CN107920063A - A kind of method of online updating tokenID - Google Patents

A kind of method of online updating tokenID Download PDF

Info

Publication number
CN107920063A
CN107920063A CN201711084831.1A CN201711084831A CN107920063A CN 107920063 A CN107920063 A CN 107920063A CN 201711084831 A CN201711084831 A CN 201711084831A CN 107920063 A CN107920063 A CN 107920063A
Authority
CN
China
Prior art keywords
tokenid
cloud platform
user
time
safe
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711084831.1A
Other languages
Chinese (zh)
Inventor
李华生
范渊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
DBAPPSecurity Co Ltd
Original Assignee
DBAPPSecurity Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by DBAPPSecurity Co Ltd filed Critical DBAPPSecurity Co Ltd
Priority to CN201711084831.1A priority Critical patent/CN107920063A/en
Publication of CN107920063A publication Critical patent/CN107920063A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Abstract

The present invention relates to a kind of method of online updating tokenID, user logs on to safe cloud platform from business cloud platform, safe cloud platform obtains initial tokenID and caches, persistently presence then refreshes tokenID and replaces the tokenID of caching HTTP request in the tokenID expired times that business cloud platform defines, otherwise tokenID is set to failure by T time later, is stopped the renewal to tokenID and is operated and terminate;If there are single API to perform overlong time, by default recovery API, authenticated using user information, regain tokenID and cache.The present invention ensures the safety of third party's data and resource, user's current operation need not be terminated to be logged in again, the tokenID Problem of Failure of API Calls is solved, re-authentication and login caused by failing due to tokenID is avoided, improves user experience under the premise that security is guaranteed.

Description

A kind of method of online updating tokenID
Technical field
The present invention relates to the technical field of the transmission of digital information, such as telegraph communication, more particularly to one kind ensures safety The method for the online updating tokenID that API operation requests are initiated to business cloud that cloud can continue.
Background technology
Cloud platform is one of important step that cloud computing is implemented, and it is inner that it allows developers that the program finished writing is placed on " cloud " Operation, or " cloud " inner service provided is provided, or the two is all.
Cloud platform generally comprises safe cloud platform and business cloud platform, wherein, safe cloud platform, that is, client, business cloud is put down Platform, that is, third party's access platform, is server-side.When safe cloud platform and business cloud platform are docked, often business cloud is put down Platform provides api interface and supplies safe cloud platform application virtualization resource, and running environment is provided for safety service, the API of these docking Generally comprise the establishment of virtual machine(The VPC network lists containing acquisition, virtual machine template list, image listing, network card configuration, disk Configuration), delete, the interface such as restart, shut down.
In cloud platform docking operation, in order to obtain the resource of virtualization, the API that secure cloud calls business cloud is constantly present Scene, it is ensured that correct user is highly important in the execution API Calls of safety, in order to ensure business cloud is not invaded, Generally require and authentication is done to the user of above-mentioned API.
Ensure that token technologies are usually used in the method for API safety at present, generate and manage in business cloud platform TokenID, and business cloud platform takes the guarantor periodically to cease to be in force automatically to ensure not to be broken into for the tokenID of granting Shield measure, tokenID is once fail, then safe cloud platform further can not carry out API friendships using the tokenID and business cloud Mutually, that is to say, that if cannot solve the problems, such as that tokenID fails, secure cloud will be unable to application virtual resource, and then can not add The problem of added rent family, initiation secure cloud can not work.
In the prior art, the scene of tokenID failures generally comprises tokenID time-out caused by long-time does not operate and loses Effect and single API perform tokenID time-out failures caused by overlong time, traditional solution method be by user voluntarily again Log in and verify identity again, re-request is carried out when identity is verified again and is distributed newly by business cloud platform TokenID, that used in follow-up interaction is then new tokenID.Traditional solution can solve not operate for a long time Caused by tokenID time-out failure the problem of, but for single API perform overlong time caused by tokenID time-out The problem of failure, then can only rely on user and log in again by hand, it is impossible to accomplishes to automate, it is less efficient.
The content of the invention
In order to solve the problems in the existing technology, the present invention provides a kind of side of the online updating tokenID of optimization Method, effectively solves the tokenID Problem of Failure of the API Calls between business cloud platform and safe cloud platform, avoid due to Re-authentication and login caused by tokenID failures.
The technical solution adopted in the present invention is that a kind of method of online updating tokenID, the described method includes following step Suddenly:
Step 1:User logs on to safe cloud platform from business cloud platform, and safe cloud platform obtains the initial tokenID of user, just Beginning tokenID is buffered to browser;
Step 2:Start to monitor safe cloud platform, if HTTP request exists, carry out step 3, otherwise, carry out step 4;
Step 3:The tokenID expired time T defined according to business cloud platform, refresh tokenID in T time, obtain new TokenID, and browser is buffered in the new tokenID tokenID replaced after last refreshing;Return to step 2;
Step 4:The tokenID expired time T defined according to business cloud platform, after the T time by it is upper once refresh after TokenID is set to failure state, stops the renewal operation to tokenID in safe cloud platform;Terminate.
Preferably, in the step 1, initial tokenID is buffered in the Session of browser.
Preferably, in the step 3, when single API request overlong time causes current tokenID to fail, pass through Business cloud platform provides default recovery API, is authenticated using the information of user, regains tokenID and be buffered in In browser.
Preferably, in the step 4, user is prompted while the tokenID after last refresh is set to failure state Do not operate, it is necessary to log in again for a long time.
The present invention provides the method for the online updating tokenID of optimization a kind of, cloud platform login of being engaged in of being obtained employment by user To safe cloud platform, safe cloud platform obtains the initial tokenID of user and caches, if the HTTP request of safe cloud platform continues In the presence of then refreshing tokenID in the tokenID expired times T that business cloud platform defines, replace the tokenID of caching, otherwise The tokenID after upper once refreshing is set to failure state after T time, is stopped in safe cloud platform to tokenID's Renewal is operated and terminated.The present invention by this method, may further determine whether there are single API perform overlong time and The possibility of caused tokenID time-out failure, can provide default recovery API by business cloud platform, utilize user Information authenticated, regain tokenID and cache in a browser.The present invention can both ensure third party's data and money The security in source, and user's current operation need not be terminated and logged in again, effectively solve business cloud platform and safe cloud platform Between API Calls tokenID Problem of Failure, avoid due to tokenID fail caused by re-authentication and login, ensure pacify User experience is improved on the premise of complete.
Brief description of the drawings
Fig. 1 is the flow chart of the present invention.
Embodiment
The present invention is described in further detail with reference to embodiment, but protection scope of the present invention is not limited to This.
The present invention relates to a kind of method of online updating tokenID, the described method comprises the following steps.
Step 1:User logs on to safe cloud platform from business cloud platform, and safe cloud platform obtains the initial of user TokenID, initial tokenID are buffered to browser.
In the step 1, initial tokenID is buffered in the Session of browser.
It in the present invention, under normal circumstances, can increase by a Token management modules in safe cloud platform, be mainly used for pair TokenID is cached, read and is updated replacement.
Step 2:Start to monitor safe cloud platform, if HTTP request exists, carry out step 3, otherwise, carry out step 4.
Step 3:The tokenID expired time T defined according to business cloud platform, refresh tokenID in T time, obtain New tokenID, and browser is buffered in the new tokenID tokenID replaced after last refreshing;Return to step 2.
In the step 3, when single API request overlong time causes current tokenID to fail, put down by business cloud Platform provides default recovery API, is authenticated using the information of user, regains tokenID and caches in a browser.
In the present invention, request that can be to user in safe cloud platform is monitored, if can detect, the HTTP of user please Ask, illustrate that user is also operated accordingly in safe cloud platform, then the tokenID's defined according to third party's business cloud platform The tokenId that expired time is timed refreshes and applies again, under normal circumstances, such as sets and updates a tokenID per hour, so New tokenID is cached so that subsequent request uses afterwards.
In the present invention, when single API request overlong time, tokenID can be caused to have no chance to be refreshed, and then occurred During the situation of tokenID failures, the specific API that can be provided by business cloud platform is authenticated using user information, obtained again Obtain tokenID and cache in a browser, and then complete subsequent operation.
In the present invention, an embodiment recovered by the use of API as specific API is provided, " RecoverAPI (TokenID, Expandtime) ", wherein, first parameter is to wait to prolong prolonged tokenID, and second parameter is the duration of application verification.
In the present invention, the two operations are all shieldings in user level, and user can not perceive, so not interfering with use Family is experienced, while ensure that the effective time of tokenID.
Step 4:The tokenID expired time T defined according to business cloud platform, after the T time by it is upper once refresh after TokenID be set to failure state, in safe cloud platform stop to tokenID renewal operation;Terminate.
In the step 4, user's long-time is prompted while the tokenID after last refresh is set to failure state not Operation, it is necessary to log in again.
In the present invention, when security platform does not receive the HTTP request of user for a long time, illustrate that user is no longer grasped Make, under this kind of scene, user will not reuse the demand that tokenID initiates request in a period of time, so tokenID meetings at this time It is set to failure.
In the present invention, while tokenID is set to failure, user can be prompted not operate for a long time, it is necessary to log in again, It can stop the renewal operation to tokenID in safe cloud platform at the same time.
The present invention logs on to safe cloud platform by user's working business cloud platform, and safe cloud platform obtains the initial of user TokenID is simultaneously cached, expired in the tokenID that business cloud platform defines if the HTTP request of safe cloud platform persistently exists Refresh tokenID in time T, replace the tokenID of caching, otherwise put the tokenID after upper once refreshing after T time For failure state, stop the renewal to tokenID in safe cloud platform and operate and terminate.The present invention by this method, can To further determine whether there is a possibility that tokenID time-out failures caused by single API execution overlong time, Ke Yitong Cross business cloud platform and default recovery API is provided, authenticated using the information of user, regain tokenID and cache In a browser.The present invention can not only ensure the security of third party's data and resource, but also need not terminate user's current operation into Row logs in again, effectively solves the tokenID Problem of Failure of API Calls between business cloud platform and safe cloud platform, avoid by Re-authentication and login caused by tokenID failures, improve user experience under the premise that security is guaranteed.

Claims (4)

  1. A kind of 1. method of online updating tokenID, it is characterised in that:It the described method comprises the following steps:
    Step 1:User logs on to safe cloud platform from business cloud platform, and safe cloud platform obtains the initial tokenID of user, just Beginning tokenID is buffered to browser;
    Step 2:Start to monitor safe cloud platform, if HTTP request exists, carry out step 3, otherwise, carry out step 4;
    Step 3:The tokenID expired time T defined according to business cloud platform, refresh tokenID in T time, obtain new TokenID, and browser is buffered in the new tokenID tokenID replaced after last refreshing;Return to step 2;
    Step 4:The tokenID expired time T defined according to business cloud platform, after the T time by it is upper once refresh after TokenID is set to failure state, stops the renewal operation to tokenID in safe cloud platform;Terminate.
  2. A kind of 2. method of online updating tokenID according to claim 1, it is characterised in that:It is characterized in that:It is described In step 1, initial tokenID is buffered in the Session of browser.
  3. A kind of 3. method of online updating tokenID according to claim 1, it is characterised in that:In the step 3, when Single API request overlong time and cause current tokenID to fail, provide default recovery API by business cloud platform, Authenticated using the information of user, regain tokenID and cache in a browser.
  4. A kind of 4. method of online updating tokenID according to claim 1, it is characterised in that:, will in the step 4 TokenID after last time refreshing prompts user not operate, it is necessary to log in again for a long time while being set to failure state.
CN201711084831.1A 2017-11-07 2017-11-07 A kind of method of online updating tokenID Pending CN107920063A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711084831.1A CN107920063A (en) 2017-11-07 2017-11-07 A kind of method of online updating tokenID

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711084831.1A CN107920063A (en) 2017-11-07 2017-11-07 A kind of method of online updating tokenID

Publications (1)

Publication Number Publication Date
CN107920063A true CN107920063A (en) 2018-04-17

Family

ID=61895981

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711084831.1A Pending CN107920063A (en) 2017-11-07 2017-11-07 A kind of method of online updating tokenID

Country Status (1)

Country Link
CN (1) CN107920063A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108924149A (en) * 2018-07-19 2018-11-30 郑州云海信息技术有限公司 A kind of identity legitimacy verification method and system based on Tocken token
CN109587249A (en) * 2018-12-07 2019-04-05 北京金山云网络技术有限公司 Information sending, receiving method, device, server, client and storage medium
CN109802941A (en) * 2018-12-14 2019-05-24 平安科技(深圳)有限公司 A kind of login validation method, device, storage medium and server
CN113051541A (en) * 2021-03-31 2021-06-29 广州锦行网络科技有限公司 Logoff method and device of target account, electronic equipment and computer readable medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103581140A (en) * 2012-08-03 2014-02-12 腾讯科技(深圳)有限公司 Authorization control method, device and system and authorization request method and device
CN104734849A (en) * 2013-12-19 2015-06-24 阿里巴巴集团控股有限公司 Method and system for conducting authentication on third-party application
CN106411825A (en) * 2015-08-03 2017-02-15 天脉聚源(北京)科技有限公司 WeChat access token acquisition method and system thereof
CN106453303A (en) * 2016-10-09 2017-02-22 武汉斗鱼网络科技有限公司 Method and system for storing user login status for IOS client
CN106789930A (en) * 2016-11-28 2017-05-31 北京铭铭鑫软件有限公司 A kind of single-point logging method of (SuSE) Linux OS

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103581140A (en) * 2012-08-03 2014-02-12 腾讯科技(深圳)有限公司 Authorization control method, device and system and authorization request method and device
CN104734849A (en) * 2013-12-19 2015-06-24 阿里巴巴集团控股有限公司 Method and system for conducting authentication on third-party application
CN106411825A (en) * 2015-08-03 2017-02-15 天脉聚源(北京)科技有限公司 WeChat access token acquisition method and system thereof
CN106453303A (en) * 2016-10-09 2017-02-22 武汉斗鱼网络科技有限公司 Method and system for storing user login status for IOS client
CN106789930A (en) * 2016-11-28 2017-05-31 北京铭铭鑫软件有限公司 A kind of single-point logging method of (SuSE) Linux OS

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108924149A (en) * 2018-07-19 2018-11-30 郑州云海信息技术有限公司 A kind of identity legitimacy verification method and system based on Tocken token
CN108924149B (en) * 2018-07-19 2021-06-18 郑州云海信息技术有限公司 Token-based identity validity verification method and system
CN109587249A (en) * 2018-12-07 2019-04-05 北京金山云网络技术有限公司 Information sending, receiving method, device, server, client and storage medium
CN109802941A (en) * 2018-12-14 2019-05-24 平安科技(深圳)有限公司 A kind of login validation method, device, storage medium and server
CN113051541A (en) * 2021-03-31 2021-06-29 广州锦行网络科技有限公司 Logoff method and device of target account, electronic equipment and computer readable medium
CN113051541B (en) * 2021-03-31 2022-02-01 广州锦行网络科技有限公司 Logoff method and device of target account, electronic equipment and computer readable medium

Similar Documents

Publication Publication Date Title
US11601432B2 (en) Rolling security platform
CN107920063A (en) A kind of method of online updating tokenID
US8099768B2 (en) Method and system for multi-protocol single logout
US20130111586A1 (en) Computing security mechanism
US20160323292A1 (en) Systems and methods for profiling client devices
CN104410674B (en) A kind of WEB session synchronization methods of single-node login system
CN106105090A (en) Session is utilized to share automated log on and publish session
CN110764871A (en) Cloud platform-based mimicry application packaging and control system and method
CN111581631B (en) Single sign-on method based on redis
CN106656514A (en) kerberos authentication cluster access method, SparkStandalone cluster, and driving node of SparkStandalone cluster
CN109547422A (en) A kind of method and terminal that logging state is renewed a contract automatically
CN107276967B (en) Distributed system and login verification method thereof
US10986089B2 (en) Virtual mobile device system and method thereof
CN105282145A (en) Multi-data center user access control method and system
CN111367573B (en) Equipment login method, device, storage medium and computer equipment
US11182141B2 (en) Management platform recovery for a user device
CN109639649B (en) Single sign-on method
JP7018255B2 (en) Authentication management device and program
CN111092864B (en) Session protection method, device, equipment and readable storage medium
CN110493199A (en) A kind of method and apparatus for preventing internet Web from attacking
CN109639674A (en) A kind of access safety control method
US11126419B2 (en) Management platform recovery for a user device
CN113312571B (en) Page management method and device, computer equipment and storage medium
US20200371768A1 (en) Management platform recovery for a user device
US20200371815A1 (en) Management platform recovery for a user device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180417

RJ01 Rejection of invention patent application after publication