CN113821783A - Multifunctional security authorization API Key implementation system and method - Google Patents
Multifunctional security authorization API Key implementation system and method Download PDFInfo
- Publication number
- CN113821783A CN113821783A CN202111154535.0A CN202111154535A CN113821783A CN 113821783 A CN113821783 A CN 113821783A CN 202111154535 A CN202111154535 A CN 202111154535A CN 113821783 A CN113821783 A CN 113821783A
- Authority
- CN
- China
- Prior art keywords
- api key
- authorization
- server
- api
- token
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
- G06F16/215—Improving data quality; Data cleansing, e.g. de-duplication, removing invalid entries or correcting typographical errors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2455—Query execution
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Computer Security & Cryptography (AREA)
- Computational Linguistics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Quality & Reliability (AREA)
- Facsimiles In General (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a multifunctional safety authorization API Key realization system and a method, wherein the system comprises: the API Key creation module, the authorization module and the revocation module; the API Key creating module acquires an Offline Token (Offline Token) through an Authorization Code Grant Flow (Authorization Code Grant Flow) based on a UMA Authorization protocol, and stores the API Key, the Offline Token and the authority data into a database; the authorization module uses the API Key uploaded by the user to exchange the access token RPT for the API Key Server through the resource Server, and the resource Server judges the user authority according to the information carried by the access token; the revocation module can revoke the API Key by deleting the API Key-related mapping in the database. The invention solves the problems of non-lasting security authorization and easy disclosure of the existing account.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a multifunctional security authorization API Key implementation system and method.
Background
At present, in the fields of internet/distributed computing and the like, specifications such as OAuth2, OIDC, UMA and the like are mostly used for identity authentication and authorization of user operation. In these specifications, a user needs to submit a username and password or other credentials to an authorization server, obtain a token or cookie representing identity and permissions, and then send a request to a resource server to carry the token or cookie to indicate identity. The authorization technology well ensures the network security of the user, but the main application scene is that the user directly and synchronously participates in the identity authentication and authorization process.
But still presents inconvenience or insufficient functionality in many other use environments. For example, when a command line is used or a request is sent to a server in a program, it is very inconvenient to require "user synchronously interacts" to obtain a token, and a password needs to be input in the process, which may cause password leakage; one service often has a plurality of clients, some clients are only used as data uploading parties, some clients only display data, and the authorization operation using the foregoing cannot further reduce the authority, so that certain safety problems exist. Therefore, a technical solution compatible with the prior art (OAuth2, oid dc, UMA) and the like, and capable of solving the foregoing scenarios is needed.
Disclosure of Invention
Therefore, the invention provides a multifunctional system and a method for realizing the API Key of security authorization, which aim to solve the problems that the security authorization of the existing account is not lasting and is easy to divulge a secret.
In order to achieve the above purpose, the invention provides the following technical scheme:
according to a first aspect of the present invention, a multifunctional security authorization API Key implementation system is disclosed, the system comprising: the API Key creation module, the authorization module and the revocation module;
the API Key creating module acquires an offline token through an authorization code authorization flow based on a UMA authorization protocol and stores the API Key, the offline token and the authority data into a database;
the authorization module uses the API Key uploaded by the user to exchange the access token RPT for the API Key Server through the resource Server, and the resource Server judges the user authority according to the information carried by the access token;
the revocation module can revoke the API Key by deleting the API Key-related mapping in the database.
Further, the creation process of the API Key creation module is as follows:
a user sends a request to enumerate all authority information of the user to an API Key Server;
a user selects a part of rights to send an API Key establishment request to an API Key Server;
the API Key Server executes the authorization code authorization flow to apply an offline token to an authorization Server;
the API Key Server generates a unique API Key through an API Key generating algorithm and stores the API Key, the offline token and the authority data.
Further, the offline token is a special refresh token, which is used to exchange the access token for the authorization server, and is not expired.
Further, the authorization process of the authorization module is as follows:
a user sends a request containing an API Key to a resource server, and the resource server analyzes the API Key in the request;
the resource Server uses the API Key to send an authorization request to the API Key Server;
the API Key Server uses the API Key to search the corresponding offline token and the permission data, applies for RPT from the authorization Server, and returns the RPT requested to the API Key Server;
the API Key Server transfers the received RPT to the resource Server;
and the resource server judges whether the user operation passes according to the RPT and the specific content of the user request.
Furthermore, the API Key Server can create and cancel the API Key and inquire the authority range of the API Key; the resource Server provides specific resources for the service protected by the API Key Server and users; the authorization server is capable of granting access rights to a user to a protected resource.
Further, when the revocation module revokes the API Key, the revocation module sends a request to the authorization server to revoke the offline token and sends a request to the database to delete the mapping related to the API Key, so that the revocation of the API Key can be realized.
According to a second aspect of the present invention, a method for implementing a multifunctional security authorization API Key is disclosed, the method comprising:
firstly, creating an API Key, applying to an API Key Server for creating the API Key by using a corresponding authorization certificate and partial authority, acquiring an offline token, then randomly generating the API Key by the API Key Server, and storing the API Key, the offline token and the applied authority into a database; after the API Key is successfully created and when the protected service is applied for access, the authorization of the API Key is required, a user sends a request to a resource Server, the resource Server applies for authorization to the API Key Server, after an access token RPT is obtained, the resource Server judges whether the user request is in a range carried by the RPT, resource content is returned in the range, and otherwise, the authorization fails.
Further, the API Key creation method is as follows:
s1, applying for creating an API Key to an API Key Server by using a username and password or other authorization credentials and partial authority of the current user;
s2, the API Key Server requests authorization from the authorization Server by using the username and the password;
s3, the authorization server returns an offline token;
and S4, the API Key Server generates a random API Key and stores the API Key, the off-line token and the authority range of the API Key into the database.
Further, the authorization process of the API Key is as follows:
s1, requesting resources from a resource server by a user, wherein the request needs to carry an API Key;
s2, the resource Server uses API Key to send authorization request to API Key Server;
s3, the API Key Server uses the API Key to enter the database to search the corresponding offline token and the authority range of the API Key;
s4, the API Key Server sends an authorization application to the authorization Server by using the inquired offline token and the authorization range of the API Key;
s5, the authorization Server returns the RPT with the authority range to the API Key Server after determining that the authority is correct;
s6, API Key Server transfers the received RPT to resource Server;
and S7, after the resource server obtains the RPT, judging whether the user request is in the range carried by the RPT, if so, returning the resource content, otherwise, returning 'authorization failure'.
Further, the API Key revocation method is as follows:
s1, the user sends the command of canceling the API Key to the API Key Server;
s2, the API Key Server enters a database to search the offline token;
s3, the API Key Server sends a revocation token application to the authorization Server;
s4, the API Key Server deletes the API Key in the database.
The invention has the following advantages:
the invention discloses a multifunctional security authorization API Key implementation system and a method, which are compatible with the existing widely used technical standards (OAuth2, OIDC and UMA) and solve the problem of incompletely covered application scene parts; the API Key can be held by a user for a long time, so that the authorization process is simplified; the same user can create a plurality of API keys (with the same authority or different authorities) to share the API keys with different programs or use occasions, so that the API keys are very flexible; the creation and revocation flow is simple, and the authorization loss can be timely revoked after the API Key is accidentally leaked.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It should be apparent that the drawings in the following description are merely exemplary, and that other embodiments can be derived from the drawings provided by those of ordinary skill in the art without inventive effort.
The structures, ratios, sizes, and the like shown in the present specification are only used for matching with the contents disclosed in the specification, so as to be understood and read by those skilled in the art, and are not used to limit the conditions that the present invention can be implemented, so that the present invention has no technical significance, and any structural modifications, changes in the ratio relationship, or adjustments of the sizes, without affecting the effects and the achievable by the present invention, should still fall within the range that the technical contents disclosed in the present invention can cover.
FIG. 1 is a flowchart of API Key creation for a method for implementing a multifunctional security authorization API Key according to an embodiment of the present invention;
FIG. 2 is a flowchart of API Key authorization for a multifunctional security authorization API Key implementing system according to an embodiment of the present invention;
FIG. 3 is a flowchart of API Key revocation of a multifunctional security authorization API Key implementing system according to an embodiment of the present invention;
fig. 4 is a signaling diagram of an API Key implementation system APIKey authorization flow of the multifunctional security authorization provided in the embodiment of the present invention;
Detailed Description
The present invention is described in terms of particular embodiments, other advantages and features of the invention will become apparent to those skilled in the art from the following disclosure, and it is to be understood that the described embodiments are merely exemplary of the invention and that it is not intended to limit the invention to the particular embodiments disclosed. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
The embodiment discloses a multifunctional security authorization API Key implementation system, which comprises: the API Key creation module, the authorization module and the revocation module;
the API Key creating module acquires an offline token through an authorization code authorization flow based on a UMA authorization protocol and stores the API Key, the offline token and the authority data into a database;
the authorization module uses the API Key uploaded by the user to exchange the access token RPT for the API Key Server through the resource Server, and the resource Server judges the user authority according to the information carried by the access token;
the revocation module can revoke the API Key by deleting the API Key-related mapping in the database.
API Key refers to a random, unique and non-guessable string that indicates the identity and authority of the user, analogous to the username and password used in account login. The API Key technology is essentially a mapping from Key value keys to user information and partial authority. Key values need to be guaranteed to be random, unique and non-guessable, and user information cannot be pushed back through keys. The method can be generated by using any mode of generating the discrete character string, and checks in an API Key Server to ensure uniqueness.
The API Key may need to use Authorization flows (Grant flows) such as Authorization Code (Authorization Code) flows to obtain Authorization information based on the UMA Authorization protocol (or similar methods), and generally, the Authorization information obtained through these flows has a validity period, that is, may time out. To ensure that the API Key can be held for a long period of time, an offline token is used as an authorization credential in exchange for an access token. And returning an access token carrying partial authority to the user by using the RPT.
Terms in the present embodiment are explained:
API Key Server: the management service of the API Key provides functions of creating and revoking the API Key, inquiring the authority range of the API Key and the like. Abbreviated as AKS;
resource Server (Resource Server): AKS protected services to provide specific services and resources to users;
authorization Server (Authorization Server): can grant users access rights to protected resources;
requesting Party Token: the concept in the UMA authorization protocol specification is a token carrying an authorization scope and user information. Abbreviation RPT;
offline Token: a special refresh token is used to exchange an access token for an authorization server and is not expired.
API Key mainly includes: the system comprises an authorization Server supporting an Oauth2 and UMA protocols, a database for storing API Key related content and an API Key Server; therefore, the creation flow of the API Key creation module is as follows:
a user sends a request to enumerate all authority information of the user to an API Key Server;
a user selects a part of rights to send an API Key establishment request to an API Key Server;
an API Key Server service execution authorization code authorization flow applies an offline token to an authorization Server;
the API Key Server generates a unique API Key through an API Key generating algorithm and stores the API Key, the offline token and the authority data.
Since the offline token does not expire, long-term possession can be guaranteed.
The authorization flow of the authorization module is as follows:
a user sends a request containing an API Key to a resource server, and the resource server analyzes the API Key in the request;
the resource Server uses the API Key to send an authorization request to the API Key Server;
the API Key Server uses the API Key to search the corresponding offline token and the permission data, applies for RPT from the authorization Server, and returns the RPT requested to the API Key Server;
the API Key Server transfers the received RPT to the resource Server;
and the resource server judges whether the user operation passes according to the RPT and the specific content of the user request.
Because the offline token cannot be expired, and if the API Key needs to be revoked, redundant offline tokens occupy resources if the API Key is not manually revoked, when the revocation module revokes the API Key, the revocation module sends a request to the authorization server to revoke the offline token and sends a request to the database to delete the API Key-related mapping, and the revocation of the API Key can be realized.
Example 2
The embodiment discloses a method for realizing a multifunctional security authorization API Key, which comprises the following steps:
firstly, creating an API Key, applying to an API Key Server for creating the API Key by using a corresponding authorization certificate and partial authority, acquiring an offline token, then randomly generating the API Key by the API Key Server, and storing the API Key, the offline token and the applied authority into a database; after the API Key is successfully created and when the protected service is applied for access, the authorization of the API Key is required, a user sends a request to a resource Server, the resource Server applies for authorization to the API Key Server, after an access token RPT is obtained, the resource Server judges whether the user request is in a range carried by the RPT, resource content is returned in the range, and otherwise, the authorization fails.
Referring to fig. 1, the API Key creation method is:
s1, applying for creating an API Key to an API Key Server by using a username and password or other authorization credentials and partial authority of the current user;
s2, API Key Server requests authorization from authorization Server by using user name and password or other authorization certificate;
s3, the authorization server returns an offline token after receiving the authorization request;
and S4, the API Key Server generates a random API Key and stores the API Key, the off-line token and the authority range of the API Key into the database.
Referring to fig. 2, the authorization flow of API Key is:
s1, requesting resources from a resource server by a user, wherein the request needs to carry an API Key;
s2, the resource Server uses API Key to send authorization request to API Key Server;
s3, the API Key Server uses the API Key to enter the database to search the corresponding offline token and the authority range of the API Key;
s4, the API Key Server sends an authorization application to the authorization Server by using the inquired offline token and the authorization range of the API Key;
s5, the authorization Server returns the RPT with the authority range to the API Key Server after determining that the authority is correct;
s6, API Key Server transfers the received RPT to resource Server;
and S7, after the resource server obtains the RPT, judging whether the user request is in the range carried by the RPT, if so, returning the resource content, otherwise, returning 'authorization failure'.
Referring to fig. 4, in a specific embodiment, when the client carries an API Key to send a request to the resource Server, the resource Server sends a request to query the RPT to the API Key Server. The API Key Server will use the user information and the recorded sub-authority to exchange RPT (requesting party token) from the authorization Server, and complete authorization.
When API Key revocation is required, since the offline token will not expire, and if manual revocation is not performed, redundant offline tokens occupy resources, referring to fig. 3, the API Key revocation method is:
s1, the user sends the command of canceling the API Key to the API Key Server;
s2, the API Key Server enters a database to search the offline token;
s3, the API Key Server sends a revocation token application to the authorization Server;
s4, the API Key Server deletes the API Key in the database.
The embodiment discloses a multifunctional security authorization API Key implementation method, which is compatible with the existing widely used technical standards (OAuth2, OIDC, UMA), and solves the problem of incompletely covered application scenes; the API Key can be held by a user for a long time, so that the authorization process is simplified; the same user can create a plurality of API keys (with the same authority or different authorities) to share the API keys with different programs or use occasions, so that the API keys are very flexible; the creation and revocation flow is simple, and the authorization loss can be timely revoked after the API Key is accidentally leaked.
Although the invention has been described in detail above with reference to a general description and specific examples, it will be apparent to one skilled in the art that modifications or improvements may be made thereto based on the invention. Accordingly, such modifications and improvements are intended to be within the scope of the invention as claimed.
Claims (10)
1. A multifunctional security authorization API Key implementation system, the system comprising: the API Key creation module, the authorization module and the revocation module;
the API Key creating module acquires an offline token through an authorization code authorization flow based on a UMA authorization protocol and stores the API Key, the offline token and the authority data into a database;
the authorization module uses the API Key uploaded by the user to exchange the access token RPT for the API Key Server through the resource Server, and the resource Server judges the user authority according to the information carried by the access token;
the revocation module can revoke the API Key by deleting the API Key-related mapping in the database.
2. The multifunctional security authorization API Key implementation system of claim 1, wherein the API Key creation module creates the API Key by:
a user sends a request to enumerate all authority information of the user to an API Key Server;
a user selects a part of rights to send an API Key establishment request to an API Key Server;
the API Key Server executes the authorization code authorization flow to apply an offline token to an authorization Server;
the API Key Server generates a unique API Key through an API Key generating algorithm and stores the API Key, the offline token and the authority data.
3. The system of claim 2, wherein the offline token is a special refresh token that is used to exchange the access token for the authorization server without expiration.
4. The multifunctional security authorization API Key implementation system of claim 1, wherein the authorization flow of the authorization module is:
a user sends a request containing an API Key to a resource server, and the resource server analyzes the API Key in the request;
the resource Server uses the API Key to send an authorization request to the API Key Server;
API Key Server uses API Key to search corresponding offline token
And the authority data, apply for RPT to the authorization Server, and return the RPT requested to API Key Server;
the API Key Server transfers the received RPT to the resource Server;
and the resource server judges whether the user operation passes according to the RPT and the specific content of the user request.
5. The multifunctional security authorization API Key implementation system of claim 4, wherein the API Key Server is capable of creating and revoking API Key, querying API Key scope of authority; the resource Server provides specific resources for the service protected by the API Key Server and users; the authorization server is capable of granting access rights to a user to a protected resource.
6. The multifunctional security authorization API Key implementation system of claim 1, wherein when the revocation module revokes the API Key, the revocation module sends a request to the authorization server to revoke the offline token and sends a request to the database to delete the mapping associated with the API Key, respectively, so as to revoke the API Key.
7. A method for realizing a multifunctional security authorization API Key is characterized by comprising the following steps:
firstly, creating an API Key, applying to an API Key Server for creating the API Key by using a corresponding authorization certificate and partial authority, acquiring an offline token, then randomly generating the API Key by the API Key Server, and storing the API Key, the offline token and the applied authority into a database; after the API Key is successfully created and when the protected service is applied for access, the authorization of the API Key is required, a user sends a request to a resource Server, the resource Server applies for authorization to the API Key Server, after an access token RPT is obtained, the resource Server judges whether the user request is in a range carried by the RPT, resource content is returned in the range, and otherwise, the authorization fails.
8. The method for implementing the multifunctional security authorization API Key according to claim 7, wherein the API Key creating method is as follows:
s1, applying for creating an API Key to an API Key Server by using a username and password or other authorization credentials and partial authority of the current user;
s2, the API Key Server requests authorization from the authorization Server by using the username and the password;
s3, the authorization server returns an offline token;
and S4, the API Key Server generates a random API Key and stores the API Key, the off-line token and the authority range of the API Key into the database.
9. The method for implementing the multifunctional security authorization API Key according to claim 7, wherein the API Key authorization process is as follows:
s1, requesting resources from a resource server by a user, wherein the request needs to carry an API Key;
s2, the resource Server uses API Key to send authorization request to API Key Server;
s3, the API Key Server uses the API Key to enter the database to search the corresponding offline token and the authority range of the API Key;
s4, the API Key Server sends an authorization application to the authorization Server by using the inquired offline token and the authorization range of the API Key;
s5, the authorization Server returns the RPT with the authority range to the API Key Server after determining that the authority is correct;
s6, API Key Server transfers the received RPT to resource Server;
and S7, after the resource server obtains the RPT, judging whether the user request is in the range carried by the RPT, if so, returning the resource content, otherwise, returning 'authorization failure'.
10. The method for implementing the multifunctional security authorization API Key according to claim 7, wherein the API Key revocation method is as follows:
s1, the user sends the command of canceling the API Key to the API Key Server;
s2, the API Key Server enters a database to search the offline token;
s3, the API Key Server sends a revocation token application to the authorization Server;
s4, the API Key Server deletes the API Key in the database.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111154535.0A CN113821783B (en) | 2021-09-29 | 2021-09-29 | Multifunctional security authorization API Key implementation system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111154535.0A CN113821783B (en) | 2021-09-29 | 2021-09-29 | Multifunctional security authorization API Key implementation system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113821783A true CN113821783A (en) | 2021-12-21 |
CN113821783B CN113821783B (en) | 2022-04-08 |
Family
ID=78915926
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111154535.0A Active CN113821783B (en) | 2021-09-29 | 2021-09-29 | Multifunctional security authorization API Key implementation system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113821783B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116361770A (en) * | 2023-02-23 | 2023-06-30 | 杭州幂链科技有限公司 | Automatic API authentication method and system of integrated platform |
WO2024065565A1 (en) * | 2022-09-29 | 2024-04-04 | 北京小米移动软件有限公司 | Authorization revocation method and apparatus |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103581118A (en) * | 2012-07-24 | 2014-02-12 | 中兴通讯股份有限公司 | Resource convergence gateway and cross-platform authorization method and system |
US20170149790A1 (en) * | 2015-11-20 | 2017-05-25 | Fujitsu Limited | Authentication control device and authentication control method |
CN110545274A (en) * | 2019-08-30 | 2019-12-06 | 南瑞集团有限公司 | Method, device and system for UMA service based on people and evidence integration |
CN111327582A (en) * | 2019-08-22 | 2020-06-23 | 刘高峰 | Authorization method, device and system based on OAuth protocol |
US20200322324A1 (en) * | 2019-04-06 | 2020-10-08 | International Business Machines Corporation | Authenticating API Service Invocations |
CN112804258A (en) * | 2021-03-11 | 2021-05-14 | 北京市商汤科技开发有限公司 | Authentication and authorization method, authorization server, API gateway, system and storage medium |
CN113438082A (en) * | 2021-06-21 | 2021-09-24 | 郑州阿帕斯数云信息科技有限公司 | Database access method, device, equipment and storage medium |
-
2021
- 2021-09-29 CN CN202111154535.0A patent/CN113821783B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103581118A (en) * | 2012-07-24 | 2014-02-12 | 中兴通讯股份有限公司 | Resource convergence gateway and cross-platform authorization method and system |
US20170149790A1 (en) * | 2015-11-20 | 2017-05-25 | Fujitsu Limited | Authentication control device and authentication control method |
US20200322324A1 (en) * | 2019-04-06 | 2020-10-08 | International Business Machines Corporation | Authenticating API Service Invocations |
CN111327582A (en) * | 2019-08-22 | 2020-06-23 | 刘高峰 | Authorization method, device and system based on OAuth protocol |
CN110545274A (en) * | 2019-08-30 | 2019-12-06 | 南瑞集团有限公司 | Method, device and system for UMA service based on people and evidence integration |
CN112804258A (en) * | 2021-03-11 | 2021-05-14 | 北京市商汤科技开发有限公司 | Authentication and authorization method, authorization server, API gateway, system and storage medium |
CN113438082A (en) * | 2021-06-21 | 2021-09-24 | 郑州阿帕斯数云信息科技有限公司 | Database access method, device, equipment and storage medium |
Non-Patent Citations (3)
Title |
---|
GAO BAOZHONG ET AL.: "An OAuth2.0-Based Unified Authentication System for Secure Services in the Smart Campus Environment", 《18TH INTERNATIONAL CONFERENCE ON COMPUTATIONAL SCIENCE (ICCS)》 * |
佚名: "OAuth授权和Api Key、JWT三种的区别", 《HTTPS://SEGMENTFAULT.COM/Q/1010000011674185/A-1020000011693361》 * |
沈桐等: "基于OAuth2.0,OpenID Connect和UMA的用户认证授权系统架构", 《软件》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2024065565A1 (en) * | 2022-09-29 | 2024-04-04 | 北京小米移动软件有限公司 | Authorization revocation method and apparatus |
CN116361770A (en) * | 2023-02-23 | 2023-06-30 | 杭州幂链科技有限公司 | Automatic API authentication method and system of integrated platform |
CN116361770B (en) * | 2023-02-23 | 2024-01-16 | 杭州幂链科技有限公司 | Automatic API authentication method and system of integrated platform |
Also Published As
Publication number | Publication date |
---|---|
CN113821783B (en) | 2022-04-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11563581B2 (en) | Shared registration system | |
US6892307B1 (en) | Single sign-on framework with trust-level mapping to authentication requirements | |
US9225525B2 (en) | Identity management certificate operations | |
US8898457B2 (en) | Automatically generating a certificate operation request | |
US7890767B2 (en) | Virtual smart card system and method | |
JP7196174B2 (en) | Authentication methods, systems and programs using delegated identities | |
EP2391083B1 (en) | Method for realizing authentication center and authentication system | |
CN113821783B (en) | Multifunctional security authorization API Key implementation system and method | |
WO2018219056A1 (en) | Authentication method, device, system and storage medium | |
US7325143B2 (en) | Digital identity creation and coalescence for service authorization | |
Janson et al. | Scalability and flexibility in authentication services: the KryptoKnight approach | |
EP2768178A1 (en) | Method of privacy-preserving proof of reliability between three communicating parties | |
Lockhart et al. | Security assertion markup language (saml) v2. 0 technical overview | |
JP2004287784A (en) | Access control device and method | |
CN108243164B (en) | Cross-domain access control method and system for E-government cloud computing | |
WO2018207174A1 (en) | Method and system for sharing a network enabled entity | |
US8464067B2 (en) | Method for enabling limitation of service access | |
Omolola et al. | Policy-based access control for the IoT and Smart Cities | |
Wang et al. | CPK-based grid authentication: a step forward | |
Chadwick | Delegation issuing service | |
Oppliger | Authorization methods for e-commerce applications | |
Aldosary et al. | Federated Identity Management (FIdM) Systems Limitation And Solutions | |
Alrodhan | Identity management systems | |
Suhrbier et al. | Pki based access control with attribute certificates for data held on smartcards | |
WO2024116104A1 (en) | System of delegate decentralised identities |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP01 | Change in the name or title of a patent holder |
Address after: 100080 unit 53, floor 15, block B, No. 3 Danling street, Haidian District, Beijing Patentee after: Beijing Vector Stack Technology Co.,Ltd. Address before: 100080 unit 53, floor 15, block B, No. 3 Danling street, Haidian District, Beijing Patentee before: Beijing Yunge Technology Co.,Ltd. |
|
CP01 | Change in the name or title of a patent holder |