CN115883185A - Open bank three-party signing system and method - Google Patents

Open bank three-party signing system and method Download PDF

Info

Publication number
CN115883185A
CN115883185A CN202211506302.7A CN202211506302A CN115883185A CN 115883185 A CN115883185 A CN 115883185A CN 202211506302 A CN202211506302 A CN 202211506302A CN 115883185 A CN115883185 A CN 115883185A
Authority
CN
China
Prior art keywords
user
resource
receiving
party system
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211506302.7A
Other languages
Chinese (zh)
Inventor
崔晓军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN202211506302.7A priority Critical patent/CN115883185A/en
Publication of CN115883185A publication Critical patent/CN115883185A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses an open bank three-party signing system and a method, which relate to the technical field of distribution, and the system comprises: the third-party system is used for skipping to the identity authentication interface after receiving the user request; the authentication server is used for performing login authentication operation; if the authorization is successful, jumping to an authorization confirmation page; the management system is used for receiving an authorization mode selected by a user; if the mode is the flexible mode, the flexible mode is sent to the authority management server; the right management server is used for displaying the resource range which can be currently authorized by the user to the third-party system to the user, and sending an access request to the authentication server after the user selects the resource range; the authentication server is further configured to: returning the access code to the third-party system; the third party system is further configured to: after receiving the access code, sending a resource request to a resource server; and the resource server is used for verifying the access code and returning the resources in the resource range to the third-party system after the access code passes the verification. The invention enables the user to dynamically and flexibly authorize the resource range.

Description

Open bank three-party signing system and method
Technical Field
The invention relates to the field of distributed technology, in particular to an open bank three-party signing system and method.
Background
This section is intended to provide a background or context to the embodiments of the invention that are recited in the claims. The description herein is not admitted to be prior art by inclusion in this section.
In an open banking scenario, the banking services are provided to the end user through a third party system. When a platform initiates a financial service request of a certain terminal client to a bank through an API (application program interface) of the open bank, the bank judges whether financial service resources should be provided, and at the moment, a terminal user needs to authorize certain financial service authority of the terminal user in the bank to a third-party system.
The prior art is a traditional OAuth protocol, which performs identity authentication for a terminal user, and after the authentication is passed, a token can be exchanged by a code returned by the authentication, and then a resource server is accessed by the token to obtain a resource of the terminal user. In the original protocol, no dynamic authority control of the terminal user for the resource is supported. In a practical open bank scenario, a terminal user often wants to be able to more flexibly authorize a resource of the terminal user in a bank to a certain third-party system.
Therefore, an open bank three-party signing scheme is lacked at present, so that a terminal user can dynamically and flexibly authorize the resources of the terminal user in a bank to a third-party system.
Disclosure of Invention
The embodiment of the invention provides an open bank three-party signing system, which is used for enabling a user to dynamically and flexibly authorize the resources of the user in a bank to a third-party system and comprises the following steps: the system comprises an open system and a third-party system, wherein the open system further comprises a management system, an authentication server, an authority management server and a resource server;
the third-party system is used for skipping to an identity authentication interface of an authentication server in the open system after receiving the user request;
the authentication server is used for receiving login authentication operation performed by a user on an identity authentication interface; if the login authentication is successful, jumping to an authorization confirmation page for the user to select an authorization mode;
the management system is used for receiving the authorization mode selected by the user in an authorization confirmation interface; if the authorization mode selected by the user is the flexible mode, sending the flexible mode to the authority management server;
the authority management server is used for displaying the resource range which can be currently authorized by the user to the third-party system to the user after receiving the flexible mode, recording the resource range after the user selects the resource range, and sending an access request to the authentication server;
the authentication server is further configured to: after receiving the access request, returning an access code to a third-party system; the access code comprises the resource range;
the third party system is further configured to: after receiving an access code, sending a resource request to a resource server, wherein the access code carries the resource request;
and the resource server is used for verifying the access code after receiving the resource request and returning the resources in the corresponding resource range to the third-party system after the verification is passed.
The embodiment of the invention also provides an open bank three-party signing method, which is used for enabling a user to dynamically and flexibly authorize the resource of the user in the bank to a third-party system and is applied to an open system, and the method comprises the following steps:
receiving login authentication operation performed by a user on an identity authentication interface; after receiving a user request, the third-party system jumps to the identity authentication interface;
if the login authentication is successful, jumping to an authorization confirmation page for the user to select an authorization mode;
receiving an authorization mode selected by a user on an authorization confirmation interface;
if the authorization mode selected by the user is a flexible mode, displaying the resource range which can be currently authorized by the user to the third-party system to the user, and recording the resource range after the user selects;
returning the access code to the third-party system; the access code comprises the resource range; after receiving an access code, a third-party system sends a resource request to an open system, wherein the access code carries the resource request;
and after receiving the resource request, verifying the access code, and returning the resources in the corresponding resource range to the third-party system after the verification is passed.
The embodiment of the invention also provides computer equipment which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor realizes the open bank three-party signing method when executing the computer program.
The embodiment of the invention also provides a computer readable storage medium, wherein a computer program is stored in the computer readable storage medium, and when being executed by a processor, the computer program realizes the open bank three-party signing method.
The embodiment of the invention also provides a computer program product, which comprises a computer program, and the computer program realizes the open bank three-party signing method when being executed by the processor.
In the embodiment of the invention, the third-party system is used for skipping to an identity authentication interface of an authentication server in the open system after receiving a user request; the authentication server is used for receiving login authentication operation performed by a user on an identity authentication interface; if the login authentication is successful, jumping to an authorization confirmation page for the user to select an authorization mode; the management system is used for receiving the authorization mode selected by the user in an authorization confirmation interface; if the authorization mode selected by the user is the flexible mode, sending the flexible mode to the authority management server; the authority management server is used for displaying the resource range which can be currently authorized by the user to the third-party system to the user after receiving the flexible mode, recording the resource range after the user selects the resource range, and sending an access request to the authentication server; an authentication server, further configured to: after receiving the access request, returning an access code to a third-party system; the access code comprises the resource range; the third party system is further configured to: after receiving an access code, sending a resource request to a resource server, wherein the access code carries the resource request; the resource server is used for verifying the access code after receiving the resource request and returning the resources in the corresponding resource range to the third-party system after the verification is passed; compared with the traditional technical scheme of the OAuth protocol in the prior art; in the embodiment of the invention, the authority management server is added in the original OAuth protocol, so that the user can dynamically and flexibly authorize the resources of the user in the bank to the third-party system.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts. In the drawings:
fig. 1 is a block diagram of an open bank three-party signing system according to an embodiment of the present invention;
fig. 2 is a schematic view of an application scenario of the open bank three-party signing method in the embodiment of the present invention;
fig. 3 is a flowchart of a three-party signing method of an open bank in the embodiment of the present invention;
fig. 4 is a flowchart of a specific example of a three-party signing method for an open bank in the embodiment of the present invention;
fig. 5 is a flowchart of a specific example of an open bank three-party signing method in the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention are further described in detail below with reference to the accompanying drawings. The exemplary embodiments and descriptions of the present invention are provided to explain the present invention, but not to limit the present invention.
Fig. 1 is a block diagram of an open bank three-party sign-up system in an embodiment of the present invention. As shown in fig. 1, the open banking three-party signing system in the embodiment of the present invention may include an open system 100 and a third-party system 101, where the open system may further include a management system 102, an authentication server 103, an authority management server 104, and a resource server 105;
the third-party system 101 is configured to jump to an identity authentication interface of the authentication server 103 in the open system 100 after receiving the user request;
the authentication server 103 is configured to receive a login authentication operation performed by a user on an identity authentication interface; if the login authentication is successful, jumping to an authorization confirmation page for the user to select an authorization mode;
the management system 102 is used for receiving the authorization mode selected by the user in an authorization confirmation interface; if the authorization mode selected by the user is the flexible mode, sending the flexible mode to the authority management server 104;
the authority management server 104 is used for displaying the resource range which can be currently authorized by the user to the third-party system to the user after receiving the flexible mode, recording the resource range after the user selects the resource range, and sending an access request to the authentication server 103;
the authentication server 103 is further configured to: after receiving the access request, returning an access code to the third-party system 101; the access code comprises the resource scope;
the third party system 101 is further configured to: after receiving an access code, sending a resource request to the resource server 105, where the access code carries the resource request;
the resource server 105 is configured to verify the access code after receiving the resource request, and return the resource within the corresponding resource range to the third-party system 101 after the verification is passed.
In one embodiment, the open system may be a bank open platform system, that is, a bank uses its own open API as a core, and integrates the technologies of artificial intelligence, big data, module split-package and splicing, etc. to construct an open platform system, so that other third party systems can quickly embed the financial service program of the bank into the third party system through the API interface provided by the bank open platform, so that the bank open platform system can obtain data and users through the third party system, and finally provide more effective and convenient financial services for the users.
In one embodiment, the resource server may be an API gateway of an open system.
In one embodiment, the authority management server allows a user to maintain and modify the authority through a channel owned by a bank; the own channel of the bank can be an internet bank, a mobile phone bank and the like.
In one embodiment, the third-party system may be a partner for opening the system in various application scenarios, may also be an external system for a user to initiate a service request to the open system, and may be a friend cloud system, an e-commerce platform system, an industry internet platform system, or the like.
In one embodiment, the user may be a user initiating a service request to the open system through a third party system.
In one embodiment, the third party system may be configured to: registering with an open system before receiving a user request; wherein the user is registered with an open system. For example, in this embodiment, the third party system is an e-commerce platform system 1, the open system is an e-commerce platform system 1, the user 1 wants to initiate a service request to the e-commerce platform system 1 through the e-commerce platform system 1, and the e-commerce platform system 1 is not a user system of the e-commerce platform system 1, that is, the e-commerce platform system 1 is not registered with the e-commerce platform system 1, and then the e-commerce platform system 1 may register with the e-commerce platform system 1; if the user 1 has not registered with the online banking platform system 1, the user 1 may also register with the online banking platform system 1.
In this embodiment, if the user 1 is a private user, the user is involved, and the user 1 only needs to register with the online banking platform system 1; if the user 1 is a public user, i.e. a business-type user, a plurality of users are involved, and all sub-users of the user 1 need to register with the online banking platform system 1.
In one embodiment, after receiving the user request, the third-party system may jump to the identity authentication interface of the authentication server in the open system in a page jump manner.
In one embodiment, the authentication server receives a login authentication operation performed by a user on an identity authentication interface, wherein the login authentication operation performed by the user using a security factor agreed with the open system may be received; wherein, the security factor includes one or any combination of a user name, a password, token and a certificate. For example, the security factor agreed by the user and the open system is a user name: 1. password: 123, when the user performs the login authentication operation, the user can input the user name in the identity authentication interface: 1. password: 123, received by the authentication server to complete the subsequent operations.
In one embodiment, after login authentication is successful, the authentication server jumps to an authorization confirmation page for the user to select an authorization mode; the authorization mode can be a flexible mode or a simple mode. The simple mode can be that the user authorizes all the resources of the open system to be used by the third-party system. For example, after the login authentication is successful, the user selects the simple mode on the authorization confirmation page, the right management server defaults to set the resource range as all resources, and sends an access request to the authentication server to access all resources of the user in the open system.
In one embodiment, the resource scope may be one or any combination of the user's account number, service in the open system. For example, the user 2 has 3 account numbers in the open system, which are account number 1, account number 2, and account number 3, respectively, and can perform functions of accounting inquiry, money transfer, remittance, salary, financing, and the like, the user 2 may want to operate the account number 1 and the account number 2 through a third-party system, and only perform accounting inquiry and financing, and then the user may select resource ranges of account number 1 and account number 2, accounting inquiry service, and financing service.
In one embodiment, before the authentication server returns the access code to the third-party system, the authentication server may return the authorization code to the third-party system in a page callback manner; the third-party system can call an API (application program interface) of the open system to request an access code according to the registration system ID and the authorization code generated by the third-party system registering the open system with the third-party system.
In one embodiment, the third-party system may call an API interface of the open system in a manner of message signing by using a certificate issued to the third-party system by the open system.
In one embodiment, the resource server may send a validity verification request to the authentication server after receiving the resource request; after receiving the validity verification request, the authentication server verifies the validity of the access code and returns a validity verification result to the resource server; after the received validity verification result is passed, the resource server sends a validity verification request to the authority management server; after receiving the validity verification request, the authority management server verifies whether the currently accessed resource is valid or not, and feeds back a validity verification result to the resource server; and when the validity verification result is that the verification is passed, the resource server returns the resources within the resource range to the third-party system.
In one embodiment, an error is reported if the accessed resource is not within the range of resources included in the authorization code.
Fig. 2 is an application scenario diagram of the open bank three-party signing method in the embodiment of the present invention. As shown in fig. 2, an application scenario of the open bank three-party signing method in the embodiment of the present invention may include: user, open system, third party system.
The open bank three-party signing method in the embodiment of the invention is applied to an open system, and realizes data interaction with a user and a third-party system. The user jumps to the open system through the third-party system, login authentication operation, authorization mode selection and resource range selection are carried out on the open system, the open system returns an access code carrying a resource range to the third-party system, the third-party system sends a resource request to the open system, and the open system returns resources in the corresponding resource range to the third-party system after internal verification passes.
In order to enable the user to dynamically and flexibly authorize the resources of the user in the bank to the third-party system, fig. 3 is a flowchart of a method for opening a bank three-party subscription in the embodiment of the present invention. As shown in fig. 3, the open bank three-party signing method according to the embodiment of the present invention is applied to an open system, and may include:
step 301, receiving a login authentication operation performed by a user on an identity authentication interface; after receiving a user request, the third-party system jumps to the identity authentication interface;
step 302, if the login authentication is successful, jumping to an authorization confirmation page for the user to select an authorization mode;
step 303, receiving an authorization mode selected by a user on an authorization confirmation interface;
if the authorization mode selected by the user is a flexible mode, displaying the resource range which can be currently authorized by the user to the third-party system to the user, and recording the resource range after the user selects;
step 304, returning an access code to the third-party system; the access code comprises the resource range; after receiving an access code, a third-party system sends a resource request to an open system, wherein the access code carries the resource request;
and 305, after receiving the resource request, verifying the access code, and returning the resources in the corresponding resource range to the third-party system after the verification is passed.
As can be seen from the flowchart in fig. 3, the open bank three-party signing method in the embodiment of the present invention is different from the OAuth protocol technical scheme in the prior art, and is implemented by adding authorization mode selection and authorization range selection, so that a user can more dynamically and flexibly authorize resources of the user at a bank to a third-party system, and further, under a situation of opening the bank, the user can flexibly allocate resources of the user at the bank to various third-party systems, thereby assisting the user in implementing fine management.
In one embodiment, the method for receiving login authentication operation performed by a user in an identity authentication interface comprises the following steps: receiving login authentication operation performed by a user by using a safety factor agreed with the open system; wherein, the security factor includes one or any combination of a user name, a password, token and a certificate.
In one embodiment, before the access code is returned to the third-party system, the authorization code can be returned to the third-party system in a page callback mode; the third-party system calls an API (application programming interface) of the open system to request an access code according to a registration system ID and an authorization code generated by the third-party system registering to the open system.
In one embodiment, if the authorization mode selected by the user is the flexible mode, steps 302 and 303 may be performed after step 305.
In this embodiment, the third-party system may call an API interface of the open system in a manner of performing message signing by using a certificate issued to the third-party system by the open system.
In one embodiment, after receiving the resource request, verifying the access code, and returning the resource within the corresponding resource range to the third-party system after the verification is passed may include: and after receiving the resource request, verifying the validity of the access code, verifying whether the currently accessed resource is legal or not after the validity verification result is that the verification is passed, and returning the resource within the resource range to the third-party system when the validity verification result is that the verification is passed.
In the foregoing example, in order to enable a user to smoothly access resources of an open platform through a third-party platform, fig. 4 is a flowchart of a specific example of an open bank three-party signing method in an embodiment of the present invention. As shown in fig. 4, the three-party signing method for open bank in the embodiment of the present invention may further include:
step 401, the third-party system registers to the open system before receiving the user request; wherein the user registers with the open system.
In one embodiment, step 401 is performed before step 301 is performed.
In one embodiment, if the user is a public user, i.e. an enterprise-type user, and the user login is authorized by a handling operator of the enterprise, since the handling operator cannot fully represent the real desire of the enterprise, a step of the enterprise super manager logging in the bank online banking system for authorization can be added to ensure the security.
In the above example, in order to ensure that the access request is valid and that the accessed resource is legal, a verification step may be added, and fig. 5 is a flowchart of a specific example of the open bank three-party signing method in the embodiment of the present invention. As shown in fig. 5, the three-party signing method for open bank in the embodiment of the present invention may further include:
and 501, after receiving the resource request, verifying the validity of the access code, wherein the validity verification result is that whether the currently accessed resource is legal or not is verified after the verification is passed, and the validity verification result is that the resource within the resource range is returned to the third-party system when the verification is passed.
The embodiment of the invention also provides computer equipment which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor executes the computer program to realize the open bank three-party signing method.
The embodiment of the invention also provides a computer readable storage medium, wherein a computer program is stored in the computer readable storage medium, and when being executed by a processor, the computer program realizes the open bank three-party signing method.
The embodiment of the invention also provides a computer program product, which comprises a computer program, and the computer program realizes the open bank three-party signing method when being executed by the processor.
In the embodiment of the invention, the third-party system is used for skipping to an identity authentication interface of an authentication server in the open system after receiving a user request; the authentication server is used for receiving login authentication operation performed by a user on an identity authentication interface; if the login authentication is successful, jumping to an authorization confirmation page for the user to select an authorization mode; the management system is used for receiving the authorization mode selected by the user on an authorization confirmation interface; if the authorization mode selected by the user is the flexible mode, the flexible mode is sent to the authority management server; the authority management server is used for displaying the resource range which can be currently authorized by the user to the third-party system to the user after receiving the flexible mode, recording the resource range after the user selects the resource range, and sending an access request to the authentication server; an authentication server, further configured to: after receiving the access request, returning an access code to a third-party system; the access code comprises the resource scope; the third party system is further configured to: after receiving an access code, sending a resource request to a resource server, wherein the access code carries the resource request; the resource server is used for verifying the access code after receiving the resource request and returning the resources in the corresponding resource range to the third-party system after the verification is passed; compared with the traditional technical scheme of the OAuth protocol in the prior art; in the embodiment of the invention, the authority management server is added in the original OAuth protocol, so that the user can dynamically and flexibly authorize the resources of the user in the bank to the third-party system.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (15)

1. An open bank three-party signing system is characterized by comprising an open system and a third-party system, wherein the open system further comprises a management system, an authentication server, an authority management server and a resource server;
the third-party system is used for jumping to an identity authentication interface of an authentication server in the open system after receiving the user request;
the authentication server is used for receiving login authentication operation performed by a user on an identity authentication interface; if the login authentication is successful, jumping to an authorization confirmation page for the user to select an authorization mode;
the management system is used for receiving the authorization mode selected by the user in an authorization confirmation interface; if the authorization mode selected by the user is the flexible mode, sending the flexible mode to the authority management server;
the authority management server is used for displaying a resource range which can be currently authorized by the user to the third-party system to the user after receiving the flexible mode, recording the resource range after the user selects the resource range, and sending an access request to the authentication server;
the authentication server is further configured to: after receiving the access request, returning an access code to a third-party system; the access code comprises the resource range;
the third party system is further configured to: after receiving an access code, sending a resource request to a resource server, wherein the access code carries the resource request;
and the resource server is used for verifying the access code after receiving the resource request, and returning the resources in the corresponding resource range to the third-party system after the verification is passed.
2. The system of claim 1, wherein the third-party system is further configured to:
registering with an open system before receiving a user request;
wherein the user is registered with an open system.
3. The system of claim 1, wherein the authentication server is further configured to:
receiving login authentication operation of a user by using a safety factor appointed with the open system; wherein, the security factor includes one or any combination of a user name, a password, token and a certificate.
4. The system of claim 2, wherein the authentication server is further configured to:
before returning the access code to the third-party system, returning an authorization code to the third-party system in a page callback mode;
the third party system is further configured to: and calling an API (application programming interface) of the open system to request an access code according to the registration system ID and the authorization code generated by the third-party system registering in the open system.
5. The system of claim 4, wherein the third-party system is further configured to:
and calling an API (application programming interface) of the open system in a mode of signing a message by using a certificate issued to a third-party system by the open system.
6. The system of claim 1, wherein the resource server is further configured to:
after receiving a resource request, sending a validity verification request to the authentication server;
the authentication server is further configured to: after receiving the validity verification request, verifying the validity of the access code and returning a validity verification result to the resource server;
the resource server is further configured to: after the received validity verification result is that the validity is verified, a validity verification request is sent to the authority management server;
the rights management server is further configured to: after receiving a validity verification request, verifying whether the currently accessed resource is valid or not, and feeding back a validity verification result to a resource server;
the resource server is further configured to: and when the validity verification result is that the verification is passed, returning the resources within the resource range to the third-party system.
7. A three-party signing method for an open bank is characterized by being applied to an open system and comprising the following steps:
receiving login authentication operation performed by a user on an identity authentication interface; after receiving a user request, the third-party system jumps to the identity authentication interface;
if the login authentication is successful, jumping to an authorization confirmation page for the user to select an authorization mode;
receiving an authorization mode selected by a user on an authorization confirmation interface;
if the authorization mode selected by the user is a flexible mode, displaying the resource range which can be currently authorized by the user to the third-party system to the user, and recording the resource range after the user selects;
returning the access code to the third-party system; the access code comprises the resource scope; after receiving an access code, a third-party system sends a resource request to an open system, wherein the access code carries the resource request;
and after receiving the resource request, verifying the access code, and returning the resources in the corresponding resource range to the third-party system after the verification is passed.
8. The method of claim 7, further comprising:
the third-party system registers to the open system before receiving the user request;
wherein the user is registered with an open system.
9. The method of claim 7, wherein receiving a login authentication operation by a user at an identity authentication interface comprises:
receiving login authentication operation performed by a user by using a safety factor agreed with the open system; wherein, the security factor includes one or any combination of a user name, a password, token and a certificate.
10. The method of claim 8, further comprising:
before returning the access code to the third-party system, returning an authorization code to the third-party system in a page callback mode;
and the third-party system calls an API (application programming interface) of the open system to request an access code according to the registration system ID and the authorization code generated by the third-party system registering to the open system.
11. The method of claim 10, further comprising:
and the third-party system calls an API (application programming interface) of the open system in a mode of signing a message by using a certificate issued to the third-party system by the open system.
12. The method of claim 7, wherein verifying the access code after receiving the resource request and returning resources within the corresponding resource scope to the third-party system after verification is passed comprises:
and after receiving the resource request, verifying the validity of the access code, verifying whether the currently accessed resource is legal or not after the validity verification result is that the currently accessed resource passes the verification, and returning the resource within the resource range to the third-party system when the validity verification result is that the currently accessed resource passes the verification.
13. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any of claims 7 to 12 when executing the computer program.
14. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a processor, implements the method of any of claims 7 to 12.
15. A computer program product, characterized in that the computer program product comprises a computer program which, when being executed by a processor, carries out the method of any one of claims 7 to 12.
CN202211506302.7A 2022-11-28 2022-11-28 Open bank three-party signing system and method Pending CN115883185A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211506302.7A CN115883185A (en) 2022-11-28 2022-11-28 Open bank three-party signing system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211506302.7A CN115883185A (en) 2022-11-28 2022-11-28 Open bank three-party signing system and method

Publications (1)

Publication Number Publication Date
CN115883185A true CN115883185A (en) 2023-03-31

Family

ID=85764417

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211506302.7A Pending CN115883185A (en) 2022-11-28 2022-11-28 Open bank three-party signing system and method

Country Status (1)

Country Link
CN (1) CN115883185A (en)

Similar Documents

Publication Publication Date Title
CN111131242B (en) Authority control method, device and system
CN109583857B (en) Method, system, device and storage medium for processing public offer task
CN112136303B (en) Secure delegation of refresh tokens for time-consuming operations
CN102710640B (en) Authorization requesting method, device and system
CN102724647B (en) Method and system for access capability authorization
US20190325129A1 (en) Delegated authorization with multi-factor authentication
CN113312653A (en) Open platform authentication and authorization method, device and storage medium
CN110689332B (en) Resource account binding method, storage medium and electronic device
CN112202705A (en) Digital signature verification generation and verification method and system
US20220300587A1 (en) Establishing access sessions
CN111526111B (en) Control method, device and equipment for logging in light application and computer storage medium
CN106953831A (en) A kind of authorization method of user resources, apparatus and system
JP2010506312A (en) Reliable multi-channel authentication
CN111949959B (en) Authorization authentication method and device in Oauth protocol
KR20160018554A (en) Roaming internet-accessible application state across trusted and untrusted platforms
US20160248773A1 (en) Authorizations For Computing Devices To Access A Protected Resource
US9455972B1 (en) Provisioning a mobile device with a security application on the fly
CN103559430B (en) application account management method and device based on Android system
WO2013071836A1 (en) Method and apparatus for processing client application access authentication
CN116170234B (en) Single sign-on method and system based on virtual account authentication
CN114786170B (en) Uplink data security processing entity switching method, terminal, USIM and system
CN115883185A (en) Open bank three-party signing system and method
CN115085997B (en) Open authorization method and device
US11451537B2 (en) Securing identity token forwarding
CN114222006B (en) Processing method based on capability open platform and capability open platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination