CN102394887B - OAuth protocol-based safety certificate method of open platform and system thereof - Google Patents

OAuth protocol-based safety certificate method of open platform and system thereof Download PDF

Info

Publication number
CN102394887B
CN102394887B CN201110354138.8A CN201110354138A CN102394887B CN 102394887 B CN102394887 B CN 102394887B CN 201110354138 A CN201110354138 A CN 201110354138A CN 102394887 B CN102394887 B CN 102394887B
Authority
CN
China
Prior art keywords
party
application
open platform
application example
request
Prior art date
Application number
CN201110354138.8A
Other languages
Chinese (zh)
Other versions
CN102394887A (en
Inventor
廖建新
曹予飞
赵军
梁龙
李文嘉
吴若迪
Original Assignee
杭州东信北邮信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 杭州东信北邮信息技术有限公司 filed Critical 杭州东信北邮信息技术有限公司
Priority to CN201110354138.8A priority Critical patent/CN102394887B/en
Publication of CN102394887A publication Critical patent/CN102394887A/en
Application granted granted Critical
Publication of CN102394887B publication Critical patent/CN102394887B/en

Links

Abstract

The invention relates to an OAuth protocol-based safety certificate method of an open platform and a system thereof. The method comprises the following steps that: an open platform checks whether an application example identifier that is consistent with the platform is carried in an access request for application of an unauthorized Request Token, wherein the access request is sent by a third part application apparatus; if not, a new application example identifier is distributed; and the application example identifier, a Request Token that is not authorized by a user and a corresponded token secret key are returned to the third part application apparatus; and the third part application apparatus updates the application example identifier to the local and continuously carries the application example identifier to carry out a subsequent OAuth certificate request; the open platform utilizes the application example identifier to guide the user authorization; and then, an Access Token and a corresponded secret key are issued to the third part application apparatus. According to the invention, the method and the system belong to the network technology field; and accurate certificate and authentication can be carried out on service scenes of a plurality of third part application operation examples; and moreover, flexible charging can be realized.

Description

Open platform safety certifying method and system based on OAuth agreement

Technical field

The present invention relates to a kind of open platform safety certifying method and system based on OAuth agreement, belong to network technology.

Background technology

At present, most of the Internets open platform adopts OAuth agreement to realize authentication and certification to third party's application.OAuth is a kind of agreement of opening, for providing a kind of mode simple, standard to access, desktop application or the WWW application based on B/S pattern need the API of subscriber authorisation service, when any third party is applied in calling party resource, all need to authenticate and agree to that rear is addressable through user, ensured that like this privacy of user data is maintained secrecy.Due to its safely, develop simplely, a lot of the Internet manufacturer all provides OAuth authentication service as Google, Yahoo, Sina, Tengxun in the time building open platform.

In OAuth protocol frame, mainly comprise three class roles: Service Provider, the ISP of OAuth service, is responsible for providing AP services I to call for third party's application by open platform; Consumer, consumer or the user of OAuth service, refer to third party's application of calling open platform AP services I; User, user, the end user who uses third party to apply.

Open platform need to provide complete application and development, test, reach the standard grade flow process and operation interface to third party's application.First, the developer of third party's application need to apply and fill in application message one of open platform side registration, after succeeding in registration, obtain third party's application identities (parameter name corresponding OAuth agreement is oauth_consumer_key) of this application from open platform, application key (the parameter oauth_consumer_secret by name in corresponding OAuth agreement) with corresponding this third party's application identities, the issue of reaching the standard grade after exploitation, test, examination & verification, just can offer user and use.

When being applied in the AP services I of access open platform, third party needs first authenticate by OAuth: send authentication request to 3 addresss of service of OAuth successively, and after OAuth authentication success, send the access request of AP services I of calling open platform, above-mentioned steps all need to be according to agreement cryptographic algorithm to each request message sign (oauth_signature), wherein open platform is by the third party's application identities to carrying in request message, the parameter such as ask for an autograph is identified third party's application, thereby avoid third party's application identity to be forged and illegally call the AP services I of open platform.Wherein, the Certificate Authority process of OAuth agreement and related 3 addresss of service are as follows:

1, third party's application sends request to the Request Token URL address of open platform, obtains undelegated Request Token;

2, third party's application sends request to the User Authorization URL address of open platform, obtains the Request Token of subscriber authorisation;

3, third party application sends request to the Access Token URL address of open platform, exchanges Access Token for the Request Token of mandate.

Ways of services supplied according to from third party's application to end user, can be divided into application scenarios following two kinds of patterns:

1, client mode, described terminal mostly is mobile phone terminal or desktop terminal.User is in the time using this class application, and the third party that directly operation contains open platform AP services I on mobile phone or PC browser or pc client applies.The similar application door that under this pattern, first user need to provide from open platform is downloaded the third party application needing configuration is installed to this locality.Be characterized in that the AP services I that third party applies the direct remote access open platform of same terminal and provides meets consumers' demand.Therefore the user application amount under client mode is larger, and the number of downloads of third party application copy and the third party on different terminals apply running example quantity will be more.

2, server mode, user need to apply by the third party in web browser or customization customer end access web server, then visits open platform AP services I by the third party's application on the webserver.The service platform of the third party application of network side is by developer's framework and deployment, thereby in developer's oneself service routine, realizes the mixed of types of applications and take such as realizing application based on open platform completely or adopting plug-in unit mode Application and Development to be embedded into.Third party under server mode applies and conventionally can offer industry customer or the client of enterprise group uses; therefore the quantity that third party applies running example is not subject to the impact of end user's quantity, but decided by different industries client or the client's of enterprise group quantity.

Standard OAuth verification process is applicable to third party's application and serves to user as identical resource run entity, or the application of developing is limited to user oneself and uses, when user adopts browser or desktop client end to use third party to apply, open platform authenticates and authentication user and third party's application identities.But along with open platform range of application is more and more extensive, particularly, under mobile internet environment, occur that some new application scenarioss need to consider.The third party application copy that developer develops based on open platform will be downloaded in a large number, and is arranged on the huge hardware terminal of quantity size as mobile Internet provides service; Meanwhile, a user can have dissimilar hardware terminal, and as mobile terminal and PC PC, user can initiate the access request to same third party's application service from different hardware terminals.Because OAuth agreement adopts identical third party's application identities oauth_consumer_key, application key oauth_consumer_secret and corresponding signature oauth_signature visit open platform AP services I, in this case, existing a large amount of third parties applies running example and adopts identical third party's application identities oauth_consumer_key and signature oauth_signature access open platform, open platform is only difficult to authenticating from each terminal use's access request with authentication the fail safe that guarantee is served by third party's application identities, the access request of different user is also difficult to distinguish, have certain potential safety hazard, if one of them is cracked, a large number of users uses third party of the same type to apply running example will to declare its own bankruptcy, thereby the each side's safety threatening.

Meanwhile, dissimilar open platform can provide characteristic type of service API separately, typical in short message service API, multimedia message service API can be provided in telecommunication capability open platform, the position AP services I such as location, GIS etc.First, third party applies the AP services I accessing charging requirement; Secondly, open platform is to attract more users to use the third party's application based on open platform, stimulate use amount, conventionally need flexibly charging policy and third party's application or user carried out to accurate billing to be used in conjunction with, as provided free service at the platform operation initial stage in lower than certain visit capacity or access frequency situation, and higher than the mode that adopts charging as required after certain threshold values.For the mobile Internet ability open platform that has charging requirement, also cannot realize and user and third party are applied to running example carry out accurate billing and access statistics, presence service defect according to third party's application identities.

Therefore, does business scenario how to apply running example to having multiple third parties carry out Hard Authentication and authentication? be still the technical barrier that a urgent need will solve.

Summary of the invention

In view of this, the object of this invention is to provide a kind of open platform safety certifying method and system based on OAuth agreement, the business scenario that can apply to having multiple third parties running example carries out Hard Authentication and authentication.

In order to achieve the above object, the invention provides a kind of open platform safety certifying method based on OAuth agreement, described method includes:

In the access request of the undelegated Request Token of application that step 1, open platform inspection third party application apparatus are sent, whether carry and on open platform, preserve consistent application example identification information, if do not had, identify for described third party's application apparatus distributes new application example, and the Request Token without subscriber authorisation of described application example mark, generation is returned to third party's application apparatus with corresponding token key;

The application example identification renewal that step 2, third party's application apparatus return to open platform is to local, and continue to carry described application example mark and carry out follow-up OAuth authentication request, the application example mark guiding user that open platform is sent by third party's application apparatus is to resource authorization, then, after third party's application apparatus being authenticated and passed through according to application example mark and third party's application identities, issue Access Token and corresponding key to third party's application apparatus.

In order to achieve the above object, the present invention also provides a kind of open platform security certification system based on OAuth agreement, include open platform and several third party's application apparatus, described open platform is connected by network with third party's application apparatus, and described open platform further includes:

Certificate Authority unit, for receiving and check the access request of the undelegated Request Token of application that third party's application apparatus sends, whether carry and on open platform, preserve consistent application example identification information, if do not had, identify for described third party's application apparatus distributes new application example, and the Request Token without subscriber authorisation of described application example mark, generation is returned to third party's application apparatus with corresponding token key; Then identify according to third party's application apparatus entrained application example in follow-up OAuth authentication request, guiding user authorizes resource, after finally third party's application apparatus being authenticated and passed through according to application example mark and third party's application identification information, issue Access Token and corresponding key to third party's application apparatus.

Compared with prior art, the invention has the beneficial effects as follows: the present invention is by the parameter of expansion OAuth agreement, increasing application example mark oauth_consumer_key_id identifies each third party's application apparatus (being that third party applies running example), open platform certification and authentication to liking third party's application apparatus, carry out Hard Authentication and authentication thereby realized the business scenario that multiple third parties are applied to running example; And can be according to third party's application apparatus after authentication success, entrained application example mark and third party's application identities when the resource of the AP services I calling party mandate by open platform, service request to third party's application and end user records and adds up, thereby has flexible charging ability.

Brief description of the drawings

Fig. 1 is the flow chart of a kind of open platform safety certifying method based on OAuth agreement of the present invention.

Fig. 2 is the signaling process figure of embodiment of the method shown in Fig. 1.

Fig. 3 is the composition structural representation of the embodiment of a kind of open platform security certification system based on OAuth agreement of the present invention.

Fig. 4 is the composition structural representation of open platform.

Embodiment

For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing, the present invention is described in further detail.

For the typical application scenarios of above-mentioned movement, the Internet, the present invention is by expanding the parameter of OAuth agreement: application example mark oauth_consumer_key_id, identifies third party's application apparatus of each access open platform.

As shown in Figure 1, a kind of open platform safety certifying method based on OAuth agreement of the present invention, includes:

Step 1, in the time that user sends the resource request of access open platform to third party's application apparatus, whether does is third party's application apparatus inspection this locality assigned application example mark? if had, carry described application example mark and initiate the access request of the undelegated Request Token of application to the Request Token URL address of open platform; If no, directly initiate the access request of the undelegated Request Token of application to the Request Token URL address of open platform;

In the access request of the undelegated Request Token of application that step 2, open platform inspection third party application apparatus are sent, whether carry and on open platform, preserve consistent application example identification information, if do not had, identify for described third party's application apparatus distributes new application example, and the Request Token without subscriber authorisation of described application example mark, generation is returned to third party's application apparatus with corresponding token key;

The application example identification renewal that step 3, third party's application apparatus return to open platform is to local, and continue to carry described application example mark and carry out follow-up OAuth authentication request, the application example mark guiding user that open platform is sent by third party's application apparatus is to resource authorization, then, after third party's application apparatus being authenticated and passed through according to application example mark and third party's application identities, issue Access Token and corresponding key to third party's application apparatus;

Step 4, third party's application apparatus are after authentication success, carry the parameter informations such as application example mark, third party's application identities and Access Token, the resource of the AP services I calling party mandate by open platform, open platform is according to described application example mark and third party's application identities, service request to third party's application and end user is carried out record, and described recorded information can be for charging.

In the Access Token term of validity, the resource that third party's application apparatus can directly have been authorized by the AP services I calling party of open platform; Open platform, according to described application example mark and third party's application identities, records and charging user's service request.

Described third party's application apparatus, third party applies running example, is the hardware terminal of downloading and be provided with third party application copy.Described hardware terminal can be mobile phone, computer, the webserver etc.According to the inventive method, open platform certification and authentication to liking each third party's application apparatus, that is to say, the third party on different terminals applies running example.

Described application example mark generates by open platform is unified.It should be noted that described third party's application identities identifies for the third party's application to different, and application example mark is for identifying different third party's application apparatus of each third party's application.Because an open platform may have up to a hundred third party's application, and each third party applies corresponding to user up to ten thousand, like this in the time that millions of users initiate access request simultaneously, for guaranteeing that open platform can effectively authenticate and authentication each third party's application apparatus, the application example mark with different third party's application apparatus of identical third party's application identities should have uniqueness, each third party is being applied under the prerequisite indicating by third party's application identities, further identify different third party's application apparatus of same third party's application are indicated by application example.Described application example mark can adopt time series add sequence number/or the mode of random number represent, as adopted " YYYYMMDDHHMMSS " (date Hour Minute Second)+4 random numbers.

Described step 2 further includes:

Does the access request of the undelegated Request Token of application that step 21, open platform reception third party application apparatus are sent, check that in described access request, carrying application example identifies? if had, continue step 22; If nothing, continues step 23;

Do step 22, open platform check that described application example mark is consistent with the application example mark of preserving on open platform? if so, the Request Token without subscriber authorisation of described application example mark, generation is returned to third party's application apparatus with corresponding token key; If not, continue step 23;

Step 23, open platform generate and preserve new application example mark, then the Request Token without subscriber authorisation of described application example mark, generation are returned to third party's application apparatus with corresponding token key.

Described step 3 further includes:

The application example identification renewal that step 31, third party's application apparatus return to open platform is to local, and carry application example mark, send the access request of the Request Token of request user authorization to open platform, open platform identifies according to described application example, the resource that guiding user accesses third party's application apparatus is authorized, and the most backward third party's application apparatus returns to the Request Token of subscriber authorisation;

Step 32, third party's application apparatus carry application example mark and third party's application identities, send and will authorize Request Token to exchange into the request of Access Token for to open platform, open platform is according to described application example mark and third party's application identification information, inquire about the Request Token of corresponding subscriber authorisation, after described request authentication is passed through, issue Access Token and corresponding key to third party's application apparatus.

Fig. 2 is the signaling process figure of embodiment of the method shown in Fig. 1, is described in detail as follows:

Step 1, user pass through the access interface of third party's application apparatus, the request of sending access services to third party's application apparatus, and described service need to be accessed the data resource or the network capabilities that are kept on open platform;

Step 2, third party's application apparatus carry application example mark, initiate the access request of the undelegated Request Token of application to the Request Token URL address of open platform;

Step 3, open platform check in the access request of the undelegated Request Token of described application, whether to carry application example mark, and to third party's application apparatus return application example mark, generate without the Request Token of subscriber authorisation and corresponding token key;

The application example identification renewal that step 4, third party's application apparatus return to open platform is to local, then initiate the access request of the Request Token of request user authorization to the User Authorization URL address of open platform, in described access request, carry application example mark, without the Request Token of subscriber authorisation and corresponding token key;

Step 5, open platform identify according to described application example, and data resource or network capabilities that guiding user accesses third party's application apparatus are authorized;

Step 6, user can pass through the modes such as usemame/password or identifying code, and authorized third party application apparatus can be accessed described data resource or network capabilities;

Step 7, open platform return to the Request Token of subscriber authorisation to third party's application apparatus;

Step 8, third party's application apparatus initiate to the Access Token URL address of open platform, by authorizing Request Token to exchange into the request of Access Token for, to carry application example mark in described request;

Step 9, open platform, according to application example mark and third party's application identities, are inquired about the Request Token of corresponding subscriber authorisation, after described request authentication is passed through, issue Access Token and corresponding key to third party's application apparatus;

Step 10, third party's application apparatus carry the parameter informations such as application example mark, third party's application identities, Access Token, the resource of the AP services I calling party mandate by open platform;

The AP services I of step 11, open platform returns to the data resource calling to third party's application apparatus;

Step 12, third party's application apparatus complete this service to user.

As shown in Figure 3, a kind of open platform security certification system based on OAuth agreement of the present invention, include open platform and several third party's application apparatus (as third party's application apparatus 1, third party's application apparatus 2 ..., third party's application apparatus n), described open platform is connected by network with third party's application apparatus.Wherein, third party's application apparatus can be taked client or server mode, and for example third party's application apparatus 1 and third party's application apparatus n are respectively mobile phone or the computer of user 1 and user m, and third party's application apparatus 2 is webservers; User can initiate the access request to same third party's application from different hardware terminals, and for example user 1 sends access request from third party's application apparatus 1 or third party's application apparatus 2 respectively.

As shown in Figure 4, open platform can further include Certificate Authority unit and Charging Detail Record unit, wherein:

Certificate Authority unit, for receiving and check the access request of the undelegated Request Token of application that third party's application apparatus sends, whether carry and on open platform, preserve consistent application example identification information, if do not had, identify for described third party's application apparatus distributes new application example, and the Request Token without subscriber authorisation of described application example mark, generation is returned to third party's application apparatus with corresponding token key; Then identify according to third party's application apparatus entrained application example in follow-up OAuth authentication request, guiding user authorizes resource, after finally third party's application apparatus being authenticated and passed through according to application example mark and third party's application identification information, issue Access Token and corresponding key to third party's application apparatus;

Charging Detail Record unit, for after third party's application apparatus authentication success, entrained application example mark and third party's application identification information when the resource of the AP services I calling party mandate according to third party's application apparatus by open platform, applies and end user's service request records and charging third party.

Described third party's application apparatus, it is the hardware terminal of downloading and be provided with third party application copy, for receiving the resource request of the access open platform that user sends, and check whether this locality has been assigned application example mark, if had, carry described application example mark and initiate the access request of the undelegated Request Token of application to the Request Token URL address of open platform; The application example identification renewal that open platform is returned is extremely local, and carries described application example mark and carry out follow-up OAuth authentication request.

Described open platform can be connected by the Internet or mobile network with third party's application apparatus, and described third party's application apparatus can be mobile phone, computer, the webserver.

What deserves to be explained is, in the time again downloading and third party application copy is installed in terminal, the application example mark that original third party's application apparatus is corresponding can become the junk data of open platform, needs timing to remove.Therefore, can adopt the application example mark term of validity identical with Access Token, in the time that Access Token lost efficacy, application example mark is done crash handling equally like this, open platform is regularly removed the application example identification information of inefficacy, thus optimization system environment.

The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any amendment of making, be equal to replacement, improvement etc., within all should being included in the scope of protection of the invention.

Claims (13)

1. the open platform safety certifying method based on OAuth agreement, is characterized in that, described method includes:
In the access request of the undelegated Request Token of application that step 1, open platform inspection third party application apparatus are sent, whether carry and on open platform, preserve consistent application example identification information, if do not had, identify for described third party's application apparatus distributes new application example, and the Request Token without subscriber authorisation of described application example mark, generation is returned to third party's application apparatus with corresponding token key;
The application example identification renewal that step 2, third party's application apparatus return to open platform is to local, and continue to carry described application example mark and carry out follow-up OAuth authentication request, the application example mark guiding user that open platform is sent by third party's application apparatus is to resource authorization, then, after third party's application apparatus being authenticated and passed through according to application example mark and third party's application identities, issue Access Token and corresponding key to third party's application apparatus.
2. method according to claim 1, is characterized in that, described third party's application apparatus is the hardware terminal of downloading and be provided with third party application copy, and described hardware terminal can be mobile phone, computer or the webserver.
3. method according to claim 2, it is characterized in that, in the time again downloading on third party's application apparatus and third party application copy be installed, the application example mark that original third party's application apparatus is corresponding needs timing to remove, described application example mark adopts the term of validity identical with Access Token, in the time that Access Token lost efficacy, application example mark is done crash handling equally like this, and open platform is regularly removed the application example identification information of inefficacy.
4. method according to claim 1, it is characterized in that, described application example mark generates by open platform is unified, for different third party's application apparatus of each third party's application are identified, the application example mark with different third party's application apparatus of identical third party's application identities has uniqueness, and described application example identifies the mode that can adopt time series to add sequence number or random number and represents.
5. method according to claim 1, is characterized in that, described method also includes:
In the time that user sends the resource request of access open platform to third party's application apparatus, if whether third party's application apparatus inspection this locality has been assigned application example, mark has, and carries described application example mark and initiates the access request of the undelegated Request Token of application to the Request Token URL address of open platform; If no, directly initiate the access request of the undelegated Request Token of application to the Request Token URL address of open platform.
6. method according to claim 1, is characterized in that, described method also includes:
Third party's application apparatus is after authentication success, carry application example mark, third party's application identities and Access Token parameter information, the resource of the AP services I calling party mandate by open platform, open platform is according to described application example mark and third party's application identities, service request to third party's application and end user is carried out record, and described recorded information can be for charging.
7. method according to claim 1, is characterized in that, described step 1 further includes:
The access request of the undelegated RequestToken of application that step 11, open platform reception third party application apparatus are sent, if check that whether carrying application example mark in described access request has, and continues step 12; If nothing, continues step 13;
Step 12, open platform check that whether described application example mark is consistent with the application example mark of preserving on open platform if the RequestToken without subscriber authorisation of described application example mark, generation is returned to third party's application apparatus with corresponding token key; If not, continue step 13;
Step 13, open platform generate and preserve new application example mark, then the Request Token without subscriber authorisation of described application example mark, generation are returned to third party's application apparatus with corresponding token key.
8. method according to claim 1, is characterized in that, described step 2 further includes:
The application example identification renewal that step 21, third party's application apparatus return to open platform is to local, and carry application example mark, send the access request of the RequestToken of request user authorization to open platform, open platform identifies according to described application example, the resource that guiding user accesses third party's application apparatus is authorized, and the most backward third party's application apparatus returns to the Request Token of subscriber authorisation;
Step 22, third party's application apparatus carry application example mark and third party's application identities, send and will authorize Request Token to exchange into the request of Access Token for to open platform, open platform is according to described application example mark and third party's application identification information, inquire about the RequestToken of corresponding subscriber authorisation, after described request authentication is passed through, issue Access Token and corresponding key to third party's application apparatus.
9. the open platform security certification system based on OAuth agreement, includes open platform and several third party's application apparatus, and described open platform is connected by network with third party's application apparatus, it is characterized in that, described open platform further includes:
Certificate Authority unit, for receiving and check the access request of the undelegated Request Token of application that third party's application apparatus sends, whether carry and on open platform, preserve consistent application example identification information, if do not had, identify for described third party's application apparatus distributes new application example, and the Request Token without subscriber authorisation of described application example mark, generation is returned to third party's application apparatus with corresponding token key; Then identify according to third party's application apparatus entrained application example in follow-up OAuth authentication request, guiding user authorizes resource, after finally third party's application apparatus being authenticated and passed through according to application example mark and third party's application identification information, issue Access Token and corresponding key to third party's application apparatus.
10. system according to claim 9, it is characterized in that, described application example mark generates by open platform is unified, for different third party's application apparatus of each third party's application are identified, the application example mark with different third party's application apparatus of identical third party's application identities has uniqueness, and described application example identifies the mode that can adopt time series to add sequence number or random number and represents.
11. systems according to claim 9, is characterized in that,
Described third party's application apparatus, it is the hardware terminal of downloading and be provided with third party application copy, for receiving the resource request of the access open platform that user sends, and check whether this locality has been assigned application example mark, if had, carry described application example mark and initiate the access request of the undelegated Request Token of application to the Request Token URL address of open platform; The application example identification renewal that open platform is returned is extremely local, and carries described application example mark and carry out follow-up OAuth authentication request, and described third party's application apparatus can be mobile phone, computer, the webserver.
12. systems according to claim 11, it is characterized in that, in the time again downloading on third party's application apparatus and third party application copy be installed, the application example mark that original third party's application apparatus is corresponding needs timing to remove, described application example mark adopts the term of validity identical with Access Token, in the time that Access Token lost efficacy, application example mark is done crash handling equally like this, and open platform is regularly removed the application example identification information of inefficacy.
13. systems according to claim 9, is characterized in that, described open platform also includes:
Charging Detail Record unit, for after third party's application apparatus authentication success, entrained application example mark and third party's application identification information when the resource of the AP services I calling party mandate according to third party's application apparatus by open platform, applies and end user's service request records and charging third party.
CN201110354138.8A 2011-11-10 2011-11-10 OAuth protocol-based safety certificate method of open platform and system thereof CN102394887B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110354138.8A CN102394887B (en) 2011-11-10 2011-11-10 OAuth protocol-based safety certificate method of open platform and system thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110354138.8A CN102394887B (en) 2011-11-10 2011-11-10 OAuth protocol-based safety certificate method of open platform and system thereof

Publications (2)

Publication Number Publication Date
CN102394887A CN102394887A (en) 2012-03-28
CN102394887B true CN102394887B (en) 2014-07-09

Family

ID=45862093

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110354138.8A CN102394887B (en) 2011-11-10 2011-11-10 OAuth protocol-based safety certificate method of open platform and system thereof

Country Status (1)

Country Link
CN (1) CN102394887B (en)

Families Citing this family (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103179176B (en) * 2011-12-26 2016-01-20 中国移动通信集团公司 The call method that web applies under cloud/cluster environment, device and system
CN104994064B (en) * 2012-03-29 2018-06-26 北京奇虎科技有限公司 A kind of authorization and authentication method and system based on client plug-in
CN103378969B (en) * 2012-04-12 2018-04-17 腾讯科技(北京)有限公司 A kind of authorization method, system and third-party application system
JP6006533B2 (en) * 2012-05-25 2016-10-12 キヤノン株式会社 Authorization server and client device, server linkage system, and token management method
CN102710640B (en) * 2012-05-31 2015-03-18 中国联合网络通信集团有限公司 Authorization requesting method, device and system
CN102724647B (en) * 2012-06-06 2014-08-13 电子科技大学 Method and system for access capability authorization
CN103475628B (en) * 2012-06-07 2017-08-15 腾讯科技(北京)有限公司 The method and system that microblog users resource security is accessed is realized by third party's interface
CN102724204B (en) * 2012-06-28 2015-04-22 电子科技大学 Secure and trusted capability opening platform
CN103581140B (en) * 2012-08-03 2018-02-27 腾讯科技(深圳)有限公司 Authentication control method and device and system, authorization requests method and device
CN102833250B (en) * 2012-08-28 2016-04-13 华南理工大学 A kind of method for managing security interconnected for vehicle-mounted mobile and system
CN103685341B (en) * 2012-08-31 2016-12-28 百度在线网络技术(北京)有限公司 The offer method of cloud storage data center and cloud storage data
CN103716283B (en) 2012-09-29 2017-03-08 国际商业机器公司 For processing the method and system of the OAuth certification of the Web service called on stream
CN102904894B (en) * 2012-10-22 2016-12-21 北京奇虎科技有限公司 Token management method and system
CN102891859B (en) * 2012-10-22 2016-05-25 北京奇虎科技有限公司 A kind of expired treatment system of token interface and method
CN102946397B (en) * 2012-11-26 2015-11-25 北京奇虎科技有限公司 User authen method and system
CN102946396B (en) * 2012-11-26 2015-09-16 北京奇虎科技有限公司 User agent's device, host web server and user authen method
CN103905376B (en) * 2012-12-25 2017-07-04 中国电信股份有限公司 A kind of method and system that two-way authentication is carried out based on OAUTH agreements
CN104022875B (en) 2013-03-01 2017-09-01 中兴通讯股份有限公司 A kind of two-way authorization system, client and method
CN104113465B (en) * 2013-04-16 2015-10-21 腾讯科技(深圳)有限公司 Realize the method and system of Message Processing in instant messaging open platform
US9634963B2 (en) 2013-04-16 2017-04-25 Tencent Technology (Shenzhen) Company Limited Method and system for handling message on instant messaging open platform
CN104426719A (en) * 2013-09-11 2015-03-18 方正信息产业控股有限公司 Data transfer method and device based on OAUTH (open authorization) protocol testing
CN104580074B (en) * 2013-10-14 2018-08-24 阿里巴巴集团控股有限公司 The login method of client application and its corresponding server
CN104734849B (en) * 2013-12-19 2018-09-18 阿里巴巴集团控股有限公司 The method and system that third-party application is authenticated
CN103888451B (en) * 2014-03-10 2017-09-26 百度在线网络技术(北京)有限公司 Authorization method, the apparatus and system of certification
CN103927376A (en) * 2014-04-25 2014-07-16 广州壹网网络技术有限公司 System and method for conducting information spreading through third party social account
CN104199654B (en) * 2014-08-27 2019-01-11 百度在线网络技术(北京)有限公司 The call method and device of open platform
CN104618369A (en) * 2015-01-27 2015-05-13 广州市戴为智能科技有限公司 Method, device and system for unique authorization of Internet-of-Things equipment based on OAuth
CN105099704B (en) * 2015-08-13 2018-12-28 上海博路信息技术有限公司 A kind of OAuth service based on bio-identification
CN107645474A (en) * 2016-07-20 2018-01-30 腾讯科技(深圳)有限公司 Log in the method for open platform and log in the device of open platform
CN106534175B (en) * 2016-12-07 2019-06-21 西安电子科技大学 Open platform authorization identifying system and method based on OAuth agreement
CN107147496A (en) * 2017-04-28 2017-09-08 广东网金控股股份有限公司 Under a kind of service-oriented technological frame between different application unified authorization certification method
CN107332861A (en) * 2017-08-11 2017-11-07 杭州亿方云网络科技有限公司 A kind of open platform architecture system based on OAuth agreements
CN108337227B (en) * 2017-12-22 2019-01-29 北京深思数盾科技股份有限公司 Method and middleware based on OpenID account login application program

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010136323A1 (en) * 2009-05-29 2010-12-02 Alcatel Lucent System and method for accessing private digital content

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010136323A1 (en) * 2009-05-29 2010-12-02 Alcatel Lucent System and method for accessing private digital content

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
张卫全,胡志远.浅析作用于web2.0安全防范的OpenID和OAuth机制.《通信管理与技术》.2011,(第2期),15-18.
浅析作用于web2.0安全防范的OpenID和OAuth机制;张卫全,胡志远;《通信管理与技术》;20110430(第2期);第15-18页 *

Also Published As

Publication number Publication date
CN102394887A (en) 2012-03-28

Similar Documents

Publication Publication Date Title
US9357384B2 (en) System and method to support identity theft protection as part of a distributed service oriented ecosystem
US8869253B2 (en) Electronic system for securing electronic services
CN105379223B (en) Manage the method and apparatus to the access of ERM
US8973122B2 (en) Token based two factor authentication and virtual private networking system for network management and security and online third party multiple network management method
JP5516821B2 (en) System and method for remote maintenance of multiple clients in an electronic network using virtualization and authentication
CN1943203B (en) For the first mark of verifying entity and the method for the second mark
AU2012239057B2 (en) Method and system for authenticating entities by means of terminals
KR100632984B1 (en) Method and apparatus for certification and authentication of users and computers over networks
US20130179981A1 (en) Computer Implemented Method, Computer System And Nontransitory Computer Readable Storage Medium Having HTTP Module
JP2006525563A (en) User and web site authentication method and apparatus
US9038196B2 (en) Method for authenticating a user requesting a transaction with a service provider
CN102257505B (en) For providing the equipment and method that access through authorization device
CN105027493B (en) Safety moving application connection bus
US20120311326A1 (en) Apparatus and method for providing personal information sharing service using signed callback url message
Patel et al. Ticket based service access for the mobile user
ES2596308T3 (en) Method and provision for secure authentication
US20140245417A1 (en) Centralized secure management method of third-party application, system and corresponding communication system
CN102378170B (en) Method, device and system of authentication and service calling
KR19990072671A (en) Centralized Certificate Management System for Two-way Interactive Communication Devices in Date Networks
Oppliger Microsoft. net passport: A security analysis
WO2003012645A1 (en) Entity authentication in a shared hosting computer network environment
CN102195957B (en) Resource sharing method, device and system
CN104253784B (en) Method, system, third party's terminal and the interconnected server for logging in and authorizing
KR100925329B1 (en) Method and apparatus of mutual authentication and key distribution for downloadable conditional access system in digital cable broadcasting network
CN101925920B (en) Server certificate issuing system and person authentication method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20140709

Termination date: 20161110