CN104486318A - Identity authentication method for single sign-on in Android operating system - Google Patents
Identity authentication method for single sign-on in Android operating system Download PDFInfo
- Publication number
- CN104486318A CN104486318A CN201410748385.XA CN201410748385A CN104486318A CN 104486318 A CN104486318 A CN 104486318A CN 201410748385 A CN201410748385 A CN 201410748385A CN 104486318 A CN104486318 A CN 104486318A
- Authority
- CN
- China
- Prior art keywords
- party
- operation system
- authentication
- android operation
- bag name
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses an identity authentication method for single sign-on in an Android operating system, and aims to mainly solve the problem of insufficient identity authentication capacity of the single sign-on in the existing Android operating system. The method comprises the following implementation steps: (1) acquiring identity information transmitted from a third party application program; (2) acquiring package name information and signature information of the application program through the Android operating system; (3) comparing the identity information transmitted from the third party with real identity information acquired through the Android to authenticate the identity. The identity authentication reliability and the identity authentication capacity for the single sign-on in the Android operating system are improved, the application range is wide, and the method is easy to operate and can be used for eliminating the potential safety hazard existing in a single sign-on system.
Description
Technical field
The invention belongs to computer realm, further relate to the single-sign-on function identifications authentication method in a kind of Android operation system, can be used for the enhancing to third-party authentication ability.
Background technology
Single-sign-on is in multiple application system, and user only needs to log in the function once just can accessing all believable third-party application, it be a kind of login main specifically can be mapped to other application in be used for same user log in mechanism.Single sign on mechanism has following characteristics:
1. improve application ease for use.Single sign on mechanism is very easy to use for user, and user only need remember a username and password, and only need input once, just can log in other all trusted application.
2. improve application and development efficiency.For developer, by using single-node login system, third-party application developer can be absorbed in service logic, need not oneself bamboo product authentication program.
3. strengthen data sharing between application.Because user authentication center provides single-sign-on function, and provide numerous interface for third-party application, therefore third-party application can get the related data that user is stored in user authentication center when subscriber authorisation, enhances data sharing abilities between application.
At present, the user authentication center that single sign-on certification is provided of some reality is had in Android operation system.Such as Tengxun provides single sign-on function by QQ interconnection platform.QQ interconnection platform is Tengxun is the open platform that the products such as third party website, media, terminal provide in Android operation system, mainly comprises QQ and logs in, social assembly and the opening API etc. such as to share; On the one hand for Internet user provides the account number system of social interaction server and safety easily, on the other hand for third party makes brand-new socialization marketing tool and search system, with China Internet industry shared in common and that build opening, personalized social networks.
When third-party application uses single-sign-on, third-party application needs the bag name information and the signing messages that import application to user authentication center into.But the bag name of application program and signing messages are easily forged in Android system, and user authentication center is not verified the validity of application identity, thus there is the situation of malicious application user cheating authentication center.
Summary of the invention
The object of the invention is to the deficiency overcoming above-mentioned prior art, single-sign-on function identifications authentication method in a kind of Android operation system is proposed, pass through to prevent malicious application to forge bag name means user cheating authentication center, enhance the authentication ability of user authentication center to third-party application.
The technical scheme realizing the object of the invention is: by modifying to user authentication center, when user authentication receive centre is to third-party application request, user authentication center is by the information such as signature, bag name of Android operation system active obtaining third-party application, and check with the parameter that third-party application imports into, judge that whether parameter that third-party application provides is true, thus the safety issue that solution third-party application is filed a request to user authentication center by the name that forges a signature, wraps, strengthen the authentication ability of single-sign-on in Android operation system.Concrete steps comprise as follows:
(1) in android system, authentication information is transmitted by third direction user authentication center:
1a) third party creates ID authentication request object Request, and inserts in Request object using signature PkgSig, bag name PkgName as parameter;
1b) the request object Request being filled with parameter is passed to user authentication center by third party;
(2) the request object Request of user authentication receive centre third party transfer, and the signature PkgSig and the bag name PkgName that therefrom read third party's transmission;
(3) user authentication center inquiry identity information, namely obtains third-party true bag name RealPkgName and actual signature RealPkgSig by Android operation system function;
(4) user authentication central authentication identity information:
4a) the signature PkgSig read and actual signature RealPkgSig contrasts by user authentication center, if both are consistent, continues step 4b), otherwise, authentication failure;
4b) the bag name PkgName read and true bag name RealPkgName contrasts by user authentication center, if both are consistent, then and authentication success, otherwise, authentication failure.
The present invention compared with prior art has the following advantages:
1. authentication information accuracy is high.Android operation system provides believable identity information in system level and obtains interface, and the present invention obtains authentication information by this interface, and Malware cannot be distorted and forge, and ensure that the accuracy of authentication information;
2. be widely used.Single-node login system in current Android operation system generally lacks a kind of ID authentication mechanism, the identity identifying method proposed by the present invention, can effectively eliminate the potential safety hazard existed in most of single-node login system;
3. be easy to operation.The identity identifying method that the present invention proposes make use of the existing identity information of Android operation system and obtains interface, thus avoiding complicated identity information acquisition flow process, the identity identifying method that the present invention is proposed can be applied in actual single-node login system easily.
Accompanying drawing explanation
Fig. 1 of the present inventionly realizes general flow chart;
Fig. 2 is the sub-process figure that in the present invention, third party initiates ID authentication request;
Fig. 3 is the sub-process figure of user authentication receive centre third party ID authentication request in the present invention;
Fig. 4 is the sub-process figure of inquiry identity information in user authentication center in the present invention;
Fig. 5 is the sub-process figure of contrast identity information in user authentication center in the present invention.
Embodiment
With reference to Fig. 1, performing step of the present invention is as follows:
Step 1, third party initiates ID authentication request.
As shown in Figure 2, being implemented as follows of this step:
1a) third party's request to create object Request, for initiating ID authentication request;
1b) the putExtra function that provided by Android operation system of third party, inserts in request object Request using signature PkgSig, bag name PkgName as parameter;
The startActivityForResult function that 1c) third party is provided by Android operation system initiates ID authentication request.
Step 2, user authentication receive centre third party ID authentication request.
With reference to Fig. 3, being implemented as follows of this step:
2a) user authentication center obtains ID authentication request object Request by registration interface protected void onCreate;
2b) the signature PkgSig of third party's transmission is read at user authentication center from R request object equest by the getStringExtra function that Android operation system provides;
2c) the bag name PkgName of third party's transmission is read at user authentication center from request object Request by the getStringExtra function that Android operation system provides.
Step 3, user authentication center inquiry identity information.
With reference to Fig. 4, being implemented as follows of this step:
3a) the getCallingActivity function that provided by Android operation system of user authentication center and getPackageName function are obtained third party and truly wrap a RealPkgName from Request.
3b) the getPackageManager function in the ActivityThread class libraries that Android operation system provides is called at user authentication center, obtain the package manager PkgMgr belonging to current process, using truly wrapping a RealPkgName as the getPackageInfo function in parameter call package manager PkgMgr, to obtain actual signature RealPkgSig.
Step 4, user authentication central authentication identity information.
With reference to Fig. 5, being implemented as follows of this step:
4a) compare signature PkgSig whether consistent with actual signature RealPkgSig: if consistent, then continue to perform step 4b), otherwise authentication failure;
4b) compare bag name PkgName whether consistent with true bag name RealPkgName:, if unanimously, then authentication success, otherwise, authentication failure.
More than describing is only example of the present invention, and paired not any restriction of the present invention.Obviously for those skilled in the art; after having understood content of the present invention and principle; all may when not deviating from the principle of the invention, structure; carry out the various correction in form and details and change, but these corrections based on inventive concept and change are still within claims of the present invention.
Claims (5)
1. an identity identifying method for the single-sign-on in Android operation system, comprises the steps:
(1) in android system, authentication information is transmitted by third direction user authentication center:
1a) third party creates ID authentication request object Request, and inserts in Request object using signature PkgSig, bag name PkgName as parameter;
1b) the request object Request being filled with parameter is passed to user authentication center by third party;
(2) the request object Request of user authentication receive centre third party transfer, and the signature PkgSig and the bag name PkgName that therefrom read third party's transmission;
(3) user authentication center inquiry identity information, namely obtains third-party true bag name RealPkgName and actual signature RealPkgSig by Android operation system function;
(4) user authentication central authentication identity information:
4a) the signature PkgSig read and actual signature RealPkgSig contrasts by user authentication center, if both are consistent, continues step 4b), otherwise, authentication failure;
4b) the bag name PkgName read and true bag name RealPkgName contrasts by user authentication center, if both are consistent, then and authentication success, otherwise, authentication failure.
2. the identity identifying method of the single-sign-on in Android operation system according to claim 1, it is characterized in that, described step 1a) in signature PkgSig, bag name PkgName are inserted in request object Request as parameter, be that the putExtra function provided by Android operation system is realized.
3. the identity identifying method of the single-sign-on in Android operation system according to claim 1, it is characterized in that, reading signature PkgSig and the bag name PkgName of third party's transmission in described step (2), is that the getStringExtra function provided by Android operation system is realized.
4. the authentication method of the single-sign-on function in Android operation system according to claim 1, it is characterized in that, obtaining third-party true bag name RealPkgName in described step (3), is that the getCallingActivity function that provided by Android operation system and getPackageName function are realized.
5. the authentication method of the single-sign-on function in Android operation system according to claim 1, it is characterized in that, third-party actual signature RealPkgSig is obtained in described step (3), truly as parameter, to be obtained by the getPackageInfo function calling Android operation system by bag name RealPkgName.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410748385.XA CN104486318A (en) | 2014-12-08 | 2014-12-08 | Identity authentication method for single sign-on in Android operating system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410748385.XA CN104486318A (en) | 2014-12-08 | 2014-12-08 | Identity authentication method for single sign-on in Android operating system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104486318A true CN104486318A (en) | 2015-04-01 |
Family
ID=52760822
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410748385.XA Pending CN104486318A (en) | 2014-12-08 | 2014-12-08 | Identity authentication method for single sign-on in Android operating system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104486318A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108092947A (en) * | 2016-11-23 | 2018-05-29 | 腾讯科技(深圳)有限公司 | A kind of method and device that identity discriminating is carried out to third-party application |
CN108134788A (en) * | 2017-12-20 | 2018-06-08 | 燧炻科技创新(北京)有限责任公司 | A kind of third party login method and system of cloud operating system |
CN109145540A (en) * | 2018-08-24 | 2019-01-04 | 广州大学 | A kind of intelligent terminal identity identifying method and device based on block chain |
CN110673892A (en) * | 2019-09-17 | 2020-01-10 | 中电万维信息技术有限责任公司 | Interface unified calling method based on component configuration |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1959607A1 (en) * | 2005-12-07 | 2008-08-20 | Huawei Technologies Co., Ltd. | A method and system for authenticating the identity |
CN102315945A (en) * | 2011-10-20 | 2012-01-11 | 江苏三源教育实业有限公司 | Unified identity authentication method based on private agreement |
CN103489101A (en) * | 2012-06-14 | 2014-01-01 | 海瑞斯信息科技(苏州)有限公司 | Safe electronic payment system and payment method based on converged communication technology |
CN103942093A (en) * | 2013-01-23 | 2014-07-23 | 阿里巴巴集团控股有限公司 | Service processing method and system |
US20140304756A1 (en) * | 2013-04-06 | 2014-10-09 | Miranda Technologies Partnership | Systems and methods for cloud-based media play out |
-
2014
- 2014-12-08 CN CN201410748385.XA patent/CN104486318A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1959607A1 (en) * | 2005-12-07 | 2008-08-20 | Huawei Technologies Co., Ltd. | A method and system for authenticating the identity |
CN102315945A (en) * | 2011-10-20 | 2012-01-11 | 江苏三源教育实业有限公司 | Unified identity authentication method based on private agreement |
CN103489101A (en) * | 2012-06-14 | 2014-01-01 | 海瑞斯信息科技(苏州)有限公司 | Safe electronic payment system and payment method based on converged communication technology |
CN103942093A (en) * | 2013-01-23 | 2014-07-23 | 阿里巴巴集团控股有限公司 | Service processing method and system |
US20140304756A1 (en) * | 2013-04-06 | 2014-10-09 | Miranda Technologies Partnership | Systems and methods for cloud-based media play out |
Non-Patent Citations (1)
Title |
---|
DAVI L,ET AL: "Privilege Escalation Attacks on Android", 《PROCEEDINGS OF THE 13TH INTERNATIONAL CONFERENCE ON INFORMATION SECURITY》 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108092947A (en) * | 2016-11-23 | 2018-05-29 | 腾讯科技(深圳)有限公司 | A kind of method and device that identity discriminating is carried out to third-party application |
CN108134788A (en) * | 2017-12-20 | 2018-06-08 | 燧炻科技创新(北京)有限责任公司 | A kind of third party login method and system of cloud operating system |
CN109145540A (en) * | 2018-08-24 | 2019-01-04 | 广州大学 | A kind of intelligent terminal identity identifying method and device based on block chain |
CN109145540B (en) * | 2018-08-24 | 2022-02-11 | 广州大学 | Intelligent terminal identity authentication method and device based on block chain |
CN110673892A (en) * | 2019-09-17 | 2020-01-10 | 中电万维信息技术有限责任公司 | Interface unified calling method based on component configuration |
CN110673892B (en) * | 2019-09-17 | 2023-01-03 | 中电万维信息技术有限责任公司 | Interface unified calling method based on component configuration |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220215082A1 (en) | Method and apparatus for facilitating the login of an account | |
EP3854049B1 (en) | Nonce handler for single sign on authentication in reverse proxy solutions | |
CN106779716B (en) | Authentication method, device and system based on block chain account address | |
US9294479B1 (en) | Client-side authentication | |
US8869254B2 (en) | User verification using voice based password | |
US20170118226A1 (en) | Methods, Systems, Devices and Products for Error Correction in Computer Programs | |
WO2017076214A1 (en) | A sms-based website login method and login system thereof | |
CN103916244B (en) | Verification method and device | |
US20150113618A1 (en) | Verifying the security of a remote server | |
US10419431B2 (en) | Preventing cross-site request forgery using environment fingerprints of a client device | |
WO2014082555A1 (en) | Login method, device and open platform system | |
US9397999B2 (en) | Methods, devices, and computer readable storage devices for sharing sensitive content securely | |
TW201405459A (en) | Method, client, server and system of login verification | |
CN108234439B (en) | Attack protection for network real-time communication providers | |
CN110958119A (en) | Identity verification method and device | |
CN104486318A (en) | Identity authentication method for single sign-on in Android operating system | |
CN106330829A (en) | Method and system for realizing single signing on by using middleware | |
CN112491778A (en) | Authentication method, device, system and medium | |
CN107835160A (en) | Third party's user authen method based on Quick Response Code | |
CA3073190C (en) | Mobile number verification for mobile network-based authentication | |
CN103368831B (en) | A kind of anonymous instant communicating system identified based on frequent visitor | |
CN104767614A (en) | Information authentication method and device | |
CN105306577A (en) | Data sharing system and method between handheld devices based on APP | |
CN105577621B (en) | Business operation verification method, device and system | |
CN104301285B (en) | Login method for web system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150401 |