CN108959908B - Method, computer equipment and storage medium for authenticating mobile platform accessing SDK - Google Patents

Method, computer equipment and storage medium for authenticating mobile platform accessing SDK Download PDF

Info

Publication number
CN108959908B
CN108959908B CN201810876415.3A CN201810876415A CN108959908B CN 108959908 B CN108959908 B CN 108959908B CN 201810876415 A CN201810876415 A CN 201810876415A CN 108959908 B CN108959908 B CN 108959908B
Authority
CN
China
Prior art keywords
terminal
server
encryption
random number
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810876415.3A
Other languages
Chinese (zh)
Other versions
CN108959908A (en
Inventor
刘宝
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Thinkive Information Technology Co ltd
Original Assignee
Shenzhen Thinkive Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Thinkive Information Technology Co ltd filed Critical Shenzhen Thinkive Information Technology Co ltd
Priority to CN201810876415.3A priority Critical patent/CN108959908B/en
Publication of CN108959908A publication Critical patent/CN108959908A/en
Application granted granted Critical
Publication of CN108959908B publication Critical patent/CN108959908B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs

Abstract

The invention discloses a method for authenticating a mobile platform accessed to an SDK (software development kit), and relates to the technical field of information security. The method specifically comprises the following steps: carrying out initialization authentication on the unique ID and the App packet name which are allocated to an App channel; establishing a bidirectional authentication channel between the terminal and the server by adopting a private communication protocol; and randomly generating the session encryption Key Key for communication encryption signature and data encryption storage through the channel passing the authentication. By applying the authentication method provided by the invention, the SDK can be effectively prevented from being directly embedded and used after being acquired by the non-trusted third party App, the security and the reliability of channel access are fully ensured, and the risk of hijacking user information is avoided. In addition, the safety of third party access can be ensured by combining the full-flow data monitoring of the SDK calling process, and the safety requirement of supervision is met.

Description

Method, computer equipment and storage medium for authenticating mobile platform accessing SDK
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a method, a computer device, and a storage medium for authenticating a mobile platform accessing an SDK.
Background
With the rise of the mobile internet, more than 80% of the investment activities of users are generated at the mobile App end. In order to increase business income, the number of users of the security company needs to be continuously increased, and due to the limitation of business development, the users do not reach the high-quality channel of the customers, and a better customer-obtaining way is increased to become a pain point of the security company.
After long-term user accumulation, internet enterprises have a large number of high-quality users, but the users are limited by business qualifications, financial businesses cannot be rapidly and conveniently developed, and user flows become pain points of the internet enterprises.
The method combines the pain points of the Internet enterprises and the security companies, the security companies and the Internet channels are cooperated to be transported, and the problem that the two parties need to solve is solved by the way of safely, effectively and stably developing business cooperation under the condition of meeting the regulatory compliance.
At present, to ensure the safety of users and security companies, the following methods are generally used: (1) the system of self-owned transaction, online account opening and the like is integrated to a third-party App platform in an H5 link mode, after a user clicks the link in the third-party App, the App calls a mobile phone system with a browser to open a system of a securities company, and the user transacts related services through the mobile phone system browser. However, the H5 link in this method is an open link, which cannot ensure the security of transaction data and control the reliability of access channels, and is liable to cause external transaction hang, illegal access of off-site investment system, and the like, and the terminal information is liable to be forged. (2) The improvement proposed for the method (1): the user opens and presents the securities company H5 page through an internal WebView (internal browser) in the third party App, and the user transacts related services without leaving the third party App. However, the reliability of the access channel cannot be controlled by the method, so that the risk that the user data is maliciously operated exists, the terminal information is easy to forge, and the transaction safety cannot be guaranteed. (3) And (3) opening systems such as self-owned transaction, online account opening and the like to a third party App platform in an API (application programming interface) form, and transacting related services by using a page of the third party App platform. However, such operation makes the place of business provided by the third party App platform, and cannot meet the supervision requirement, and the business API is easily exposed to the third party App platform, which results in leakage of the business secret. (4) The system of self-owned transaction, online account opening and the like is integrated to a third-party App platform in an SDK mode, and a user directly transacts related services by accessing an SDK module in the third-party App platform. Although the access of the third-party channel is controlled to a certain extent, the method still has the risks of insufficient authentication of the user access channel, malicious access and hijacking and leakage of user information.
Disclosure of Invention
The invention aims to solve the technical problem of how to reduce the risk of user information leakage in an SDK access mode and improve the safety.
In order to solve the above problems, the present invention proposes the following technical solutions:
in a first aspect, the present invention provides a method for authenticating a mobile platform accessing an SDK, where the method is applied to a terminal installed with the SDK, and the method includes:
s1, the terminal generates a terminal random number;
s2, the terminal encrypts the terminal random number, the terminal public key certificate file, the App package name and the App channel name according to the server public key certificate file to generate first encryption information;
s3, the terminal sends the first encryption information to a server;
s4, the server receives the first encryption information and judges whether the terminal passes the first authentication according to the first encryption information;
s5, if the terminal passes the first authentication, the server generates a server random number;
s6, the server encrypts the server random number and the server public key certificate file according to the terminal public key certificate file to generate second encryption information;
s7, the server sends the second encryption information to the terminal;
s8, the terminal receives the second encryption information and judges whether the server passes the first authentication according to the second encryption information;
s9, if the server passes the first authentication, the terminal generates a terminal encryption key by the terminal random number and the server random number through a preset algorithm;
s10, the terminal encrypts the server random number by an encryption algorithm by using the terminal encryption key to generate third encryption information;
s11, the terminal sends the third encrypted information to a server;
s12, the server generates a server encryption key for the terminal random number and the server random number through the preset algorithm;
s13, the server decrypts the third encrypted information through an encryption algorithm according to the server encryption key to obtain a server random number;
s14, judging whether the server random number obtained in S13 is the same as the server random number generated in S5;
s15, if the server random number obtained in S13 is the same as the server random number generated in S5, the terminal passes the second authentication, and the server stores the server encryption key;
s16, the server encrypts the terminal random number by an encryption algorithm by using the server encryption key to generate fourth encryption information;
s17, the server sends the fourth encrypted information to the terminal;
s18, the terminal decrypts the fourth encrypted information through an encryption algorithm according to the terminal encryption key to obtain a terminal random number;
s19, judging whether the terminal random number obtained in S18 is the same as the terminal random number generated in S1;
and S20, if the terminal random number obtained in S19 is the same as the terminal random number generated in S1, the server passes the second authentication, and the terminal stores the terminal encryption key.
In a second aspect, an embodiment of the present invention further provides a computer device, which includes a memory and a processor, where the memory stores a computer program, and the processor implements the above method when executing the computer program.
In a third aspect, the present invention also provides a computer-readable storage medium, where a computer program is stored, where the computer program includes program instructions, and the program instructions, when executed by a processor, can implement the above method.
Compared with the prior art, the invention can achieve the following technical effects: the security authentication method is characterized in that the security authentication method is accessed to an App platform of a terminal in an SDK mode, bidirectional security authentication and session-level encryption are respectively carried out on the terminal and a server, and the security authentication method can be used for encrypting communication and information storage. The method can effectively prevent the SDK from being directly embedded and used after being acquired by the non-trusted third party App, fully ensure the security and reliability of channel access and avoid the risk of hijacking user information. In addition, the safety of third party access can be ensured by combining the full-flow data monitoring of the SDK calling process, and the safety requirement of supervision is met.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of a method for authenticating a mobile platform accessing an SDK according to an embodiment of the present invention;
FIG. 2 is a detailed flowchart of step S4 in FIG. 1;
FIG. 3 is a detailed flowchart of step S8 in FIG. 1;
fig. 4 is a flowchart of a method for authenticating a mobile platform accessing an SDK according to another embodiment of the present invention;
fig. 5 is a flowchart of a method for authenticating a mobile platform accessing an SDK according to another embodiment of the present invention; and
fig. 6 is a schematic block diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments will be described clearly and completely with reference to the accompanying drawings in the embodiments of the present invention, wherein like reference numerals represent like elements in the drawings. It is apparent that the embodiments to be described below are only a part of the embodiments of the present invention, and not all of them. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the embodiments of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the embodiments of the invention. As used in the description of embodiments of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be noted that the mobile platform in the present invention refers to a terminal, and the terminal may specifically be an electronic device with a communication function, such as a smart phone, a tablet computer, a notebook computer, a desktop computer, a personal digital assistant, and a wearable device.
Referring to fig. 1, an embodiment of the present invention provides a method for authenticating a mobile platform accessing an SDK, where the method is applied to a terminal installed with the SDK, and as can be seen, the method includes the following steps:
s1, the terminal generates a terminal random number.
In a specific implementation, when a terminal sends a login request to a server, the terminal randomly generates a terminal random number R1, wherein the character length of R1 is 16 characters.
It should be noted that the character length of R1 can be determined by those skilled in the art, and the present invention is not limited thereto.
And S2, the terminal encrypts the terminal random number, the terminal public key certificate file, the App package name and the App channel name according to the server public key certificate file to generate first encryption information.
In specific implementation, the terminal has stored the public key certificate and the private key certificate file of the terminal safely, and also has stored the public key certificate file of the server and the root certificate of the public letter.
S3, the terminal sends the first encrypted information to the server.
S4, the server receives the first encryption information and judges whether the SDK passes the first authentication according to the first encryption information.
S5, if the SDK passes the first authentication, the server generates a server random number.
In specific implementation, if the SDK cannot pass the first authentication, it indicates that the SDK source in the terminal is illegal or expired, so that there is an unsafe risk and the requirement of security supervision cannot be met, and the server rejects the login request of the terminal.
And S6, the server encrypts the server random number and the server public key certificate file according to the terminal public key certificate file to generate second encryption information.
S7, the server sends the second encrypted information to the terminal.
And S8, the terminal receives the second encryption information and judges whether the server passes the first authentication according to the second encryption information.
And S9, if the server passes the first authentication, the terminal generates a terminal encryption key by the terminal random number and the server random number through a preset algorithm.
In specific implementation, if the server cannot pass the first authentication, the source of the server is illegal and unreliable, and the requirement of safety supervision cannot be met. The terminal abandons the login request.
Thus, the two-way security authentication of the terminal to the server and the server to the terminal is completed.
In a specific implementation, the preset algorithm is an algorithm preset by a person skilled in the art for generating a terminal encryption key, and the present invention is not limited to this specific algorithm.
S10, the terminal encrypts the server random number with the terminal encryption key by an encryption algorithm to generate third encrypted information.
In a specific implementation, the encryption algorithm is an SM4 cryptographic algorithm, and those skilled in the art may select other encryption algorithms for encryption, which is not limited in the present invention.
S11, the terminal transmits the third encrypted information to the server.
And S12, the server generates a server encryption key by the preset algorithm for the terminal random number and the server random number.
In a specific implementation, the preset algorithm is an algorithm preset by a person skilled in the art to generate an encryption key of the server, and the present invention is not limited to this.
And S13, the server decrypts the third encrypted information through the encryption algorithm according to the server encryption key to obtain the server random number.
In a specific implementation, the encryption algorithm is an SM4 cryptographic algorithm, and those skilled in the art may select other encryption algorithms for encryption, which is not limited in the present invention.
At S14, it is determined whether the server random number obtained at S13 is the same as the server random number generated at S5.
S15, if the server random number obtained in S13 is the same as the server random number generated in S5, the SDK passes the second authentication, and the server stores the server encryption key.
In a specific implementation, the second authentication may determine security performance of the terminal and the server during a session. If the SDK can not pass the second authentication, the data of the SDK in the session is judged to be wrong, the safety can not be ensured, the risk of information leakage exists, and the processing is not carried out.
S16, the server encrypts the terminal random number by an encryption algorithm using the server encryption key, and generates fourth encryption information.
S17, the server transmits the fourth encrypted information to the terminal.
And S18, the terminal decrypts the fourth encrypted information through the encryption algorithm according to the terminal encryption key to obtain the terminal random number.
S19, it is determined whether the terminal random number obtained in S18 is the same as the terminal random number generated in S1.
S20, if the terminal random number obtained in S19 is the same as the terminal random number generated in S1, the server passes the second authentication, and the terminal stores the terminal encryption key.
In a specific implementation, the terminal encryption key and the server encryption key can be used for encrypted signature and data encrypted storage of two-way communication. For user sensitive data needing to be cached locally in the terminal, such as memory cache, Cookie, Session Storage, Local Storage and the like, the terminal encryption key can be used for storing the data after being encrypted by SM4 cryptographic algorithm, so that the sensitive data of the user can be effectively prevented from being leaked.
If the server cannot pass the second authentication, it can be judged that the server cannot guarantee the security during the session, the risk of information leakage exists, and the next operation cannot be executed.
By applying the embodiment of the invention, the security company accesses the systems of own transaction, online account opening and the like into the App platform of the terminal in the form of SDK and respectively carries out secondary security authentication on the terminal and the server, thereby fully ensuring the security and reliability of channel access and avoiding the risk of hijacking user information. In addition, the safety of third party access can be ensured by combining the full-flow data monitoring of the SDK calling process, and the safety requirement of supervision is met.
Referring to fig. 2, this embodiment provides a specific implementation method for step S4 in embodiment 1, including the following steps:
s201, the server decrypts the first encrypted information by using the server private key certificate file to obtain a terminal random number, a terminal public key certificate file, an App package name and an App channel name in the first encrypted information.
S202, searching a terminal public key certificate file stored in the server according to the name of the App package and the name of the App channel.
S203 determines whether the terminal public key certificate file stored in the server is consistent with the terminal public key certificate file in the first encrypted information.
S204, if the terminal public key certificate file stored by the server is consistent with the terminal public key certificate file in the first encryption information, the SDK is judged to pass the first authentication.
In specific implementation, comparing the MD5 value of the terminal public key certificate file stored by the server with the terminal public key certificate file in the first encryption information, if the MD5 values of the terminal public key certificate file and the terminal public key certificate file in the first encryption information are the same, judging that the first encryption information sent by the terminal has no problem, and enabling the SDK to pass the first authentication; if the MD5 values of the two are different, the first encryption information sent by the terminal is judged to have a problem, and the SDK cannot pass the first authentication.
Referring to fig. 3, this embodiment provides a specific implementation method for step S8 in embodiment 1, including the following steps:
s301, the terminal decrypts the second encrypted information by using the terminal private key certificate file to obtain the server random number and the server public key certificate file.
S302 determines whether the server public key certificate file stored locally in the terminal is consistent with the server public key certificate file in the second encrypted information.
S303, if the server public key certificate file stored locally in the terminal is consistent with the server public key certificate file in the second encrypted information, determining that the server passes the first authentication.
In specific implementation, comparing the MD5 value of a server public key certificate file stored locally in the terminal with a server public key certificate file in second encryption information, if the MD5 values of the server public key certificate file and the server public key certificate file are the same, judging that the second encryption information sent by the server has no problem, and enabling the server to pass first authentication; if the MD5 values of the two are different, the problem of the second encryption information sent by the server is judged, and the server cannot pass the first authentication.
Referring to fig. 4, in another embodiment, before step S1, the method further includes:
and S401, reading the name of the App package and the name of the App channel by the terminal.
S402, the terminal reads a terminal public key certificate file issued by a server and stored locally, and analyzes and obtains an App package name and an App channel name in the server public key certificate file.
S403, judging whether the App package name and the App channel name read by the terminal are the same as those in the terminal public key certificate file or not.
S404, if the App package name and the App channel name read by the terminal are the same as those in the terminal public key certificate file, the initialization authentication is successful, and the App package name and the App channel name of the terminal are represented as a trustable access channel.
In the embodiment, the unique ID and the App package name distributed to the App channel by the server are verified and authenticated, so that the reliability and the safety of channel access are ensured.
Referring to fig. 5, in another embodiment, after step S20, the method further includes:
s501, if the H5 page request is received, the terminal acquires the terminal encryption key from the SDK.
And S502, the terminal carries out SM4 encryption on the request parameters and the request serial number of the H5 page request according to the terminal encryption key to generate fifth encryption information.
S503 the terminal performs SM3 signing on the fifth encrypted information and the terminal encryption key, and generates first signed information.
And S504, the terminal sends the fifth encryption information and the first signature information to the server.
The server signs the fifth encryption information and the server encryption key according to the server encryption key to generate second signature information S505.
S506 the server determines whether the second signature information is the same as the first signature information sent by the terminal.
S507, if the second signature information is the same as the first signature information sent by the terminal, whether the server can carry out SM4 decryption on the fifth encrypted information is judged, and the request parameter and the request serial number of the H5 page request are obtained.
If the server fails to decrypt the fifth encrypted message and cannot obtain the request parameter and the request serial number of the H5 page request, step S510 is performed.
S508 if the server can decrypt the fifth encrypted message to obtain the request parameter and the request serial number of the H5 page request, judging whether the request serial number is used.
In a specific implementation, if the second signature information is not the same as the first signature information sent by the terminal, step S510 is executed.
And S509, if the request serial number is not used, the server responds to the H5 page request and sends an execution result to the terminal. Meanwhile, the server stores the request serial number of the H5 page at this time and sets the expiration date of the request serial number at this time.
If the request serial number is used, it can be considered as a replay request attack, step S510 is executed.
The S510 server rejects the H5 page request.
In the embodiment, the security and the integrity of data in network transmission are ensured by carrying out private encryption and signature on the communication protocol, and the attack of malicious data acquisition and replay request by three parties is effectively avoided.
Referring to fig. 6, a schematic block diagram of a computer device according to an embodiment of the present invention is shown. As can be seen, the computer device 500 includes a processor 502, memory, and a network interface 505 connected by a system bus 501, where the memory may include a non-volatile storage medium 503 and an internal memory 504.
The computer device 500 may be a terminal or a server, where the terminal may be an electronic device with a communication function, such as a smart phone, a tablet computer, a notebook computer, a desktop computer, a personal digital assistant, and a wearable device. The server may be an independent server or a server cluster composed of a plurality of servers.
The non-volatile storage medium 503 may store an operating system 5031 and a computer program 5032. The computer programs 5032 include program instructions that, when executed, cause the processor 502 to perform a method for authenticating with a mobile platform accessing an SDK as described in the above embodiments.
The processor 502 is used to provide computing and control capabilities to support the operation of the overall computer device 500.
The internal memory 504 provides an environment for the operation of the computer program 5032 in the non-volatile storage medium 503, and when the computer program 5032 is executed by the processor 502, the processor 502 may perform a method for authenticating with a mobile platform accessing an SDK as described in the above embodiments.
The network interface 505 is used for network communication with other devices. Those skilled in the art will appreciate that the configuration shown in fig. 6 is a block diagram of only a portion of the configuration associated with the present application and does not constitute a limitation of the computer device 500 to which the present application may be applied, and that a particular computer device 500 may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
It should be understood that, in the embodiment of the present invention, the Processor 502 may be a Central Processing Unit (CPU), and the Processor 502 may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, and the like. Wherein a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
While the invention has been described with reference to specific embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. A method for authenticating a mobile platform accessing an SDK is applied to a terminal installed with the SDK, and the method comprises the following steps:
s1, the terminal generates a terminal random number;
s2, the terminal encrypts the terminal random number, the terminal public key certificate file, the App package name and the App channel name according to the server public key certificate file to generate first encryption information;
s3, the terminal sends the first encryption information to a server;
s4, the server receives the first encryption information and judges whether the terminal passes the first authentication according to the first encryption information;
s5, if the terminal passes the first authentication, the server generates a server random number;
s6, the server encrypts the server random number and the server public key certificate file according to the terminal public key certificate file to generate second encryption information;
s7, the server sends the second encryption information to the terminal;
s8, the terminal receives the second encryption information and judges whether the server passes the first authentication according to the second encryption information;
s9, if the server passes the first authentication, the terminal generates a terminal encryption key by the terminal random number and the server random number through a preset algorithm;
s10, the terminal encrypts the server random number by an encryption algorithm by using the terminal encryption key to generate third encryption information;
s11, the terminal sends the third encrypted information to a server;
s12, the server generates a server encryption key for the terminal random number and the server random number through the preset algorithm;
s13, the server decrypts the third encrypted information through an encryption algorithm according to the server encryption key to obtain a server random number;
s14, judging whether the server random number obtained in S13 is the same as the server random number generated in S5;
s15, if the server random number obtained in S13 is the same as the server random number generated in S5, the terminal passes the second authentication, and the server stores the server encryption key;
s16, the server encrypts the terminal random number by an encryption algorithm by using the server encryption key to generate fourth encryption information;
s17, the server sends the fourth encrypted information to the terminal;
s18, the terminal decrypts the fourth encrypted information through an encryption algorithm according to the terminal encryption key to obtain a terminal random number;
s19, judging whether the terminal random number obtained in S18 is the same as the terminal random number generated in S1;
and S20, if the terminal random number obtained in S18 is the same as the terminal random number generated in S1, the server passes the second authentication, and the terminal stores the terminal encryption key.
2. The method of claim 1, wherein the S4 comprises: the server decrypts the first encrypted information by using a server private key certificate file to obtain the terminal random number, a terminal public key certificate file, an App package name and an App channel name; searching a terminal public key certificate file stored by a server according to the App package name and the App channel name; judging whether the terminal public key certificate file stored by the server is consistent with the terminal public key certificate file in the first encryption information; and if the terminal public key certificate file stored by the server is consistent with the terminal public key certificate file in the first encryption information, judging that the SDK passes the first authentication.
3. The method of claim 1, wherein the S8 comprises: the terminal decrypts the second encrypted information by using the terminal private key certificate file to obtain a server random number and a server public key certificate file; judging whether a server public key certificate file locally stored in the terminal is consistent with a server public key certificate file in the second encryption information; and if the server public key certificate file stored locally in the terminal is consistent with the server public key certificate file in the second encrypted information, judging that the server passes the first authentication.
4. A method of authenticating with a mobile platform accessing an SDK according to any one of claims 1-3, wherein prior to S1, the method further comprises: reading an App package name and an App channel name by the terminal; a terminal reads a terminal public key certificate file issued by a server stored locally, and analyzes and obtains an App package name and an App channel name in the terminal public key certificate file; judging whether the App package name and the App channel name read by the terminal are the same as those in the terminal public key certificate file or not; if the App package name and the App channel name read by the terminal are the same as those in the terminal public key certificate file, the initialization authentication is successful.
5. A method of authenticating with a mobile platform accessing an SDK according to any one of claims 1-3, wherein after step S20, the method further comprises: if an H5 page request is received, the terminal acquires the terminal encryption key from the SDK; the terminal encrypts the request parameters and the request serial number of the H5 page request according to the terminal encryption key to generate fifth encryption information; the terminal signs the fifth encryption information and the terminal encryption key to generate first signature information, and the terminal sends the fifth encryption information and the first signature information to the server; the server signs the fifth encryption information and the server encryption key according to the server encryption key to generate second signature information; the server judges whether the second signature information is the same as the first signature information sent by the terminal; if the second signature information is the same as the first signature information sent by the terminal, judging whether the server can decrypt the fifth encrypted information to obtain a request parameter and a request serial number of an H5 page request; if the server can decrypt the fifth encrypted information to obtain the request parameter and the request serial number of the H5 page request, judging whether the request serial number is used; if the request serial number is not used, the server responds to the H5 page request; if the request serial number is used, the server rejects the H5 page request.
6. The method of claim 5, further comprising: and if the second signature information is not the same as the first signature information sent by the terminal, the server refuses the H5 page request.
7. The method of claim 5, wherein if the request serial number is not used, the server responds to the H5 page request, further comprising: and the server stores the request serial number and sets the expiration date of the request serial number.
8. The method of claim 1, wherein the cryptographic algorithm is a national cryptographic algorithm.
9. A computer arrangement, characterized in that the computer arrangement comprises a memory having stored thereon a computer program and a processor implementing the method according to any of claims 1-8 when executing the computer program.
10. A storage medium, characterized in that the storage medium stores a computer program comprising program instructions which, when executed by a processor, implement the method according to any one of claims 1-8.
CN201810876415.3A 2018-08-03 2018-08-03 Method, computer equipment and storage medium for authenticating mobile platform accessing SDK Active CN108959908B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810876415.3A CN108959908B (en) 2018-08-03 2018-08-03 Method, computer equipment and storage medium for authenticating mobile platform accessing SDK

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810876415.3A CN108959908B (en) 2018-08-03 2018-08-03 Method, computer equipment and storage medium for authenticating mobile platform accessing SDK

Publications (2)

Publication Number Publication Date
CN108959908A CN108959908A (en) 2018-12-07
CN108959908B true CN108959908B (en) 2021-02-02

Family

ID=64467064

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810876415.3A Active CN108959908B (en) 2018-08-03 2018-08-03 Method, computer equipment and storage medium for authenticating mobile platform accessing SDK

Country Status (1)

Country Link
CN (1) CN108959908B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109889510B (en) * 2019-01-30 2021-05-11 重庆农村商业银行股份有限公司 Multiple encryption method for service provider transmitting service message
CN110493236B (en) * 2019-08-23 2020-09-25 星环信息科技(上海)有限公司 Communication method, computer equipment and storage medium
CN111639350B (en) * 2020-05-16 2023-01-31 中信银行股份有限公司 Cipher service system and encryption method

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SG105005A1 (en) * 2002-06-12 2004-07-30 Contraves Ag Device for firearms and firearm
CN104851206A (en) * 2015-05-25 2015-08-19 华北电力大学 USBKEY (universal serial bus key)-based online electric charge payment system
CN106453431B (en) * 2016-12-19 2019-08-06 四川长虹电器股份有限公司 The method authenticated between internet system is realized based on PKI

Also Published As

Publication number Publication date
CN108959908A (en) 2018-12-07

Similar Documents

Publication Publication Date Title
US11558381B2 (en) Out-of-band authentication based on secure channel to trusted execution environment on client device
US9838205B2 (en) Network authentication method for secure electronic transactions
CN113794686B (en) Transaction verification by enhanced authentication
CN111600908B (en) Data processing method, system, computer device and readable storage medium
US11102191B2 (en) Enabling single sign-on authentication for accessing protected network services
WO2019218919A1 (en) Private key management method and apparatus in blockchain scenario, and system
CN112866228B (en) Method and device for controlling unauthorized access of web system
WO2021219086A1 (en) Data transmission method and system based on blockchain
CN109600377B (en) Method and device for preventing unauthorized use computer device and storage medium
CN108959908B (en) Method, computer equipment and storage medium for authenticating mobile platform accessing SDK
CN114024710A (en) Data transmission method, device, system and equipment
CN108322416B (en) Security authentication implementation method, device and system
US20180130056A1 (en) Method and system for transaction security
CN107918731A (en) Method and apparatus for controlling the authority to access to open interface
CN109981576B (en) Key migration method and device
CN111130799B (en) Method and system for HTTPS protocol transmission based on TEE
US20190306153A1 (en) Adaptive risk-based password syncronization
CN109657170B (en) Webpage loading method and device, computer equipment and storage medium
CN108900595B (en) Method, device and equipment for accessing data of cloud storage server and computing medium
CN114095165B (en) Key updating method, server device, client device and storage medium
CN112422534B (en) Credit evaluation method and equipment for electronic certificate
CN113872979A (en) Login authentication method and device, electronic equipment and computer-readable storage medium
CN115361168B (en) Data encryption method, device, equipment and medium
CN110401535B (en) Digital certificate generation, secure communication and identity authentication method and device
CN114238916A (en) Communication method, communication apparatus, computer device, and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant