CN104734849A - Method and system for conducting authentication on third-party application - Google Patents
Method and system for conducting authentication on third-party application Download PDFInfo
- Publication number
- CN104734849A CN104734849A CN201310706124.7A CN201310706124A CN104734849A CN 104734849 A CN104734849 A CN 104734849A CN 201310706124 A CN201310706124 A CN 201310706124A CN 104734849 A CN104734849 A CN 104734849A
- Authority
- CN
- China
- Prior art keywords
- heartbeat packet
- party application
- access token
- party
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a method and system for conducting authentication on third-party application. The method comprises the steps that after authentication is conducted on the third-party application, session is established, and an access token is issued to the third-party application, the access token is set to be an on-line state, and effective time of the on-line state is configured; a heartbeat package sent by a browser where the third-party application is located in is monitored in the effective time, if the heartbeat package is monitored, the legality of the heartbeat package is judged according to cookie information carried by the heartbeat package, and if the heartbeat package is legal, the effective time of the on-line state is prolonged for one time; when an application programming interface (API) call request which carries the access token and is sent by the third-party application is received, whether a user is using the third-party application or not is determined through judging whether the access token is in the on-line state or not currently, and the API call request is responded according to a judged result. Accordingly, the security of user data can be improved.
Description
Technical field
The application relates to third party's authentication techniques field of open platform, particularly relates to the method and system of third-party application being carried out to authentication.
Background technology
Flatbed internet, applications (such as, ecommerce, application transaction platform etc.), in order to provide the service more segmented to user's (such as, the seller user in ecommerce, application transaction platform), generally needs to introduce third party developer and has come.Such as, for E-commerce transaction platform, third party developer can to click volume, click across shop, the information such as chat record in the even relevant JICQ of order turnover carries out Collection and analysis, be finally supplied to seller user and advise intuitively.That is, for the user of certain internet, applications, the information such as some data results browsed in the webpage of this internet, applications, can by third party App(application program) provide.In order to support that third-party application realizes in above-mentioned functions, E-commerce transaction platform generally needs to provide an open platform, by the more open API(Application Programming Interface of open platform, application programming interface) to third party application developer, third party App obtains some data by the API calling open platform, and then provides the services such as corresponding analysis.
The data that open platform is supplied to third party App may relate to the private data of specific user, generally, need the mandate of user just can get.But what open platform did not generally allow third party App to have oneself logs in authentication system, must use the account system of open platform.The mandate system of existing open platform generally uses Oauth2.0 agreement.Oauth is an open standard of industry, is used for allowing user by third party App, operates the data of the secret that this user stores on some websites, and does not need third party App to obtain the username and password of this user.
Along with enriching constantly and comprehensively of business, different requirement be it is also proposed to the fail safe of the system of mandate and preciseness.Because may have that a large amount of users is almost complete to work on third party App, they can complete nearly all operation more easily at requirement on third party App.
But, in existing mandate system, open platform only verifies the identity of user when subscriber authorisation, once log in mandate, user browser jumps to the third party App page, now user just leaves open platform, and his any operation is all come into contacts with third party App, and open platform receives only the API request of third party App.Whether but open platform can only identify the API request of third party App, cannot distinguish is that user oneself is at use third party App.And this point, also be based on the weakest ring of the open platform fail safe of Oauth mandate, namely subscriber authorisation third party App reads and writes the data of this user at open platform, and when third party App reads and writes the data of this user time, open platform can not distinguish whether user is in use, and then just cannot open the higher business of demand for security.Such as: suppose that agreement reimbursement business is opened into API by open platform, be directly related to the flowing of money, if use existing Oauth agreement, third party App can be caused to have an opportunity maliciously to go to help user to perform and to agree to reimbursement operation, and open platform cannot be distinguished, this by there will be user closed the page of third party App when, the reimbursement but finding that there is a transaction has been agreed, and that yes is unallowed for this.
Therefore, the technical problem solved in the urgent need to those skilled in the art is just: the mandate system how improving open platform, whether the API request making open platform can distinguish third party App sends when being user's use third party App, and then determine whether to open responsive data, to ensure the fail safe of user data to third party App.
Summary of the invention
This application provides the method and system of third-party application being carried out to authentication, the fail safe of user data can be improved.
This application provides following scheme:
Third-party application is carried out to a method for authentication, described third-party application realizes based on browser/server framework, and the method described in preset SDK SDK that is embedded with in the page of described third-party application comprises:
Authorizing third-party application, create session and to after third-party application issues access token, described access token be set to presence, and be configured in the effective time of line states;
The heartbeat packet that this third-party application place browser sends is monitored within described effective time, if listen to described heartbeat packet, then judge according to the legitimacy of the cookie information of carrying in described heartbeat packet to this heartbeat packet, if described heartbeat packet is legal, then the effective time of described presence is once extended, wherein, described heartbeat packet is obtain subscriber authorisation at described third-party application, and under the state that is opened of the page of third-party application, browser is driven to send every preset time by described SDK, the cookie information under preset domain name is carried in described heartbeat packet,
Receive third-party application send carry the application programming interface API Calls request of access token time, whether line states is in by judging that described access token is current, determine whether user is using described third-party application, and respond described API Calls request according to judged result.
Third-party application is carried out to a method for authentication, described third-party application realizes based on user terminal/server framework, is embedded with preset SDK in the client of described third-party application, and described method comprises:
Authorizing third-party application, create session and to after third-party application issues access token, described access token be set to presence, and be configured in the effective time of line states;
The heartbeat packet that this third-party application client sends is monitored within described effective time, if listen to described heartbeat packet, then judge according to the legitimacy of the identity information carried in described heartbeat packet to this heartbeat packet, if described heartbeat packet is legal, then the effective time of described presence is once extended; Wherein, described heartbeat packet is, obtains subscriber authorisation at described third-party application, and under the state that is opened of the client of third-party application, described SDK drives client to send every preset time, carries the identity information of user in described open platform in described heartbeat packet;
When what the server end receiving third-party application sent carries the API Calls request of access token, whether line states is in by judging that described access token is current, determine whether user is using described third-party application, and respond described API Calls request according to judged result.
Third-party application is carried out to a system for authentication, described third-party application realizes based on browser/server framework, and be embedded with preset SDK SDK in the page of described third-party application, described system comprises:
First token issues unit, for authorizing third-party application, create session and to after third-party application issues access token, described access token be set to presence, and be configured in the effective time of line states;
First token status updating block, for monitoring the heartbeat packet that this third-party application place browser sends within described effective time, if listen to described heartbeat packet, then judge according to the legitimacy of the cookie information of carrying in described heartbeat packet to this heartbeat packet, if described heartbeat packet is legal, then the effective time of described presence is once extended, wherein said heartbeat packet is, subscriber authorisation is obtained at described third-party application, and under the state that is opened of the page of third-party application, described SDK drives browser to send every preset time, the cookie information under preset domain name is carried in described heartbeat packet,
First call request response unit, for receive third-party application send carry the application programming interface API Calls request of access token time, whether line states is in by judging that described access token is current, determine whether user is using described third-party application, and respond described API Calls request according to judged result.
Third-party application is carried out to a system for authentication, described third-party application realizes based on user terminal/server framework, is embedded with preset SDK in the client of described third-party application, and described system comprises:
Second token issues unit, for authorizing third-party application, create session and to after third-party application issues access token, described access token be set to presence, and be configured in the effective time of line states;
Second token status updating block, for monitoring the heartbeat packet that this third-party application client sends within described effective time, if listen to described heartbeat packet, then judge according to the legitimacy of the identity information carried in described heartbeat packet to this heartbeat packet, if described heartbeat packet is legal, then the effective time of described presence is once extended, wherein, described heartbeat packet is, subscriber authorisation is obtained at described third-party application, and under the state that is opened of the client of third-party application, described SDK drives client to send a heartbeat packet every preset time, the identity information of user is carried in described heartbeat packet,
Second call request response unit, when what the server end for receiving third-party application sent carries the API Calls request of access token, whether line states is in by judging that described access token is current, determine whether user is using described third-party application, and respond described API Calls request according to judged result.
According to the specific embodiment that the application provides, this application discloses following technique effect:
Pass through the embodiment of the present application, by being embedded with the SDK that open platform provides in the page of third party App, as long as can make under the state of the page open of third party App, SDK just drives browser to send a heartbeat packet every preset time to open platform side, and in heartbeat packet, carry the cookie information under domain name belonging to open platform website; After open platform receives heartbeat packet at every turn, can verify legitimacy, if checking, then the token term of validity of respective session once can be extended, and token is set to presence, be in show that the page of third party App is current the state opened.Like this, when the API Calls request that the server receiving third party App sends, just first therefrom token can be extracted, and judge whether to be in line states, if so, then this third party App can be allowed to call the API that only just can call under presence, return corresponding user data.Otherwise, if the token carried in the API Calls request of third party App transmission is in off-line state, then can refuse this call request.Visible, make open platform can pass through to judge whether the page of third party App is in open mode in this way, judge whether active user is using this third party App, only when determining that user is using this third party App, the sensitive data of user just can be provided to third party App, therefore, the fail safe of user data can be improved.
Certainly, the arbitrary product implementing the application might not need to reach above-described all advantages simultaneously.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present application or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment below, apparently, accompanying drawing in the following describes is only some embodiments of the application, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the flow chart of the method that the embodiment of the present application provides;
Fig. 2 is the flow chart of the other method that the embodiment of the present application provides;
Fig. 3 is the schematic diagram of the first system that the embodiment of the present application provides;
Fig. 4 is the schematic diagram of the second system that the embodiment of the present application provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present application, be clearly and completely described the technical scheme in the embodiment of the present application, obviously, described embodiment is only some embodiments of the present application, instead of whole embodiments.Based on the embodiment in the application, the every other embodiment that those of ordinary skill in the art obtain, all belongs to the scope of the application's protection.
First it should be noted that, in prior art, after open platform has issued access token token to third-party application, the service end of third-party application needs to open platform request call API to obtain corresponding data time, just can carry this token, according to this token, open platform side determines whether third-party application has obtained the mandate of user.Certainly in order to ensure the safety of user data, prior art generally also can arrange ageing for the token being presented to third-party application, such as, the term of validity is generally several hours even 1 year, after the API Calls request receiving third-party application server, as long as in the term of validity of token, just user data corresponding to this API can be returned to third-party application server.That is, in prior art, for the token being presented to third-party application, can only go to retrain by a time.And the token of third-party application loses possibly, once be got by hacker, the third-party application that just can disguise oneself as obtains user data from open platform, therefore, lower to the protection of user data.
Visible, existing mandate system, rough mandate can only be done, even if open platform is upgraded to it and is transformed, done the differentiation of the safe class of data, corresponding duration of authorizing have also been made differentiation, even introduces short mandate etc., its object is exactly to unduly authorize, but still effectively cannot solve the balance of safety and Consumer's Experience.
Therefore, User Session mechanism is introduced in the embodiment of the present application, open platform effectively can be helped to distinguish user and whether to use third party App, delegated strategy is realized more accurately by this information realization, online (on-line) API and off-line (off-line) API of user can be distinguished, when user is using certain third party App, this third party App just can call on-line API, otherwise can only call off-line API.Third party App can be helped more accurately whether legal to distinguish active user simultaneously.Below concrete implementation is described in detail.
First it should be noted that before describing in detail, in actual applications, third party App is generally divided into B/S(Browser/Server, browser/server) framework and C/S(Client/Server, client/server) framework, in the embodiment of the present application, the third party App for different framework is slightly different in specific implementation, is first introduced by embodiment a pair third party App based on B/S framework below.
Embodiment one
The so-called third party App based on B/S framework, user job interface is realized by web browser, few partial transaction logic realizes at front end (Browser), major affairs logic realizes at server end (Server), as long as user installs web browser in its client computer, namely can access the webpage of third party App, by the interactive interface provided in webpage, use the function that this third party App provides.
In the embodiment of the present application, open platform can provide a SDK(SoftwareDevelopment Kit for third party App, SDK), for the third party App of this B/S framework, this SDK can be embedded by third party App developer in its page.This SDK realizes based on JavaScript, initialized time, can register a readjustment JS method, for receiving the TOP_Session that open platform is newly issued, the mode of Jsonp can be adopted to realize cross-domain data transmission.The topmost effect of this SDK is, when third party App obtains subscriber authorisation, can judge whether the page of third party App is in the state be opened, if, then SDK can drive browser every certain preset time (such as, three minutes, five minutes etc.) heartbeat packet is just sent to open platform side, the cookie information under territory belonging to open platform website is carried in this heartbeat packet, open platform can be verified based on the legitimacy of the cookie information of carrying in heartbeat packet to heartbeat packet, when legal, just can will be presented to the extension of validity of the token of current third party App once.That is, the term of validity that open platform is presented to the token of third party App is shorter than of the prior art, but can be extended by legal heartbeat packet, all need before each prolongation to verify the legitimacy of heartbeat packet, if do not conform to rule to return mistake, if do not receive heartbeat packet within the regular hour, then can think that user closes webpage, not use third party App at oneself.
For the ease of understanding, here several concept is introduced.
Heartbeat packet
In the embodiment of the present application, heartbeat packet is exactly the specific asynchronous timing HTTP(Hypertext transfer protocol initiated from user browser, HTML (Hypertext Markup Language)) request is all unaware to user and third party App.The authorization server of the through open platform of request, carry information can be the cookie under open platform territory, there is the specific mark under open platform kind the inside, meanwhile, also have recorded logging in and heartbeat state information of third party App corresponding to each user at the authorization server end of open platform.Because user will log at open platform, jump to the third party App page (to lose efficacy if authorized, then again authorize, effective then directly redirect), like this, the state of user is exactly continuous print, after a user logs in from open platform authorization center, from the online situation of access third party App, to receiving effective heartbeat packet time-out.In addition, under the cookie information of carrying in heartbeat packet is the service end kind of open platform, be therefore difficult to be forged.
It should be noted that, in the embodiment of the present application, as long as the page of third party App opens, browser just periodically can send heartbeat packet.But a page opens, generally have two kinds of situations, one is that user is browsing this page really, opens although another kind is the page, user but may browse other the page, is even using other application program.Because http protocol is inherently stateless, so when user opens the third party App page time, SDK.js does not also know that user what is directly occurring alternately and whether occur mutual with third party App, therefore, as long as the page of third party App opens, even if do not obtain operation focus (such as, user just browses other pages in other Shipping Options Pages of browser) current, heartbeat packet also still can send to open platform according to the cycle.Certainly, the third party App page is open but when not operating at current page when above-mentioned user, user does not use this third party App, if also send heartbeat packet to open platform in this state, open platform but can think that active user is using this third party App, that is open platform can only determine whether the third party App page is opened, and really can not determine the whether genuine page browsing this third party App of user.This mode looks still may can there is certain risk, but in fact says it is acceptable from service layer.This is because, the first, the page of third party App opens really, proves that active user not yet exits this application; The second, after active user, other people are (such as hacker etc.) do not know whether active user is using third party App; 3rd, under presence, allow third party App can call some on-line API, the business of these API is generally that user is appreciable, such as, may associate with the mobile terminal device etc. of user, user is notified by short message etc., like this, even if there is illegal API request, active user also can know; 4th, for more high-risk API, such as: batch agrees to reimbursement, although also belong to on-line API, but can not only by judging whether token is in on-line state and determines whether allowing this API Calls, but in person will be initiated by user, that is, this kind of API can adopt the secondary verification technique of API.About the implementation of concrete secondary verification technique, do not belong to the protection category of the embodiment of the present application, no longer describe in detail here.
It should be noted that in addition, when browser sends heartbeat packet to open platform, can also be numbered each heartbeat packet, wherein after completing once mandate, first time is when sending heartbeat packet, this heartbeat packet can be numbered " 0 ", next time is when sending new heartbeat packet again, just be numbered " 1 ", accordingly, open platform server end, after receiving each heartbeat packet, also can record the numbering of the heartbeat packet at every turn received respectively, and then can be judged the continuity of heartbeat packet by the numbering of each heartbeat packet.In addition, for first heartbeat packet, its numbering by adding the modes such as special identifier, can also indicate it for starting point.
token
When third party App carries out logging in mandate, after authorizing successfully, the authorization server of open platform just can issue token for third party App.The signature of token itself and age information, open platform is contained in token.In addition, user profile (such as, subscriber identity information etc.) can also be carried in token.Certainly, when specific implementation, user profile not necessarily can give third party App, relates to the control of authority to third party App here.If third party App has permission acquisition user profile, user can be pointed out when mandate.If third party App does not have the authority of user profile, the authorization server of open platform can return the pet name obscured, and for third party App, only needs to know the user of active user with regard to an open platform, and does not need to be concerned about specifically which user.In the embodiment of the present application, the term of validity of token is relatively short, needs the heartbeat packet driving browser to send by the SDK in the third party App page to extend its term of validity, and each term of validity extended can be identical with the transmission cycle of heartbeat packet.Further, in the term of validity of token, token can remain on line states.Online or the off-line state of token is safeguarded in open platform side, its effect is, when the API Calls request that the server receiving third party App sends, first the token that it carries is extracted, and judge whether this token is in line states, if so, this third party App just can call on-line API.
Session
Session mechanism is a kind of solution of hold mode between a client and a server.In the authorization server side of open platform, session is for each user, and the value of variable is preserved on the server, and which user distinguishes with a sessionID is.Owing to adopting the scheme of server end hold mode, also need preservation one mark in client, so session mechanism general needs reaches the object of preserving mark by means of cookie mechanism.When open platform server receives the request of certain client, first session mark (being called sessionid) whether has been contained in the request checking this client, if comprised, before illustrating, client created session for this reason, server just according to session id this session be retrieved use (retrieve less than, newly-built one of meeting), if client-requested does not comprise session id, then client creates a session and generates the session id that is associated of session therewith for this reason, the value of session id is one and both can not repeats, be not easy again found rule with the character string of copying, this session id will be returned to client and be preserved in this secondary response.
In the embodiment of the present application, when third party App carries out logging in mandate at every turn, session (Session) will re-create, after conversation establishing success, open platform by sending session identification (being also session id) to third-party application page place browser, generally speaking, can carry user totem information and browser identification information in session id, after browser receives, just cookie information can be generated.Like this, when browser sends heartbeat packet to open platform, just this cookie information can be carried in heartbeat packet.Certainly, for browser, when user opens multiple webpage, it may have recorded the cookie information of multiple website, certainly, which website every bar cookie record belongs to respectively, can be distinguished, therefore by corresponding website domain name, in the embodiment of the present application, according to the domain name of correspondence, the cookie information under domain name belonging to open platform website can be extracted, then be carried in heartbeat packet and send.
On above-described basis, the embodiment of the present application provides a kind of method of third-party application being carried out to authentication, and see Fig. 1, the method can comprise the following steps:
S101: authorizing third-party application, create session and to after third-party application issues access token, described access token be set to presence, and be configured in the effective time of line states;
First it should be noted that, the method shown in Fig. 1 is the description carried out the technical scheme of the embodiment of the present application from the angle of the authorization server of open platform, and therefore, the executive agent of each step can be the authorization server of this open platform.
When specific implementation, when user needs to use certain third party App, the webpage of this third party App just first can be opened by browser, if user needs to access its data in open platform by this third party App, then third party App can show a login page to user, user can input the information such as its account name registered in open platform, password in this login page, and after confirmation, browser can be submitted to the authorization server of open platform.The authorization server of open platform verifies account name and password, by afterwards, just can create session for active user, and authorize third party App, access token (token) is presented to third party App.Certainly, simultaneously this token can be set to presence, and configure effective time, information can be included in token and be presented to third party App effective time this.
S102: monitor the heartbeat packet that this third-party application place browser sends within described effective time, if listen to described heartbeat packet, then judge according to the legitimacy of the cookie information of carrying in described heartbeat packet to this heartbeat packet, if described heartbeat packet is legal, then the effective time of described presence is once extended;
After token is presented to third party App, just can monitor the heartbeat packet that the browser from this third party App page place sends.If listen to heartbeat packet within the effective time of token, just can judge according to the legitimacy of the cookie information of carrying in heartbeat packet to this heartbeat packet, if heartbeat packet is legal, then the effective time of token presence once be extended.Wherein, when judging the legitimacy of heartbeat packet, the cookie information can carried according to heartbeat packet, determine corresponding session, then first judge the starting point (such as can will complete mandate, jump to the starting point of state as heart beat status of tripartite App) that whether there is heart beat status in this session, if existed, judge that whether each heartbeat packet corresponding to this session be continuous again, if so, then judge that this heartbeat packet is legal.During specific implementation, owing to can be numbered heartbeat packet when browser end sends heartbeat packet, therefore, just this numbering can judge that whether heartbeat packet is continuous.
Here it should be noted that, when browser end sends heartbeat packet, owing to carrying session label information in heartbeat packet, therefore, just can according to the session identification carried in heartbeat packet to each heartbeat packet information (such as at the authorization server end of open platform, the numbering of heartbeat packet) preserve, after such a period of time, under same session identification, just may save the information of multiple heartbeat packet.When receiving a new heartbeat packet at every turn, just can take out the numbering of this heartbeat packet, and the numbering of other heartbeat packet received under finding this session according to the session identification that it carries, judge that whether it is continuous with the numbering of other heartbeat packet, under this session can also being judged, whether there is the starting point of heart beat status simultaneously.Then to assert that this heartbeat packet is legal if the judged result of two conditions is.Then by a time cycle of extension of validity of token corresponding for this session.Certainly, in actual applications, consider other factors such as Consumer's Experience, the condition of judgement also can be considered suitably to relax, such as, as long as there is initial heartbeat packet under the session of correspondence, just judge that the current heartbeat packet received is legal.After judging that heartbeat packet is legal or illegal, judged result can also be returned by the mode of Jsonp to third party App front end, such as, true or false, then the back-end server being notified third party App by front end, thus notify this application.If third party App receives false, again can also show the login interface of open platform to user, indicating user logs in again.
If open platform server end judges that the heartbeat packet of current certain session received is illegal, or does not receive the heartbeat packet of this session within effective time, then token corresponding for this session can be set to off-line state.
In this way, even if hackers etc. have got the token being presented to third party App, and forged heartbeat packet, due to hacker and not know that heartbeat packet have sent how many, therefore, the heartbeat packet generally cannot produced puppet carries out correct numbering, therefore, after being sent to open platform server, also can owing to there is not the starting point of heart beat status or discontinuous etc. with other heartbeat packet, illegal heartbeat packet is considered as by open platform, and then token is set to off-line state, therefore, hacker cannot get user data corresponding to on-line API equally, thus ensure the fail safe of user data.
It should be noted that, when specific implementation, when issuing token, length and each length effective time extended of the effective time of configuration can be equal, and this, length can be equal with the transmission interval time lengths of heartbeat packet effective time, or, also can slightly larger than the transmission interval time lengths of heartbeat packet, like this, when the time that heartbeat packet arrives open platform slightly postpones, open platform can be avoided directly token to be set to off-line state.
S103: receive third-party application send carry the application programming interface API Calls request of access token time, currently whether line states is in by judging that described access token is put, determine whether user is using described third-party application, and respond described API Calls request according to judged result.
By aforementioned manner, whether the page that open platform side can be made can to know third party App is the state opened, and then whether the token judging to be presented to third party App can call the API of some sensitivities.Concrete, receive third party App send carry the API Calls request of token time, first the token carried in this API Calls request can be extracted, whether line states is in by judging that this token is current, determine whether user is using this third party App, and according to the request of judged result response API Calls.Such as, if this token is current be in line states, and the API that current request is called is on-line API, then the user data of correspondence can be returned to the server of corresponding third party App.Otherwise if this token is current be in off-line state, and the API that current request is called is on-lineAPI, then the server refused to the third party App of correspondence returns corresponding user data, can return bomp simultaneously.Certainly, if this token is current be in off-line state, but the API that current request is called is off-line API, that is this API asks the susceptibility of corresponding user data lower, generally allow when without just operable when subscriber authorisation, therefore, still corresponding user data can be returned to the server of the third party App of correspondence.
It should be noted that, in actual applications, when receiving new heartbeat packet at every turn, new token can also be issued for third party App, being equivalent to like this in same session can corresponding multiple token, the server of third party App, when each transmission API Calls request, needs to use the token newly issued in current heart beat cycle, can ensure the fail safe of user data so further.
It should be noted that in addition, in previously described implementation, is all automatically drive browser to send heartbeat packet according to certain cycle by the SDK inserted in the page of third party App.In actual applications, by third party App when performing sensitive operation, can also call SDK, then SDK drives browser to send heartbeat packet to the authorization server of open platform.This is the equal of when third party App needs, and again verifies the identity of user.Certainly, the realization of this mode needs to depend on third party App, if third party App does not strictly follow, such as, does not but send, just cannot ensure the fail safe of user's sensitive data when the heartbeat packet of this transmission.Therefore, in actual applications, can automatically trigger based on SDK the mode that browser sends heartbeat packet, the mode that third party App calls is auxiliary.That is, under normal circumstances, SDK still periodically triggers browser and sends heartbeat packet, simultaneously also for third party App provides calling interface, if third party App needs again to verify user identity in reciprocal process, then can call SDK and initiatively initiate a heartbeat packet.
In a word, in the embodiment of the present application, by being embedded with the SDK that open platform provides in the page of third party App, as long as can make under the state of the page open of third party App, SDK just drives browser to send a heartbeat packet every preset time to open platform side, and in heartbeat packet, carry the cookie information under domain name belonging to open platform website; After open platform receives heartbeat packet at every turn, can verify legitimacy, if checking, then the token term of validity of respective session once can be extended, and token is set to presence, be in show that the page of third party App is current the state opened.Like this, when the API Calls request that the server receiving third party App sends, just first therefrom token can be extracted, and judge whether to be in line states, if so, then this third party App can be allowed to call the API that only just can call under presence, return corresponding user data.Otherwise, if the token carried in the API Calls request of third party App transmission is in off-line state, then can refuse this call request.Visible, make open platform can pass through to judge whether the page of third party App is in open mode in this way, judge whether active user is using this third party App, only when determining that user is using this third party App, the sensitive data of user just can be provided to third party App, therefore, the fail safe of user data can be ensured.
Embodiment two
Previous embodiment one is for the third party App based on B/S framework, provides concrete method for authenticating, and second this embodiment for the third party App based on C/S framework, is described in detail concrete implementation.
The so-called application based on C/S framework is the equal of just application is by task being reasonably allocated to Client end and Server end, reducing the communication-cost of system, needs to install client and just can carry out bookkeeping.The program of client and server end is different, and with the specific implementation of user interactions mainly in client, server end mainly provides data management, data sharing, data and system maintenance and con current control etc.That is, for third party App, also can be realized by above-mentioned C/S framework.Now, when user needs to use this third party App, the client-side program of this third party App just can be installed in its client computer, then run this client-side program, the application interface of third party App can be entered.
In this case, because third party App needs to get subscriber authorisation when the data needing user in open platform equally, therefore, also a login interface can be provided for user, only user does not need to register independent accounts information in third party App system, but directly utilizes the account name in open platform and encrypted message to log in.Open platform, after being verified, can be authorized third party App, can create a session equally for this user, and generates the token that corresponds to this session, is presented to third party App; Equally, newly-generated token also can be configured with corresponding term of validity information, and this term of validity is general shorter, such as three minutes.On the other hand, also the SDK that open platform provides can be embedded with in the client of third-party application, subscriber authorisation is obtained at third-party application, and under the state that is opened of the client of third-party application, SDK can drive client to send a heartbeat packet every preset time to open platform side, carrying the identity information of user in open platform in this heartbeat packet (can be after the Information Authentications such as the user name password inputted user at open platform are passed through, open platform sends to the client of third party App, certainly, in order to safety, send to the subscriber identity information of third party App only can comprise username information).
Open platform, after the heartbeat packet that the client receiving third party App sends, just can be verified according to the legitimacy of the identity information of user to heartbeat packet, if the verification passes, then the term of validity of token corresponding for corresponding session once can be extended.Accordingly, receive third-party application server end send carry the API Calls request of token time, the token carried in this API Calls request can be extracted, whether line states is in by judging that token is current, determine whether user uses third-party application, and according to the request of judged result response API Calls.Such as, if token is current be in line states, then judges that user is current and using this third party App, therefore, even if current API Calls request belongs to the call request to on-line API, also can return corresponding user data to third party App.Otherwise, if token is current be in off-line state, then judge that user is current and do not use this third party App, therefore, if current API Calls request belongs to the call request to on-line API, then can refuse to return corresponding user data to third party App, if current API Calls request belongs to the call request to off-line API, then can return corresponding user data to third party App.
In a word, see Fig. 2, what this embodiment two provided specifically can comprise the following steps the method that third-party application carries out authentication:
S201: authorizing third-party application, create session and to after third-party application issues access token, described access token be set to presence, and be configured in the effective time of line states;
S202: monitor the heartbeat packet that this third-party application client sends within described effective time, if listen to described heartbeat packet, then judge according to the legitimacy of the identity information carried in described heartbeat packet to this heartbeat packet, if described heartbeat packet is legal, then the effective time of described presence is once extended;
S203: when what the server end receiving third-party application sent carries the API Calls request of access token, whether line states is in by judging that described access token is current, determine whether user is using described third-party application, and respond described API Calls request according to judged result.
It should be noted that, realize details about concrete in each step of embodiment two, the part corresponding to embodiment one is similar, therefore see the introduction in embodiment one, can repeat no more here.
With the embodiment of the present application one provide to carry out the method for authentication to third-party application corresponding, the embodiment of the present application additionally provides a kind of system of third-party application being carried out to authentication, described third-party application realizes based on browser/server framework, it is characterized in that, be embedded with preset SDK SDK in the page of described third-party application see Fig. 3, described system comprises:
First token issues unit 301, for authorizing third-party application, create session and to after third-party application issues access token, described access token be set to presence, and be configured in the effective time of line states;
First token status updating block 302, for monitoring the heartbeat packet that this third-party application place browser sends within described effective time, if listen to described heartbeat packet, then judge according to the legitimacy of the cookie information of carrying in described heartbeat packet to this heartbeat packet, if described heartbeat packet is legal, then the effective time of described presence is once extended, wherein said heartbeat packet is, subscriber authorisation is obtained at described third-party application, and under the state that is opened of the page of third-party application, described SDK drives browser to send every preset time, the cookie information under preset domain name is carried in described heartbeat packet,
First call request response unit 303, for receive third-party application send carry the application programming interface API Calls request of access token time, whether line states is in by judging that described access token is current, determine whether user is using described third-party application, and respond described API Calls request according to judged result.
During specific implementation, can also comprise:
Session identification returns unit, for authorizing third-party application, after third-party application provides access token, session identification is sent to described third-party application page place browser, user totem information and browser identification information is carried, so that described browser generates cookie information in described session identification.
Concrete, the first token status updating block 302 specifically may be used for:
According to the cookie information that described heartbeat packet is carried, judge whether the heart beat status of current third party application respective session exists starting point, and whether each heartbeat packet corresponding to this session be continuous, if so, then judges that this heartbeat packet is legal.
Wherein, each heartbeat packet that browser sends carries out serial number according to the priority sent, and described first token status updating block 302, comprising:
Determine subelement, for the cookie information of carrying according to described heartbeat packet, determine each heartbeat packet about current sessions received;
Judgment sub-unit, for the numbering according to each heartbeat packet received, judge whether the starting point that there is heart beat status, and according to the numbering of the heartbeat packet be currently received and the numbering of each heartbeat packet that received, judge the heartbeat packet that is currently received and whether received each heartbeat packet continuous.
In addition, this system can also comprise:
Result returns unit, for after judging that whether heartbeat packet is legal, returns judged result information to browser.
For length and each length effective time extended of the effective time of access token configuration, equal with the transmission interval time lengths of heartbeat packet, or slightly larger than the transmission interval time lengths of heartbeat packet.
Can also comprise:
Token retransmission unit, for after judging that heartbeat packet is legal, provides the access token of information again to third-party application.
Also comprise:
3rd token status updating block, if for not monitoring heartbeat packet within effective time, or it is illegal to judge to monitor heartbeat packet, then described access token is set to off-line state.
Miscue unit, for after the API Calls request that the server receiving third-party application sends, if the access token carried in described API Calls request is in off-line state, and described API Calls request is access token could respond when being in line states, then return bomp information.
When described SDK is also for receiving the request of transmission heartbeat packet of third-party application, then browser is driven to send heartbeat packet.
With the embodiment of the present application two provide to carry out the method for authentication to third-party application corresponding, the embodiment of the present application additionally provides a kind of system of third-party application being carried out to authentication, described third-party application realizes based on user terminal/server framework, it is characterized in that, preset SDK is embedded with in the client of described third-party application, see Fig. 4, described system comprises:
Second token issues unit 401, for authorizing third-party application, create session and to after third-party application issues access token, described access token be set to presence, and be configured in the effective time of line states;
Second token status updating block 402, for monitoring the heartbeat packet that this third-party application client sends within described effective time, if listen to described heartbeat packet, then judge according to the legitimacy of the identity information carried in described heartbeat packet to this heartbeat packet, if described heartbeat packet is legal, then the effective time of described presence is once extended, wherein, described heartbeat packet is, subscriber authorisation is obtained at described third-party application, and under the state that is opened of the client of third-party application, described SDK drives client to send a heartbeat packet every preset time, the identity information of user is carried in described heartbeat packet,
Second call request response unit 403, when what the server end for receiving third-party application sent carries the API Calls request of access token, whether line states is in by judging that described access token is current, determine whether user is using described third-party application, and respond described API Calls request according to judged result.
Pass through the embodiment of the present application, by being embedded with the SDK that open platform provides in the page of third party App, as long as can make under the state of the page open of third party App, SDK just drives browser to send a heartbeat packet every preset time to open platform side, and in heartbeat packet, carry the cookie information under domain name belonging to open platform website; After open platform receives heartbeat packet at every turn, can verify legitimacy, if checking, then the token term of validity of respective session once can be extended, and token is set to presence, be in show that the page of third party App is current the state opened.Like this, when the API Calls request that the server receiving third party App sends, just first therefrom token can be extracted, and judge whether to be in line states, if so, then this third party App can be allowed to call the API that only just can call under presence, return corresponding user data.Otherwise, if the token carried in the API Calls request of third party App transmission is in off-line state, then can refuse this call request.Visible, make open platform can pass through to judge whether the page of third party App is in open mode in this way, judge whether active user is using this third party App, only when determining that user is using this third party App, the sensitive data of user just can be provided to third party App, therefore, the fail safe of user data can be ensured.
As seen through the above description of the embodiments, those skilled in the art can be well understood to the mode that the application can add required general hardware platform by software and realizes.Based on such understanding, the technical scheme of the application can embody with the form of software product the part that prior art contributes in essence in other words, this computer software product can be stored in storage medium, as ROM/RAM, magnetic disc, CD etc., comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform the method described in some part of each embodiment of the application or embodiment.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, between each embodiment identical similar part mutually see, what each embodiment stressed is the difference with other embodiments.Especially, for system or system embodiment, because it is substantially similar to embodiment of the method, so describe fairly simple, relevant part illustrates see the part of embodiment of the method.System described above and system embodiment are only schematic, the wherein said unit illustrated as separating component or can may not be and physically separates, parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of module wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.Those of ordinary skill in the art, when not paying creative work, are namely appreciated that and implement.
Above to the method and system of third-party application being carried out to authentication that the application provides, be described in detail, apply specific case herein to set forth the principle of the application and execution mode, the explanation of above embodiment is just for helping method and the core concept thereof of understanding the application; Meanwhile, for one of ordinary skill in the art, according to the thought of the application, all will change in specific embodiments and applications.In sum, this description should not be construed as the restriction to the application.
Claims (12)
1. third-party application is carried out to a method for authentication, described third-party application realizes based on browser/server framework, it is characterized in that, be embedded with preset SDK SDK in the page of described third-party application, described method comprises:
Authorizing third-party application, create session and to after third-party application issues access token, described access token be set to presence, and be configured in the effective time of line states;
The heartbeat packet that this third-party application place browser sends is monitored within described effective time, if listen to described heartbeat packet, then judge according to the legitimacy of the cookie information of carrying in described heartbeat packet to this heartbeat packet, if described heartbeat packet is legal, then the effective time of described presence is once extended; Wherein, described heartbeat packet is obtain subscriber authorisation at described third-party application, and under the state that is opened of the page of third-party application, drives browser to send every preset time, carry the cookie information under preset domain name in described heartbeat packet by described SDK;
Receive third-party application send carry the application programming interface API Calls request of access token time, whether line states is in by judging that described access token is current, determine whether user is using described third-party application, and respond described API Calls request according to judged result.
2. method according to claim 1, is characterized in that, authorizing third-party application, creates session and to after third-party application provides access token, also comprises:
Send session identification to described third-party application page place browser, in described session identification, carry user totem information and browser identification information, so that described browser generates cookie information.
3. method according to claim 1, is characterized in that, the legitimacy of the described cookie information according to carrying in described heartbeat packet to this heartbeat packet judges, comprising:
According to the cookie information that described heartbeat packet is carried, judge whether the heart beat status of current third party application respective session exists starting point, and whether each heartbeat packet corresponding to this session be continuous, if so, then judges that this heartbeat packet is legal.
4. method according to claim 3, it is characterized in that, each heartbeat packet that browser sends carries out serial number according to the priority sent, described cookie information of carrying according to described heartbeat packet, judge whether the heart beat status of current third party application respective session exists starting point, and whether each heartbeat packet corresponding to this session be continuous, comprising:
According to the cookie information that described heartbeat packet is carried, determine each heartbeat packet about current sessions received;
According to the numbering of each heartbeat packet received, judge whether the starting point that there is heart beat status, and according to the numbering of the heartbeat packet be currently received and the numbering of each heartbeat packet that received, judge the heartbeat packet that is currently received and whether received each heartbeat packet continuous.
5. method according to claim 1, is characterized in that, also comprises:
For length and each length effective time extended of the effective time of access token configuration, equal with the transmission interval time lengths of heartbeat packet, or slightly larger than the transmission interval time lengths of heartbeat packet.
6. the method according to any one of claim 1 to 5, is characterized in that, also comprises:
After judging that heartbeat packet is legal, again provide the access token of information to third-party application, so that the server of third-party application utilizes new access token to send API Calls request in lower heart cycle.
7. the method according to any one of claim 1 to 5, is characterized in that, also comprises:
If do not monitor heartbeat packet within effective time, or it is illegal to judge to monitor heartbeat packet, then described access token is set to off-line state.
8. method according to claim 7, is characterized in that, also comprises:
After the API Calls request that the server receiving third-party application sends, if the access token carried in described API Calls request is in off-line state, and described API Calls request is access token could respond when being in line states, then return bomp information.
9. the method according to any one of claim 1 to 5, is characterized in that, when described SDK is also for receiving the request of transmission heartbeat packet of third-party application, then drives browser to send heartbeat packet.
10. third-party application is carried out to a method for authentication, described third-party application realizes based on user terminal/server framework, it is characterized in that, is embedded with preset SDK in the client of described third-party application, and described method comprises:
Authorizing third-party application, create session and to after third-party application issues access token, described access token be set to presence, and be configured in the effective time of line states;
The heartbeat packet that this third-party application client sends is monitored within described effective time, if listen to described heartbeat packet, then judge according to the legitimacy of the identity information carried in described heartbeat packet to this heartbeat packet, if described heartbeat packet is legal, then the effective time of described presence is once extended; Wherein, described heartbeat packet is, obtains subscriber authorisation at described third-party application, and under the state that is opened of the client of third-party application, described SDK drives client to send every preset time, carries the identity information of user in described heartbeat packet;
When what the server end receiving third-party application sent carries the API Calls request of access token, whether line states is in by judging that described access token is current, determine whether user is using described third-party application, and respond described API Calls request according to judged result.
11. 1 kinds are carried out the system of authentication to third-party application, and described third-party application realizes based on browser/server framework, it is characterized in that, be embedded with preset SDK SDK in the page of described third-party application, described system comprises:
First token issues unit, for authorizing third-party application, create session and to after third-party application issues access token, described access token be set to presence, and be configured in the effective time of line states;
First token status updating block, for monitoring the heartbeat packet that this third-party application place browser sends within described effective time, if listen to described heartbeat packet, then judge according to the legitimacy of the cookie information of carrying in described heartbeat packet to this heartbeat packet, if described heartbeat packet is legal, then the effective time of described presence is once extended, wherein said heartbeat packet is, subscriber authorisation is obtained at described third-party application, and under the state that is opened of the page of third-party application, described SDK drives browser to send every preset time, the cookie information under preset domain name is carried in described heartbeat packet,
First call request response unit, for receive third-party application send carry the application programming interface API Calls request of access token time, whether line states is in by judging that described access token is current, determine whether user is using described third-party application, and respond described API Calls request according to judged result.
12. 1 kinds are carried out the system of authentication to third-party application, and described third-party application realizes based on user terminal/server framework, it is characterized in that, are embedded with preset SDK in the client of described third-party application, and described system comprises:
Second token issues unit, for authorizing third-party application, create session and to after third-party application issues access token, described access token be set to presence, and be configured in the effective time of line states;
Second token status updating block, for monitoring the heartbeat packet that this third-party application client sends within described effective time, if listen to described heartbeat packet, then judge according to the legitimacy of the identity information carried in described heartbeat packet to this heartbeat packet, if described heartbeat packet is legal, then the effective time of described presence is once extended, wherein, described heartbeat packet is, subscriber authorisation is obtained at described third-party application, and under the state that is opened of the client of third-party application, described SDK drives client to send a heartbeat packet every preset time, the identity information of user is carried in described heartbeat packet,
Second call request response unit, when what the server end for receiving third-party application sent carries the API Calls request of access token, whether line states is in by judging that described access token is current, determine whether user is using described third-party application, and respond described API Calls request according to judged result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310706124.7A CN104734849B (en) | 2013-12-19 | 2013-12-19 | The method and system that third-party application is authenticated |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310706124.7A CN104734849B (en) | 2013-12-19 | 2013-12-19 | The method and system that third-party application is authenticated |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104734849A true CN104734849A (en) | 2015-06-24 |
| CN104734849B CN104734849B (en) | 2018-09-18 |
Family
ID=53458312
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310706124.7A Active CN104734849B (en) | 2013-12-19 | 2013-12-19 | The method and system that third-party application is authenticated |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104734849B (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105450425A (en) * | 2015-12-25 | 2016-03-30 | 北京奇虎科技有限公司 | Method and device for realizing internet access control of user |
| CN106528056A (en) * | 2015-09-09 | 2017-03-22 | 阿里巴巴集团控股有限公司 | Control method and device for system function |
| WO2017121387A1 (en) * | 2016-01-15 | 2017-07-20 | 中兴通讯股份有限公司 | Resource authentication method and device |
| CN106982239A (en) * | 2016-01-18 | 2017-07-25 | 中国移动通信集团公司 | A kind of polyelectron channel report activating method and device |
| CN107196943A (en) * | 2017-05-26 | 2017-09-22 | 浙江大学 | A kind of security display implementation method of private data in third-party platform |
| CN107342966A (en) * | 2016-04-29 | 2017-11-10 | 北京京东尚科信息技术有限公司 | Authority credentials distribution method and device |
| CN107920063A (en) * | 2017-11-07 | 2018-04-17 | 杭州安恒信息技术有限公司 | A kind of method of online updating tokenID |
| CN108763921A (en) * | 2018-05-29 | 2018-11-06 | 北京迪诺益佳信息科技有限公司 | A kind of method of application software and SDK management and control |
| CN108846263A (en) * | 2018-05-31 | 2018-11-20 | 北京市商汤科技开发有限公司 | Soft ware authorization processing and operation method and device, electronic equipment |
| CN109154953A (en) * | 2016-05-20 | 2019-01-04 | 系统美捷斯株式会社 | Verification System |
| CN109165059A (en) * | 2018-07-11 | 2019-01-08 | 小草数语(北京)科技有限公司 | page locking method and device thereof |
| CN109547422A (en) * | 2018-11-09 | 2019-03-29 | 福建天泉教育科技有限公司 | A kind of method and terminal that logging state is renewed a contract automatically |
| CN109600306A (en) * | 2019-01-22 | 2019-04-09 | 腾讯科技(深圳)有限公司 | Create the method, apparatus and storage medium of session |
| CN109635596A (en) * | 2018-12-14 | 2019-04-16 | 闪联信息技术工程中心有限公司 | A kind of safety system and its guard method for multimedia touch-control all-in-one machine |
| CN105933732B (en) * | 2016-06-14 | 2019-08-27 | 天脉聚源(北京)传媒科技有限公司 | A kind of video playing duration statistical method and system |
| CN112398856A (en) * | 2020-11-17 | 2021-02-23 | 平安普惠企业管理有限公司 | Page access method, device, equipment and storage medium |
| CN112866385A (en) * | 2021-01-19 | 2021-05-28 | 北京字跳网络技术有限公司 | Interface calling method and device, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102378170A (en) * | 2010-08-27 | 2012-03-14 | 中国移动通信有限公司 | Method, device and system of authentication and service calling |
| CN102394887A (en) * | 2011-11-10 | 2012-03-28 | 杭州东信北邮信息技术有限公司 | OAuth protocol-based safety certificate method of open platform and system thereof |
| CN102611709A (en) * | 2012-03-31 | 2012-07-25 | 奇智软件(北京)有限公司 | Access control method and system for third party resources |
| CN103051630A (en) * | 2012-12-21 | 2013-04-17 | 微梦创科网络科技(中国)有限公司 | Method, device and system for implementing authorization of third-party application based on open platform |
| CN103378969A (en) * | 2012-04-12 | 2013-10-30 | 腾讯科技(北京)有限公司 | Authorization method, system and third party application system |
-
2013
- 2013-12-19 CN CN201310706124.7A patent/CN104734849B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102378170A (en) * | 2010-08-27 | 2012-03-14 | 中国移动通信有限公司 | Method, device and system of authentication and service calling |
| CN102394887A (en) * | 2011-11-10 | 2012-03-28 | 杭州东信北邮信息技术有限公司 | OAuth protocol-based safety certificate method of open platform and system thereof |
| CN102611709A (en) * | 2012-03-31 | 2012-07-25 | 奇智软件(北京)有限公司 | Access control method and system for third party resources |
| CN103378969A (en) * | 2012-04-12 | 2013-10-30 | 腾讯科技(北京)有限公司 | Authorization method, system and third party application system |
| CN103051630A (en) * | 2012-12-21 | 2013-04-17 | 微梦创科网络科技(中国)有限公司 | Method, device and system for implementing authorization of third-party application based on open platform |
Cited By (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106528056A (en) * | 2015-09-09 | 2017-03-22 | 阿里巴巴集团控股有限公司 | Control method and device for system function |
| CN105450425B (en) * | 2015-12-25 | 2019-03-01 | 北京奇虎科技有限公司 | Realize the method and device of user's online control |
| CN105450425A (en) * | 2015-12-25 | 2016-03-30 | 北京奇虎科技有限公司 | Method and device for realizing internet access control of user |
| CN106982187A (en) * | 2016-01-15 | 2017-07-25 | 中兴通讯股份有限公司 | resource authorization method and device |
| CN106982187B (en) * | 2016-01-15 | 2020-12-01 | 中兴通讯股份有限公司 | Resource authorization method and device |
| WO2017121387A1 (en) * | 2016-01-15 | 2017-07-20 | 中兴通讯股份有限公司 | Resource authentication method and device |
| CN106982239B (en) * | 2016-01-18 | 2020-01-17 | 中国移动通信集团公司 | Multi-electronic channel life reporting method and device |
| CN106982239A (en) * | 2016-01-18 | 2017-07-25 | 中国移动通信集团公司 | A kind of polyelectron channel report activating method and device |
| CN107342966B (en) * | 2016-04-29 | 2019-05-03 | 北京京东尚科信息技术有限公司 | Authority credentials distribution method and device |
| CN107342966A (en) * | 2016-04-29 | 2017-11-10 | 北京京东尚科信息技术有限公司 | Authority credentials distribution method and device |
| CN109154953A (en) * | 2016-05-20 | 2019-01-04 | 系统美捷斯株式会社 | Verification System |
| CN109154953B (en) * | 2016-05-20 | 2023-06-13 | 系统美捷斯株式会社 | Authentication system |
| CN105933732B (en) * | 2016-06-14 | 2019-08-27 | 天脉聚源(北京)传媒科技有限公司 | A kind of video playing duration statistical method and system |
| CN107196943B (en) * | 2017-05-26 | 2019-09-20 | 浙江大学 | A kind of security display implementation method of private data in third-party platform |
| CN107196943A (en) * | 2017-05-26 | 2017-09-22 | 浙江大学 | A kind of security display implementation method of private data in third-party platform |
| CN107920063A (en) * | 2017-11-07 | 2018-04-17 | 杭州安恒信息技术有限公司 | A kind of method of online updating tokenID |
| CN108763921A (en) * | 2018-05-29 | 2018-11-06 | 北京迪诺益佳信息科技有限公司 | A kind of method of application software and SDK management and control |
| CN108846263B (en) * | 2018-05-31 | 2020-10-27 | 北京市商汤科技开发有限公司 | Software authorization processing and running method and device and electronic equipment |
| CN108846263A (en) * | 2018-05-31 | 2018-11-20 | 北京市商汤科技开发有限公司 | Soft ware authorization processing and operation method and device, electronic equipment |
| CN109165059A (en) * | 2018-07-11 | 2019-01-08 | 小草数语(北京)科技有限公司 | page locking method and device thereof |
| CN109165059B (en) * | 2018-07-11 | 2022-03-22 | 绿湾网络科技有限公司 | Page locking method and device |
| CN109547422A (en) * | 2018-11-09 | 2019-03-29 | 福建天泉教育科技有限公司 | A kind of method and terminal that logging state is renewed a contract automatically |
| CN109635596A (en) * | 2018-12-14 | 2019-04-16 | 闪联信息技术工程中心有限公司 | A kind of safety system and its guard method for multimedia touch-control all-in-one machine |
| CN109635596B (en) * | 2018-12-14 | 2024-04-12 | 闪联信息技术工程中心有限公司 | Safety protection system and method for multimedia touch control integrated machine |
| CN109600306A (en) * | 2019-01-22 | 2019-04-09 | 腾讯科技(深圳)有限公司 | Create the method, apparatus and storage medium of session |
| CN109600306B (en) * | 2019-01-22 | 2020-10-27 | 腾讯科技(深圳)有限公司 | Method, device and storage medium for creating session |
| CN112398856A (en) * | 2020-11-17 | 2021-02-23 | 平安普惠企业管理有限公司 | Page access method, device, equipment and storage medium |
| CN112398856B (en) * | 2020-11-17 | 2022-11-29 | 平安普惠企业管理有限公司 | Page access method, device, equipment and storage medium |
| CN112866385A (en) * | 2021-01-19 | 2021-05-28 | 北京字跳网络技术有限公司 | Interface calling method and device, electronic equipment and storage medium |
| CN112866385B (en) * | 2021-01-19 | 2022-06-24 | 北京字跳网络技术有限公司 | Interface calling method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104734849B (en) | 2018-09-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104734849A (en) | Method and system for conducting authentication on third-party application | |
| US11206247B2 (en) | System and method for providing controlled application programming interface security | |
| EP2307982B1 (en) | Method and service integration platform system for providing internet services | |
| US8613055B1 (en) | Methods and apparatus for selecting an authentication mode at time of issuance of an access token | |
| CN104283841B (en) | The method, apparatus and system of service access control are carried out to third-party application | |
| CN101227468B (en) | Method, device and system for authenticating user to network | |
| CN102624739B (en) | Authentication and authorization method and system applied to client platform | |
| US10547602B2 (en) | Communications methods and apparatus related to web initiated sessions | |
| CN105324785B (en) | Online transaction verification | |
| US9009793B2 (en) | Dynamic pin dual factor authentication using mobile device | |
| WO2015168641A1 (en) | System and method for carrying strong authentication events over different channels | |
| CN104113549A (en) | Platform authorization method, platform server side, application client side and system | |
| EP2974214A1 (en) | Systems and methods for using imaging to authenticate online users | |
| CN111355713B (en) | Proxy access method, device, proxy gateway and readable storage medium | |
| CN104580112B (en) | A kind of service authentication method, system and server | |
| US20160241536A1 (en) | System and methods for user authentication across multiple domains | |
| CN110069909A (en) | It is a kind of to exempt from the close method and device for logging in third party system | |
| US9210155B2 (en) | System and method of extending a host website | |
| CN109040030A (en) | Single-point logging method and system | |
| KR102116587B1 (en) | Method and system using a cyber id to provide secure transactions | |
| CN113922982A (en) | Login method, electronic device and computer-readable storage medium | |
| CN108076077A (en) | A kind of conversation controlling method and device | |
| CN108462671A (en) | A kind of authentication protection method and system based on reverse proxy | |
| CN107172038B (en) | Information processing method, platform, assembly and system for providing security service | |
| CN109495458A (en) | A kind of method, system and the associated component of data transmission |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |