, and the identity ciphering string is decrypted by default decipherment algorithm;
If platform service end checking the decryption authentication information for obtaining and the identity read from database are recognized
Card information is consistent, then corresponding terminal iidentification is extracted from the mapping relations for being recorded according to the random string, and
Corresponding user account information is obtained according to the terminal iidentification;
The platform service end authorizes access token according to the user account information and authentication information generation,
It is sent to the applications client.
Second aspect, the embodiment of the present invention additionally provides a kind of platform authorization method of applications client, including:
Applications client sends first and verifies message, the first checking message package by first path to platform service end
Random string is included, so that the platform service end is to the terminal of terminal where the random string and the applications client
Mapping relations between mark are recorded;
Applications client is encrypted generation identity ciphering string to authentication information by predetermined encryption algorithm;
Applications client sends second and verifies message by the second path to the platform service end, and second checking disappears
Breath includes the random string, the identity ciphering string, and authentication information described in registration process is in the platform
The corresponding identity of service end, so that registration process is read in the platform service end according to the identity from database
The authentication information of middle submission, and the identity ciphering string is decrypted by default decipherment algorithm, if the platform
The authentication information that service end checking decryption is obtained is consistent with the authentication information read from database, then according to described
Random string extracts corresponding terminal iidentification from the mapping relations for being recorded, and obtains right according to the terminal iidentification
The user account information answered, and access token is authorized according to the user account information and authentication information generation;
Applications client receives the mandate access token that the platform service end sends.
The third aspect, the embodiment of the present invention additionally provides a kind of platform service end, including:
First checking message reception units, applications client is sent by first path the is received for platform service end
One verifies message and obtains the terminal iidentification of terminal where the applications client, and the first checking message includes random character
String;
Mapping relations recording unit, for the mapping relations between the random string to being received and the terminal iidentification
Recorded;
Second checking message reception units, for receiving the second checking that the applications client is sent by the second path
Message, the second checking message includes the random string, and the applications client is by predetermined encryption algorithm to identity
Authentication information is encrypted the identity ciphering string of generation, and authentication information described in registration process in the platform service
Hold corresponding identity;
Information extraction and decryption unit, for reading registration process from database according to the identity for being received
The authentication information of middle submission, and the identity ciphering string is decrypted by default decipherment algorithm;
Account information acquiring unit, if for verifying the authentication information of decryption acquisition and the reading from database
Authentication information is consistent, then corresponding terminal mark is extracted from the mapping relations for being recorded according to the random string
Know, and corresponding user account information is obtained according to the terminal iidentification;
Granted unit, for authorizing access token according to the user account information and authentication information generation,
It is sent to the applications client.
Fourth aspect, the embodiment of the present invention additionally provides a kind of applications client, including:
First checking message sending unit, message, institute are verified for sending first to platform service end by first path
Stating the first checking message includes random string, so that the platform service end is to the random string and the application client
Mapping relations between the terminal iidentification of terminal where end are recorded;
Ciphering unit, for being encrypted generation identity ciphering string to authentication information by predetermined encryption algorithm;
Second checking message sending unit, disappears for sending the second checking to the platform service end by the second path
Breath, the second checking message includes the random string, the identity ciphering string, and identity is recognized described in registration process
Card information in the corresponding identity in the platform service end, so that the platform service end is according to the identity from data
The authentication information submitted in registration process is read in storehouse, and the identity ciphering string is solved by default decipherment algorithm
It is close, if the platform service end checking decryption authentication information for obtaining and the authentication information read from database
Unanimously, then corresponding terminal iidentification is extracted from the mapping relations for being recorded according to the random string, and according to institute
State terminal iidentification and obtain corresponding user account information, and given birth to according to the user account information and the authentication information
Into mandate access token;
Access token receiving unit is authorized, for receiving the mandate access token that the platform service end sends.
5th side's application surface, the embodiment of the present invention additionally provides a kind of platform authorization method, including:
Applications client sends first and verifies message, the first checking message package by first path to platform service end
Include random string;
Platform service end receives applications client and first is verified and message and obtain the application by what first path sent
The terminal iidentification of terminal where client;
The platform service end is remembered by the mapping relations between the random string for being received and the terminal iidentification
Record;
Applications client is encrypted generation identity ciphering string to authentication information by predetermined encryption algorithm;
Applications client sends second and verifies message by the second path to the platform service end, and second checking disappears
Breath includes the random string, the identity ciphering string, and authentication information described in registration process is in the platform
The corresponding identity of service end;
The platform service end receives the second checking message that the applications client is sent by the second path;
Read what is submitted in registration process from database according to the identity for being received in the platform service end
Authentication information, and the identity ciphering string is decrypted by default decipherment algorithm;
If platform service end checking the decryption authentication information for obtaining and the identity read from database are recognized
Card information is consistent, then corresponding terminal iidentification is extracted from the mapping relations for being recorded according to the random string, and
Corresponding user account information is obtained according to the terminal iidentification;
The platform service end authorizes access token according to the user account information and authentication information generation,
It is sent to the applications client;
Applications client receives the mandate access token that the platform service end sends.
6th aspect, the embodiment of the present invention additionally provides a kind of platform authoring system, including:Any embodiment institute of the present invention
The applications client that the platform service end of offer and any embodiment of the present invention are provided.
The technical scheme that the embodiment of the present invention is proposed is by applications client respectively by two paths to platform service end
Transmission includes that the first of random string verifies message, including the random string, identity ciphering string and identity the
Two checking message, if the authentication information that platform service end checking is obtained according to the identity ciphering string decryption for being received
It is consistent with the authentication information read from database, then corresponding user account letter is obtained according to the random string
Breath, and access token is authorized according to the user account information and authentication information generation, it is sent to the application visitor
Family end, without being logged in by webpage, can cause user to licensing process unaware, and can further improve the safety of mandate
Property.
Brief description of the drawings
Technical scheme in order to illustrate more clearly the embodiments of the present invention, institute in being described to the embodiment of the present invention below
The accompanying drawing for needing to use is briefly described, it should be apparent that, drawings in the following description are only some implementations of the invention
Example, for those of ordinary skill in the art, on the premise of not paying creative work, can also implement according to the present invention
The content and these accompanying drawings of example obtain other accompanying drawings.
Fig. 1 is the flow chart of the platform authorization method at the platform service end described in the embodiment of the present invention one;
Fig. 2 is the flow chart of the platform authorization method of the applications client described in the embodiment of the present invention two;
Fig. 3 is the structured flowchart at the platform service end described in the embodiment of the present invention three;
Fig. 4 is the structured flowchart of the applications client described in the embodiment of the present invention four;
Fig. 5 is that platform service end shows with interacting for applications client in platform authorization method described in the embodiment of the present invention five
It is intended to;
Fig. 6 is the flow chart of the platform authorization method described in the embodiment of the present invention six.
Specific embodiment
For make present invention solves the technical problem that, the technical scheme that uses and the technique effect that reaches it is clearer, below
The technical scheme of the embodiment of the present invention will be described in further detail with reference to accompanying drawing, it is clear that described embodiment is only
It is a part of embodiment of the invention, rather than whole embodiments.Based on the embodiment in the present invention, those skilled in the art exist
The every other embodiment obtained under the premise of creative work is not made, the scope of protection of the invention is belonged to.
Further illustrate technical scheme below in conjunction with the accompanying drawings and by specific embodiment.
Embodiment one
Fig. 1 is the platform authorization method flow chart at the platform service end that the embodiment of the present invention one is provided, and the present embodiment can be fitted
Access token feelings are authorized for needing to be obtained during the OpenAPI of terminal user authorization in applications client request call open platform
Condition, wherein, the applications client can be application software, instant communication client, the Entertainment visitor being installed in terminal
System tool on family end or terminal, i.e. third-party application.The method can be performed by platform service end, and platform service end is
The server of platform service can be provided to third-party application, as shown in figure 1, the platform at the platform service end described in the present embodiment
Authorization method includes:
S101, platform service end receive applications client by first path sends first checking message and acquisition described in
The terminal iidentification of terminal where applications client, the first checking message includes random string.
In order to prevent applications client malice from obtaining the user data of platform side, the first checking sent by first path
The first checking message that message sends preferably by the system interface for calling terminal system to provide to platform service end, for example may be used
Short message interface is called to forward the first checking message by Short Message Service Gateway.
Preferably, the applications client generation random string, and create comprising the random string and purpose
Address is the checking short message at the platform service end.The applications client sends the checking short message to Short Message Service Gateway, indicates
The checking short message is carried out protocol conversion by the Short Message Service Gateway, and message is verified in generation comprising the random string first,
It is sent to the platform service end.Short Message Service Gateway can extract the terminal iidentification of short message sending side from checking short message, carry
It is transmitted in first checking message, then the random string and terminal iidentification are extracted in the platform service end after receiving.
S102, the platform service end are entered to the mapping relations between the random string for being received and the terminal iidentification
Row record.
The terminal iidentification is the identification code for unique distinguishing terminal, as long as platform service end receives applications client and leads to
When crossing the first checking message of first path transmission, can be used for identifying it is which terminal, the terminal iidentification includes
But it is not limited to the device identification of telephone number and terminal.Terminal iidentification is generally used by the user to identify the account of oneself, can be accordingly
Obtain accounts information.
S103, the platform service end receive the second checking message that the applications client is sent by the second path,
The second checking message includes the random string, and the applications client is believed authentication by predetermined encryption algorithm
Breath is encrypted the identity ciphering string of generation, and authentication information described in registration process in platform service end correspondence
Identity.
During applications client or application server are registered on platform service end, platform service end can be each application
Client or application server distribute an identity, for uniquely being marked to each applications client or application server
Know, i.e. identity and corresponding authentication information can correspond to an applications client, it is also possible to correspond to one
All applications clients of class application service.Meanwhile, for the sake of security, in registration process, each applications client or application
Server can also submit authentication information (such as using key) to platform service end, to carry out authentication.In platform clothes
Business end can record in database to the mapping relations between the identity and the authentication information, for closing
Joint investigation is looked for.Each applications client or application server to platform service end when access request is initiated, it is necessary to send identity
It is used to carry out identity difference and authentication with authentication information, for example, authentication information is used as bag name and packet signature.
Further, the second checking message may also include the data access authority that the applications client is expected to obtain
List.
In order to ensure safety, second path can be assisted based on SSL (Secure Sockets Layer, SSL)
View, further, second path can be based on HTTPS (Hyper Text Transfer Protocol over Secure
Socket Layer, Secure Hypertext Transfer Protocol) agreement.For example, the second checking message sent based on second path
May be based on the HTTPS request of HTTPS transmissions.In order to prevent applications client from obtaining platform side using second path malice
User data, applications client needs to make necessary security protection for second path to lift the utilization of other clients
The difficulty and cost in the path, for example, provide socket SOCKET interfaces and replace HTTP (Hypertext Transfer
Protocol, HTTP) interface, corresponding symmetric cryptography or asymmetric encryption are made to the described second checking message,
Increase anti-across station request forgery attack treatment strategy etc..
S104, the platform service end carry during registration process is read from database according to the identity for being received
The authentication information of friendship, and the identity ciphering string is decrypted by default decipherment algorithm.
In mapping relations of the platform service end between identity and the authentication information, according to being received
The identity extract authentication information.
In order to further improve security performance, preferably, this operation can also increase an operation for expired judgement, with true
It is fixed whether expired.Specially:After being decrypted to the identity ciphering string, the platform service end also can determine whether the net that decryption is obtained
Whether difference between network timestamp and present system time stamp within the scope of pre-set threshold value, grasp if meeting by triggering following
Make.Accordingly, the network time stamp for applications client produce identity ciphering string when, using current time stamp as network time
Stamp, is added in identity ciphering string.
If the authentication information that S105, platform service end checking decryption are obtained and the body read from database
Part authentication information is consistent, then corresponding terminal mark is extracted from the mapping relations for being recorded according to the random string
Know, and corresponding user account information is obtained according to the terminal iidentification.
S106, the platform service end authorize and access according to the user account information and authentication information generation
Token, is sent to the applications client.
Generation can be authorized access token to be transmitted by the first path or second path by platform service end
To the applications client, the data sex chromosome mosaicism easy to use due to size of data problem and to receiving, preferably by described
Second path is transmitted.
The mandate access token that the applications client of third-party application gets from platform service end or application service end, i.e.,
Corresponding cloud ability and number of users can be obtained by the OpenAPI interfaces of mandate access token calling platform side offer
According to.
Preferably, this operation may also include:The platform service end decryption obtains the expectation number that applications client is provided
According to list of access rights, given birth to according to the user account information, the authentication information and expected data list of access rights
Into mandate access token.
Further, if obtaining the operation failure of corresponding user account information, basis according to the terminal iidentification
The terminal iidentification registration obtains new user account information.That is, if there is no the account information, can be according to by institute
The terminal iidentification for stating first path acquisition registers a user account automatically.
Further, the platform service end can be also included in the access token is the power that the applications client is opened
The data access authority list that limit information and/or expectation are obtained.It should be noted that the present embodiment is applicable to an application visitor
The mandate access token situation of the family end one or more open platform of acquisition request.
It should be noted that first path described in the present embodiment is two different paths with second path, should
The opportunity for sending checking message by two paths respectively with client can be with identical, it is also possible to successively different, it is only necessary to meet
The step of corresponding terminal iidentification is extracted from the mapping relations for being recorded according to the random string in operation S105
Before, operation S102 has been completed, and the preferably first checking message and the second checking message send simultaneously, or the first checking disappears
Breath first sends than the second checking message.
The technical scheme that the embodiment of the present invention is proposed is by platform service end respectively by two paths from applications client
Transmission includes that the first of random string verifies message, including the random string, identity ciphering string and identity the
Two checking message, if the authentication information that platform service end checking is obtained according to the identity ciphering string decryption for being received
It is consistent with the authentication information read from database, then corresponding user account letter is obtained according to the random string
Breath, and access token is authorized according to the user account information and authentication information generation, it is sent to the application visitor
Family end, can cause user to licensing process unaware, and can further improve the security of mandate.
Embodiment two
Fig. 2 is the platform authorization method flow chart of the applications client that the embodiment of the present invention two is provided, and the present embodiment can be fitted
Access token feelings are authorized for needing to be obtained during the OpenAPI of terminal user authorization in applications client request call open platform
Condition, wherein, the applications client can be application software, instant communication client, the Entertainment visitor being installed in terminal
System tool on family end or terminal, i.e. third-party application.The method can be performed by applications client, as shown in Fig. 2 this
The platform authorization method of the applications client described in embodiment includes:
S201, applications client send first and verify message, first checking by first path to platform service end
Message includes random string
In order to prevent applications client malice from obtaining the user data of platform side, the first checking sent by first path
The first checking message that message sends preferably by the system interface that calling system is provided to platform service end, for example, can pass through
Short Message Service Gateway forwarding the first checking message.
Preferably, the applications client generation random string, and create comprising the random string and purpose
Address is the checking short message at the platform service end.The applications client sends the checking short message to Short Message Service Gateway, indicates
The checking short message is carried out protocol conversion by the Short Message Service Gateway, and message is verified in generation comprising the random string first,
The platform service end is sent to, the random string and terminal iidentification are extracted in the platform service end after receiving.Short message net
The terminal iidentification that short message sending side can be extracted from checking short message is closed, is carried and is transmitted in the first checking message, then institute
State after platform service end receives and extract the random string and terminal iidentification.
S202, applications client are encrypted generation identity ciphering string to authentication information by predetermined encryption algorithm.
S203, applications client send second and verify message, described second by the second path to the platform service end
Checking message includes the random string, the identity ciphering string, and authentication information described in registration process is in institute
State the corresponding identity in platform service end.
Further, the second checking message may also include the data access authority that the applications client is expected to obtain
List, the data area of the access rights of the data of needs application is clearly proposed for applications client to platform service end.
In order to ensure safety, second path can be based on ssl protocol, and further, second path can be based on
HTTPS agreements.For example, second path may be based on the HTTPS request of HTTPS agreements transmission.In order to prevent application client
The user data that platform side is obtained using second path malice is held, applications client needs must for second path work
The security protection wanted for example provides SOCKET interfaces and replaces HTTP to lift difficulty and cost of other clients using the path
Interface, corresponding symmetric cryptography or asymmetric encryption are made to the described second checking message, increase anti-at station request forgery attack
Reason strategy etc..
S204, applications client receive the mandate access token that the platform service end sends.
It should be noted that first path described in the present embodiment is two different paths with second path, should
The opportunity for sending checking message by two paths respectively with client can be with identical, it is also possible to successively different, it is only necessary to meet
The operation of corresponding terminal iidentification is extracted from the mapping relations for being recorded according to the random string in platform service end
Before, send first to platform service end by first path and verify message success, preferably first verifies message and the
Two checking message send simultaneously, or the first checking message first sends than the second checking message.
The technical scheme that the embodiment of the present invention is proposed is by applications client respectively by two paths to platform service end
Transmission includes the first checking message of random string, and including the random string, identity ciphering string and identity
Second checking message, access token is authorized so that the platform service end returns, and can further improve the security of mandate, and make
User is obtained to licensing process unaware.
Embodiment three
Fig. 3 is the structured flowchart at the platform service end described in the embodiment of the present invention three, as shown in figure 3, described in the present embodiment
Platform service end include:
First checking message reception units 301, for receiving the first checking that applications client is sent by first path
Message simultaneously obtains the terminal iidentification of terminal where the applications client, and the first checking message includes random string;
Mapping relations recording unit 302, for the mapping between the random string to being received and the terminal iidentification
Relation is recorded;
Second checking message reception units 303, for receiving the applications client is sent by the second path second
Checking message, the second checking message includes the random string, and the applications client passes through predetermined encryption algorithm pair
Authentication information is encrypted the identity ciphering string of generation, and authentication information described in registration process in the platform
The corresponding identity of service end;
Information extraction and decryption unit 304, for reading registration from database according to the identity for being received
During the authentication information submitted to, and the identity ciphering string is decrypted by default decipherment algorithm;
Account information acquiring unit 305, if for verifying that the authentication information that decryption is obtained is read with from database
The authentication information for taking is consistent, then corresponding end is extracted from the mapping relations for being recorded according to the random string
End mark, and corresponding user account information is obtained according to the terminal iidentification;
Granted unit 306, for authorizing and accessing order according to the user account information and authentication information generation
Board, is sent to the applications client.
Further, it is described first checking message reception units 301 specifically for:The applications client is received by short
First checking message of letter gateway forwards, wherein, the first checking message is the Short Message Service Gateway according to the application client
Holding the checking short message for sending carries out the message after protocol format conversion, and the random string is carried in the checking short message;
The terminal iidentification of terminal where the applications client, the terminal iidentification are obtained from the described first checking message
For short message initiator's terminal iidentification that the Short Message Service Gateway is extracted from the checking short message.
Further, second path can be based on ssl protocol, and further, second path can be assisted based on HTTPS
View.
Further, the account information acquiring unit 305 also includes that timestamp judges subelement, and the timestamp judges
Subelement is used for after being decrypted to the identity ciphering string by default decipherment algorithm, if it is determined that the net that decryption is obtained
In predetermined threshold value, then triggering following is operated difference between network timestamp and present system time stamp.Accordingly, during the network
Between stamp for applications client produce identity ciphering string when, using current time stamp as network time stab, be added to identity ciphering
In string.
Further, the account information acquiring unit 305 also includes that new account registers subelement, the new account registration
After subelement is used for according to the corresponding user account information of terminal iidentification acquisition, if obtained according to the terminal iidentification
The operation failure of corresponding user account information, then obtain new user account information according to terminal iidentification registration.
Further, the granted unit 306 is additionally operable to, and decryption obtains the expected data access right that applications client is provided
Limit list, authorizes according to the generation of the user account information, the authentication information and expected data list of access rights and visits
Ask token.
Further, the authentication information includes bag name and packet signature.
Further, the terminal is designated cell-phone number.
The platform of the applications client that the executable embodiment of the present invention one of applications client that the present embodiment is provided is provided
Authorization method, possesses the corresponding functional module of execution method and beneficial effect.
Example IV
Fig. 4 is the structured flowchart of the applications client described in the embodiment of the present invention four, as shown in figure 4, described in the present embodiment
Applications client include:
First checking message sending unit 401, message is verified for sending first to platform service end by first path,
The first checking message includes random string, so that the platform service end is to the random string and the application visitor
Mapping relations between the terminal iidentification of terminal where the end of family are recorded;
Ciphering unit 402, for being encrypted generation identity ciphering string to authentication information by predetermined encryption algorithm;
Second checking message sending unit 403, verifies for sending second to the platform service end by the second path
Message, the second checking message includes the random string, the identity ciphering string, and identity described in registration process
Authentication information in the corresponding identity in the platform service end, so that the platform service end is according to the identity from number
According to the authentication information that submission in registration process is read in storehouse, and the identity ciphering string is carried out by default decipherment algorithm
Decryption, if the platform service end checking decryption authentication information for obtaining and the authentication letter read from database
Breath is consistent, then extract corresponding terminal iidentification from the mapping relations for being recorded according to the random string, and according to
The terminal iidentification obtains corresponding user account information, and according to the user account information and the authentication information
Generation authorizes access token;
Access token receiving unit 404 is authorized, for receiving the mandate access token that the platform service end sends.
Further, it is described first checking message sending unit 401 specifically for:Generation random string, and create bag
Containing the checking short message that the random string and destination address are the platform service end;And,
The checking short message to Short Message Service Gateway is sent, is turned with indicating the Short Message Service Gateway that the checking short message is carried out into agreement
Short message initiator's terminal iidentification of the checking short message is changed and extracts, first checking of the generation comprising the random string disappears
Breath, sends to the platform service end.
It is described second checking message sending unit 403 specifically for:Based on Secure Hypertext Transfer Protocol HTTPS to described
Platform service end sends the HTTPS request comprising the second checking message.
The platform of the applications client that the executable embodiment of the present invention two of applications client that the present embodiment is provided is provided
Authorization method, possesses the corresponding functional module of execution method and beneficial effect.
Further, the authentication information includes bag name and packet signature.
Further, the terminal is designated cell-phone number.
The platform of the applications client that the executable embodiment of the present invention two of applications client that the present embodiment is provided is provided
Authorization method, possesses the corresponding functional module of execution method and beneficial effect.
Embodiment five
During Fig. 5 is the platform authorization method at the platform service end described in the embodiment of the present invention five, the platform of applications client
The schematic diagram that interacts of platform service end and applications client in authorization method, the present embodiment is mainly used in the mobile phone of Android system
In application program (calling applications client in the following text), based on the system being made up of platform service end, applications client and Short Message Service Gateway.Such as
Shown in Fig. 5, the method described in the present embodiment includes:
501st, applications client sends the first checking message for including random string to platform service end.
I.e. applications client sends short message, the form generation one that applications client is required according to platform side to platform service end
Individual random short message content string, and the interface for directly transmitting short message provided by calling system is provided, by the short message
Hold the Short Message Service Gateway that string is sent to the offer of platform side, to indicate the interface that the checking short message is carried out protocol conversion and extracted
Short message initiator's terminal iidentification of the checking short message, first checking message of the generation comprising the random string, to described
Platform service end sends.
502nd, Short Message Service Gateway sends terminal iidentification where client and the first checking message to platform service end.
The cell-phone number of short message content string and transmission short message is based on HTTP HTTP by sending by Short Message Service Gateway
HTTP request is transmitted to the platform service end of platform side;
After platform service termination receives short message content string and cell-phone number, a short message content string is stored toward caching system
To the mapping relations data of cell-phone number, and certain expired time (typical time is shorter, such as 1 minute) is set.
503rd, applications client sends second and verifies message to platform service end, includes random string, identity ciphering string,
And identity.
Checking information is sent by internet.Applications client short message sending success after, calling platform side provide
The interface that SDK SDK (Software Development Kit, SDK) bag is provided is obtained
The authentication information of current application client, the authentication information be according to the bag name of applications client, packet signature, when
The information such as preceding network time stamp, default fixed key carry out the encryption string of symmetric cryptography generation, in order to prevent specific encryption from calculating
Method is obtained by third party, so as to influence the security of the technical program, whole signature algorithm (including applications client bag name, bag
The acquisition of the data such as signature, default key) all by JNI (Java Native Interface, JAVA locally call) technology
Realized by C/C++ code layers;
Applications client is by the short message content string, applications client authentication information and expects that the data for obtaining are visited
Ask application ID that permissions list, applications client distribute when platform side registers (authentication information i.e. described in registration process
In the corresponding identity in the platform service end) authorization server of platform side is sent to obtain access token, in order to protect
Card security, this network request is generally required based on SSL (Secure Sockets Layer SSLs), is such as based on
HTTPS agreements send the HTTPS request comprising the second checking message to the platform service end.;
Hereafter, after platform service termination receives request, application client identity checking information is decrypted, obtains described
The information such as network time stamp, applications client bag name and packet signature, then judge present system time stamp and the network time
The difference of stamp whether in pre-set threshold value, if otherwise not interior, then it is assumed that be the request of Replay Attack, directly return to corresponding mistake
False information, otherwise continues next step.
Read from database when the applications client is registered on platform according to the application ID and carried in platform service end
The authority information that applications client bag name and packet signature, platform side open to the applications client intervention is handed over, and judges to read
To applications client bag name, packet signature with the applications client bag that obtains is decrypted from applications client authentication information
Whether name, the value of packet signature are consistent, if inconsistent, then it is assumed that be a forgery attack request, directly return to corresponding error message
, otherwise continue next step;
Corresponding cell-phone number is read out in platform service end according to the short message content string from the caching system, and according to
The cell-phone number obtains corresponding user account information and (if there is no the account information, is then registered automatically according to cell-phone number
One user account), it is then open-minded to the applications client according to the user account information, the application ID, platform side
One mandate access token of authority information and the data genaration such as the data access authority list.
504th, platform service end returns to generated mandate access token to applications client.
OpenAPI is a kind of common application in service type website, and be packaged into for the website service of oneself by the service provider of website
A series of API (Application Programming Interface, API) open away, are opened for third party
Originator is used, and the API for being opened just is referred to as OpenAPI.After applications client gets mandate access token, you can by visiting
The OpenAPI interfaces of token calling platform side offer are asked to obtain corresponding cloud ability and user data.
Because after user's triggering key authorization requests of cell-phone number one, whole process is all without any other user circle of appearance
Face, therefore, if multiple platforms all support the technology, then applications client just can by way of multiple interface interchange come
The acquisition of the mandate access token of each platform is completed, so as to solve the problems, such as above-mentioned fourth aspect.
Embodiment six
Fig. 6 is the platform authorization method flow chart that the embodiment of the present invention six is provided, and the present embodiment is applicable to application client
Need to be obtained during the OpenAPI of terminal user authorization in the request call open platform of end and authorize access token situation, wherein, it is described
Applications client can be in application software, instant communication client, Entertainment client or the terminal being installed in terminal
System tool, i.e. third-party application.The method is performed by platform service end and applications client, as shown in fig. 6, this implementation
Platform authorization method described in example includes:
S601, applications client send first and verify message, first checking by first path to platform service end
Message includes random string.
S602, platform service end receive applications client by first path sends first checking message and acquisition described in
The terminal iidentification of terminal where applications client.
S603, the platform service end are entered to the mapping relations between the random string for being received and the terminal iidentification
Row record.
S604, applications client are encrypted generation identity ciphering string to authentication information by predetermined encryption algorithm.
S605, applications client send second and verify message, described second by the second path to the platform service end
Checking message includes the random string, the identity ciphering string, and authentication information described in registration process is in institute
State the corresponding identity in platform service end.
S606, the platform service end receive the second checking message that the applications client is sent by the second path.
S607, the platform service end carry during registration process is read from database according to the identity for being received
The authentication information of friendship, and the identity ciphering string is decrypted by default decipherment algorithm.
If the authentication information that S608, platform service end checking decryption are obtained and the body read from database
Part authentication information is consistent, then corresponding terminal mark is extracted from the mapping relations for being recorded according to the random string
Know, and corresponding user account information is obtained according to the terminal iidentification.
S609, the platform service end authorize and access according to the user account information and authentication information generation
Token, is sent to the applications client.
S610, applications client receive the mandate access token that the platform service end sends.
The respective operations of the explanation detailed in Example one of each operation and embodiment two in the technical scheme that the present embodiment is proposed,
Beneficial effect with embodiment one and embodiment two.
The embodiment of the present invention additionally provides a kind of platform authoring system, including:It is flat that any embodiment of the present invention is provided
The applications client that platform service end and any embodiment of the present invention are provided.
Above example provide technical scheme in all or part of content can be realized by software programming, its software
In the storage medium that can read, storage medium is for example for program storage:Hard disk, CD or floppy disk in computer.
Note, above are only presently preferred embodiments of the present invention and institute's application technology principle.It will be appreciated by those skilled in the art that
The invention is not restricted to specific embodiment described here, can carry out for a person skilled in the art various obvious changes,
Readjust and substitute without departing from protection scope of the present invention.Therefore, although the present invention is carried out by above example
It is described in further detail, but the present invention is not limited only to above example, without departing from the inventive concept, also
More other Equivalent embodiments can be included, and the scope of the present invention is determined by scope of the appended claims.
Claims (18)
1. a kind of platform authorization method at platform service end, it is characterised in that including:
Platform service end receives applications client and first is verified and message and obtain the application client by what first path sent
The terminal iidentification of terminal where end, the first checking message includes random string;
The platform service end records to the mapping relations between the random string for being received and the terminal iidentification;
The platform service end receives the second checking message that the applications client is sent by the second path, and described second tests
Card message includes the random string, and the applications client is encrypted by predetermined encryption algorithm to authentication information
The identity ciphering string of generation, and authentication information described in registration process is in the corresponding identity mark in the platform service end
Know;
The identity submitted in registration process is read from database according to the identity for being received in the platform service end
Authentication information, and the identity ciphering string is decrypted by default decipherment algorithm;
If the authentication information that the platform service end checking decryption is obtained and the authentication letter read from database
Breath is consistent, then extract corresponding terminal iidentification from the mapping relations for being recorded according to the random string, and according to
The terminal iidentification obtains corresponding user account information;
The platform service end authorizes access token according to the user account information and authentication information generation, sends
To the applications client.
2. method according to claim 1, it is characterised in that platform service end receives applications client and passes through first path
The the first checking message for the sending and terminal iidentification for obtaining terminal where the applications client includes:
The platform service end receives the first checking message that the applications client is forwarded by Short Message Service Gateway, wherein, it is described
First checking message is after the checking short message that the Short Message Service Gateway sends according to the applications client carries out protocol format conversion
Message, carry the random string in the checking short message;
The platform service end obtains the terminal iidentification of terminal where the applications client, institute from the described first checking message
It is short message initiator's terminal iidentification that the Short Message Service Gateway is extracted from the checking short message to state terminal iidentification.
3. method according to claim 1, it is characterised in that:Second path is based on Secure Hypertext Transfer Protocol
The HTTPS request that HTTPS sends.
4. method according to claim 1, it is characterised in that the platform service end is by default decipherment algorithm to described
After identity ciphering string is decrypted, also include:
If the platform service end judges that the network time that decryption is obtained stabs and the difference between present system time stamp is pre-
If in threshold value, then triggering following operation.
5. according to any described methods of claim 1-4, it is characterised in that the platform service end is according to the user account
Information and authentication information generation mandate access token include:
The platform service end decryption obtains the expected data list of access rights that applications client is provided, according to user's account
The generation of number information, the authentication information and expected data list of access rights authorizes access token.
6. according to any described methods of claim 1-4, it is characterised in that the authentication information includes that bag name and bag are signed
Name.
7. the platform authorization method of a kind of applications client, it is characterised in that including:
Applications client by first path to platform service end send first verify message, it is described first checking message include with
Machine character string, so that the platform service end is to the terminal iidentification of terminal where the random string and the applications client
Between mapping relations recorded;
Applications client is encrypted generation identity ciphering string to authentication information by predetermined encryption algorithm;
Applications client sends second and verifies message, the second checking message package by the second path to the platform service end
The random string, the identity ciphering string are included, and authentication information described in registration process is in the platform service
Corresponding identity is held, is read from database according to the identity for the platform service end and carry in registration process
The authentication information of friendship, and the identity ciphering string is decrypted by default decipherment algorithm, if the platform service
The authentication information that end checking decryption is obtained is consistent with the authentication information read from database, then according to described random
Character string extracts corresponding terminal iidentification from the mapping relations for being recorded, and obtains corresponding according to the terminal iidentification
User account information, and access token is authorized according to the user account information and authentication information generation;
Applications client receives the mandate access token that the platform service end sends.
8. method according to claim 7, it is characterised in that applications client is sent out by first path to platform service end
Sending the first checking message includes:
The applications client generates random string, and establishment is comprising the random string and destination address is the platform
The checking short message of service end;
The applications client sends the checking short message to Short Message Service Gateway, to indicate the Short Message Service Gateway by the checking short message
Carry out protocol conversion and extract short message initiator's terminal iidentification of the checking short message, generation comprising the random string the
One checking message, sends to the platform service end.
9. the method according to claim 7 or 8, it is characterised in that applications client is by the second path to the platform
Service end sends second and verifies that message is specifically included:
The applications client is based on Secure Hypertext Transfer Protocol HTTPS and is sent comprising the second checking to the platform service end
The HTTPS request of message.
10. method according to claim 7, it is characterised in that applications client is taken by the second path to the platform
Business end sends second and verifies that the operation of message is specifically included:Applications client send it is described first checking message while or hair
Send after the first checking message success, send second to the platform service end by the second path and verify message.
A kind of 11. platform authorization methods, it is characterised in that including:
Applications client by first path to platform service end send first verify message, it is described first checking message include with
Machine character string;
Platform service end receives applications client and first is verified and message and obtain the application client by what first path sent
The terminal iidentification of terminal where end;
The platform service end records to the mapping relations between the random string for being received and the terminal iidentification;
Applications client is encrypted generation identity ciphering string to authentication information by predetermined encryption algorithm;
Applications client sends second and verifies message, the second checking message package by the second path to the platform service end
The random string, the identity ciphering string are included, and authentication information described in registration process is in the platform service
Hold corresponding identity;
The platform service end receives the second checking message that the applications client is sent by the second path;
The identity submitted in registration process is read from database according to the identity for being received in the platform service end
Authentication information, and the identity ciphering string is decrypted by default decipherment algorithm;
If the authentication information that the platform service end checking decryption is obtained and the authentication letter read from database
Breath is consistent, then extract corresponding terminal iidentification from the mapping relations for being recorded according to the random string, and according to
The terminal iidentification obtains corresponding user account information;
The platform service end authorizes access token according to the user account information and authentication information generation, sends
To the applications client;
Applications client receives the mandate access token that the platform service end sends.
A kind of 12. platform service ends, it is characterised in that including:
First checking message reception units, first are verified and message and obtained for receiving applications client by what first path sent
The terminal iidentification of terminal where the applications client is taken, the first checking message includes random string;
Mapping relations recording unit, is carried out for the mapping relations between the random string to being received and the terminal iidentification
Record;
Second checking message reception units, are disappeared for receiving the applications client by the second checking that the second path sends
Breath, the second checking message includes the random string, and the applications client is recognized identity by predetermined encryption algorithm
Card information is encrypted the identity ciphering string of generation, and authentication information described in registration process at the platform service end
Corresponding identity;
Information extraction and decryption unit, for reading registration process from database according to the identity for being received in carry
The authentication information of friendship, and the identity ciphering string is decrypted by default decipherment algorithm;
Account information acquiring unit, if for verifying the decryption authentication information for obtaining and the identity read from database
Authentication information is consistent, then corresponding terminal iidentification is extracted from the mapping relations for being recorded according to the random string,
And corresponding user account information is obtained according to the terminal iidentification;
Granted unit, for authorizing access token according to the user account information and authentication information generation, sends
To the applications client.
13. platform service ends according to claim 12, it is characterised in that the first checking message reception units are specific
For:
The first checking message that the applications client is forwarded by Short Message Service Gateway is received, wherein, the first checking message is
The checking short message that the Short Message Service Gateway sends according to the applications client carries out the message after protocol format conversion, the checking
The random string is carried in short message;
The terminal iidentification of terminal where the applications client is obtained from the described first checking message, the terminal iidentification is institute
State short message initiator's terminal iidentification that Short Message Service Gateway is extracted from the checking short message.
14. platform service ends according to claim 12, it is characterised in that:
The account information acquiring unit also includes that timestamp judges subelement, for being solved by default at the platform service end
After close algorithm is decrypted to the identity ciphering string, if the platform service end judges the network time stamp that decryption is obtained
With the difference between present system time stamp in predetermined threshold value, then triggering following operation;And/or
The granted unit is additionally operable to, and the platform service end decryption obtains the expected data access rights that applications client is provided
List, authorizes according to the generation of the user account information, the authentication information and expected data list of access rights and accesses
Token.
15. according to any described platform service ends of claim 12-14, it is characterised in that second path is based on peace
The HTTPS request that full HTTP HTTPS sends;And/or
The authentication information includes bag name and packet signature;And/or
The terminal is designated cell-phone number.
A kind of 16. applications clients, it is characterised in that including:
First checking message sending unit, message, described the are verified for sending first to platform service end by first path
One checking message includes random string, so that the platform service end is to the random string and the applications client institute
Mapping relations between the terminal iidentification of terminal are recorded;
Ciphering unit, for being encrypted generation identity ciphering string to authentication information by predetermined encryption algorithm;
Second checking message sending unit, message, institute are verified for sending second to the platform service end by the second path
Stating the second checking message includes the random string, the identity ciphering string, and the letter of authentication described in registration process
Breath in the corresponding identity in the platform service end, for the platform service end according to the identity from database
The authentication information submitted in registration process is read, and the identity ciphering string is decrypted by default decipherment algorithm,
If the authentication information that the platform service end checking decryption is obtained and the authentication information one read from database
Cause, then corresponding terminal iidentification is extracted from the mapping relations for being recorded according to the random string, and according to described
Terminal iidentification obtains corresponding user account information, and is generated according to the user account information and the authentication information
Authorize access token;
Access token receiving unit is authorized, for receiving the mandate access token that the platform service end sends.
17. applications clients according to claim 16, it is characterised in that the first checking message sending unit is specific
For:Generation random string, and establishment includes the checking that the random string and destination address are the platform service end
Short message;And,
The checking short message to Short Message Service Gateway is sent, to indicate the Short Message Service Gateway that the checking short message is carried out into protocol conversion simultaneously
Short message initiator's terminal iidentification of the checking short message is extracted, message is verified in generation comprising the random string first, to
The platform service end sends;
It is described second checking message sending unit specifically for:Taken to the platform based on Secure Hypertext Transfer Protocol HTTPS
Business end sends the HTTPS request comprising the second checking message.
A kind of 18. platform authoring systems, it is characterised in that including:
Any described platform service ends of claim 12-15 and any described applications clients of claim 16-17.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410364874.5A CN104113552B (en) | 2014-07-28 | 2014-07-28 | A kind of platform authorization method, platform service end and applications client and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410364874.5A CN104113552B (en) | 2014-07-28 | 2014-07-28 | A kind of platform authorization method, platform service end and applications client and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104113552A CN104113552A (en) | 2014-10-22 |
| CN104113552B true CN104113552B (en) | 2017-06-16 |
Family
ID=51710185
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410364874.5A Active CN104113552B (en) | 2014-07-28 | 2014-07-28 | A kind of platform authorization method, platform service end and applications client and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104113552B (en) |
Families Citing this family (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104980920B (en) * | 2015-05-20 | 2018-10-02 | 小米科技有限责任公司 | Intelligent terminal establishes the method and device of communication connection |
| CN105262717A (en) * | 2015-08-31 | 2016-01-20 | 福建天晴数码有限公司 | Network service security management method and device |
| CN105491058B (en) * | 2015-12-29 | 2020-01-14 | Tcl集团股份有限公司 | API access distributed authorization method and system |
| CN105827395A (en) * | 2016-04-29 | 2016-08-03 | 上海斐讯数据通信技术有限公司 | Network user authentication method |
| CN106161470B (en) * | 2016-08-31 | 2019-02-26 | 北京深思数盾科技股份有限公司 | A kind of authorization method, client, server and system |
| US10063533B2 (en) | 2016-11-28 | 2018-08-28 | International Business Machines Corporation | Protecting a web server against an unauthorized client application |
| CN108287849A (en) * | 2017-01-10 | 2018-07-17 | 北京奇虎科技有限公司 | The cross-platform page jump control method in operation side and its corresponding device |
| CN107147656B (en) * | 2017-05-26 | 2021-08-03 | 努比亚技术有限公司 | Method and system for establishing remote control and readable storage medium |
| CN107634832B (en) * | 2017-09-12 | 2018-11-09 | 云南撇捺势信息技术有限公司 | Character string encryption, verification method, device, computer readable storage medium |
| CN107896227A (en) * | 2017-12-14 | 2018-04-10 | 珠海格力电器股份有限公司 | A kind of data calling method, device and device data cloud platform |
| CN108989291B (en) * | 2018-06-25 | 2021-02-05 | 创新先进技术有限公司 | Login verification method, automatic login verification method, server side and client side |
| CN109033808B (en) * | 2018-07-03 | 2020-08-18 | 福建天晴数码有限公司 | Game experience method and account server |
| US10967880B2 (en) | 2018-07-23 | 2021-04-06 | International Business Machines Corporation | Remotely controlling use of features based on automatic validation requests |
| CN112823503B (en) * | 2018-11-20 | 2022-08-16 | 深圳市欢太科技有限公司 | Data access method, data access device and mobile terminal |
| CN110012463A (en) * | 2019-04-02 | 2019-07-12 | 河南管软信息技术有限公司 | Data security methods and system applied to mobile client |
| CN112087411B (en) * | 2019-06-12 | 2022-11-29 | 阿里巴巴集团控股有限公司 | System, method and device for authorization processing and electronic equipment |
| CN110545272B (en) * | 2019-08-29 | 2020-11-03 | 珠海格力电器股份有限公司 | Identity authentication method, authority authentication method, device, user management system and storage medium |
| CN110661817B (en) * | 2019-10-25 | 2022-08-26 | 新华三大数据技术有限公司 | Resource access method and device and service gateway |
| CN110942556A (en) * | 2019-12-27 | 2020-03-31 | 合肥美的智能科技有限公司 | Authentication method of unmanned retail terminal, server and client |
| CN112434315B (en) * | 2020-11-20 | 2022-09-20 | 湖南快乐阳光互动娱乐传媒有限公司 | Attachment access method, server and access terminal |
| CN112689285B (en) * | 2020-12-10 | 2023-08-15 | 航天信息股份有限公司 | Authorization authentication method and system for mobile terminal SDK |
| CN112631735A (en) * | 2020-12-30 | 2021-04-09 | 北京天融信网络安全技术有限公司 | Virtual machine authorization management method and device, electronic equipment and storage medium |
| CN113489714B (en) * | 2021-07-02 | 2023-01-06 | 上海瀚之友信息技术服务有限公司 | Multi-module-based intelligent message cross processing method and system |
| CN113672898B (en) * | 2021-08-20 | 2023-12-22 | 济南浪潮数据技术有限公司 | Service authorization method, authorization device, system, electronic device and storage medium |
| CN114125827B (en) * | 2021-11-24 | 2023-11-10 | 北京天融信网络安全技术有限公司 | Terminal management method, device and centralized management system |
| CN114937330A (en) * | 2022-01-25 | 2022-08-23 | 浙江浩瀚能源科技有限公司 | Touch-and-charge charging control system based on NFC function of mobile phone terminal |
| CN116611093B (en) * | 2023-06-13 | 2024-03-08 | 瀚高基础软件(济南)有限公司 | Method and equipment for authorizing use of database resources |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101562621A (en) * | 2009-05-25 | 2009-10-21 | 阿里巴巴集团控股有限公司 | User authorization method and system and device thereof |
| WO2009139673A1 (en) * | 2008-05-13 | 2009-11-19 | Telefonaktiebolaget Lm Ericsson (Publ) | Verifying a message in a communication network |
| CN103001936A (en) * | 2011-09-16 | 2013-03-27 | 北京新媒传信科技有限公司 | Method and system for third party application interface authorization |
| CN103051630A (en) * | 2012-12-21 | 2013-04-17 | 微梦创科网络科技(中国)有限公司 | Method, device and system for implementing authorization of third-party application based on open platform |
| CN103888451A (en) * | 2014-03-10 | 2014-06-25 | 百度在线网络技术(北京)有限公司 | Method, device and system for certification authorization |
| CN103905457A (en) * | 2014-04-10 | 2014-07-02 | 北京数码视讯科技股份有限公司 | Server, client terminal, authentication system, user authentication method and data access method |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040059686A1 (en) * | 2002-09-19 | 2004-03-25 | Levesque Daniel Robert | On-line cryptographically based payment authorization method and apparatus |
| US8201226B2 (en) * | 2007-09-19 | 2012-06-12 | Cisco Technology, Inc. | Authorizing network access based on completed educational task |
-
2014
- 2014-07-28 CN CN201410364874.5A patent/CN104113552B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009139673A1 (en) * | 2008-05-13 | 2009-11-19 | Telefonaktiebolaget Lm Ericsson (Publ) | Verifying a message in a communication network |
| CN101562621A (en) * | 2009-05-25 | 2009-10-21 | 阿里巴巴集团控股有限公司 | User authorization method and system and device thereof |
| CN103001936A (en) * | 2011-09-16 | 2013-03-27 | 北京新媒传信科技有限公司 | Method and system for third party application interface authorization |
| CN103051630A (en) * | 2012-12-21 | 2013-04-17 | 微梦创科网络科技(中国)有限公司 | Method, device and system for implementing authorization of third-party application based on open platform |
| CN103888451A (en) * | 2014-03-10 | 2014-06-25 | 百度在线网络技术(北京)有限公司 | Method, device and system for certification authorization |
| CN103905457A (en) * | 2014-04-10 | 2014-07-02 | 北京数码视讯科技股份有限公司 | Server, client terminal, authentication system, user authentication method and data access method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104113552A (en) | 2014-10-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104113552B (en) | A kind of platform authorization method, platform service end and applications client and system | |
| CN104158802B (en) | A kind of platform authorization method, platform service end and applications client and system | |
| CN104113551B (en) | A kind of platform authorization method, platform service end and applications client and system | |
| CN104113549B (en) | A kind of platform authorization method, platform service end and applications client and system | |
| CN105007280B (en) | A kind of application login method and device | |
| ES2564128T3 (en) | A computer-implemented system to provide users with secure access to application servers | |
| CN105592065B (en) | A kind of Website logging method and its login system based on SMS | |
| CN103220303B (en) | The login method of server and server, authenticating device | |
| CN108322461A (en) | Method, system, device, equipment and the medium of application program automated log on | |
| CN106789834B (en) | The method of user identity, gateway, PCRF network element and system for identification | |
| CN105917630A (en) | Redirect to inspection proxy using single-sign-on bootstrapping | |
| CN105378744A (en) | User and device authentication in enterprise systems | |
| CN103384198B (en) | A kind of authenticating user identification method of servicing based on mailbox and system | |
| CN106304074A (en) | Auth method and system towards mobile subscriber | |
| CN106921636A (en) | Identity identifying method and device | |
| CN104253812A (en) | Delegating authentication for a web service | |
| KR20130109322A (en) | Apparatus and method to enable a user authentication in a communication system | |
| CN106953831A (en) | A kind of authorization method of user resources, apparatus and system | |
| CN108737080A (en) | Storage method, device, system and the equipment of password | |
| JP4897503B2 (en) | Account linking system, account linking method, linkage server device | |
| KR20170011469A (en) | Method for Providing On-Line Integrated Login Service with security key | |
| CN104463584B (en) | The method for realizing mobile terminal App secure payments | |
| JP2017097542A (en) | Authentication control program, authentication control device, and authentication control method | |
| Bursztein et al. | Sessionjuggler: secure web login from an untrusted terminal using session hijacking | |
| CN108259457A (en) | A kind of WEB authentication methods and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |