CN113014576A - Service authority control method, device, server and storage medium - Google Patents
Service authority control method, device, server and storage medium Download PDFInfo
- Publication number
- CN113014576A CN113014576A CN202110204713.XA CN202110204713A CN113014576A CN 113014576 A CN113014576 A CN 113014576A CN 202110204713 A CN202110204713 A CN 202110204713A CN 113014576 A CN113014576 A CN 113014576A
- Authority
- CN
- China
- Prior art keywords
- access
- interface
- token
- accessed
- access request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 238000003860 storage Methods 0.000 title claims abstract description 46
- 238000012795 verification Methods 0.000 claims abstract description 35
- 238000013475 authorization Methods 0.000 claims description 27
- 230000004044 response Effects 0.000 claims description 24
- 238000012545 processing Methods 0.000 claims description 22
- 238000004891 communication Methods 0.000 description 16
- 230000006870 function Effects 0.000 description 16
- 230000008569 process Effects 0.000 description 10
- 238000010586 diagram Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 230000009286 beneficial effect Effects 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000003190 augmentative effect Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 235000014510 cooky Nutrition 0.000 description 1
- 235000019800 disodium phosphate Nutrition 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the disclosure provides a service authority control method, a service authority control device, a server and a storage medium, relates to the technical field of computers and aims to solve the problem that in the prior art, user operation is too complicated. The method specifically comprises the following steps: acquiring a first access request, wherein the first access request comprises a first access address and an access token, the first access request is used for requesting to load a first access result, and the access token is used for verifying the access authority of the first access request; analyzing the first access address to determine an interface to be accessed and an interface grade of the interface to be accessed; verifying an access token corresponding to the interface grade of the interface to be accessed according to the interface grade of the interface to be accessed; when the access token passes the verification of the interface to be accessed of the interface level, responding to the first access request to generate a first access result; and sending the first access result to the terminal.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a service right control method, an apparatus, a server, and a storage medium.
Background
At present, when the interface level corresponding to the network interface accessed by the terminal is higher, secondary authentication is mostly needed. The secondary authentication is that when the terminal has the basic access right, a preset password still needs to be verified, and the preset password is used for judging whether the terminal has the right to access the network interface with the higher interface level. Such as: the terminal logs in a shopping website and needs to input a payment password when entering a payment interface; and inputting the payment password to obtain the secondary authentication.
Typically, the secondary authentication is only valid in one jump of the page. If the terminal involves multiple accesses of the network interface with a higher interface level in the access process, multiple secondary authentications are required, so that the user operation is too complicated.
Disclosure of Invention
The disclosure provides a service authority control method, a service authority control device, a server and a storage medium, which are used for solving the problem that in the prior art, user operation is too complicated.
In order to achieve the purpose, the technical scheme adopted by the disclosure is as follows:
in a first aspect, the present disclosure provides a service authority control method for a server, including the following steps: the server acquires a first access request, wherein the first access request comprises a first access address and an access token, the first access request is used for requesting to load a first access result, and the access token is used for verifying the access authority of the first access request; the server analyzes the first access address to determine an interface to be accessed and an interface grade of the interface to be accessed; the server verifies an access token corresponding to the interface grade of the interface to be accessed according to the interface grade of the interface to be accessed; when the access token passes the verification of the interface to be accessed of the interface level, the server responds to the first access request to generate a first access result; the server sends the first access result to the terminal.
In a second aspect, the present disclosure provides a service right control method for a terminal, including the following steps: the terminal acquires an access token, and the access token is used for verifying the access authority of the first access request; the terminal sends a first access request to the server, wherein the first access request comprises a first access address and an access token, and the first access request is used for requesting to load a first access result; the terminal receives the first access result from the server.
In a third aspect, the present disclosure provides a service authority control apparatus for a server, including an obtaining module, a processing module, and a sending module; the acquisition module is configured to acquire a first access request, wherein the first access request comprises a first access address and an access token, the first access request is used for requesting to load a first access result, and the access token is used for verifying the access authority of the first access request; the processing module is configured to analyze the first access address to determine an interface to be accessed and an interface grade of the interface to be accessed; the processing module is also configured to verify an access token corresponding to the interface level of the interface to be accessed according to the interface level of the interface to be accessed; the processing module is further configured to generate a first access result in response to the first access request when the access token passes the verification of the interface to be accessed of the interface level; a sending module configured to send the first access result to the terminal.
In a fourth aspect, the present disclosure provides a service right control apparatus for a terminal, including an obtaining module and a sending module; an obtaining module configured to obtain an access token, the access token being used for verifying an access right of the first access request; the sending module is configured to send a first access request to the server, wherein the first access request comprises a first access address and an access token, and the first access request is used for requesting to load a first access result; a sending module further configured to receive the first access result from the server.
In a fifth aspect, a server is provided, including: a processor; a memory for storing the processor-executable instructions; wherein the processor is configured to execute instructions to implement the service entitlement control method as provided in the first aspect above.
In a sixth aspect, a terminal is provided, including: a processor; a memory for storing the processor-executable instructions; wherein the processor is configured to execute instructions to implement the service entitlement control method as provided in the first aspect above.
In a seventh aspect, the present disclosure provides a computer-readable storage medium comprising instructions. The instructions, when executed on a computer, cause the computer to perform the service entitlement control method as provided above in the first aspect.
In an eighth aspect, the present disclosure provides a computer program product which, when run on a computer, causes the computer to execute the service authorization control method as provided in the first aspect.
It should be noted that all or part of the above computer instructions may be stored on the first computer readable storage medium. The first computer readable storage medium may be packaged with the processor of the access network device or may be packaged separately from the processor of the access network device, which is not limited in this disclosure.
Reference may be made to the detailed description of the first aspect for descriptions of the third, fifth, seventh and eighth aspects of the disclosure; in addition, for the beneficial effects described in the third aspect, the fifth aspect, the seventh aspect and the eighth aspect, reference may be made to the beneficial effect analysis of the first aspect, and details are not repeated here.
The description of the fourth aspect, the sixth aspect to the eighth aspect in the present disclosure may refer to the detailed description of the second aspect; in addition, the beneficial effects described in the fourth aspect and the sixth aspect to the eighth aspect may refer to the beneficial effect analysis of the second aspect, and are not described herein again.
In the present disclosure, the above names do not limit the devices or functional modules themselves, and in actual implementation, the devices or functional modules may appear by other names. Insofar as the functions of the respective devices or functional modules are similar to those of the present disclosure, they are within the scope of the claims of the present disclosure and their equivalents.
The technical scheme provided by the embodiment of the disclosure at least brings the following beneficial effects:
in the service authority control method provided by the disclosure, when a terminal sends an access request to a server, the server needs to verify whether the terminal has the authority to access a corresponding interface; and if the terminal has the access authority, the server generates different access tokens according to the grade of the terminal access interface. When the terminal accesses an interface of a first level, the server generates a common token; when the terminal accesses the interface of the second level, the server generates the authorization token. The terminal acquires the access token sent by the server, adds the access token into the access request when the access request is initiated again, can directly verify the access token in the access request when the server analyzes the access request, and determines whether the terminal has the access right or not by verifying the access token. Therefore, the condition that the terminal inputs the preset password again for verification is avoided, and the user experience is further improved; the safety of the traditional secondary authentication is guaranteed, and the convenience of operation is improved. Meanwhile, the method is simple and easy to operate, low in learning cost and wide in applicability.
These and other aspects of the disclosure will be more readily apparent from the following description.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present disclosure, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
FIG. 1 is a schematic diagram of a service authorization control system according to an embodiment of the present disclosure;
FIG. 2 is a flowchart illustrating a service authorization control method according to an embodiment of the disclosure;
FIG. 3 is a second flowchart illustrating a service right control method according to an embodiment of the disclosure;
FIG. 4 is a third flowchart illustrating a service authorization control method according to an embodiment of the disclosure;
FIG. 5 is a schematic structural diagram of a service right control device according to an embodiment of the present disclosure;
FIG. 6 is a second schematic diagram illustrating a service right control apparatus according to an embodiment of the present disclosure;
FIG. 7 is a third schematic structural diagram of a service right control apparatus according to an embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of a computer program product of a service right control method provided in accordance with an embodiment of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
It should be noted that in the embodiments of the present disclosure, words such as "exemplary" or "for example" are used to mean serving as examples, illustrations or descriptions. Any embodiment or design described as "exemplary" or "e.g.," in an embodiment of the present disclosure is not to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.
For the convenience of clearly describing the technical solutions of the embodiments of the present disclosure, in the embodiments of the present disclosure, the terms "first" and "second" are used to distinguish the same items or similar items with basically the same functions and actions, and those skilled in the art will understand that the terms "first" and "second" are not limited in number or execution order.
Firstly, introduction is made to an application scenario of the technical scheme provided by the present disclosure:
data access for most applications today is essentially terminal/server mode. The server provides a Hypertext Transfer Protocol (HTTP) interface for the terminal to call data. In general, when a server receives an access request from a terminal, the server performs identity authentication on the terminal, that is, common user login. After logging in, the user can access the terminal for a plurality of times before the terminal is closed or within a certain time, and login information does not need to be input for a plurality of times. The existing implementation of one-time authentication and multiple-time access is as follows:
the first data (cookie)/data (session) method stored on the user's local terminal: and when receiving a user login request, the server stores the login information in the server, adds a storage instruction in a response message, and stores the login information in the terminal when the terminal receives the storage instruction. And when the access request is sent again subsequently, the terminal sends the login information stored by the terminal to the server, and the server can directly acquire the previous login information.
The second token mode: in the method 1, the data stored in the memory of the server may cause the failure of the login information when the terminal is unexpectedly turned off or the server is unexpectedly turned off. Meanwhile, in some service scenarios, the server is deployed in a distributed manner and the login information of the user needs to be stored persistently. In order to solve the problems, the server generates a common token after the user successfully logs in, and stores the token in a persistence layer database. Similarly to the manner 1, the terminal acquires and stores the token in the response information of the login request. When the access request is sent again subsequently, the terminal directly sends the common token to the server, and the server can directly obtain the previous login information.
Both the above two ways can realize one-time authentication and multiple accesses, however, in some complex application systems, the interface authority of the server has different grade distinction. The lowest level interfaces generally allow anonymous access, for example: viewing commodity introduction information and the like; secondly, the interface for distinguishing the user identity can be accessed only after the user inputs login information, for example: view personal orders, etc.; finally, the interface with higher privacy needs to input the interface password again to access, for example: and paying the order of the shopping website by using a password or a short message verification code and the like. In the existing application system, secondary authentication is set for an interface with a high interface authority level, but the existing secondary authentication is effective once, if a user performs multiple operations on the interface with the high authority level in a one-time use process, the secondary authentication needs to be performed for multiple times, and although the access safety is improved, the operation is also complicated.
In order to solve the above problem, an embodiment of the present disclosure provides a service authority control method. When the terminal accesses an interface with a high interface level, a preset password needs to be verified, and when the preset password passes the verification, the server generates an access token according to the preset password; when the terminal accesses the interface with high interface level for many times, the server can directly authenticate the access token, thereby not needing to authenticate for many times. The access security is guaranteed, and the user experience is improved.
The service authority control method provided by the embodiment of the disclosure is suitable for a control system. Fig. 1 shows a control system including a terminal, a first interceptor, a second interceptor, and a server, which are connected through a wired network or a wireless network. Wherein the first interceptor is adapted to the terminal side and the second interceptor is adapted to the server side. Specifically, the first interceptor may also be disposed inside the terminal in the form of a functional component, and the second interceptor may also be disposed inside the server in the form of a functional component. The present disclosure is not so limited.
For example, the terminal in the embodiment of the present disclosure may be a mobile phone, a tablet computer, a desktop computer, a laptop computer, a handheld computer, a notebook computer, an ultra-mobile personal computer (UMPC), a netbook, a cellular phone, a Personal Digital Assistant (PDA), an Augmented Reality (AR) \ Virtual Reality (VR) device, and the like, which may be installed with an instant messaging application and communicate using the instant messaging application, and the embodiment of the present disclosure does not particularly limit the specific form of the electronic device.
For example, the server in the embodiment of the present disclosure may be one server, or may also be a server cluster composed of multiple servers, which is not limited in the present disclosure.
After the application scenario and the implementation environment of the embodiment of the present disclosure are introduced, a service authority control method provided by the embodiment of the present disclosure is described in detail.
Fig. 2 is a flowchart illustrating a service authority control method according to an exemplary embodiment, and as shown in fig. 2, the method may include steps 201 to 210:
step 201, the server acquires a second access request and a preset password.
Wherein the second access request includes a second access address; the second access request is used for requesting to load a second access result; the preset password is used to verify the access right of the second access request.
The specific operations for the instructions in this disclosure (including fetch operations, authentication operations, validation operations, etc.) are implemented in the interceptor. The interceptor applied to the server side is the second interceptor, and the interceptor applied to the terminal side is the first interceptor. Illustratively, the first interceptor and the second interceptor referred to in this disclosure are each separate products. By adopting the mode, the situation that the existing system is changed greatly is avoided, and the adaptability is stronger. Meanwhile, the first interceptor may also be a functional component embedded in the terminal, and the second interceptor may also be a functional component embedded in the server, which is not limited in this disclosure.
Illustratively, the present disclosure employs separate first and second interceptor products.
Step 202, the server analyzes the second access address to determine the interface to be accessed and the interface level of the interface to be accessed.
In this step, the second interceptor at the server side analyzes the second access request to determine the interface to be accessed, and determines which level the interface accessed by the second access request belongs to according to the interface plan in the service system. The interface level of the interface to be accessed is divided into a first level and a second level. The interface level can be customized according to the requirements of the service system, and is not limited to the two types.
Illustratively, the first level may be a normal level and the second level may be a sensitivity level. When a user accesses a shopping website through a terminal, if the user accesses a login interface, the first-level interface is defined as a common-level interface, and if the user accesses a payment interface, the second-level interface is defined as a sensitive-level interface.
And 203, the server verifies a preset password corresponding to the interface grade of the interface to be accessed according to the interface grade of the interface to be accessed.
In this step, after determining the interface level of the interface to be accessed, if an access request of the terminal is to be executed, it is necessary to determine whether the terminal has an access right. And judging whether the preset password is consistent with the password to be matched or not by judging the access authority, wherein the password to be matched is an authentication password stored in a back-end database of the interface to be accessed.
For example, if the interface of the first level is accessed, the terminal is required to provide a password corresponding to the first level, such as a user account, a password, a short message authentication code, and the like; if the accessed interface is the interface of the second level, the terminal is required to provide the password corresponding to the second level, such as: bank card passwords, payment passwords, and the like.
And step 204, when the preset password passes the verification of the interface to be accessed of the interface level, the server generates an access token and responds to the second access request to generate a second access result.
In this step, when it is determined that the access authority passes the verification, that is, when the preset password and the verification password are consistent, a second interceptor on the server side determines that the verification passes, generates an access token, and at the same time, sends a second access request to the terminal for processing, and generates a corresponding second access result after the processing is finished. Wherein, the access token stores the specific information of the preset password.
Step 204 further comprises:
step 2041, if the interface level of the interface to be accessed is the first level and the preset password passes the verification of the interface to be accessed of the first level, generating a basic token.
Specifically, when the interface level of the interface to be accessed, which is accessed next time, is the first level, the second interceptor on the server side can directly verify the basic token without performing an authentication process of a preset password.
Step 2042, if the interface level of the interface to be accessed is the second level and the preset password passes the verification of the interface to be accessed of the second level, a right-raising token is generated.
Specifically, the generated authorization token is used when the interface level of the interface to be accessed for the next access is the second level, and the second interceptor at the server side can directly verify the authorization token without performing a preset password authentication process.
And step 205, the server sends the second access result and the access token to the terminal.
In this step, the second interceptor on the server side sends the second access request that passes the verification to the server, the server generates a second access result according to the second access request, and the server sends the second access result to the second interceptor on the server side. The second interceptor at the server side sends an HTTP response code to the terminal through the first interceptor at the terminal side, wherein the HTTP response code includes: 200. 401, 402, and others. Wherein 200 is used for representing processed service data, 401 is used for representing jumping to a login page, 402 is used for representing that secondary authentication needs to be processed, and the other is used for representing page prompt errors.
Step 206, the server obtains the first access request.
Wherein the first access request comprises a first access address and an access token. The first access request is used for requesting to load a first access result, and the access token is used for verifying the access right of the first access request.
In this step, the first interceptor at the terminal side receives the access service, i.e., the first access request, initiated again by the terminal, adds the access token sent by the second interceptor at the server side to the first access request, and sends the first access request with the access token added to the second interceptor at the server side.
Step 207, the server analyzes the first access address to determine the interface to be accessed and the interface level of the interface to be accessed.
In step 202, the second interceptor at the server side determines the interface level of the interface to be accessed.
And step 208, the server verifies the access token corresponding to the interface grade of the interface to be accessed according to the interface grade of the interface to be accessed.
In step 203, after determining the interface level of the access interface, the second interceptor on the server side can know whether to call the back-end database corresponding to the first level or call the back-end database corresponding to the second level. And comparing the data in the access token with the verification password of the back-end database so as to determine a verification result.
Illustratively, after the first authentication is successful, an access token (the access token is a common token derived based on the first level) is generated, when the access request is initiated again, the first interceptor on the terminal side adds the access token into the first access request, and if the interface level to be accessed by the current terminal is still the first level, the second interceptor on the server side can directly authenticate the data of the access token, directly process the first access request after the authentication is passed, and send the HTTP authentication code 200 to the first interceptor on the terminal side. If the interface level to be accessed by the current terminal is the second level, the second interceptor on the server side verifies the data of the access token, if the verification fails, the HTTP verification code 402 is sent to the first interceptor on the terminal side, the first interceptor on the terminal side displays a window for obtaining the secondary authentication to the terminal after receiving the window 402, the user inputs a preset password, the first interceptor on the terminal side sends the preset password to the second interceptor on the server side, the second interceptor on the server side performs the secondary authentication, and determines that the preset password is correct, an access token is generated (the access token is a right-lifting token obtained based on the second level), and the HTTP verification code 200 is sent to the first interceptor on the terminal side. And after the terminal initiates the access request of the sensitive interface again, the first interceptor at the terminal side sets the common token and the right-lifting token into the access request and sends the access request to the second interceptor at the server side, the second interceptor at the server side performs access verification of the common token and the right-lifting token, and directly processes the access request of the sensitive interface initiated by the terminal after the verification is passed.
Step 209, when the access token passes the verification of the interface to be accessed of the interface level, the server responds to the first access request to generate a first access result.
In this step, after the verification is passed, the second interceptor on the server side responds to the first access request to generate a first access result.
Step 210, the server sends the first access result to the terminal.
In this step, the second interceptor at the server side sends the first access result to the terminal.
Fig. 3 shows a flowchart of a service entitlement control method for a Web client, according to an exemplary embodiment, which may include steps 301-303:
step 301, the terminal obtains an access token.
Wherein the access token is used to verify the access rights of the first access request.
In the step, the first interceptor at the terminal side acquires the common token and the right-giving token which are sent by the second interceptor from the server, and uniformly sets the access token into the HTTP request header, so that the subsequent authentication is facilitated.
Further, if the generated access token is a basic token, the basic token is stored in the nonvolatile storage medium.
And the second interceptor of the server sends the generated basic token to the terminal through the first interceptor at the terminal side, and the terminal stores the basic token. The terminal stores the basic token, needs a special application program to execute the basic token, and cannot automatically execute storage. The terminal may choose to save the base token to a non-volatile storage medium (localStorage) or to a volatile storage medium (sessionStorage).
As shown in table 1, the base token is used for authentication when accessing the interface of the first level; the basic token is associated with user information, and the basic token stored in the nonvolatile storage medium is valid for a long time and only becomes invalid when actively deleted.
| Basic token | Authority-raising token | |
| Use of | Accessing a first level interface | Accessing a second level interface |
| Associated information | User information | Security policy |
| Storage location | In a non-volatile storage medium | In a volatile storage medium |
| Period of validity | Effective for a long time, actively deleting failures | Session active, page close inactive |
TABLE 1
Further, if the obtained access token is the authorization token, the authorization token is stored in the volatile storage medium.
As shown in table 1, the authorization token is used for authentication when accessing the second level interface; the authorization token is associated with a security policy. The security policy can set the validity period of the authorization token, the maximum valid times of the authorization token, the Internet Protocol (IP) address of the binding terminal, the basic token of the binding, etc. to realize the setting of the validity and security of the authorization token. The entitlement token, stored in a volatile storage medium, is valid only during a session and is invalidated when a page closes.
Step 302, the terminal sends a first access request to the server.
The first access request comprises a first access address and an access token, and the first access request is used for requesting to load a first access result.
Specifically, when the access request is classified according to the interface level to be accessed, the access request includes: and accessing the interface to be accessed of the first level and accessing the interface to be accessed of the second level.
Step 303, the terminal receives the first access result from the server.
For the above classification, with reference to fig. 2 and fig. 3, a specific application scenario of the service right control method includes the following aspects.
1) When the first level of the interface to be accessed is accessed for the first time:
a user initiates a second access request (such as a login request) on a browser service interface, inputs login information (including a user name and a password), and the browser service interface sends the login request and the login information to a first interceptor at a terminal side;
a first interceptor at a terminal side sends a login request and login information to a second interceptor at a server side;
and the second interceptor at the server side judges whether the login information accords with the login logic, judges the interface level of the interface to be accessed is a common interface, generates a basic token after verifying that the login information accords with the login logic, and sends a response message of successful login and the basic token to the first interceptor at the terminal side.
And after receiving the message, the first interceptor at the terminal side stores the basic token into a nonvolatile storage medium of the browser service page for storage.
2) When the interface to be accessed of the first level is accessed for the second time:
after receiving a first access request (for requesting a common interface), a service interface of the browser sends the first access request to a first interceptor at a terminal side; and the first interceptor on the terminal side sets a basic token in the access request and sends the access request containing the basic token to the second interceptor on the server side.
And the second interceptor at the server side judges the interface level of the interface to be accessed by the access request, performs interface authentication on the basic token in the access request when the interface to be accessed is determined to be a common interface, verifies the basic token, and sends the verification of the basic token and the return data of the access request to the first interceptor at the terminal side.
A first interceptor at the terminal side sends an HTTP response code (code:200) to a service interface of the browser, and the HTTP response code is used for representing that the server processes the access request;
the service interface of the browser receives the HTTP response code (code:200) and displays the processed service data.
3) When the interface to be accessed of the second level is accessed for the first time:
after a service interface of the browser receives a second access request (for requesting a sensitive interface), the second access request is sent to a first interceptor at a terminal side; and the first interceptor on the terminal side sets a basic token in the second access request and sends the second access request containing the basic token to the second interceptor on the server side.
And the second interceptor at the server side judges the interface level of the interface to be accessed by the second access request, and when the interface to be accessed is determined to be a sensitive interface, the second interceptor at the server side performs interface authentication on the basic token and the authorization token in the access request, the basic token is verified to be passed, the authorization token is verified to be not passed, and the second interceptor at the server side sends authorization token verification fail and a response code (code:402) to the first interceptor at the terminal side.
The first interceptor at the terminal side sends an HTTP response code (code:402) to the service interface of the browser for representing that the authentication failure of the sensitive interface needs to be authenticated for the second time.
The service interface of the browser receives the HTTP response code (code:402) and displays that secondary authentication is required.
The user inputs a secondary authentication instruction and a preset password (such as a login password and a payment password of an online bank) on a browser service interface; a service interface of the browser sends a preset password to a first interceptor at a terminal side; and the first interceptor at the terminal side sets a basic token in the secondary authentication instruction and sends the secondary authentication instruction containing the basic token to the second interceptor at the server side.
The second interceptor at the server side judges whether the preset password accords with the secondary authentication logic, generates an authorization-raising token after verifying that the preset password accords with the secondary authentication logic, and sends a secondary authentication success message and the authorization-raising token to the first interceptor at the terminal side;
and after receiving the message, the first interceptor at the terminal side stores the authorization token into a volatile storage medium of the browser service page for storage.
After the secondary authentication is processed, the first interceptor on the terminal side sets a basic token and a right-giving token in an access request (for requesting a sensitive interface), and sends the access request containing the basic token and the right-giving token to the second interceptor on the server side.
And the second interceptor at the server side judges the interface level of the interface to be accessed of the access request, performs interface authentication on the basic token and the authorization token in the access request when determining that the interface to be accessed is a sensitive interface, verifies the basic token and verifies the authorization token, and sends authentication success and return data of the access request to the first interceptor at the terminal side.
A first interceptor at the terminal side sends an HTTP response code (code:200) to a service interface of the browser, and the HTTP response code is used for representing that the server processes the access request;
the service interface of the browser receives the HTTP response code (code:200) and displays the processed service data.
When a user closes a service interface of the browser, the authorization-raising token stored in the volatile storage medium is lost, and meanwhile, because the authorization-raising token is bound with the security policy, the authorization-raising token is invalid when the rules of the security policy are not met; when the user closes the service interface of the browser, the basic token stored in the nonvolatile storage medium can exist for a period of time and can be directly called when needed.
4) When the interface to be accessed of the second level is accessed again:
after a service interface of a browser receives a first access request (for requesting a sensitive interface), sending the first access request to a first interceptor at a terminal side; and the first interceptor on the terminal side sets a basic token and a right-giving token in the access request and sends the access request containing the basic token and the right-giving token to the second interceptor on the server side.
And the second interceptor at the server side sends the basic token, the authorization token verification pass and the return data of the first access request to the first interceptor at the terminal side.
A first interceptor at the terminal side sends an HTTP response code (code:200) to a service interface of the browser, and the HTTP response code is used for representing that the server processes the access request;
the service interface of the browser receives the HTTP response code (code:200) and displays the processed service data.
Fig. 4 shows a flowchart of a service entitlement control method, which may include steps 401-408, according to an example embodiment:
step 401, the terminal obtains an access token, and the access token is used for verifying the access authority of the first access request.
Step 402, the terminal sends a first access request to the server, wherein the first access request comprises a first access address and an access token, and the first access request is used for requesting to load a first access result.
Step 403, the server obtains a first access request, where the first access request includes a first access address and an access token, the first access request is used to request to load a first access result, and the access token is used to verify an access right of the first access request.
Step 404, the server analyzes the first access address to determine the interface to be accessed and the interface level of the interface to be accessed.
Step 405, according to the interface level of the interface to be accessed, the server verifies the access token corresponding to the interface level of the interface to be accessed.
Step 406, the server generates a first access result in response to the first access request when the access token passes the verification of the interface to be accessed of the interface level.
Step 407, the server sends the first access result to the terminal.
Step 408, the terminal receives the first access result from the server.
In the service authority control method provided by the disclosure, when a terminal sends an access request to a server, the server needs to verify whether the terminal has the authority to access a corresponding interface; and if the terminal has the access authority, the server generates different access tokens according to the grade of the terminal access interface. When the terminal accesses an interface of a first level, the server generates a common token; when the terminal accesses the interface of the second level, the server generates the authorization token. The terminal acquires the access token sent by the server, adds the access token into the access request when the access request is initiated again, can directly verify the access token in the access request when the server analyzes the access request, and determines whether the terminal has the access right or not by verifying the access token. Therefore, the condition that the terminal inputs the preset password again for verification is avoided, and the user experience is further improved; the safety of the traditional secondary authentication is guaranteed, and the convenience of operation is improved. Meanwhile, the method is simple and easy to operate, low in learning cost and wide in applicability.
The foregoing describes the scheme provided by the embodiments of the present disclosure, primarily from a methodological perspective. To implement the above functions, it includes hardware structures and/or software modules for performing the respective functions. Those of skill in the art will readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.
Fig. 5 is a schematic structural diagram of a service right control apparatus according to an exemplary embodiment, which is used for a server and can be used for executing the service right control method shown in fig. 2. As one implementation, the apparatus may include an obtaining module 510, a processing module 520, and a sending module 530.
An obtaining module 510 configured to obtain a first access request, where the first access request includes a first access address and an access token, the first access request is used to request loading of a first access result, and the access token is used to verify an access right of the first access request; for example, in conjunction with fig. 2, the obtaining module 410 may be used to perform step 206.
A processing module 520 configured to verify an access token corresponding to an interface level of an interface to be accessed according to the interface level of the interface to be accessed; for example, in conjunction with fig. 2, processing module 520 may be used to perform step 207.
A processing module 520 further configured to generate a first access result in response to the first access request when the access token passes the verification of the interface to be accessed of the interface level; for example, in conjunction with fig. 2, processing module 520 may be used to perform step 208.
The processing module 520 is further configured to generate a first access result in response to the first access request if the access right verification passes; for example, in conjunction with fig. 2, processing module 520 may be used to perform step 209.
A sending module 530 configured to send the first access result to the terminal. For example, in conjunction with fig. 2, the sending module 530 may be configured to perform step 210.
Of course, the service authority control device provided by the embodiment of the present disclosure includes, but is not limited to, the above modules, for example, the service authority control device may further include a storage module 540. The storage module 540 may be configured to store program codes of the write service authority control apparatus, and may also be configured to store data generated by the write service authority control apparatus during operation, such as data in a write request.
Fig. 6 is a schematic structural diagram illustrating a service authority control apparatus according to an exemplary embodiment, which is used for a second interceptor and can be used to execute the service authority control method illustrated in fig. 2. As one implementation, the apparatus may include an obtaining module 610 and a sending module 620.
An obtaining module 610 configured to obtain an access token, where the access token is used to verify an access right of the first access request; for example, in conjunction with fig. 3, the obtaining module 610 may be configured to perform step 301.
A sending module 620 configured to send a first access request to the server, where the first access request includes a first access address and an access token, and the first access request is used to request loading of a first access result; for example, in conjunction with fig. 3, the sending module 620 may be configured to perform step 302.
The sending module 620 is further configured to receive the first access result from the server. For example, in conjunction with fig. 3, the sending module 620 may be configured to perform step 303.
Of course, the service authority control device provided by the embodiment of the present disclosure includes, but is not limited to, the above modules, for example, the service authority control device may further include a storage module 630. The storage module 630 may be used to store the program code of the write service authority control apparatus, and may also be used to store data generated by the write service authority control apparatus during operation, such as data in a write request.
Fig. 7 is a schematic structural diagram of a service right control apparatus according to an embodiment of the present disclosure, where the service right control apparatus for a Web service end may include: at least one processor 71, a memory 72, a communication interface 73, and a communication bus 74.
The following specifically describes each component of the service right control apparatus with reference to fig. 7:
the processor 71 is a control center of the service authority control device, and may be a single processor or a collective term for a plurality of processing elements. For example, the processor 71 is a Central Processing Unit (CPU), or may be an Application Specific Integrated Circuit (ASIC), or may be one or more Integrated circuits configured to implement embodiments of the present disclosure, such as: one or more DSPs, or one or more Field Programmable Gate Arrays (FPGAs).
In particular implementations, processor 71 may include one or more CPUs such as CPU0 and CPU1 shown in fig. 7 as one example. Also, as an embodiment, the service authority control device may include a plurality of processors, such as the processor 71 and the processor 75 shown in fig. 7. Each of these processors may be a Single-core processor (Single-CPU) or a Multi-core processor (Multi-CPU). A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).
The Memory 72 may be a Read-Only Memory (ROM) or other type of static storage device that can store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that can store information and instructions, an Electrically Erasable Programmable Read-Only Memory (EEPROM), a Compact Disc Read-Only Memory (CD-ROM) or other optical Disc storage, optical Disc storage (including Compact Disc, laser Disc, optical Disc, digital versatile Disc, blu-ray Disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such. The memory 72 may be separate and coupled to the processor 71 via a communication bus 74. The memory 72 may also be integrated with the processor 71.
In a particular implementation, the memory 72 is used to store data and execute software programs of the present disclosure. The processor 71 may perform various functions of the air conditioner by running or executing software programs stored in the memory 72 and calling data stored in the memory 72.
The communication interface 73 is a device such as any transceiver, and is used for communicating with other devices or communication Networks, such as a Radio Access Network (RAN), a Wireless Local Area Network (WLAN), a terminal, and a cloud. The communication interface 73 may include an acquisition unit implementing an acquisition function and a transmission unit implementing a transmission function.
The communication bus 74 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 7, but this is not intended to represent only one bus or type of bus.
As an example, in connection with fig. 7, the processing module in the service right control apparatus implements the same function as the processor 71 in fig. 7, and the storage module implements the same function as the memory 72 in fig. 7.
Another embodiment of the present disclosure also provides a computer-readable storage medium, which stores instructions that, when executed on a computer, cause the computer to perform the method shown in the above method embodiment.
In some embodiments, the disclosed methods may be implemented as computer program instructions encoded on a computer-readable storage medium in a machine-readable format or encoded on other non-transitory media or articles of manufacture.
Fig. 8 schematically illustrates a conceptual partial view of a computer program product comprising a computer program for executing a computer process on a computing device provided by an embodiment of the present disclosure.
In one embodiment, the computer program product is provided using a signal bearing medium 810. Signal bearing medium 810 may include one or more program instructions that, when executed by one or more processors, may provide the functions or portions of the functions described above with respect to fig. 2. Thus, for example, referring to the embodiment shown in fig. 2, one or more features of steps 201-210 may be undertaken by one or more instructions associated with the signal bearing medium 810. Further, the program instructions in FIG. 8 also describe example instructions.
In some examples, signal bearing medium 810 may include a computer readable medium 811, such as, but not limited to, a hard disk drive, a Compact Disc (CD), a Digital Video Disc (DVD), a digital tape, a memory, a read-only memory (ROM), a Random Access Memory (RAM), or the like.
In some implementations, the signal bearing medium 810 may include a computer recordable medium 812 such as, but not limited to, memory, read/write (R/W) CDs, R/W DVDs, and the like.
In some implementations, the signal bearing medium 810 may include a communication medium 813 such as, but not limited to, a digital and/or analog communication medium (e.g., a fiber optic cable, a waveguide, a wired communications link, a wireless communication link, etc.).
The signal bearing medium 810 may be communicated by a wireless form of communication medium 813, such as a wireless communication medium conforming to the IEEE802.81 standard or other transmission protocol. The one or more program instructions may be, for example, computer-executable instructions or logic-implementing instructions.
In some examples, a data writing device, such as that described with respect to fig. 2, may be configured to provide various operations, functions, or actions in response to one or more program instructions through computer-readable medium 811, computer-recordable medium 812, and/or communications medium 813.
Through the above description of the embodiments, it is clear to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be completed by different functional modules according to needs, that is, the internal structure of the device may be divided into different functional modules to complete the above-described full-classification part or part of the functions.
In the several embodiments provided in the present disclosure, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described embodiments of the apparatus are merely illustrative, and for example, a module or a unit may be divided into only one logic function, and may be implemented in other ways, for example, a plurality of units or components may be combined or integrated into another apparatus, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may be one physical unit or a plurality of physical units, may be located in one place, or may be distributed to a plurality of different places. The purpose of the scheme of the embodiment can be realized by selecting a part of or a whole classification part unit according to actual needs.
In addition, functional units in the embodiments of the present disclosure may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present disclosure may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, etc.) or a processor (processor) to execute the whole classification part or part of the steps of the methods according to the embodiments of the present disclosure. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk.
The above is only a specific embodiment of the present disclosure, but the scope of the present disclosure is not limited thereto, and any changes or substitutions within the technical scope of the present disclosure should be covered by the scope of the present disclosure. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.
Claims (12)
1. A service authority control method is used for a server, and is characterized by comprising the following steps:
obtaining a first access request, wherein the first access request comprises a first access address and an access token, the first access request is used for requesting to load a first access result, and the access token is used for verifying the access authority of the first access request;
analyzing the first access address to determine an interface to be accessed and an interface grade of the interface to be accessed;
verifying an access token corresponding to the interface grade of the interface to be accessed according to the interface grade of the interface to be accessed;
generating a first access result in response to the first access request when the access token passes the verification of the interface to be accessed of the interface level;
and sending the first access result to the terminal.
2. The method of claim 1, wherein prior to obtaining the first access request, further comprising:
acquiring a second access request and a preset password, wherein the second access request comprises a second access address; the second access request is used for requesting to load a second access result; the preset password is used for verifying the access authority of the second access request;
analyzing the second access address to determine an interface to be accessed and an interface grade of the interface to be accessed;
verifying a preset password corresponding to the interface grade of the interface to be accessed according to the interface grade of the interface to be accessed;
when the preset password passes the verification of the interface to be accessed of the interface level, generating an access token, and responding to the second access request to generate a second access result;
and sending the second access result and the access token to the terminal.
3. The method of claim 2, wherein generating an access token when the preset password passes the verification of the interface level of the interface to be accessed comprises:
if the interface level of the interface to be accessed is a first level and the preset password passes the verification of the interface to be accessed of the first level, generating a basic token;
and if the interface level of the interface to be accessed is a second level and the preset password passes the verification of the interface to be accessed of the second level, generating a right-lifting token.
4. The method of claim 3,
the authorization token is associated with a security policy, and the security policy comprises an authorization token validity period, an authorization token maximum validity number, a binding second interceptor Internet Protocol (IP) address and a binding basic token.
5. A service authority control method is used for a terminal, and is characterized by comprising the following steps:
obtaining an access token, wherein the access token is used for verifying the access authority of the first access request;
sending the first access request to a server, wherein the first access request comprises a first access address and an access token, and the first access request is used for requesting to load a first access result;
a first access result is received from the server.
6. The method of claim 5, wherein obtaining the access token comprises:
if the obtained access token is a basic token, storing the basic token into a nonvolatile storage medium;
and if the acquired access token is the authorization token, storing the authorization token into a volatile storage medium.
7. A service right control apparatus for a server, comprising:
the acquisition module is configured to acquire a first access request, wherein the first access request comprises a first access address and an access token, the first access request is used for requesting to load a first access result, and the access token is used for verifying the access authority of the first access request;
the processing module is configured to analyze the first access address to determine an interface to be accessed and an interface grade of the interface to be accessed;
the processing module is also configured to verify an access token corresponding to the interface grade of the interface to be accessed according to the interface grade of the interface to be accessed;
a processing module further configured to generate a first access result in response to the first access request when the access token passes verification of an interface to be accessed of the interface level;
a sending module configured to send the first access result to a terminal.
8. A service right control apparatus for a terminal, comprising:
an obtaining module configured to obtain an access token, the access token being used for verifying an access right of the first access request;
a sending module configured to send a first access request to a server, the first access request including a first access address and an access token, the first access request requesting to load a first access result;
a sending module further configured to receive the first access result from the server.
9. A server, comprising:
a processor;
a memory for storing the processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the service entitlement control method of any one of claims 1 to 4.
10. A terminal, comprising:
a processor;
a memory for storing the processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the service entitlement control method of any of claims 5-6.
11. A computer-readable storage medium, comprising computer instructions which, when run on a server, cause the server to perform a service entitlement control method according to any one of claims 1-4.
12. A computer-readable storage medium, characterized in that it comprises computer instructions which, when run on a terminal, cause the terminal to perform the service right control method according to any of claims 5-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110204713.XA CN113014576B (en) | 2021-02-23 | 2021-02-23 | Service authority control method, device, server and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110204713.XA CN113014576B (en) | 2021-02-23 | 2021-02-23 | Service authority control method, device, server and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113014576A true CN113014576A (en) | 2021-06-22 |
| CN113014576B CN113014576B (en) | 2023-05-12 |
Family
ID=76408906
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110204713.XA Active CN113014576B (en) | 2021-02-23 | 2021-02-23 | Service authority control method, device, server and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113014576B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114024688A (en) * | 2021-11-29 | 2022-02-08 | 中电金信软件有限公司 | Network request method, network authentication method, terminal equipment and server |
| CN115567271A (en) * | 2022-09-21 | 2023-01-03 | 中国平安人寿保险股份有限公司 | Authentication method and device, page skip method and device, electronic equipment and medium |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6892307B1 (en) * | 1999-08-05 | 2005-05-10 | Sun Microsystems, Inc. | Single sign-on framework with trust-level mapping to authentication requirements |
| US20180293580A1 (en) * | 2017-04-07 | 2018-10-11 | Mastercard International Incorporated | Systems and methods for processing an access request |
| CN108989278A (en) * | 2017-05-30 | 2018-12-11 | 三星Sds株式会社 | Identification service system and method |
| US20190116179A1 (en) * | 2015-10-14 | 2019-04-18 | Alibaba Group Holding Limited | System, method and apparatus for device authentication |
| CN110324328A (en) * | 2019-06-26 | 2019-10-11 | 阿里巴巴集团控股有限公司 | A kind of safety certifying method, system and equipment |
| CN110943986A (en) * | 2019-11-27 | 2020-03-31 | 中国银行股份有限公司 | Service access control method and device, and gateway |
| CN111027033A (en) * | 2019-11-27 | 2020-04-17 | 中国银行股份有限公司 | Interface access method and device |
| CN111131242A (en) * | 2019-12-24 | 2020-05-08 | 北京格林威尔科技发展有限公司 | Authority control method, device and system |
| CN111538966A (en) * | 2020-04-17 | 2020-08-14 | 中移(杭州)信息技术有限公司 | Access method, access device, server and storage medium |
| CN111931144A (en) * | 2020-06-03 | 2020-11-13 | 南京南瑞信息通信科技有限公司 | Unified safe login authentication method and device for operating system and service application |
| CN112069490A (en) * | 2020-08-27 | 2020-12-11 | 北京百度网讯科技有限公司 | Method, device, electronic equipment and storage medium for providing applet capability |
| CN112149108A (en) * | 2020-09-15 | 2020-12-29 | 京东数字科技控股股份有限公司 | Access control method, device, electronic equipment and storage medium |
-
2021
- 2021-02-23 CN CN202110204713.XA patent/CN113014576B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6892307B1 (en) * | 1999-08-05 | 2005-05-10 | Sun Microsystems, Inc. | Single sign-on framework with trust-level mapping to authentication requirements |
| US20190116179A1 (en) * | 2015-10-14 | 2019-04-18 | Alibaba Group Holding Limited | System, method and apparatus for device authentication |
| US20180293580A1 (en) * | 2017-04-07 | 2018-10-11 | Mastercard International Incorporated | Systems and methods for processing an access request |
| CN108989278A (en) * | 2017-05-30 | 2018-12-11 | 三星Sds株式会社 | Identification service system and method |
| CN110324328A (en) * | 2019-06-26 | 2019-10-11 | 阿里巴巴集团控股有限公司 | A kind of safety certifying method, system and equipment |
| CN110943986A (en) * | 2019-11-27 | 2020-03-31 | 中国银行股份有限公司 | Service access control method and device, and gateway |
| CN111027033A (en) * | 2019-11-27 | 2020-04-17 | 中国银行股份有限公司 | Interface access method and device |
| CN111131242A (en) * | 2019-12-24 | 2020-05-08 | 北京格林威尔科技发展有限公司 | Authority control method, device and system |
| CN111538966A (en) * | 2020-04-17 | 2020-08-14 | 中移(杭州)信息技术有限公司 | Access method, access device, server and storage medium |
| CN111931144A (en) * | 2020-06-03 | 2020-11-13 | 南京南瑞信息通信科技有限公司 | Unified safe login authentication method and device for operating system and service application |
| CN112069490A (en) * | 2020-08-27 | 2020-12-11 | 北京百度网讯科技有限公司 | Method, device, electronic equipment and storage medium for providing applet capability |
| CN112149108A (en) * | 2020-09-15 | 2020-12-29 | 京东数字科技控股股份有限公司 | Access control method, device, electronic equipment and storage medium |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114024688A (en) * | 2021-11-29 | 2022-02-08 | 中电金信软件有限公司 | Network request method, network authentication method, terminal equipment and server |
| CN114024688B (en) * | 2021-11-29 | 2024-07-19 | 中电金信软件有限公司 | Network request method, network authentication method, terminal equipment and server |
| CN115567271A (en) * | 2022-09-21 | 2023-01-03 | 中国平安人寿保险股份有限公司 | Authentication method and device, page skip method and device, electronic equipment and medium |
| CN115567271B (en) * | 2022-09-21 | 2024-04-19 | 中国平安人寿保险股份有限公司 | Authentication method and device, page skip method and device, electronic equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113014576B (en) | 2023-05-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6949064B2 (en) | Authentication and approval method and authentication server | |
| US20210139127A1 (en) | Methods and systems for identifying and authorizing a user based on a mini-game login | |
| JP5147336B2 (en) | Method, system, and program for authenticating a user attempting to perform an electronic service request | |
| US10171241B2 (en) | Step-up authentication for single sign-on | |
| CN108369615B (en) | Dynamically updating CAPTCHA challenges | |
| US11995712B1 (en) | Secure data exchange | |
| US11709921B1 (en) | Quick-logon for computing device | |
| US20180013747A1 (en) | Controlling Access to Resources on a Network | |
| US11539526B2 (en) | Method and apparatus for managing user authentication in a blockchain network | |
| KR20160006185A (en) | Two factor authentication | |
| JP2023145552A (en) | Method and system for authenticating secure qualification information transfer to device | |
| CN107682336B (en) | Geographic position-based identity authentication method and device | |
| CN113014576B (en) | Service authority control method, device, server and storage medium | |
| US8959596B2 (en) | One-time password validation in a multi-entity environment | |
| CN114500091A (en) | Login method and device | |
| US11381555B2 (en) | State token based approach to secure web applications | |
| CA3098576A1 (en) | Methods and systems for identifying and authorizing a user based on a mini-game login | |
| US20150007293A1 (en) | User authentication utilizing patterns | |
| CN114866340B (en) | Identity verification method and device | |
| KR102698459B1 (en) | Method and system for authenticating transmission of security credentials to a device | |
| US20230376947A1 (en) | De-centralized authentication in a network system | |
| CN116938481A (en) | Test system and method | |
| CN117454338A (en) | Self-service identity registration and identity authentication method | |
| KR20240129110A (en) | Method and system for authenticating a secure credential transfer to a device | |
| CN118433710A (en) | Verification login method and device, electronic equipment and computer program product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |