CN109522726A - Method for authenticating, server and the computer readable storage medium of small routine - Google Patents
Method for authenticating, server and the computer readable storage medium of small routine Download PDFInfo
- Publication number
- CN109522726A CN109522726A CN201811202378.4A CN201811202378A CN109522726A CN 109522726 A CN109522726 A CN 109522726A CN 201811202378 A CN201811202378 A CN 201811202378A CN 109522726 A CN109522726 A CN 109522726A
- Authority
- CN
- China
- Prior art keywords
- request
- user
- client
- data
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 238000013475 authorization Methods 0.000 claims abstract description 40
- 238000004590 computer program Methods 0.000 claims description 14
- 238000012795 verification Methods 0.000 claims description 9
- 150000003839 salts Chemical class 0.000 claims description 8
- 230000008569 process Effects 0.000 abstract description 19
- 238000005516 engineering process Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 12
- 230000006870 function Effects 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 238000013459 approach Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 241000208340 Araliaceae Species 0.000 description 2
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 description 2
- 235000003140 Panax quinquefolius Nutrition 0.000 description 2
- 235000008434 ginseng Nutrition 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 235000014510 cooky Nutrition 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000003032 molecular docking Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The present invention is suitable for field of computer technology, provide a kind of method for authenticating of small routine, server and computer readable storage medium, if wherein method includes: to receive user's authorization identifying request from client, then obtain the encrypted characters string that the client is received and forwarded from application platform, and key is obtained from the application platform, wherein the encrypted characters string is encrypted to obtain by user information of the application platform to the user for currently logging in the application platform, the client is the client of small routine, the small routine relies on the application platform as carrier;It is decrypted to obtain the user information according to encrypted characters string described in the key pair.The invention enables users when small routine client logs in, and while guaranteeing that authentication information is authentic and valid, a key operation may be implemented, simplify login process, saves user in landfall process the time it takes, improves user experience.
Description
Technical field
The invention belongs to field of computer technology more particularly to a kind of method for authenticating of small routine, server and computer
Readable storage medium storing program for executing.
Background technique
The webpage authentication process of traditional internet generally stores specific user by using session (time domain) object
The mode of attribute needed for session and configuration information authenticates to realize.And the use process of small routine is also required to be authenticated, by
It is to be logged in by being realized in the page of third-party application, and there is no cookie (to be stored in user in small routine in small routine
Data on local terminal) concept, therefore be not available needed for the storage specific user's session of session object and attribute and match
Traditional authentication mode of confidence breath authenticates to realize.It therefore, generally can be close by using account in the authentication process of small routine
Code logs in or the landing approaches such as mobile phone dynamic code verifying are authenticated, but the process of these landing approaches is relatively complicated,
User needs to take a certain time to handle, to cause user experience bad.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of method for authenticating of small routine, server and computer-readable depositing
Storage media, it is relatively complicated with the process for solving the landing approach of small routine in the prior art, user need to take a certain time into
The problem of row processing.
The first aspect of the embodiment of the present invention provides a method, comprising:
If receiving user's authorization identifying request from client, obtains the client and received simultaneously from application platform
The encrypted characters string of forwarding, and key is obtained from the application platform, wherein the encrypted characters string is by the application platform
The user information for the user for currently logging in the application platform is encrypted to obtain, the client is the client of small routine
End, the small routine rely on the application platform as carrier;
It is decrypted to obtain the user information according to encrypted characters string described in the key pair;
If inquiring the user information in the user information database prestored, authorization successfully notice is generated, and receive
The user identifier of the user of the application platform, and according to the user identifier of the user generate authentication information and store to
Database, and successfully notice is sent to the client by the authentication information and the authorization.
The second aspect of the embodiment of the present invention provides a kind of server, the server include memory, processor with
And the computer program that can be run in the memory and on the processor is stored, the processor executes the calculating
Following steps are realized when machine program:
If receiving user's authorization identifying request from client, obtains the client and received simultaneously from application platform
The encrypted characters string of forwarding, and key is obtained from the application platform, wherein the encrypted characters string is by the application platform
The user information for the user for currently logging in the application platform is encrypted to obtain, the client is the client of small routine
End, the small routine rely on the application platform as carrier;
It is decrypted to obtain the user information according to encrypted characters string described in the key pair;
If inquiring the user information in the user information database prestored, authorization successfully notice is generated, and receive
The user identifier of the user of the application platform, and according to the user identifier of the user generate authentication information and store to
Database, and successfully notice is sent to the client by the authentication information and the authorization.
The third aspect of the embodiment of the present invention provides a kind of computer readable storage medium, the computer-readable storage
Media storage has computer program, which is characterized in that the step of the above method is realized when the computer program is executed by processor
Suddenly.
Implement method for authenticating, server and the computer readable storage medium of a kind of small routine provided in an embodiment of the present invention
It has the advantages that
The embodiment of the present invention, user trigger user's authorization identifying by one key of virtual key in client log-in interface and ask
It asks, obtains the encrypted characters string that the client is received and forwarded from application platform, and obtain key from the application platform,
It is decrypted to obtain the user information according to encrypted characters string described in the key pair, server is in the user information database prestored
Middle all user informations with load right of storage, it is described whether server judges to inquire in the user information database prestored
User information then determines that the user has permission when server inquires the user information in the user information database prestored,
So that user when small routine client logs in, while guaranteeing that authentication information is authentic and valid, may be implemented one
Key operation simplifies login process, saves user in landfall process the time it takes, improves user experience.
Detailed description of the invention
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art
Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description is only of the invention some
Embodiment for those of ordinary skill in the art without any creative labor, can also be according to these
Attached drawing obtains other attached drawings.
Fig. 1 is a kind of implementation process schematic diagram of the method for authenticating for small routine that first embodiment of the invention provides;
Fig. 2 is a kind of implementation process schematic diagram of the method for authenticating for small routine that second embodiment of the invention provides;
Fig. 3 is a kind of implementation process schematic diagram of the method for authenticating for small routine that third embodiment of the invention provides;
Fig. 4 is a kind of implementation process schematic diagram of the method for authenticating for small routine that fourth embodiment of the invention provides;
Fig. 5 is a kind of schematic diagram for server that fifth embodiment of the invention provides;
Fig. 6 is a kind of schematic diagram for server that sixth embodiment of the invention provides.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.
Small routine in the embodiment of the present invention refers to that a kind of developed based on certain programmed language is completed, without downloading and peace
Dress, so that it may the mobile terminal application used.Small routine in the operating system of mobile terminal without installing manually, it usually needs relies on
It is carried out as carrier using the application platform can be instant messaging application in application platform.Usual developer passes through little Cheng
After sequence development platform completes the exploitation of small routine, the small routine that exploitation is completed is distributed to the server-side of the application platform, with this
Application platform realizes docking.
Refering to fig. 1, Fig. 1 is the implementation process schematic diagram of the method for authenticating of the small routine in first embodiment of the invention.This
The executing subject of the method for authenticating of small routine in embodiment is server.The method for authenticating of small routine as described in Figure can wrap
Include following steps:
S101 obtains the client from application platform if receiving user's authorization identifying request from client
The encrypted characters string for receiving and forwarding, and key is obtained from the application platform, wherein the encrypted characters string is answered by described
It is encrypted to obtain with user information of the platform to the user for currently logging in the application platform, the client is small routine
Client, the small routine rely on the application platform as carrier.
User needs to be introduced into the application platform that the small routine is carried on mobile terminal when using the small routine of mobile terminal
In, the client that the small routine is found in application platform logs in entrance.When user is when the client of small routine logs in, little Cheng
The corresponding server needs of sequence authenticate the user information of the user, to determine whether the user is the use with permission
Family.User specifically can trigger the request of user's authorization identifying, client by one key of virtual key in client log-in interface
The request of user's authorization identifying is sent to server.
If server receives the request of user's authorization identifying from client, obtains client and relied on from small routine
Application platform in the encrypted characters string that receives and forward, and the application platform relied on from small routine obtains key.It needs
Illustrate, client directly passes through api interface and obtains encrypted characters string, the API from the application platform relied on small routine
The application platform that interface is relied on by the small routine data sharing interface open to the client of small routine, the visitor for small routine
Family end obtains encrypted characters string information from application platform;It is flat from the application relied on small routine that server then passes through api interface
Platform obtains key, and the application platform which is relied on by small routine connects to the open data sharing of the server of small routine
Mouthful, the server for small routine obtains key information from application platform;Not due to corresponding encrypted characters string and key
By any public network, therefore it is difficult to be distorted, it is possible thereby to guarantee encrypted characters string and key that server obtains
Safety.User information of the application platform that encrypted characters string is relied on by small routine to the user for currently logging in application platform
It is encrypted to obtain, user information includes at least cell-phone number information, and certain user information further includes the pet name, gender and region etc.
Information;The key that server is obtained from application platform be application platform to the user information of the current user for logging in application platform into
Row encryption obtains the encryption key of encrypted characters string.
S102 is decrypted to obtain the user information according to encrypted characters string described in the key pair.
In S102, server is decrypted to obtain the user by the key pair encryption character string obtained from application platform
User information to get arrive corresponding cell-phone number information, the user information obtained certainly further includes the pet name, gender and region etc.
Information.
S103 generates authorization successfully notice if inquiring the user information in the user information database prestored, and
The user identifier of the user of the application platform is received, and authentication information is generated according to the user identifier of the user and is deposited
It stores up to database, and successfully notice is sent to the client by the authentication information and the authorization.
In S103, server stores all user informations with load right in the user information database prestored, clothes
Business device judges above-mentioned user information whether is inquired in the user information database prestored, when server is in the user information database prestored
In inquire above-mentioned user information, then determine that the user has permission, when server is not inquired in the user information database prestored
To above-mentioned user information, then determine that the user does not have permission.It should be noted that server can be by user information database
Corresponding cell-phone number information whether is inquired, when server inquires corresponding cell-phone number information, that is, can determine that the user has
Otherwise permission then determines that the user does not have permission.
Server generates authorization successfully notice when determining that the user has permission, and flat from application by api interface
Platform receives the user identifier of the user, and generates authentication information according to the user identifier of the user, and by authentication information store to
Database, the authentication information are used to guarantee the communication security between server and client.Above-mentioned user identifier is application platform
OpenID of user when using small routine, i.e. user identifier is that the user of application platform is unique when using the small routine
Identification information.Wherein, above-mentioned authentication information include token, refreshToken parameter, token_expires_in parameter and
The information such as API key.Above-mentioned token information be include user identifier, timestamp and signature, wherein signature is according in token
User identifier and timestamp compress to obtain the character string with certain length by hash algorithm.Refresh token ginseng
Number is used as an encrypted characters string, and for refreshing to token, API key makes requests as between server and client
Or the key information of response.Token_expires_in parameter as a kind of for indicating the parameter of the time-out time of token,
The time-out time of the middle general default setting of token_expires_in parameter is 10 minutes, and every 10 minutes, corresponding token was just
It can fail, need token_expires_in parameter to pass through refreshToken parameter at this time to make requests, to refresh one
Parameter value corresponding to secondary token, wherein time-out time can be repaired in the configuration of server according to demand by administrative staff
Change.
Authentication information and the successful notice of authorization are sent to client by server, asking between client and server
Summation response will all be encrypted by authentication information, to guarantee the safety of data transmission;Furthermore client according to authorization at
The notice of function shows that small routine logs in successful notice in display interface, logs in into so that user can view in time small routine
The notice of function.
Above as can be seen that user is asked by one key of virtual key triggering user's authorization identifying in client log-in interface
It asks, server reception client directly passes through api interface and obtains encrypted characters string from the application platform relied on small routine, with
And key is obtained from the application platform relied on small routine by api interface, due to corresponding encrypted characters string and key
It is interface provided by the application platform directly relied on by small routine to obtain, and without any public network, because
This is difficult to be distorted, it is possible thereby to guarantee the safety for the encrypted characters string and key that server obtains;Server is pre-
All user informations with load right are stored in the user information database deposited, server judges in the user information database prestored
Above-mentioned user information whether is inquired, when server inquires above-mentioned user information in the user information database prestored, is then determined
The user has permission, so that user when small routine client logs in, is guaranteeing that authentication information is authentic and valid
Meanwhile a key operation may be implemented, simplify login process, saves user in landfall process the time it takes, improve user's body
It tests.
Referring to Fig.2, Fig. 2 is the implementation process schematic diagram of the method for authenticating for the small routine that second embodiment of the invention provides.
The difference of the present embodiment and first embodiment is, further includes S204 after S202 in the present embodiment.Wherein S201~S203
It is identical as S101~S103 in first embodiment, referring specifically to the associated description of S101~S103 in first embodiment, this
Place does not repeat.S204 is specific as follows:
S204 generates the notice of authorization failure if not inquiring the user information in the user information database prestored,
And the notice of the authorization failure is sent to the client.
Server stores all user informations with load right in the user information database prestored, and server judges
Whether above-mentioned user information is inquired in the user information database prestored, when server inquires in the user information database prestored
User information is stated, then server determines that the user has permission, and works as and do not inquire the use in the user information database prestored
Family information, then server determines that the user does not have permission.It should be noted that whether server is especially by user information
Corresponding cell-phone number information is inquired in library to judge that user has permission, when server inquires corresponding cell-phone number letter
Breath, that is, can determine that the user has permission, otherwise, then server determines that the user does not have permission.When server determines the use
When family does not have permission, the notice of authorization failure can be generated, and the notice of authorization failure is sent to client, client according to
The notice of authorization failure shows that small routine logs in the notice of failure in display interface, so that user can view small routine in time
Log in the notice of failure.
It is the implementation process schematic diagram of the method for authenticating for the small routine that third embodiment of the invention provides refering to Fig. 3, Fig. 3.
The difference of the present embodiment and first embodiment is, further includes S304~S307 after S303 in the present embodiment, S301~
S303 is identical as step S101~S103 in first embodiment, referring specifically to the correlation of S101~S103 in first embodiment
Description, does not repeat herein.S304~S307 is specific as follows:
S304, receives the request of data of the client, the request of data include token, required parameter, random number, when
Between stab and request ciphertext, the request ciphertext be the client pass through token described in the API key pair, the request ginseng
Several, the described random number and the timestamp carry out encryption generation.
The authentication information stored in server include at least API key, when user client pass through authentication after,
In the corresponding function of client executing, corresponding request of data will be initiated by client to server, wherein the data are asked
It asks including token, required parameter, random number, timestamp and request ciphertext, request ciphertext is specially that client passes through token, asks
Parameter, random number and timestamp is asked to carry out encryption generation, wherein the key encrypted is API key.Server receives client
Request of data, server can first handle the request of data of client, judge whether to the request of data of letting pass, and
Corresponding response is executed according to the request of data.
S305 obtains the API key in the data base querying according to the token in the request of data, according to described
Token described in API key pair, the required parameter, the random number and the timestamp carry out encryption and generate comparison ciphertext.
Server will be inquired in the data of storage authentication information after receiving the token in request of data according to token
Encryption generation is carried out to token, required parameter, random number and timestamp to corresponding API key, and using API key as salt figure
The comparison ciphertext of verification is compared with request ciphertext, in order to guarantee the safety of data, passes through the comparison ciphertext of encryption generation
With request ciphertext verification is compared, due to compare ciphertext and request ciphertext be all according to token, required parameter, random number and
Timestamp carries out encryption generation by salt figure of API key, when the request of data that client is sent to server is disliked by criminal
Meaning, which intercepts, simultaneously distorts the information in required parameter, by will compare ciphertext with request ciphertext that verification is compared can to find in time
The situation, avoids the leakage of information, to ensure that the safety carried out data transmission between server and client side.
S306, if the comparison ciphertext is consistent with the request ciphertext, the request of data of letting pass.
S307 intercepts the request of data if the comparison ciphertext and the request ciphertext are inconsistent.
Server will compare ciphertext and be compared with request ciphertext, if comparing, ciphertext is consistent with request ciphertext, and data are asked
Required parameter in asking was not tampered with, and illustrated that the request of data is safe, therefore server will let pass the request of data,
And corresponding response is executed according to the request of data.If comparing ciphertext and request ciphertext being inconsistent, the request in request of data
Parameter is tampered with, and illustrates that the request of data is unsafe, therefore server will intercept the request of data.
Further, the generation method for comparing ciphertext includes:
Using the API key as salt figure to the token, the required parameter, the random number and the timestamp into
The encryption of row Message Digest 5 generates the comparison ciphertext.
Since the request of data that client is sent to server includes token, required parameter, random number, timestamp and is asked
Ciphertext is sought, which is to carry out the encryption of MD5 Message Digest 5 by salt figure of API key to generate.Server is to data
When the safety of request is verified, server compares close using API key as salt figure progress MD5 Message Digest 5 encryption generation
Verification is compared with request ciphertext according to ciphertext is compared for text, and according to the comparison result logarithm for comparing ciphertext and request ciphertext
It is verified according to the safety of request, so as to reduce the risk of leaking data.
When making requests and respond between server and client, by the comparison ciphertext generated by encryption and request ciphertext
Verification is compared, due to compare ciphertext and request ciphertext be all according to token, required parameter, random number and timestamp with
API key is that salt figure carries out encryption generation, when client is sent to the request of data of server by criminal's malicious intercepted simultaneously
The information in required parameter is distorted, verification is compared can find the situation in time with request ciphertext by the way that ciphertext will be compared,
The leakage of information is avoided, to ensure that the safety carried out data transmission between server and client side.
It is the implementation process schematic diagram of the method for authenticating for the small routine that fourth embodiment of the invention provides refering to Fig. 4, Fig. 4.
The difference of the present embodiment and 3rd embodiment is, further includes S4051~S4052 before S405 in the present embodiment, S4051 it
After further include S4053~S4054, S401~S407 is identical as S301~S307 in 3rd embodiment, referring specifically to third
The associated description of S301~S307, does not repeat herein in embodiment.S4051~S4054 is specific as follows:
S4051, judgement whether there is the identical request of data within a preset time.
Server before being compared verification to the comparison ciphertext in request of data, can first judge be within a preset time
No there are identical request of data, which refers to the request of data comprising same request parameter, wherein in advance
If the time is the preset time interval of server, such as ten minutes.Due to for normal request of data, within a short period of time,
Client will not send multiple request of data, and when within a short period of time, server is receiving the multiple identical of client transmission
Request of data, then the request of data may be the request of malice, need to take interception measure.
S4052, if the identical request of data is not present within a preset time, determining the request of data not is weight
Put attack.
When identical request of data is not present in preset time, then it is to reset to attack that server, which determines the request of data not,
It hits, server will be compared verification to the comparison ciphertext in request of data.
Further, after the S4051, further includes:
S4053 determines that the request of data is attacked to reset if there is the identical request of data within a preset time
It hits, and refuses the request of data;
Limitation access list is added in the Internet protocol address of client corresponding to the request of data by S4054.
If there is identical request of data within a preset time, illustrate that the request of data is Replay Attack, it may be possible to dislike
The request of data of meaning, then will directly refuse request of data, and server is by the internet ip of client corresponding to the request of data
Limitation access list is added in protocol address.
It is a kind of schematic diagram for server that fifth embodiment of the invention provides refering to Fig. 5, Fig. 5.Server includes each
Unit is used to execute each step in the corresponding embodiment of FIG. 1 to FIG. 4.Referring specifically to the corresponding embodiment of FIG. 1 to FIG. 4
In associated description.For ease of description, only the parts related to this embodiment are shown.Referring to Fig. 5, server 5 includes:
Acquiring unit 101, if obtaining the client for receiving user's authorization identifying request from client
The encrypted characters string for receiving and forwarding from application platform, and key is obtained from the application platform, wherein the encrypted characters
String is encrypted to obtain by user information of the application platform to the user for currently logging in the application platform, the client
For the client of small routine, the small routine relies on the application platform as carrier.
Decryption unit 102 is decrypted to obtain the user information for the encrypted characters string according to the key pair.
First generation unit 103, if for inquiring the user information in the user information database prestored, generation is awarded
Power successfully notice, and the user identifier of the user of the reception application platform, and according to the user identifier of the user
It generates authentication information and stores to database, and successfully notice is sent to the visitor by the authentication information and the authorization
Family end.
Optionally, the server further include:
Second generation unit, if for not inquiring the user information in the user information database prestored, generation is awarded
The notice of failure is weighed, and the notice of the authorization failure is sent to the client.
Optionally, the authentication information includes at least API key, the server further include:
Receiving unit, for receiving the request of data of the client, the request of data include token, required parameter,
Random number, timestamp and request ciphertext, the request ciphertext for the client by token described in the API key pair,
The required parameter, the random number and the timestamp carry out encryption generation.
Encryption unit, for obtaining the API key in the data base querying according to the token in the request of data,
Encryption, which is carried out, according to token described in the API key pair, the required parameter, the random number and the timestamp generates ratio
To ciphertext.
Execution unit, if consistent with the request ciphertext for the comparison ciphertext, the request of data of letting pass;If institute
It states comparison ciphertext and the request ciphertext is inconsistent, then intercept the request of data.
Optionally, the server further include:
Judging unit whether there is the identical request of data for judging within a preset time;
First judging unit, if determining the number for the identical request of data to be not present within a preset time
It is not Replay Attack according to request.
Optionally, the server further include:
Second judging unit, if determining the data for there is the identical request of data within a preset time
Request is Replay Attack, and refuses the request of data;
Limiting unit, for limitation access name to be added in the Internet protocol address of client corresponding to the request
It is single.
Optionally, the generation method for comparing ciphertext, comprising:
Using the API key as salt figure to the token, the required parameter, the random number and the timestamp into
The encryption of row Message Digest 5 generates the comparison ciphertext.
Fig. 6 is a kind of schematic diagram for server that sixth embodiment of the invention provides.As shown in fig. 6, the clothes of the embodiment
Business device 6 includes: processor 60, memory 61 and is stored in the memory 61 and can run on the processor 60
Computer program 62, such as the control program of server.The processor 60 is realized above-mentioned when executing the computer program 62
Step in the appraisal procedure embodiment of each server, such as S101 shown in FIG. 1 to S103.Alternatively, the processor 60
Realize the function of each unit in above-mentioned each Installation practice when executing the computer program 62, for example, unit 103 shown in Fig. 3 to
103 functions.
Illustratively, the computer program 62 can be divided into one or more units, one or more of
Unit is stored in the memory 61, and is executed by the processor 60, to complete the present invention.One or more of lists
Member can be the series of computation machine program instruction section that can complete specific function, and the instruction segment is for describing the computer journey
Implementation procedure of the sequence 62 in the server 6.For example, the computer program 62 can be divided into acquiring unit, decryption
Unit and the first generation unit, each unit concrete function are as described above.
The server may include, but be not limited only to, processor 60, memory 61.It will be understood by those skilled in the art that
Fig. 6 is only the example of server 6, does not constitute the restriction to server 6, may include than illustrating more or fewer portions
Part perhaps combines certain components or different components, such as the server can also include input and output server, net
Network access server, bus etc..
Alleged processor 60 can be central processing unit (Central Processing Unit, CPU), can also be
Other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit
(Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
Discrete hardware components etc..General processor can be microprocessor or the processor is also possible to any conventional processor
Deng.
The memory 61 can be the internal storage unit of the server 6, such as the hard disk or memory of server 6.
The memory 61 is also possible to the external storage servers of the server 6, such as the plug-in type being equipped on the server 6
Hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash card
(Flash Card) etc..Further, the memory 61 can also both include the internal storage unit of the server 6 or wrap
Include external storage servers.The memory 61 is for other journeys needed for storing the computer program and the server
Sequence and data.The memory 61 can be also used for temporarily storing the data that has exported or will export.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although referring to aforementioned reality
Applying example, invention is explained in detail, those skilled in the art should understand that: it still can be to aforementioned each
Technical solution documented by embodiment is modified or equivalent replacement of some of the technical features;And these are modified
Or replacement, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution should all
It is included within protection scope of the present invention.
Claims (10)
1. a kind of method for authenticating of small routine characterized by comprising
If receiving user's authorization identifying request from client, obtains the client and receive and forward from application platform
Encrypted characters string, and key is obtained from the application platform, wherein the encrypted characters string is by the application platform to working as
The user information of the preceding user for logging in the application platform is encrypted to obtain, and the client is the client of small routine, institute
Stating small routine relies on the application platform as carrier;
It is decrypted to obtain the user information according to encrypted characters string described in the key pair;
If inquiring the user information in the user information database prestored, authorization successfully notice is generated, and described in reception
The user identifier of the user of application platform, and authentication information is generated according to the user identifier of the user and is stored to data
Library, and successfully notice is sent to the client by the authentication information and the authorization.
2. the method for authenticating of small routine according to claim 1, which is characterized in that described to add according to the key pair
Close character string is decrypted to obtain after the user information, comprising:
If not inquiring the user information in the user information database prestored, the notice of authorization failure is generated, and will be described
The notice of authorization failure is sent to the client.
3. the method for authenticating of small routine according to claim 1, which is characterized in that the authentication information includes at least API
Key generates authorization successfully notice, and receive if described inquire the user information in the user information database prestored
The user identifier of the user of third-party application, and authentication information is generated according to the user identifier of the user and is stored to number
According to library, and by the authentication information and the authorization, successfully notice is sent to after the client, further includes:
Receive the request of data of the client, the request of data include token, required parameter, random number, timestamp and
Request ciphertext, the request ciphertext passes through token described in the API key pair, required parameter, described for the client
Random number and the timestamp carry out encryption generation;
The API key is obtained in the data base querying according to the token in the request of data, according to the API key pair
The token, the required parameter, the random number and the timestamp carry out encryption and generate comparison ciphertext;
If the comparison ciphertext is consistent with the request ciphertext, the request of data of letting pass;If the comparison ciphertext with it is described
It requests ciphertext inconsistent, then intercepts the request of data.
4. the method for authenticating of small routine according to claim 3, which is characterized in that described according in the request of data
Token obtains the API key in the data base querying, according to token described in the API key pair, the required parameter, institute
It states random number and the timestamp carries out encryption and generates before comparing ciphertext, comprising:
Judgement whether there is the identical request of data within a preset time;
If the identical request of data is not present within a preset time, determine that the request of data is not Replay Attack.
5. the method for authenticating of small routine according to claim 4, which is characterized in that it is described judgement within a preset time whether
There are after the identical request of data, further includes:
If there is the identical request of data within a preset time, determine that the request of data for Replay Attack, and is refused
The request of data;
Limitation access list is added in the Internet protocol address of client corresponding to the request of data.
6. the method for authenticating of small routine according to claim 3, which is characterized in that the generation method for comparing ciphertext,
Include:
Disappear using the API key as salt figure to the token, the required parameter, the random number and the timestamp
It ceases digest algorithm encryption and generates the comparison ciphertext.
7. a kind of server, which is characterized in that the server includes memory, processor and stores in the memory
And the computer program that can be run on the processor, the processor realize following step when executing the computer program
It is rapid:
If receiving user's authorization identifying request from client, obtains the client and receive and forward from application platform
Encrypted characters string, and key is obtained from the application platform, wherein the encrypted characters string is by the application platform to working as
The user information of the preceding user for logging in the application platform is encrypted to obtain, and the client is the client of small routine, institute
Stating small routine relies on the application platform as carrier;
It is decrypted to obtain the user information according to encrypted characters string described in the key pair;
If inquiring the user information in the user information database prestored, authorization successfully notice is generated, and described in reception
The user identifier of the user of application platform, and authentication information is generated according to the user identifier of the user and is stored to data
Library, and successfully notice is sent to the client by the authentication information and the authorization.
8. server according to claim 7, which is characterized in that the encrypted characters string according to the key pair into
After row decryption obtains the user information, the processor also realizes following steps when executing the computer program:
If not inquiring the user information in the user information database prestored, the notice of authorization failure is generated, and will be described
The notice of authorization failure is sent to the client.
9. server according to claim 7, which is characterized in that the authentication information includes at least API key, if described
The user information is inquired in the user information database prestored, then generates authorization successfully notice, and receive third-party application
The user user identifier, and authentication information is generated according to the user identifier of the user and is stored to database, and will
Successfully notice is sent to after the client for the authentication information and the authorization, and the processor executes the calculating
Following steps are also realized when machine program:
The request of the client is received, the request includes token, required parameter, random number, timestamp and requests ciphertext,
The request ciphertext is that the client is added by the API key pair token, required parameter, random number and timestamp
It is dense at;
The API key is obtained in the data base querying according to the token in the request, according to the API key pair
It is close that token, required parameter, random number and timestamp carry out the comparison that verification is compared with the request ciphertext in encryption generation
Text;
If the comparison ciphertext is consistent with the request ciphertext, the request of letting pass;If the comparison ciphertext and the request
Ciphertext is inconsistent, then intercepts the request.
10. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, and feature exists
In when the computer program is executed by processor the step of any one of such as claim 1 to 6 of realization the method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811202378.4A CN109522726A (en) | 2018-10-16 | 2018-10-16 | Method for authenticating, server and the computer readable storage medium of small routine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811202378.4A CN109522726A (en) | 2018-10-16 | 2018-10-16 | Method for authenticating, server and the computer readable storage medium of small routine |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109522726A true CN109522726A (en) | 2019-03-26 |
Family
ID=65771716
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811202378.4A Pending CN109522726A (en) | 2018-10-16 | 2018-10-16 | Method for authenticating, server and the computer readable storage medium of small routine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109522726A (en) |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110557502A (en) * | 2019-08-09 | 2019-12-10 | 五八有限公司 | Method and device for calling up applet, electronic device and readable storage medium |
| CN110688124A (en) * | 2019-08-23 | 2020-01-14 | 北京奇艺世纪科技有限公司 | Applet processing method, device, electronic equipment and computer readable storage medium |
| CN110933109A (en) * | 2019-12-17 | 2020-03-27 | 中国建设银行股份有限公司 | Dynamic small program authentication method and device |
| CN111245825A (en) * | 2020-01-09 | 2020-06-05 | 百度在线网络技术(北京)有限公司 | Applet login method, server and electronic device |
| CN111523102A (en) * | 2020-04-24 | 2020-08-11 | 腾讯科技(深圳)有限公司 | Applet login method, device, equipment and computer readable storage medium |
| CN111541542A (en) * | 2019-12-31 | 2020-08-14 | 远景智能国际私人投资有限公司 | Request sending and verifying method, device and equipment |
| CN111565178A (en) * | 2020-04-26 | 2020-08-21 | 天津中新智冠信息技术有限公司 | Service information issuing method, device, server, client and storage medium |
| CN111901287A (en) * | 2019-10-22 | 2020-11-06 | 刘高峰 | Method and device for providing encryption information for light application and intelligent equipment |
| CN112000951A (en) * | 2020-08-31 | 2020-11-27 | 上海商汤智能科技有限公司 | Access method, device, system, electronic equipment and storage medium |
| CN112039826A (en) * | 2019-06-03 | 2020-12-04 | 北京京东尚科信息技术有限公司 | Login method and device applied to applet terminal |
| CN112073188A (en) * | 2020-08-31 | 2020-12-11 | 北京市商汤科技开发有限公司 | Authentication method, device, equipment and computer readable storage medium |
| CN112153055A (en) * | 2020-09-25 | 2020-12-29 | 北京百度网讯科技有限公司 | Authentication method and device, computing equipment and medium |
| CN112182623A (en) * | 2020-10-13 | 2021-01-05 | 支付宝(杭州)信息技术有限公司 | Method and device for protecting user privacy |
| WO2021000576A1 (en) * | 2019-07-01 | 2021-01-07 | 创新先进技术有限公司 | Account security protection method and system based on mini program |
| CN112565156A (en) * | 2019-09-10 | 2021-03-26 | 北京京东尚科信息技术有限公司 | Information registration method, device and system |
| CN115242433A (en) * | 2022-06-13 | 2022-10-25 | 易保网络技术(上海)有限公司 | Data processing method, system, electronic device and computer readable storage medium |
| CN116318899A (en) * | 2023-02-17 | 2023-06-23 | 深圳市创势互联科技有限公司 | Data encryption and decryption processing method, system, equipment and medium |
| CN116647732A (en) * | 2023-07-27 | 2023-08-25 | 深圳市华曦达科技股份有限公司 | Updating configuration method and device based on intelligent television box security |
| CN116647732B (en) * | 2023-07-27 | 2024-04-19 | 深圳市华曦达科技股份有限公司 | Updating configuration method and device based on intelligent television box security |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101026736A (en) * | 2007-03-14 | 2007-08-29 | 中兴通讯股份有限公司 | Method and system for J2ME business authentication for IPTV system |
| CN102902908A (en) * | 2012-10-08 | 2013-01-30 | 北京奇虎科技有限公司 | Device and method for detecting security of free-of-installation Active X plug-in |
| WO2016015436A1 (en) * | 2014-07-28 | 2016-02-04 | 百度在线网络技术(北京)有限公司 | Platform authorization method, platform server, application client, system, and storage medium |
| CN108200089A (en) * | 2018-02-07 | 2018-06-22 | 腾讯云计算(北京)有限责任公司 | Implementation method, device, system and the storage medium of information security |
-
2018
- 2018-10-16 CN CN201811202378.4A patent/CN109522726A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101026736A (en) * | 2007-03-14 | 2007-08-29 | 中兴通讯股份有限公司 | Method and system for J2ME business authentication for IPTV system |
| CN102902908A (en) * | 2012-10-08 | 2013-01-30 | 北京奇虎科技有限公司 | Device and method for detecting security of free-of-installation Active X plug-in |
| WO2016015436A1 (en) * | 2014-07-28 | 2016-02-04 | 百度在线网络技术(北京)有限公司 | Platform authorization method, platform server, application client, system, and storage medium |
| CN108200089A (en) * | 2018-02-07 | 2018-06-22 | 腾讯云计算(北京)有限责任公司 | Implementation method, device, system and the storage medium of information security |
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112039826A (en) * | 2019-06-03 | 2020-12-04 | 北京京东尚科信息技术有限公司 | Login method and device applied to applet terminal |
| WO2021000576A1 (en) * | 2019-07-01 | 2021-01-07 | 创新先进技术有限公司 | Account security protection method and system based on mini program |
| CN110557502A (en) * | 2019-08-09 | 2019-12-10 | 五八有限公司 | Method and device for calling up applet, electronic device and readable storage medium |
| CN110688124A (en) * | 2019-08-23 | 2020-01-14 | 北京奇艺世纪科技有限公司 | Applet processing method, device, electronic equipment and computer readable storage medium |
| CN110688124B (en) * | 2019-08-23 | 2023-03-17 | 北京奇艺世纪科技有限公司 | Applet processing method, apparatus, electronic device and computer readable storage medium |
| CN112565156A (en) * | 2019-09-10 | 2021-03-26 | 北京京东尚科信息技术有限公司 | Information registration method, device and system |
| CN111901287A (en) * | 2019-10-22 | 2020-11-06 | 刘高峰 | Method and device for providing encryption information for light application and intelligent equipment |
| CN111901287B (en) * | 2019-10-22 | 2022-12-23 | 刘高峰 | Method and device for providing encryption information for light application and intelligent equipment |
| CN110933109A (en) * | 2019-12-17 | 2020-03-27 | 中国建设银行股份有限公司 | Dynamic small program authentication method and device |
| CN110933109B (en) * | 2019-12-17 | 2022-03-29 | 中国建设银行股份有限公司 | Dynamic small program authentication method and device |
| CN111541542A (en) * | 2019-12-31 | 2020-08-14 | 远景智能国际私人投资有限公司 | Request sending and verifying method, device and equipment |
| CN111541542B (en) * | 2019-12-31 | 2023-09-15 | 远景智能国际私人投资有限公司 | Request sending and verifying method, device and equipment |
| CN111245825A (en) * | 2020-01-09 | 2020-06-05 | 百度在线网络技术(北京)有限公司 | Applet login method, server and electronic device |
| CN111245825B (en) * | 2020-01-09 | 2022-05-10 | 百度在线网络技术(北京)有限公司 | Applet login method, server and electronic device |
| CN111523102A (en) * | 2020-04-24 | 2020-08-11 | 腾讯科技(深圳)有限公司 | Applet login method, device, equipment and computer readable storage medium |
| CN111523102B (en) * | 2020-04-24 | 2023-10-27 | 腾讯科技(深圳)有限公司 | Applet login method, device, equipment and computer readable storage medium |
| CN111565178A (en) * | 2020-04-26 | 2020-08-21 | 天津中新智冠信息技术有限公司 | Service information issuing method, device, server, client and storage medium |
| CN111565178B (en) * | 2020-04-26 | 2022-06-14 | 天津中新智冠信息技术有限公司 | Service information issuing method, device, server, client and storage medium |
| CN112073188A (en) * | 2020-08-31 | 2020-12-11 | 北京市商汤科技开发有限公司 | Authentication method, device, equipment and computer readable storage medium |
| CN112000951A (en) * | 2020-08-31 | 2020-11-27 | 上海商汤智能科技有限公司 | Access method, device, system, electronic equipment and storage medium |
| CN112153055A (en) * | 2020-09-25 | 2020-12-29 | 北京百度网讯科技有限公司 | Authentication method and device, computing equipment and medium |
| CN112153055B (en) * | 2020-09-25 | 2023-04-18 | 北京百度网讯科技有限公司 | Authentication method and device, computing equipment and medium |
| CN112182623A (en) * | 2020-10-13 | 2021-01-05 | 支付宝(杭州)信息技术有限公司 | Method and device for protecting user privacy |
| CN115242433A (en) * | 2022-06-13 | 2022-10-25 | 易保网络技术(上海)有限公司 | Data processing method, system, electronic device and computer readable storage medium |
| CN115242433B (en) * | 2022-06-13 | 2024-02-09 | 易保网络技术(上海)有限公司 | Data processing method, system, electronic device and computer readable storage medium |
| CN116318899A (en) * | 2023-02-17 | 2023-06-23 | 深圳市创势互联科技有限公司 | Data encryption and decryption processing method, system, equipment and medium |
| CN116318899B (en) * | 2023-02-17 | 2023-10-17 | 深圳市创势互联科技有限公司 | Data encryption and decryption processing method, system, equipment and medium |
| CN116647732A (en) * | 2023-07-27 | 2023-08-25 | 深圳市华曦达科技股份有限公司 | Updating configuration method and device based on intelligent television box security |
| CN116647732B (en) * | 2023-07-27 | 2024-04-19 | 深圳市华曦达科技股份有限公司 | Updating configuration method and device based on intelligent television box security |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109522726A (en) | Method for authenticating, server and the computer readable storage medium of small routine | |
| CN110291757B (en) | Method for providing simplified account registration service, user authentication service, and authentication server using the same | |
| CN107483509B (en) | A kind of auth method, server and readable storage medium storing program for executing | |
| CN108259438B (en) | Authentication method and device based on block chain technology | |
| CN107124431B (en) | Authentication method, device, computer readable storage medium and authentication system | |
| US8978115B2 (en) | Home realm discovery in mixed-mode federated realms | |
| CN108416589A (en) | Connection method, system and the computer readable storage medium of block chain node | |
| CN110162936A (en) | A kind of use authorization method of software content | |
| CN107624238A (en) | To the safe access control of the application based on cloud | |
| CN105681470B (en) | Communication means, server based on hypertext transfer protocol, terminal | |
| CN108880822A (en) | A kind of identity identifying method, device, system and a kind of intelligent wireless device | |
| CN108259502A (en) | For obtaining the identification method of interface access rights, server-side and storage medium | |
| CN108234509A (en) | FIDO authenticators, Verification System and method based on TEE and PKI certificates | |
| WO2016188335A1 (en) | Access control method, apparatus and system for user data | |
| CN112532599B (en) | Dynamic authentication method, device, electronic equipment and storage medium | |
| CN109873805A (en) | Cloud desktop login method, device, equipment and storage medium based on cloud security | |
| CN112000951A (en) | Access method, device, system, electronic equipment and storage medium | |
| US20160241536A1 (en) | System and methods for user authentication across multiple domains | |
| Varadharajan | Security enhanced mobile agents | |
| CN108259406A (en) | Examine the method and system of SSL certificate | |
| CN110958239B (en) | Method and device for verifying access request, storage medium and electronic device | |
| CN112311769B (en) | Method, system, electronic device and medium for security authentication | |
| CN112989426A (en) | Authorization authentication method and device, and resource access token acquisition method | |
| CN109218334A (en) | Data processing method, device, access control equipment, certificate server and system | |
| Leicher et al. | Implementation of a trusted ticket system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.) Applicant after: Ping An Wanjia Medical Management Co.,Ltd. Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.) Applicant before: PING'AN WANJIA MEDICAL INVESTMENT MANAGEMENT Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20231213 Address after: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.) Applicant after: KANGJIAN INFORMATION TECHNOLOGY (SHENZHEN) Co.,Ltd. Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.) Applicant before: Ping An Wanjia Medical Management Co.,Ltd. |