CN106470190A - A kind of Web real-time communication platform authentication cut-in method and device - Google Patents
A kind of Web real-time communication platform authentication cut-in method and device Download PDFInfo
- Publication number
- CN106470190A CN106470190A CN201510510506.1A CN201510510506A CN106470190A CN 106470190 A CN106470190 A CN 106470190A CN 201510510506 A CN201510510506 A CN 201510510506A CN 106470190 A CN106470190 A CN 106470190A
- Authority
- CN
- China
- Prior art keywords
- time communication
- web real
- effective
- power
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000004891 communication Methods 0.000 title claims abstract description 232
- 238000000034 method Methods 0.000 title claims abstract description 118
- 238000012795 verification Methods 0.000 claims abstract description 62
- 230000005540 biological transmission Effects 0.000 claims description 40
- 230000008569 process Effects 0.000 claims description 40
- 239000000284 extract Substances 0.000 claims description 17
- 230000000694 effects Effects 0.000 claims description 9
- 238000012545 processing Methods 0.000 claims description 9
- 238000012360 testing method Methods 0.000 claims description 8
- 238000010586 diagram Methods 0.000 description 12
- 230000011664 signaling Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 241000196324 Embryophyta Species 0.000 description 1
- 244000097202 Rathbunia alamosensis Species 0.000 description 1
- 235000009776 Rathbunia alamosensis Nutrition 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000002411 adverse Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 230000011218 segmentation Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/40—Support for services or applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
The present invention provides a kind of Web real-time communication platform authentication cut-in method and device, and wherein method includes:Receive the logging request carrying checking information that the application of Web real-time Communication for Power sends, the logging request that the application of Web real-time Communication for Power is sent is verified, and return the login authentication success message during success of checking information login authentication;Authentication verification is carried out to the checking information after login authentication success, after authentication verification success, apply to Web real-time Communication for Power and send effective access token and unique identity, make the application of Web real-time Communication for Power direct the user to Web real-time Communication for Power application homepage according to the unique identity receiving, and the connection with Web real-time communication server WS is set up according to effective access token.The embodiment of the present invention can strengthen the user account safety of Web real-time communication service platform, and the user for Web real-time communication service and Web real-time communication service platform provide security guarantee.
Description
Technical field
The present invention relates to communication technical field, more particularly, to a kind of Web real-time communication platform authentication access side
Method and device.
Background technology
WebRTC (Web Real-Time Communication, Web real-time Communication for Power) is that a support is clear
Device of looking at carries out the technology that real-time audio and video call data is shared.WebRTC application can be without plug-in unit
In the case of directly pass through that browser carries out real time phone call and file transmits.On specific service implementation, communication
Side is serviced using WebRTC using the account independent of IP.Although industry WebRTC service platform is all
Have the network element entity being responsible for logging in authentication, but the function of providing is fairly simple, only includes basic login and tests
Card function, the adverse consequencess that this way leads to are that the safety of nusrmgr.cpl is poor, and then presence is drawn
Send out the risk of platform service safety.Additionally, business towards the user only having itself it is impossible to branch out
Use category.
One kind more widespread practice that industry branches out using category is to authorize mark using Oauth is open
Accurate.Wherein compare representational inclusion Sina weibo open platform, Facebook open platform etc..Value
Obtain it is noted that these open platforms are in the middle of the process being authenticated based on Oauth authorizing, generally existing
Problem be that the validated user of open platform could access and use the service that platform provides, other third parties connect
The user entering platform does not possess the ability using open platform service.In such a mode, based on open platform
The user being also limited to fixation using category of the open application of third-party platform of service ability exploitation
Scope, that is, these users are the user of third party's access platform, are the users of open platform again.In short,
What this way was expanded is the range of service, rather than user scope.
Content of the invention
It is an object of the invention to provide a kind of Web real-time communication platform authentication cut-in method and device, can
To strengthen the user account safety of WebRTC service platform, and effectively expand WebRTC service platform
User's category.
The embodiment of the present invention provides a kind of Web real-time communication platform to authenticate cut-in method, is applied to Web real
Shi Tongxin logs in authentication network element entity WAS, and methods described includes:
Receive the logging request carrying checking information that the application of Web real-time Communication for Power sends, real to described Web
When the described logging request that sends of communications applications verified, and return the success of described checking information login authentication
When login authentication success message;
Authentication verification is carried out to the checking information after login authentication success, after authentication verification success, to described
The application of Web real-time Communication for Power sends effective access token and unique identity so that described Web leads in real time
Letter application directs the user to Web real-time Communication for Power application homepage according to the unique identity receiving, and
Connection with Web real-time communication server WS is set up according to effective access token.
Wherein, the described described logging request that the application of described Web real-time Communication for Power is sent is verified, and
Return login authentication success message during described checking information login authentication success, including:
Receive the logging request carrying checking information that described Web real-time Communication for Power application sends, according to described
Logging request generates random number R andomNumer, is stored in session and returns to together with login page
Described Web real-time Communication for Power application;
Receive that the application of described Web real-time Communication for Power sends described checking information is encrypted after generate the
One encrypted result Hashone, user name username and RandomNumber;
Data base verifies to described username, and to receiving described Hashone and described
RandomNumber is encrypted computing and obtains the second encrypted result Hashtwo;
Corresponding password Password_Hash is found in data base according to described username, to described
Password_Hash is encrypted with the described RandomNumber being stored in session and is calculated the 3rd encryption
Result Hashthree;
Judge whether described Hashthree is consistent with described Hashtwo, when both consistent then explanation logins are tested
Demonstrate,prove successfully, apply to described Web real-time Communication for Power and return login authentication success message.
Wherein, the checking information after the described success to login authentication carries out authentication verification, in authentication verification success
Afterwards, apply to described Web real-time Communication for Power and send effective access token and unique identity, including:
Described checking information is carried out with authentication verification, generates effective client code Codeclient and be back to
Described Web real-time Communication for Power application, is applied the effective Codeclient receiving by described Web real-time Communication for Power
Write in itself session;
Receive that the application of described Web real-time Communication for Power sends carry effective Codeclient authorizing information super civilian
This host-host protocol HTTP request, verifies to effective Codeclient, is verified described Web backward
Real-time Communication for Power application sends effective access token, is applied effective by receive by described Web real-time Communication for Power
Access token writes in itself session;
Receive the authorizing information HTTP carrying effective access token that described Web real-time Communication for Power application sends
Request, verifies to effective access token, is verified described Web real-time Communication for Power application WA backward
Send unique identity.
Wherein, when described Web real-time Communication for Power is applied as current platform Web real-time Communication for Power application WA,
Described described checking information is carried out with authentication verification, generate effective client code Codeclient and be simultaneously back to
Described Web real-time Communication for Power application, specially:
Described checking information is carried out with authentication verification, generates code Code and effective Codeclient, and will
The Code generating is stored, and the effective Codeclient generating is sent to described WA, wherein said
Checking information includes first user name Username1 and first password Password1.
Wherein, before the logging request carrying checking information receiving that described WA sends, methods described
Also include:
Receive described WA send the verification process HTTP of the first access token carrying in itself session please
Ask, the first access token is verified;
Send the invalid message of the first access token to described WA, receive carrying certainly of described WA transmission
The authentication process HTTP request of a Codeclient in body session, verifies to a Codeclient,
Check whether the Code value in itself session is expired after authentication failed;
When the Code value in itself session is expired, jump to WAS login interface.
Wherein, when sending the effective message of the first access token to described WA, methods described includes:
Send unique identity to described WA so that described WA calls the various of described WS offer
Service.
Wherein, when the Code value in itself session does not have expired, methods described includes:
Directly return effective Codeclient corresponding with described WA to described WA.
Wherein, when described Web real-time Communication for Power applies the Web real-time Communication for Power application for third party's business platform
During TPWA, before the logging request carrying checking information receiving that described TPWA sends, methods described
Also include:
Receive the application access request that described TPWA sends, after described application access request is checked and approved,
Return third-party application identity and the second password to described TPWA, described checking information includes the 3rd
Square application identity mark and the second password.
Wherein, methods described also includes:
After third-party application identity and the second password authentification success, generate effective Codeclient, right
Effectively Codeclient is verified, after being proved to be successful, generates temporary visit token and is back to described TPWA;
After temporary visit token authentication is passed through, generate temporary user name and send to described TPWA so that described
TPWA is redirected to homepage.
The embodiment of the present invention also provides a kind of Web real-time communication platform authentication cut-in method, is applied to Web
Real-time Communication for Power is applied, and methods described includes:
Log in authentication network element entity WAS to Web real-time Communication for Power and send the logging request carrying checking information,
The logging request that described WAS sends to the application of described Web real-time Communication for Power is verified;
Receive the login authentication success message that described WAS returns;
After described WAS carries out authentication verification success to the checking information after login authentication success, receive institute
State effective access token and the unique identity of WAS transmission, will according to the unique identity receiving
User is directed to Web real-time Communication for Power application homepage, and is led in real time with Web according to the foundation of effective access token
The connection of telecommunications services device WS.
Wherein, described transmission to Web real-time Communication for Power login authentication network element entity WAS carries checking information
Logging request so that described WAS to described Web real-time Communication for Power application send logging request verify,
Including:
Send the logging request carrying checking information to described WAS, and receive taking of described WAS return
Login page with random number R andomNumber;
Described checking information is encrypted generation the first encrypted result Hashone, by described Hashone,
User name username and described RandomNumber sends to described WAS so that described WAS
According to the described Hashone receiving, described Username and described RandomNumber to described Web
The logging request that real-time Communication for Power application sends is verified.
Wherein, the step of the described effective access token receiving described WAS transmission and unique identity,
Including:
Receive described WAS according to the effective client code generating in described checking information authentication verification
Codeclient, the effective Codeclient receiving is write in itself session;
Send to described WAS and carry the authorizing information HTTP request of effective Codeclient so that described
WAS verifies to effective Codeclient, and it is logical in effective Codeclient checking to receive described WAS
Later the effective access token sending, the effective access token receiving is write in itself session;
Send to described WAS and carry the authorizing information HTTP request of effective access token so that described
WAS verifies to effective access token, receives the unique identities that described WAS sends after being verified
Mark.
Wherein, when Web real-time Communication for Power is applied as current platform Web real-time Communication for Power application WA, described
Before carrying the logging request of checking information to the login authentication network element entity WAS transmission of Web real-time Communication for Power,
Methods described also includes:
Send the verification process HTTP request of the first access token carrying in itself session to described WAS,
By described WAS, the first access token is verified;
Receive the invalid message of the first access token of described WAS transmission, send to described WAS and carry
The authentication process HTTP request of a Codeclient in itself session, by described WAS to first
Codeclient is verified, and checks after authentication failed whether the Code value in itself session is expired,
When the Code value in itself session of described WAS is expired, jump to WAS login interface.
Wherein, when receiving the effective message of the first access token that described WAS sends, methods described bag
Include:
Receive described WAS and send unique identity, call the various services that described WS provides.
Wherein, when the Code value in itself session of described WAS does not have expired, methods described also includes:
Receive described WAS and return effective Codeclient corresponding with described WA.
Wherein, when described Web real-time Communication for Power applies the Web real-time Communication for Power application for third party's business platform
During TPWA, log in authentication network element entity WAS transmission to Web real-time Communication for Power and carry stepping on of checking information
Before record request, methods described also includes:
Send application access request to described WAS, by described WAS, described application access request is carried out
Check and approve;
Receive third-party application identity and the second password that described WAS sends, described checking information bag
Include third-party application identity and the second password;
Set up with third party's business platform and be connected, complete the login authentication in third party's business platform.
Wherein, methods described also includes:
Receive effective Codeclient that described WAS generates, by the effective Codeclient write receiving certainly
In body session;
Send to described WAS and carry the authorizing information HTTP request of effective Codeclient so that described
WAS verifies to effective Codeclient, and it is logical in effective Codeclient checking to receive described WAS
Later the temporary visit token sending, the temporary visit receiving token is write in itself session;
Send to described WAS and carry the authorizing information HTTP request of temporary visit token so that described
WAS verifies to temporary visit token, receives described WAS and send unique identities mark after being verified
Know.
The embodiment of the present invention also provides a kind of Web real-time communication platform authentication cut-in method, is applied to Web
Real-time communication server WS, methods described includes:
Receive the WebSocket connection request carrying effective access token that browser sends;
Extract effective access token, log in authentication network element entity WAS transmission to Web real-time Communication for Power and carry
The verification process HTTP request of effect access token, is verified to effective access token by described WAS,
Return is verified information;
Receive described WAS return is verified information, returns successful connection message to browser, completes
Connection with each Web real-time Communication for Power application under browser.
The embodiment of the present invention also provides a kind of Web real-time communication platform authentication access device, is applied to Web
Real-time Communication for Power logs in authentication network element entity WAS, and described device includes:
Receive authentication module, for receiving the login carrying checking information that the application of Web real-time Communication for Power sends
Request, the described logging request that the application of described Web real-time Communication for Power is sent is verified, and returns described
Login authentication success message during the success of checking information login authentication;
Checking sending module, for carrying out authentication verification to the checking information after login authentication success, in authentication
After being proved to be successful, apply to described Web real-time Communication for Power and send effective access token and unique identity,
Described Web real-time Communication for Power application is made to direct the user to Web according to the unique identity receiving real
When communications applications homepage, and set up and the company of Web real-time communication server WS according to effective access token
Connect.
The embodiment of the present invention also provides a kind of Web real-time communication platform authentication access device, is applied to Web
Real-time Communication for Power is applied, and described device includes:
Second sending module, tests for sending to carry to Web real-time Communication for Power login authentication network element entity WAS
The logging request of card information is so that described WAS applies, to described Web real-time Communication for Power, the logging request sending
Verified;
Second receiver module, for receiving the login authentication success message that described WAS returns;
Fourth processing module, for authenticating to the checking information after login authentication success in described WAS
After being proved to be successful, receive effective access token and the unique identity that described WAS sends, according to reception
To unique identity direct the user to Web real-time Communication for Power application homepage, and access order according to effective
The connection with Web real-time communication server WS set up by board.
The embodiment of the present invention also provides a kind of Web real-time communication platform authentication access device, is applied to Web
Real-time communication server WS, described device includes:
5th receiver module, for receiving the WebSocket carrying effective access token of browser transmission
Connection request;
Extract sending module, for extracting effective access token, log in authentication network element to Web real-time Communication for Power
Entity WAS sends and carries the verification process HTTP request of effective access token, by described WAS to having
Effect access token is verified, returns and is verified information;
Receive and return module, be verified information for receive that described WAS returns, return to browser
Successful connection message, completes the connection with each Web real-time Communication for Power application under browser.
Embodiment of the present invention technique scheme at least includes following technique effect:
So that WebRTC application obtains WAS after carrying out to checking information logging in authentication verification success
The effective access token issued and unique identity, and then can be each using the offer of WebRTC platform
Plant instant messaging service, thus providing safety for the user and WebRTC service platform of WebRTC service
Property ensure;And provide WebRTC service platform difference WebRTC application between single sign-on capability,
So that same user is more convenient when switching between different WebRTC apply;Further, it is
The WebRTC application of third party's business platform provides the access capability of Oauth2.0 so that third party's business
WebRTC application on platform obtains the various instant messaging service ability providing using WebRTC platform,
And then greatly expand user's category of WebRTC platform service.
Brief description
Fig. 1 is that embodiment of the present invention Web real-time communication platform authenticates cut-in method steps flow chart schematic diagram one;
Fig. 2 is embodiment of the present invention WebRTC service platform typical architecture figure;
Fig. 3 is that embodiment of the present invention Web real-time communication platform authenticates cut-in method steps flow chart schematic diagram two;
Fig. 4 is that embodiment of the present invention Web real-time communication platform authenticates cut-in method steps flow chart schematic diagram three;
Fig. 5 is that embodiment of the present invention Web real-time communication platform authenticates cut-in method steps flow chart schematic diagram four;
Fig. 6 accesses different WebRTC applications for the embodiment of the present invention, supports the schematic diagram of single-sign-on;
Fig. 7 is that embodiment of the present invention Web real-time communication platform authenticates cut-in method steps flow chart schematic diagram five;
Fig. 8 is that embodiment of the present invention Web real-time communication platform authenticates cut-in method steps flow chart schematic diagram six;
Fig. 9 is carried out for after the WebRTC application access WAS of embodiment of the present invention third-party platform
The typical architecture figure of WebRTC communication;
Figure 10 is that embodiment of the present invention Web real-time communication platform authenticates cut-in method steps flow chart schematic diagram seven;
Figure 11 is that embodiment of the present invention Web real-time communication platform authenticates access device schematic diagram one;
Figure 12 is that embodiment of the present invention Web real-time communication platform authenticates access device schematic diagram two;
Figure 13 is that embodiment of the present invention Web real-time communication platform authenticates access device schematic diagram three.
Specific embodiment
For making the technical problem to be solved in the present invention, technical scheme and advantage clearer, below in conjunction with attached
Figure and specific embodiment are described in detail.
The embodiment of the present invention provides a kind of Web real-time communication platform to authenticate cut-in method, is applied to Web real
Shi Tongxin logs in authentication network element entity (WebRTC Authentication Server, WAS), as Fig. 1 institute
Show, methods described includes:
The logging request carrying checking information that step S101, reception Web real-time Communication for Power application send is right
The described logging request that described Web real-time Communication for Power application sends is verified, and returns described checking information
Login authentication success message during login authentication success;
Step S102, authentication verification is carried out to the checking information after login authentication success, become in authentication verification
After work(, apply to described Web real-time Communication for Power and send effective access token and unique identity so that institute
State the application of Web real-time Communication for Power and Web real-time Communication for Power is directed the user to according to the unique identity receiving
Application homepage, and the connection with Web real-time communication server WS is set up according to effective access token.
Specifically, receive that WebRTC application sends carry the logging request of checking information after, to login
Request is verified, and applies return login authentication success message to WebRTC after being proved to be successful, with
When after login authentication success, need to carry out authentication verification to the checking information after login authentication success, and
Apply to WebRTC after authentication success and send effective access token and unique identity, WebRTC should
Being used in can be using the offer of WebRTC platform after receiving unique identity and effective access token
Various instant messaging services, wherein access token can be abbreviated as AccessToken.
The embodiment of the present invention, by providing Oauth2.0 to log in authentication capability for WebRTC service platform, makes
Obtain WebRTC to apply only after effective access token that acquisition WAS issues and unique identity
The various instant messaging services that can be provided using WebRTC platform, thus the use for WebRTC service
Family and WebRTC service platform provide security guarantee.
As shown in Fig. 2 be using WAS of the present invention after WebRTC service platform typical architecture figure.
Including WAS, WebRTC server (WebRTC Server, WS) and WebRTC apply.User
When being applied using WebRTC, need the login authentication by WAS, just can use WebRTC
The real-time communication service based on WebRTC service platform that application provides.
In the above embodiment of the present invention, step S101 includes:
The logging request carrying checking information that step S1011, reception described Web real-time Communication for Power application send,
According to described logging request generate random number R andomNumer, be stored in session and with login page one
Rise and return to described Web real-time Communication for Power application;
What step S1012, reception described Web real-time Communication for Power application sent carries out to described checking information adding
The first encrypted result Hashone, user name username and the RandomNumber generating after close;
Step S1013, in data base, described username is verified, and described to receiving
Hashone and described RandomNumber is encrypted computing and obtains the second encrypted result Hashtwo;
Step S1014, corresponding password is found in data base according to described username
Password_Hash, to the described Password_Hash and described RandomNumber being stored in session
It is encrypted and be calculated the 3rd encrypted result Hashthree;
Step S1015, judge whether described Hashthree is consistent with described Hashtwo, when both are consistent
Then the success of explanation login authentication, applies to described Web real-time Communication for Power and returns login authentication success message.
Specifically, receive that WebRTC application sends carry the logging request of checking information after, root
Generate random number R andomNumer according to logging request, RandomNumer is stored in itself and currently can
In words, and the User logs in page is returned to WebRTC application together with RandomNumer.Wherein test
Card information includes:User name username and password Password.
User input checking information, Hash encryption is done in WebRTC application to checking information:
Hashone=MD5 (MD5 (Password), Username) obtains Hashone.Receive WebRTC application
Hashone, Username and the RandomNumber sending, and verify Username in data base
Presence, when the result that obtains of checking be Username in data base in the presence of, then should to WebRTC
Carry out second Hash fortune with the RandomNumber that the Hashone and WebRTC application sending sends
Calculate Hashtwo=MD5 (HASH (RandomNumber), Hashone), obtain Hashtwo.
According to Username, in data base, search password Password_Hash corresponding with Username,
It should be noted that in data base, password Password_Hash is not stored in clear, but during user's registration
Store after validation information and after carrying out Hash encryption, i.e. Password_Hash=MD5 (MD5
(Password), Username) computing obtains.The Password_Hash being obtained according to lookup and session
The RandomNumber of middle storage, carries out being calculated Hashthree using Hash operation:Hashthree
=MD5 (HASH (RandomNumber), Password_Hash).
Whether relatively Hashthree with Hashtwo be consistent, if consistent, login authentication success is described.No
Whether pipe is proved to be successful, and RandomNumber will be abandoned, and when logging in, WAS will produce newly next time
Random number participate in ciphering process.
In the above embodiment of the present invention, step S102 includes:
Step S1021, authentication verification that described checking information is carried out, generate effective client code
Codeclient is simultaneously back to described Web real-time Communication for Power application, will be connect by the application of described Web real-time Communication for Power
The effective Codeclient receiving writes in itself session;
The letter carrying effective Codeclient that step S1022, reception described Web real-time Communication for Power application send
Breath authorizes HTTP request, and effective Codeclient is verified, is verified described Web backward real
When communications applications send effective access token, by the application of described Web real-time Communication for Power by the effective visit receiving
Ask that token writes in itself session;
The letter carrying effective access token that step S1023, reception described Web real-time Communication for Power application send
Breath authorizes HTTP request, effective access token is verified, is verified described Web backward real-time
Communications applications WA send unique identity.
Specifically, WAS carries out authentication verification to checking information, send after generating effective Codeclient to
WebRTC applies, and WebRTC applies and writes in itself session after receiving effective Codeclient.So
Afterwards WAS to WebRTC application send effective Codeclient verify, be verified to
WebRTC application sends effective access token, and effective access token is write itself meeting by WebRTC application
In words.Effective access token that WAS sends to WebRTC application is verified, sends after being verified
Unique identity so that WebRTC apply receive effective access token and unique identity it
The various instant messaging services that can be provided using WebRTC platform afterwards.
In the above embodiment of the present invention, when described Web real-time Communication for Power apply real-time for current platform Web
During communications applications WA, described described checking information is carried out with authentication verification, generate effective client code
Codeclient is simultaneously back to described Web real-time Communication for Power application, specially:
Described checking information is carried out with authentication verification, generates code Code and effective Codeclient, and will
The Code generating is stored, and the effective Codeclient generating is sent to described WA, wherein said
Checking information includes first user name Username1 and first password Password1.
Specifically, the chief argument that whether Code logs in for user, is only stored in WAS it is impossible to incite somebody to action
Code returns to WA, but WA needs a similar Code, thus carry this Code to go to take
Obtain effective access token.In embodiments of the present invention, authenticated in checking information corresponding to each WA
After being proved to be successful, an effective Codeclient can be produced as the replacement of Code, and by Code with
Codeclient relation stores in data base, and wherein effectively the effective access token of Codeclient corresponds.
WA can carry effective access token to obtain user name and other users information, WebRTC simultaneously
In system, connect WS server and also will carry effective access token, obtain effective access token first only
One mode is to provide effective Codeclient.
In the above embodiment of the present invention, ask in the login carrying checking information receiving described WA transmission
Before asking, methods described also includes:
Receive described WA send the verification process HTTP of the first access token carrying in itself session please
Ask, the first access token is verified;
Send the invalid message of the first access token to described WA, receive carrying certainly of described WA transmission
The authentication process HTTP request of a Codeclient in body session, verifies to a Codeclient,
Check whether the Code value in itself session is expired after authentication failed;
When the Code value in itself session is expired, jump to WAS login interface.
Specifically, as shown in figure 3, WA extracts the first access token in itself session, WAS is to WA
The first access token carrying in itself session sending is verified, obstructed out-of-date when verifying, to WA
Return and do not pass through information.WA is receiving checking not after information, extracts first in itself session
The Codeclient and Redirect Address redirectURL specifying in advance sends authentication process HTTP to WAS
Request, WAS verifies to a Codeclient, obstructed out-of-date when verifying, returns obstructed to WA
Cross information.Now WAS checks that in itself session, Code value is invalid, jumps to WAS itself login interface.
User input Username1 and Password1, are stepping on to Username1 and Password1
After record is proved to be successful, need Username1 and Password1 is carried out authentication verification, WAS generates Code
With effective Codeclient, the session of WAS stores Code, be redirected to WA next the resetting of transmission
To address, the effective Codeclient for WA is returned by Redirect Address.WA is by having of receiving
Effect Codeclient writes in the session of itself, and the information carrying effective Codeclient to WAS transmission is awarded
Power HTTP request, WAS verifies to effective Codeclient, and after being verified, return has
Effect access token.WA writes the effective access token receiving in the session of itself, sends to WAS
Carry the authorizing information HTTP request of effective access token, WAS verifies to effective access token,
And after being verified, return unique identity, that is, first user name, WA is redirected to application
Homepage.Then WA carries effective access token and initiates WebSocket connection request to WS, and WS extracts
Effectively access token, sends verification process HTTP request to WAS, and WAS is verified, and returns logical
Cross information, WS returns successful connection message to WA, and so far, WA is successfully connected WS, can send
Or the related signaling of reception WebRTC, and then the related service being provided using WebRTC server WS.
In the above embodiment of the present invention, when logging on same WA, the access token in WA is to have
Effect access token, its detailed process is as follows:
As shown in figure 4, user refreshes the uniform resource position mark URL of WA, WA extracts itself session
In effective access token, to WAS send verification process HTTP request, after being proved to be successful through WAS
Pass back through information.Send the authorizing information HTTP request carrying effective access token, WAS to WAS
Effective access token is verified, and after being verified, returns unique identity, WA redirects
To application homepage.Then WA carries effective access token and initiates WebSocket connection request to WS,
WS extracts effective access token, sends verification process HTTP request to WAS, and WAS is verified,
Pass back through information, WS returns successful connection message to WA, and so far, WA is successfully connected WS, can
To send or to receive the related signaling of WebRTC, and then the phase providing using WebRTC server WS
Close service.
In the above embodiment of the present invention, when user has had logged on some WebRTC application of WAS,
User clicks on the link of other application in this application it is not necessary to user inputs user name password again, can
To be directly logged onto in other application.Idiographic flow is as shown in Figure 5:
User input WebRTC applies the URL, WA1 of 1 (WebRTC Application 1, WA1)
Complete to log in the flow process of authentication, return WA1 homepage.User clicks on other (WebRTC in WA1 homepage
Application 2, WA2) link URL.WA2 extracts the second access token in itself session,
WAS verifies to the second access token, obstructed out-of-date when verifying, returns to WA2 and does not pass through information.
WA2 is receiving checking not after information, extracts the 2nd Codeclient and the thing in itself session
The Redirect Address redirectURL first specifying, sends authentication process HTTP request, WAS to WAS
2nd Codeclient is verified, obstructed out-of-date when verifying, return to WA2 and do not pass through information.This
When WAS check in itself session that Code value effectively, generates effective Codeclient, by Redirect Address
Passback is for effective Codeclient of WA2.
WA2 writes the effective Codeclient receiving in the session of itself, sends to WAS and carries
The authorizing information HTTP request of effect Codeclient, WAS verifies to effective Codeclient, and
After being verified, return effective access token.The effective access token receiving is write itself by WA2
Session in, send to WAS and carry the authorizing information HTTP request of effective access token, WAS pair
Effectively access token is verified, and after being verified, returns unique identity, and WA2 redirects
To application homepage.
Then WA2 carries effective access token and initiates WebSocket connection request to WS, and WS extracts
Effectively access token, sends verification process HTTP request to WAS, and WAS is verified, and returns logical
Cross information, WS returns successful connection message to WA2, and so far, WA2 is successfully connected WS, Ke Yifa
Send or receive the related signaling of WebRTC, and then the related clothes providing using WebRTC server WS
Business.
Fig. 6 be using WAS of the present invention after, be concurrently accessed different WA, single sign-on capability be provided
Schematic diagram.If a certain user has completed the login authentication process and WAS between when using WA1,
When then accessing WA2 in WA1, WA2 can initiate single-sign-on process and WAS between so that
User, without inputting user name password again, is directly directly stepped on using the account information during login WA1
Record WA2.
In the above embodiment of the present invention, when described Web real-time Communication for Power is applied as third party's business platform
During Web real-time Communication for Power application TPWA, the login carrying checking information receiving described TPWA transmission is asked
Before asking, methods described also includes:
Receive the application access request that described TPWA sends, after described application access request is checked and approved,
Return third-party application identity and the second password to described TPWA, described checking information includes the 3rd
Square application identity mark and the second password.Here third-party application identity and above-mentioned user name institute's generation
The implication of table is identical, and user name is a general overview to first user name and third-party application identity,
Password is the general overview to first password and the second password.
Return after third-party application identity and the second password to described TPWA, taken by described TPWA
Band third-party application identity and the second password to described WAS send logging request, described WAS pair
Third-party application identity and the second password are verified.
After to third-party application identity and the second password authentification success, to third-party application identity
Carry out authentication verification with the second password, generate effective Codeclient, effective Codeclient is verified,
After being proved to be successful, generate temporary visit token and be back to described TPWA;Temporary visit token authentication is passed through
Afterwards, generate temporary user name to send to described TPWA so that described TPWA is redirected to homepage.
The embodiment of the present invention also provides a kind of Web real-time communication platform authentication cut-in method, is applied to Web
Real-time Communication for Power is applied, as shown in fig. 7, methods described includes:
Step S201, to Web real-time Communication for Power log in authentication network element entity WAS send carry checking information
Logging request so that described WAS to described Web real-time Communication for Power application send logging request test
Card;
The login authentication success message that step S202, the described WAS of reception return;
Step S203, described WAS the checking information after login authentication success is carried out authentication verification success
Afterwards, receive effective access token and the unique identity that described WAS sends, unique according to receive
Identity directs the user to Web real-time Communication for Power application homepage, and according to effective access token set up with
The connection of Web real-time communication server WS.
Specifically, WebRTC application sends the logging request carrying checking information to WAS, by WAS pair
Logging request is verified, and applies return login authentication success message to WebRTC after being proved to be successful,
WAS needs the checking information after login authentication success is carried out authentication verification simultaneously, and WebRTC application connects
Effective access token and unique identity that after being received in authentication success, WAS sends, WebRTC applies
Can be various using the offer of WebRTC platform after receiving effective access token and unique identity
Instant messaging services.
WebRTC application is only after effective access token that acquisition WAS issues and unique identity
The various instant messaging services that just can be provided using WebRTC platform, thus service for WebRTC
User and WebRTC service platform provide security guarantee.
In the above embodiment of the present invention, step S201 includes:
Step S2011, send to described WAS and carry the logging request of checking information, and receive described WAS
The login page carrying random number R andomNumber returning;
Step S2012, described checking information is encrypted generation the first encrypted result Hashone, by institute
State Hashone, user name Username and described RandomNumber to send to described WAS, make
Obtain described WAS according to the described Hashone receiving, described Username and described RandomNumber
The logging request that the application of described Web real-time Communication for Power is sent is verified.
Specifically, carry after the logging request of checking information to WAS transmission, WAS can be according to logging request
Generate random number R andomNumer, receive WAS send the User logs in page with
RandomNumer.Then user input checking information, checking information includes user name Username and close
Code Password, WebRTC interface applications receive checking information and carry out Hash computations:
Hashone=MD5 (MD5 (Password), Username) obtains Hashone.To WAS send Hashone,
Username and RandomNumber, by WAS to reception after finding Username in data base
To Hashone and RandomNumber carry out second Hash cryptographic calculation, to obtain Hashtwo:
Hashtwo=MD5 (HASH (RandomNumber), Hashone), and according to corresponding with Username
In password Password_Hash and session, the RandomNumber of storage, is calculated using Hash operation
Obtain Hashthree:Hashthree=MD5 (HASH (RandomNumber), Password_Hash).
Whether relatively Hashthree with Hashtwo be consistent, if consistent, login authentication success is described.
In the above embodiment of the present invention, step S203 includes:
Step S2031, the described WAS of reception are according to the effective visitor generating in described checking information authentication verification
Family end code Codeclient, the effective Codeclient receiving is write in itself session;
Step S2032, the authorizing information HTTP carrying effective Codeclient to described WAS transmission ask
Ask so that described WAS verifies to effective Codeclient, and receive described WAS effective
Effective access token that Codeclient sends after being verified, by the effective access token write receiving certainly
In body session;
Step S2033, send to described WAS and carry the authorizing information HTTP request of effective access token,
Described WAS is verified to effective access token, after being verified, receives what described WAS sent
Unique identity.
Specifically, receive effective Codeclient that WAS carries out authentication verification generation to checking information,
WebRTC applies and writes in itself session after receiving effective Codeclient.Then send to WAS
Carry the authorizing information HTTP request of effective Codeclient so that WAS enters to effective Codeclient
Row checking, WebRTC application reception is verified rear WAS and sends effective access token, and WebRTC should
With effective access token is write in itself session.The information carrying effective access token to WAS transmission is awarded
Power HTTP request, so that WAS verifies to effective access token, receives WAS after being verified
The unique identity sending, WebRTC apply receive effective access token and unique identity it
The various instant messaging services that can be provided using WebRTC platform afterwards.
In the above embodiment of the present invention, when Web real-time Communication for Power is applied as current platform Web real-time Communication for Power
During application WA, described transmission to Web real-time Communication for Power login authentication network element entity WAS carries checking letter
Before the logging request of breath, methods described also includes:
Send the verification process HTTP request of the first access token carrying in itself session to described WAS,
By described WAS, the first access token is verified;
Receive the invalid message of the first access token of described WAS transmission, send to described WAS and carry
The authentication process HTTP request of a Codeclient in itself session, by described WAS to first
Codeclient is verified, and checks after authentication failed whether the Code value in itself session is expired,
When the Code value in itself session of described WAS is expired, jump to WAS login interface.
Specifically, WA extracts the first access token in itself session, sends verification process HTTP to WAS
Ask so that the first access token carrying in itself session that WAS sends to WA is verified, when
It is obstructed out-of-date to verify, what WA reception WAS returned does not pass through information, extracts first in itself session
Codeclient, sends authentication process HTTP request so that WAS carries to WA transmission to WAS
A Codeclient in itself session is verified, obstructed out-of-date when verifying, WA receives WAS and returns
That returns does not pass through information, and now WAS checks that in itself session, Code value is invalid, jumps to WAS itself
Login interface.
In the above embodiment of the present invention, when the first access token receiving described WAS transmission effectively disappears
During breath, methods described includes:
Receive described WAS and send unique identity, call the various services that described WS provides.
WA carries the first access token in itself session, to WAS ask whether effective when, if
WAS checks the first access token still before the deadline, then had logged on, then directly before explanation user
Connected the various services that the first access token obtains unique identification and calls WS to provide from WAS.Tool
The application scenarios of body include user and disconnect temporarily or carry out refreshing the such operation of browser.
In the above embodiment of the present invention, when the Code value in itself session of described WAS does not have expired,
Methods described also includes:
Receive described WAS and return effective Codeclient corresponding with described WA.
WAS checks the Code value in corresponding with WA session in the middle of WAS, finds that Code value has
Imitate and do not have expired, illustrate that user has had logged on some and applied WA, now WAS directly returns
The corresponding effective Codeclient of this WA is it is not necessary to be redirected to login page.Specific application scenarios
When switching between using multiple WA for user.
In the above embodiment of the present invention, when described Web real-time Communication for Power is applied as third party's business platform
During Web real-time Communication for Power application TPWA, log in authentication network element entity WAS to Web real-time Communication for Power and send
Before carrying the logging request of checking information, methods described also includes:
Send application access request to described WAS, by described WAS, described application access request is carried out
Check and approve;
Receive third-party application identity and the second password that described WAS sends, described checking information bag
Include third-party application identity and the second password;
Set up with third party's business platform and be connected, complete the login authentication in third party's business platform.
Specifically, as shown in figure 8, TPWA passes through mail or other modes application accesses WAS, WAS
Manager check and approve after, mail or other modes return third-party application identity id and the second password
password2.The URL of user input TPWA of TPWA, TPWA complete in third party's business platform
The login authentication step of itself.
Then, TPWA sends to WAS and carries third-party application id, the second password and Redirect Address
Third party processes HTTP request, and WAS checking third-party application id, the second password are legal, generate TPWA
Effective Codeclient, and by Redirect Address to TPWA return effective Codeclient.
TPWA sends, to WAS, the authorizing information HTTP request carrying effective Codeclient, by WAS
Effective Codeclient is verified, after being verified, it is third-party application that TPWA receives WAS
The temporary visit token generating.
TPWA sends, to WAS, the authorizing information HTTP request carrying temporary visit token, by WAS
Temporary visit token is verified, after being verified, TPWA receives WAS and gives birth to for third-party application
The temporary user name becoming, TPWA is redirected to homepage.
Browser carries temporary visit token and initiates WebSocket connection request to WS, and WS extracts and faces
When access token send verification process HTTP request to WAS, WAS tests to temporary visit token
Card, and after being proved to be successful, pass back through information, WS returns successful connection message to browser.So far,
TPWA is successfully connected WS, it is possible to use temporary user name is as each WA of user name and WAS management
Carry out WebRTC communication.
As shown in figure 9, third-party platform WebRTC application access WAS so that WAS management
WebRTC applies the WebRTC application with third-party platform can interconnect, and carries out WebRTC business and leads to
The typical architecture figure of letter.The WebRTC of third-party platform applies and is carrying out stepping on of third-party platform itself
After record authentication, the WebRTC application carrying out third-party platform to WAS logs in authorizing procedure.Logical in authentication
Later, then the WebRTC application of third-party platform can connect WS, using required service ability.
In the above embodiment of the present invention, TPWA to WAS send third-party application id, the second password and
During Redirect Address.In view of transmission safety, can to third-party application identity, the second password with
And Redirect Address is encrypted.The Value value obtaining after encryption is transferred to WAS, and WAS is receiving
Carry out reverse computing to after Value value and obtain third-party application id and Redirect Address, between the two with
$ meets segmentation.
Specific algorithm is as follows:
Value=URLEncoding (Base64 (ID+ $+Encrypt (ID+ $+redirectURL)+$+Digest),
Digest=Base64 (Hash (ID+ $+redirectURL))
Encrypt AES is 3DES, and the key of encryption is password2, and $ is label symbol.
The embodiment of the present invention provides a kind of Web real-time communication platform to authenticate cut-in method, is applied to Web real
When communication server WS, as shown in Figure 10, methods described includes:
The WebSocket connection request carrying effective access token that step S301, reception browser send;
Step S302, the effective access token of extraction, log in authentication network element entity WAS to Web real-time Communication for Power
Send the verification process HTTP request carrying effective access token, by described WAS to effective access token
Verified, return and be verified information;
What step S303, the described WAS of reception returned is verified information, returns successful connection to browser
Message, completes the connection with each Web real-time Communication for Power application under browser.
Specifically, WS receives browser and carries temporary visit token initiation WebSocket connection request, WS
Extract temporary visit token and send verification process HTTP request to WAS, by WAS, temporary visit is made
Board is verified, and after being proved to be successful, passes back through information, and WS receives after information, returns
Successful connection message, to browser, completes the connection with each Web real-time Communication for Power application under browser.
The embodiment of the present invention provides a kind of Web real-time communication platform to authenticate access device, is applied to Web real
Shi Tongxin logs in authentication network element entity WAS, and as shown in figure 11, installation method includes:
Receive authentication module 40, apply send to carry stepping on of checking information for receiving Web real-time Communication for Power
Record request, the described logging request that the application of described Web real-time Communication for Power is sent is verified, and returns institute
State the login authentication success message during success of checking information login authentication;
Checking sending module 41, for authentication verification is carried out to the checking information after login authentication success,
After authentication verification success, apply to described Web real-time Communication for Power and send effective access token and unique identities mark
Know so that the application of described Web real-time Communication for Power directs the user to Web according to the unique identity receiving
Real-time Communication for Power application homepage, and set up and Web real-time communication server WS according to effective access token
Connect.
In the above embodiment of the present invention, described reception authentication module 40 includes:
Receive and generate submodule 401, verify letter for receiving described carrying of Web real-time Communication for Power application transmission
The logging request of breath, generates random number R andomNumer according to described logging request, is stored in session
And return to described Web real-time Communication for Power application together with login page;
Receiving submodule 402, for receiving that the application of described Web real-time Communication for Power sends to described checking information
After being encrypted generate the first encrypted result Hashone, user name Username and
RandomNumber;
First encryption submodule 403, for verifying to described Username in data base and right
Receive described Hashone and described RandomNumber and be encrypted computing and obtain the second encrypted result
Hashtwo;
Second encryption submodule 404, corresponding for being found in data base according to described Username
Password Password_Hash, to the described Password_Hash and described RandomNumber being stored in session
It is encrypted and be calculated the 3rd encrypted result Hashthree;
Judging submodule 405, whether consistent with described Hashtwo for judging described Hashthree, when
Both consistent then explanation login authentication successes, apply to described Web real-time Communication for Power and return login authentication success
Message.
In the above embodiment of the present invention, described checking sending module 41 includes:
Generate submodule 411, for described checking information is carried out with authentication verification, generate effective client generation
Code Codeclient is simultaneously back to described Web real-time Communication for Power application, and being applied by described Web real-time Communication for Power will
The effective Codeclient receiving writes in itself session;
First process submodule 412, for receiving carrying effectively of described Web real-time Communication for Power application transmission
The authorizing information HTTP request of Codeclient, verifies to effective Codeclient, after being verified
Apply to described Web real-time Communication for Power and send effective access token, will be connect by the application of described Web real-time Communication for Power
The effective access token receiving writes in itself session;
Second processing submodule 413, for receiving carrying effectively of described Web real-time Communication for Power application transmission
The authorizing information HTTP request of access token, verifies to effective access token, is verified backward institute
State Web real-time Communication for Power application WA and send unique identity.
In the above embodiment of the present invention, when described Web real-time Communication for Power apply real-time for current platform Web
During communications applications WA, described generation submodule 411 is further used for:
Described checking information is carried out with authentication verification, generates Code and effective Codeclient, and will generate
Code stored, by generate effective Codeclient send to described WA, wherein said checking
Information includes first user name Username1 and first password Password1.
In the above embodiment of the present invention, described device also includes:
First receiver module 42, for receiving carrying of described WA transmission in the described authentication module 40 that receives
Before the logging request of checking information, receive described WA and send the first access order carrying in itself session
The verification process HTTP request of board, verifies to the first access token;
First processing module 43, for sending the invalid message of the first access token to described WA, receives
The authentication process HTTP request carrying a Codeclient in itself session that described WA sends, to the
One Codeclient is verified, checks whether the Code value in itself session is expired after authentication failed;
Jump module 44, logs in boundary for when the Code value in itself session is expired, jumping to WAS
Face.
In the above embodiment of the present invention, when sending the effective message of the first access token to described WA,
Described device also includes:
First sending module 45, for sending unique identity to described WA so that described WA adjusts
The various services being provided with described WS.
In the above embodiment of the present invention, when the Code value in itself session does not have expired, described device
Also include:
Return module 46, for directly returning effective Codeclient corresponding with described WA to described WA.
In the above embodiment of the present invention, when described Web real-time Communication for Power is applied as third party's business platform
During Web real-time Communication for Power application TPWA, described device also includes:
Second processing module 47, for receiving taking of described TPWA transmission in the described authentication module 40 that receives
Before logging request with checking information, receive the application access request that described TPWA sends, to described
After application access request is checked and approved, close to described TPWA return third-party application identity and second
Code, described checking information includes third-party application identity and the second password.
In the above embodiment of the present invention, described device also includes:
3rd processing module 48, after to third-party application identity and the second password authentification success,
Generate effective Codeclient, effective Codeclient is verified, after being proved to be successful, generate interim visit
Ask that token is back to described TPWA;After temporary visit token authentication is passed through, generate temporary user name and send
To described TPWA so that described TPWA is redirected to homepage.
The embodiment of the present invention provides a kind of Web real-time communication platform to authenticate access device, is applied to Web real
When communications applications, as shown in figure 12, described device includes:
Second sending module 50, takes for logging in authentication network element entity WAS transmission to Web real-time Communication for Power
Logging request with checking information is so that described WAS applies, to described Web real-time Communication for Power, the login sending
Request is verified;
Second receiver module 51, for receiving the login authentication success message that described WAS returns;
Fourth processing module 52, for reflecting to the checking information after login authentication success in described WAS
After power is proved to be successful, receive effective access token and the unique identity that described WAS sends, according to connecing
The unique identity receiving directs the user to Web real-time Communication for Power application homepage, and is accessed according to effective
Token sets up the connection with Web real-time communication server WS.
In the above embodiment of the present invention, described second sending module 50 includes:
Send receiving submodule 501, for sending, to described WAS, the logging request carrying checking information,
And receive the login page carrying random number R andomNumber that described WAS returns;
Encryption sending submodule 502, generates the first encrypted result for being encrypted to described checking information
Hashone, by described Hashone, user name Username and described RandomNumber send to
Described WAS is so that described WAS is according to the described Hashone receiving, described Username and institute
State RandomNumber the logging request of described Web real-time Communication for Power application transmission is verified.
In the above embodiment of the present invention, described fourth processing module 52 includes:
Receive write submodule 521, for receiving described WAS according in described checking information authentication verification
The effective client code Codeclient generating, the effective Codeclient receiving is write itself session
In;
First sending submodule 522, for sending the information carrying effective Codeclient to described WAS
Authorize HTTP request so that described WAS verifies to effective Codeclient, and receive described
Effective access token that WAS sends after effective Codeclient is verified, by the effective visit receiving
Ask that token writes in itself session;
Second sending submodule 523, awards for sending the information carrying effective access token to described WAS
Power HTTP request, so that described WAS verifies to effective access token, receives institute after being verified
State the unique identity of WAS transmission.
In the above embodiment of the present invention, when Web real-time Communication for Power is applied as current platform Web real-time Communication for Power
During application WA, described device also includes:
3rd sending module 53, sends to described WAS for described second sending module 50 and carries checking
Before the logging request of information, send testing of the first access token carrying in itself session to described WAS
Card processes HTTP request, by described WAS, the first access token is verified;
Receive sending module 54, the invalid message of the first access token for receiving described WAS transmission,
Send the authentication process HTTP request carrying a Codeclient in itself session to described WAS, by
Described WAS verifies to a Codeclient, and checks after authentication failed in itself session
Whether Code value is expired, when the Code value in itself session of described WAS is expired, jumps to WAS
Login interface.
In the above embodiment of the present invention, when the first access token receiving described WAS transmission effectively disappears
During breath, described device includes:
Receive calling module 55, send unique identity for receiving described WAS, call described WS
The various services providing.
In the above embodiment of the present invention, when the Code value in itself session of described WAS does not have expired,
Described device also includes:
3rd receiver module 56, corresponding with described WA effectively for receiving described WAS return
Codeclient.
In the above embodiment of the present invention, when described Web real-time Communication for Power is applied as third party's business platform
During Web real-time Communication for Power application TPWA, described device also includes:
Application AM access module 57, sends to described WAS for described second sending module 50 and carries checking
Before the logging request of information, send application access request to described WAS, by described WAS to described
Application access request is checked and approved;
4th receiver module 58, for receiving the third-party application identity and second that described WAS sends
Password, described checking information includes third-party application identity and the second password;
Link block 59, is connected for being set up with third party's business platform, completes in third party's business platform
Login authentication.
In the above embodiment of the present invention, described device also includes:
Receive writing module 60, for receiving effective Codeclient that described WAS generates, will receive
Effective Codeclient write in itself session;
5th processing module 61, for sending the authorizing information carrying effective Codeclient to described WAS
HTTP request is so that described WAS verifies to effective Codeclient, and receives described WAS
The temporary visit token sending after effective Codeclient is verified, by the temporary visit receiving token
Write in itself session;
Sending/receiving module 62 is used for sending, to described WAS, the authorizing information carrying temporary visit token
HTTP request, so that described WAS verifies to temporary visit token, receives described after being verified
WAS sends unique identity.
The embodiment of the present invention provides a kind of Web real-time communication platform to authenticate access device, is applied to Web real
When communication server WS, as shown in figure 13, described device includes:
5th receiver module 70, for receiving the WebSocket carrying effective access token of browser transmission
Connection request;
Extract sending module 71, for extracting effective access token, log in authentication net to Web real-time Communication for Power
First entity WAS sends the verification process HTTP request carrying effective access token, by described WAS pair
Effectively access token is verified, returns and is verified information;
Receive and return module 72, be verified information for receive that described WAS returns, return to browser
Return successful connection message, complete the connection with each Web real-time Communication for Power application under browser.
Embodiment of the present invention Web real-time communication platform authenticates cut-in method, by stepping on to checking information
So that WebRTC application obtains effective access token of issuing of WAS and unique after record authentication verification success
Identity, and then the various instant messaging services that can be provided using WebRTC platform, thus be
The user of WebRTC service and WebRTC service platform provide security guarantee;And provide WebRTC
Single sign-on capability between service platform difference WebRTC application, so that same user is in difference
More convenient when switching between WebRTC application;Further, be third party's business platform WebRTC
Application provides the access capability of Oauth2.0 so that the WebRTC application on third party's business platform obtains
The various instant messaging service ability being provided using WebRTC platform, and then greatly expand WebRTC
User's category of platform service.
It should be noted that Web real-time communication platform authentication access device provided in an embodiment of the present invention is
Answer device in aforementioned manners, then all embodiments of said method are all applied to this device, and all can reach
Same or analogous beneficial effect.
The above is the preferred embodiment of the present invention it is noted that common skill for the art
For art personnel, on the premise of without departing from principle of the present invention, some improvements and modifications can also be made,
These improvements and modifications also should be regarded as protection scope of the present invention.
Claims (21)
1. a kind of Web real-time communication platform authenticates cut-in method, is applied to Web real-time Communication for Power and logs in authentication
Network element entity WAS is it is characterised in that methods described includes:
Receive the logging request carrying checking information that the application of Web real-time Communication for Power sends, real to described Web
When the described logging request that sends of communications applications verified, and return the success of described checking information login authentication
When login authentication success message;
Authentication verification is carried out to the checking information after login authentication success, after authentication verification success, to described
The application of Web real-time Communication for Power sends effective access token and unique identity so that described Web leads in real time
Letter application directs the user to Web real-time Communication for Power application homepage according to the unique identity receiving, and
Connection with Web real-time communication server WS is set up according to effective access token.
2. the method for claim 1 is it is characterised in that described apply to described Web real-time Communication for Power
The described logging request sending is verified, and the login returning during described checking information login authentication success is tested
Card success message, including:
Receive the logging request carrying checking information that described Web real-time Communication for Power application sends, according to described
Logging request generates random number R andomNumer, is stored in session and returns to together with login page
Described Web real-time Communication for Power application;
Receive that the application of described Web real-time Communication for Power sends described checking information is encrypted after generate the
One encrypted result Hashone, user name Username and RandomNumber;
Data base verifies to described Username, and to receiving described Hashone and described
RandomNumber is encrypted computing and obtains the second encrypted result Hashtwo;
Corresponding password Password_Hash is found in data base according to described Username, to institute
State Password_Hash and be stored in the described RandomNumber of session and be encrypted and be calculated Acanthopanan trifoliatus (L.) Merr.
Close result Hashthree;
Judge whether described Hashthree is consistent with described Hashtwo, when both consistent then explanation logins are tested
Demonstrate,prove successfully, apply to described Web real-time Communication for Power and return login authentication success message.
3. the method for claim 1 is it is characterised in that checking after the described success to login authentication
Information carries out authentication verification, after authentication verification success, sends effectively to the application of described Web real-time Communication for Power
Access token and unique identity, including:
Described checking information is carried out with authentication verification, generates effective client code Codeclient and be back to
Described Web real-time Communication for Power application, is applied the effective Codeclient receiving by described Web real-time Communication for Power
Write in itself session;
Receive that the application of described Web real-time Communication for Power sends carry effective Codeclient authorizing information super civilian
This host-host protocol HTTP request, verifies to effective Codeclient, is verified described Web backward
Real-time Communication for Power application sends effective access token, is applied effective by receive by described Web real-time Communication for Power
Access token writes in itself session;
Receive the authorizing information HTTP carrying effective access token that described Web real-time Communication for Power application sends
Request, verifies to effective access token, is verified described Web real-time Communication for Power application WA backward
Send unique identity.
4. method as claimed in claim 3 is it is characterised in that applying when described Web real-time Communication for Power and being
During current platform Web real-time Communication for Power application WA, described authentication verification is carried out to described checking information, raw
Become effective client code Codeclient and be back to described Web real-time Communication for Power application, specially:
Described checking information is carried out with authentication verification, generates code Code and effective Codeclient, and will
The Code generating is stored, and the effective Codeclient generating is sent to described WA, wherein said
Checking information includes first user name Username1 and first password Password1.
5. method as claimed in claim 4 is it is characterised in that test receiving described carrying of WA transmission
Before the logging request of card information, methods described also includes:
Receive described WA send the verification process HTTP of the first access token carrying in itself session please
Ask, the first access token is verified;
Send the invalid message of the first access token to described WA, receive carrying certainly of described WA transmission
The authentication process HTTP request of a Codeclient in body session, verifies to a Codeclient,
Check whether the Code value in itself session is expired after authentication failed;
When the Code value in itself session is expired, jump to WAS login interface.
6. method as claimed in claim 5 is it is characterised in that access order when sending first to described WA
During the effective message of board, methods described includes:
Send unique identity to described WA so that described WA calls the various of described WS offer
Service.
7. method as claimed in claim 5 is not it is characterised in that the Code value worked as in itself session has
When expired, methods described includes:
Directly return effective Codeclient corresponding with described WA to described WA.
8. method as claimed in claim 3 is it is characterised in that applying when described Web real-time Communication for Power and being
During the Web real-time Communication for Power application TPWA of third party's business platform, receive carrying of described TPWA transmission
Before the logging request of checking information, methods described also includes:
Receive the application access request that described TPWA sends, after described application access request is checked and approved,
Return third-party application identity and the second password to described TPWA, described checking information includes the 3rd
Square application identity mark and the second password.
9. method as claimed in claim 8 is it is characterised in that methods described also includes:
After third-party application identity and the second password authentification success, generate effective Codeclient, right
Effectively Codeclient is verified, after being proved to be successful, generates temporary visit token and is back to described TPWA;
After temporary visit token authentication is passed through, generate temporary user name and send to described TPWA so that described
TPWA is redirected to homepage.
10. a kind of Web real-time communication platform authenticates cut-in method, is applied to the application of Web real-time Communication for Power, its
It is characterised by, methods described includes:
Log in authentication network element entity WAS to Web real-time Communication for Power and send the logging request carrying checking information,
The logging request that described WAS sends to the application of described Web real-time Communication for Power is verified;
Receive the login authentication success message that described WAS returns;
After described WAS carries out authentication verification success to the checking information after login authentication success, receive institute
State effective access token and the unique identity of WAS transmission, will according to the unique identity receiving
User is directed to Web real-time Communication for Power application homepage, and is led in real time with Web according to the foundation of effective access token
The connection of telecommunications services device WS.
11. methods as claimed in claim 10 are it is characterised in that described log in mirror to Web real-time Communication for Power
Power network element entity WAS sends and carries the logging request of checking information so that described WAS is to described Web
The logging request that real-time Communication for Power application sends is verified, including:
Send the logging request carrying checking information to described WAS, and receive taking of described WAS return
Login page with random number R andomNumber;
Described checking information is encrypted generation the first encrypted result Hashone, by described Hashone,
User name Username and described RandomNumber sends to described WAS so that described WAS
According to the described Hashone receiving, described Username and described RandomNumber to described Web
The logging request that real-time Communication for Power application sends is verified.
12. methods as claimed in claim 10 it is characterised in that the described WAS of described reception send
Effective access token and the step of unique identity, including:
Receive described WAS according to the effective client code generating in described checking information authentication verification
Codeclient, the effective Codeclient receiving is write in itself session;
Send to described WAS and carry the authorizing information HTTP request of effective Codeclient so that described
WAS verifies to effective Codeclient, and it is logical in effective Codeclient checking to receive described WAS
Later the effective access token sending, the effective access token receiving is write in itself session;
Send to described WAS and carry the authorizing information HTTP request of effective access token so that described
WAS verifies to effective access token, receives the unique identities that described WAS sends after being verified
Mark.
13. methods as claimed in claim 12 are it is characterised in that applying when Web real-time Communication for Power is to work as
During front platform Web real-time Communication for Power application WA, described login to Web real-time Communication for Power authenticates network element entity
Before WAS sends the logging request carrying checking information, methods described also includes:
Send the verification process HTTP request of the first access token carrying in itself session to described WAS,
By described WAS, the first access token is verified;
Receive the invalid message of the first access token of described WAS transmission, send to described WAS and carry
The authentication process HTTP request of a Codeclient in itself session, by described WAS to first
Codeclient is verified, and checks after authentication failed whether the Code value in itself session is expired,
When the Code value in itself session of described WAS is expired, jump to WAS login interface.
14. methods as claimed in claim 13 are it is characterised in that when receive that described WAS sends the
During the effective message of one access token, methods described includes:
Receive described WAS and send unique identity, call the various services that described WS provides.
15. methods as claimed in claim 13 are it is characterised in that work as in itself session of described WAS
When Code value does not have expired, methods described also includes:
Receive described WAS and return effective Codeclient corresponding with described WA.
16. methods as claimed in claim 12 are it is characterised in that work as described Web real-time Communication for Power application
For third party's business platform Web real-time Communication for Power application TPWA when, to Web real-time Communication for Power log in authentication
Before network element entity WAS sends the logging request carrying checking information, methods described also includes:
Send application access request to described WAS, by described WAS, described application access request is carried out
Check and approve;
Receive third-party application identity and the second password that described WAS sends, described checking information bag
Include third-party application identity and the second password;
Set up with third party's business platform and be connected, complete the login authentication in third party's business platform.
17. methods as claimed in claim 16 are it is characterised in that methods described also includes:
Receive effective Codeclient that described WAS generates, by the effective Codeclient write receiving certainly
In body session;
Send to described WAS and carry the authorizing information HTTP request of effective Codeclient so that described
WAS verifies to effective Codeclient, and it is logical in effective Codeclient checking to receive described WAS
Later the temporary visit token sending, the temporary visit receiving token is write in itself session;
Send to described WAS and carry the authorizing information HTTP request of temporary visit token so that described
WAS verifies to temporary visit token, receives described WAS and send unique identities mark after being verified
Know.
A kind of 18. Web real-time communication platform authenticate cut-in method, are applied to Web real-time communication server
WS is it is characterised in that methods described includes:
Receive the WebSocket connection request carrying effective access token that browser sends;
Extract effective access token, log in authentication network element entity WAS transmission to Web real-time Communication for Power and carry
The verification process HTTP request of effect access token, is verified to effective access token by described WAS,
Return is verified information;
Receive described WAS return is verified information, returns successful connection message to browser, completes
Connection with each Web real-time Communication for Power application under browser.
A kind of 19. Web real-time communication platform authenticate access device, are applied to Web real-time Communication for Power and log in authentication
Network element entity WAS is it is characterised in that described device includes:
Receive authentication module, for receiving the login carrying checking information that the application of Web real-time Communication for Power sends
Request, the described logging request that the application of described Web real-time Communication for Power is sent is verified, and returns described
Login authentication success message during the success of checking information login authentication;
Checking sending module, for carrying out authentication verification to the checking information after login authentication success, in authentication
After being proved to be successful, apply to described Web real-time Communication for Power and send effective access token and unique identity,
Described Web real-time Communication for Power application is made to direct the user to Web according to the unique identity receiving real
When communications applications homepage, and set up and the company of Web real-time communication server WS according to effective access token
Connect.
A kind of 20. Web real-time communication platform authenticate access device, are applied to the application of Web real-time Communication for Power, its
It is characterised by, described device includes:
Second sending module, tests for sending to carry to Web real-time Communication for Power login authentication network element entity WAS
The logging request of card information is so that described WAS applies, to described Web real-time Communication for Power, the logging request sending
Verified;
Second receiver module, for receiving the login authentication success message that described WAS returns;
Fourth processing module, for authenticating to the checking information after login authentication success in described WAS
After being proved to be successful, receive effective access token and the unique identity that described WAS sends, according to reception
To unique identity direct the user to Web real-time Communication for Power application homepage, and access order according to effective
The connection with Web real-time communication server WS set up by board.
A kind of 21. Web real-time communication platform authenticate access device, are applied to Web real-time communication server
WS is it is characterised in that described device includes:
5th receiver module, for receiving the WebSocket carrying effective access token of browser transmission
Connection request;
Extract sending module, for extracting effective access token, log in authentication network element to Web real-time Communication for Power
Entity WAS sends and carries the verification process HTTP request of effective access token, by described WAS to having
Effect access token is verified, returns and is verified information;
Receive and return module, be verified information for receive that described WAS returns, return to browser
Successful connection message, completes the connection with each Web real-time Communication for Power application under browser.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510510506.1A CN106470190A (en) | 2015-08-19 | 2015-08-19 | A kind of Web real-time communication platform authentication cut-in method and device |
| PCT/CN2016/095951 WO2017028804A1 (en) | 2015-08-19 | 2016-08-19 | Web real-time communication platform authentication and access method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510510506.1A CN106470190A (en) | 2015-08-19 | 2015-08-19 | A kind of Web real-time communication platform authentication cut-in method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106470190A true CN106470190A (en) | 2017-03-01 |
Family
ID=58050890
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510510506.1A Withdrawn CN106470190A (en) | 2015-08-19 | 2015-08-19 | A kind of Web real-time communication platform authentication cut-in method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN106470190A (en) |
| WO (1) | WO2017028804A1 (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107153793A (en) * | 2017-05-17 | 2017-09-12 | 成都麟成科技有限公司 | A kind of preventing decryption method of significant data storage |
| CN107846447A (en) * | 2017-09-21 | 2018-03-27 | 烽火通信科技股份有限公司 | A kind of method of the home terminal access message-oriented middleware based on MQTT agreements |
| CN108776923A (en) * | 2018-06-05 | 2018-11-09 | 深圳壹账通智能科技有限公司 | Order method of payment, system, computer equipment and storage medium |
| CN109327437A (en) * | 2018-09-29 | 2019-02-12 | 深圳市多易得信息技术股份有限公司 | Concurrent websocket business information processing method and server-side |
| CN110061952A (en) * | 2018-01-19 | 2019-07-26 | 腾讯科技(深圳)有限公司 | Information processing method, device, storage medium and electronic device |
| CN110266722A (en) * | 2019-07-05 | 2019-09-20 | 深圳市浩科电子有限公司 | A kind of method and system of multipath access server |
| CN110493239A (en) * | 2019-08-26 | 2019-11-22 | 京东数字科技控股有限公司 | The method and apparatus of authentication |
| CN111107109A (en) * | 2020-01-08 | 2020-05-05 | 世纪恒通科技股份有限公司 | Log-in-free technology based on token |
| CN111526111A (en) * | 2019-02-02 | 2020-08-11 | 腾讯科技(深圳)有限公司 | Control method, device and equipment for logging in light application and computer storage medium |
| CN112118236A (en) * | 2020-09-04 | 2020-12-22 | 紫光云(南京)数字技术有限公司 | Platform application open authorization management method |
| CN112199656A (en) * | 2020-12-03 | 2021-01-08 | 湖北亿咖通科技有限公司 | Access authority acquisition method of service platform and access control method of service platform |
| CN112640389A (en) * | 2018-09-07 | 2021-04-09 | 贝宝公司 | Using ephemeral URL passwords to thwart massive attacks |
| WO2022033278A1 (en) * | 2020-08-11 | 2022-02-17 | 华为技术有限公司 | Ims data channel-based communication method and device |
| CN114070616A (en) * | 2021-11-15 | 2022-02-18 | 广东亿迅科技有限公司 | Distributed session sharing method and system based on redis cache |
| CN114079569A (en) * | 2020-07-31 | 2022-02-22 | 中移(苏州)软件技术有限公司 | Open authorization method and device, equipment and storage medium |
| CN114615084A (en) * | 2022-04-11 | 2022-06-10 | 西安热工研究院有限公司 | Single sign-on and logout method and system applied to front-end and back-end separation scene, electronic equipment and storage medium |
| CN115242474A (en) * | 2022-07-14 | 2022-10-25 | 观澜网络(杭州)有限公司 | Real-time communication system, method, terminal equipment and storage medium |
| CN114079569B (en) * | 2020-07-31 | 2024-05-03 | 中移(苏州)软件技术有限公司 | Open authorization method and device, equipment and storage medium |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108667810A (en) * | 2018-04-18 | 2018-10-16 | 珠海横琴盛达兆业科技投资有限公司 | A kind of secure log verification method based on small routine |
| CN111355583B (en) * | 2018-12-20 | 2022-12-27 | 中移(杭州)信息技术有限公司 | Service providing system, method, device, electronic equipment and storage medium |
| CN110582769A (en) * | 2019-07-11 | 2019-12-17 | 深圳市鹰硕技术有限公司 | single-account multi-identity login method, device, server and storage medium |
| US11652813B2 (en) | 2019-10-04 | 2023-05-16 | Mastercard International Incorporated | Systems and methods for real-time identity verification using a token code |
| US11449636B2 (en) | 2019-10-04 | 2022-09-20 | Mastercard International Incorporated | Systems and methods for secure provisioning of data using secure tokens |
| CN111447184A (en) * | 2020-03-09 | 2020-07-24 | 上海数据交易中心有限公司 | Single sign-on method, device, system and computer readable storage medium |
| CN111510461B (en) * | 2020-04-26 | 2022-02-22 | 成都安恒信息技术有限公司 | System and method for managing WEB application centralized release authority |
| CN112612985A (en) * | 2020-12-24 | 2021-04-06 | 广州致远电子有限公司 | Websocket-based multi-user and multi-type message pushing system and method |
| CN112800139A (en) * | 2021-02-23 | 2021-05-14 | 浪潮云信息技术股份公司 | Third-party application data synchronization system based on message queue |
| CN113364798A (en) * | 2021-06-21 | 2021-09-07 | 浪潮云信息技术股份公司 | Redis-based user access frequency processing device |
| CN113781194A (en) * | 2021-09-06 | 2021-12-10 | 青岛微智慧信息有限公司 | Access supervision method and system suitable for flexible employment |
| CN114726632B (en) * | 2022-04-14 | 2024-04-05 | 广州鑫景信息科技服务有限公司 | Login method, login equipment and storage medium |
| CN115277234B (en) * | 2022-08-01 | 2024-01-09 | 重庆标能瑞源储能技术研究院有限公司 | Security authentication method and system based on Internet of things platform micro-service |
| CN116962092B (en) * | 2023-09-21 | 2023-12-26 | 畅捷通信息技术股份有限公司 | Ecological integrated login method, system, electronic equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104144167A (en) * | 2014-08-15 | 2014-11-12 | 深圳市蜂联科技有限公司 | User login authentication method of open intelligent gateway platform |
| CN104283681A (en) * | 2013-07-08 | 2015-01-14 | 华为技术有限公司 | Method, device and system for verifying legality of user |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014145417A1 (en) * | 2013-03-15 | 2014-09-18 | MARKUS, Isidoro | Method and apparatus for secure interaction with a computer service provider |
| CN104113511B (en) * | 2013-04-17 | 2018-03-23 | 中国移动通信集团公司 | A kind of method, system and relevant apparatus for accessing IMS network |
| CN104468487B (en) * | 2013-09-23 | 2018-10-19 | 华为技术有限公司 | Communication authentication method and device, terminal device |
-
2015
- 2015-08-19 CN CN201510510506.1A patent/CN106470190A/en not_active Withdrawn
-
2016
- 2016-08-19 WO PCT/CN2016/095951 patent/WO2017028804A1/en active Application Filing
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104283681A (en) * | 2013-07-08 | 2015-01-14 | 华为技术有限公司 | Method, device and system for verifying legality of user |
| CN104144167A (en) * | 2014-08-15 | 2014-11-12 | 深圳市蜂联科技有限公司 | User login authentication method of open intelligent gateway platform |
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107153793A (en) * | 2017-05-17 | 2017-09-12 | 成都麟成科技有限公司 | A kind of preventing decryption method of significant data storage |
| CN107153793B (en) * | 2017-05-17 | 2020-03-27 | 深圳市马博士网络科技有限公司 | Important data storage anti-deciphering method |
| CN107846447A (en) * | 2017-09-21 | 2018-03-27 | 烽火通信科技股份有限公司 | A kind of method of the home terminal access message-oriented middleware based on MQTT agreements |
| CN110061952B (en) * | 2018-01-19 | 2021-08-06 | 腾讯科技(深圳)有限公司 | Information processing method, information processing apparatus, storage medium, and electronic apparatus |
| CN110061952A (en) * | 2018-01-19 | 2019-07-26 | 腾讯科技(深圳)有限公司 | Information processing method, device, storage medium and electronic device |
| CN108776923A (en) * | 2018-06-05 | 2018-11-09 | 深圳壹账通智能科技有限公司 | Order method of payment, system, computer equipment and storage medium |
| CN112640389A (en) * | 2018-09-07 | 2021-04-09 | 贝宝公司 | Using ephemeral URL passwords to thwart massive attacks |
| CN112640389B (en) * | 2018-09-07 | 2024-03-08 | 贝宝公司 | System, method, and machine-readable medium for protecting uniform resource locators |
| US11750596B2 (en) | 2018-09-07 | 2023-09-05 | Paypal, Inc. | Using ephemeral URL passwords to deter high-volume attacks |
| CN109327437B (en) * | 2018-09-29 | 2020-02-21 | 深圳市多易得信息技术股份有限公司 | Concurrent websocket service information processing method and server |
| CN109327437A (en) * | 2018-09-29 | 2019-02-12 | 深圳市多易得信息技术股份有限公司 | Concurrent websocket business information processing method and server-side |
| CN111526111A (en) * | 2019-02-02 | 2020-08-11 | 腾讯科技(深圳)有限公司 | Control method, device and equipment for logging in light application and computer storage medium |
| CN110266722A (en) * | 2019-07-05 | 2019-09-20 | 深圳市浩科电子有限公司 | A kind of method and system of multipath access server |
| CN110493239A (en) * | 2019-08-26 | 2019-11-22 | 京东数字科技控股有限公司 | The method and apparatus of authentication |
| CN111107109A (en) * | 2020-01-08 | 2020-05-05 | 世纪恒通科技股份有限公司 | Log-in-free technology based on token |
| CN114079569B (en) * | 2020-07-31 | 2024-05-03 | 中移(苏州)软件技术有限公司 | Open authorization method and device, equipment and storage medium |
| CN114079569A (en) * | 2020-07-31 | 2022-02-22 | 中移(苏州)软件技术有限公司 | Open authorization method and device, equipment and storage medium |
| WO2022033278A1 (en) * | 2020-08-11 | 2022-02-17 | 华为技术有限公司 | Ims data channel-based communication method and device |
| CN112118236A (en) * | 2020-09-04 | 2020-12-22 | 紫光云(南京)数字技术有限公司 | Platform application open authorization management method |
| CN112199656A (en) * | 2020-12-03 | 2021-01-08 | 湖北亿咖通科技有限公司 | Access authority acquisition method of service platform and access control method of service platform |
| CN114070616B (en) * | 2021-11-15 | 2024-02-27 | 广东亿迅科技有限公司 | Distributed session sharing method and system based on redis cache |
| CN114070616A (en) * | 2021-11-15 | 2022-02-18 | 广东亿迅科技有限公司 | Distributed session sharing method and system based on redis cache |
| CN114615084A (en) * | 2022-04-11 | 2022-06-10 | 西安热工研究院有限公司 | Single sign-on and logout method and system applied to front-end and back-end separation scene, electronic equipment and storage medium |
| CN114615084B (en) * | 2022-04-11 | 2024-04-16 | 西安热工研究院有限公司 | Single sign-on logout method, system, electronic equipment and storage medium applied to front-end and back-end separation scene |
| CN115242474A (en) * | 2022-07-14 | 2022-10-25 | 观澜网络(杭州)有限公司 | Real-time communication system, method, terminal equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2017028804A1 (en) | 2017-02-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106470190A (en) | A kind of Web real-time communication platform authentication cut-in method and device | |
| CN102201915B (en) | Terminal authentication method and device based on single sign-on | |
| US8245030B2 (en) | Method for authenticating online transactions using a browser | |
| CN104767731B (en) | A kind of Restful move transactions system identity certification means of defence | |
| CN105516195B (en) | A kind of security certification system and its authentication method based on application platform login | |
| CN101183932B (en) | Security identification system of wireless application service and login and entry method thereof | |
| CN105187431B (en) | Login method, server, client and the communication system of third-party application | |
| CN104917766B (en) | A kind of two-dimension code safe authentication method | |
| CN107294916B (en) | Single-point logging method, single-sign-on terminal and single-node login system | |
| CN107733852A (en) | A kind of auth method and device, electronic equipment | |
| CN107347068A (en) | Single-point logging method and system, electronic equipment | |
| CN109347835A (en) | Information transferring method, client, server and computer readable storage medium | |
| CN104869102B (en) | Authorization method, device and system based on xAuth agreement | |
| CN103906052B (en) | A kind of mobile terminal authentication method, Operational Visit method and apparatus | |
| CN101651666A (en) | Method and device for identity authentication and single sign-on based on virtual private network | |
| CN105657474B (en) | The anti-stealing link method and system of identity-based signature system are used in Video Applications | |
| US20030135734A1 (en) | Secure mutual authentication system | |
| CN109672675A (en) | A kind of WEB authentication method of the cryptographic service middleware based on OAuth2.0 | |
| CN101304318A (en) | Safe network authentication system and method | |
| CN108347428A (en) | Accreditation System, the method and apparatus of application program based on block chain | |
| CN112953970A (en) | Identity authentication method and identity authentication system | |
| Ye et al. | Formal analysis of a single sign-on protocol implementation for android | |
| CN105681340A (en) | Digital certificate use method and apparatus | |
| Rao et al. | Authentication using mobile phone as a security token | |
| CN108156119A (en) | Login validation method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20170301 |