CN113821783A - Multifunctional security authorization API Key implementation system and method - Google Patents

Multifunctional security authorization API Key implementation system and method Download PDF

Info

Publication number
CN113821783A
CN113821783A CN202111154535.0A CN202111154535A CN113821783A CN 113821783 A CN113821783 A CN 113821783A CN 202111154535 A CN202111154535 A CN 202111154535A CN 113821783 A CN113821783 A CN 113821783A
Authority
CN
China
Prior art keywords
api key
authorization
server
api
token
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111154535.0A
Other languages
Chinese (zh)
Other versions
CN113821783B (en
Inventor
王明亮
王迪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Vector Stack Technology Co ltd
Original Assignee
Beijing Yunge Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Yunge Technology Co ltd filed Critical Beijing Yunge Technology Co ltd
Priority to CN202111154535.0A priority Critical patent/CN113821783B/en
Publication of CN113821783A publication Critical patent/CN113821783A/en
Application granted granted Critical
Publication of CN113821783B publication Critical patent/CN113821783B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/21Design, administration or maintenance of databases
    • G06F16/215Improving data quality; Data cleansing, e.g. de-duplication, removing invalid entries or correcting typographical errors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Security & Cryptography (AREA)
  • Computational Linguistics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Quality & Reliability (AREA)
  • Facsimiles In General (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a multifunctional safety authorization API Key realization system and a method, wherein the system comprises: the API Key creation module, the authorization module and the revocation module; the API Key creating module acquires an Offline Token (Offline Token) through an Authorization Code Grant Flow (Authorization Code Grant Flow) based on a UMA Authorization protocol, and stores the API Key, the Offline Token and the authority data into a database; the authorization module uses the API Key uploaded by the user to exchange the access token RPT for the API Key Server through the resource Server, and the resource Server judges the user authority according to the information carried by the access token; the revocation module can revoke the API Key by deleting the API Key-related mapping in the database. The invention solves the problems of non-lasting security authorization and easy disclosure of the existing account.

Description

Multifunctional security authorization API Key implementation system and method
Technical Field
The invention relates to the technical field of network security, in particular to a multifunctional security authorization API Key implementation system and method.
Background
At present, in the fields of internet/distributed computing and the like, specifications such as OAuth2, OIDC, UMA and the like are mostly used for identity authentication and authorization of user operation. In these specifications, a user needs to submit a username and password or other credentials to an authorization server, obtain a token or cookie representing identity and permissions, and then send a request to a resource server to carry the token or cookie to indicate identity. The authorization technology well ensures the network security of the user, but the main application scene is that the user directly and synchronously participates in the identity authentication and authorization process.
But still presents inconvenience or insufficient functionality in many other use environments. For example, when a command line is used or a request is sent to a server in a program, it is very inconvenient to require "user synchronously interacts" to obtain a token, and a password needs to be input in the process, which may cause password leakage; one service often has a plurality of clients, some clients are only used as data uploading parties, some clients only display data, and the authorization operation using the foregoing cannot further reduce the authority, so that certain safety problems exist. Therefore, a technical solution compatible with the prior art (OAuth2, oid dc, UMA) and the like, and capable of solving the foregoing scenarios is needed.
Disclosure of Invention
Therefore, the invention provides a multifunctional system and a method for realizing the API Key of security authorization, which aim to solve the problems that the security authorization of the existing account is not lasting and is easy to divulge a secret.
In order to achieve the above purpose, the invention provides the following technical scheme:
according to a first aspect of the present invention, a multifunctional security authorization API Key implementation system is disclosed, the system comprising: the API Key creation module, the authorization module and the revocation module;
the API Key creating module acquires an offline token through an authorization code authorization flow based on a UMA authorization protocol and stores the API Key, the offline token and the authority data into a database;
the authorization module uses the API Key uploaded by the user to exchange the access token RPT for the API Key Server through the resource Server, and the resource Server judges the user authority according to the information carried by the access token;
the revocation module can revoke the API Key by deleting the API Key-related mapping in the database.
Further, the creation process of the API Key creation module is as follows:
a user sends a request to enumerate all authority information of the user to an API Key Server;
a user selects a part of rights to send an API Key establishment request to an API Key Server;
the API Key Server executes the authorization code authorization flow to apply an offline token to an authorization Server;
the API Key Server generates a unique API Key through an API Key generating algorithm and stores the API Key, the offline token and the authority data.
Further, the offline token is a special refresh token, which is used to exchange the access token for the authorization server, and is not expired.
Further, the authorization process of the authorization module is as follows:
a user sends a request containing an API Key to a resource server, and the resource server analyzes the API Key in the request;
the resource Server uses the API Key to send an authorization request to the API Key Server;
the API Key Server uses the API Key to search the corresponding offline token and the permission data, applies for RPT from the authorization Server, and returns the RPT requested to the API Key Server;
the API Key Server transfers the received RPT to the resource Server;
and the resource server judges whether the user operation passes according to the RPT and the specific content of the user request.
Furthermore, the API Key Server can create and cancel the API Key and inquire the authority range of the API Key; the resource Server provides specific resources for the service protected by the API Key Server and users; the authorization server is capable of granting access rights to a user to a protected resource.
Further, when the revocation module revokes the API Key, the revocation module sends a request to the authorization server to revoke the offline token and sends a request to the database to delete the mapping related to the API Key, so that the revocation of the API Key can be realized.
According to a second aspect of the present invention, a method for implementing a multifunctional security authorization API Key is disclosed, the method comprising:
firstly, creating an API Key, applying to an API Key Server for creating the API Key by using a corresponding authorization certificate and partial authority, acquiring an offline token, then randomly generating the API Key by the API Key Server, and storing the API Key, the offline token and the applied authority into a database; after the API Key is successfully created and when the protected service is applied for access, the authorization of the API Key is required, a user sends a request to a resource Server, the resource Server applies for authorization to the API Key Server, after an access token RPT is obtained, the resource Server judges whether the user request is in a range carried by the RPT, resource content is returned in the range, and otherwise, the authorization fails.
Further, the API Key creation method is as follows:
s1, applying for creating an API Key to an API Key Server by using a username and password or other authorization credentials and partial authority of the current user;
s2, the API Key Server requests authorization from the authorization Server by using the username and the password;
s3, the authorization server returns an offline token;
and S4, the API Key Server generates a random API Key and stores the API Key, the off-line token and the authority range of the API Key into the database.
Further, the authorization process of the API Key is as follows:
s1, requesting resources from a resource server by a user, wherein the request needs to carry an API Key;
s2, the resource Server uses API Key to send authorization request to API Key Server;
s3, the API Key Server uses the API Key to enter the database to search the corresponding offline token and the authority range of the API Key;
s4, the API Key Server sends an authorization application to the authorization Server by using the inquired offline token and the authorization range of the API Key;
s5, the authorization Server returns the RPT with the authority range to the API Key Server after determining that the authority is correct;
s6, API Key Server transfers the received RPT to resource Server;
and S7, after the resource server obtains the RPT, judging whether the user request is in the range carried by the RPT, if so, returning the resource content, otherwise, returning 'authorization failure'.
Further, the API Key revocation method is as follows:
s1, the user sends the command of canceling the API Key to the API Key Server;
s2, the API Key Server enters a database to search the offline token;
s3, the API Key Server sends a revocation token application to the authorization Server;
s4, the API Key Server deletes the API Key in the database.
The invention has the following advantages:
the invention discloses a multifunctional security authorization API Key implementation system and a method, which are compatible with the existing widely used technical standards (OAuth2, OIDC and UMA) and solve the problem of incompletely covered application scene parts; the API Key can be held by a user for a long time, so that the authorization process is simplified; the same user can create a plurality of API keys (with the same authority or different authorities) to share the API keys with different programs or use occasions, so that the API keys are very flexible; the creation and revocation flow is simple, and the authorization loss can be timely revoked after the API Key is accidentally leaked.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It should be apparent that the drawings in the following description are merely exemplary, and that other embodiments can be derived from the drawings provided by those of ordinary skill in the art without inventive effort.
The structures, ratios, sizes, and the like shown in the present specification are only used for matching with the contents disclosed in the specification, so as to be understood and read by those skilled in the art, and are not used to limit the conditions that the present invention can be implemented, so that the present invention has no technical significance, and any structural modifications, changes in the ratio relationship, or adjustments of the sizes, without affecting the effects and the achievable by the present invention, should still fall within the range that the technical contents disclosed in the present invention can cover.
FIG. 1 is a flowchart of API Key creation for a method for implementing a multifunctional security authorization API Key according to an embodiment of the present invention;
FIG. 2 is a flowchart of API Key authorization for a multifunctional security authorization API Key implementing system according to an embodiment of the present invention;
FIG. 3 is a flowchart of API Key revocation of a multifunctional security authorization API Key implementing system according to an embodiment of the present invention;
fig. 4 is a signaling diagram of an API Key implementation system APIKey authorization flow of the multifunctional security authorization provided in the embodiment of the present invention;
Detailed Description
The present invention is described in terms of particular embodiments, other advantages and features of the invention will become apparent to those skilled in the art from the following disclosure, and it is to be understood that the described embodiments are merely exemplary of the invention and that it is not intended to limit the invention to the particular embodiments disclosed. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
The embodiment discloses a multifunctional security authorization API Key implementation system, which comprises: the API Key creation module, the authorization module and the revocation module;
the API Key creating module acquires an offline token through an authorization code authorization flow based on a UMA authorization protocol and stores the API Key, the offline token and the authority data into a database;
the authorization module uses the API Key uploaded by the user to exchange the access token RPT for the API Key Server through the resource Server, and the resource Server judges the user authority according to the information carried by the access token;
the revocation module can revoke the API Key by deleting the API Key-related mapping in the database.
API Key refers to a random, unique and non-guessable string that indicates the identity and authority of the user, analogous to the username and password used in account login. The API Key technology is essentially a mapping from Key value keys to user information and partial authority. Key values need to be guaranteed to be random, unique and non-guessable, and user information cannot be pushed back through keys. The method can be generated by using any mode of generating the discrete character string, and checks in an API Key Server to ensure uniqueness.
The API Key may need to use Authorization flows (Grant flows) such as Authorization Code (Authorization Code) flows to obtain Authorization information based on the UMA Authorization protocol (or similar methods), and generally, the Authorization information obtained through these flows has a validity period, that is, may time out. To ensure that the API Key can be held for a long period of time, an offline token is used as an authorization credential in exchange for an access token. And returning an access token carrying partial authority to the user by using the RPT.
Terms in the present embodiment are explained:
API Key Server: the management service of the API Key provides functions of creating and revoking the API Key, inquiring the authority range of the API Key and the like. Abbreviated as AKS;
resource Server (Resource Server): AKS protected services to provide specific services and resources to users;
authorization Server (Authorization Server): can grant users access rights to protected resources;
requesting Party Token: the concept in the UMA authorization protocol specification is a token carrying an authorization scope and user information. Abbreviation RPT;
offline Token: a special refresh token is used to exchange an access token for an authorization server and is not expired.
API Key mainly includes: the system comprises an authorization Server supporting an Oauth2 and UMA protocols, a database for storing API Key related content and an API Key Server; therefore, the creation flow of the API Key creation module is as follows:
a user sends a request to enumerate all authority information of the user to an API Key Server;
a user selects a part of rights to send an API Key establishment request to an API Key Server;
an API Key Server service execution authorization code authorization flow applies an offline token to an authorization Server;
the API Key Server generates a unique API Key through an API Key generating algorithm and stores the API Key, the offline token and the authority data.
Since the offline token does not expire, long-term possession can be guaranteed.
The authorization flow of the authorization module is as follows:
a user sends a request containing an API Key to a resource server, and the resource server analyzes the API Key in the request;
the resource Server uses the API Key to send an authorization request to the API Key Server;
the API Key Server uses the API Key to search the corresponding offline token and the permission data, applies for RPT from the authorization Server, and returns the RPT requested to the API Key Server;
the API Key Server transfers the received RPT to the resource Server;
and the resource server judges whether the user operation passes according to the RPT and the specific content of the user request.
Because the offline token cannot be expired, and if the API Key needs to be revoked, redundant offline tokens occupy resources if the API Key is not manually revoked, when the revocation module revokes the API Key, the revocation module sends a request to the authorization server to revoke the offline token and sends a request to the database to delete the API Key-related mapping, and the revocation of the API Key can be realized.
Example 2
The embodiment discloses a method for realizing a multifunctional security authorization API Key, which comprises the following steps:
firstly, creating an API Key, applying to an API Key Server for creating the API Key by using a corresponding authorization certificate and partial authority, acquiring an offline token, then randomly generating the API Key by the API Key Server, and storing the API Key, the offline token and the applied authority into a database; after the API Key is successfully created and when the protected service is applied for access, the authorization of the API Key is required, a user sends a request to a resource Server, the resource Server applies for authorization to the API Key Server, after an access token RPT is obtained, the resource Server judges whether the user request is in a range carried by the RPT, resource content is returned in the range, and otherwise, the authorization fails.
Referring to fig. 1, the API Key creation method is:
s1, applying for creating an API Key to an API Key Server by using a username and password or other authorization credentials and partial authority of the current user;
s2, API Key Server requests authorization from authorization Server by using user name and password or other authorization certificate;
s3, the authorization server returns an offline token after receiving the authorization request;
and S4, the API Key Server generates a random API Key and stores the API Key, the off-line token and the authority range of the API Key into the database.
Referring to fig. 2, the authorization flow of API Key is:
s1, requesting resources from a resource server by a user, wherein the request needs to carry an API Key;
s2, the resource Server uses API Key to send authorization request to API Key Server;
s3, the API Key Server uses the API Key to enter the database to search the corresponding offline token and the authority range of the API Key;
s4, the API Key Server sends an authorization application to the authorization Server by using the inquired offline token and the authorization range of the API Key;
s5, the authorization Server returns the RPT with the authority range to the API Key Server after determining that the authority is correct;
s6, API Key Server transfers the received RPT to resource Server;
and S7, after the resource server obtains the RPT, judging whether the user request is in the range carried by the RPT, if so, returning the resource content, otherwise, returning 'authorization failure'.
Referring to fig. 4, in a specific embodiment, when the client carries an API Key to send a request to the resource Server, the resource Server sends a request to query the RPT to the API Key Server. The API Key Server will use the user information and the recorded sub-authority to exchange RPT (requesting party token) from the authorization Server, and complete authorization.
When API Key revocation is required, since the offline token will not expire, and if manual revocation is not performed, redundant offline tokens occupy resources, referring to fig. 3, the API Key revocation method is:
s1, the user sends the command of canceling the API Key to the API Key Server;
s2, the API Key Server enters a database to search the offline token;
s3, the API Key Server sends a revocation token application to the authorization Server;
s4, the API Key Server deletes the API Key in the database.
The embodiment discloses a multifunctional security authorization API Key implementation method, which is compatible with the existing widely used technical standards (OAuth2, OIDC, UMA), and solves the problem of incompletely covered application scenes; the API Key can be held by a user for a long time, so that the authorization process is simplified; the same user can create a plurality of API keys (with the same authority or different authorities) to share the API keys with different programs or use occasions, so that the API keys are very flexible; the creation and revocation flow is simple, and the authorization loss can be timely revoked after the API Key is accidentally leaked.
Although the invention has been described in detail above with reference to a general description and specific examples, it will be apparent to one skilled in the art that modifications or improvements may be made thereto based on the invention. Accordingly, such modifications and improvements are intended to be within the scope of the invention as claimed.

Claims (10)

1. A multifunctional security authorization API Key implementation system, the system comprising: the API Key creation module, the authorization module and the revocation module;
the API Key creating module acquires an offline token through an authorization code authorization flow based on a UMA authorization protocol and stores the API Key, the offline token and the authority data into a database;
the authorization module uses the API Key uploaded by the user to exchange the access token RPT for the API Key Server through the resource Server, and the resource Server judges the user authority according to the information carried by the access token;
the revocation module can revoke the API Key by deleting the API Key-related mapping in the database.
2. The multifunctional security authorization API Key implementation system of claim 1, wherein the API Key creation module creates the API Key by:
a user sends a request to enumerate all authority information of the user to an API Key Server;
a user selects a part of rights to send an API Key establishment request to an API Key Server;
the API Key Server executes the authorization code authorization flow to apply an offline token to an authorization Server;
the API Key Server generates a unique API Key through an API Key generating algorithm and stores the API Key, the offline token and the authority data.
3. The system of claim 2, wherein the offline token is a special refresh token that is used to exchange the access token for the authorization server without expiration.
4. The multifunctional security authorization API Key implementation system of claim 1, wherein the authorization flow of the authorization module is:
a user sends a request containing an API Key to a resource server, and the resource server analyzes the API Key in the request;
the resource Server uses the API Key to send an authorization request to the API Key Server;
API Key Server uses API Key to search corresponding offline token
And the authority data, apply for RPT to the authorization Server, and return the RPT requested to API Key Server;
the API Key Server transfers the received RPT to the resource Server;
and the resource server judges whether the user operation passes according to the RPT and the specific content of the user request.
5. The multifunctional security authorization API Key implementation system of claim 4, wherein the API Key Server is capable of creating and revoking API Key, querying API Key scope of authority; the resource Server provides specific resources for the service protected by the API Key Server and users; the authorization server is capable of granting access rights to a user to a protected resource.
6. The multifunctional security authorization API Key implementation system of claim 1, wherein when the revocation module revokes the API Key, the revocation module sends a request to the authorization server to revoke the offline token and sends a request to the database to delete the mapping associated with the API Key, respectively, so as to revoke the API Key.
7. A method for realizing a multifunctional security authorization API Key is characterized by comprising the following steps:
firstly, creating an API Key, applying to an API Key Server for creating the API Key by using a corresponding authorization certificate and partial authority, acquiring an offline token, then randomly generating the API Key by the API Key Server, and storing the API Key, the offline token and the applied authority into a database; after the API Key is successfully created and when the protected service is applied for access, the authorization of the API Key is required, a user sends a request to a resource Server, the resource Server applies for authorization to the API Key Server, after an access token RPT is obtained, the resource Server judges whether the user request is in a range carried by the RPT, resource content is returned in the range, and otherwise, the authorization fails.
8. The method for implementing the multifunctional security authorization API Key according to claim 7, wherein the API Key creating method is as follows:
s1, applying for creating an API Key to an API Key Server by using a username and password or other authorization credentials and partial authority of the current user;
s2, the API Key Server requests authorization from the authorization Server by using the username and the password;
s3, the authorization server returns an offline token;
and S4, the API Key Server generates a random API Key and stores the API Key, the off-line token and the authority range of the API Key into the database.
9. The method for implementing the multifunctional security authorization API Key according to claim 7, wherein the API Key authorization process is as follows:
s1, requesting resources from a resource server by a user, wherein the request needs to carry an API Key;
s2, the resource Server uses API Key to send authorization request to API Key Server;
s3, the API Key Server uses the API Key to enter the database to search the corresponding offline token and the authority range of the API Key;
s4, the API Key Server sends an authorization application to the authorization Server by using the inquired offline token and the authorization range of the API Key;
s5, the authorization Server returns the RPT with the authority range to the API Key Server after determining that the authority is correct;
s6, API Key Server transfers the received RPT to resource Server;
and S7, after the resource server obtains the RPT, judging whether the user request is in the range carried by the RPT, if so, returning the resource content, otherwise, returning 'authorization failure'.
10. The method for implementing the multifunctional security authorization API Key according to claim 7, wherein the API Key revocation method is as follows:
s1, the user sends the command of canceling the API Key to the API Key Server;
s2, the API Key Server enters a database to search the offline token;
s3, the API Key Server sends a revocation token application to the authorization Server;
s4, the API Key Server deletes the API Key in the database.
CN202111154535.0A 2021-09-29 2021-09-29 Multifunctional security authorization API Key implementation system and method Active CN113821783B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111154535.0A CN113821783B (en) 2021-09-29 2021-09-29 Multifunctional security authorization API Key implementation system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111154535.0A CN113821783B (en) 2021-09-29 2021-09-29 Multifunctional security authorization API Key implementation system and method

Publications (2)

Publication Number Publication Date
CN113821783A true CN113821783A (en) 2021-12-21
CN113821783B CN113821783B (en) 2022-04-08

Family

ID=78915926

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111154535.0A Active CN113821783B (en) 2021-09-29 2021-09-29 Multifunctional security authorization API Key implementation system and method

Country Status (1)

Country Link
CN (1) CN113821783B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116361770A (en) * 2023-02-23 2023-06-30 杭州幂链科技有限公司 Automatic API authentication method and system of integrated platform
WO2024065565A1 (en) * 2022-09-29 2024-04-04 北京小米移动软件有限公司 Authorization revocation method and apparatus

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103581118A (en) * 2012-07-24 2014-02-12 中兴通讯股份有限公司 Resource convergence gateway and cross-platform authorization method and system
US20170149790A1 (en) * 2015-11-20 2017-05-25 Fujitsu Limited Authentication control device and authentication control method
CN110545274A (en) * 2019-08-30 2019-12-06 南瑞集团有限公司 Method, device and system for UMA service based on people and evidence integration
CN111327582A (en) * 2019-08-22 2020-06-23 刘高峰 Authorization method, device and system based on OAuth protocol
US20200322324A1 (en) * 2019-04-06 2020-10-08 International Business Machines Corporation Authenticating API Service Invocations
CN112804258A (en) * 2021-03-11 2021-05-14 北京市商汤科技开发有限公司 Authentication and authorization method, authorization server, API gateway, system and storage medium
CN113438082A (en) * 2021-06-21 2021-09-24 郑州阿帕斯数云信息科技有限公司 Database access method, device, equipment and storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103581118A (en) * 2012-07-24 2014-02-12 中兴通讯股份有限公司 Resource convergence gateway and cross-platform authorization method and system
US20170149790A1 (en) * 2015-11-20 2017-05-25 Fujitsu Limited Authentication control device and authentication control method
US20200322324A1 (en) * 2019-04-06 2020-10-08 International Business Machines Corporation Authenticating API Service Invocations
CN111327582A (en) * 2019-08-22 2020-06-23 刘高峰 Authorization method, device and system based on OAuth protocol
CN110545274A (en) * 2019-08-30 2019-12-06 南瑞集团有限公司 Method, device and system for UMA service based on people and evidence integration
CN112804258A (en) * 2021-03-11 2021-05-14 北京市商汤科技开发有限公司 Authentication and authorization method, authorization server, API gateway, system and storage medium
CN113438082A (en) * 2021-06-21 2021-09-24 郑州阿帕斯数云信息科技有限公司 Database access method, device, equipment and storage medium

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
GAO BAOZHONG ET AL.: "An OAuth2.0-Based Unified Authentication System for Secure Services in the Smart Campus Environment", 《18TH INTERNATIONAL CONFERENCE ON COMPUTATIONAL SCIENCE (ICCS)》 *
佚名: "OAuth授权和Api Key、JWT三种的区别", 《HTTPS://SEGMENTFAULT.COM/Q/1010000011674185/A-1020000011693361》 *
沈桐等: "基于OAuth2.0,OpenID Connect和UMA的用户认证授权系统架构", 《软件》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024065565A1 (en) * 2022-09-29 2024-04-04 北京小米移动软件有限公司 Authorization revocation method and apparatus
CN116361770A (en) * 2023-02-23 2023-06-30 杭州幂链科技有限公司 Automatic API authentication method and system of integrated platform
CN116361770B (en) * 2023-02-23 2024-01-16 杭州幂链科技有限公司 Automatic API authentication method and system of integrated platform

Also Published As

Publication number Publication date
CN113821783B (en) 2022-04-08

Similar Documents

Publication Publication Date Title
US11563581B2 (en) Shared registration system
US6892307B1 (en) Single sign-on framework with trust-level mapping to authentication requirements
US9225525B2 (en) Identity management certificate operations
US8898457B2 (en) Automatically generating a certificate operation request
US7890767B2 (en) Virtual smart card system and method
JP7196174B2 (en) Authentication methods, systems and programs using delegated identities
EP2391083B1 (en) Method for realizing authentication center and authentication system
CN113821783B (en) Multifunctional security authorization API Key implementation system and method
WO2018219056A1 (en) Authentication method, device, system and storage medium
US7325143B2 (en) Digital identity creation and coalescence for service authorization
Janson et al. Scalability and flexibility in authentication services: the KryptoKnight approach
EP2768178A1 (en) Method of privacy-preserving proof of reliability between three communicating parties
Lockhart et al. Security assertion markup language (saml) v2. 0 technical overview
JP2004287784A (en) Access control device and method
CN108243164B (en) Cross-domain access control method and system for E-government cloud computing
WO2018207174A1 (en) Method and system for sharing a network enabled entity
US8464067B2 (en) Method for enabling limitation of service access
Omolola et al. Policy-based access control for the IoT and Smart Cities
Wang et al. CPK-based grid authentication: a step forward
Chadwick Delegation issuing service
Oppliger Authorization methods for e-commerce applications
Aldosary et al. Federated Identity Management (FIdM) Systems Limitation And Solutions
Alrodhan Identity management systems
Suhrbier et al. Pki based access control with attribute certificates for data held on smartcards
WO2024116104A1 (en) System of delegate decentralised identities

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: 100080 unit 53, floor 15, block B, No. 3 Danling street, Haidian District, Beijing

Patentee after: Beijing Vector Stack Technology Co.,Ltd.

Address before: 100080 unit 53, floor 15, block B, No. 3 Danling street, Haidian District, Beijing

Patentee before: Beijing Yunge Technology Co.,Ltd.

CP01 Change in the name or title of a patent holder