CN112511510A - Authorization authentication method, system, electronic equipment and readable storage medium - Google Patents

Authorization authentication method, system, electronic equipment and readable storage medium Download PDF

Info

Publication number
CN112511510A
CN112511510A CN202011295926.XA CN202011295926A CN112511510A CN 112511510 A CN112511510 A CN 112511510A CN 202011295926 A CN202011295926 A CN 202011295926A CN 112511510 A CN112511510 A CN 112511510A
Authority
CN
China
Prior art keywords
target application
mobile banking
client
server
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011295926.XA
Other languages
Chinese (zh)
Other versions
CN112511510B (en
Inventor
关宇坤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
Original Assignee
CCB Finetech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CCB Finetech Co Ltd filed Critical CCB Finetech Co Ltd
Priority to CN202011295926.XA priority Critical patent/CN112511510B/en
Publication of CN112511510A publication Critical patent/CN112511510A/en
Application granted granted Critical
Publication of CN112511510B publication Critical patent/CN112511510B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Business, Economics & Management (AREA)
  • Signal Processing (AREA)
  • Finance (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Power Engineering (AREA)
  • Technology Law (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to an authorization authentication method and system, wherein the method comprises the following steps: the target application client sends the target application information and the first UUID information of the intelligent terminal to a mobile banking server through the mobile banking client; wherein the target application information comprises at least a target application ID; the mobile banking client sends the token issued by the mobile banking server to the target application server through the target application client; the mobile banking server records a timestamp T1 of issuing token; the target application server sends the received token and the second UIDD information of the intelligent terminal sent by the target application client to a mobile banking server; wherein the mobile banking server records a timestamp T2 of the token received; according to a preset verification rule, the mobile banking server verifies the received token and the second UIDD information; and after the verification is passed, the mobile banking server sends the target user information to the target application server.

Description

Authorization authentication method, system, electronic equipment and readable storage medium
Technical Field
The invention relates to the technical field of security authorization authentication, in particular to an authorization authentication method, an authorization authentication system, electronic equipment and a readable storage medium.
Background
With the continuous development of internet finance, internet financial transactions, especially the application of financial transactions using intelligent terminals such as mobile banking, have gradually become the mainstream financial transaction mode. Under many conditions, especially under business scenes such as payment needing to be carried out, a third party APP often needs to call or jump to a mobile phone bank APP installed on the intelligent terminal to complete a transaction order of the third party application, but based on the consideration of internet financial transaction safety, the third party application jumps to a mobile phone bank to acquire the authorization of a user, and can jump to a mobile phone bank interface to carry out payment after the authorization of a mobile phone bank server, wherein the authorization authentication is a key point concerned by the internet financial transactions. The current authorization and authentication scheme is mainly completed by adopting a dynamic verification code mode in encryption and authorization, but the scheme has many security vulnerabilities, such as security problems of mobile phone bank login on other mobile phones after the verification code is stolen, and the like.
Disclosure of Invention
The present application aims to solve at least one of the above technical drawbacks. The technical scheme adopted by the application is as follows:
in a first aspect, an embodiment of the present application discloses an authorization authentication method, where the method includes:
the target application client sends the target application information and the first UUID information of the intelligent terminal to a mobile banking server through the mobile banking client; wherein the target application information comprises at least a target application ID;
the mobile banking client sends the token issued by the mobile banking server to the target application server through the target application client; the mobile banking server records a timestamp T1 of issuing token;
the target application server sends the received token and the second UIDD information of the intelligent terminal sent by the target application client to a mobile banking server; wherein the mobile banking server records a timestamp T2 of the token received;
according to a preset verification rule, the mobile banking server verifies the received token and the second UIDD information;
after the verification is passed, the mobile banking server sends the target user information to a target application server; the target user information is the user information of the target application client which is authorized to jump to the mobile phone bank client and then log in the mobile phone bank client.
Further, the preset verification rule is as follows: the received token is the same as the sent token, and the time difference between T2 and T1 is less than or equal to the preset reference time; and, the first UIDD and the second UIDD are the same.
Further, before the target application client sends the target application information to the mobile banking client, the method further includes:
a target application client acquires a data signature file from a target application server;
and the target application client splices the acquired data signature file, the target application information and the first UIDD of the intelligent terminal and then sends the spliced data signature file, the target application information and the first UIDD of the intelligent terminal to a mobile banking server through the mobile banking client.
Further, the target application information further includes: the authentication version number, the timestamp and the callback Scheme of the target application;
the sending the spliced information to the mobile banking server through the mobile banking client further comprises: the target application client splices the data signature, the target application ID, the authentication version number, the timestamp, the callback Scheme and the first UIDD information of the intelligent terminal to obtain a spliced file; and the target application client sends the spliced file to the mobile banking client when the scheme of the mobile banking client is called up.
Further, before the mobile banking client sends the splicing file to the mobile banking server, the method further includes: the mobile banking client authorizes a target application information authorization interface from a mobile banking server; and after receiving an authorization instruction of the target application from a user, the authorization interface sends the spliced file to a mobile banking server.
Further, the sending, by the mobile banking server, the target user information to the target application server specifically includes: according to a preset encryption rule, the mobile banking server encrypts the target user information and then sends the encrypted target user information to a target application server; wherein the preset encryption rule includes but is not limited to symmetric encryption by using an independent key bound with a target application signature; and the target user information is loaded with a time stamp for sending the target user information.
Further, after the mobile banking server sends the target user information to the target application server, the method further comprises: the target application server verifies the validity of the timestamp of the received target user information; wherein the validity period is set by a mobile banking server; and after the validity of the timestamp is verified, the target application server decrypts and acquires the target user information according to the preset encryption rule.
Further, the method further comprises: caching timestamps of all target user information when the target application server acquires the target user information; logging in the skipped mobile banking client by using the acquired target user information; when the operation of logging in the mobile phone bank client by using the target user information for multiple times is obtained, the target application server judges whether the obtained timestamp corresponding to the target user information used each time is the same as the cached timestamp record information; if the user information is the same, the login behavior of the user information acquired by the same timestamp is ignored.
In another aspect, an embodiment of the present application provides an authorization and authentication system, where the system includes: the system comprises an intelligent terminal, a mobile banking server and a target application server; the intelligent terminal comprises a target application client and a mobile banking client; wherein the content of the first and second substances,
the target application client sends target application information and first UUID information of the intelligent terminal to the mobile banking server through the mobile banking client; wherein the target application information comprises at least a target application ID;
the mobile banking client sends the token issued by the mobile banking server to the target application server through the target application client; the mobile banking server records a timestamp T1 of issuing token;
the target application server sends the received token and second UIDD information of the intelligent terminal sent by the target application client to the mobile banking server; wherein the mobile banking server records a timestamp T2 of the token received;
according to a preset verification rule, the mobile banking server verifies the received token and the second UIDD information;
after the verification is passed, the mobile banking server sends the target user information to a target application server; the target user information is the user information of the target application client which is authorized to jump to the mobile phone bank client and then log in the mobile phone bank client.
Further, the preset verification rule is as follows: the received token is the same as the sent token, and the time difference between T2 and T1 is less than or equal to the preset reference time; and, the first UIDD and the second UIDD are the same.
Further, before the target application client sends the target application information to the mobile phone bank client, the target application client acquires a data signature file from a target application server; and the target application client splices the acquired data signature file, the target application information and the first UIDD of the intelligent terminal and then sends the spliced data signature file, the target application information and the first UIDD of the intelligent terminal to a mobile banking server through the mobile banking client.
Further, the target application information further includes: the authentication version number, the timestamp and the callback Scheme of the target application;
the sending the spliced information to the mobile banking server through the mobile banking client further comprises: the target application client splices the data signature, the target application ID, the authentication version number, the timestamp, the callback Scheme and the first UIDD information of the intelligent terminal to obtain a spliced file; and the target application client sends the spliced file to the mobile banking client when the scheme of the mobile banking client is called up.
Further, before the mobile banking client sends the spliced file to the mobile banking server, the mobile banking client authorizes a target application information authorization interface from the mobile banking server; and after receiving an authorization instruction of the target application from a user, the authorization interface sends the spliced file to a mobile banking server.
Further, the sending, by the mobile banking server, the target user information to the target application server specifically includes:
according to a preset encryption rule, the mobile banking server encrypts the target user information and then sends the encrypted target user information to a target application server; wherein the preset encryption rule includes but is not limited to symmetric encryption by using an independent key bound with a target application signature; the target user information is loaded with a timestamp for sending the target user information;
the target application server verifies the validity of the timestamp of the received target user information; wherein the validity period is set by a mobile banking server;
and after the validity of the timestamp is verified, the target application server decrypts and acquires the target user information according to the preset encryption rule.
In a third aspect, an embodiment of the present application provides an electronic device, including a processor and a memory;
the memory is used for storing operation instructions;
the processor is configured to execute the method in any of the embodiments by calling the operation instruction.
In a fourth aspect, the present application provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the computer program implements the method of any one of the above embodiments.
The authorization authentication scheme provided by the embodiment of the application comprises the steps that a target application client sends target application information and first UUID information of an intelligent terminal to a mobile banking server through a mobile banking client; wherein the target application information comprises at least a target application ID; the mobile banking client sends the token issued by the mobile banking server to the target application server through the target application client; the mobile banking server records a timestamp T1 of issuing token; the target application server sends the received token and the second UIDD information of the intelligent terminal sent by the target application client to a mobile banking server; wherein the mobile banking server records a timestamp T2 of the token received; according to a preset verification rule, the mobile banking server verifies the received token and the second UIDD information; after the verification is passed, the mobile banking server sends the target user information to a target application server; the target user information is the user information of the target application client which logs in the mobile banking client after the target application client obtains authorization to jump to the mobile banking client, namely the validity of the target token and the UIDD is verified between the target application server (third-party application server) and the mobile banking server, compared with the prior art that only some simple cracked dynamic verification codes within the validity period are adopted, the safety is further improved, especially the condition that bank jump request initiating equipment is different from final transaction implementing equipment is avoided by introducing the verification of the UIDD, and the condition that the verification information of a fraudulent user logs in the mobile phone of the user is avoided. In addition, the embodiment of the application also introduces an encryption authorization rule between two different application programs when the target application client jumps to the mobile banking client, so that the security of the third-party application and the mobile banking authorization authentication is further improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings used in the description of the embodiments of the present application will be briefly described below.
Fig. 1 is a schematic flowchart of an authorization authentication method according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of an authorization and authentication system according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present invention.
It will be understood by those skilled in the art that, unless otherwise specified, the singular forms "a", "an", "the" and "the" may include the plural forms, and the plural forms "a", "an", "a", and "the" are merely intended to illustrate the object definition for clarity and do not limit the object itself, and certainly, the object definition for "a" and "an" may be the same terminal, device, user, etc., and may also be the same terminal, device, user, etc. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.
In addition, it is to be understood that "at least one" in the embodiments of the present application means one or more, "a plurality" means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a alone, both A and B, and B alone, where A, B may be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of the singular or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, a and b, a and c, b and c, or a, b and c, wherein a, b and c can be single or multiple.
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
The following describes the technical solutions of the present application and how to solve the above technical problems with specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
The authorization scheme in the prior art has a problem of poor flexibility as described in the background art, and based on this, the following embodiments of the present invention provide an authorization method to solve at least one of the above-mentioned drawbacks.
To more clearly describe the technical solutions of the present application, the following describes some concepts, terms or systems that the following embodiments may relate to help understand the authorization authentication scheme disclosed in the present application:
the UIDD (Universal Unique identifier) of the intelligent terminal is a universal Unique identification code of the intelligent terminal.
Fig. 1 shows a schematic flowchart of authorization authentication provided in an embodiment of the present application, and as shown in fig. 1, the method mainly includes:
s101, the target application client sends target application information and first UUID information of the intelligent terminal to a mobile banking server through the mobile banking client; wherein the target application information comprises at least a target application ID;
in a further optional embodiment, before step S101 (when the target application client sends the target application information to the mobile banking client), the method further includes:
s100, a target application client acquires a data signature file from a target application server;
in a further optional embodiment, the target application information further comprises: the authentication version number, the timestamp and the callback Scheme of the target application;
correspondingly, optionally, the specific steps of step S101 are:
s1011, the target application client splices the data signature, the target application ID, the authentication version number, the timestamp, the callback Scheme and the first UIDD information of the intelligent terminal to obtain a spliced file;
and S1012, when the scheme of the mobile banking client is called up, the target application client sends the spliced file to the mobile banking client. The protocol of the target APP skip mobile phone bank can refer to the following examples: ccbapp:// cablenet ═ XXX
Wherein XXX is several parameters key-value, and then base64 is carried out after splicing according to the following method:
a protocol for jumping back to the third party APP is given by APP _ VERSION ═ APP _ ID ═ timestamp & _ back _ scheme ═ b.
Furthermore, when the mobile banking jumps back to the target application APP after the transaction is finished, back _ scheme needs the third party APP to configure a scheme, and the mobile banking client can jump and bring the data to the third party APP. For example, the back _ schema is defined as otherpp:// ca, and the content returned by the mobile banking client jump is: otherpp:// caENC _ TOKEN ═ ciphertext.
In a further optional embodiment, before the mobile banking client sends the spliced file to the mobile banking server, the method further includes:
s1013, the mobile banking client authorizes the target application information authorization interface from the mobile banking server; and after receiving an authorization instruction of the target application from a user, the authorization interface sends the spliced file to a mobile banking server.
S102, the mobile banking client sends a token issued by the mobile banking server to the target application server through the target application client; the mobile banking server records a timestamp T1 of issuing token;
s103, the target application server sends the received token and the second UIDD information of the intelligent terminal sent by the target application client to a mobile banking server; wherein the mobile banking server records a timestamp T2 of the token received;
s104, according to a preset verification rule, the mobile banking server verifies the received token and the second UIDD information;
s104, after the verification is passed, the mobile banking server sends the target user information to a target application server; the target user information is the user information of the target application client which is authorized to jump to the mobile phone bank client and then log in the mobile phone bank client. In an embodiment of the present application, the preset validation rule is: the received token is the same as the sent token, and the time difference between T2 and T1 is less than or equal to a preset reference time (for example, 5 minutes); and, the first UIDD and the second UIDD are the same.
According to the embodiment of the application, the validity of the target token and the UIDD is verified between the target application server (third-party application server) and the mobile banking server, so that the safety is further improved compared with the prior art that only some simple cracked dynamic verification codes within the validity period are adopted, especially the condition that bank jump request initiating equipment is different from final transaction implementing equipment is avoided by introducing the UIDD verification, and the condition that the verification information of a fraudulent user carries out user mobile banking login on the own mobile phone is avoided. In addition, by setting the overtime timestamp form, the problem that the UUID occupies too much server database capacity and influences matching for too long time is solved, and the token is transmitted between the clients, so that the token is used for exchanging real information of user authentication between the servers, and the information security of the clients is ensured.
In a further optional embodiment, the sending, by the mobile banking server, the target user information to the target application server specifically includes: according to a preset encryption rule, the mobile banking server encrypts the target user information and then sends the encrypted target user information to a target application server; and the target user information is loaded with a time stamp for sending the target user information. Wherein the preset encryption rules include, but are not limited to, symmetric encryption using an independent key bound to a target application signature. According to the method and the device, when the third-party application jumps to the mobile phone bank through the SDK to transmit information mutually, the independent key bound with the target application signature is adopted to carry out the symmetric encryption technology so as to realize double-transmission information tamper resistance and repudiation resistance. The keys of the two parties are stored in the server side of the partner and the mobile client side, and the mobile client side obtains encrypted information and a new signature through communication with the server side.
According to the embodiment of the application, the encryption authorization rule is introduced between two different application programs when the target application client jumps to the mobile banking client, so that the security of the third-party application and the mobile banking authorization authentication is further improved.
In a further optional embodiment, after the mobile banking server sends the target user information to the target application server, the method further includes:
step 1, the target application server verifies the validity of the timestamp of the received target user information; wherein the validity period is set by the mobile banking server. For example, the validity period of the time stamp may be set to 5 minutes;
and 2, after the validity of the timestamp is verified, entering a step 3, namely decrypting and acquiring target user information by the target application server according to the preset encryption rule. If the authentication fails, the authentication process terminates and fails.
In a further optional embodiment, the method further comprises:
step 3, caching timestamps of all the target user information when the target application server acquires the target user information;
step 4, logging in the skipped mobile banking client by using the acquired target user information; therefore, the target application APP passes the authorization authentication of the mobile phone bank, and the authorization authentication process is finished.
Step 5, when the operation of logging in the mobile phone bank client by using the target user information for multiple times is obtained, the target application server judges whether the obtained timestamp corresponding to the target user information used each time is the same as the cached timestamp record information;
and 6, if the user information is the same as the user information, ignoring the login behavior of the user information acquired by the same timestamp.
Based on the authorization authentication method shown in fig. 1, another aspect of the present application provides an authorization authentication system, as shown in fig. 2, the system may include: 200 intelligent terminals, 201 mobile banking servers and 202 target application servers; the intelligent terminal comprises an 20012001 mobile banking client and a 20022002 target application client; wherein the content of the first and second substances,
the 2002 target application client sends target application information and first UUID information of the 200 intelligent terminal to the 201 mobile banking server through the 2001 mobile banking client; wherein the target application information comprises at least a target application ID;
through the 2002 target application client, the 2001 mobile banking client sends the token issued by the 201 mobile banking server to the 202 target application server; wherein the 201 mobile banking server records a time stamp T1 of issuing token;
the 202 target application server sends the received token and the second UIDD information of the 200 intelligent terminal sent by the 2002 target application client to the 201 mobile banking server; wherein the 201 cell phone banking server records a timestamp T2 of the token received;
according to a preset verification rule, the 201 mobile banking server verifies the received token and the second UIDD information;
after the verification is passed, the 201 mobile banking server sends the target user information to 202 target application server; the target user information is the user information of the 2002 target application client which is authorized to jump to the 2001 mobile banking client and then log in the 2001 mobile banking client.
In a further optional embodiment, the preset validation rule is: the received token is the same as the sent token, and the time difference between T2 and T1 is less than or equal to the preset reference time; and, the first UIDD and the second UIDD are the same.
In a further optional embodiment, before the 2002 target application client sends the target application information to the 2001 cellphone bank client, the 2002 target application client obtains the data signature file from 202 the target application server; and the 2002 target application client splices the acquired data signature file, the target application information and the first UIDD of the 200 intelligent terminal and then sends the spliced data signature file, the target application information and the first UIDD to the 201 mobile banking server through the 2001 mobile banking client.
In a further optional embodiment, the target application information further comprises: the authentication version number, the timestamp and the callback Scheme of the target application;
the sending the spliced information to the 201 mobile banking server through the 2001 mobile banking client further comprises: the 2002 target application client splices the data signature, the target application ID, the authentication version number, the timestamp, the callback Scheme and the first UIDD information of the 200 intelligent terminal to obtain a spliced file; and when the scheme of the 2001 mobile banking client is called up, the 2002 target application client sends the splicing file to the 2001 mobile banking client.
In a further optional embodiment, before the 2001 cellphone banking client sends the spliced file to the 201 cellphone banking server, the 2001 cellphone banking client authorizes a target application information authorization interface from the 201 cellphone banking server; and after receiving an authorization instruction of the target application from a user, the authorization interface sends the spliced file to a 201 mobile banking server.
In a further optional embodiment, the sending 202, by the 201 mobile banking server, the target user information to the target application server specifically includes:
according to a preset encryption rule, a 201 mobile banking server encrypts the target user information and then sends the encrypted target user information to a 202 target application server; wherein the preset encryption rule includes but is not limited to symmetric encryption by using an independent key bound with a target application signature; the target user information is loaded with a timestamp for sending the target user information;
the 202 target application server verifying the validity of the timestamp of the received target user information; wherein the validity period is set by a mobile banking server 201;
and after the validity of the timestamp is verified, the 202 target application server decrypts and acquires the target user information according to the preset encryption rule.
It is understood that the above-mentioned constituent devices of the authorization authentication system in the present embodiment have functions of implementing the corresponding steps of the method in the embodiment shown in fig. 1. The function can be realized by hardware, and can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules or systems corresponding to the above-described functions. The modules and systems can be software and/or hardware, and the modules and systems can be realized independently or integrated by a plurality of modules and systems. For the functional description of each module and system, reference may be specifically made to the corresponding description of the method in the embodiment shown in fig. 1, and therefore, the beneficial effects that can be achieved by the method may refer to the beneficial effects in the corresponding method provided above, which are not described again here.
It is to be understood that the illustrated structure of the embodiment of the present invention does not constitute a specific limitation to the specific structure of the authorization authentication system. In other embodiments of the present application, the authorization authentication system may include more or fewer components than shown, or some components may be combined, some components may be split, or a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
The embodiment of the application provides an electronic device, which comprises a processor and a memory;
a memory for storing operating instructions;
and the processor is used for executing the authorization authentication method provided by any embodiment of the application by calling the operation instruction.
As an example, fig. 3 shows a schematic structural diagram of an electronic device to which the embodiment of the present application is applied, and as shown in fig. 3, the electronic device 300 includes: a processor 301 and a memory 303. Wherein processor 301 is coupled to memory 303, such as via bus 302. Optionally, the electronic device 300 may further include a transceiver 304. It should be noted that the practical application of the transceiver 304 is not limited to one. It is to be understood that the illustrated structure of the embodiment of the present invention does not constitute a specific limitation to the specific structure of the electronic device 300. In other embodiments of the present application, electronic device 300 may include more or fewer components than shown, or some components may be combined, some components may be split, or a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware. Optionally, the electronic device may further include a display screen 305 for displaying images or receiving operation instructions of a user as needed.
The processor 301 is applied to the embodiment of the present application, and is configured to implement the method shown in the foregoing method embodiment. The transceiver 304 may include a receiver and a transmitter, and the transceiver 304 is applied in the embodiment of the present application and is used for implementing the function of the electronic device of the embodiment of the present application to communicate with other devices when executed.
The Processor 301 may be a CPU (Central Processing Unit), a general-purpose Processor, a DSP (Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array) or other Programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. The processor 301 may also be a combination of computing functions, e.g., comprising one or more microprocessors, a combination of a DSP and a microprocessor, or the like.
Processor 301 may also include one or more processing units, such as: the processor 301 may include an Application Processor (AP), a modem processor, a Graphics Processing Unit (GPU), an Image Signal Processor (ISP), a controller, a memory, a video codec, a Digital Signal Processor (DSP), a baseband processor, and/or a Neural-Network Processing Unit (NPU), etc. The different processing units may be separate devices or may be integrated into one or more processors. The controller may be, among other things, a neural center and a command center of the electronic device 300. The controller can generate an operation control signal according to the instruction operation code and the timing signal to complete the control of instruction fetching and instruction execution. A memory may also be provided in processor 301 for storing instructions and data. In some embodiments, the memory in the processor 301 is a cache memory. The memory may hold instructions or data that have just been used or recycled by the processor 301. If the processor 301 needs to reuse the instruction or data, it can be called directly from the memory. Avoiding repeated accesses reduces the latency of the processor 301, thereby increasing the efficiency of the system.
The processor 301 may operate the authorization authentication method provided in the embodiment of the present application, so as to reduce the operation complexity of the user, improve the intelligent degree of the terminal device, and improve the user experience. The processor 301 may include different devices, for example, when the CPU and the GPU are integrated, the CPU and the GPU may cooperate to execute the authorization authentication method provided in the embodiment of the present application, for example, part of algorithms in the authorization authentication method is executed by the CPU, and another part of algorithms is executed by the GPU, so as to obtain faster processing efficiency.
Bus 302 may include a path that transfers information between the above components. The bus 302 may be a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus 302 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 3, but this does not mean only one bus or one type of bus.
The Memory 303 may be a ROM (Read Only Memory) or other type of static storage device that can store static information and instructions, a RAM (Random Access Memory) or other type of dynamic storage device that can store information and instructions, an EEPROM (Electrically Erasable Programmable Read Only Memory), a CD-ROM (Compact disk), a high speed Random Access Memory, a non-volatile Memory such as at least one magnetic disk storage device, a flash Memory device, a universal flash Memory (UFS), or other optical disk storage, optical disk storage (including Compact disk, laser disk, optical disk, digital versatile disk, blu-ray disk, etc.), a magnetic disk storage medium or other magnetic storage device, a magnetic disk storage medium, or other magnetic storage device, Or any other medium which can be used to carry or store desired program code in the form of instructions or data structures and which can be accessed by a computer, but is not limited to such.
Optionally, the memory 303 is used for storing application program codes for executing the scheme of the present application, and is controlled by the processor 301 to execute. The processor 301 is configured to execute the application program code stored in the memory 303 to implement the authorization authentication method provided in any embodiment of the present application.
The memory 303 may be used to store computer-executable program code, which includes instructions. The processor 301 executes various functional applications of the electronic device 300 and data processing by executing instructions stored in the memory 303. The memory 303 may include a program storage area and a data storage area. Wherein, the storage program area can store the codes of the operating system and the application program, etc. The storage data area may store data created during use of the electronic device 300 (e.g., images, video, etc. captured by a camera application), and the like.
The memory 303 may further store one or more computer programs corresponding to the authorization authentication method provided in the embodiment of the present application. The one or more computer programs stored in the memory 303 and configured to be executed by the one or more processors 301 include instructions that may be used to perform the various steps in the respective embodiments described above.
Of course, the code of the authorization authentication method provided in the embodiment of the present application may also be stored in the external memory. In this case, the processor 301 may execute the code of the authorization authentication method stored in the external memory through the external memory interface, and the processor 301 may control to execute the authorization authentication procedure.
The display screen 305 includes a display panel. The display panel may be a Liquid Crystal Display (LCD), an organic light-emitting diode (OLED), an active-matrix organic light-emitting diode (active-matrix organic light-emitting diode, AMOLED), a flexible light-emitting diode (FLED), a miniature, a Micro-oeld, a quantum dot light-emitting diode (QLED), or the like. In some embodiments, the electronic device 300 may include 1 or N display screens 305, N being a positive integer greater than 1. The display screen 305 may be used to display information input by or provided to the user as well as various Graphical User Interfaces (GUIs). For example, the display screen 305 may display a photograph, video, web page, or file, etc.
The electronic device provided by the embodiment of the present application is applicable to any embodiment of the above method, and therefore, the beneficial effects that can be achieved by the electronic device can refer to the beneficial effects in the corresponding method provided above, and are not described again here.
The embodiment of the present application provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the computer program implements the authorization authentication method shown in the above method embodiment.
The computer-readable storage medium provided in the embodiments of the present application is applicable to any embodiment of the foregoing method, and therefore, the beneficial effects that can be achieved by the computer-readable storage medium can refer to the beneficial effects in the corresponding method provided above, and are not described herein again.
The embodiment of the present application further provides a computer program product, which when running on a computer, causes the computer to execute the above related steps to implement the method in the above embodiment. The computer program product provided in the embodiments of the present application is applicable to any of the embodiments of the method described above, and therefore, the beneficial effects that can be achieved by the computer program product can refer to the beneficial effects in the corresponding method provided above, and are not described herein again.
The authorization authentication scheme provided by the embodiment of the application comprises the steps that a target application client sends target application information and first UUID information of an intelligent terminal to a mobile banking server through a mobile banking client; wherein the target application information comprises at least a target application ID; the mobile banking client sends the token issued by the mobile banking server to the target application server through the target application client; the mobile banking server records a timestamp T1 of issuing token; the target application server sends the received token and the second UIDD information of the intelligent terminal sent by the target application client to a mobile banking server; wherein the mobile banking server records a timestamp T2 of the token received; according to a preset verification rule, the mobile banking server verifies the received token and the second UIDD information; after the verification is passed, the mobile banking server sends the target user information to a target application server; the target user information is the user information of the target application client which logs in the mobile banking client after the target application client obtains authorization to jump to the mobile banking client, namely the validity of the target token and the UIDD is verified between the target application server (third-party application server) and the mobile banking server, compared with the prior art that only some simple cracked dynamic verification codes within the validity period are adopted, the safety is further improved, especially the condition that bank jump request initiating equipment is different from final transaction implementing equipment is avoided by introducing the verification of the UIDD, and the condition that the verification information of a fraudulent user logs in the mobile phone of the user is avoided. In addition, the embodiment of the application also introduces an encryption authorization rule between two different application programs when the target application client jumps to the mobile banking client, so that the security of the third-party application and the mobile banking authorization authentication is further improved.
In the several embodiments provided in the present application, it should be understood that the disclosed system and method may be implemented in other ways. For example, the above-described system embodiments are merely illustrative, and for example, a division of a module or a unit is only one logical division, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be discarded or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, systems or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may be one physical unit or a plurality of physical units, may be located in one place, or may be distributed to a plurality of different places. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application may be essentially or partially contributed to by the prior art, or all or part of the technical solutions may be embodied in the form of a software product, where the software product is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, or the like) or a processor (processor) to execute all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of changes or substitutions within the technical scope of the present application, and can make several modifications and decorations, and these changes, substitutions, improvements and decorations should also be considered to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (16)

1. An authorization authentication method, the method comprising:
the target application client sends the target application information and the first UUID information of the intelligent terminal to a mobile banking server through the mobile banking client; wherein the target application information comprises at least a target application ID;
the mobile banking client sends the token issued by the mobile banking server to the target application server through the target application client; the mobile banking server records a timestamp T1 of issuing token;
the target application server sends the received token and the second UIDD information of the intelligent terminal sent by the target application client to a mobile banking server; wherein the mobile banking server records a timestamp T2 of the token received;
according to a preset verification rule, the mobile banking server verifies the received token and the second UIDD information;
after the verification is passed, the mobile banking server sends the target user information to a target application server; the target user information is the user information of the target application client which is authorized to jump to the mobile phone bank client and then log in the mobile phone bank client.
2. The authorization authentication method according to claim 1, wherein the preset validation rule is:
the received token is the same as the sent token, and the time difference between T2 and T1 is less than or equal to the preset reference time; and the combination of (a) and (b),
the first UIDD is identical to the second UIDD.
3. The authorization authentication method according to claim 2, wherein before the target application client sends the target application information to the mobile banking client, the method further comprises:
a target application client acquires a data signature file from a target application server;
and the target application client splices the acquired data signature file, the target application information and the first UIDD of the intelligent terminal and then sends the spliced data signature file, the target application information and the first UIDD of the intelligent terminal to a mobile banking server through the mobile banking client.
4. The authorization authentication method according to claim 3, wherein the target application information further comprises: the authentication version number, the timestamp and the callback Scheme of the target application;
the sending the spliced information to the mobile banking server through the mobile banking client further comprises:
the target application client splices the data signature, the target application ID, the authentication version number, the timestamp, the callback Scheme and the first UIDD information of the intelligent terminal to obtain a spliced file;
and the target application client sends the spliced file to the mobile banking client when the scheme of the mobile banking client is called up.
5. The authorization authentication method according to claim 4, wherein before the mobile banking client sends the spliced file to a mobile banking server, the method further comprises:
the mobile banking client authorizes a target application information authorization interface from a mobile banking server;
and after receiving an authorization instruction of the target application from a user, the authorization interface sends the spliced file to a mobile banking server.
6. The authorization and authentication method according to claim 2 or 5, wherein the sending of the target user information to the target application server by the mobile banking server specifically comprises:
according to a preset encryption rule, the mobile banking server encrypts the target user information and then sends the encrypted target user information to a target application server; wherein the preset encryption rule includes but is not limited to symmetric encryption by using an independent key bound with a target application signature; and the target user information is loaded with a time stamp for sending the target user information.
7. The authorization authentication method of claim 6, wherein after the mobile banking server sends the target user information to the target application server, the method further comprises:
the target application server verifies the validity of the timestamp of the received target user information; wherein the validity period is set by a mobile banking server;
and after the validity of the timestamp is verified, the target application server decrypts and acquires the target user information according to the preset encryption rule.
8. The authorization authentication method according to claim 7, characterized in that the method further comprises:
caching timestamps of all target user information when the target application server acquires the target user information;
logging in the skipped mobile banking client by using the acquired target user information;
when the operation of logging in the mobile phone bank client by using the target user information for multiple times is obtained, the target application server judges whether the obtained timestamp corresponding to the target user information used each time is the same as the cached timestamp record information;
if the user information is the same, the login behavior of the user information acquired by the same timestamp is ignored.
9. An authorization authentication system, the system comprising: the system comprises an intelligent terminal, a mobile banking server and a target application server; the intelligent terminal comprises a target application client and a mobile banking client; wherein the content of the first and second substances,
the target application client sends target application information and first UUID information of the intelligent terminal to the mobile banking server through the mobile banking client; wherein the target application information comprises at least a target application ID;
the mobile banking client sends the token issued by the mobile banking server to the target application server through the target application client; the mobile banking server records a timestamp T1 of issuing token;
the target application server sends the received token and second UIDD information of the intelligent terminal sent by the target application client to the mobile banking server; wherein the mobile banking server records a timestamp T2 of the token received;
according to a preset verification rule, the mobile banking server verifies the received token and the second UIDD information;
after the verification is passed, the mobile banking server sends the target user information to a target application server; the target user information is the user information of the target application client which is authorized to jump to the mobile phone bank client and then log in the mobile phone bank client.
10. The authorization and authentication system according to claim 9, wherein the preset validation rule is:
the received token is the same as the sent token, and the time difference between T2 and T1 is less than or equal to the preset reference time; and the combination of (a) and (b),
the first UIDD is identical to the second UIDD.
11. The authorization and authentication system according to claim 10, wherein the target application client obtains the data signature file from the target application server before sending the target application information to the mobile banking client; and the target application client splices the acquired data signature file, the target application information and the first UIDD of the intelligent terminal and then sends the spliced data signature file, the target application information and the first UIDD of the intelligent terminal to a mobile banking server through the mobile banking client.
12. The authorization authentication system according to claim 11, wherein the target application information further comprises: the authentication version number, the timestamp and the callback Scheme of the target application;
the sending the spliced information to the mobile banking server through the mobile banking client further comprises:
the target application client splices the data signature, the target application ID, the authentication version number, the timestamp, the callback Scheme and the first UIDD information of the intelligent terminal to obtain a spliced file;
and the target application client sends the spliced file to the mobile banking client when the scheme of the mobile banking client is called up.
13. The authorization authentication method according to claim 12, wherein before the mobile banking client sends the spliced file to the mobile banking server, the mobile banking client authorizes a target application information authorization interface from the mobile banking server; and after receiving an authorization instruction of the target application from a user, the authorization interface sends the spliced file to a mobile banking server.
14. The authorization and authentication system according to claim 13, wherein the sending of the target user information to the target application server by the mobile banking server specifically comprises:
according to a preset encryption rule, the mobile banking server encrypts the target user information and then sends the encrypted target user information to a target application server; wherein the preset encryption rule includes but is not limited to symmetric encryption by using an independent key bound with a target application signature; the target user information is loaded with a timestamp for sending the target user information;
the target application server verifies the validity of the timestamp of the received target user information; wherein the validity period is set by a mobile banking server;
and after the validity of the timestamp is verified, the target application server decrypts and acquires the target user information according to the preset encryption rule.
15. An electronic device comprising a processor and a memory;
the memory is used for storing operation instructions;
the processor is used for executing the method of any one of claims 1-8 by calling the operation instruction.
16. A computer-readable storage medium, characterized in that the storage medium has stored thereon a computer program which, when being executed by a processor, carries out the method of any one of claims 1-8.
CN202011295926.XA 2020-11-18 2020-11-18 Authorization authentication method, system, electronic equipment and readable storage medium Active CN112511510B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011295926.XA CN112511510B (en) 2020-11-18 2020-11-18 Authorization authentication method, system, electronic equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011295926.XA CN112511510B (en) 2020-11-18 2020-11-18 Authorization authentication method, system, electronic equipment and readable storage medium

Publications (2)

Publication Number Publication Date
CN112511510A true CN112511510A (en) 2021-03-16
CN112511510B CN112511510B (en) 2022-09-30

Family

ID=74956987

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011295926.XA Active CN112511510B (en) 2020-11-18 2020-11-18 Authorization authentication method, system, electronic equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN112511510B (en)

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101448001A (en) * 2008-11-19 2009-06-03 中国工商银行股份有限公司 System for realizing WAP mobile banking transaction security control and method thereof
US20120116925A1 (en) * 2010-11-10 2012-05-10 Ebay Inc. Secure in-line payments for rich internet applications
US20140351126A1 (en) * 2013-05-22 2014-11-27 Seth Priebatsch Secure synchronization of payment accounts to third-party applications or websites
US20150348015A1 (en) * 2012-12-19 2015-12-03 Deutsche Telekom Ag Method and system for terminal device-based communication between third-party applications and an electronic wallet
CN105591745A (en) * 2014-11-07 2016-05-18 中国银联股份有限公司 Method and system for performing identity authentication on user using third-party application
CN105931040A (en) * 2016-06-07 2016-09-07 中国建设银行股份有限公司 Security verification method and system for mobile phone bank customer
US9940653B1 (en) * 2017-04-07 2018-04-10 Stripe, Inc. Systems and methods for a commerce platform coordinating transactions within third party applications
CN108476226A (en) * 2016-12-22 2018-08-31 华为技术有限公司 application program authorization method, terminal and server
CN109815684A (en) * 2019-01-30 2019-05-28 广东工业大学 A kind of identity identifying method, system and server and storage medium
CN110348827A (en) * 2019-05-24 2019-10-18 平安银行股份有限公司 The direct-connected method of medium and small bank, minuscule-type-enterprise and relevant device based on third-party application
CN110990275A (en) * 2019-11-25 2020-04-10 中国银行股份有限公司 Page display testing method and device for mobile phone bank
CN111832005A (en) * 2020-07-15 2020-10-27 中国工商银行股份有限公司 Application authorization method, application authorization device and electronic equipment

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101448001A (en) * 2008-11-19 2009-06-03 中国工商银行股份有限公司 System for realizing WAP mobile banking transaction security control and method thereof
US20120116925A1 (en) * 2010-11-10 2012-05-10 Ebay Inc. Secure in-line payments for rich internet applications
US20150348015A1 (en) * 2012-12-19 2015-12-03 Deutsche Telekom Ag Method and system for terminal device-based communication between third-party applications and an electronic wallet
US20140351126A1 (en) * 2013-05-22 2014-11-27 Seth Priebatsch Secure synchronization of payment accounts to third-party applications or websites
CN105591745A (en) * 2014-11-07 2016-05-18 中国银联股份有限公司 Method and system for performing identity authentication on user using third-party application
CN105931040A (en) * 2016-06-07 2016-09-07 中国建设银行股份有限公司 Security verification method and system for mobile phone bank customer
CN108476226A (en) * 2016-12-22 2018-08-31 华为技术有限公司 application program authorization method, terminal and server
US9940653B1 (en) * 2017-04-07 2018-04-10 Stripe, Inc. Systems and methods for a commerce platform coordinating transactions within third party applications
CN109815684A (en) * 2019-01-30 2019-05-28 广东工业大学 A kind of identity identifying method, system and server and storage medium
CN110348827A (en) * 2019-05-24 2019-10-18 平安银行股份有限公司 The direct-connected method of medium and small bank, minuscule-type-enterprise and relevant device based on third-party application
CN110990275A (en) * 2019-11-25 2020-04-10 中国银行股份有限公司 Page display testing method and device for mobile phone bank
CN111832005A (en) * 2020-07-15 2020-10-27 中国工商银行股份有限公司 Application authorization method, application authorization device and electronic equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
熊小军等: "APP后台用户安全登录验证解决方案的研究", 《电子世界》 *

Also Published As

Publication number Publication date
CN112511510B (en) 2022-09-30

Similar Documents

Publication Publication Date Title
JP7030981B2 (en) Asset management methods and equipment, and electronic devices
US11223477B2 (en) Data sharing method, client, server, computing device, and storage medium
CN108898389B (en) Content verification method and device based on block chain and electronic equipment
US20230281607A1 (en) Method and system for mobile cryptocurrency wallet connectivity
KR20200081441A (en) Asset management method and apparatus, and electronic device
KR20200084009A (en) Asset management method and apparatus, and electronic device
CN111382168B (en) Node group creating method and node group-based transaction method in alliance chain network
CN110826043B (en) Digital identity application system and method, identity authentication system and method
CN112333198A (en) Secure cross-domain login method, system and server
CN105027107A (en) Secure virtual machine migration
US11943256B2 (en) Link detection method and apparatus, electronic device, and storage medium
CN109981576B (en) Key migration method and device
WO2023005838A1 (en) Data sharing method and electronic device
CN111062059B (en) Method and device for service processing
CN111949959A (en) Authorization authentication method and device in Oauth protocol
WO2023122633A1 (en) Verified presentation of non-fungible tokens
CN113271364B (en) Sharing system, method, computer device and storage medium of service arrangement data
US8904508B2 (en) System and method for real time secure image based key generation using partial polygons assembled into a master composite image
CN112511510B (en) Authorization authentication method, system, electronic equipment and readable storage medium
CN115567297A (en) Cross-site request data processing method and device
CN115037482A (en) Fraud detection method and device, electronic equipment and readable storage medium
CN106534047B (en) A kind of information transferring method and device based on Trust application
CN114549206A (en) Transaction anti-repudiation method, system, electronic equipment and readable storage medium
WO2020252753A1 (en) Blockchain node device, authentication method and device thereof, and storage medium
CN114139121A (en) Identity verification method and device, electronic equipment and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TA01 Transfer of patent application right

Effective date of registration: 20220919

Address after: 25 Financial Street, Xicheng District, Beijing 100033

Applicant after: CHINA CONSTRUCTION BANK Corp.

Address before: 12 / F, 15 / F, 99 Yincheng Road, Pudong New Area pilot Free Trade Zone, Shanghai, 200120

Applicant before: Jianxin Financial Science and Technology Co.,Ltd.

TA01 Transfer of patent application right