CN106790331B - Service access method, system and related device - Google Patents
Service access method, system and related device Download PDFInfo
- Publication number
- CN106790331B CN106790331B CN201510819856.6A CN201510819856A CN106790331B CN 106790331 B CN106790331 B CN 106790331B CN 201510819856 A CN201510819856 A CN 201510819856A CN 106790331 B CN106790331 B CN 106790331B
- Authority
- CN
- China
- Prior art keywords
- client
- server
- application
- bill
- online system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Abstract
The embodiment of the invention discloses a service access method, a system and a related device, which are applied to the technical field of data communication. In the embodiment of the invention, the basic server can provide a bill which comprises verification information, and after the application client acquires the bill, the application client accesses the application server through the online system according to the verification information in the bill. Therefore, in the process of connecting the client and the server of any application, the verification process can be completed through the basic server and the online system without redeploying the access management server of any application for verification.
Description
Technical Field
The present invention relates to the field of data communication technologies, and in particular, to a service access method, system, and related device.
Background
With the development of the internet, applications launched by various application providers are also rapidly developed, and various requirements of users are met. In the prior art, when a new application is launched, a new application client, an application server and an access management server generally need to be laid out, wherein the application client is an interface for a user terminal to access to the application server and can interact with the application server; the application server is responsible for providing the service of the corresponding application for the user; the access management server is mainly used for managing information of each user accessed to the application server, user authentication when accessing the application server, and the like.
With the increasing of the user demand, various new applications are continuously introduced, and thus, various layouts corresponding to the new applications are also increased, so that as the speed of the applications for iteration is increased, the deployed servers also need to be increased at the speed of the iteration, and the cost is higher.
Disclosure of Invention
Embodiments of the present invention provide a service access method, system and related device, which enable a client of an application to access an application server through an online system at a low cost.
A first aspect of an embodiment of the present invention provides a service access method, including:
receiving an acquisition request sent by a first client, wherein the acquisition request is used for requesting to acquire verification information accessed to an application server by an application client through an online system;
generating a bill according to the acquisition request, wherein the bill comprises the verification information;
and sending the bill to the first client, wherein the bill is used for accessing the application server by the application client through the online system according to the verification information in the bill.
A second aspect of the embodiments of the present invention provides a service access method, including:
acquiring a bill generated by a basic server, wherein the bill comprises verification information;
sending a service access request to an online system, wherein the service access request comprises the bill;
and if the online system determines to allow the application server to be accessed through the online system according to the verification information in the bill, connecting with the application server through the online system.
The third aspect of the embodiments of the present invention further provides a service access method, including:
sending an acquisition request to a basic server, wherein the acquisition request is used for requesting to acquire verification information accessed to the application server by an application client through an online system;
receiving a bill generated by the basic server according to the acquisition request, wherein the bill comprises verification information;
and transmitting the bill to the application client, wherein the bill is used for accessing the application client to the application server through an online system according to the verification information in the bill.
A fourth aspect of the present invention further provides a service access method, including:
receiving a service access request sent by an application client, wherein the service access request comprises a bill, and the bill comprises verification information; the ticket is generated by a base server;
and verifying the validity of the verification information in the bill, and if the verification is passed, allowing the application client to access to an application server through the online system.
The fifth aspect of the embodiments of the present invention further provides a server, including:
the system comprises an acquisition request receiving unit, a verification unit and a verification unit, wherein the acquisition request receiving unit is used for receiving an acquisition request sent by a first client, and the acquisition request is used for requesting to acquire verification information accessed to an application server by an application client through an online system;
the generating unit is used for generating a bill according to the acquisition request received by the acquisition request receiving unit, wherein the bill comprises the verification information;
and the information sending unit is used for sending the bill generated by the generating unit to the first client, and the bill is used for accessing the application server by the application client through the online system according to the verification information in the bill.
The sixth aspect of the present invention further provides a client, including:
the information acquisition unit is used for acquiring a bill generated by the basic server, wherein the bill comprises verification information;
a request sending unit, configured to send a service access request to the online system, where the service access request includes a ticket acquired by the information acquiring unit;
and the access unit is used for connecting the client with the application server through the online system if the online system determines that the client is allowed to access the application server through the online system according to the verification information in the bill.
A seventh aspect of the embodiments of the present invention further provides a client, including:
an acquisition request sending unit, configured to send an acquisition request to a basic server, where the acquisition request is used to request to acquire authentication information that the application client accesses to the application server through an online system;
the information receiving unit is used for receiving a bill generated by the basic server according to the acquisition request sent by the acquisition request sending unit, wherein the bill comprises verification information;
and the access transmitting unit is used for transmitting the bill received by the information receiving unit to an application client, and the bill is used for accessing the application client to the application server through an online system according to the verification information in the bill.
The eighth aspect of the embodiments of the present invention further provides an online system, including:
an access request receiving unit, configured to receive a service access request sent by an application client, where the service access request includes a ticket, and the ticket includes verification information; the bill is generated by the basic server;
and the verification unit is used for verifying the validity of the verification information in the bill, and if the verification is passed, the application client is allowed to access the application server through the online system.
A ninth aspect of the present invention further provides a service access system, including: including basic server and online system, wherein:
the base server is a server as provided in the fifth aspect of the embodiment of the present invention, and the online system is an online system as provided in the eighth aspect of the embodiment of the present invention.
A tenth aspect of the present invention provides a service access system, including: the system comprises a first client, a basic server and an online system;
the first client is a client provided in the seventh aspect of the embodiment of the present invention, the base server is a server provided in the fifth aspect of the embodiment of the present invention, and the online system is an online system provided in the eighth aspect of the embodiment of the present invention.
Therefore, in the embodiment of the invention, the basic server can provide the bill, the bill comprises the verification information, and the application client accesses the application server through the online system according to the verification information in the bill after acquiring the bill. Therefore, in the process of connecting the client and the server of any application, the verification process can be completed through the basic server and the online system without redeploying the access management server of any application for verification.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a service access system according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of another service access system provided in an embodiment of the present invention;
fig. 3 is a flowchart of a service access method according to a first embodiment of the present invention;
fig. 4a is a flowchart of a service access method executed by an application client in a second embodiment according to an embodiment of the present invention;
fig. 4b is a flowchart of a service access method executed by a first client in a second embodiment according to an embodiment of the present invention;
fig. 5 is a flowchart of a service access method according to a third embodiment of the present invention;
fig. 6 is a flowchart of a service access method according to a fourth embodiment of the present invention;
fig. 7 is a flowchart of a service access method according to a fifth embodiment of the present invention;
fig. 8 is a schematic structural diagram of a server according to an embodiment of the present invention;
fig. 9a is a schematic structural diagram of a client according to an embodiment of the present invention;
fig. 9b is a schematic structural diagram of another client according to an embodiment of the present invention;
FIG. 10 is a schematic structural diagram of an online system provided by an embodiment of the present invention;
fig. 11 is a schematic structural diagram of a service access device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are, for example, capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The service access method provided in the embodiment of the present invention may be mainly applied to a service access system as shown in fig. 1, where the system includes a basic server 101 and an online system 102, and the service access system may further include a client 100 and an application server 103, where the client 100 is a client corresponding to the application server 103, where:
the client 100 is mainly configured to send an acquisition request to the base server 101, where the acquisition request is used to request to acquire authentication information that the client 100 accesses to the application server 103 through the online system 102, and when a ticket generated by the base server 101 according to the acquisition request is received and the ticket includes the authentication information, the client accesses to the application server 103 through the online system 102 according to the authentication information in the ticket. Specifically, the client 100 may send a service access request to the online system 102 to request access to the application server 103 through the online system 102, the service access request including the ticket, and if the online system 102 determines to allow the client 100 to access to the application server 103 according to the authentication information in the ticket, the client 100 connects to the application server 103 through the online system 102. The client 100 is specifically a client corresponding to the application server 103.
The basic server 101 is configured to receive an acquisition request sent by the client 100, where the acquisition request is used to request to acquire authentication information that the client 100 accesses to the application server 103 through the online system 102, generate a ticket according to the acquisition request, and send the ticket to the client 100 after the ticket includes the authentication information, where the ticket is used for the client 100 to access to the application server 103 through the online system 102 according to the authentication information in the ticket. The base server 101 is an application-independent server, and may specifically be a ticket server.
The online system 102 is configured to, when receiving a service access request sent by the client 100, include the ticket in the service access request; the validity of the authentication information in the ticket is verified, and if the verification is passed, the client 100 is allowed to access the application server 103 through the online system 102. The online system 102 mainly ensures communication connection between the client 100 and the application server 103, and specifically functions to forward messages between the client 100 and the application server 103 after the client 100 accesses the application server 103.
The application server 103 is mainly used for providing services to the client 100 through the online system 102 after being connected to the client 100 through the online system 102.
It should be noted that the basic server 101 and the online system 102 use the same communication protocol and use a uniform key, so that the online system 102 can analyze the ticket generated by the basic server 101 to obtain the verification information and verify the validity of the verification information.
Further, in a specific embodiment, if the acquisition request received by the base server 101 includes user authentication information, the base server 101 is further configured to authenticate the user authentication information before generating the ticket, and if the authentication is passed, the ticket is generated.
Further, in another specific embodiment, the authentication information may include a user identifier and a service identifier. So that the application server 103 can send push messages to the client 100 through the online system 102; the online system 102 may also be configured to receive a push message sent by the application server 103, and according to an actual service requirement, send the push message to all clients corresponding to the user identifier, or send the push message to a specified client corresponding to the user identifier and the service identifier. One user identifier may correspond to multiple service identifiers, and one service identifier is used to identify one type of service.
The client 100 may also receive a push message of the application server 103 sent through the online system 102.
In a specific application embodiment, the client 100 may be a game client, the application server 103 may be a game server, and the verification information is the verification information of a game user who accesses the game server through the online system by the game client; or, the client 100 is an instant messaging client, the application server 103 is an instant messaging server, and the verification information is the verification information of a user who accesses the instant messaging server through the online system by the instant messaging client; or, the client 100 is a mailbox client, the application server 103 is a mailbox server, and the verification information is the verification information of the user who accesses the mailbox server through the online system by the mailbox client.
It should be noted that the structure of the client 100 in this embodiment may be as shown in the following fig. 9a, the structure of the base server 101 may be as shown in fig. 8, and the structure of the online system 102 may be as shown in fig. 10.
It can be seen that, in this embodiment, when the client 100 needs to connect to the application server 103 and receives the service of the application server 103, the client 100 may first obtain a ticket including the verification information from the base server 101, and when the service is accessed, if the online system 102 verifies the validity of the verification information, the client 100 may connect to the application server 103 through the online system 102. In this way, during the process of connecting the client and the server of any application, the verification process can be completed through the base server 101 and the online system 102. Compared with the prior art, the method has the advantages that an access management server for deploying the new application is not required to be added, the cost is low, and the resources of the basic server and the online system are reasonably utilized.
The service access method provided in the embodiment of the present invention may also be applied to a service access system as shown in fig. 2, where the system includes a first client 200, a base server 202, and an online system 203, and the service access system may also include an application server 204, and an application client 201, where:
the first client 200 is mainly configured to send an acquisition request to the base server 202, where the acquisition request is used to request to acquire authentication information that the application client 201 accesses to the application server 204 through the online system 203, receive a ticket generated by the base server 202 according to the acquisition request, and transmit the ticket to the application client 201 after the ticket includes the authentication information. The first client 200 may be any client except a client corresponding to the application server 204, specifically, may be a client corresponding to the base server 202, and may also be a client of another application.
The base server 202 is configured to receive an acquisition request sent by the first client 200, where the acquisition request is used to request to acquire authentication information that the application client 201 accesses to the application server 204 through the online system 203, generate a ticket according to the acquisition request, and send the ticket to the first client 200 after the ticket includes the authentication information, where the ticket is used for the application client 201 to access to the application server 204 through the online system 203 according to the authentication information in the ticket. The base server 202 is a service independent server, and may be specifically a ticket server.
The application client 201 is configured to receive a ticket transmitted by the first client 200, where the ticket includes authentication information, and is accessed to the application server 204 through the online system 203 according to the authentication information in the ticket, and specifically, the application client 201 sends a service access request to the online system 203 to request access to the application server 204 through the online system 203, where the service access request includes the ticket, and if the online system 203 determines to allow the application client 201 to access to the application server 204 according to the authentication information in the ticket, the application client 201 accesses to the application server 204 through the online system 203.
The online system 203 is configured to, when receiving a service access request sent by the application client 201, include the ticket in the service access request, and include verification information in the ticket; the validity of the verification information is verified, and if the verification is passed, the application client 201 is allowed to access the application server 204 through the online system 203. The online system 203 mainly ensures the communication connection between the application client 201 and the application server 204, and specifically plays a role in forwarding messages between the application client 201 and the application server 204 after the application client 201 accesses the application server 204.
The application server 204 is mainly used for providing services to the application client 201 through the online system 203 after being connected with the application client 201 through the online system 203.
It should be noted that the basic server 202 and the online system 203 use the same communication protocol and use a uniform key, so that the online system 203 can analyze the ticket generated by the basic server 202 to obtain the verification information and verify the validity of the verification information.
Further, in a specific embodiment, if the acquisition request sent by the first client 201 to the base server 202 includes the user authentication information, the base server 202 is further configured to authenticate the user authentication information before generating the ticket, and if the authentication is passed, the ticket is generated.
Further, in another specific embodiment, the authentication information includes a user identifier and a service identifier. The application server 204 may also be configured to send a push message to the application client 201 through the online system 203; the online system 203 may also be configured to receive a push message sent by the application server 204, and according to an actual service requirement, send the push message to all clients corresponding to the user identifier, or send the push message to a specified client corresponding to the user identifier and the service identifier.
The application client 201 may also receive push messages for the application server 204 sent through the online system 203.
In a specific application embodiment, the application client 201 may be a game client, the application server 204 may be a game server, and the verification information is the verification information of a game user who accesses the game server through the online system by the game client; or, the application client 201 is an instant messaging client, the application server 204 is an instant messaging server, and the verification information is the verification information of a user who accesses the instant messaging server through the online system by the instant messaging client; or, the application client 201 is a mailbox client, the application server 204 is a mailbox server, and the verification information is the verification information of the user who accesses the mailbox server through the online system by the mailbox client.
It should be noted that the structure of the application client 201 in this embodiment may be as shown in the following fig. 9a, the structure of the first client 200 may be as shown in fig. 9b, the structure of the base server 202 may be as shown in fig. 8, and the structure of the online system 203 may be as shown in fig. 10.
It can be seen that, the service access system in this embodiment is similar to the service access system shown in fig. 1, and when a new application is released, an access management server for deploying the new application does not need to be added, so that the cost is low, and resources of the basic server and the online system are reasonably utilized. In this embodiment, the first client 200 that obtains the verification information is different from the application client 201 that accesses the application server 204, so that when a new application is launched, a server and a client that deploy the new application may be added, and an interface that obtains the verification information and an interface that connects to the online system may be deployed in the client that deploys the new application.
In a first embodiment of the invention:
the basic server in the service access system may execute the service access method according to the following steps, and the flowchart is shown in fig. 3 and includes:
It can be understood that, in this embodiment, the user may operate the first client to make the first client send out an obtaining request, where the obtaining request may include user authentication information, so that the base server may authenticate the user authentication information after receiving the obtaining request, and if the authentication passes, perform step 1002. The user authentication information includes any one of the following information: the user authentication information of the basic service is the user authentication information used for logging in the basic server; the user authentication information of the application is the user authentication information used for logging in the application server; and user authentication information of third party applications, etc.
In another case, the acquisition request does not include the user authentication information, so that the base server performs step 1002 directly after receiving the acquisition request.
The authentication information may include a user identifier and a service identifier, where the user identifier is used to uniquely identify information of a user, and the service identifier is used to uniquely identify information of a service type.
And 1003, the basic server sends the bill to the first client, wherein the bill is used for accessing the application server by the application client through the online system according to the verification information in the bill.
The first client can be an application client, so that when the first client receives a bill comprising verification information, the verification information in the bill is utilized to initiate service access to the online system; the first client may also be a client of any other application or a client corresponding to the basic server, which is different from the application client, so that after the first client receives the ticket including the verification information, the ticket needs to be sent to the application client, and the application client initiates service access to the online system by using the verification information in the ticket. The bill plays a role in the process that the application client accesses the application server through the online system: and analyzing the bill by the online system to obtain verification information, thereby verifying the verification information.
In this embodiment, the base server may provide a ticket, the ticket includes authentication information, and the application client accesses the application server through the online system according to the authentication information in the ticket. Therefore, in the process of connecting the client and the server of any application, the verification process can be completed through the basic server and the online system without redeploying the access management server of any application for verification.
In a second embodiment of the invention:
a client in the service access system may perform a service access method according to the following steps, as shown in fig. 4a, for an application client, the service access method includes:
in step 2001a, the application client obtains a ticket generated by the base server, where the ticket includes the authentication information. The process of generating the ticket by the application server may be as described in the above method embodiment one, and is not described herein again.
Specifically, when acquiring a bill, in one case, an application client has an interface connected to a base server, so that the application client can send an acquisition request to the base server, where the acquisition request is used to request to acquire authentication information that the application client accesses to the application server through an online system; the application client receives the basic server to generate a bill according to the acquisition request, the bill comprises verification information,
in another case, the application client may directly receive a base server generated ticket sent by the first client, where the ticket includes the authentication information.
And step 2003a, if the online system determines that the application client is allowed to access the application server through the online system according to the verification information in the bill, the application client is connected with the application server through the online system.
Furthermore, after the client of the application is connected with the application server through the online system, the push message of the application server sent by the online system can be received.
Referring to fig. 4b, for the first client, mainly acquiring and sending the verification information in the service access process, specifically, the method includes:
in step 2001b, the first client sends an acquisition request to the base server, where the acquisition request is used to request to acquire the authentication information that the application client accesses to the application server through the online system.
and step 2003b, the first client transmits the bill to the application client, and the bill is used for accessing the application client to the application server through the online system according to the verification information in the bill.
It can be seen that, in this embodiment, the first client may obtain a ticket generated by the base server, where the ticket includes the verification information, and then the application client accesses the application server through the online system according to the verification information in the ticket, and only accesses the application server through the online system if the online system confirms that the application client is allowed to access the application server. Therefore, in the process of connecting the client and the server of any application, the verification process can be completed through the basic server and the online system without redeploying the access management server of any application for verification.
In a third embodiment of the invention:
the online system in the service access system may execute the service access method according to the following steps, and the flowchart is shown in fig. 5 and includes:
Specifically, the verification information may include, in addition to the user identifier and the service identifier, time information, a machine code and a check code of the client, and the like, so that when the online system verifies the validity of the verification information, the online system may verify the validity of the verification information according to the time information in the verification information, and may also verify the machine code and the check code, and the like.
Further, in a specific embodiment, the verification information includes a user identifier and a service identifier, where one user identifier may correspond to multiple service identifiers, and after the online system receives the push message sent by the application server, the push message may be sent to all clients corresponding to the user identifier according to service requirements, or only the push message is sent to a specified client corresponding to the user identifier and the service identifier.
It can be seen that, in this embodiment, when the application client accesses the application server through the online system according to the verification information in the ticket provided by the base server, the online system uniformly verifies the validity of the access of the application client, and if the verification is passed, the application client is allowed to access. Therefore, in the process of connecting the client and the server of any application, the verification process can be completed through the basic server and the online system without redeploying the access management server of any application for verification.
In a fourth embodiment of the invention:
a specific embodiment is used to describe the service access method of the present invention, which is mainly applied to the system shown in fig. 1, where the basic server is a ticket server, and a flow chart of the service access method is shown in fig. 6, and includes:
step 4001, the client sends an acquisition request to the ticket server, in one case, the acquisition request is used to request to acquire a ticket with an identity, that is, the acquisition request includes user authentication information, so that the ticket server will first perform step 4002; in another case, the fetch request is for requesting that the guest ticket be fetched, i.e., user authentication information is not included in the fetch request, so that the ticket server performs step 4003.
Step 4002, the ticket server authenticates the user authentication information in the acquisition request, if the authentication is passed, step 4003 is executed, and if the authentication is not passed, the flow is ended.
Generally, the user authentication information is information including an account and a password, and when the ticket server performs authentication, the account and the password in the acquisition request are compared with a preset account and a preset password, if the account and the password are consistent, the authentication is passed, and if the account and the password are not consistent, the authentication is not passed.
Step 4003, the ticket server generates a ticket according to the acquisition request, and includes the verification information in the ticket, where the verification information may include a user Identifier and a service Identifier, where the user Identifier may specifically be a Universal Unique Identifier (UUID), and the service Identifier may be an open Identifier (OpenID), and one user Identifier may correspond to multiple service identifiers.
Step 4004, the ticket server sends the ticket to the client.
Step 4005, the client sends a service access request to the online system, where the service access request includes the ticket generated in step 4003.
Step 4006, the online system verifies the validity of the ticket in the service access request, and when the ticket is specifically verified, the ticket can be decrypted, and then the time effectiveness, the check code and the like of the ticket can be verified, and if the verification fails, the flow is ended; and if the verification is passed, the client is allowed to access to the application server through the online system, and the service access request can be sent to the application server. The application server replies a confirmation message to the client through the online system, so that the connection between the application server and the client is established.
Step 4007, after the connection between the application server and the client is established through the online system, the application server provides a service for the client, and can send a push message; after receiving the push message, the online system may send the push message to all clients corresponding to the user identifier in the above-mentioned ticket, including the client described in this embodiment, according to the service requirement of the push message; or sending the user identification and the appointed client corresponding to the service identification. And if the service is customized by a certain client, sending the push message to the specified client.
In a fifth embodiment of the invention:
a specific embodiment is used to describe the service access method of the present invention, which is mainly applied to the system shown in fig. 2, where the basic server is a ticket server, and a flow chart of the service access method is shown in fig. 7, and includes:
step 5001, the first client sends an acquisition request to the ticket server, in one case, the acquisition request is used to request to acquire a ticket with an identity, that is, the acquisition request includes user authentication information, so that the ticket server will first execute step 5002; in another case, the get request is for requesting to get a guest ticket, i.e., no user authentication information is included in the get request, so that the ticket server performs step 5003.
Step 5002, the ticket server authenticates the user authentication information in the acquisition request, if the authentication is passed, step 5003 is executed, and if the authentication is not passed, the flow is ended.
Step 5003, the ticket server generates a ticket according to the acquisition request, and includes the authentication information in the ticket, where the authentication information may include a user identifier and a service identifier, where the user identifier may specifically be a UUID, and the service identifier may be an OpenID.
Step 5004, the ticket server sends the ticket to the first client, and the first client transmits the ticket to the application client.
Step 5005, the application client sends a service access request to the online system, where the service access request includes the ticket generated in step 5003.
Step 5006, the online system verifies the validity of the ticket in the service access request, and if the verification fails, the process is ended; and if the verification is passed, the application client is allowed to access to the application server through the online system, and the service access request can be sent to the application server. And the application server replies a confirmation message to the application client through the online system, so that the connection between the application server and the application client is established.
Step 5007, after the connection between the application server and the application client is established through the online system, the application server provides a service for the application client, and can send a push message; after receiving the push message, the online system may send the push message to all clients corresponding to the user identifier in the above-mentioned ticket, including the application client described in this embodiment; or sending the user identification and the appointed client corresponding to the service identification.
An embodiment of the present invention further provides a server, where the server may be a ticket server, and a schematic structural diagram of the server is shown in fig. 8, where the server specifically includes:
an acquisition request receiving unit 10, configured to receive an acquisition request sent by a first client, where the acquisition request is used to request to acquire authentication information that an application client accesses to an application server through an online system; the first client may be different from the application client, or the first client may be the application client.
The generating unit 11 is configured to generate the ticket according to the acquisition request received by the acquisition request receiving unit 10, where the ticket includes authentication information.
The authentication information may include a user identifier and a service identifier, where the user identifier is used to uniquely identify information of a user, and the service identifier is used to uniquely identify information of a service type.
And the information sending unit 12 is configured to send the ticket generated by the generating unit 11 to the first client, where the ticket is used for the application client to access the application server through the online system according to the verification information in the ticket.
In a specific embodiment, the obtaining request received by the obtaining request receiving unit 10 may include user authentication information; the user authentication information includes any one of the following information: user authentication information for the base service, user authentication information for the application, and user authentication information for the third party application; the server thus needs to further include an authentication unit 13 for authenticating the user authentication information and, if the authentication is passed, notifying the generation unit 11 to generate the ticket. In another case, the acquisition request received by the acquisition request receiving unit 10 may not include user authentication information, so that the server does not need to authenticate the acquisition request and the ticket is generated directly by the generating unit 11.
Note that the structure shown by the solid line in fig. 8 is necessary for the server, and the portion shown by the broken line is a structure that can be added to the server.
It can be seen that in the server of the present embodiment, the ticket is generated by the generation unit 11, and the application client accesses to the application server through the online system according to the authentication information in the ticket. In this way, in the process of connecting the client and the server of any application, the verification process can be completed through the server and the online system of the embodiment without redeploying the access management server of any application for verification.
An embodiment of the present invention further provides a client, a schematic structural diagram of which is shown in fig. 9a, and the client includes:
an information acquiring unit 20a for acquiring a ticket generated by the base server, the ticket including the authentication information.
The information obtaining unit 20a is specifically configured to send an obtaining request to the base server, where the obtaining request is used to request to obtain the verification information that the application client accesses to the application server through the online system; receiving a bill generated by the basic server according to the acquisition request, wherein the bill comprises verification information; or, the information obtaining unit 20a is specifically configured to directly receive a ticket generated by the base server and sent by the first client, where the ticket includes the verification information.
A request sending unit 21a, configured to send a service access request to the online system, where the service access request includes the ticket acquired by the information acquiring unit 20 a.
An accessing unit 22a, configured to connect with the application server through the online system if the online system determines, according to the verification information included in the ticket in the service access request sent by the request sending unit 21a, that the client is allowed to access the application server through the online system.
In a specific embodiment, as shown by a dotted line in fig. 9a, the client may further include a push receiving unit 23a, configured to receive a push message of the application server sent through the online system.
An embodiment of the present invention further provides another client, a schematic structural diagram of which is shown in fig. 9b, and the client includes:
an obtaining request sending unit 20b, configured to send an obtaining request to a base server, where the obtaining request is used to request to obtain authentication information that the application client accesses to the application server through an online system;
an information receiving unit 21b, configured to receive a ticket generated by the base server according to the acquisition request sent by the acquisition request sending unit 20b, where the ticket includes authentication information;
and the access transmitting unit 22b is used for transmitting the bill received by the information receiving unit 21b to an application client, wherein the bill is used for accessing the application client to the application server through an online system according to the verification information in the bill.
It can be seen that, in this embodiment, the client shown in fig. 9b may request the base server to obtain the authentication information, and when the client shown in fig. 9a accesses the application server through the online system according to the authentication information in the ticket, if the online system confirms that the application client is allowed to access, the client accesses the application server through the online system. Therefore, in the process of connecting the client and the server of any application, the verification process can be completed through the basic server and the online system without redeploying the access management server of any application for verification.
An embodiment of the present invention further provides an online system, a schematic structural diagram of which is shown in fig. 10, including:
an access request receiving unit 30, configured to receive a service access request sent by an application client, where the service access request includes a ticket, and the ticket includes verification information; the bill is generated by the basic server;
a verifying unit 31, configured to verify validity of verification information included in the ticket in the service access request received by the access request receiving unit 30, and if the verification passes, allow the application client to access the application server through the online system.
In a specific embodiment, as shown by a dotted line in fig. 10, if the authentication information included in the service access request received by the access request receiving unit 30 includes a user identifier and a service identifier, the system further includes: a pushing unit 32, configured to receive a push message sent by the application server, and send the push message to all clients corresponding to the user identifier, or send the push message to an appointed client corresponding to the user identifier and the service identifier.
It can be seen that, in this embodiment, the application client includes the verification information in the ticket according to the ticket provided by the base server, when accessing the application server through the online system, the verification unit 31 of the online system uniformly verifies the validity of the access of the application client, and if the verification passes, the access of the application client is allowed. Therefore, in the process of connecting the client and the server of any application, the verification process can be completed through the basic server and the online system without redeploying the access management server of any application for verification.
An embodiment of the present invention further provides a service access apparatus, which is schematically shown in fig. 11, and the service access apparatus may generate a relatively large difference due to different configurations or performances, and may include one or more Central Processing Units (CPUs) 40 (e.g., one or more processors) and a memory 41, and one or more storage media 42 (e.g., one or more mass storage devices) storing an application 421 or data 422. Memory 41 and storage medium 42 may be, among other things, transient or persistent storage. The program stored on the storage medium 42 may include one or more modules (not shown), each of which may include a sequence of instructions operating on a service access device. Further, central processor 40 may be configured to communicate with storage medium 42 to execute a series of instructional operations on storage medium 42 on a business access device.
The service access device may also include one or more power supplies 43, one or more wired or wireless network interfaces 44, one or more input-output interfaces 45, and/or one or more operating systems 423, such as Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, and so forth.
The service access device in this embodiment may be a server, so that the steps executed by the base server in the first embodiment of the method may be based on the structure of the service access device shown in fig. 11; the service access device in this embodiment may also be a client, so that the steps executed by the first client or the application client in the second method embodiment described above may be based on the structure of the service access device shown in fig. 11; the service access device in this embodiment may also be an online system, and thus the steps executed by the online system in the third method embodiment may be based on the structure of the service access device shown in fig. 11.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by associated hardware instructed by a program, which may be stored in a computer-readable storage medium, and the storage medium may include: read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disks, and the like.
The service access method, system and related devices provided by the embodiments of the present invention are described in detail above, and the principle and the implementation of the present invention are explained in this document by applying specific embodiments, and the description of the above embodiments is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (24)
1. A service access method is applied to a basic server and comprises the following steps:
receiving an acquisition request sent by a first client, wherein the acquisition request is used for requesting to acquire verification information accessed to an application server by an application client through an online system;
generating a bill according to the acquisition request, wherein the bill comprises the verification information; the verification information comprises a user identifier, a service identifier, time information, a machine code and a check code of the first client;
and sending the bill to the first client, wherein the bill is used for sending a service access request to the online system by the application client according to the verification information in the bill, and accessing the bill to the application server after the validity of the verification information and the verification of the machine code and the check code by the online system are passed.
2. The method of claim 1, wherein the first client is different from the application client or the first client is the application client.
3. The method of claim 1, wherein the application client is a game client, the application server is a game server, and the authentication information is authentication information of a game user who the game client accesses to the game server through an online system; or the like, or, alternatively,
the application client is an instant messaging client, the application server is an instant messaging server, and the verification information is the verification information of a user accessing the instant messaging server through an online system by the instant messaging client; or the like, or, alternatively,
the application client is a mailbox client, the application server is a mailbox server, and the verification information is the verification information of a user accessing the mailbox server through an online system by the mailbox client.
4. The method according to any one of claims 1 to 3, wherein the acquisition request includes user authentication information; the user authentication information includes any one of the following information: user authentication information for the base service, user authentication information for the application, and user authentication information for the third party application;
before generating the verification information according to the acquisition request, the method further includes: and authenticating the user authentication information, and if the user authentication information passes the authentication, executing the step of generating the bill according to the acquisition request.
5. A service access method is applied to an application client, and comprises the following steps:
acquiring a bill generated by a basic server, wherein the bill comprises verification information; the verification information comprises a user identifier, a service identifier, time information, a machine code and a check code of the client;
sending a service access request to an online system, wherein the service access request comprises the verification information;
and if the online system determines to allow the online system to access to the application server after the time efficiency of the verification information and the verification of the machine code and the check code pass according to the verification information in the bill, the online system is connected with the application server.
6. The method of claim 5, wherein the obtaining the ticket generated by the base server, the ticket including the verification information, specifically comprises:
sending an acquisition request to the basic server, wherein the acquisition request is used for requesting to acquire verification information accessed to the application server by the application client through the online system; receiving a bill generated by the basic server according to the acquisition request, wherein the bill comprises verification information;
or receiving a bill generated by the basic server and sent by the first client, wherein the bill comprises verification information.
7. The method of claim 5 or 6, further comprising:
and receiving the push message of the application server sent by the online system.
8. A service access method is applied to a first client, and comprises the following steps:
sending an acquisition request to a basic server, wherein the acquisition request is used for requesting to acquire verification information accessed to the application server by an application client through an online system;
receiving a bill generated by the basic server according to the acquisition request, wherein the bill comprises verification information; the verification information comprises a user identifier, a service identifier, time information, a machine code and a check code of the first client;
and transmitting the bill to the client of the application, wherein the bill is used for transmitting a service access request to the online system according to the verification information in the bill by the application client, and accessing the bill to the application server after the time effect of the verification information and the verification of the machine code and the check code by the online system are passed.
9. A service access method is applied to an online system and comprises the following steps:
receiving a service access request sent by an application client, wherein the service access request comprises a bill, and the bill comprises verification information; the ticket is generated by a base server; the verification information comprises a user identifier, a service identifier, time information, a machine code and a check code of the first client;
and verifying the validity of the verification information in the bill, respectively verifying the machine code and the check code, and allowing the application client to access to an application server through the online system if all the verifications are passed.
10. The method of claim 9, wherein the authentication information includes a user identifier and a service identifier, the method further comprising:
and receiving a push message sent by the application server, and sending the push message to all clients corresponding to the user identifier, or sending the push message to a specified client corresponding to the user identifier and the service identifier.
11. A server, comprising:
the system comprises an acquisition request receiving unit, a verification unit and a verification unit, wherein the acquisition request receiving unit is used for receiving an acquisition request sent by a first client, and the acquisition request is used for requesting to acquire verification information accessed to an application server by an application client through an online system;
the generating unit is used for generating a bill according to the acquisition request received by the acquisition request receiving unit, wherein the bill comprises the verification information; the verification information comprises a user identifier, a service identifier, time information, a machine code and a check code of the first client;
and the information sending unit is used for sending the bill generated by the generating unit to the first client, the bill is used for sending a service access request to the online system by the application client according to the verification information in the bill, and the bill is accessed to the application server after the time effect of the online system on the verification information and the verification of the machine code and the check code pass.
12. The server according to claim 11,
the obtaining request received by the obtaining request receiving unit comprises user authentication information; the user authentication information includes any one of the following information: user authentication information for the base service, user authentication information for the application, and user authentication information for the third party application;
the server further comprises: and the authentication unit is used for authenticating the user authentication information and informing the generation unit to generate the bill if the user authentication information passes the authentication.
13. A client, comprising:
the information acquisition unit is used for acquiring a bill generated by the basic server, wherein the bill comprises verification information; the verification information comprises a user identifier, a service identifier, time information, a machine code and a check code of the client;
a request sending unit, configured to send a service access request to an online system, where the service access request includes a ticket acquired by the information acquiring unit;
and the access unit is used for connecting the client side with the application server through the online system if the client side is determined to be allowed to access the application server through the online system after the time effect of the verification information and the verification of the machine code and the check code are passed through by the online system according to the verification information in the bill.
14. The client of claim 13,
the information acquisition unit is specifically configured to send an acquisition request to the basic server, where the acquisition request is used to request to acquire verification information that the client accesses to the application server through the online system; receiving a bill generated by the basic server according to the acquisition request, wherein the bill comprises verification information;
or, the information obtaining unit is specifically configured to receive a ticket generated by the base server and sent by the first client, where the ticket includes the verification information.
15. The client of claim 13 or 14, further comprising:
and the push receiving unit is used for receiving the push message of the application server sent by the online system.
16. A client, comprising:
the system comprises an acquisition request sending unit, a basic server and a verification unit, wherein the acquisition request sending unit is used for sending an acquisition request to the basic server, and the acquisition request is used for requesting to acquire verification information which is accessed to an application server by an application client through an online system;
the information receiving unit is used for receiving a bill generated by the basic server according to the acquisition request sent by the acquisition request sending unit, wherein the bill comprises verification information; the verification information comprises a user identifier, a service identifier, time information, a machine code and a check code of the client;
and the access transmitting unit is used for transmitting the bill received by the information receiving unit to an application client, the bill is used for sending a service access request to the online system by the application client according to the verification information in the bill, and the bill is accessed to the application server after the time effect of the verification information and the verification of the machine code and the check code are passed through the online system.
17. An online system, comprising:
an access request receiving unit, configured to receive a service access request sent by an application client, where the service access request includes a ticket, and the ticket includes verification information; the bill is generated by the basic server; the verification information comprises a user identifier, a service identifier, time information, a machine code and a check code of the first client;
and the verification unit is used for verifying the validity of the verification information in the bill, respectively verifying the machine code and the check code, and allowing the application client to access to an application server through the online system if all the verifications are passed.
18. The system of claim 17, wherein the authentication information included in the service access request received by the access request receiving unit includes a user identifier and a service identifier, the system further comprising:
and the pushing unit is used for receiving the pushing message sent by the application server, and sending the pushing message to all the clients corresponding to the user identifier, or sending the pushing message to the appointed clients corresponding to the user identifier and the service identifier.
19. A service access system comprising a base server and an online system, wherein:
the base server is a server according to any one of claims 11 to 12;
the online system is as claimed in claim 17 or 18.
20. The system of claim 19, wherein the system further comprises: the system comprises a client and an application server, wherein the client is an application client;
the client is a client according to any one of claims 13 to 15;
and the application server is used for being connected with the client through the online system.
21. A service access system, comprising: the system comprises a first client, a basic server and an online system;
the first client is the client of claim 16;
the base server is a server according to any one of claims 11 to 12;
the online system is as claimed in claim 17 or 18.
22. The system of claim 21, wherein the system further comprises an application client and an application server;
the application client is a client according to any one of claims 13 to 15;
and the application server is used for being connected with the application client through the online system.
23. A storage medium storing a plurality of instructions adapted to be loaded by a processor and to perform a service access method according to any of claims 1 to 10.
24. A service access device, comprising a processor and a storage medium, wherein the processor is configured to implement instructions;
the storage medium is configured to store a plurality of instructions for loading by a processor and executing the service access method according to any one of claims 1 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510819856.6A CN106790331B (en) | 2015-11-23 | 2015-11-23 | Service access method, system and related device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510819856.6A CN106790331B (en) | 2015-11-23 | 2015-11-23 | Service access method, system and related device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106790331A CN106790331A (en) | 2017-05-31 |
| CN106790331B true CN106790331B (en) | 2020-07-03 |
Family
ID=58964269
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510819856.6A Active CN106790331B (en) | 2015-11-23 | 2015-11-23 | Service access method, system and related device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106790331B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107493331A (en) * | 2017-08-16 | 2017-12-19 | 网宿科技股份有限公司 | A kind of client access method, server and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003007571A1 (en) * | 2001-07-09 | 2003-01-23 | Koninklijke Kpn N.V. | Method and system for a service process to provide a service to a client |
| CN101998407A (en) * | 2009-08-31 | 2011-03-30 | 中国移动通信集团公司 | WLAN access authentication based method for accessing services |
| KR20130072790A (en) * | 2011-12-22 | 2013-07-02 | 주식회사 스마트시스템즈 | User authentication system and method thereof |
| CN104468599A (en) * | 2014-12-18 | 2015-03-25 | 浪潮(北京)电子信息产业有限公司 | Method and system for achieving session sharing among multiple applications |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101047504B (en) * | 2006-03-29 | 2010-06-09 | 腾讯科技(深圳)有限公司 | Network log-in authorization method and authorization system |
| US9191375B2 (en) * | 2011-01-13 | 2015-11-17 | Infosys Limited | System and method for accessing integrated applications in a single sign-on enabled enterprise solution |
| CN102281299A (en) * | 2011-08-17 | 2011-12-14 | 中兴通讯股份有限公司 | Interactive service processing method and service control layer server |
| CN103634265B (en) * | 2012-08-20 | 2019-01-11 | 腾讯科技(深圳)有限公司 | Method, equipment and the system of safety certification |
| CN103685502B (en) * | 2013-12-09 | 2017-07-25 | 腾讯科技(深圳)有限公司 | A kind of information push method, apparatus and system |
| CN104869175B (en) * | 2015-06-16 | 2018-07-27 | 腾讯科技(北京)有限公司 | Cross-platform account resource-sharing implementation method, apparatus and system |
-
2015
- 2015-11-23 CN CN201510819856.6A patent/CN106790331B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003007571A1 (en) * | 2001-07-09 | 2003-01-23 | Koninklijke Kpn N.V. | Method and system for a service process to provide a service to a client |
| CN101998407A (en) * | 2009-08-31 | 2011-03-30 | 中国移动通信集团公司 | WLAN access authentication based method for accessing services |
| KR20130072790A (en) * | 2011-12-22 | 2013-07-02 | 주식회사 스마트시스템즈 | User authentication system and method thereof |
| CN104468599A (en) * | 2014-12-18 | 2015-03-25 | 浪潮(北京)电子信息产业有限公司 | Method and system for achieving session sharing among multiple applications |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106790331A (en) | 2017-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104601590B (en) | A kind of login method, server and mobile terminal | |
| CN103378972B (en) | the security configuration of mobile application | |
| WO2016197934A1 (en) | Barcode security authentication method | |
| CN112559993B (en) | Identity authentication method, device and system and electronic equipment | |
| CN101399726B (en) | Method for WLAN terminal authentication | |
| US11177963B2 (en) | Method for authenticating a user based on an image relation rule and corresponding first user device, server and system | |
| CN105099985A (en) | Login method and device of multiple applications | |
| US9401905B1 (en) | Transferring soft token authentication capabilities to a new device | |
| EP3566160B1 (en) | Method for authenticating a user and corresponding device, first and second servers and system | |
| CN110069909B (en) | Method and device for login of third-party system without secret | |
| CN105681258B (en) | Session method and conversational device based on third-party server | |
| CN111010363B (en) | Information authentication method and system, authentication module and user terminal | |
| CN108809969B (en) | Authentication method, system and device | |
| CN104935435A (en) | Login methods, terminal and application server | |
| CN109067746B (en) | Communication method and device between client and server | |
| CN111181913B (en) | Information verification method and device | |
| WO2021138217A1 (en) | Method, chip, device and system for authenticating a set of at least two users | |
| CN110121894A (en) | A kind of method for down loading, device and the relevant device of signing information collection | |
| CN111066014A (en) | Apparatus, method and program for remotely managing devices | |
| CN109451483B (en) | eSIM data processing method, equipment and readable storage medium | |
| CN114157693A (en) | Power-on authentication method of communication equipment, communication module and server | |
| KR20140090279A (en) | Service security authentication method and web application server therof | |
| CN106790331B (en) | Service access method, system and related device | |
| CN105227305B (en) | Security verification method and device | |
| CN104301285B (en) | Login method for web system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |