CN108959908A - A kind of method, computer equipment and storage medium that the mobile platform with access SDK is authenticated - Google Patents

A kind of method, computer equipment and storage medium that the mobile platform with access SDK is authenticated Download PDF

Info

Publication number
CN108959908A
CN108959908A CN201810876415.3A CN201810876415A CN108959908A CN 108959908 A CN108959908 A CN 108959908A CN 201810876415 A CN201810876415 A CN 201810876415A CN 108959908 A CN108959908 A CN 108959908A
Authority
CN
China
Prior art keywords
terminal
server
random number
encryption
encryption information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810876415.3A
Other languages
Chinese (zh)
Other versions
CN108959908B (en
Inventor
刘宝
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Di Di Information Technology Ltd By Share Ltd
Original Assignee
Shenzhen Di Di Information Technology Ltd By Share Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Di Di Information Technology Ltd By Share Ltd filed Critical Shenzhen Di Di Information Technology Ltd By Share Ltd
Priority to CN201810876415.3A priority Critical patent/CN108959908B/en
Publication of CN108959908A publication Critical patent/CN108959908A/en
Application granted granted Critical
Publication of CN108959908B publication Critical patent/CN108959908B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of methods that the mobile platform with access SDK is authenticated, and are related to field of information security technology.The method specifically includes: carrying out authentication initialization to the unique ID and App packet name for distributing to App channel;Using privately owned communication protocol, two-way authentication channel is established to terminal and server;The channel passed through is authenticated, this session encryption key Key is randomly generated, for communication encryption signature, data encryption storage.By applying authentication method provided by the invention, it is directly embedded into use after SDK can be effectively prevent to be obtained by non-credit third party App, fully ensures that the safety and reliability of channel access, the risk for avoiding user information from being held as a hostage.In addition, in conjunction with the whole process data monitoring of SDK calling process, it is ensured that the safety of third party's access meets the safety requirements of supervision.

Description

A kind of method that the mobile platform with access SDK is authenticated and is deposited at computer equipment Storage media
Technical field
It is authenticated the present invention relates to field of information security technology more particularly to a kind of mobile platform with access SDK Method, computer equipment and storage medium.
Background technique
With the rise of mobile internet, the customer investment behavior more than 80% all results from the mobile end App.Securities broker company In order to promote health service revenue, the constantly amount of extending one's service is needed, due to being limited to the limitation of business development, is not touched up to client's High-quality channel, increase, which preferably obtains objective approach, becomes the pain spot of securities broker company.
Internet enterprises are accumulated by prolonged user, have a large amount of high quality user, but are limited to business money Matter, can not quickly close the development financial business of rule, and customer flow cashes the pain spot for becoming Internet enterprises.
In conjunction with the pain spot of Internet enterprises and securities broker company, securities broker company and internet channels cooperate just meet the tendency of and It is raw, how meet close rule supervision under the conditions of, cooperation of commencing business safely, effectively, stable becomes both sides and needs to solve jointly Certainly the problem of.
Currently, usually have following way for the safety for ensureing user and securities broker company: (1) opening an account by own transaction, on the net Etc. systems by H5 link in the form of be integrated into third party's App platform, for user in third party App after clickthrough, App arouses mobile phone System carries the system that browser opens securities broker company, and user handles related service by cell phone system browser.However, this The H5 of method is linked as open link, not can guarantee the safety of transaction data, is also unable to control the reliability of access channel, holds Easily lead to that transaction is plug-in, illegally accesses with resource system outside the venue, end message is easy to be forged.(2) it is proposed for way (1) Improve: user is opened by internal web View (domestic browser) in third party App and shows securities broker company's H5 page, is used Related service is handled without departing from third party App in family.However, this method be equally unable to control access channel can By property, there are user data by the risk of malicious operation, and end message is easy to be forged, and not can guarantee transaction security.It (3) will be certainly There is transaction, systems of opening an account etc. on the net are open in the form of api interface to give third party's App platform, user is flat by using third party App The platform page handles related service.However, this operation is so that management place is unable to satisfy supervision by the offer of third party's App platform It is required that being easy business API is exposed to third party's App platform to lead to the leakage of business secret.(4) it is opened by own transaction, on the net The systems such as family are integrated into third party's App platform in the form of SDK, and user is direct by the SDK module in access third party App platform Handle related service.Although this mode to a certain extent manages the access of third party's channel, however, this mode Channel, which is accessed, there are still user authenticates the wind that risk that is insufficient, there is malice access and user information are held as a hostage and are leaked Danger.
Summary of the invention
The technical problem to be solved by the present invention is to the modes of such as how SDK access to reduce the risk that user information is revealed, Improve safety.
To solve the above-mentioned problems, the present invention proposes following technical scheme:
In a first aspect, the present invention proposes a kind of method that the mobile platform with access SDK is authenticated, the method application In the terminal for being equipped with SDK, which comprises
S1, terminal generate terminal random number;
S2, terminal is according to server public key certificate file to the terminal random number, terminal public key certificate file, App packet Name and App channel name are encrypted, and the first encryption information is generated;
First encryption information is sent to server by S3, terminal;
S4, server receives first encryption information, and whether judges the terminal according to first encryption information It is authenticated by first time;
S5, if the terminal by authenticating for the first time, server generates server random number;
S6, server is according to terminal public key certificate file to the server random number and server public key certificate file It is encrypted, generates the second encryption information;
S7, server send second encryption information to terminal;
S8, terminal receives second encryption information, and whether judges the server according to second encryption information It is authenticated by first time;
S9, if the server by authenticating for the first time, terminal to the terminal random number and the server with Machine number generates terminal encryption code key by preset algorithm;
S10, terminal encrypt server random number by Encryption Algorithm using the terminal encryption code key, generate the Three encryption information;
The third encryption information is sent to server by S11, terminal;
S12, server generate server for encrypting by the preset algorithm to terminal random number and server random number Code key;
S13, server solve the third encryption information by Encryption Algorithm according to the server for encrypting code key It is close, obtain server random number;
S14 judges whether the server random number that S13 is obtained is identical as the server random number that S5 is generated;
S15, if the server random number that S13 is obtained is identical as the server random number that S5 is generated, the terminal passes through Second of certification, server save the server for encrypting code key;
S16, server encrypt terminal random number by Encryption Algorithm using the server for encrypting code key, generate 4th encryption information;
4th encryption information is sent to terminal by S17, server;
S18, terminal are decrypted the 4th encryption information by Encryption Algorithm according to the terminal encryption code key, obtain To terminal random number;
S19 judges whether the terminal random number that S18 is obtained is identical as the terminal random number that S1 is generated;
S20, if the terminal random number that S19 is obtained is identical as the terminal random number that S1 is generated, the server passes through the Re-authentication, then terminal saves the terminal encryption code key.
Second aspect, the embodiment of the invention also provides a kind of computer equipments comprising memory and processor, it is described Computer program is stored on memory, the processor realizes the above method when executing the computer program.
The third aspect, the embodiment of the invention also provides a kind of computer readable storage medium, the storage medium storage There is computer program, the computer program includes program instruction, and described program instruction can be realized when being executed by a processor State method.
Compared with prior art, the present invention attainable technical effect include: that terminal is linked into the form of SDK In App platform, the encryption of two-way safety certification and the grade that conversates is carried out respectively to terminal and server, can be used for logical Letter and information storage are encrypted.It is directly embedded into use after SDK can be effectively prevent to be obtained by non-credit third party App, is sufficiently protected Demonstrate,prove the safety and reliability of channel access, the risk for avoiding user information from being held as a hostage.In addition, in conjunction with the complete of SDK calling process Flow data monitoring, it is ensured that the safety of third party's access meets the safety requirements of supervision.
Detailed description of the invention
Technical solution in order to illustrate the embodiments of the present invention more clearly, below will be to needed in embodiment description Attached drawing is briefly described, it should be apparent that, drawings in the following description are some embodiments of the invention, general for this field For logical technical staff, without creative efforts, it is also possible to obtain other drawings based on these drawings.
Fig. 1 is the method flow diagram that the mobile platform provided in an embodiment of the present invention with access SDK is authenticated;
Fig. 2 is the specific flow chart of step S4 in Fig. 1;
Fig. 3 is the specific flow chart of step S8 in Fig. 1;
Fig. 4 be another embodiment of the present invention provides the method flow diagram that is authenticated of mobile platform with access SDK;
Fig. 5 be another embodiment of the present invention provides the method flow diagram that is authenticated of mobile platform with access SDK;With And
Fig. 6 is a kind of schematic block diagram of computer equipment provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, is clearly and completely retouched to the technical solution in embodiment It states, similar reference numerals represent similar component in attached drawing.Obviously, will be described below embodiment is only the present invention one Divide embodiment, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making Every other embodiment obtained, shall fall within the protection scope of the present invention under the premise of creative work.
It should be appreciated that ought use in this specification and in the appended claims, term " includes " and "comprising" instruction Described feature, entirety, step, operation, the presence of element and/or component, but one or more of the other feature, whole is not precluded Body, step, operation, the presence or addition of element, component and/or its set.
It is also understood that in this embodiment of the present invention term used in the description merely for the sake of description particular implementation Example purpose and be not intended to limit the embodiment of the present invention.Such as the institute in specification and appended book of the embodiment of the present invention As use, other situations unless the context is clearly specified, otherwise " one " of singular, "one" and "the" are intended to wrap Include plural form.
It should be noted that mobile platform described in the present invention refers to that terminal, terminal specifically can be smart phone, plate Computer, laptop, desktop computer, personal digital assistant and wearable device etc. have the electronic equipment of communication function.
Referring to Fig. 1, the embodiment of the present invention provides a kind of method that the mobile platform with access SDK is authenticated, the side Method is applied to be equipped in the terminal of SDK, as seen from the figure, the described method comprises the following steps:
S1, terminal generate terminal random number.
In specific implementation, when terminal to server issues logging request, terminal can generate terminal random number R 1, R1 at random Character length be 16 characters.
It should be noted that the character length of R1 can voluntarily be determined that the present invention, which does not do this, to be had by those skilled in the art Body limits.
S2, terminal according to server public key certificate file to terminal random number, terminal public key certificate file, App packet name with And App channel name is encrypted, and the first encryption information is generated.
In specific implementation, the terminal safe storage public key certificate and private key certificate file of the machine stores simultaneously The root certificate of the public key certificate file of server and public letter.
First encryption information is sent to server by S3, terminal.
S4, server receives the first encryption information, and judges whether SDK passes through according to the first encryption information and recognize for the first time Card.
S5, if SDK by authenticating for the first time, server generates server random number.
In specific implementation, authenticated for the first time if SDK cannot pass through, then it represents that the source SDK in terminal is illegal or Expired, there are unsafe risks, are unable to satisfy the requirement of security control, and server refuses the logging request of terminal.
S6, server carry out server random number and server public key certificate file according to terminal public key certificate file Encryption generates the second encryption information.
S7, server send the second encryption information to terminal.
S8, terminal receives the second encryption information, and judges whether server passes through according to the second encryption information and recognize for the first time Card.
S9, if server, by authenticating for the first time, terminal passes through terminal random number and server random number default Algorithm generates terminal encryption code key.
In specific implementation, if server cannot be authenticated by first time, then it represents that server source is illegal, unreliable, It is unable to satisfy the requirement of security control.Terminal abandons logging request.
So far, terminal is completed to authenticate the bidirectional safe of terminal server and server.It can guarantee terminal
In specific implementation, preset algorithm used is that those skilled in the art are to generate terminal encryption code key and preset Algorithm, the present invention is not specifically limited in this embodiment.
S10, terminal encrypt secret key pair server random number by Encryption Algorithm using terminal and are encrypted, and generate third and add Confidential information.
In specific implementation, above-mentioned Encryption Algorithm is SM4 national secret algorithm, and those skilled in the art can voluntarily select other encryptions Algorithm is encrypted, and the present invention is not specifically limited in this embodiment.
Third encryption information is sent to server by S11, terminal.
S12, server generate server for encrypting code key by preset algorithm to terminal random number and server random number.
In specific implementation, preset algorithm used is that those skilled in the art are to generate server for encrypting code key and set in advance Fixed algorithm, the present invention are not specifically limited in this embodiment.
S13, server are decrypted third encryption information by Encryption Algorithm according to server for encrypting code key, are taken Business device random number.
In specific implementation, above-mentioned Encryption Algorithm is SM4 national secret algorithm, and those skilled in the art can voluntarily select other encryptions Algorithm is encrypted, and the present invention is not specifically limited in this embodiment.
S14 judges whether the server random number that S13 is obtained is identical as the server random number that S5 is generated.
S15, if the server random number that S13 is obtained is identical as the server random number that S5 is generated, SDK passes through second Certification, server save the server for encrypting code key.
In specific implementation, second of certification can determine whether terminal and the server security performance in session respectively.If SDK is not It can be authenticated by second, then can determine whether that this SDK data in session are wrong, not can guarantee safety, there are information leakages Risk is disregarded.
S16, server encrypt terminal random number by Encryption Algorithm using server for encrypting code key, generate the 4th Encryption information.
4th encryption information is sent to terminal by S17, server.
S18, terminal are decrypted the 4th encryption information by Encryption Algorithm according to terminal encryption code key, obtain terminal with Machine number.
S19 judges whether the terminal random number that S18 is obtained is identical as the terminal random number that S1 is generated.
S20, if the terminal random number that S19 is obtained is identical as the terminal random number that S1 is generated, server passes through second Certification, then terminal saves terminal encryption code key.
In specific implementation, terminal encryption code key and server for encrypting code key can be used for two-way communication ciphering signature and Data encryption storage.To the user's sensitive data for needing to be buffered in terminal local, such as memory cache, Cookie, Session Storage, Local Storage etc. are stored after being encrypted using terminal encryption key by SM4 national secret algorithm, can be had Effect prevents the sensitive data of user from revealing.
If server cannot be authenticated by second, it can determine whether that this server not can guarantee safety in session, deposit In the risk of information leakage, operation cannot be performed the next step.
By applying the embodiment of the present invention, securities broker company passes through the own systems such as trade, open an account on the net with the shape of SDK Formula is linked into the App platform of terminal, and carries out secondary safety certification respectively to terminal and server, fully ensures that channel connects The safety and reliability entered, the risk for avoiding user information from being held as a hostage.In addition, in conjunction with the whole process data of SDK calling process Monitoring, it is ensured that the safety of third party's access meets the safety requirements of supervision.
Referring to fig. 2, the specific implementation method to step S4 in embodiment 1 is present embodiments provided, comprising the following steps:
S201 server is decrypted the first encryption information using privacy key certificate file, obtains the first encryption letter Terminal random number, terminal public key certificate file, App packet name and App channel name in breath.
S202 searches the terminal public key certificate file saved in server according to App packet name and App channel name.
S203 judges the terminal public key certificate text in terminal public key certificate file and the first encryption information that server saves Whether part is consistent.
If the terminal public key certificate file in terminal public key certificate file and the first encryption information that S204 server saves Unanimously, then determine SDK by authenticating for the first time.
In specific implementation, the terminal public key in terminal public key certificate file and the first encryption information saved to server is demonstrate,proved Written matter carry out MD5 value comparison, if the MD5 value of the two is identical, judge terminal transmission the first encryption information there is no problem, SDK by authenticating for the first time;If the MD5 value of the two is not identical, the first encryption information for judging that terminal is sent goes wrong, SDK cannot be authenticated by first time.
Referring to Fig. 3, the specific implementation method to step S8 in embodiment 1 is present embodiments provided, comprising the following steps:
Second encryption information is decrypted in S301 terminal using terminal private key certificate file, and it is random to obtain server Several and server public key certificate file.
S302 judges the server public key in the server public key certificate file and the second encryption information of terminal local storage Whether certificate file is consistent.
If the server public key card in the server public key certificate file and the second encryption information of the storage of S303 terminal local Written matter is consistent, then determining server by authenticating for the first time.
In specific implementation, to the server in the server public key certificate file and the second encryption information of terminal local storage Public key certificate file carries out the comparison of MD5 value, if the MD5 value of the two is identical, judges the second encryption information that server is sent There is no problem, and server by authenticating for the first time;If the MD5 value of the two is not identical, the second encryption that server is sent is judged Information goes wrong, and server cannot be authenticated by first time.
Referring to fig. 4, in another embodiment, before step S1, the method also includes:
S401 terminal reads App packet name and App channel name.
S402 terminal reads the terminal public key certificate file that the server being locally stored issues, and parsing obtains server public key App packet name and App channel name in certificate file.
S403 judges the App packet name in the App packet name that terminal is read and App channel name and terminal public key certificate file And whether App channel name is identical.
If App packet name in App packet name and App channel name that S404 terminal is read and terminal public key certificate file with And App channel name is identical, then authentication initialization success, indicates the App packet name of the terminal and App channel is entitled trusty connects Enter channel.
In the present embodiment, the unique ID and App packet name for distributing to App channel to server carries out verification certification, it is ensured that canal The reliability and safety of road access.
Referring to Fig. 5, in another embodiment, after step s 21, the method also includes:
If S501 receives H5 page request, terminal obtains terminal encryption code key from SDK.
S502 terminal carries out SM4 according to the required parameter and request serial number of terminal encryption secret key pair H5 page request and adds It is close, generate the 5th encryption information.
S503 terminal carries out SM3 signature to the 5th encryption information and terminal encryption code key, generates the first signing messages.
5th encryption information and the first signing messages are sent to server by S504 terminal.
S505 server is signed according to the 5th encryption information of server for encrypting secret key pair and service device encryption code key, raw At the second signing messages.
Whether the first signing messages that S506 server judges that the second signing messages and terminal are sent is identical.
If the second signing messages of S507 is identical as the first signing messages that terminal is sent, judge that can server to the 5th Encryption information carries out SM4 decryption, obtains the required parameter and request serial number of H5 page request.
Fail if server decrypts the 5th encryption information, the required parameter and request flowing water of H5 page request can not be obtained Number, then follow the steps S510.
If S508 server can be decrypted the 5th encryption information to obtain the required parameter of H5 page request and request stream Water number then judges to request whether serial number has been used.
In specific implementation, if the second signing messages and the first signing messages that terminal is sent be not identical, then follow the steps S510。
If S509 request serial number is not used by, server responds the page request of H5, and implementing result is sent to Terminal.Meanwhile server saves the request serial number of this H5 page, and the failure period for this time requesting serial number is arranged.
If request serial number has been used, it is believed that be playback request attack, then follow the steps S510.
S510 server refuses the H5 page request.
In the present embodiment, by carrying out privately owned encryption and signature to communication protocol, guarantee data in network transmission Safety, integrality effectively avoid tripartite's malice from obtaining data and playback request attack.
It is a kind of schematic block diagram of computer equipment provided in an embodiment of the present invention referring to Fig. 6.As seen from the figure, should Computer equipment 500 includes the processor 502, memory and network interface 505 connected by system bus 501, wherein storage Device may include non-volatile memory medium 503 and built-in storage 504.
The computer equipment 500 can be terminal, be also possible to server, wherein terminal can be smart phone, plate Computer, laptop, desktop computer, personal digital assistant and wearable device etc. have the electronic equipment of communication function.Clothes Business device can be independent server, be also possible to the server cluster of multiple server compositions.
The non-volatile memory medium 503 can storage program area 5031 and computer program 5032.The computer program 5032 include program instruction, which is performed, and processor 502 may make to execute one kind as described above in Example The method authenticated with the mobile platform of access SDK.
The processor 502 is for providing calculating and control ability, to support the operation of entire computer equipment 500.
The built-in storage 504 provides environment for the operation of the computer program 5032 in non-volatile memory medium 503, should When computer program 5032 is executed by processor 502, it may make that processor 502 executes one kind as described above in Example and connects Enter the method that the mobile platform of SDK is authenticated.
The network interface 505 is used to carry out network communication with other equipment.It will be understood by those skilled in the art that in Fig. 6 The structure shown, only the block diagram of part-structure relevant to application scheme, does not constitute and is applied to application scheme The restriction of computer equipment 500 thereon, specific computer equipment 500 may include more more or fewer than as shown in the figure Component perhaps combines certain components or with different component layouts.
It should be appreciated that in embodiments of the present invention, processor 502 can be central processing unit (Central Processing Unit, CPU), which can also be other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic Device, discrete gate or transistor logic, discrete hardware components etc..Wherein, general processor can be microprocessor or Person's processor is also possible to any conventional processor etc..
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, is not described in some embodiment Part, reference can be made to the related descriptions of other embodiments.
The above is a specific embodiment of the invention, but scope of protection of the present invention is not limited thereto, any ripe It knows those skilled in the art in the technical scope disclosed by the present invention, various equivalent modifications can be readily occurred in or replaces It changes, these modifications or substitutions should be covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be with right It is required that protection scope subject to.

Claims (10)

1. a kind of method that the mobile platform with access SDK is authenticated, which is characterized in that the method is applied to be equipped with In the terminal of SDK, which comprises
S1, terminal generate terminal random number;
S2, terminal according to server public key certificate file to the terminal random number, terminal public key certificate file, App packet name with And App channel name is encrypted, and the first encryption information is generated;
First encryption information is sent to server by S3, terminal;
S4, server receives first encryption information, and judges whether the terminal passes through according to first encryption information It authenticates for the first time;
S5, if the terminal by authenticating for the first time, server generates server random number;
S6, server carry out the server random number and server public key certificate file according to terminal public key certificate file Encryption generates the second encryption information;
S7, server send second encryption information to terminal;
S8, terminal receives second encryption information, and judges whether the server passes through according to second encryption information It authenticates for the first time;
S9, if the server by authenticating for the first time, terminal is to the terminal random number and the server random number Terminal encryption code key is generated by preset algorithm;
S10, terminal encrypt server random number by Encryption Algorithm using the terminal encryption code key, generate third and add Confidential information;
The third encryption information is sent to server by S11, terminal;
S12, server generate server for encrypting code key by the preset algorithm to terminal random number and server random number;
S13, server are decrypted the third encryption information by Encryption Algorithm according to the server for encrypting code key, obtain To server random number;
S14 judges whether the server random number that S13 is obtained is identical as the server random number that S5 is generated;
S15, if the server random number that S13 is obtained is identical as the server random number that S5 is generated, the terminal passes through second Secondary certification, server save the server for encrypting code key;
S16, server encrypt terminal random number by Encryption Algorithm using the server for encrypting code key, generate the 4th Encryption information;
4th encryption information is sent to terminal by S17, server;
S18, terminal are decrypted the 4th encryption information by Encryption Algorithm according to the terminal encryption code key, obtain end Hold random number;
S19 judges whether the terminal random number that S18 is obtained is identical as the terminal random number that S1 is generated;
S20, if the terminal random number that S19 is obtained is identical as the terminal random number that S1 is generated, the server passes through second Certification, terminal save the terminal encryption code key.
2. the method that a kind of mobile platform with access SDK as described in claim 1 is authenticated, which is characterized in that described Step S4 includes:
Server is decrypted first encryption information using privacy key certificate file, and it is random to obtain the terminal Number, terminal public key certificate file, App packet name and App channel name;
The terminal public key certificate file that server saves is searched according to the App packet name and App channel name;
Judge server save terminal public key certificate file and the first encryption information in terminal public key certificate file whether one It causes;
If the terminal public key certificate file that server saves is consistent with the terminal public key certificate file in the first encryption information, sentence The fixed SDK by authenticating for the first time.
3. the method that a kind of mobile platform with access SDK as described in claim 1 is authenticated, which is characterized in that described Step S8 includes:
Second encryption information is decrypted in terminal using terminal private key certificate file, obtains server random number and clothes Business device public key certificate file;
Judge the server public key certificate file in the server public key certificate file and the second encryption information of terminal local storage It is whether consistent;
If the server public key certificate file one in the server public key certificate file and the second encryption information of terminal local storage It causes, then determines the server by authenticating for the first time.
4. the method that a kind of mobile platform with access SDK as described in any one of claims 1-3 is authenticated, feature exist In, before step S1, the method also includes:
Terminal reads App packet name and App channel name;
Terminal reads the terminal public key certificate file that the server being locally stored issues, and parsing obtains the terminal public key certificate text App packet name and App channel name in part;
Judge App packet name in App packet name that terminal is read and App channel name and the terminal public key certificate file and Whether App channel name is identical;
If App packet name in App packet name and App channel name that terminal is read and the terminal public key certificate file and App channel name is identical, then authentication initialization success.
5. the method that a kind of mobile platform with access SDK as described in any one of claims 1-3 is authenticated, feature exist In, after step s 21, the method also includes:
If receiving H5 page request, terminal obtains the terminal encryption code key from SDK;
Terminal is encrypted according to the required parameter of the terminal encryption secret key pair H5 page request and request serial number, generates the Five encryption information;
Terminal signs to the 5th encryption information and terminal encryption code key, generates the first signing messages
5th encryption information and the first signing messages are sent to server by terminal;
Server is signed according to the 5th encryption information of server for encrypting secret key pair and service device encryption code key, generates the Two signing messages;
Whether the first signing messages that server judges that second signing messages and terminal are sent is identical;
If second signing messages is identical as the first signing messages that terminal is sent, judge that can server to the described 5th Encryption information is decrypted to obtain the required parameter of H5 page request and request serial number;
If server can be decrypted the 5th encryption information to obtain the required parameter of H5 page request and request serial number, Then judge whether the request serial number has been used;
If the request serial number is not used by, server responds the page request of the H5.
If the request serial number has been used, server refuses the H5 page request.
6. the method that a kind of mobile platform with access SDK as claimed in claim 5 is authenticated, which is characterized in that also wrap It includes:
If second signing messages and the first signing messages that terminal is sent be not identical, server, which refuses the H5 page, is asked It asks.
7. the method that a kind of mobile platform with access SDK as claimed in claim 5 is authenticated, which is characterized in that if institute It states request serial number to be not used by, then server responds the page request of the H5, further includes: server saves the request stream Water number, and the failure period of the request serial number is set.
8. the method that a kind of mobile platform with access SDK as described in claim 1 is authenticated, which is characterized in that described Encryption Algorithm is national secret algorithm.
9. a kind of computer equipment, which is characterized in that the computer equipment includes memory and processor, on the memory It is stored with computer program, the processor is realized as described in any one of claim 1-8 when executing the computer program Method.
10. a kind of storage medium, which is characterized in that the storage medium is stored with computer program, the computer program packet Program instruction is included, described program instruction can be realized when being executed by a processor such as method of any of claims 1-8.
CN201810876415.3A 2018-08-03 2018-08-03 Method, computer equipment and storage medium for authenticating mobile platform accessing SDK Active CN108959908B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810876415.3A CN108959908B (en) 2018-08-03 2018-08-03 Method, computer equipment and storage medium for authenticating mobile platform accessing SDK

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810876415.3A CN108959908B (en) 2018-08-03 2018-08-03 Method, computer equipment and storage medium for authenticating mobile platform accessing SDK

Publications (2)

Publication Number Publication Date
CN108959908A true CN108959908A (en) 2018-12-07
CN108959908B CN108959908B (en) 2021-02-02

Family

ID=64467064

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810876415.3A Active CN108959908B (en) 2018-08-03 2018-08-03 Method, computer equipment and storage medium for authenticating mobile platform accessing SDK

Country Status (1)

Country Link
CN (1) CN108959908B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109889510A (en) * 2019-01-30 2019-06-14 重庆农村商业银行股份有限公司 Multiple encryption method for service provider transmission services message
CN110493236A (en) * 2019-08-23 2019-11-22 星环信息科技(上海)有限公司 A kind of communication means, computer equipment and storage medium
CN111639350A (en) * 2020-05-16 2020-09-08 中信银行股份有限公司 Cipher service system and encryption method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1659821A (en) * 2002-06-12 2005-08-24 纳格拉卡德股份有限公司 Method for secure data exchange between two devices
CN104851206A (en) * 2015-05-25 2015-08-19 华北电力大学 USBKEY (universal serial bus key)-based online electric charge payment system
CN106453431A (en) * 2016-12-19 2017-02-22 四川长虹电器股份有限公司 Method for realizing Internet intersystem authentication based on PKI

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1659821A (en) * 2002-06-12 2005-08-24 纳格拉卡德股份有限公司 Method for secure data exchange between two devices
CN104851206A (en) * 2015-05-25 2015-08-19 华北电力大学 USBKEY (universal serial bus key)-based online electric charge payment system
CN106453431A (en) * 2016-12-19 2017-02-22 四川长虹电器股份有限公司 Method for realizing Internet intersystem authentication based on PKI

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109889510A (en) * 2019-01-30 2019-06-14 重庆农村商业银行股份有限公司 Multiple encryption method for service provider transmission services message
CN109889510B (en) * 2019-01-30 2021-05-11 重庆农村商业银行股份有限公司 Multiple encryption method for service provider transmitting service message
CN110493236A (en) * 2019-08-23 2019-11-22 星环信息科技(上海)有限公司 A kind of communication means, computer equipment and storage medium
CN110493236B (en) * 2019-08-23 2020-09-25 星环信息科技(上海)有限公司 Communication method, computer equipment and storage medium
CN111639350A (en) * 2020-05-16 2020-09-08 中信银行股份有限公司 Cipher service system and encryption method
CN111639350B (en) * 2020-05-16 2023-01-31 中信银行股份有限公司 Cipher service system and encryption method

Also Published As

Publication number Publication date
CN108959908B (en) 2021-02-02

Similar Documents

Publication Publication Date Title
CN111046352B (en) Identity information security authorization system and method based on block chain
CN111600908B (en) Data processing method, system, computer device and readable storage medium
CN110417750B (en) Block chain technology-based file reading and storing method, terminal device and storage medium
JP6370722B2 (en) Inclusive verification of platform to data center
EP2634703B1 (en) Removable storage device, and data processing system and method based on the device
ES2744841T3 (en) Method and apparatus for mediation of communications
CN106537432A (en) Method and device for securing access to wallets in which cryptocurrencies are stored
JP2015154491A (en) System and method for remote access and remote digital signature
US20120311663A1 (en) Identity management
CN114024710A (en) Data transmission method, device, system and equipment
KR20080098372A (en) Account linking with privacy keys
WO2021120615A1 (en) Encryption apparatus, encryption system and data encryption method
CN105429962B (en) A kind of general go-between service construction method and system towards encryption data
JP2018519562A (en) Method and system for transaction security
CN110708162B (en) Resource acquisition method and device, computer readable medium and electronic equipment
CN108242999A (en) Key escrow method, equipment and computer readable storage medium
CN110046906A (en) A kind of the two-way authentication method of commerce and system of MPOS machine and server
CN108959908A (en) A kind of method, computer equipment and storage medium that the mobile platform with access SDK is authenticated
CN108900595B (en) Method, device and equipment for accessing data of cloud storage server and computing medium
CN107347073A (en) A kind of resource information processing method
KR102211033B1 (en) Agency service system for accredited certification procedures
CN109302425A (en) Identity identifying method and terminal device
CN102594564A (en) Equipment for traffic guidance information security management
Yee et al. Ensuring privacy for e-health services
CN111935164B (en) Https interface request method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant