CN114978733B - Access processing method based on light application, electronic equipment and storage medium - Google Patents

Access processing method based on light application, electronic equipment and storage medium Download PDF

Info

Publication number
CN114978733B
CN114978733B CN202210602260.0A CN202210602260A CN114978733B CN 114978733 B CN114978733 B CN 114978733B CN 202210602260 A CN202210602260 A CN 202210602260A CN 114978733 B CN114978733 B CN 114978733B
Authority
CN
China
Prior art keywords
information
access
verification
token
application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210602260.0A
Other languages
Chinese (zh)
Other versions
CN114978733A (en
Inventor
曹世杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba China Co Ltd
Original Assignee
Alibaba China Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba China Co Ltd filed Critical Alibaba China Co Ltd
Priority to CN202210602260.0A priority Critical patent/CN114978733B/en
Publication of CN114978733A publication Critical patent/CN114978733A/en
Application granted granted Critical
Publication of CN114978733B publication Critical patent/CN114978733B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides an access processing method based on a light application, electronic equipment and a storage medium. The method comprises the following steps: when a light application is started, acquiring verification configuration information, wherein the verification configuration information comprises application information, authority information, equipment information and account information; generating a verification acquisition request according to the verification configuration information, and sending the verification acquisition request so that a server side generates access verification information based on the verification configuration information; receiving access verification information, wherein the access verification information comprises: a token and a check salt; aiming at the access request of the light application, verifying according to the access verification information; after the authentication is passed, an access process is performed. When the light application is started, the required access verification information is acquired, and the follow-up access request of the light application is verified according to the access verification information, so that the security of the access of the light application can be effectively improved.

Description

Access processing method based on light application, electronic equipment and storage medium
Technical Field
The present application relates to the field of application technologies, and in particular, to an access processing method based on a light application, an electronic device, and a storage medium.
Background
A Light APP (LAPP) is an Application program (Application), such as an applet, that is ready to use without downloading, i.e. searching. The body code of the light application comprises H5 related basic languages such as hypertext markup language (Hyper Text Markup Language, HTML), JS (JavaScript), cascading style sheets (CASCADING STYLE SHEETS, CSS) and the like. The underlying layer implements native (native) functionality through a JS bridge (JSBridge) provided by the platform.
Along with the rapid development of the light application, in the process of the safety construction of the light application, an authority verification system is used for realizing the access control of the light application to the cloud and the opposite terminal. However, since the light application has diversified external access, it can access third party enterprise users, individual users, etc., and objects, types, etc. of services all have diversified features.
But besides legal enterprise users and personal users, illegal users can bypass the prevention and control capability of the light application platform by technical means, so that more data and the like can be acquired through the light application platform. Currently, platforms often add security patches to existing access control logic. However, with the development of technology and service, vulnerabilities are continuously increased, and even repaired security vulnerabilities still have hidden danger.
Disclosure of Invention
The embodiment of the application provides an access processing method based on a light application, which is used for improving the security of the access of the light application.
Correspondingly, the embodiment of the application also provides electronic equipment and a storage medium, which are used for ensuring the realization and the application of the system.
In order to solve the above problems, an embodiment of the present application discloses an access processing method based on a light application, the method comprising:
when a light application is started, acquiring verification configuration information, wherein the verification configuration information comprises application information, authority information, equipment information and account information;
generating a verification acquisition request according to the verification configuration information, and sending the verification acquisition request so that a server side generates access verification information based on the verification configuration information;
receiving access verification information, wherein the access verification information comprises: a token and a check salt;
aiming at the access request of the light application, verifying according to the access verification information;
After the authentication is passed, an access process is performed.
Optionally, the verifying the access request for the light application according to the verification information includes:
Detecting whether a token exists for the access request of the light application;
in the case of a token, detecting whether the time is within the valid time of the token;
And under the condition that the time is in the effective time of the token, detecting the tampering risk through the check salt.
Optionally, the access verification information further includes: rights package and key data; the detection of tamper risk by the check salt comprises:
generating verification data according to the token, the permission packet and the key data;
integrity checking is carried out on the verification data by adopting the check salt;
After the verification is passed, confirming that there is no risk of tampering.
Optionally, when the access request is an access to the specific local interface, the verifying according to the verification information further includes:
Judging whether the request authority is the authority in the authority package;
And if the authority is the authority in the authority packet, confirming that the verification is passed.
Optionally, when the access request is to access the external transmission interface, the method further includes:
encrypting the data packet based on the key data to obtain an encrypted data packet;
After the verification is passed, executing access processing, including:
and adding the encrypted data packet and the encrypted token to the access request, and sending the access request to the corresponding external server.
Optionally, when the access request is call server data, after the verification is passed, executing access processing, including:
and adding the token in the access request, and sending the access request added with the token to an external server.
The embodiment of the application also discloses an access processing method based on the light application, which comprises the following steps:
Receiving a verification acquisition request, and acquiring verification configuration information from the verification acquisition request;
generating a token according to the account information, the equipment information and the application information;
Generating check salt according to the application information, the authority information, the equipment information and the account information;
And generating access check information based on the token and the check salt, and sending the access check information so as to process the access request based on the access check information at the client.
Optionally, the generating the check salt according to the configuration information, the authority information, the device information and the account information includes:
comparing the authority information with stored authority information, and adopting the authorized authority information to form an authority package;
generating key data according to the account information and the equipment information;
And generating check salt according to the token, the permission packet and the key data.
Optionally, the method further comprises:
performing risk calculation based on the equipment information and the account information, and determining risk factors;
and associating the risk factors with tokens, account information, equipment information and application information.
Optionally, the method further comprises:
Receiving a key request sent by an external server;
acquiring an application identifier and a token from the key request;
Detecting identity information of the external server according to the application identifier;
under the condition that the identity of the external server is legal, acquiring key data according to the application identifier and the token;
And sending the key data to an external server.
Optionally, the method further comprises:
receiving an access request of the external server, and acquiring an application identifier and a token from the access request;
Detecting identity information of the external server according to the application identifier;
under the condition that the identity of the external server is legal, determining a risk factor according to the application identifier and the token;
determining data which is allowed to be accessed according to the risk factors;
And sending the data which is allowed to be accessed.
The embodiment of the application also discloses an access processing device based on the light application, which comprises:
The configuration acquisition module is used for acquiring verification configuration information when the light application is started, wherein the verification configuration information comprises application information, authority information, equipment information and account information; generating a verification acquisition request according to the verification configuration information, and sending the verification acquisition request so that a server side generates access verification information based on the verification configuration information; receiving access verification information, wherein the access verification information comprises: a token and a check salt;
The access verification module is used for verifying the access request of the light application according to the access verification information;
And the access processing module is used for executing access processing after the verification is passed.
The embodiment of the application also discloses an access processing device based on the light application, which comprises:
The configuration receiving module is used for receiving a verification acquisition request and acquiring verification configuration information from the verification acquisition request;
the token generation module is used for generating a token according to the account information, the equipment information and the application information;
the check salt generation module is used for generating check salt according to the application information, the authority information, the equipment information and the account information;
And the configuration feedback module is used for generating access check information based on the token and the check salt and sending the access check information so as to process the access request based on the access check information at the client.
The embodiment of the application also discloses an electronic device, which comprises: a processor; and a memory having executable code stored thereon that, when executed by the processor, performs a method according to an embodiment of the present application.
Embodiments of the application also disclose one or more machine-readable media having stored thereon executable code which, when executed by a processor, performs a method according to an embodiment of the application.
Compared with the prior art, the embodiment of the application has the following advantages:
In the embodiment of the application, when a light application is started, verification configuration information is acquired, a verification acquisition request is generated based on the verification configuration information, the verification acquisition request is sent, a server side can generate access verification information based on the application information, authority information, equipment information and account information, and then access verification information can be acquired, wherein the access verification information comprises: the token and the check salt are used for acquiring the required access check information when the light application is started, and the follow-up access request of the light application is verified according to the access check information, so that the verification is performed based on the token and the check salt, and after the verification is passed, the access processing is executed, so that the security of the access of the light application can be effectively improved.
Drawings
FIG. 1 is an interactive schematic diagram of an example of a light application-based access process in accordance with an embodiment of the present application;
FIG. 2 is a flow chart of steps of an embodiment of a lightweight application based access processing method of the present application;
FIG. 3 is a flow chart of steps of another embodiment of a lightweight application based access processing method of the present application;
FIG. 4 is a flow chart of steps of an alternative embodiment of a lightweight application based access processing method of the present application;
FIG. 5 is an interactive schematic diagram of another example of a lightweight application-based access process according to an embodiment of the application;
FIG. 6 is an interactive schematic diagram of another example of a light application-based access process in accordance with an embodiment of the present application;
fig. 7 is a schematic diagram of an exemplary apparatus provided in one embodiment of the application.
Detailed Description
In order that the above-recited objects, features and advantages of the present application will become more readily apparent, a more particular description of the application will be rendered by reference to the appended drawings and appended detailed description.
The embodiment of the application can be applied to various scenes supporting light applications, such as various application programs supporting light applications, such as instant messaging applications, social applications, payment applications, shopping applications and the like. Among these applications, light applications such as applets can be run to provide corresponding services. For example, a shopping applet is launched for shopping in an instant messaging application, a take-away applet point take-away is launched in a payment application, and so on. In the process of accessing based on the applet, the embodiment of the application realizes the capability of authenticating the trusted identity token of the light application through the set of the client and the server side (or cloud end) of the light application platform, and realizes the flexible access control of the communication layer based on the token.
Referring to FIG. 1, an interactive schematic diagram of an access processing example based on a light application is shown in an embodiment of the present application.
Step 102, when the light application is started, the client acquires verification configuration information, wherein the verification configuration information comprises application information, authority information, equipment information and account information.
When a light application is started in the client, the acquisition and authentication of the identity can be performed. The client obtains verification configuration information such as application information, authority information, equipment information, account information and the like. The application information is configuration information of the light application, such as an application identifier of the light application, and the application identifier is a unique identifier of the light application. The device information is the device information of the terminal device operated by the client, and can be unique identification information such as device identification, device fingerprint and the like. The account information is account information corresponding to a user logging in the client, such as unique identification information such as account identification. The account information is acquired after being allowed by the authorization of the user. The authority information is authority content required by the light application, such as album access authority, GPS access authority, camera access authority and the like. Application information, rights information, device information, account information may be used as verification configuration information.
And 104, the client generates a verification acquisition request according to the verification configuration information.
And step 106, the client sends the verification acquisition request.
The client may use the verification configuration information as a parameter to generate a token acquisition request, and then send the verification acquisition request to the server. The server is a server corresponding to the client, and may be referred to as a first server.
Step 108, the server acquires the verification configuration information from the verification acquisition request.
The server may acquire the verification configuration information from the verification acquisition request, and then determine data such as a token, a verification salt, and the like for performing verification based on the application information, the authority information, the device information, and the account information.
And 110, the server generates a token according to the account information, the equipment information and the application information.
And the server calculates a token according to the account information, the equipment information and the application information. In this embodiment, the token is a temporary token, so that the token is reapplied 30 minutes later if the token is valid for 30 minutes.
In the embodiment of the application, risk calculation can be performed based on the equipment information and the account information, the risk corresponding to the account (user) and the equipment can be detected, corresponding risk factors are obtained, and the risk factors are associated with the application, for example, the corresponding relation between the application identifier and the risk factors is established. The embodiment of the application can correlate the token, the risk factor, the account information, the equipment information and the application information, is convenient for subsequent verification, for example, is stored in a corresponding data table to be used as a record and is inquired with the subsequent.
And step 112, the server generates check salt according to the application information, the authority information, the equipment information and the account information.
The server side can also generate other check information based on the application information, the authority information, the equipment information and the account information, and generate check salts. Wherein the generating the check salt according to the configuration information, the authority information, the equipment information and the account information comprises: comparing the authority information with stored authority information, and adopting the authorized authority information to form an authority package; generating key data according to the account information and the equipment information; and generating check salt according to the token, the permission packet and the key data.
The stored authorization information can be acquired, and the authorization information is authority information which is authorized to be used by the user, can be acquired from the client and is reported to the server after being allowed by the user. The server may detect whether the authority information requested by the light application is authorized based on the authorization information, for example, compare the authority information with the authorization information, take the intersection of the two, determine one or more authorities permitted to be used by the user, and generate a corresponding authority packet. The rights package includes at least one right to authorize use.
Key data may also be generated based on the account information and the device information, the key data being bound to the application and the device, the key data changing when at least one of the key and the device changes. The key data may be a plurality of keys such as a symmetric key and an asymmetric key.
The token, the permission packet and the key data are adopted to generate corresponding check salt, for example, digest calculation is performed based on the token, the permission packet and the key data, for example, SHA256 digest is performed, for example, MD5 value is calculated, and the corresponding result is used as the check salt.
And 114, the server generates access check information based on the token and the check salt.
The server side can generate access check information by using the token, the permission packet, the key data and the check salt.
And step 116, the server sends the access verification information.
Step 118, the client performs verification according to the access verification information for the access request of the light application.
After receiving the access verification information, the client can verify the access request of the light application based on the access verification information.
In an optional embodiment, the verifying the access request for the light application according to the verification information includes: detecting whether a token exists for the access request of the light application; in the case of a token, detecting whether the time is within the valid time of the token; and under the condition that the time is in the effective time of the token, detecting the tampering risk through the check salt. After receiving the access request of the light application, it can first detect whether the light application has requested the token, if there is a token, it can further detect whether the current time is at the valid time of the token, and if the current time is at the valid time of the token, it can use check salt to perform tamper risk detection, that is, detect whether the data of the light application is tampered.
Wherein the access verification information further includes: rights package and key data; the detection of tamper risk by the check salt comprises: generating verification data according to the token, the permission packet and the key data; integrity checking is carried out on the verification data by adopting the check salt; after the verification is passed, confirming that there is no risk of tampering. The token, the permission packet and the key data can be used for carrying out the same calculation processing as the check salt, for example, the same digest algorithm SHA256 is used for calculating the digest, for example, MD5 value is calculated, and the corresponding result is used as the verification data. And then comparing the verification data with the check salt to determine whether the verification data and the check salt are the same, if so, considering that the data is not tampered, and passing the integrity check, the risk of tampering is avoided. If any one of the token, the permission packet and the key data is changed, the verification data is not matched with the check salt, and the integrity check is not passed.
And step 120, after the client passes the verification, executing the access processing.
After determining that there is no algorithm risk, the verification can be determined to pass, and subsequent access processing is performed. Other required authentication operations are also possible, among other things, for different access requests.
In one example, when the access request is an access to a specific local interface, the verifying according to the verification information further includes: judging whether the request authority is the authority in the authority package; and if the authority is the authority in the authority packet, confirming that the verification is passed. The access request may be an access to a specified local interface, such as a local sensitive JSAPI interface, such as a call location interface, a shooting interface, etc., so after determining that the data is not at risk of tampering, it may also be detected whether the currently requested rights are rights in the rights package, if not, a failure is returned, if so, the specified local interface may be called,
In another example, when the access request is to access the external transmission interface, the method further includes: encrypting the data packet based on the key data to obtain an encrypted data packet; after the verification is passed, executing access processing, including: and adding the encrypted data packet and the encrypted token to the access request, and sending the access request to the corresponding external server. The access request may be an external transmission interface, such as transmitting data to a server of a light application, so after determining that the data has no risk of tampering, the data packet may be encrypted by using key data to obtain an encrypted data packet, then the encrypted data packet and a token are added to the access request, the access request is sent to an external server (also referred to as a second server), and the subsequent external server may acquire the key data from the server (i.e. the first server) based on the access request and perform decryption.
In another example, when the access request is call server data, after the verification is passed, executing access processing includes: and adding the token in the access request, and sending the access request added with the token to an external server. When the access request is call server data, after determining that the data has no tampering risk, a token can be added in the access request, then the access request with the added token is sent to an external server (a second server), and the subsequent external server can acquire the required data from the server (i.e. the first server) based on the access request.
In summary, when a light application is started, acquiring verification configuration information, generating a verification acquisition request based on the verification configuration information, sending the verification acquisition request, generating access verification information by a server based on the application information, authority information, equipment information and account information, and then acquiring the access verification information, wherein the access verification information comprises: the token and the check salt are used for acquiring the required access check information when the light application is started, and the follow-up access request of the light application is verified according to the access check information, so that the verification is performed based on the token and the check salt, and after the verification is passed, the access processing is executed, so that the security of the access of the light application can be effectively improved.
On the basis of the embodiment, the embodiment of the application also provides an access processing method based on the light application, which is applied to the client side for checking data request and executing verification, as shown in fig. 2.
Step 202, when the light application is started, verification configuration information is obtained, wherein the verification configuration information comprises application information, authority information, equipment information and account information.
And 204, generating a verification acquisition request according to the verification configuration information, and sending the verification acquisition request so that the server generates access verification information based on the verification configuration information.
Step 206, receiving access check information, wherein the access check information comprises: a token and a check salt.
Step 208, verifying according to the access verification information for the access request of the light application.
The verifying the access request for the light application according to the verification information comprises the following steps: detecting whether a token exists for the access request of the light application; in the case of a token, detecting whether the time is within the valid time of the token; and under the condition that the time is in the effective time of the token, detecting the tampering risk through the check salt.
The access verification information further includes: rights package and key data; the detection of tamper risk by the check salt comprises: generating verification data according to the token, the permission packet and the key data; integrity checking is carried out on the verification data by adopting the check salt; after the verification is passed, confirming that there is no risk of tampering.
When the access request is for the access of the specific local interface, the verification is performed according to the verification information, and the method further comprises: judging whether the request authority is the authority in the authority package; and if the authority is the authority in the authority packet, confirming that the verification is passed.
Step 210, after the verification is passed, an access process is performed.
When the access request is to access the external transmission interface, the method further comprises: encrypting the data packet based on the key data to obtain an encrypted data packet; after the verification is passed, executing access processing, including: and adding the encrypted data packet and the encrypted token to the access request, and sending the access request to the corresponding external server.
The embodiment of the application realizes that different terminals are inconsistent with the rights acquired by the user and the light application, and realizes the rights minimization principle from the user side, thereby ensuring the safety of the user data.
When the access request is call server data, executing access processing after the verification is passed, including: and adding the token in the access request, and sending the access request added with the token to an external server.
On the basis of the above embodiment, the embodiment of the present application further provides an access processing method based on a light application, which is applied to the server side to calculate and perform verification of verification data, as shown in fig. 3.
Step 302, a verification acquisition request is received, and verification configuration information is acquired from the verification acquisition request.
And step 304, generating a token according to the account information, the equipment information and the application information.
And 306, generating check salt according to the application information, the authority information, the equipment information and the account information.
Wherein the generating the check salt according to the configuration information, the authority information, the equipment information and the account information comprises: comparing the authority information with stored authority information, and adopting the authorized authority information to form an authority package; generating key data according to the account information and the equipment information; and generating check salt according to the token, the permission packet and the key data.
Performing risk calculation based on the equipment information and the account information, and determining risk factors; and associating the risk factors with tokens, account information, equipment information and application information.
And 308, generating access check information based on the token and the check salt, and sending the access check information to process the access request based on the access check information at the client.
The server side also receives a key request sent by an external server side; acquiring an application identifier and a token from the key request; detecting identity information of the external server according to the application identifier; under the condition that the identity of the external server is legal, acquiring key data according to the application identifier and the token; and sending the key data to an external server. For a key request of an external server, an application identifier and a token can be obtained from the key request, then identity information of the external server is detected based on the application identifier and the token, for example, whether the token and the application identifier have an association or not is detected, if the token and the application identifier do not have the association, the identity verification fails, if the token and the application identifier do not have the association, the identity verification succeeds, the identity of the external server is legal, then key data can be obtained based on the application identifier and the token, key data corresponding to the application identifier and the token can be queried, and then the key data is fed back to the external server.
The server side also receives an access request of the external server side, and obtains an application identifier and a token from the access request; detecting identity information of the external server according to the application identifier; under the condition that the identity of the external server is legal, determining a risk factor according to the application identifier and the token; determining data which is allowed to be accessed according to the risk factors; and sending the data which is allowed to be accessed. For an access request of an external service terminal, an application identifier and a token are obtained from the access request, identity information of the external service terminal is detected based on the application identifier and the token, if the token and the application identifier have correlation, the identity verification fails, if the token and the application identifier do not have correlation, the identity verification is successful, if the external service terminal has correlation, the identity of the external service terminal is legal, then a risk factor is determined according to the application identifier and the token, namely, the risk factor is queried by adopting the application identifier and the token, a risk item is determined based on the risk factor, if the risk of user data is high, data related to the user is not fed back, or if the risk of equipment data is high, data related to the equipment can not be fed back, access permission data can be determined based on the risk item, and then the access permission data is fed back to the external service terminal.
Taking the applet as an example, the security problem is one of the problems which are difficult to solve in the mobile security field, and the problem is that from the technical aspect, the environment of webview changes, the client is caused to be difficult to accurately confirm the identity of the applet, and in order to reasonably allocate the rights, the rights are authorized in the modes of regular domain name matching, server issuing switch, local rights package and the like, and the problems cause that the problems are more and more along with the development of services. In order to solve the problems, the embodiment of the application uses the thought of identity verification to enable users to interactively participate in the process of identity verification, and the terminal and the cloud are combined to participate in the trusted identity verification of the whole link, so that the method is a complete security solution for applet trusted identity verification, and the problem that App override caused by security defects can be effectively avoided to acquire sensitive information. The problem that the existing applet abuses JSAPI to directly acquire the data of the server is solved, and the transparent encryption capability of the applet on the externally transmitted data is realized.
On the basis of the above embodiment, the embodiment of the application provides an access processing method based on light application, which is applied to verification processing under the condition of specific local interfaces.
Referring to fig. 4, a flowchart of steps of an alternative embodiment of a lightweight application based access processing method of the present application is shown.
Step 402, when the light application is started, verification configuration information is obtained, wherein the verification configuration information comprises application information, authority information, equipment information and account information.
And step 404, generating a verification acquisition request according to the verification configuration information, and sending the verification acquisition request.
Step 406, receiving access check information, where the access check information includes: a token and a check salt.
Step 408, for access to the specified local interface, detects whether a token is present.
If yes, go to step 410, if no, go to step 422.
Step 410, it is detected whether the time is within the validity time of the token.
If yes, go to step 412, if not, go to step 422.
Step 412, generating authentication data from the token, the rights package and the key data.
Step 414, determining whether the check salt is the same as the verification data.
If yes, go to step 416, if no, go to step 422.
Step 416, it is determined whether the requested rights are rights in the rights package.
If yes, go to step 418, if not, go to step 422.
Step 418 accesses the specified local interface.
And step 420, receiving the interface data returned by the specified local interface.
Step 422, return the access result of the access failure.
The embodiment of the application can prevent the problem of acquiring the sensitive information due to App override caused by security defect, and overcomes the problem of directly acquiring the server data by using JSAPI interfaces in the prior light application abuse.
Based on the above embodiments, the access processing method based on the light application is applied to the verification processing under the condition that the light application accesses the external transmission interface. The access verification information acquiring process is similar to the above embodiment, and therefore, the processing is started from the access verification information acquired before the access process is performed.
Referring to FIG. 5, an interactive schematic diagram of another example of a light application-based access process is shown, according to an embodiment of the present application.
In step 502, when the light application of the client accesses the external transmission interface, the data packet is encrypted based on the key data, so as to obtain an encrypted data packet.
The client detects whether a token is present, step 504.
If yes, go to step 506, if no, go to step 526.
In step 506, the client detects whether the time is within the validity time of the token.
If yes, go to step 508, if not, go to step 526.
In step 508, the client generates verification data according to the token, the permission packet and the key data.
Step 510, the client determines whether the check salt is the same as the verification data.
If yes, go to step 512, if no, go to step 526.
The client adds the encrypted data packet, token, to the access request, step 512.
In step 514, the client sends the request to the corresponding external server.
In step 516, the external server generates a key request according to the application identifier and the token.
In step 518, the external server sends a key request to the light application platform server.
And step 520, the light application platform server detects the identity information of the external server according to the application identifier.
The server acquires an application identifier and a token from the key request, and detects the identity information of the external server according to the application identifier. If the verification of the identity fails, step 526 may be performed, returning an access result of the access failure.
And 522, the light application platform server acquires key data according to the application identifier and the token.
In step 524, the light application platform server sends the key data to the external server.
And 526, returning an access result of the access failure.
The embodiment of the application realizes the transparent encryption capability of the applet on the externally transmitted data and ensures the safety of the data. And combining user authorization with a trusted identity, the risk of acquiring user data through silence of platform security defects without perception is avoided.
Based on the above embodiments, the access processing method based on the light application is applied to verification processing under the condition that the light application calls the server data. The access verification information acquiring process is similar to the above embodiment, and therefore, the processing is started from the access verification information acquired before the access process is performed.
Referring to FIG. 6, an interactive schematic diagram of another example of a light application-based access process is shown, according to an embodiment of the present application.
In step 602, when the light application of the client invokes the server data, the client detects whether a token exists.
If yes, go to step 604, if no, go to step 526.
In step 604, the client detects if the time is within the validity time of the token.
If yes, go to step 606, if not, go to step 526.
In step 606, the client generates authentication data according to the token, the rights package and the key data.
In step 608, the client determines whether the check salt is the same as the verification data.
If yes, go to step 610, if no, go to step 526.
In step 610, the client adds the token in the access request.
In step 612, the client sends an access request for adding the token to the corresponding external server.
In step 614, the external server generates an access request according to the application identifier and the token.
In step 616, the external server sends an access request to the light application platform server to add the token.
Step 618, the light application platform server detects the identity information of the external server according to the application identifier.
The server acquires an application identifier and a token from the key request, and detects the identity information of the external server according to the application identifier. If the verification of the identity fails, step 526 may be performed, returning an access result of the access failure.
And step 620, the light application platform server determines a risk factor according to the application identifier and the token.
In step 622, the light application platform server determines the data allowed to be accessed according to the risk factor.
In step 624, the light application platform server sends the data that is allowed to be accessed to the external server.
At step 626, the access result of the access failure is returned.
Compared with the prior art that all data passes through the client, the data security is not controllable. The embodiment of the application changes the mode that the light application directly acquires the data of the server based on the client JSAPI and adopts the identity token to acquire the data, and the server can flexibly control the output of the data based on wind control and access frequency through the scheme.
In the embodiments of the present application, if the user information is related, the user information is collected, used and stored after the user authorization is obtained, and various operations based on the user information are performed after the user authorization is obtained.
It should be noted that, for simplicity of description, the method embodiments are shown as a series of acts, but it should be understood by those skilled in the art that the embodiments are not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred embodiments, and that the acts are not necessarily required by the embodiments of the application.
On the basis of the embodiment, the embodiment also provides an access processing device based on the light application, which is applied to the terminal equipment.
The configuration acquisition module is used for acquiring verification configuration information when the light application is started, wherein the verification configuration information comprises application information, authority information, equipment information and account information; generating a verification acquisition request according to the verification configuration information, and sending the verification acquisition request so that a server side generates access verification information based on the verification configuration information; receiving access verification information, wherein the access verification information comprises: a token and a check salt;
The access verification module is used for verifying the access request of the light application according to the access verification information;
And the access processing module is used for executing access processing after the verification is passed.
In summary, when a light application is started, acquiring verification configuration information, generating a verification acquisition request based on the verification configuration information, sending the verification acquisition request, generating access verification information by a server based on the application information, authority information, equipment information and account information, and then acquiring the access verification information, wherein the access verification information comprises: the token and the check salt are used for acquiring the required access check information when the light application is started, and the follow-up access request of the light application is verified according to the access check information, so that the verification is performed based on the token and the check salt, and after the verification is passed, the access processing is executed, so that the security of the access of the light application can be effectively improved.
Optionally, the access verification module is configured to detect, for the access request of the light application, whether a token exists; in the case of a token, detecting whether the time is within the valid time of the token; and under the condition that the time is in the effective time of the token, detecting the tampering risk through the check salt.
Optionally, the access verification information further includes: rights package and key data; optionally, the access verification module is configured to generate verification data according to the token, the permission packet and the key data; integrity checking is carried out on the verification data by adopting the check salt; after the verification is passed, confirming that there is no risk of tampering.
Optionally, when the access request is an access to the specified local interface, the access verification module is further configured to determine whether the request permission is a permission in the permission packet; and if the authority is the authority in the authority packet, confirming that the verification is passed.
Optionally, when the access request is to access the external transmission interface, the access processing module is further configured to encrypt the data packet based on the key data to obtain an encrypted data packet; and adding the encrypted data packet and the encrypted token to the access request, and sending the access request to the corresponding external server.
And when the access request is call server data, the access processing module is used for adding the token in the access request and sending the access request added with the token to an external server.
On the basis of the embodiment, the embodiment also provides an access processing device based on the light application, which is applied to the electronic equipment of the server.
The configuration receiving module is used for receiving a verification acquisition request and acquiring verification configuration information from the verification acquisition request;
the token generation module is used for generating a token according to the account information, the equipment information and the application information;
the check salt generation module is used for generating check salt according to the application information, the authority information, the equipment information and the account information;
And the configuration feedback module is used for generating access check information based on the token and the check salt and sending the access check information so as to process the access request based on the access check information at the client.
Optionally, the check salt generating module is configured to compare the authority information with stored authority information, and adopt the authorized authority information to form an authority packet; generating key data according to the account information and the equipment information; and generating check salt according to the token, the permission packet and the key data.
Optionally, the method further comprises: the risk monitoring module is used for carrying out risk calculation based on the equipment information and the account information and determining risk factors; and associating the risk factors with tokens, account information, equipment information and application information.
Optionally, the method further comprises: the key processing module is used for receiving a key request sent by an external server; acquiring an application identifier and a token from the key request; detecting identity information of the external server according to the application identifier; under the condition that the identity of the external server is legal, acquiring key data according to the application identifier and the token; and sending the key data to an external server.
Optionally, the method further comprises: the data access module is used for receiving the access request of the external server and acquiring an application identifier and a token from the access request; detecting identity information of the external server according to the application identifier; under the condition that the identity of the external server is legal, determining a risk factor according to the application identifier and the token; determining data which is allowed to be accessed according to the risk factors; and sending the data which is allowed to be accessed.
The embodiment of the application can prevent the problem of acquiring the sensitive information due to App override caused by security defect, and overcomes the problem of directly acquiring the server data by using JSAPI interfaces in the prior light application abuse.
The embodiment of the application realizes the transparent encryption capability of the applet on the externally transmitted data and ensures the safety of the data. And combining user authorization with a trusted identity, the risk of acquiring user data through silence of platform security defects without perception is avoided.
Compared with the prior art that all data passes through the client, the data security is not controllable. The embodiment of the application changes the mode that the light application directly acquires the data of the server based on the client JSAPI and adopts the identity token to acquire the data, and the server can flexibly control the output of the data based on wind control and access frequency through the scheme.
In the embodiments of the present application, if the user information is related, the user information is collected, used and stored after the user authorization is obtained, and various operations based on the user information are performed after the user authorization is obtained.
The embodiment of the application also provides a non-volatile readable storage medium, where one or more modules (programs) are stored, where the one or more modules are applied to a device, and the instructions (instructions) of each method step in the embodiment of the application may cause the device to execute.
Embodiments of the application provide one or more machine-readable media having instructions stored thereon that, when executed by one or more processors, cause an electronic device to perform a method as described in one or more of the above embodiments. In the embodiment of the application, the electronic equipment comprises a server, terminal equipment and other equipment.
Embodiments of the present disclosure may be implemented as an apparatus for performing a desired configuration using any suitable hardware, firmware, software, or any combination thereof, which may include a server (cluster), terminal, or the like. Fig. 7 schematically illustrates an exemplary apparatus 700 that may be used to implement various embodiments described in the present disclosure.
For one embodiment, fig. 7 illustrates an example apparatus 700 having one or more processors 702, a control module (chipset) 704 coupled to at least one of the processor(s) 702, a memory 706 coupled to the control module 704, a non-volatile memory (NVM)/storage 708 coupled to the control module 704, one or more input/output devices 710 coupled to the control module 704, and a network interface 712 coupled to the control module 704.
The processor 702 may include one or more single-core or multi-core processors, and the processor 702 may include any combination of general-purpose or special-purpose processors (e.g., graphics processors, application processors, baseband processors, etc.). In some embodiments, the apparatus 700 may be used as a server, a terminal, or the like in the embodiments of the present application.
In some embodiments, the apparatus 700 can include one or more computer-readable media (e.g., memory 706 or NVM/storage 708) having instructions 714 and one or more processors 702 combined with the one or more computer-readable media configured to execute the instructions 714 to implement the modules to perform the actions described in this disclosure.
For one embodiment, the control module 704 may include any suitable interface controller to provide any suitable interface to at least one of the processor(s) 702 and/or any suitable device or component in communication with the control module 704.
The control module 704 may include a memory controller module to provide an interface to the memory 706. The memory controller modules may be hardware modules, software modules, and/or firmware modules.
Memory 706 may be used to load and store data and/or instructions 714 for device 700, for example. For one embodiment, memory 706 may comprise any suitable volatile memory, such as, for example, a suitable DRAM. In some embodiments, memory 706 may comprise double data rate type four synchronous dynamic random access memory (DDR 4 SDRAM).
For one embodiment, control module 704 may include one or more input/output controllers to provide interfaces to NVM/storage 708 and input/output device(s) 710.
For example, NVM/storage 708 may be used to store data and/or instructions 714. NVM/storage 708 may include any suitable nonvolatile memory (e.g., flash memory) and/or may include any suitable nonvolatile storage device(s) (e.g., one or more Hard Disk Drives (HDDs), one or more Compact Disc (CD) drives, and/or one or more Digital Versatile Disc (DVD) drives).
NVM/storage 708 may include a storage resource that is part of the device on which apparatus 700 is installed, or may be accessible by the device without necessarily being part of the device. For example, NVM/storage 708 may be accessed over a network via input/output device(s) 710.
Input/output device(s) 710 may provide an interface for apparatus 700 to communicate with any other suitable device, input/output device 710 may include communication components, audio components, sensor components, and the like. Network interface 712 may provide an interface for device 700 to communicate over one or more networks, and device 700 may communicate wirelessly with one or more components of a wireless network according to any of one or more wireless network standards and/or protocols, such as accessing a wireless network based on a communication standard, such as WiFi, 2G, 3G, 4G, 5G, etc., or a combination thereof.
For one embodiment, at least one of the processor(s) 702 may be packaged together with logic of one or more controllers (e.g., memory controller modules) of the control module 704. For one embodiment, at least one of the processor(s) 702 may be packaged together with logic of one or more controllers of the control module 704 to form a System In Package (SiP). For one embodiment, at least one of the processor(s) 702 may be integrated on the same die with logic of one or more controllers of the control module 704. For one embodiment, at least one of the processor(s) 702 may be integrated on the same die with logic of one or more controllers of the control module 704 to form a system on chip (SoC).
In various embodiments, the apparatus 700 may be, but is not limited to being: a server, a desktop computing device, or a mobile computing device (e.g., a laptop computing device, a handheld computing device, a tablet, a netbook, etc.), among other terminal devices. In various embodiments, the apparatus 700 may have more or fewer components and/or different architectures. For example, in some embodiments, the apparatus 700 includes one or more cameras, a keyboard, a Liquid Crystal Display (LCD) screen (including a touch screen display), a non-volatile memory port, multiple antennas, a graphics chip, an Application Specific Integrated Circuit (ASIC), and a speaker.
The detection device can adopt a main control chip as a processor or a control module, sensor data, position information and the like are stored in a memory or an NVM/storage device, a sensor group can be used as an input/output device, and a communication interface can comprise a network interface.
The embodiment of the application also provides electronic equipment, which comprises: a processor; and a memory having executable code stored thereon that, when executed, causes the processor to perform a method as described in one or more of the embodiments of the application. The memory in the embodiment of the application can store various data such as target files, file and application related data and the like, and also can comprise user behavior data and the like, thereby providing a data basis for various processes.
Embodiments of the application also provide one or more machine-readable media having stored thereon executable code that, when executed, causes a processor to perform a method as described in one or more of the embodiments of the application.
For the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments for relevant points.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described by differences from other embodiments, and identical and similar parts between the embodiments are all enough to be referred to each other.
Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the scope of the embodiments of the application.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or terminal device that comprises the element.
The foregoing has described in detail a light application-based access processing method, an electronic device and a storage medium, and specific examples have been used herein to illustrate the principles and embodiments of the present application, and the above examples are only for aiding in the understanding of the method and core ideas thereof; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present application, the present description should not be construed as limiting the present application in view of the above.

Claims (11)

1. An access processing method based on a light application, the method comprising:
when a light application is started, acquiring verification configuration information, wherein the verification configuration information comprises application information, authority information, equipment information and account information;
generating a verification acquisition request according to the verification configuration information, and sending the verification acquisition request so that a server side generates access verification information based on the verification configuration information;
receiving access verification information, wherein the access verification information comprises: the token is based on the account information, the equipment information and the application information, and the check salt is based on the application information, the authority information, the equipment information and the account information;
aiming at the access request of the light application, verifying according to the access verification information;
after the verification is passed, executing access processing;
When the access request is call server data, executing access processing after the verification is passed, including:
Adding the token in the access request, sending the access request added with the token to an external server, so that the external server sends the access request to a light application server, the light application server obtains an application identifier and the token from the access request, detects identity information of the external server according to the application identifier, determines a risk factor according to the application identifier and the token under the condition that the identity of the external server is legal, determines data allowing access according to the risk factor, and sends the data allowing access, wherein the risk factor is determined by performing risk calculation based on equipment information and account information, and the risk factor is associated with the token, the account information, the equipment information and the application information.
2. The method of claim 1, wherein the verifying the access request for the light application in accordance with the access verification information comprises:
Detecting whether a token exists for the access request of the light application;
in the case of a token, detecting whether the time is within the valid time of the token;
And under the condition that the time is in the effective time of the token, detecting the tampering risk through the check salt.
3. The method of claim 2, wherein the access verification information further comprises: rights package and key data; the detection of tamper risk by the check salt comprises:
generating verification data according to the token, the permission packet and the key data;
integrity checking is carried out on the verification data by adopting the check salt;
After the verification is passed, confirming that there is no risk of tampering.
4. A method according to claim 3, wherein when the access request is for access to a specified local interface, the validating according to the verification information further comprises:
Judging whether the request authority is the authority in the authority package;
And if the authority is the authority in the authority packet, confirming that the verification is passed.
5. A method according to claim 3, wherein when the access request is to access an outbound transport interface, the method further comprises:
encrypting the data packet based on the key data to obtain an encrypted data packet;
After the verification is passed, executing access processing, including:
and adding the encrypted data packet and the encrypted token to the access request, and sending the access request to the corresponding external server.
6. A method according to claim 3, wherein when the access request is call server data, the access processing is performed after the verification is passed, comprising:
and adding the token in the access request, and sending the access request added with the token to an external server.
7. An access processing method based on a light application, the method comprising:
Receiving a verification acquisition request, and acquiring verification configuration information from the verification acquisition request, wherein the verification configuration information is acquired when a light application is started;
generating a token according to the account information, the equipment information and the application information;
Generating check salt according to the application information, the authority information, the equipment information and the account information;
performing risk calculation based on the equipment information and the account information, and determining risk factors;
associating the risk factors with tokens, account information, device information and application information;
generating access check information based on the token and the check salt, and sending the access check information so as to process the access request of the light application based on the access check information at the client;
Receiving an access request of an external server, and acquiring an application identifier and a token from the access request;
Detecting identity information of the external server according to the application identifier;
under the condition that the identity of the external server is legal, determining a risk factor according to the application identifier and the token;
determining data which is allowed to be accessed according to the risk factors;
And sending the data which is allowed to be accessed.
8. The method of claim 7, wherein generating the check salt based on the application information, the rights information, the device information, the account information, comprises:
comparing the authority information with stored authority information, and adopting the authorized authority information to form an authority package;
generating key data according to the account information and the equipment information;
And generating check salt according to the token, the permission packet and the key data.
9. The method as recited in claim 8, further comprising:
Receiving a key request sent by an external server;
acquiring an application identifier and a token from the key request;
Detecting identity information of the external server according to the application identifier;
under the condition that the identity of the external server is legal, acquiring key data according to the application identifier and the token;
And sending the key data to an external server.
10. An electronic device, comprising: a processor;
And a memory having executable code stored thereon which, when executed by the processor, performs the method of any of claims 1-9.
11. A computer readable medium having stored thereon executable code which, when executed by a processor, performs the method of any of claims 1-9.
CN202210602260.0A 2022-05-30 2022-05-30 Access processing method based on light application, electronic equipment and storage medium Active CN114978733B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210602260.0A CN114978733B (en) 2022-05-30 2022-05-30 Access processing method based on light application, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210602260.0A CN114978733B (en) 2022-05-30 2022-05-30 Access processing method based on light application, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114978733A CN114978733A (en) 2022-08-30
CN114978733B true CN114978733B (en) 2024-05-14

Family

ID=82956995

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210602260.0A Active CN114978733B (en) 2022-05-30 2022-05-30 Access processing method based on light application, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114978733B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9455977B1 (en) * 2014-06-20 2016-09-27 Emc Corporation Remote management interface using credentials associated with respective access control intervals
CN108769059A (en) * 2018-06-21 2018-11-06 网易宝有限公司 Method of calibration, device, medium and computing device
CN109756337A (en) * 2017-11-06 2019-05-14 北京京东尚科信息技术有限公司 A kind of safety access method and device of service interface
CN109861968A (en) * 2018-12-13 2019-06-07 平安科技(深圳)有限公司 Resource access control method, device, computer equipment and storage medium
CN110601832A (en) * 2019-09-27 2019-12-20 中煤航测遥感集团有限公司 Data access method and device
CN112136303A (en) * 2018-05-24 2020-12-25 国际商业机器公司 Secure delegation of refresh tokens for time-consuming operations
CN112149068A (en) * 2019-06-27 2020-12-29 北京数安鑫云信息技术有限公司 Access-based authorization verification method, information generation method and device, and server
CN112507320A (en) * 2020-12-10 2021-03-16 东莞市盟大塑化科技有限公司 Access control method, device, system, electronic equipment and storage medium
CN112887260A (en) * 2019-11-30 2021-06-01 华为技术有限公司 Authorization method and device
CN113158198A (en) * 2020-01-22 2021-07-23 华为技术有限公司 Access control method, device, terminal equipment and storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7266840B2 (en) * 2001-07-12 2007-09-04 Vignette Corporation Method and system for secure, authorized e-mail based transactions
WO2020206014A1 (en) * 2019-04-03 2020-10-08 Arris Enterprises Llc Digital rights management authorization token pairing
US11245699B2 (en) * 2019-10-17 2022-02-08 Schweitzer Engineering Laboratories, Inc. Token-based device access restriction systems

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9455977B1 (en) * 2014-06-20 2016-09-27 Emc Corporation Remote management interface using credentials associated with respective access control intervals
CN109756337A (en) * 2017-11-06 2019-05-14 北京京东尚科信息技术有限公司 A kind of safety access method and device of service interface
CN112136303A (en) * 2018-05-24 2020-12-25 国际商业机器公司 Secure delegation of refresh tokens for time-consuming operations
CN108769059A (en) * 2018-06-21 2018-11-06 网易宝有限公司 Method of calibration, device, medium and computing device
CN109861968A (en) * 2018-12-13 2019-06-07 平安科技(深圳)有限公司 Resource access control method, device, computer equipment and storage medium
CN112149068A (en) * 2019-06-27 2020-12-29 北京数安鑫云信息技术有限公司 Access-based authorization verification method, information generation method and device, and server
CN110601832A (en) * 2019-09-27 2019-12-20 中煤航测遥感集团有限公司 Data access method and device
CN112887260A (en) * 2019-11-30 2021-06-01 华为技术有限公司 Authorization method and device
CN113158198A (en) * 2020-01-22 2021-07-23 华为技术有限公司 Access control method, device, terminal equipment and storage medium
CN112507320A (en) * 2020-12-10 2021-03-16 东莞市盟大塑化科技有限公司 Access control method, device, system, electronic equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
一种继电保护远程校验方法;包伟;张莹;王利业;张春峰;任红旭;李晓朋;;自动化技术与应用(10);全文 *

Also Published As

Publication number Publication date
CN114978733A (en) 2022-08-30

Similar Documents

Publication Publication Date Title
US11637707B2 (en) System and method for managing installation of an application package requiring high-risk permission access
US20190312730A1 (en) Authentication token request with referred application instance public key
CN113012008B (en) Identity management method, device and equipment based on trusted hardware
CN113542288B (en) Service authorization method, device, equipment and system
US20190140848A1 (en) Decentralized Access Control for Cloud Services
US10212151B2 (en) Method for operating a designated service, service unlocking method, and terminal
CN106991298B (en) Access method of application program to interface, authorization request method and device
US8959583B2 (en) Access to vaulted credentials using login computer and mobile computing device
US20240022572A1 (en) System and method for providing a web service using a mobile device capturing dual images
US9112854B1 (en) Secure communication between applications on untrusted platforms
WO2018233536A1 (en) Authentication method, and authentication data processing method and device based on blockchain
US10461937B1 (en) Hypervisor supported secrets compartment
CN104580112B (en) A kind of service authentication method, system and server
US8806192B2 (en) Protected authorization for untrusted clients
US20170155627A1 (en) Passing content securely from web browsers to computer applications
CN110021291B (en) Method and device for calling voice synthesis file
CN106330817A (en) Webpage access method, device and terminal
US10694330B2 (en) Validating mobile applications for accessing regulated content
CN115102744B (en) Data access method and device
CN114978733B (en) Access processing method based on light application, electronic equipment and storage medium
CN104917752B (en) A kind of method for detecting abnormality and system based on communication
CN113569214A (en) Essential data authorization method and system
CN117494090A (en) Login method and device of business system, storage medium and electronic equipment
CN114244583A (en) Data processing method and device based on mobile client
CN117579312A (en) Authorization method and authorization device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant