CN104486318A - Identity authentication method for single sign-on in Android operating system - Google Patents

Identity authentication method for single sign-on in Android operating system Download PDF

Info

Publication number
CN104486318A
CN104486318A CN201410748385.XA CN201410748385A CN104486318A CN 104486318 A CN104486318 A CN 104486318A CN 201410748385 A CN201410748385 A CN 201410748385A CN 104486318 A CN104486318 A CN 104486318A
Authority
CN
China
Prior art keywords
party
operation system
authentication
android operation
bag name
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410748385.XA
Other languages
Chinese (zh)
Inventor
陈东
杨超
马建峰
董超
周洪丞
张明月
张坤
姚亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201410748385.XA priority Critical patent/CN104486318A/en
Publication of CN104486318A publication Critical patent/CN104486318A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses an identity authentication method for single sign-on in an Android operating system, and aims to mainly solve the problem of insufficient identity authentication capacity of the single sign-on in the existing Android operating system. The method comprises the following implementation steps: (1) acquiring identity information transmitted from a third party application program; (2) acquiring package name information and signature information of the application program through the Android operating system; (3) comparing the identity information transmitted from the third party with real identity information acquired through the Android to authenticate the identity. The identity authentication reliability and the identity authentication capacity for the single sign-on in the Android operating system are improved, the application range is wide, and the method is easy to operate and can be used for eliminating the potential safety hazard existing in a single sign-on system.

Description

The identity identifying method of the single-sign-on in Android operation system
Technical field
The invention belongs to computer realm, further relate to the single-sign-on function identifications authentication method in a kind of Android operation system, can be used for the enhancing to third-party authentication ability.
Background technology
Single-sign-on is in multiple application system, and user only needs to log in the function once just can accessing all believable third-party application, it be a kind of login main specifically can be mapped to other application in be used for same user log in mechanism.Single sign on mechanism has following characteristics:
1. improve application ease for use.Single sign on mechanism is very easy to use for user, and user only need remember a username and password, and only need input once, just can log in other all trusted application.
2. improve application and development efficiency.For developer, by using single-node login system, third-party application developer can be absorbed in service logic, need not oneself bamboo product authentication program.
3. strengthen data sharing between application.Because user authentication center provides single-sign-on function, and provide numerous interface for third-party application, therefore third-party application can get the related data that user is stored in user authentication center when subscriber authorisation, enhances data sharing abilities between application.
At present, the user authentication center that single sign-on certification is provided of some reality is had in Android operation system.Such as Tengxun provides single sign-on function by QQ interconnection platform.QQ interconnection platform is Tengxun is the open platform that the products such as third party website, media, terminal provide in Android operation system, mainly comprises QQ and logs in, social assembly and the opening API etc. such as to share; On the one hand for Internet user provides the account number system of social interaction server and safety easily, on the other hand for third party makes brand-new socialization marketing tool and search system, with China Internet industry shared in common and that build opening, personalized social networks.
When third-party application uses single-sign-on, third-party application needs the bag name information and the signing messages that import application to user authentication center into.But the bag name of application program and signing messages are easily forged in Android system, and user authentication center is not verified the validity of application identity, thus there is the situation of malicious application user cheating authentication center.
Summary of the invention
The object of the invention is to the deficiency overcoming above-mentioned prior art, single-sign-on function identifications authentication method in a kind of Android operation system is proposed, pass through to prevent malicious application to forge bag name means user cheating authentication center, enhance the authentication ability of user authentication center to third-party application.
The technical scheme realizing the object of the invention is: by modifying to user authentication center, when user authentication receive centre is to third-party application request, user authentication center is by the information such as signature, bag name of Android operation system active obtaining third-party application, and check with the parameter that third-party application imports into, judge that whether parameter that third-party application provides is true, thus the safety issue that solution third-party application is filed a request to user authentication center by the name that forges a signature, wraps, strengthen the authentication ability of single-sign-on in Android operation system.Concrete steps comprise as follows:
(1) in android system, authentication information is transmitted by third direction user authentication center:
1a) third party creates ID authentication request object Request, and inserts in Request object using signature PkgSig, bag name PkgName as parameter;
1b) the request object Request being filled with parameter is passed to user authentication center by third party;
(2) the request object Request of user authentication receive centre third party transfer, and the signature PkgSig and the bag name PkgName that therefrom read third party's transmission;
(3) user authentication center inquiry identity information, namely obtains third-party true bag name RealPkgName and actual signature RealPkgSig by Android operation system function;
(4) user authentication central authentication identity information:
4a) the signature PkgSig read and actual signature RealPkgSig contrasts by user authentication center, if both are consistent, continues step 4b), otherwise, authentication failure;
4b) the bag name PkgName read and true bag name RealPkgName contrasts by user authentication center, if both are consistent, then and authentication success, otherwise, authentication failure.
The present invention compared with prior art has the following advantages:
1. authentication information accuracy is high.Android operation system provides believable identity information in system level and obtains interface, and the present invention obtains authentication information by this interface, and Malware cannot be distorted and forge, and ensure that the accuracy of authentication information;
2. be widely used.Single-node login system in current Android operation system generally lacks a kind of ID authentication mechanism, the identity identifying method proposed by the present invention, can effectively eliminate the potential safety hazard existed in most of single-node login system;
3. be easy to operation.The identity identifying method that the present invention proposes make use of the existing identity information of Android operation system and obtains interface, thus avoiding complicated identity information acquisition flow process, the identity identifying method that the present invention is proposed can be applied in actual single-node login system easily.
Accompanying drawing explanation
Fig. 1 of the present inventionly realizes general flow chart;
Fig. 2 is the sub-process figure that in the present invention, third party initiates ID authentication request;
Fig. 3 is the sub-process figure of user authentication receive centre third party ID authentication request in the present invention;
Fig. 4 is the sub-process figure of inquiry identity information in user authentication center in the present invention;
Fig. 5 is the sub-process figure of contrast identity information in user authentication center in the present invention.
Embodiment
With reference to Fig. 1, performing step of the present invention is as follows:
Step 1, third party initiates ID authentication request.
As shown in Figure 2, being implemented as follows of this step:
1a) third party's request to create object Request, for initiating ID authentication request;
1b) the putExtra function that provided by Android operation system of third party, inserts in request object Request using signature PkgSig, bag name PkgName as parameter;
The startActivityForResult function that 1c) third party is provided by Android operation system initiates ID authentication request.
Step 2, user authentication receive centre third party ID authentication request.
With reference to Fig. 3, being implemented as follows of this step:
2a) user authentication center obtains ID authentication request object Request by registration interface protected void onCreate;
2b) the signature PkgSig of third party's transmission is read at user authentication center from R request object equest by the getStringExtra function that Android operation system provides;
2c) the bag name PkgName of third party's transmission is read at user authentication center from request object Request by the getStringExtra function that Android operation system provides.
Step 3, user authentication center inquiry identity information.
With reference to Fig. 4, being implemented as follows of this step:
3a) the getCallingActivity function that provided by Android operation system of user authentication center and getPackageName function are obtained third party and truly wrap a RealPkgName from Request.
3b) the getPackageManager function in the ActivityThread class libraries that Android operation system provides is called at user authentication center, obtain the package manager PkgMgr belonging to current process, using truly wrapping a RealPkgName as the getPackageInfo function in parameter call package manager PkgMgr, to obtain actual signature RealPkgSig.
Step 4, user authentication central authentication identity information.
With reference to Fig. 5, being implemented as follows of this step:
4a) compare signature PkgSig whether consistent with actual signature RealPkgSig: if consistent, then continue to perform step 4b), otherwise authentication failure;
4b) compare bag name PkgName whether consistent with true bag name RealPkgName:, if unanimously, then authentication success, otherwise, authentication failure.
More than describing is only example of the present invention, and paired not any restriction of the present invention.Obviously for those skilled in the art; after having understood content of the present invention and principle; all may when not deviating from the principle of the invention, structure; carry out the various correction in form and details and change, but these corrections based on inventive concept and change are still within claims of the present invention.

Claims (5)

1. an identity identifying method for the single-sign-on in Android operation system, comprises the steps:
(1) in android system, authentication information is transmitted by third direction user authentication center:
1a) third party creates ID authentication request object Request, and inserts in Request object using signature PkgSig, bag name PkgName as parameter;
1b) the request object Request being filled with parameter is passed to user authentication center by third party;
(2) the request object Request of user authentication receive centre third party transfer, and the signature PkgSig and the bag name PkgName that therefrom read third party's transmission;
(3) user authentication center inquiry identity information, namely obtains third-party true bag name RealPkgName and actual signature RealPkgSig by Android operation system function;
(4) user authentication central authentication identity information:
4a) the signature PkgSig read and actual signature RealPkgSig contrasts by user authentication center, if both are consistent, continues step 4b), otherwise, authentication failure;
4b) the bag name PkgName read and true bag name RealPkgName contrasts by user authentication center, if both are consistent, then and authentication success, otherwise, authentication failure.
2. the identity identifying method of the single-sign-on in Android operation system according to claim 1, it is characterized in that, described step 1a) in signature PkgSig, bag name PkgName are inserted in request object Request as parameter, be that the putExtra function provided by Android operation system is realized.
3. the identity identifying method of the single-sign-on in Android operation system according to claim 1, it is characterized in that, reading signature PkgSig and the bag name PkgName of third party's transmission in described step (2), is that the getStringExtra function provided by Android operation system is realized.
4. the authentication method of the single-sign-on function in Android operation system according to claim 1, it is characterized in that, obtaining third-party true bag name RealPkgName in described step (3), is that the getCallingActivity function that provided by Android operation system and getPackageName function are realized.
5. the authentication method of the single-sign-on function in Android operation system according to claim 1, it is characterized in that, third-party actual signature RealPkgSig is obtained in described step (3), truly as parameter, to be obtained by the getPackageInfo function calling Android operation system by bag name RealPkgName.
CN201410748385.XA 2014-12-08 2014-12-08 Identity authentication method for single sign-on in Android operating system Pending CN104486318A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410748385.XA CN104486318A (en) 2014-12-08 2014-12-08 Identity authentication method for single sign-on in Android operating system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410748385.XA CN104486318A (en) 2014-12-08 2014-12-08 Identity authentication method for single sign-on in Android operating system

Publications (1)

Publication Number Publication Date
CN104486318A true CN104486318A (en) 2015-04-01

Family

ID=52760822

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410748385.XA Pending CN104486318A (en) 2014-12-08 2014-12-08 Identity authentication method for single sign-on in Android operating system

Country Status (1)

Country Link
CN (1) CN104486318A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108092947A (en) * 2016-11-23 2018-05-29 腾讯科技(深圳)有限公司 A kind of method and device that identity discriminating is carried out to third-party application
CN108134788A (en) * 2017-12-20 2018-06-08 燧炻科技创新(北京)有限责任公司 A kind of third party login method and system of cloud operating system
CN109145540A (en) * 2018-08-24 2019-01-04 广州大学 A kind of intelligent terminal identity identifying method and device based on block chain
CN110673892A (en) * 2019-09-17 2020-01-10 中电万维信息技术有限责任公司 Interface unified calling method based on component configuration

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1959607A1 (en) * 2005-12-07 2008-08-20 Huawei Technologies Co., Ltd. A method and system for authenticating the identity
CN102315945A (en) * 2011-10-20 2012-01-11 江苏三源教育实业有限公司 Unified identity authentication method based on private agreement
CN103489101A (en) * 2012-06-14 2014-01-01 海瑞斯信息科技(苏州)有限公司 Safe electronic payment system and payment method based on converged communication technology
CN103942093A (en) * 2013-01-23 2014-07-23 阿里巴巴集团控股有限公司 Service processing method and system
US20140304756A1 (en) * 2013-04-06 2014-10-09 Miranda Technologies Partnership Systems and methods for cloud-based media play out

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1959607A1 (en) * 2005-12-07 2008-08-20 Huawei Technologies Co., Ltd. A method and system for authenticating the identity
CN102315945A (en) * 2011-10-20 2012-01-11 江苏三源教育实业有限公司 Unified identity authentication method based on private agreement
CN103489101A (en) * 2012-06-14 2014-01-01 海瑞斯信息科技(苏州)有限公司 Safe electronic payment system and payment method based on converged communication technology
CN103942093A (en) * 2013-01-23 2014-07-23 阿里巴巴集团控股有限公司 Service processing method and system
US20140304756A1 (en) * 2013-04-06 2014-10-09 Miranda Technologies Partnership Systems and methods for cloud-based media play out

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
DAVI L,ET AL: "Privilege Escalation Attacks on Android", 《PROCEEDINGS OF THE 13TH INTERNATIONAL CONFERENCE ON INFORMATION SECURITY》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108092947A (en) * 2016-11-23 2018-05-29 腾讯科技(深圳)有限公司 A kind of method and device that identity discriminating is carried out to third-party application
CN108134788A (en) * 2017-12-20 2018-06-08 燧炻科技创新(北京)有限责任公司 A kind of third party login method and system of cloud operating system
CN109145540A (en) * 2018-08-24 2019-01-04 广州大学 A kind of intelligent terminal identity identifying method and device based on block chain
CN109145540B (en) * 2018-08-24 2022-02-11 广州大学 Intelligent terminal identity authentication method and device based on block chain
CN110673892A (en) * 2019-09-17 2020-01-10 中电万维信息技术有限责任公司 Interface unified calling method based on component configuration
CN110673892B (en) * 2019-09-17 2023-01-03 中电万维信息技术有限责任公司 Interface unified calling method based on component configuration

Similar Documents

Publication Publication Date Title
US20220215082A1 (en) Method and apparatus for facilitating the login of an account
EP3854049B1 (en) Nonce handler for single sign on authentication in reverse proxy solutions
CN106779716B (en) Authentication method, device and system based on block chain account address
US9294479B1 (en) Client-side authentication
US8869254B2 (en) User verification using voice based password
US20170118226A1 (en) Methods, Systems, Devices and Products for Error Correction in Computer Programs
WO2017076214A1 (en) A sms-based website login method and login system thereof
CN103916244B (en) Verification method and device
US20150113618A1 (en) Verifying the security of a remote server
US10419431B2 (en) Preventing cross-site request forgery using environment fingerprints of a client device
WO2014082555A1 (en) Login method, device and open platform system
US9397999B2 (en) Methods, devices, and computer readable storage devices for sharing sensitive content securely
TW201405459A (en) Method, client, server and system of login verification
CN108234439B (en) Attack protection for network real-time communication providers
CN110958119A (en) Identity verification method and device
CN104486318A (en) Identity authentication method for single sign-on in Android operating system
CN106330829A (en) Method and system for realizing single signing on by using middleware
CN112491778A (en) Authentication method, device, system and medium
CN107835160A (en) Third party's user authen method based on Quick Response Code
CA3073190C (en) Mobile number verification for mobile network-based authentication
CN103368831B (en) A kind of anonymous instant communicating system identified based on frequent visitor
CN104767614A (en) Information authentication method and device
CN105306577A (en) Data sharing system and method between handheld devices based on APP
CN105577621B (en) Business operation verification method, device and system
CN104301285B (en) Login method for web system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20150401