CN116319949B - Session migration method, session migration device, terminal equipment and storage medium - Google Patents
Session migration method, session migration device, terminal equipment and storage medium Download PDFInfo
- Publication number
- CN116319949B CN116319949B CN202211631605.1A CN202211631605A CN116319949B CN 116319949 B CN116319949 B CN 116319949B CN 202211631605 A CN202211631605 A CN 202211631605A CN 116319949 B CN116319949 B CN 116319949B
- Authority
- CN
- China
- Prior art keywords
- session
- information
- pass
- client
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000013508 migration Methods 0.000 title claims abstract description 126
- 230000005012 migration Effects 0.000 title claims abstract description 126
- 238000000034 method Methods 0.000 title claims abstract description 96
- 238000012795 verification Methods 0.000 claims description 55
- 238000004590 computer program Methods 0.000 claims description 16
- 238000004806 packaging method and process Methods 0.000 claims description 3
- 230000008569 process Effects 0.000 abstract description 45
- 238000010586 diagram Methods 0.000 description 12
- 238000012546 transfer Methods 0.000 description 7
- 230000009471 action Effects 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 4
- 230000006399 behavior Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 230000007547 defect Effects 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000007613 environmental effect Effects 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/148—Migration or transfer of sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
Abstract
The application discloses a session migration method, a session migration device, terminal equipment and a storage medium, comprising the following steps: receiving a pass request sent by a first session client, wherein the pass request at least comprises first user session information and first session client equipment information; determining a session pass according to the first user session information and the first session client device information; and sending the session pass to the first session client so that the first session client sends the session pass to the second session client, the original session transmits the user information in the form of the session pass in the session migration process, the encryption algorithm adopted by the session pass is controlled by the original session server by adopting asymmetric encryption, any information is ensured not to be transmitted in a plaintext manner in the public environment in the session migration process, and the safety of the user data of the session migration is ensured.
Description
Technical Field
The present application belongs to the field of communications technologies, and in particular, to a session migration method, a session migration device, a terminal device, and a storage medium.
Background
In the development process of most mobile terminal applications, the situation of user session migration usually exists, the session migration generally exists in that mobile applications of different systems of two different systems are mutually nested to jointly realize a complete business operation flow, the operation flow is completed without running the same user session by two applications, the integrity of a user operation logic link can be realized, and data of the two applications are not shared, so that the problem of session sharing between the two applications can be solved only through session migration. For example, in the process that a user purchases and pays in an online mall, the user logs in to the online mobile mall to purchase goods and prepares to finish paying action for the goods, namely, a bank cash register application needs to be opened in the mall application to finish paying operation of the user at a financial end, wherein the mobile cash register application realized by using an H5 technology is embedded in other mobile proto mall APP applications developed based on an iOS or android system, the H5 mobile cash register application is opened in a proto APP application interface in a URL link access mode by using a mobile browser control built in the proto mall APP, and the user can conveniently operate contents of the H5 application end through the proto APP.
The service of the two applications is decoupled in this way, but because the original APP and the H5 application belong to different service systems and the data information of the two applications are not shared, the follow-up is to ensure that the user session of the original APP can be safely migrated to the H5 application end, so that the session of the two applications is kept highly consistent before and after the migration, and the operation occurring after the session migration can be smoothly executed in a safe and real environment. Many approaches to solve this problem have been proposed in the industry. For example, a method based on direct information transfer may be adopted, mainly using an information transmission interface between two applications to transfer user information, session data and other parameter information of an original session to a new session, so as to ensure that the new session can acquire the original session data and further ensure that the operation of the new session is consistent with the user session information of the original session. The method can also adopt a method based on information secondary verification, mainly comprises the steps that two applications respectively establish a complete user system, user data of the two applications are mutually independent, and after a user migrates to a new session through an original session, the next operation can be carried out after the new session verifies the user information in a secondary login or secondary verification code verification mode and the like.
Although the above methods can theoretically achieve the consistency of the operation of the new session end and the operation agent of the original session end after the user session is migrated to the new application through the original application, in the actual application scenario, the following defects and defects exist, for example, the user system information belongs to secret information and needs to be highly secret, and the two applications before and after the session migration belong to two different system systems, in the session migration process, the original session information is inconvenient to be directly transferred to the new session through the technical means due to the secret requirement, and the security risks such as information leakage are easily caused by migrating the user data to the new session through the information transfer mode.
Disclosure of Invention
The application aims to provide a session migration method, a session migration device, terminal equipment and a storage medium, so as to solve the defects in the prior art, and the technical problems to be solved by the application are realized by the following technical scheme.
In a first aspect, an embodiment of the present application provides a session migration method, where the method includes:
receiving a pass request sent by a first session client, wherein the pass request at least comprises first user session information and first session client equipment information;
Determining a session pass according to the first user session information and the first session client device information;
and sending the session pass to the first session client so that the first session client sends the session pass to a second session client.
Optionally, the determining the session pass according to the first user session information and the first session client device information includes:
signing the first user session information and the first session client equipment information by adopting a local private key to obtain first signature information;
encrypting the first user session information and the first session client equipment information by adopting a local public key to obtain a first session ciphertext;
and packaging the first signature information and the first session ciphertext into the session pass.
Optionally, the pass request further includes a service state, a time stamp, and random information, where the service state is used to determine whether the first session client is currently in a session, the time stamp is used to determine that the pass request is in a valid period, and the random information is used to determine the number of times of sending the pass request.
Optionally, the method further comprises:
judging whether the pass request is a first request or not through the random information;
and if the first request is made, returning a verification passing instruction to the second session server.
Optionally, the method further comprises:
after receiving second signature information and second session ciphertext sent by a second session server, decrypting the second session ciphertext by adopting a local private key to obtain decrypted second user session information and second session client equipment information;
comparing the first user session information with the second user session information and comparing the first session client device information with the second session client device information;
and if the first user session information is the same as the second user session information and the first session client equipment information is the same as the second session client equipment information, determining that the second signature information and the second session ciphertext pass verification.
In a second aspect, an embodiment of the present application provides a session migration method, where the method includes:
receiving a session pass sent by a second session client, wherein the session pass is sent by the first session client, and the session pass is determined according to first user session information and first session client equipment information;
Analyzing the session pass to obtain second signature information and second session ciphertext;
transmitting the second signature information and the second session ciphertext to a first session server so that the first session server verifies the second signature information and the second session ciphertext, and if the second signature information and the second session ciphertext pass the verification, determining the session pass as a target pass;
and returning the target pass to the second session client.
In a third aspect, an embodiment of the present application provides a session migration apparatus, where the apparatus includes:
the first receiving module is used for receiving a pass request sent by a first session client, wherein the pass request at least comprises first user session information and first session client equipment information;
a first determining module, configured to determine a session pass according to the first user session information and the first session client device information;
and the first sending module is used for sending the session pass to the first session client so that the first session client sends the session pass to the second session client.
Optionally, the first determining module is configured to:
signing the first user session information and the first session client equipment information by adopting a local private key to obtain first signature information;
encrypting the first user session information and the first session client equipment information by adopting a local public key to obtain a first session ciphertext;
and packaging the first signature information and the first session ciphertext into the session pass.
Optionally, the pass request further includes a service state, a time stamp, and random information, where the service state is used to determine whether the first session client is currently in a session, the time stamp is used to determine that the pass request is in a valid period, and the random information is used to determine the number of times of sending the pass request.
Optionally, the first sending module is further configured to:
judging whether the pass request is a first request or not through the random information;
and if the first request is made, returning a verification passing instruction to the second session server.
Optionally, the first sending module is further configured to:
after receiving second signature information and second session ciphertext sent by a second session server, decrypting the second session ciphertext by adopting a local private key to obtain decrypted second user session information and second session client equipment information;
Comparing the first user session information with the second user session information and comparing the first session client device information with the second session client device information;
and if the first user session information is the same as the second user session information and the first session client equipment information is the same as the second session client equipment information, determining that the second signature information and the second session ciphertext pass verification.
In a fourth aspect, an embodiment of the present application provides a session migration apparatus, where the apparatus includes:
a second receiving module, configured to receive a session pass sent by a second session client, where the session pass is sent by the first session client, and the session pass is determined according to first user session information and first session client device information;
the analysis module is used for analyzing the session pass to obtain second signature information and second session ciphertext;
the second sending module is used for sending the second signature information and the second session ciphertext to the first session server so that the first session server verifies the second signature information and the second session ciphertext, and if the second signature information and the second session ciphertext pass the verification, the session pass is determined to be a target pass;
And the return module is used for returning the target pass to the second session client.
In a fifth aspect, an embodiment of the present application provides a terminal device, including: at least one processor and memory;
the memory stores a computer program; the at least one processor executes the computer program stored by the memory to implement the session migration method provided in the first aspect.
In a sixth aspect, an embodiment of the present application provides a computer-readable storage medium having stored therein a computer program that when executed implements the session migration method provided in the first aspect.
In a seventh aspect, an embodiment of the present application provides a terminal device, including: at least one processor and memory;
the memory stores a computer program; the at least one processor executes the computer program stored by the memory to implement the session migration method provided in the second aspect.
In an eighth aspect, an embodiment of the present application provides a computer-readable storage medium having stored therein a computer program that when executed implements the session migration method provided in the second aspect.
The embodiment of the application has the following advantages:
the session migration method, the session migration device, the terminal equipment and the storage medium provided by the embodiment of the application are used for receiving a pass request sent by a first session client, wherein the pass request at least comprises first user session information and first session client equipment information; determining a session pass according to the first user session information and the first session client device information; and sending the session pass to the first session client so that the first session client sends the session pass to the second session client, the original session transmits the user information in the form of the session pass in the session migration process, the encryption algorithm adopted by the session pass is controlled by the original session server by adopting asymmetric encryption, any information is ensured not to be transmitted in a plaintext manner in the public environment in the session migration process, and the safety of the user data of the session migration is ensured.
Drawings
In order to more clearly illustrate the embodiments of the application or the prior art solutions, the drawings which are used in the description of the embodiments or the prior art will be briefly described below, it being obvious that the drawings in the description below are only some of the embodiments described in the present application, and that other drawings can be obtained according to these drawings without inventive faculty for a person skilled in the art.
FIG. 1 is a flow chart of a session migration method according to an embodiment of the present application;
FIG. 2 is a flow chart of a session migration method according to an embodiment of the present application;
FIG. 3 is a schematic diagram illustrating a session migration system according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a pass generation and migration workflow according to an embodiment of the present application;
FIG. 5 is a schematic diagram of a pass verification workflow according to an embodiment of the present application;
FIG. 6 is a block diagram of an embodiment of a session migration apparatus of the present application;
FIG. 7 is a block diagram of a session migration apparatus embodiment of the present application;
fig. 8 is a schematic structural view of a terminal device of the present application;
fig. 9 is a schematic structural view of a terminal device of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be clearly and completely described below with reference to specific embodiments and corresponding drawings. It will be apparent that the described embodiments are only some, but not all, embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
An embodiment of the application provides a session migration method for session migration of different terminals. The execution body of the embodiment is a session migration device, which is disposed on a terminal device, for example, the terminal device includes at least a computer terminal and the like.
Referring to fig. 1, a step flow diagram of an embodiment of a session migration method of the present application is shown, where the method may specifically include the following steps:
s101, receiving a pass request sent by a first session client, wherein the pass request at least comprises first user session information and first session client equipment information;
specifically, when a session needs to be skipped to another session during the processing of the session on the first session client, for comparison, the first session client sends a pass request to the first session server, where the pass request includes first user session information and first session client device information, for example, the first user session information includes conference content of a certain session, for example, a certain website is opened, and the first session client device information includes a client identifier, for example, a mac address of a terminal, a terminal model, an IP address of a terminal, and so on.
S102, determining a session pass according to first user session information and first session client equipment information;
after receiving a pass request sent by a first session client side, the first session server calculates a session pass according to first user session information and first session client side equipment information in the pass request, namely signs the first user session information and the first session client side equipment information by adopting a local private key to obtain first signature information; encrypting the first user session information and the first session client equipment information by adopting a local public key to obtain a first session ciphertext; the first signature information and the first session cryptogram are packaged into a session pass.
In the application, the session license has timeliness and uniqueness, after the session license passes the verification of the original session end, the new session server end issues the license for the license, the license corresponds to the session license one by one, and the actions such as user operation access in the new session are completely executed based on the license. Once issued successfully, the pass license represents a successful session migration. The pass license has the operation and access effects of the new session, meanwhile, the pass license has a certain effective period, the pass license is automatically destroyed after being out of date, once the pass license is out of date or unavailable, the operation and access effects of the new session are lost, the client can immediately stop the operation of the new session, and the original session is required to apply for the pass again for session migration.
S103, sending the session pass to the first session client so that the first session client sends the session pass to the second session client;
specifically, the first session server sends the generated session pass to the first session client, the first session client sends the session pass to the second session client, the second session client makes an initial judgment on whether the session pass conforms to a preset format, if so, the session pass is sent to the second session server, the second session server sends the session pass to the first session server, the first session server verifies the session pass, if so, a pass is returned, the second session server sends the pass to the second session client again, so that the session migration from the first session client to the second session client is realized, and in the process, the session pass is used for transmission, the occurrence of data leakage in the transmission process is avoided, and the safety of session migration data is ensured.
The session migration method provided by the embodiment of the application is characterized by receiving a pass request sent by a first session client, wherein the pass request at least comprises first user session information and first session client equipment information; determining a session pass according to the first user session information and the first session client device information; and sending the session pass to the first session client so that the first session client sends the session pass to the second session client, the original session transmits the user information in the form of the session pass in the session migration process, the encryption algorithm adopted by the session pass is controlled by the original session server by adopting asymmetric encryption, any information is ensured not to be transmitted in a plaintext manner in the public environment in the session migration process, and the safety of the user data of the session migration is ensured.
The session migration method provided by the embodiment of the application is further described in a further embodiment of the application.
Optionally, determining the session pass according to the first user session information and the first session client device information includes:
signing the first user session information and the first session client equipment information by adopting a local private key to obtain first signature information;
encrypting the first user session information and the first session client equipment information by adopting a local public key to obtain a first session ciphertext;
the first signature information and the first session cryptogram are packaged into a session pass.
Specifically, the validity of the pass is verified by the issuer of the pass, namely the first session server, and because the private key of the original session server only exists locally at the original session server (namely the first session server), the original session server verifies the validity of the pass sent by the new session, so that the original pass which is actually generated by the original session server can be effectively verified, and the original session server can effectively confirm that the pass is not tampered maliciously in the whole session migration process by using the public key for the signature verification operation of the original signature, thereby ensuring that the current session migration process is not attacked maliciously and sensitive information of a user is not revealed.
Optionally, the pass request further includes a service state, a time stamp, and random information, where the service state is used to determine whether the first session client is currently in a session, the time stamp is used to determine that the pass request is in a valid period, and the random information is used to determine the number of times of sending the pass request.
Specifically, the first session client sends a pass request to the first session server, the pass request further includes a service state, a time stamp and random information, the service state is used for judging whether the first session client is currently in a session, the time stamp is used for judging whether the pass request is in an effective time period, the random information is used for judging the sending times of the pass request, and the first session server checks the environmental information of the session equipment. In a pass verification link, the original session can also verify the device environment information reported by the new session, the running environment of the new session is required to be completely consistent with the running environment when the original session applies for passes, and once the device information of the new session is abnormal, the new session is indicated to be possibly maliciously transferred from the device environment of the original session and tries to independently run by using an external unknown environment, so that the security risk of the running environment exists, and the actions such as maliciously monitoring or maliciously controlling the operation of the new session caused by the invasion of virus instructions of the external environment are avoided through the limitation requirement of the running environment of the original device.
Optionally, the method further comprises:
judging whether the pass request is a first request or not through random information;
and if the first request is made, returning a verification passing instruction to the second session server.
The new session client sends the pass passing the initial verification to the new session server, the server performs preliminary analysis on the pass, signature information and session ciphertext of the pass can be obtained after the analysis, the analyzed content is delivered to the original session server for further verification, the original session server firstly judges whether the pass is the first verification, and if the pass is the first verification, the session ciphertext is decrypted by using a local private key to obtain effective user information and client equipment information of the original session.
In the embodiment of the application, the pass of each session is only allowed to be analyzed and verified once, the pass is verified for a plurality of times, the loss of the pass of the session or the theft of the pass of the session is indicated in the session migration process, the new session is manually pulled up and the operation right of the new session is tried to be obtained in a normal verification mode under the condition that the pass is not allowed by the original session, once the suspicious verification action of the pass occurs in the session migration process, the session immediately starts a self-protection mechanism, automatically stops the migration and automatically cancels the current original session and all the sessions which have completed the migration, and registers and reports the abnormal session. By limiting the verification of the pass, the illegal operation of the lost pass in an attempt to submerge in the new session end under the condition that the pass is revealed or the pass is stolen in advance before the verification is sent can be effectively avoided.
Optionally, the method further comprises:
after receiving the second signature information and the second session ciphertext sent by the second session server, decrypting the second session ciphertext by adopting a local private key to obtain decrypted second user session information and second session client equipment information;
comparing the first user session information with the second user session information and comparing the first session client device information with the second session client device information;
if the first user session information is the same as the second user session information and the first session client device information is the same as the second session client device information, the second signature information and the second session ciphertext are determined to pass the verification.
Referring to fig. 2, a step flow diagram of an embodiment of a session migration method of the present application is shown, where the session migration method includes:
s201, receiving a session pass sent by a second session client, wherein the session pass is sent by a first session client, and the session pass is determined according to first user session information and first session client equipment information;
specifically, the second session client receives the session pass sent by the first session client, and the second session client sends the session pass to the second session server, where the session pass is determined according to the first user session information and the first session client device information.
S202, analyzing the session pass to obtain second signature information and second session ciphertext;
and the second session client analyzes the session pass to obtain second signature information and second session ciphertext.
S203, the second signature information and the second session ciphertext are sent to the first session server, so that the first session server verifies the second signature information and the second session ciphertext, and if the second signature information and the second session ciphertext pass the verification, the session pass is determined to be the target pass;
the second client server sends second signature information and second session ciphertext to the first session server, the first session server verifies the second signature information and the second session ciphertext, and after receiving the second signature information and the second session ciphertext sent by the second session server, the second session ciphertext is decrypted by adopting a local private key to obtain decrypted second user session information and second session client equipment information; comparing the first user session information with the second user session information and comparing the first session client device information with the second session client device information; if the first user session information is the same as the second user session information and the first session client device information is the same as the second session client device information, the second signature information and the second session ciphertext are determined to pass the verification.
S204, returning the target pass to the second session client.
The target pass is a pass, the first session server returns the target pass to the second session server, and the second session server returns the target pass to the second session client.
Fig. 3 is a schematic structural diagram of a session migration system according to an embodiment of the present application, where the session migration system includes four terminals, that is, an original session client (a first session client), an original session server (a first session server), a new session client (a second session server), and a new session server (a second session client). In the aspect of key storage, in order to ensure the security of a storage medium, a client uniformly prohibits storing of private keys, an original session server maintains own local public and private keys, a new session server maintains own local public and private keys, and a new session client has a public key of the new session server, and meanwhile, the original session server and the new session server share a symmetrical key.
The working principle of session migration is specifically as follows:
the original session encrypts and encapsulates the session information into a pass to be migrated to a new session, the new session is used for verifying the validity of the pass and then exchanging the pass, and all subsequent business operations of the new session are completed based on the pass. The pass of the original session only allows one to exist for the same user identity, and the pass of the same user identity after the session migration can only exchange one valid pass in the same original session life cycle, so that the uniqueness of the subsequent session operation based on the pass is ensured.
The secure transfer and verification of the pass is an important guarantee of security before and after the session transfer, and once the session transfer process is suspicious, the pass is immediately logged out and the transfer is stopped.
All links in the whole structure are synchronous communication with real-time request and real-time response, and asynchronous communication links are not present.
In the process of the original session end, two links of applying a pass from the original session to the server end and migrating the pass to the new session are involved, and fig. 4 is a schematic diagram of a workflow for generating and migrating the pass in an embodiment of the present application; the original session client applies for a pass of a current user session to the original session server, the original session client transmits current user information, current client equipment information, a time stamp and a random string to the first session server, the first session server judges whether the current user session is actually valid according to the session state of the current user, checks whether the action of the current initiation application is within the allowed validity period according to the time stamp, and judges whether to repeatedly send the application according to the random string, so that risks of malicious request pass behavior of false session and repeated sending of pass application for times when the current session is expired or the session is expired are avoided.
The original session server records the original session client equipment information, signs the current user session information and the client equipment information by using a local private key, encrypts the current user session information and the client equipment information by using a local public key, encapsulates signature information and session ciphertext into a pass and transmits the pass back to the original session client (the first session client).
And starting the local client browser to open the new session client in the URL link mode immediately after the original session client receives the pass, and transmitting the acquired session pass to the new session client in the parameter transmission mode.
The new session client needs to perform initial verification on the pass, judges whether the pass is legal and meets the basic format requirement of the pass, if so, further initiates the authenticity verification on the pass, and if not, refuses to establish the new session.
In the verification link of the pass migration, two links of transmitting the pass to the server by the new session and initiating a verification request to the original session server by the new session server are involved. FIG. 5 is a schematic diagram of a pass verification workflow according to an embodiment of the present application;
the new session client sends the pass passing the initial verification to the new session server, the server performs preliminary analysis on the pass, signature information and session ciphertext of the pass can be obtained after the analysis, the analyzed content is delivered to the original session server for further verification, the original session server firstly judges whether the pass is the first verification, and if the pass is the first verification, the session ciphertext is decrypted by using a local private key to obtain effective user information and client equipment information of the original session.
The original session server firstly carries out verification on the device information obtained after the password is decrypted through the device information registered when the client applies, and ensures that the device information in the password is consistent with the application party, thereby ensuring that the device environment during session migration is not replaced maliciously, and ensuring that a new session is opened in the safety environment of the original session device.
The original session server extracts the current local effective user according to the decrypted user information, assembles the user object information and signs the user object information by using a local private key, and verifies whether the signature is consistent with the signature obtained by the new session in the pass or not so as to ensure that the pass is originally obtained in the session migration process and is not maliciously tampered in the midway.
The embodiment of the application increases the links that the new session needs to initiate the pass validity verification to the original session. In the migration process of the session, the new session does not carry out any transformation and direct use on the pass, the original pass is issued by the original session, and all verification links are completed by the original session as well, so that the risk of external leakage of user information and session information is avoided. The ability to log out of suspicious session passes is also increased. The original session is used for uniformly controlling the pass, the original session marks the pass verification initiated by the new session in the migration process of the session, the original session is added to sense the behavior that the pass is attempted to be sent for multiple times, once the pass is analyzed and verified twice or more, the original session immediately logs out of the pass and reports the registration risk session, and the phenomenon that the new session is still manually opened and illegal operation is performed by attempting to submerge in the new session end by using the name of the lost pass and the original session is avoided under the condition that the pass is leaked or the pass is stolen in advance before being sent and verified.
The embodiment of the application solves the problems that in the process of one session migration, session information is lost or is maliciously stolen, so that an external person can start a new session through a manual control means and can enter the new session to perform illegal operation under the name of the original session. Once the original session tries to initiate two or more migration actions, the session of the user can be immediately and forcedly stopped and reported to register a risk session, single-point operation of the session is ensured, and uniqueness of operation of the user after the session is migrated is ensured.
The validity verification of the original session equipment environment information is increased, equipment information transmitted by a new session must be completely consistent with the equipment environment information when the original session applies for a pass in the migration process of the session, so that the whole migration process of the session is ensured to be completed in the same equipment environment, and the phenomenon that the new session is opened in an unknown browser environment of an unknown equipment terminal to generate external illegal operation separated from the original session is avoided.
All user sensitive information of the original session end is not exposed in a plaintext form in any environment except the original session end, user data and sensitive information are transmitted in a ciphertext form after being packaged, and an algorithm and a verification key are controlled by the original session end, so that the safety of data information is ensured.
In the session migration process, the session is not copied due to the fact that the session is stolen or obtained from the outside, and then unknown risk operation is generated, once an original session pass is used for multiple times and analysis and verification are attempted, the original session can cut off all current session migration behaviors and log off the pass, risk tracking is carried out on the session after reporting risks are registered, and safe migration of the session is guaranteed.
The new session end has the capability of discriminating the equipment, and the equipment environment must be the safety migration of the session by the authenticated party when the original session applies for migration, so that the environmental safety of the whole process of session migration is realized.
The security risk problem of user sensitive information caused by user information leakage in the process of transferring user session information is solved, the user information is transferred in a pass mode by an original session in the process of transferring session information, an encryption algorithm adopted by the pass is controlled by an original session server by adopting asymmetric encryption, any sensitive information is ensured not to be transferred in a plaintext mode in the public environment in the process of transferring session, and the security of user data transferred by the session is ensured.
After the conversation is migrated, the new conversation can independently and normally run in an external arbitrary environment to cause the problem that the new conversation is easy to be attacked by the outside, after the conversation is migrated, the environment binding relation before and after the conversation is migrated is established, the operation of the internal environment of the original conversation is only supported, the independent copying of the conversation to any external third party environment is forbidden, once the new conversation loses the binding connection with the original environment, the new conversation is immediately and forcedly stopped, and the safety of the operation environment after the conversation is migrated is ensured.
It should be noted that, for simplicity of description, the method embodiments are shown as a series of acts, but it should be understood by those skilled in the art that the embodiments are not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred embodiments, and that the acts are not necessarily required by the embodiments of the application.
The session migration method provided by the embodiment of the application is characterized by receiving a pass request sent by a first session client, wherein the pass request at least comprises first user session information and first session client equipment information; determining a session pass according to the first user session information and the first session client device information; and sending the session pass to the first session client so that the first session client sends the session pass to the second session client, the original session transmits the user information in the form of the session pass in the session migration process, the encryption algorithm adopted by the session pass is controlled by the original session server by adopting asymmetric encryption, any information is ensured not to be transmitted in a plaintext manner in the public environment in the session migration process, and the safety of the user data of the session migration is ensured.
Another embodiment of the present application provides a session migration apparatus, configured to execute the session migration method provided in the foregoing embodiment.
Referring to fig. 6, there is shown a block diagram of an embodiment of a session migration apparatus according to the present application, which may specifically include the following modules: a first receiving module 601, a first determining module 602, and a first transmitting module 603, wherein:
the first receiving module 601 is configured to receive a pass request sent by a first session client, where the pass request includes at least first user session information and first session client device information;
the first determining module 602 is configured to determine a session pass according to the first user session information and the first session client device information;
the first sending module 603 is configured to send the session pass to the first session client, so that the first session client sends the session pass to the second session client.
The session migration device provided by the embodiment of the application receives a pass request sent by a first session client, wherein the pass request at least comprises first user session information and first session client equipment information; determining a session pass according to the first user session information and the first session client device information; and sending the session pass to the first session client so that the first session client sends the session pass to the second session client, the original session transmits the user information in the form of the session pass in the session migration process, the encryption algorithm adopted by the session pass is controlled by the original session server by adopting asymmetric encryption, any information is ensured not to be transmitted in a plaintext manner in the public environment in the session migration process, and the safety of the user data of the session migration is ensured.
The session migration device provided by the embodiment of the application is further described in a further embodiment.
Optionally, the first determining module is configured to:
signing the first user session information and the first session client equipment information by adopting a local private key to obtain first signature information;
encrypting the first user session information and the first session client equipment information by adopting a local public key to obtain a first session ciphertext;
the first signature information and the first session cryptogram are packaged into a session pass.
Optionally, the pass request further includes a service state, a time stamp, and random information, where the service state is used to determine whether the first session client is currently in a session, the time stamp is used to determine that the pass request is in a valid period, and the random information is used to determine the number of times of sending the pass request.
Optionally, the first sending module is further configured to:
judging whether the pass request is a first request or not through random information;
and if the first request is made, returning a verification passing instruction to the second session server.
Optionally, the first sending module is further configured to:
after receiving the second signature information and the second session ciphertext sent by the second session server, decrypting the second session ciphertext by adopting a local private key to obtain decrypted second user session information and second session client equipment information;
Comparing the first user session information with the second user session information and comparing the first session client device information with the second session client device information;
if the first user session information is the same as the second user session information and the first session client device information is the same as the second session client device information, the second signature information and the second session ciphertext are determined to pass the verification.
For the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments for relevant points.
The session migration device provided by the embodiment of the application receives a pass request sent by a first session client, wherein the pass request at least comprises first user session information and first session client equipment information; determining a session pass according to the first user session information and the first session client device information; and sending the session pass to the first session client so that the first session client sends the session pass to the second session client, the original session transmits the user information in the form of the session pass in the session migration process, the encryption algorithm adopted by the session pass is controlled by the original session server by adopting asymmetric encryption, any information is ensured not to be transmitted in a plaintext manner in the public environment in the session migration process, and the safety of the user data of the session migration is ensured.
Another embodiment of the present application provides a session migration apparatus, configured to execute the session migration method provided in the foregoing embodiment.
Referring to fig. 7, there is shown a block diagram of an embodiment of a session migration apparatus according to the present application, which may specifically include the following modules: a second receiving module 701, a parsing module 702, a second sending module 703 and a returning module 704, wherein:
the second receiving module 701 is configured to receive a session pass sent by a second session client, where the session pass is sent by a first session client, and the session pass is determined according to the first user session information and the first session client device information;
the parsing module 702 is configured to parse the session pass to obtain second signature information and a second session ciphertext;
the second sending module 703 is configured to send the second signature information and the second session ciphertext to the first session server, so that the first session server verifies the second signature information and the second session ciphertext, and if the second signature information and the second session ciphertext pass the verification, the session pass is determined to be the target pass;
the return module 704 is configured to return the target pass to the second session client.
The session migration device provided by the embodiment of the application receives a pass request sent by a first session client, wherein the pass request at least comprises first user session information and first session client equipment information; determining a session pass according to the first user session information and the first session client device information; and sending the session pass to the first session client so that the first session client sends the session pass to the second session client, the original session transmits the user information in the form of the session pass in the session migration process, the encryption algorithm adopted by the session pass is controlled by the original session server by adopting asymmetric encryption, any information is ensured not to be transmitted in a plaintext manner in the public environment in the session migration process, and the safety of the user data of the session migration is ensured.
Still another embodiment of the present application provides a terminal device, configured to execute the session migration method provided in the foregoing embodiment.
Fig. 8 is a schematic structural view of a terminal device of the present application, as shown in fig. 8, the terminal device comprising: at least one processor 801 and memory 802;
the memory stores a computer program; at least one processor executes the computer program stored in the memory to implement the session migration method provided by the above embodiment.
The terminal device provided in this embodiment receives a pass request sent by a first session client, where the pass request includes at least first user session information and first session client device information; determining a session pass according to the first user session information and the first session client device information; and sending the session pass to the first session client so that the first session client sends the session pass to the second session client, the original session transmits the user information in the form of the session pass in the session migration process, the encryption algorithm adopted by the session pass is controlled by the original session server by adopting asymmetric encryption, any information is ensured not to be transmitted in a plaintext manner in the public environment in the session migration process, and the safety of the user data of the session migration is ensured.
Still another embodiment of the present application provides a computer-readable storage medium having a computer program stored therein, which when executed implements the session migration method provided in any one of the above embodiments.
According to the computer readable storage medium of the present embodiment, a pass request sent by a first session client is received, wherein the pass request includes at least first user session information and first session client device information; determining a session pass according to the first user session information and the first session client device information; and sending the session pass to the first session client so that the first session client sends the session pass to the second session client, the original session transmits the user information in the form of the session pass in the session migration process, the encryption algorithm adopted by the session pass is controlled by the original session server by adopting asymmetric encryption, any information is ensured not to be transmitted in a plaintext manner in the public environment in the session migration process, and the safety of the user data of the session migration is ensured.
Fig. 9 is a schematic structural view of a terminal device of the present application, as shown in fig. 9, the terminal device comprising: at least one processor 901 and memory 902;
the memory stores a computer program; at least one processor executes the computer program stored in the memory to implement the session migration method provided by the above embodiment.
The terminal device provided in this embodiment receives a pass request sent by a first session client, where the pass request includes at least first user session information and first session client device information; determining a session pass according to the first user session information and the first session client device information; and sending the session pass to the first session client so that the first session client sends the session pass to the second session client, the original session transmits the user information in the form of the session pass in the session migration process, the encryption algorithm adopted by the session pass is controlled by the original session server by adopting asymmetric encryption, any information is ensured not to be transmitted in a plaintext manner in the public environment in the session migration process, and the safety of the user data of the session migration is ensured.
Still another embodiment of the present application provides a computer-readable storage medium having a computer program stored therein, which when executed implements the session migration method provided in any one of the above embodiments.
According to the computer readable storage medium of the present embodiment, a pass request sent by a first session client is received, wherein the pass request includes at least first user session information and first session client device information; determining a session pass according to the first user session information and the first session client device information; and sending the session pass to the first session client so that the first session client sends the session pass to the second session client, the original session transmits the user information in the form of the session pass in the session migration process, the encryption algorithm adopted by the session pass is controlled by the original session server by adopting asymmetric encryption, any information is ensured not to be transmitted in a plaintext manner in the public environment in the session migration process, and the safety of the user data of the session migration is ensured.
It should be noted that the foregoing detailed description is exemplary and is intended to provide further explanation of the application. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the present application. As used herein, the singular is intended to include the plural unless the context clearly indicates otherwise. Furthermore, it will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, steps, operations, devices, components, and/or groups thereof.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the terms so used are interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or otherwise described herein.
Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those elements but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Spatially relative terms, such as "above … …," "above … …," "upper surface at … …," "above," and the like, may be used herein for ease of description to describe one device or feature's spatial location relative to another device or feature as illustrated in the figures. It will be understood that the spatially relative terms are intended to encompass different orientations in use or operation in addition to the orientation depicted in the figures. For example, if the device in the figures is turned over, elements described as "above" or "over" other devices or structures would then be oriented "below" or "beneath" the other devices or structures. Thus, the exemplary term "above … …" may include both orientations of "above … …" and "below … …". The device may also be positioned in other different ways, such as rotated 90 degrees or at other orientations, and the spatially relative descriptors used herein interpreted accordingly.
In the above detailed description, reference is made to the accompanying drawings, which form a part hereof. In the drawings, like numerals typically identify like components unless context indicates otherwise. The illustrated embodiments described in the detailed description, drawings, and claims are not meant to be limiting. Other embodiments may be utilized, and other changes may be made, without departing from the spirit or scope of the subject matter presented herein.
The above description is only of the preferred embodiments of the present application and is not intended to limit the present application, but various modifications and variations can be made to the present application by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the protection scope of the present application.
Claims (7)
1. A method of session migration, applied to a first session server, the method comprising:
receiving a pass request sent by a first session client, wherein the pass request at least comprises first user session information, first session client equipment information, a service state, a time stamp and random information, the first user session information at least comprises session contents of a session, the first session client equipment information at least comprises a client identifier, the service state is used for judging whether the first session client is currently in the session or not, the time stamp is used for judging that the pass request is in a valid time period, the random information is used for judging the sending times of the pass request, and the first session server checks the environment information of the session equipment;
Determining a session pass according to the first user session information and the first session client device information;
sending the session pass to the first session client so that the first session client sends the session pass to a second session client, wherein the first session client and the second session client are located on the same device;
judging whether the pass request is a first request or not through the random information;
if the first request is made, a verification passing instruction is returned to the second session server; wherein:
after receiving second signature information and second session ciphertext sent by a second session server, decrypting the second session ciphertext by the first session server by adopting a local private key to obtain decrypted second user session information and second session client equipment information;
a first session server compares the first user session information with the second user session information and compares the first session client device information with the second session client device information;
if the first user session information is the same as the second user session information and the first session client device information is the same as the second session client device information, the first session server determines that the second signature information and the second session ciphertext pass verification.
2. The session migration method of claim 1, wherein the determining a session pass from the first user session information and the first session client device information comprises:
signing the first user session information and the first session client equipment information by adopting a local private key to obtain first signature information;
encrypting the first user session information and the first session client equipment information by adopting a local public key to obtain a first session ciphertext;
and packaging the first signature information and the first session ciphertext into the session pass.
3. A session migration method, applied to a second session server, the method comprising:
receiving a session pass sent by a second session client, wherein the session pass is determined by a first session server according to first user session information and first session client equipment information after a pass request sent by the first session client to the first session server is received; the pass request at least comprises first user session information and first session client equipment information, service state, time stamp and random information, wherein the first user session information at least comprises conference content of a session, the first session client equipment information at least comprises a client identifier, the service state is used for judging whether the first session client is currently in a session or not, the time stamp is used for judging whether the pass request is in a valid time period, the random information is used for judging the sending times of the pass request, and the first session server checks the environment information of the session equipment; wherein the first session client and the second session client are located on the same device;
Analyzing the session pass to obtain second signature information and second session ciphertext;
transmitting the second signature information and the second session ciphertext to a first session server to enable the first session server to verify the second signature information and the second session ciphertext, and if the second signature information and the second session ciphertext pass the verification, determining the session pass as a target pass, wherein:
after receiving second signature information and second session ciphertext sent by a second session server, decrypting the second session ciphertext by the first session server by adopting a local private key to obtain decrypted second user session information and second session client equipment information;
a first session server compares the first user session information with the second user session information and compares the first session client device information with the second session client device information;
if the first user session information is the same as the second user session information and the first session client device information is the same as the second session client device information, the first session server determines that the second signature information and the second session ciphertext pass verification;
Returning the target pass to the second session client;
the first session server judges whether the pass request is a first request or not according to the random information;
if the first request is made, the second session server receives the first session server return verification passing instruction.
4. A session migration apparatus for use with a first session server, the apparatus comprising:
the first receiving module is used for receiving a pass request sent by a first session client, wherein the pass request at least comprises first user session information, first session client equipment information, service state, time stamp and random information, the first user session information at least comprises conference content of a session, the first session client equipment information at least comprises a client identifier, the service state is used for judging whether the first session client is currently in a session, the time stamp is used for judging whether the pass request is in an effective time period, the random information is used for judging the sending times of the pass request, and the first session server is used for checking the environment information of the session equipment;
a first determining module, configured to determine a session pass according to the first user session information and the first session client device information;
A first sending module, configured to send the session pass to the first session client, so that the first session client sends the session pass to a second session client, where the first session client and the second session client are located on the same device;
judging whether the pass request is a first request or not through the random information;
if the first request is made, a verification passing instruction is returned to the second session server; wherein:
after receiving second signature information and second session ciphertext sent by a second session server, decrypting the second session ciphertext by the first session server by adopting a local private key to obtain decrypted second user session information and second session client equipment information;
a first session server compares the first user session information with the second user session information and compares the first session client device information with the second session client device information;
if the first user session information is the same as the second user session information and the first session client device information is the same as the second session client device information, the first session server determines that the second signature information and the second session ciphertext pass verification.
5. A session migration apparatus, applied to a second session server, the apparatus comprising:
the second receiving module is used for receiving a session pass sent by a second session client, wherein the session pass is sent by a first session client, and after the first session client sends a pass request to a first session server, the session pass is determined according to the first user session information and the first session client equipment information; the pass request at least comprises first user session information and first session client equipment information, service state, time stamp and random information, wherein the first user session information at least comprises conference content of a session, the first session client equipment information at least comprises a client identifier, the service state is used for judging whether the first session client is currently in a session or not, the time stamp is used for judging whether the pass request is in a valid time period, the random information is used for judging the sending times of the pass request, and the first session server checks the environment information of the session equipment; wherein the first session client and the second session client are located on the same device;
The analysis module is used for analyzing the session pass to obtain second signature information and second session ciphertext;
the second sending module is configured to send the second signature information and the second session ciphertext to a first session server, so that the first session server verifies the second signature information and the second session ciphertext, and if the second signature information and the second session ciphertext pass the verification, the session pass is determined to be a target pass, where:
after receiving second signature information and second session ciphertext sent by a second session server, decrypting the second session ciphertext by the first session server by adopting a local private key to obtain decrypted second user session information and second session client equipment information;
a first session server compares the first user session information with the second user session information and compares the first session client device information with the second session client device information;
if the first user session information is the same as the second user session information and the first session client device information is the same as the second session client device information, the first session server determines that the second signature information and the second session ciphertext pass verification;
The return module is used for returning the target pass to the second session client;
the first session server judges whether the pass request is a first request or not according to the random information;
if the first request is made, the second session server receives the first session server return verification passing instruction.
6. A terminal device, comprising: at least one processor and memory;
the memory stores a computer program; the at least one processor executing the computer program stored by the memory to implement the session migration method of any one of claims 1-2 or 3.
7. A computer readable storage medium, characterized in that a computer program is stored in the computer readable storage medium, said computer program when executed implementing the session migration method of any one of claims 1-2 or 3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211631605.1A CN116319949B (en) | 2022-12-19 | 2022-12-19 | Session migration method, session migration device, terminal equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211631605.1A CN116319949B (en) | 2022-12-19 | 2022-12-19 | Session migration method, session migration device, terminal equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116319949A CN116319949A (en) | 2023-06-23 |
| CN116319949B true CN116319949B (en) | 2023-11-14 |
Family
ID=86796633
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211631605.1A Active CN116319949B (en) | 2022-12-19 | 2022-12-19 | Session migration method, session migration device, terminal equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116319949B (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101320408A (en) * | 2008-04-30 | 2008-12-10 | 钟勇 | Digital contents hardware binding and emigration method with both copyright sides controllable function |
| CN101867898A (en) * | 2010-07-02 | 2010-10-20 | 中国电信股份有限公司 | Short message encrypting communication system, method and secret key center |
| CN102104592A (en) * | 2009-12-17 | 2011-06-22 | 丛林网络公司 | Session migration between network policy servers |
| CN105915342A (en) * | 2016-07-01 | 2016-08-31 | 广州爱九游信息技术有限公司 | Application program communication processing system, an application program communication processing device, an application program communication processing apparatus and an application program communication processing method |
| CN107079050A (en) * | 2014-09-19 | 2017-08-18 | 康维达无线有限责任公司 | Service layer's conversation shift and shared |
| CN107786621A (en) * | 2016-08-31 | 2018-03-09 | 阿里巴巴集团控股有限公司 | A kind of user information management method, access processing method and device and system |
| CN109691179A (en) * | 2017-03-22 | 2019-04-26 | 华为技术有限公司 | A kind of conversation shift method and apparatus |
| CN109819337A (en) * | 2019-02-02 | 2019-05-28 | 湖南快乐阳光互动娱乐传媒有限公司 | A kind of video file downloading anti-stealing link method, system and medium |
| CN109905731A (en) * | 2019-02-22 | 2019-06-18 | 湖南快乐阳光互动娱乐传媒有限公司 | It can the anti-pass video file downloading anti-stealing link method, system and the medium usurped |
| CN109981576A (en) * | 2019-02-22 | 2019-07-05 | 矩阵元技术(深圳)有限公司 | Key migration method and apparatus |
| CN110169140A (en) * | 2017-01-09 | 2019-08-23 | 华为技术有限公司 | System and method for session management |
| CN114006736A (en) * | 2021-10-22 | 2022-02-01 | 中易通科技股份有限公司 | Instant communication message protection system and method based on hardware password equipment |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8843616B2 (en) * | 2010-09-10 | 2014-09-23 | Intel Corporation | Personal cloud computing with session migration |
| US10462230B2 (en) * | 2017-05-23 | 2019-10-29 | Bank Of America Corporation | Migrating sessions using a private cloud-cloud technology |
| WO2019155477A1 (en) * | 2018-02-08 | 2019-08-15 | Telefonaktiebolaget Lm Ericsson (Publ) | A method for seamless migration of session authentication to a different stateful diameter authenticating peer |
| US11563815B2 (en) * | 2021-01-20 | 2023-01-24 | Vmware, Inc. | Session passing between smart devices |
-
2022
- 2022-12-19 CN CN202211631605.1A patent/CN116319949B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101320408A (en) * | 2008-04-30 | 2008-12-10 | 钟勇 | Digital contents hardware binding and emigration method with both copyright sides controllable function |
| CN102104592A (en) * | 2009-12-17 | 2011-06-22 | 丛林网络公司 | Session migration between network policy servers |
| CN101867898A (en) * | 2010-07-02 | 2010-10-20 | 中国电信股份有限公司 | Short message encrypting communication system, method and secret key center |
| CN107079050A (en) * | 2014-09-19 | 2017-08-18 | 康维达无线有限责任公司 | Service layer's conversation shift and shared |
| CN105915342A (en) * | 2016-07-01 | 2016-08-31 | 广州爱九游信息技术有限公司 | Application program communication processing system, an application program communication processing device, an application program communication processing apparatus and an application program communication processing method |
| CN107786621A (en) * | 2016-08-31 | 2018-03-09 | 阿里巴巴集团控股有限公司 | A kind of user information management method, access processing method and device and system |
| CN110169140A (en) * | 2017-01-09 | 2019-08-23 | 华为技术有限公司 | System and method for session management |
| CN109691179A (en) * | 2017-03-22 | 2019-04-26 | 华为技术有限公司 | A kind of conversation shift method and apparatus |
| CN109819337A (en) * | 2019-02-02 | 2019-05-28 | 湖南快乐阳光互动娱乐传媒有限公司 | A kind of video file downloading anti-stealing link method, system and medium |
| CN109905731A (en) * | 2019-02-22 | 2019-06-18 | 湖南快乐阳光互动娱乐传媒有限公司 | It can the anti-pass video file downloading anti-stealing link method, system and the medium usurped |
| CN109981576A (en) * | 2019-02-22 | 2019-07-05 | 矩阵元技术(深圳)有限公司 | Key migration method and apparatus |
| CN114006736A (en) * | 2021-10-22 | 2022-02-01 | 中易通科技股份有限公司 | Instant communication message protection system and method based on hardware password equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116319949A (en) | 2023-06-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101166091B (en) | A dynamic password authentication method and service end system | |
| EP3780484B1 (en) | Cryptographic operation and working key creation method and cryptographic service platform and device | |
| CN111444273B (en) | Data authorization method and device based on block chain | |
| CN104767613A (en) | Signature verification method, device and system | |
| CN1937498A (en) | Dynamic cipher authentication method, system and device | |
| WO2017157185A1 (en) | Method and device for linking to account and providing service process | |
| CN103297437A (en) | Safety server access method for mobile intelligent terminal | |
| CN107483419A (en) | Method, apparatus, system, server and the computer-readable recording medium of server authentication access terminal | |
| CN104767731A (en) | Identity authentication protection method of Restful mobile transaction system | |
| CN110958111A (en) | Electric power mobile terminal identity authentication mechanism based on block chain | |
| CN112187931A (en) | Session management method, device, computer equipment and storage medium | |
| CN103200176A (en) | Identification method, identification device and identification system based on bank independent communication channel | |
| CN111131416A (en) | Business service providing method and device, storage medium and electronic device | |
| CN105577639A (en) | Trusted device control messages | |
| JP2018519562A (en) | Method and system for transaction security | |
| CN109995776A (en) | A kind of internet data verification method and system | |
| CN103500202A (en) | Security protection method and system for light-weight database | |
| CN111314381A (en) | Safety isolation gateway | |
| CN104125230A (en) | Short message authentication service system and authentication method | |
| KR101795450B1 (en) | Verification mehod and appratus based on security tunnel | |
| CN106911744A (en) | The management method and managing device of a kind of image file | |
| CN110166471A (en) | A kind of portal authentication method and device | |
| CN107070842B (en) | Method and system for authenticating surrounding web applications by embedding web applications | |
| CN104901967A (en) | Registration method for trusted device | |
| CN116992458A (en) | Programmable data processing method and system based on trusted execution environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |