CN104158802A - Platform authorization method, platform service side, application client side and system - Google Patents
Platform authorization method, platform service side, application client side and system Download PDFInfo
- Publication number
- CN104158802A CN104158802A CN201410364286.1A CN201410364286A CN104158802A CN 104158802 A CN104158802 A CN 104158802A CN 201410364286 A CN201410364286 A CN 201410364286A CN 104158802 A CN104158802 A CN 104158802A
- Authority
- CN
- China
- Prior art keywords
- platform service
- applications client
- service end
- checking
- authentication information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The embodiment of the invention discloses a platform authorization method, a platform service side, an application client side and a system. The platform authorization method comprises the following steps: a first validation message sent by the application client side through a first pathway is received and a terminal identifier is acquired; the mapping relation between received random character strings and the terminal identifier is recorded; a second validation message sent by the application client side through a second pathway is received; identity certification information submitted during a registration process is read from a data base according to an identity identifier; signature is conducted on the extracted identity certification information; if a generated signature value is consistent with a received signature value, a corresponding terminal identifier is extracted from the recorded mapping relation according to the random character strings; corresponding information on a user account is acquired according to the terminal identifier; an authorized access token is generated according to the information on the user account and the identity identification information; the authorized access token is sent to the application client side. According to the technical scheme provided by the embodiment of the invention, the user cannot perceive the authorization process and the authorization safety can be further improved.
Description
Technical field
The present invention relates to computer communication technology field, relate in particular to a kind of platform authorization method, platform service end and applications client and system.
Background technology
Open platform refer to by website, provided, towards third-party open infrastructure service platform, such as the open cloud platform such as Baidu, Tengxun, Ali, Sina's microblogging.Third-party applications client is for cloud ability and the user data of the various high values that obtain these open platforms and provide, the open interface of authorizing of supporting that each large platform provides is removed in capital, to obtain user, on these platforms, give the granted access token producing after this application client authorization, and obtain by the OpenAPI (Open Application Programming Interface, open application interface) that access token calls each large platform and provides cloud ability and the related data of user on corresponding open platform that this application client needs.
In prior art, user needs before to applications client mandate the first existing account based on user to login this platform, otherwise which user platform cannot know will be corresponding applications client mandate, and in order to guarantee safety, generally all need applications client to provide network view (WebView) or external browser to load the login authorization page that corresponding platform provides, user logins mandate in this login authorization page, so that applications client can not directly touch the sensitive informations such as user's account, password.But it is very disagreeableness many times that such flow process is experienced:
During the first, due to mandate, need to load a web page (webpage), and the loading velocity of web page depends on the network speed of user's mobile device, under most of 2G environment, the loading velocity of this page is extremely slow, and user need to wait for just can see login mandate interface for a long time;
The second, because web page is provided by the unification of open platform end, it is generally to carry out flexibly customizing to the style of this page, layout, content etc. that third party applies, many times, the style of this page can be come in and gone out very large with the style of applications client self, third party is applied and be difficult to accept, especially third party, play in application;
If three, applications client loads login by external browser and authorizes page, the sharply decline that can cause user to experience, if loaded by WebView, third party application remains way and takes the sensitive informations such as the account of user's input, password, and its fail safe is not high enough;
Four, when applications client needs user data that a plurality of open platforms provide and cloud ability to realize a function simultaneously, must try every possible means to guide user on a plurality of platforms, to login in turn mandate, in the situation that each login mandate all will go out a login mandate interface, such work cannot effectively be carried out substantially.Applications client needs, and in the interference-free situation of user, the smooth and easy licensing issue that completes a plurality of platforms, could obtain maximum conversion ratio like this.
Summary of the invention
In view of this, the embodiment of the present invention provides a kind of platform authorization method, platform service end and applications client and system, obtains the mechanism of platform service end mandate to improve applications client.
First aspect, the embodiment of the present invention provides a kind of platform authorization method of platform service end, comprising:
Platform service termination is received the terminal iidentification that applications client is verified message by first of the first path transmission and obtained described applications client place terminal, and described the first checking message comprises random string;
Described platform service end carries out record to the mapping relations between received random string and described terminal iidentification;
Described platform service termination is received the second checking message that described applications client sends by the second path, described the second checking message comprises described random string, the signature value that described applications client is signed and generated authentication information by default signature algorithm, and authentication information described in registration process is in identify label corresponding to described platform service end;
Described platform service end reads according to received described identify label the authentication information of submitting in registration process from database, and by default signature algorithm, extracted authentication information is signed and generated signature value;
If the signature value that described platform service end checking generates is consistent with received signature value, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification;
Described platform service end generates granted access token according to described user account information and described authentication information, sends to described applications client.
Second aspect, the embodiment of the present invention also provides a kind of platform authorization method of applications client, comprising:
Applications client sends the first checking message by first via radial platform service end, described the first checking message comprises random string, for described platform service end, the mapping relations between described random string and the terminal iidentification of described applications client place terminal is carried out to record;
Applications client is signed and is generated signature value authentication information by default signature algorithm;
Applications client sends the second checking message by the second path to described platform service end, described the second checking message comprises described random string, described signature value, and authentication information described in registration process is in identify label corresponding to described platform service end, for described platform service end, according to described identify label, from database, read the authentication information of submitting in registration process, and by default signature algorithm, extracted authentication information is signed and generated signature value, if the signature value that described platform service end checking generates is consistent with received signature value, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification, and generate granted access token according to described user account information and described authentication information,
Applications client receives the granted access token that described platform service end sends.
The third aspect, the embodiment of the present invention also provides a kind of platform service end, comprising:
The first checking message sink unit, the terminal iidentification of verifying message by first of the first path transmission and obtaining described applications client place terminal for receiving applications client, described the first checking message comprises random string;
Mapping relations record cell, carries out record for the mapping relations between the random string to received and described terminal iidentification;
The second checking message sink unit, the the second checking message sending by the second path for receiving described applications client, described the second checking message comprises described random string, the signature value that described applications client is signed and generated authentication information by default signature algorithm, and authentication information described in registration process is in identify label corresponding to described platform service end;
Information extraction and signature unit, for reading from database the authentication information of submitting to registration process according to received described identify label, and signed and generate signature value extracted authentication information by default signature algorithm;
Account information acquiring unit, if the signature value generating for checking is consistent with received signature value, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification;
Granted unit, for generating granted access token according to described user account information and described authentication information, sends to described applications client.
Fourth aspect, the embodiment of the present invention also provides a kind of applications client, comprising:
The first checking message sending unit, for send the first checking message by first via radial platform service end, described the first checking message comprises random string, for described platform service end, the mapping relations between described random string and the terminal iidentification of described applications client place terminal is carried out to record;
Signature unit, for being signed and generate signature value authentication information by default signature algorithm;
The second checking message sending unit, for sending the second checking message by the second path to described platform service end, described the second checking message comprises described random string, described signature value, and authentication information described in registration process is in identify label corresponding to described platform service end, for described platform service end, according to described identify label, from database, read the authentication information of submitting in registration process, and by default signature algorithm, extracted authentication information is signed and generated signature value, if the signature value that described platform service end checking generates is consistent with received signature value, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification, and generate granted access token according to described user account information and described authentication information,
Granted access token receiving element, the granted access token sending for receiving described platform service end.
The 5th side's application surface, the embodiment of the present invention also provides a kind of platform authorization method, comprising:
Applications client sends the first checking message by first via radial platform service end, and described the first checking message comprises random string;
Platform service termination is received the terminal iidentification that applications client is verified message by first of the first path transmission and obtained described applications client place terminal;
Described platform service end carries out record to the mapping relations between received random string and described terminal iidentification;
Applications client is signed and is generated signature value authentication information by default signature algorithm;
Applications client sends the second checking message by the second path to described platform service end, described the second checking message comprises described random string, described signature value, and authentication information described in registration process is in identify label corresponding to described platform service end;
Described platform service termination is received the second checking message that described applications client sends by the second path;
Described platform service end reads according to received described identify label the authentication information of submitting in registration process from database, and by default signature algorithm, extracted authentication information is signed and generated signature value;
If the signature value that described platform service end checking generates is consistent with received signature value, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification;
Described platform service end generates granted access token according to described user account information and described authentication information, sends to described applications client;
Applications client receives the granted access token that described platform service end sends.
The 6th aspect, the embodiment of the present invention also provides a kind of platform authoring system, comprising: the applications client that the platform service end that any embodiment of the present invention provides and any embodiment of the present invention provide.
The technical scheme that the embodiment of the present invention proposes sends respectively by applications client the first checking message that comprises random string to platform service end by two paths, comprise described random string, the second checking message of signature value and identify label, if it is consistent with received signature value to the sign signature value of generation of authentication information that described platform service end is verified default signature algorithm, according to described random string, obtain corresponding user account information, and generate granted access token according to described user account information and described authentication information, send to described applications client, without logining by webpage, can make user to licensing process unaware, and can further improve the fail safe of mandate.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme in the embodiment of the present invention, below the accompanying drawing of required use during the embodiment of the present invention is described is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to the content of the embodiment of the present invention and these accompanying drawings other accompanying drawing.
Fig. 1 is the flow chart of the platform authorization method of the platform service end described in the embodiment of the present invention one;
Fig. 2 is the flow chart of the platform authorization method of the applications client described in the embodiment of the present invention two;
Fig. 3 is the structured flowchart of the platform service end described in the embodiment of the present invention three;
Fig. 4 is the structured flowchart of the applications client described in the embodiment of the present invention four;
Fig. 5 is the mutual schematic diagram of platform service end and applications client in the platform authorization method described in the embodiment of the present invention five;
Fig. 6 is the flow chart of the platform authorization method described in the embodiment of the present invention six.
Embodiment
For the technical scheme of technical problem that the present invention is solved, employing and the technique effect that reaches clearer, below in conjunction with accompanying drawing, the technical scheme of the embodiment of the present invention is described in further detail, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those skilled in the art, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
Below in conjunction with accompanying drawing and by embodiment, further illustrate technical scheme of the present invention.
Embodiment mono-
Fig. 1 is the platform authorization method flow chart of the platform service end that provides of the embodiment of the present invention one, the present embodiment applicable in applications client request call open platform, need terminal use to authorize OpenAPI time obtain granted access token situation, wherein, described applications client can be for being installed on the system tool in application software, instant communication client, Entertainment client or the terminal in terminal, i.e. third party's application.The method can be brought in execution by platform service, and platform service end is to third party application, to provide the server of platform service, and as shown in Figure 1, the platform authorization method of the platform service end described in the present embodiment comprises:
S101, platform service termination are received the terminal iidentification that applications client is verified message by first of the first path transmission and obtained described applications client place terminal, and described the first checking message comprises random string.
In order to prevent applications client, maliciously obtain the user data of platform side, the first checking message that system interface by calling terminal system and providing sends to platform service end is provided the first checking message sending by the first path, for example, can call short message interface and forward described the first checking message by Short Message Service Gateway.
As preferably, described applications client generates random string, and creates and comprise described random string and destination address is the checking note of described platform service end.Described applications client sends described checking note to Short Message Service Gateway, indicates described Short Message Service Gateway that described checking note is carried out to protocol conversion, generates the first checking message that comprises described random string, sends to described platform service end.Short Message Service Gateway can extract the terminal iidentification of note transmit leg from checking note, is carried in the first checking message and sends, and described platform service termination is extracted described random string and terminal iidentification after receiving.
S102, described platform service end carry out record to the mapping relations between received random string and described terminal iidentification.
Described terminal iidentification is the identification code for unique distinguishing terminal, as long as during the first checking message that platform service termination receipts applications client sends by the first path, which terminal can be used for identifying is, described terminal iidentification includes but not limited to the device identification of telephone number and terminal.Terminal iidentification is used for identifying the account of oneself conventionally by user, can obtain accordingly accounts information.
S103, described platform service termination are received the second checking message that described applications client sends by the second path, described the second checking message comprises described random string, the signature value that described applications client is signed and generated authentication information by default signature algorithm, and authentication information described in registration process is in identify label corresponding to described platform service end.
In the process that applications client or application server are registered on platform service end, platform service end can be each applications client or an identify label of application server distribution, for each applications client or application server are carried out to unique identification, i.e. this identify label and corresponding authentication information can, corresponding to an applications client, can be also all applications client corresponding to a class application service.Meanwhile, for the sake of security, in registration process, each applications client or application server also can be submitted authentication information (for example applying key) to platform service end, to carry out authentication.At platform service end, can in database, to the mapping relations between described identify label and described authentication information, carry out record, for associative search.Each applications client or application server, when initiating access request to platform service end, need to send identify label and authentication information in order to carry out identity difference and authentication, for example, authentication information is used as to bag name and packet signature.
Further, described the second checking message also can comprise the data access authority list that described applications client expectation is obtained.
In order to guarantee safety, described the second path can be based on SSL (Secure Sockets Layer, SSL) agreement, further, described the second path can be based on HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer, Secure Hypertext Transfer Protocol) agreement.For example, the second checking message sending based on described the second path can be the HTTPS request sending based on HTTPS.In order to prevent applications client, utilize described the second path maliciously to obtain the user data of platform side, applications client need to be done necessary security protection for described the second path and to promote other clients, utilize difficulty and the cost in this path, for example provide socket SOCKET interface to replace HTTP (Hypertext Transfer Protocol, HTML (Hypertext Markup Language)) interface, described the second checking message is made to corresponding symmetric cryptography or asymmetric encryption, increase anti-across the request forgery attack processing policy etc. of standing.
S104, described platform service end read according to received described identify label the authentication information of submitting in registration process from database, and by default signature algorithm, extracted authentication information are signed and generated signature value.
The mapping relations of described platform service end between identify label and described authentication information, according to received described identify label, extract authentication information.
In order further to improve security performance, as preferably, this operation also can increase the operation of an expired judgement, expired to determine whether.Be specially: platform service end carries out expired checking to the network time stamp in the second checking message receiving, judge that the difference of current system timestamp and described network time stamp is whether in pre-set threshold value, if not within the scope of pre-set threshold value, think a Replay Attack request, directly return to corresponding error message, otherwise continue next step.
If the signature value that the described platform service end checking of S105 generates is consistent with received signature value, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification.
S106, described platform service end generate granted access token according to described user account information and described authentication information, send to described applications client.
Platform service end can send to described applications client by described the first path or described the second path by generating granted access token, due to size of data problem with to the data of receiving property easy to use problem, be preferably by described the second path and send.
The granted access token that the applications client of third party's application gets from platform service end, the OpenAPI interface that can provide by described granted access token calling platform side obtains corresponding cloud ability and user data.
As preferably, described the second checking message also comprises described applications client expected data list of access rights, and this operation also can comprise: according to described user account information, described authentication information and expected data list of access rights, generate granted access token.
Further, if obtain the operation failure of corresponding user account information according to described terminal iidentification, according to described terminal iidentification registration, obtain new user account information.That is, if there is no described account information, can be according to user account of the terminal iidentification auto registration obtaining by described the first path.
Further, in described access token, also can comprise described platform service end is the data access authority list that the authority information opened of described applications client and/or expectation are obtained.It should be noted that, the present embodiment is applicable to the granted access token situation of an one or more open platform of applications client acquisition request.
It should be noted that, the first path described in the present embodiment and described the second path are two different paths, applications client is sent and is verified that the opportunity of message can be identical by two paths respectively, also can be successively different, before only extracting the step of corresponding terminal iidentification according to described random string from recorded described mapping relations in the satisfied operation of needs S105, operation S102 completes, be preferably the first checking message and second and verify that message sends simultaneously, or the first checking message first sends than the second checking message.
The technical scheme that the embodiment of the present invention proposes sends respectively by platform service end the first checking message that comprises random string from applications client by two paths, comprise described random string, the second checking message of signature value and identify label, if the signature value that described platform service end checking generates according to received signature value is consistent with received signature value, according to described random string, obtain corresponding user account information, and generate granted access token according to described user account information and described authentication information, send to described applications client, can make user to licensing process unaware, and can further improve the fail safe of mandate.
Embodiment bis-
Fig. 2 is the platform authorization method flow chart of the applications client that provides of the embodiment of the present invention two, the present embodiment applicable in applications client request call open platform, need terminal use to authorize OpenAPI time obtain granted access token situation, wherein, described applications client can be for being installed on the system tool in application software, instant communication client, Entertainment client or the terminal in terminal, i.e. third party's application.The method can be brought in execution by application client, and as shown in Figure 2, the platform authorization method of the applications client described in the present embodiment comprises:
S201, applications client send the first checking message by first via radial platform service end, and described the first checking message comprises random string.
In order to prevent applications client, maliciously obtain the user data of platform side, the first checking message that the system interface that the first checking message sending by the first path is preferably to be provided by calling system sends to platform service end, for example, can forward described the first checking message by Short Message Service Gateway.
As preferably, described applications client generates random string, and creates and comprise described random string and destination address is the checking note of described platform service end.Described applications client sends described checking note to Short Message Service Gateway, indicate described Short Message Service Gateway that described checking note is carried out to protocol conversion, the first checking message that generation comprises described random string, send to described platform service end, described platform service termination is extracted described random string and terminal iidentification after receiving.Short Message Service Gateway can extract the terminal iidentification of note transmit leg from checking note, is carried in the first checking message and sends, and described platform service termination is extracted described random string and terminal iidentification after receiving.
S202, applications client are signed and are generated signature value authentication information by default signature algorithm.
S203, applications client send the second checking message by the second path to described platform service end, described the second checking message comprises described random string, described signature value, and authentication information described in registration process is in identify label corresponding to described platform service end.
Further, described the second checking message also can comprise the data access authority list that the expectation of described applications client is obtained, and clearly proposes to need the data area of access rights of the data of application for applications client to platform service end.
For example, described the second path can be the HTTPS request sending based on HTTPS agreement.In order to prevent applications client, utilize described the second path maliciously to obtain the user data of platform side, applications client need to be done necessary security protection for described the second path and to promote other clients, utilize difficulty and the cost in this path, for example provide SOCKET interface to replace HTTP interface, described the second checking message is made to corresponding symmetric cryptography or asymmetric encryption, increase anti-across the request forgery attack processing policy etc. of standing.
S204, applications client receive the granted access token that described platform service end sends.
It should be noted that, the first path described in the present embodiment and described the second path are two different paths, applications client is sent and is verified that the opportunity of message can be identical by two paths respectively, also can be successively different, only need to meet before platform service end extracts the operation of corresponding terminal iidentification according to described random string from recorded described mapping relations, by first via radial platform service end, send the first checking message successfully, be preferably the first checking message and second and verify that message sends simultaneously, or first checking message than second, verify that message first sends.
The technical scheme that the embodiment of the present invention proposes sends respectively by applications client the first checking message that comprises random string to platform service end by two paths, with the second checking message that comprises described random string, signature value and identify label, for described platform service end return authorization access token, can further improve the fail safe of mandate, and make user to licensing process unaware.
Embodiment tri-
Fig. 3 is the structured flowchart of the platform service end described in the embodiment of the present invention three, and as shown in Figure 3, the platform service end described in the present embodiment comprises:
The first checking message sink unit 301, the terminal iidentification of verifying message by first of the first path transmission and obtaining described applications client place terminal for receiving applications client, described the first checking message comprises random string;
Mapping relations record cell 302, carries out record for the mapping relations between the random string to received and described terminal iidentification;
The second checking message sink unit 303, the the second checking message sending by the second path for receiving described applications client, described the second checking message comprises described random string, the signature value that described applications client is signed and generated authentication information by default signature algorithm, and authentication information described in registration process is in identify label corresponding to described platform service end;
Information extraction and signature unit 304, for reading from database the authentication information of submitting to registration process according to received described identify label, and signed and generate signature value extracted authentication information by default signature algorithm;
Account information acquiring unit 305, if the signature value generating for checking is consistent with received signature value, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification;
Granted unit 306, for generating granted access token according to described user account information and described authentication information, sends to described applications client.
Further, described first checking message sink unit 301 specifically for:
Receive the first checking message that described applications client forwards by Short Message Service Gateway, wherein, described the first checking message is that the checking note that described Short Message Service Gateway sends according to described applications client is carried out the message after protocol format conversion, in described checking note, carries described random string;
The terminal iidentification that obtains described applications client place terminal from described the first checking message, described terminal iidentification is note initiator's terminal iidentification that described Short Message Service Gateway extracts from described checking note.
Further, described the second path can be based on ssl protocol, and further, described the second path can be based on HTTPS agreement.
Further, described account information acquiring unit 305 also comprises timestamp judgement subelement, for after the generation signature value of extracted authentication information being signed by default signature algorithm, if judge that difference between network time stamp that described the second checking message comprises and current system timestamp is in predetermined threshold value, triggering following operates.Accordingly, this network time stabs as applications client is when sending the second checking message, using current time stamp as network time, stabs, and adds in the second message.
Further, described authentication information comprises name and packet signature.
Further, described terminal is designated cell-phone number.
The applications client that the present embodiment provides can be carried out the platform authorization method of the applications client that the embodiment of the present invention one provides, and possesses the corresponding functional module of manner of execution and beneficial effect.
Embodiment tetra-
Fig. 4 is the structured flowchart of the applications client described in the embodiment of the present invention four, and as shown in Figure 4, the applications client described in the present embodiment comprises:
The first checking message sending unit 401, for send the first checking message by first via radial platform service end, described the first checking message comprises random string, for described platform service end, the mapping relations between described random string and the terminal iidentification of described applications client place terminal is carried out to record;
Signature unit 402, for being signed and generate signature value authentication information by default signature algorithm;
The second checking message sending unit 403, for sending the second checking message by the second path to described platform service end, described the second checking message comprises described random string, described signature value, and authentication information described in registration process is in identify label corresponding to described platform service end, for described platform service end, according to described identify label, from database, read the authentication information of submitting in registration process, and by default signature algorithm, extracted authentication information is signed and generated signature value, if the signature value that described platform service end checking generates is consistent with received signature value, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification, and generate granted access token according to described user account information and described authentication information,
Granted access token receiving element 404, the granted access token sending for receiving described platform service end.
Further, described the first checking message sending unit 401 specifically for: generate random string, and create and comprise described random string and destination address is the checking note of described platform service end; And,
Send described checking note to Short Message Service Gateway, to indicate described Short Message Service Gateway that described checking note is carried out to protocol conversion and to extract note initiator's terminal iidentification of described checking note, the first checking message that generation comprises described random string, sends to described platform service end.
Described the second checking message sending unit 403 specifically for: based on HTTPS, to described platform service end, send the HTTPS request that comprises the second checking message.
The applications client that the present embodiment provides can be carried out the platform authorization method of the applications client that the embodiment of the present invention two provides, and possesses the corresponding functional module of manner of execution and beneficial effect.
Embodiment five
Fig. 5 is in the platform authorization method described in the embodiment of the present invention five, the mutual schematic diagram of platform service end and applications client in the platform authorization method of applications client, the present embodiment is mainly used in the application program of mobile phone (calling applications client in the following text) of Android system, the system based on being comprised of platform service end, applications client and Short Message Service Gateway.As shown in Figure 5, the method described in the present embodiment comprises:
501, applications client sends the first checking message that includes random string to platform service end.
Be that applications client sends note to platform service end, the form that applications client requires according to platform side generates a short message content string that comprises random character string, and send to the interface of the direct transmission note providing by calling system, described short message content string is sent to the Short Message Service Gateway that platform side provides, to indicate described interface that described checking note is carried out to protocol conversion and to extract note initiator's terminal iidentification of described checking note, the first checking message that generation comprises described random string, sends to described platform service end.
502, Short Message Service Gateway sends client place terminal iidentification and the first checking message to platform service end.
Short Message Service Gateway is transmitted to based on HTTPS the cell-phone number of short message content string and transmission note the platform service end of platform side by sending HTTPS request;
Platform service termination is received after short message content string and cell-phone number, the mapping relations data toward described short message content string of caching system storage to cell-phone number, and establish certain expired time (the general time is shorter, for example 1 minute).
503, platform service end sends the second checking message to applications client, includes random string, signature value, and identify label.
By the Internet, send authorization information.Applications client is after note sends successfully, the SDK SDK that calling platform side provides (Software Development Kit, SDK) interface that bag provides obtains the authentication information of current application client, described authentication information is the bag name according to applications client, packet signature, current network timestamp, the default information such as fixed key are carried out the encryption string of symmetric cryptography generation, in order to prevent concrete cryptographic algorithm, by third party, obtained, thereby affect the fail safe of the technical program, whole signature algorithm (comprises applications client bag name, packet signature, obtaining of the default data such as key) all pass through JNI (Java Native Interface, JAVA calls this locality) technology realizes by C/C++ code layer.
Applications client is by described short message content string, the data access authority list that applications client authentication information and expectation are obtained, the application ID (authentication information described in registration process is in identify label corresponding to described platform service end) distributing when applications client is registered in platform side sends to the authorization server of platform side to obtain access token, in order to guarantee fail safe, this network request generally need to be based on SSL (Secure Sockets Layer SSL), as based on HTTPS agreement to as described in platform service end send the HTTPS request comprise the second checking message.;
After this, platform service termination is received after request, network time stamp in the second checking message is carried out to expired checking, judge that the difference of current system timestamp and described network time stamp is whether in pre-set threshold value, otherwise if not in, think a Replay Attack request, directly return to corresponding error message, otherwise continue next step.
Platform service end reads according to described application ID the authority information that described applications client submits to applications client bag name and packet signature, platform side to open to described applications client intervention when platform is registered from database, and whether judgement the applications client bag name, packet signature that read be consistent with the value of deciphering the applications client bag name that obtains, packet signature from applications client authentication information, if inconsistent, think a forgery attack request, directly return to corresponding error message, otherwise continue next step;
Platform service end reads out corresponding cell-phone number according to described short message content string from described caching system, and obtain corresponding user account information (if there is no described account information according to described cell-phone number, according to user account of cell-phone number auto registration), the data such as the authority information of then opening to described applications client according to described user account information, described application ID, platform side and described data access authority list generate a granted access token.
504, platform service end returns to generated granted access token to applications client.
OpenAPI is the common a kind of application in service type website, the service provider of website is packaged into a series of API (Application Programming Interface by the website service of oneself, API) open away, for third party developer, the API opening is just known as OpenAPI.Applications client gets after granted access token, and the OpenAPI interface that can provide by access token calling platform side obtains corresponding cloud ability and user data.
Owing to triggering user after cell-phone number one key authorization requests, whole process all there will not be any other user interface, therefore, if there are a plurality of platforms, all support this technology, applications client just can complete by the mode of interface interchange repeatedly the obtaining of granted access token of each platform, thereby solves the problem of above-mentioned fourth aspect.
Embodiment six
Fig. 6 is the platform authorization method flow chart that the embodiment of the present invention six provides, the present embodiment applicable in applications client request call open platform, need terminal use to authorize OpenAPI time obtain granted access token situation, wherein, described applications client can be for being installed on the system tool in application software, instant communication client, Entertainment client or the terminal in terminal, i.e. third party's application.The method is brought in execution by platform service end and application client, and as shown in Figure 6, the platform authorization method described in the present embodiment comprises.
S601, applications client send the first checking message by first via radial platform service end, and described the first checking message comprises random string.
S602, platform service termination are received the terminal iidentification that applications client is verified message by first of the first path transmission and obtained described applications client place terminal.
S603, described platform service end carry out record to the mapping relations between received random string and described terminal iidentification.
S604, applications client are signed and are generated signature value authentication information by default signature algorithm.
S605, applications client send the second checking message by the second path to described platform service end, described the second checking message comprises described random string, described signature value, and authentication information described in registration process is in identify label corresponding to described platform service end.
S606, described platform service termination are received the second checking message that described applications client sends by the second path.
S607, described platform service end read according to received described identify label the authentication information of submitting in registration process from database, and by default signature algorithm, extracted authentication information are signed and generated signature value.
If the signature value that the described platform service end checking of S608 generates is consistent with received signature value, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification.
S609, described platform service end generate granted access token according to described user account information and described authentication information, send to described applications client.
S610, applications client receive the granted access token that described platform service end sends.
In the technical scheme that the present embodiment proposes, the explanation of each operation refers to the respective operations of embodiment mono-and embodiment bis-, has the beneficial effect of embodiment mono-and embodiment bis-.
The embodiment of the present invention also provides a kind of platform authoring system, comprising: the applications client that the platform service end that any embodiment of the present invention provides and any embodiment of the present invention provide.
All or part of content in the technical scheme that above embodiment provides can realize by software programming, and its software program is stored in the storage medium can read, storage medium for example: the hard disk in computer, CD or floppy disk.
Note, above are only preferred embodiment of the present invention and institute's application technology principle.Skilled person in the art will appreciate that and the invention is not restricted to specific embodiment described here, can carry out for a person skilled in the art various obvious variations, readjust and substitute and can not depart from protection scope of the present invention.Therefore, although the present invention is described in further detail by above embodiment, the present invention is not limited only to above embodiment, in the situation that not departing from the present invention's design, can also comprise more other equivalent embodiment, and scope of the present invention is determined by appended claim scope.
Claims (18)
1. a platform authorization method for platform service end, is characterized in that, comprising:
Platform service termination is received the terminal iidentification that applications client is verified message by first of the first path transmission and obtained described applications client place terminal, and described the first checking message comprises random string;
Described platform service end carries out record to the mapping relations between received random string and described terminal iidentification;
Described platform service termination is received the second checking message that described applications client sends by the second path, described the second checking message comprises described random string, the signature value that described applications client is signed and generated authentication information by default signature algorithm, and authentication information described in registration process is in identify label corresponding to described platform service end;
Described platform service end reads according to received described identify label the authentication information of submitting in registration process from database, and by default signature algorithm, extracted authentication information is signed and generated signature value;
If the signature value that described platform service end checking generates is consistent with received signature value, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification;
Described platform service end generates granted access token according to described user account information and described authentication information, sends to described applications client.
2. method according to claim 1, is characterized in that, the first checking message that platform service termination receipts applications client sends by the first path the terminal iidentification that obtains described applications client place terminal comprise:
Described platform service termination is received the first checking message that described applications client forwards by Short Message Service Gateway, wherein, described the first checking message is that the checking note that described Short Message Service Gateway sends according to described applications client is carried out the message after protocol format conversion, in described checking note, carries described random string;
Described platform service end obtains the terminal iidentification of described applications client place terminal from described the first checking message, and described terminal iidentification is note initiator's terminal iidentification that described Short Message Service Gateway extracts from described checking note.
3. method according to claim 1, is characterized in that: the HTTPS request of described the second path for sending based on Secure Hypertext Transfer Protocol HTTPS.
4. method according to claim 1, it is characterized in that, described the second checking message also comprises network time stamp, if the judgement of described platform service end receive network time stamp with current system timestamp between difference in predetermined threshold value, triggering following operates.
5. according to the arbitrary described method of claim 1-4, it is characterized in that, described platform service end comprises according to described user account information and described authentication information generation granted access token:
Described platform service end generates granted access token according to described user account information, described authentication information and the included expected data list of access rights of described the second checking message.
6. according to the arbitrary described method of claim 1-4, it is characterized in that, described authentication information comprises name and packet signature.
7. a platform authorization method for applications client, is characterized in that, comprising:
Applications client sends the first checking message by first via radial platform service end, described the first checking message comprises random string, for described platform service end, the mapping relations between described random string and the terminal iidentification of described applications client place terminal is carried out to record;
Applications client is signed and is generated signature value authentication information by default signature algorithm;
Applications client sends the second checking message by the second path to described platform service end, described the second checking message comprises described random string, described signature value, and authentication information described in registration process is in identify label corresponding to described platform service end, for described platform service end, according to described identify label, from database, read the authentication information of submitting in registration process, and by default signature algorithm, extracted authentication information is signed and generated signature value, if the signature value that described platform service end checking generates is consistent with received signature value, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification, and generate granted access token according to described user account information and described authentication information,
Applications client receives the granted access token that described platform service end sends.
8. method according to claim 7, is characterized in that, applications client sends the first checking message by first via radial platform service end and comprises:
Described applications client generates random string, and establishment comprises described random string and destination address is the checking note of described platform service end;
Described applications client sends described checking note to Short Message Service Gateway, to indicate described Short Message Service Gateway that described checking note is carried out to protocol conversion and to extract note initiator's terminal iidentification of described checking note, the first checking message that generation comprises described random string, sends to described platform service end.
9. according to the method described in claim 7 or 8, it is characterized in that, applications client sends the second checking message by the second path to described platform service end and specifically comprises:
Described applications client sends the HTTPS request that comprises the second checking message to described platform service end based on Secure Hypertext Transfer Protocol HTTPS.
10. method according to claim 7, it is characterized in that, the operation that applications client sends the second checking message by the second path to described platform service end specifically comprises: applications client, when sending described the first checking message or after sending described the first checking message success, sends the second checking message by the second path to described platform service end.
11. 1 kinds of platform authorization methods, is characterized in that, comprising:
Applications client sends the first checking message by first via radial platform service end, and described the first checking message comprises random string;
Platform service termination is received the terminal iidentification that applications client is verified message by first of the first path transmission and obtained described applications client place terminal;
Described platform service end carries out record to the mapping relations between received random string and described terminal iidentification;
Applications client is signed and is generated signature value authentication information by default signature algorithm;
Applications client sends the second checking message by the second path to described platform service end, described the second checking message comprises described random string, described signature value, and authentication information described in registration process is in identify label corresponding to described platform service end;
Described platform service termination is received the second checking message that described applications client sends by the second path;
Described platform service end reads according to received described identify label the authentication information of submitting in registration process from database, and by default signature algorithm, extracted authentication information is signed and generated signature value;
If the signature value that described platform service end checking generates is consistent with received signature value, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification;
Described platform service end generates granted access token according to described user account information and described authentication information, sends to described applications client;
Applications client receives the granted access token that described platform service end sends.
12. 1 kinds of platform service ends, is characterized in that, comprising:
The first checking message sink unit, the terminal iidentification of verifying message by first of the first path transmission and obtaining described applications client place terminal for receiving applications client, described the first checking message comprises random string;
Mapping relations record cell, carries out record for the mapping relations between the random string to received and described terminal iidentification;
The second checking message sink unit, the the second checking message sending by the second path for receiving described applications client, described the second checking message comprises described random string, the signature value that described applications client is signed and generated authentication information by default signature algorithm, and authentication information described in registration process is in identify label corresponding to described platform service end;
Information extraction and signature unit, for reading from database the authentication information of submitting to registration process according to received described identify label, and signed and generate signature value extracted authentication information by default signature algorithm;
Account information acquiring unit, if the signature value generating for checking is consistent with received signature value, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification;
Granted unit, for generating granted access token according to described user account information and described authentication information, sends to described applications client.
13. platform service ends according to claim 12, is characterized in that, described first checking message sink unit specifically for:
Receive the first checking message that described applications client forwards by Short Message Service Gateway, wherein, described the first checking message is that the checking note that described Short Message Service Gateway sends according to described applications client is carried out the message after protocol format conversion, in described checking note, carries described random string;
The terminal iidentification that obtains described applications client place terminal from described the first checking message, described terminal iidentification is note initiator's terminal iidentification that described Short Message Service Gateway extracts from described checking note.
14. platform service ends according to claim 12, is characterized in that:
Described account information acquiring unit also comprises timestamp judgement subelement, for after the generation signature value of extracted authentication information being signed by default signature algorithm, if judge that difference between network time stamp that described the second checking message comprises and current system timestamp is in predetermined threshold value, triggering following operates.
15. according to the arbitrary described platform service end of claim 12-14, it is characterized in that:
Described the second path is the HTTPS request sending based on Secure Hypertext Transfer Protocol HTTPS;
Described authentication information comprises name and packet signature;
Described terminal be designated cell-phone number.
16. 1 kinds of applications client, is characterized in that, comprising:
The first checking message sending unit, for send the first checking message by first via radial platform service end, described the first checking message comprises random string, for described platform service end, the mapping relations between described random string and the terminal iidentification of described applications client place terminal is carried out to record;
Signature unit, for being signed and generate signature value authentication information by default signature algorithm;
The second checking message sending unit, for sending the second checking message by the second path to described platform service end, described the second checking message comprises described random string, described signature value, and authentication information described in registration process is in identify label corresponding to described platform service end, for described platform service end, according to described identify label, from database, read the authentication information of submitting in registration process, and by default signature algorithm, extracted authentication information is signed and generated signature value, if the signature value that described platform service end checking generates is consistent with received signature value, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification, and generate granted access token according to described user account information and described authentication information,
Granted access token receiving element, the granted access token sending for receiving described platform service end.
17. applications client according to claim 16, is characterized in that, described the first checking message sending unit specifically for: generate random string, and create and comprise described random string and destination address is the checking note of described platform service end; And,
Send described checking note to Short Message Service Gateway, to indicate described Short Message Service Gateway that described checking note is carried out to protocol conversion and to extract note initiator's terminal iidentification of described checking note, the first checking message that generation comprises described random string, sends to described platform service end;
Described the second checking message sending unit specifically for: based on Secure Hypertext Transfer Protocol HTTPS, to described platform service end, send the HTTPS request that comprises the second checking message.
18. 1 kinds of platform authoring systems, is characterized in that, comprising:
The arbitrary described platform service end of claim 12-15 and the arbitrary described applications client of claim 16-17.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410364286.1A CN104158802B (en) | 2014-07-28 | 2014-07-28 | A kind of platform authorization method, platform service end and applications client and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410364286.1A CN104158802B (en) | 2014-07-28 | 2014-07-28 | A kind of platform authorization method, platform service end and applications client and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104158802A true CN104158802A (en) | 2014-11-19 |
| CN104158802B CN104158802B (en) | 2017-06-06 |
Family
ID=51884207
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410364286.1A Active CN104158802B (en) | 2014-07-28 | 2014-07-28 | A kind of platform authorization method, platform service end and applications client and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104158802B (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104639632A (en) * | 2015-02-04 | 2015-05-20 | 杭州万色城电子商务有限公司 | Method for accurate orientation and statistic operation |
| CN105262717A (en) * | 2015-08-31 | 2016-01-20 | 福建天晴数码有限公司 | Network service security management method and device |
| CN105282145A (en) * | 2015-09-14 | 2016-01-27 | 浪潮集团有限公司 | Multi-data center user access control method and system |
| CN105743839A (en) * | 2014-12-08 | 2016-07-06 | 深圳云之家网络有限公司 | Authentication and authorization method, device and system |
| CN106060791A (en) * | 2016-07-05 | 2016-10-26 | Tcl集团股份有限公司 | Method and system for sending and obtaining short message verification code |
| CN106506494A (en) * | 2016-10-27 | 2017-03-15 | 上海斐讯数据通信技术有限公司 | Application access method of open platform |
| CN107147656A (en) * | 2017-05-26 | 2017-09-08 | 努比亚技术有限公司 | Method for building up, system and the readable storage medium storing program for executing of remote control |
| CN109756337A (en) * | 2017-11-06 | 2019-05-14 | 北京京东尚科信息技术有限公司 | A kind of safety access method and device of service interface |
| CN110399706A (en) * | 2019-07-26 | 2019-11-01 | 中国工商银行股份有限公司 | Authorization and authentication method, device and computer system |
| CN111277550A (en) * | 2018-12-05 | 2020-06-12 | 中国电信股份有限公司 | RESTful-based interaction method, server, client and device |
| CN111541656A (en) * | 2020-04-09 | 2020-08-14 | 中央电视台 | Identity authentication method and system based on converged media cloud platform |
| WO2020187008A1 (en) * | 2019-03-15 | 2020-09-24 | Oppo广东移动通信有限公司 | Service invocation control method, service invocation method, device, and terminal |
| CN111953634A (en) * | 2019-05-15 | 2020-11-17 | 北京奇安信科技有限公司 | Access control method and device for terminal equipment, computer equipment and storage medium |
| CN112667861A (en) * | 2020-12-30 | 2021-04-16 | 北京嘀嘀无限科技发展有限公司 | Data processing method, data processing device, storage medium and electronic equipment |
| CN112689285A (en) * | 2020-12-10 | 2021-04-20 | 航天信息股份有限公司 | Authorization authentication method and system for mobile terminal SDK |
| CN113783989A (en) * | 2021-07-30 | 2021-12-10 | 荣耀终端有限公司 | Method and device for displaying card |
| CN114826654A (en) * | 2022-03-11 | 2022-07-29 | 中国互联网络信息中心 | Client authentication method and system based on domain name system naming |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050108171A1 (en) * | 2003-11-19 | 2005-05-19 | Bajikar Sundeep M. | Method and apparatus for implementing subscriber identity module (SIM) capabilities in an open platform |
| CN101621801A (en) * | 2009-08-11 | 2010-01-06 | 深圳华为通信技术有限公司 | Method, system, server and terminal for authenticating wireless local area network |
| CN102238007A (en) * | 2010-04-20 | 2011-11-09 | 阿里巴巴集团控股有限公司 | Method, device and system for acquiring session token of user by third-party application |
| CN103067381A (en) * | 2012-12-26 | 2013-04-24 | 百度在线网络技术(北京)有限公司 | Third-party service login method, login system and login device by means of platform-party account |
| CN103312515A (en) * | 2013-06-21 | 2013-09-18 | 百度在线网络技术(北京)有限公司 | Generation method, generation device, authentication method and authentication system for authorization token |
| CN103888451A (en) * | 2014-03-10 | 2014-06-25 | 百度在线网络技术(北京)有限公司 | Method, device and system for certification authorization |
-
2014
- 2014-07-28 CN CN201410364286.1A patent/CN104158802B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050108171A1 (en) * | 2003-11-19 | 2005-05-19 | Bajikar Sundeep M. | Method and apparatus for implementing subscriber identity module (SIM) capabilities in an open platform |
| CN101621801A (en) * | 2009-08-11 | 2010-01-06 | 深圳华为通信技术有限公司 | Method, system, server and terminal for authenticating wireless local area network |
| CN102238007A (en) * | 2010-04-20 | 2011-11-09 | 阿里巴巴集团控股有限公司 | Method, device and system for acquiring session token of user by third-party application |
| CN103067381A (en) * | 2012-12-26 | 2013-04-24 | 百度在线网络技术(北京)有限公司 | Third-party service login method, login system and login device by means of platform-party account |
| CN103312515A (en) * | 2013-06-21 | 2013-09-18 | 百度在线网络技术(北京)有限公司 | Generation method, generation device, authentication method and authentication system for authorization token |
| CN103888451A (en) * | 2014-03-10 | 2014-06-25 | 百度在线网络技术(北京)有限公司 | Method, device and system for certification authorization |
Non-Patent Citations (1)
| Title |
|---|
| 吴艺圆: "网络统一授权服务平台应用研究与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105743839A (en) * | 2014-12-08 | 2016-07-06 | 深圳云之家网络有限公司 | Authentication and authorization method, device and system |
| CN104639632A (en) * | 2015-02-04 | 2015-05-20 | 杭州万色城电子商务有限公司 | Method for accurate orientation and statistic operation |
| CN105262717A (en) * | 2015-08-31 | 2016-01-20 | 福建天晴数码有限公司 | Network service security management method and device |
| CN105282145A (en) * | 2015-09-14 | 2016-01-27 | 浪潮集团有限公司 | Multi-data center user access control method and system |
| CN106060791A (en) * | 2016-07-05 | 2016-10-26 | Tcl集团股份有限公司 | Method and system for sending and obtaining short message verification code |
| CN106060791B (en) * | 2016-07-05 | 2021-01-12 | Tcl科技集团股份有限公司 | Method and system for sending and obtaining short message verification code |
| CN106506494B (en) * | 2016-10-27 | 2019-10-11 | 上海斐讯数据通信技术有限公司 | Application access method of open platform |
| CN106506494A (en) * | 2016-10-27 | 2017-03-15 | 上海斐讯数据通信技术有限公司 | Application access method of open platform |
| CN107147656A (en) * | 2017-05-26 | 2017-09-08 | 努比亚技术有限公司 | Method for building up, system and the readable storage medium storing program for executing of remote control |
| CN107147656B (en) * | 2017-05-26 | 2021-08-03 | 努比亚技术有限公司 | Method and system for establishing remote control and readable storage medium |
| CN109756337B (en) * | 2017-11-06 | 2022-01-07 | 北京京东尚科信息技术有限公司 | Secure access method and device for service interface |
| CN109756337A (en) * | 2017-11-06 | 2019-05-14 | 北京京东尚科信息技术有限公司 | A kind of safety access method and device of service interface |
| CN111277550B (en) * | 2018-12-05 | 2022-07-05 | 中国电信股份有限公司 | RESTful-based interaction method, server, client and device |
| CN111277550A (en) * | 2018-12-05 | 2020-06-12 | 中国电信股份有限公司 | RESTful-based interaction method, server, client and device |
| WO2020187008A1 (en) * | 2019-03-15 | 2020-09-24 | Oppo广东移动通信有限公司 | Service invocation control method, service invocation method, device, and terminal |
| CN111953634A (en) * | 2019-05-15 | 2020-11-17 | 北京奇安信科技有限公司 | Access control method and device for terminal equipment, computer equipment and storage medium |
| CN111953634B (en) * | 2019-05-15 | 2023-02-17 | 奇安信科技集团股份有限公司 | Access control method and device for terminal equipment, computer equipment and storage medium |
| CN110399706A (en) * | 2019-07-26 | 2019-11-01 | 中国工商银行股份有限公司 | Authorization and authentication method, device and computer system |
| CN111541656A (en) * | 2020-04-09 | 2020-08-14 | 中央电视台 | Identity authentication method and system based on converged media cloud platform |
| CN112689285A (en) * | 2020-12-10 | 2021-04-20 | 航天信息股份有限公司 | Authorization authentication method and system for mobile terminal SDK |
| CN112689285B (en) * | 2020-12-10 | 2023-08-15 | 航天信息股份有限公司 | Authorization authentication method and system for mobile terminal SDK |
| CN112667861A (en) * | 2020-12-30 | 2021-04-16 | 北京嘀嘀无限科技发展有限公司 | Data processing method, data processing device, storage medium and electronic equipment |
| CN113783989A (en) * | 2021-07-30 | 2021-12-10 | 荣耀终端有限公司 | Method and device for displaying card |
| CN114826654A (en) * | 2022-03-11 | 2022-07-29 | 中国互联网络信息中心 | Client authentication method and system based on domain name system naming |
| CN114826654B (en) * | 2022-03-11 | 2023-09-12 | 中国互联网络信息中心 | Client authentication method and system based on domain name system naming |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104158802B (en) | 2017-06-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104113552A (en) | Platform authorization method, platform server side, application client side and system | |
| CN104158802A (en) | Platform authorization method, platform service side, application client side and system | |
| CN104113551A (en) | Platform authorization method, platform server side, application client side and system | |
| US10728044B1 (en) | User authentication with self-signed certificate and identity verification and migration | |
| US20240080311A1 (en) | Managing security credentials | |
| CN104113549A (en) | Platform authorization method, platform server side, application client side and system | |
| CN104021333B (en) | Mobile security watch bag | |
| CN105592065B (en) | A kind of Website logging method and its login system based on SMS | |
| CA2861384C (en) | Account management for multiple network sites | |
| WO2016173199A1 (en) | Mobile application single sign-on method and device | |
| CN105007280A (en) | Application sign-on method and device | |
| CN106209749A (en) | Single-point logging method and the processing method and processing device of device, relevant device and application | |
| CN106060078B (en) | User information encryption method, register method and verification method applied to cloud platform | |
| CN105871838A (en) | Third party account login control method and user center platform | |
| CN103607284A (en) | Identity authentication method and equipment and server | |
| Ferry et al. | Security evaluation of the OAuth 2.0 framework | |
| CN104967597A (en) | Third-party application message authentication method and system based on secure channel | |
| CN103227786A (en) | Method and device for filling in website login information | |
| CN106341233A (en) | Authentication method for client to log into server, device, system and electronic device | |
| CN107835160A (en) | Third party's user authen method based on Quick Response Code | |
| CN106331003A (en) | Method and device for accessing application portal system on cloud desktop | |
| CN106549909A (en) | A kind of authority checking method and apparatus | |
| CN102739678A (en) | Single sign-on processing system and single sign-on processing method | |
| CN110324344A (en) | The method and device of account information certification | |
| CN103368831A (en) | Anonymous instant messaging system based on frequent visitor recognition |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |