TW202230175A - Authorization authentication, software development kit generation method, electronic equipment and computer-readable storage medium - Google Patents

Abstract

The invention relates to an authorization authentication, a software development kit generation method, an electronic equipment and a computer-readable storage medium, wherein the authorization authentication method comprises: in response to a target application's start instruction on the software development kit, obtaining the identification information of the target application; performing authorization authentication based on the identification information of the target application and the identification information of the authorized application to obtain the authentication result; the authentication result is sent to at least two target development tools in the software development kit, so that the at least two target development tools to start the calling function for the target application when the authentication result is passed. The technical scheme provided by the embodiment of the present disclosure can reduce the performance loss of authorization authentication and the authentication maintenance cost.

Description

Authorization certification, software development kit generation method, electronic device and computer-readable storage medium

The present invention relates to the technical field of information security, in particular to authorization authentication, a software development kit generation method, an electronic device and a computer-readable storage medium.

A software development kit (Software Development Kit, SDK) is generally provided to customers for development and use, but some development tools of the SDK are easily stolen. In related technologies, before the development tools in the SDK are called, security authentication is often performed to prevent the SDK from being cracked and used. However, an SDK often includes multiple development tools, which requires multiple security authentications. Performance loss, when modifying the authentication method later, it also needs to be modified one by one, and the maintenance cost is high.

The invention provides an authorization authentication, a method for generating a software development kit, an electronic device and a computer-readable storage medium. The technical scheme of the present invention is as follows: According to an aspect of the embodiments of the present invention, an authorization authentication method is provided. The method is applied to a target authentication tool corresponding to a software development kit, and the target authentication tool is configured with identification information of an authorized application, and the method includes: In response to the target application's start instruction to the software development kit, obtain the identification information of the target application; perform authorization and authentication based on the identification information of the target application and the identification information of the authorized application to obtain an authentication result; develop the software to the software The at least two target development tools in the kit send the authentication result, so that the at least two target development tools start calling functions for the target application when the authentication result is that the authentication is passed.

In the above-mentioned embodiment, during the use of the software development kit, the unified authorization and authentication of multiple target development tools can be realized through one authorization and authentication of the target authentication tool corresponding to the software development kit, which greatly reduces the performance loss of authorization and authentication, and the subsequent modification The authentication method can also be directly modified to the target authentication tool, which effectively reduces the authentication maintenance cost.

According to another aspect of the embodiments of the present invention, an authorization authentication method is provided, the method is applied to at least two target development tools in a software development kit, and the method includes: Receive an authentication result sent by the target authentication tool, where the authentication result is that the target authentication tool responds to the target application's start-up instruction to the software development kit, based on the identification information of the target application and the authorized application configured with the target authentication tool The identification information is obtained through authorization and authentication; if the authentication result is that the authentication is passed, the calling function is activated for the target application.

In the above-mentioned embodiment, during the use of the software development kit, the unified authorization and authentication of multiple target development tools can be realized through one authorization and authentication of the target authentication tool corresponding to the software development kit, which greatly reduces the performance loss of authorization and authentication, and the subsequent modification The authentication method can also be directly modified to the target authentication tool, which effectively reduces the authentication maintenance cost.

According to another aspect of the embodiments of the present invention, a method for generating a software development kit is provided, including: receiving a kit application instruction, where the kit application instruction includes identification information of an authorized application; acquiring at least two targets corresponding to the kit application instruction a development tool and an initial authentication tool; configure the identification information of the authorized application to the initial authentication tool to obtain a target authentication tool, and the target authentication tool is used to perform unified authorization and authentication on the at least two target development kits; based on The at least two target development tools generate a software development kit, or the software development kit is generated based on the at least two target development tools and the target authentication tool.

In the above-mentioned embodiment, in the application process of the target software development tool, a target authentication tool that can be used for unified authorization and authentication of the target development tool included in the software development kit is generated, and then in the subsequent use of the software development kit, It can realize unified authorization and authentication for multiple target development tools, greatly reduce the loss of authorization and authentication performance, and package the target authentication tool and at least two target development tools together to generate a software development kit, which can improve the transmission rate of subsequent authentication results; and Modifying the authentication method can also directly modify the target authentication tool, which effectively reduces the cost of authentication maintenance.

According to another aspect of the embodiments of the present invention, an authorization authentication device is provided, the device is set in a target authentication tool corresponding to a software development kit, the target authentication tool is configured with identification information of an authorized application, and the device includes: The identification information acquisition part is configured to acquire the identification information of the target application in response to the start instruction of the target application to the software development kit; The authorization authentication part is configured to perform authorization authentication based on the identification information of the target application and the identification information of the authorized application to obtain an authentication result; The authentication result sending part is configured to send the authentication result to at least two target development tools in the software development kit, so that the at least two target development tools can target the at least two target development tools when the authentication result is passed. The target application starts the calling function.

According to another aspect of the embodiments of the present invention, an authorization authentication apparatus is provided, the apparatus is provided with at least two target development tools in a software development kit, and the apparatus includes: The authentication result receiving part is configured to receive the authentication result sent by the target authentication tool, where the authentication result is that the target authentication tool responds to the start instruction of the software development kit by the target application, based on the identification information of the target application and the target application The authentication tool is configured with the identification information of the authorized application for authorization and authentication; The calling function starting part is configured to start the calling function for the target application when the authentication result is that the authentication is passed.

According to another aspect of the embodiments of the present invention, an apparatus for generating a software development kit is provided, including: The kit application instruction receiving part is configured to receive a kit application instruction, where the kit application instruction includes identification information of the authorized application; a tool acquisition part, configured to acquire at least two target development tools and initial certification tools corresponding to the kit application instruction; a first tool configuration part, configured to configure the identification information of the authorized application to the initial authentication tool to obtain a target authentication tool, and the target authentication tool is configured to perform unified authorization authentication on the at least two target development kits; The software development kit generating part is configured to generate a software development kit based on the at least two target development tools, or is configured to generate the software development kit based on the at least two target development tools and the target authentication tool.

According to another aspect of the embodiments of the present invention, an electronic device is provided, including: a processor; a memory for storing instructions executable by the processor; wherein the processor is configured to execute the instructions to achieve The software development kit generation method or the authorization authentication method according to any one of the above.

According to another aspect of the embodiments of the present invention, a computer-readable storage medium is provided, when instructions in the storage medium are executed by a processor of an electronic device, the electronic device can execute any of the foregoing embodiments of the present invention The software development kit generation method or the authorization authentication method described in the item.

According to another aspect of the embodiments of the present invention, there is provided a computer program, including computer-readable codes, which, when the computer-readable codes are executed in an electronic device and executed by a processor in the electronic device, realize the realization of The software development kit generation method or the authorization authentication method according to any one of the above.

According to another aspect of the embodiments of the present invention, there is provided a computer program product comprising instructions which, when executed on a computer, cause the computer to execute the method described in any one of the above embodiments of the present invention.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention.

In order to make those skilled in the art better understand the technical solutions of the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings.

It should be noted that the terms "first", "second", etc. in the description of the present invention and the scope of the patent application and the above drawings are used to distinguish similar objects, and are not necessarily used to describe a specific sequence or sequence. It is to be understood that the materials so used are interchangeable under appropriate circumstances such that the embodiments of the invention described herein can be practiced in sequences other than those illustrated or described herein. The implementations described in the illustrative examples below are not intended to represent all implementations consistent with the present invention. Rather, they are merely examples of apparatus and methods consistent with some aspects of the invention as detailed in the appended claims.

At present, the SDK is generally provided to customers for development and use. However, because some module codes of the SDK are easy to be stolen, and the so library of the SDK is easy to be decompressed and extracted for use, the SDK will perform security authentication methods such as signature verification in related technologies. In order to prevent the SDK from being cracked and used. However, when the SDK has multiple modules, on the one hand, multiple security certifications may be required, and on the other hand, each module may need to independently verify, add or modify the verification method, which will not only cause performance loss, but also The maintenance cost of modifying the verification method in the later stage is high, and it is difficult to achieve effective maintenance of the SDK.

In view of this, an embodiment of the present invention provides an authorization authentication, a software development kit generating method, apparatus, and electronic device, wherein the authorization authentication method includes: in response to a target application's start instruction for the software development kit, obtaining identification information of the target application ; Perform authorization authentication based on the identification information of the target application and the identification information of the authorized application, and obtain the authentication result; send the authentication result to at least two target development tools in the software development kit, so that the at least two target development tools are authenticated in the authentication result If passed, start the calling function for the target application. By using the technical solutions provided by the embodiments of the present invention, the performance loss of authorization and authentication and the cost of authentication maintenance can be reduced.

Please refer to FIG. 1 , which is a schematic diagram of an application environment of a method for generating a software development kit according to an embodiment of the present invention. As shown in FIG. 1 , the application environment may include a terminal 01 and a server 02 .

In an implementation manner of the embodiment of the present invention, the terminal 01 may provide services such as software development kit application and download for the user. Wherein, the terminal 02 may include a smart phone, a desktop computer, a tablet computer, a notebook computer, a smart speaker, a digital assistant, an augmented reality (AR)/virtual reality (VR) device, a vehicle terminal , smart wearable devices and other types of physical devices. It may also include software, such as applications, that run on the above-mentioned physical devices. The operating system running on the physical device may include, but is not limited to, an Android system, a mobile operating system (Input Output System, IOS) system developed by Apple, linux, windows, and the like.

In one implementation of the embodiment of the present invention, the server 02 may be a background service of the terminal 01, and may be used to generate a software development tool. The server 02 may be an independent physical server, a server cluster or a distributed system composed of multiple physical servers, or a cloud service, cloud database, cloud computing, cloud function, and cloud storage. , network service, cloud communication, middleware service, function variable name service, security service, CDN (Content Delivery Network), and cloud server for basic cloud computing services such as big data and artificial intelligence platforms.

In the embodiment of the present specification, the above-mentioned terminal 01 and the server 02 may be directly or indirectly connected through wired or wireless communication, which is not limited in the present invention.

It can be understood that the execution body of the software development kit generation method includes the terminal 01 and the server 02 , and the execution body of the authorization authentication method may be the server 02 .

The following describes an embodiment of a method for generating a software development kit according to the present invention. FIG. 2a and FIG. 2b are flowcharts of a method for generating a software development kit according to an exemplary embodiment. This specification provides a method such as an embodiment or a flowchart. operational steps, but may include more or fewer operational steps based on routine or non-creative work. The sequence of steps enumerated in the embodiments is only one of the execution sequences of many steps, and does not represent the only execution sequence. When an actual system or device product is executed, it can be executed sequentially or concurrently (for example, in a parallel processor or a multi-threaded processing environment) according to the embodiments or the methods shown in the accompanying drawings. As shown in Figure 2a, the following steps may be included.

S201: Receive a kit application instruction.

In practical applications, the software development kit provider can provide a user-oriented terminal, and the user can trigger the kit application instruction on the terminal, wherein the user can configure the authorization in the kit application instruction based on the application development requirements on the terminal. Identification information for the application. The authorized application may be an application that needs to be developed in combination with the applied software development kit. Here, the identification information of the authorized application may be the package name of the authorized application; wherein, in order to improve transmission security, the identification information of the authorized application may also include signature information generated based on the package name of the authorized application.

In one implementation of the embodiments of the present invention, the package name of the authorized application may be signed in combination with a cryptographic hash function, where the cryptographic hash function may include but not limited to SHA-1, md5, and the like.

S203: Obtain at least two target development tools and initial certification tools corresponding to the kit application instruction.

In some embodiments, the server side of the software development kit provider may be pre-configured with a large number of development tools and initial authentication tools. In other embodiments, the above-mentioned initial authentication tool and at least two target development tools may also be created after the kit application instruction is received.

In an implementation manner of the embodiment of the present invention, the at least two target development tools may be development tools required for developing authorized applications. The initial authentication tool may be a tool with an authentication function.

In an implementation of the embodiment of the present invention, the user can configure the identification information of the development tool required for developing the authorized application on the terminal; correspondingly, the above-mentioned kit application instruction may also include the identification of the development tool required for developing the authorized application. information, so that the server can obtain the above-mentioned at least two target development tools required for developing the authorized application from a large number of preset development tools in combination with the identification information of the development tool required for developing the authorized application in the package application instruction.

S205: Configure the identification information of the authorized application to the initial authentication tool to obtain the target authentication tool.

In one implementation of the embodiment of the present invention, the identification information of the authorized application can be configured to the initial authentication tool by compiling the identification information of the authorized application into the initial authentication tool to obtain the target authentication tool. The target authentication tool configured with the identification information of the authorized application can be used to perform unified authorization authentication on the development tools (at least two target development kits) required for the authorized application.

S207: Generate a software development kit based on at least two target development tools.

In an implementation manner of the embodiment of the present invention, the above-mentioned at least two target development tools may be packaged to obtain a software development kit.

Exemplarily, in an embodiment of the present invention, FIG. 2b is a block diagram of an electronic device for generating a software development kit according to an embodiment of the present invention. As shown in FIG. 2b, an electronic device for generating a software development kit is shown in FIG. 2b. It can include application 11, SDK12, security module 13, module A 14, module B15, application module A16 and application module B17, where the SDK is equivalent to a software development kit; the application is an application using the SDK, which is equivalent to authorization Application; The security module configured in the SDK is equivalent to the target authentication tool, and module A and module B in the SDK or application module A and application module B in the application are equivalent to at least two target development tools.

It can be seen from the technical solutions provided by the above embodiments of this specification that, in the application process of the target software development tool, in addition to generating a software development kit including at least two target development tools, a software development kit that can be used to include the software development kit is also generated. The target development tool is a target authentication tool for unified authorization and authentication, so that in the subsequent use of the software development kit, unified authorization and authentication of multiple target development tools can be realized, which greatly reduces the loss of authorization and authentication performance, and when the authentication method is subsequently modified. , the target authentication tool can also be modified directly, which effectively reduces the cost of authentication maintenance.

In an implementation of the embodiment of the present invention, in order to improve the security of the authentication result transmission in the subsequent authorization and authentication process, as shown in FIG. 3 , the above method may further include the following steps.

S209: Generate a preset key pair.

In an implementation manner of the embodiment of the present invention, the above-mentioned preset key pair may include a preset encryption key and a preset decryption key.

In some embodiments, the generation of the preset key pair may be combined with a symmetric encryption algorithm. Correspondingly, the preset encryption key is the same as the preset decryption key.

In other embodiments, the generation of the preset key pair may also be combined with an asymmetric encryption algorithm. Correspondingly, the preset encryption key may be a preset private key, and the preset decryption key may be a preset public key .

In the above embodiment, the asymmetric encryption algorithm is used to generate the preset key pair for encryption and decryption, which can avoid tools that need to be encrypted with a preset encryption key and tools that need to be decrypted with a preset decryption key. The problem of mutual disclosure of keys between them improves the security of data.

S211: Configure the preset encryption key to the target authentication tool to update the target authentication tool.

In an implementation of the embodiment of the present invention, the preset encryption key can be configured to the target authentication tool by compiling the preset encryption key into the target authentication tool. Correspondingly, the subsequent target authentication tool can encrypt the authentication result determined based on the identification information of the authorized application in combination with the preset encryption key, so as to ensure the security of the transmission of the authentication result.

S213: Configure the preset decryption key to at least two target development tools to update at least two target development tools.

In an implementation manner of an embodiment of the present invention, the preset decryption key can be configured to the at least two target development tools by compiling the preset decryption key into the at least two target development tools. Correspondingly, the subsequent target development tool can decrypt the authentication result encrypted by the target authentication tool in combination with the preset decryption key to obtain the authentication result.

In the above embodiment, by configuring the preset encryption key in the target authentication tool and configuring the corresponding preset decryption key in the target development tool, the security of subsequent authentication result transmission can be greatly improved.

The following describes an embodiment of another authorization and authentication method of the present invention. FIG. 4 is a flowchart of another software development kit generation method according to an embodiment of the present invention, which specifically includes: S401: Receive a kit application instruction, where the kit application instruction includes identification information of the authorized application; S403: Obtain at least two target development tools and initial certification tools corresponding to the kit application instruction; S405: configure the identification information of the authorized application to the initial authentication tool to obtain the target authentication tool; For the specific refinement of the foregoing steps S401-S405, reference may be made to the specific refinement of the foregoing steps S201-205, which will not be repeated here. S407: Generate a software development kit based on at least two target development tools and target authentication tools.

In an implementation manner of the embodiment of the present invention, the above-mentioned at least two target development tools and target authentication tools may be packaged to generate a software development kit.

It can be seen from the technical solutions provided by the above embodiments of this specification that, in the application process of the target software development tool, this specification generates a target authentication tool that can be used to uniformly authorize and authenticate the target development tools included in the software development kit, and further can In the subsequent use of the software development kit, the unified authorization and authentication of multiple target development tools can be realized, which greatly reduces the performance loss of authorization and authentication, and the target authentication tool and at least two target development tools are packaged together to generate a software development kit, which can improve the performance of the software development kit. The transmission rate of subsequent authentication results; and the subsequent modification of the authentication method can also directly modify the target authentication tool, which effectively reduces the cost of authentication maintenance.

In an implementation of an embodiment of the present invention, in order to improve the security of the authentication result transmission in the subsequent authorization and authentication process, as shown in FIG. 5 , the above method may further include: S409: Generate a preset key pair, where the preset key pair includes a preset encryption key and a preset decryption key; S411: Configure the preset encryption key to the target authentication tool to update the target authentication tool; S413: Configure the preset decryption key to at least two target development tools to update at least two target development tools.

For the specific refinement of the foregoing steps S409-S413, reference may be made to the specific refinement of the foregoing steps S209-S213, which will not be repeated here.

In some embodiments, the above method may further include: determining preset authentication validity information; and configuring the preset authentication validity information to the target authentication tool to update the target authentication tool.

In an implementation of the embodiment of the present invention, the preset authentication time limit information may be a preset valid time period of the authentication result, that is, within the valid time period after the authentication result is generated, the authentication result is valid.

In the above-mentioned embodiment, by configuring the preset certificate aging information in the target authentication tool, it can be ensured that the authentication result within the valid period is valid, thereby better ensuring the security of the authentication result.

In some embodiments, the above method may further include: configuring the identification information of the authorized application to the at least two target development tools to update the at least two target development tools.

In practical applications, in order to prevent the subsequent target development tool from being called, someone maliciously compares the target authentication tool to send the authentication result that has passed the authentication to the target development tool. While obtaining the authentication result, the target development tool can also perform authorization authentication in combination with the identification information of the authorized application, thereby improving the reliability of the authentication result.

In some embodiments, the above method may further include: applying for a requester reflection software development kit corresponding to the instruction to the kit.

In the above embodiment, the software development kit is sent to the corresponding requester, so that the requester can develop the authorized application in combination with the software development kit.

Based on the above-mentioned software development kit generation method, an embodiment of an authorization and authentication method of the present invention is introduced below. FIG. 6 is a flowchart of an authorization and authentication method according to an embodiment of the present invention. This specification provides a method such as an embodiment or a flowchart. operational steps, but may include more or fewer operational steps based on routine or non-creative work. The sequence of steps enumerated in the embodiments is only one of the execution sequences of many steps, and does not represent the only execution sequence. When an actual system or device product is executed, it can be executed sequentially or concurrently (for example, in a parallel processor or a multi-threaded processing environment) according to the embodiments or the methods shown in the accompanying drawings. As shown in Figure 6, the following steps may be included.

S601: The target authentication tool obtains the identification information of the target application in response to the target application's start-up instruction to the software development kit.

In practical applications, when a user needs to develop a target application in combination with a software development kit, the software development kit is installed in the target application. Correspondingly, the target application can be an application that currently needs to call the target development tool in the software development kit.

In some embodiments, when the target authentication tool is configured in the software development kit, after the activation instruction is triggered, the target authentication tool can call the corresponding application program interface to obtain the identification information of the target application.

In other embodiments, when the target authentication tool is not configured in the software development kit, after the startup instruction is triggered, the target development tool in the software development kit can call the corresponding application programming interface to obtain the target application the identification information of the target application, and transmit the identification information of the target application to the target authentication tool.

The identification information of the target application may be the package name of the authorized application; in addition, the identification information of the target application may also include signature information generated based on the package name of the target application.

In an implementation manner of the embodiment of the present invention, the package name of the target application may be signed in combination with a cryptographic hash function, where the cryptographic hash function may include, but is not limited to, SHA-1, md5, and the like.

S603: The target authentication tool performs authorization authentication based on the identification information of the target application and the identification information of the authorized application, and obtains an authentication result.

In the embodiment of this specification, the identification information of the authorized application is configured in the target authentication tool. Correspondingly, the authorization authentication can be performed by comparing the identification information of the target application with the identification information of the authorized application. If the identification information is consistent with the identification information of the authorized application, the authentication result is authentication passed; otherwise, when the identification information of the target application is inconsistent with the identification information of the authorized application, the authentication result is authentication failure.

S605: The target certification tool sends certification results to at least two target development tools in the software development kit.

In some embodiments, the target authentication tool is further configured with a preset encryption key, and accordingly, the at least two target development tools may be configured with a preset decryption key corresponding to the preset encryption key; the target authentication tool Sending the authentication result to the at least two target development tools in the software development kit includes: the target authentication tool encrypts the authentication result based on the above-mentioned preset encryption key to obtain encrypted information; the target authentication tool sends the at least two targets in the software development kit to The development tool sends the above encrypted information.

At least two target development tools decrypt the encrypted information based on the preset decryption key to obtain an authentication result.

In the above embodiment, by configuring the preset encryption key in the target authentication tool and configuring the corresponding preset decryption key in the target development tool, the security of the transmission of the authentication result can be greatly improved.

In some embodiments, in order to reduce invalid data transmission and reduce system load, the target authentication tool sending authentication results to at least two target development tools in the software development kit may include: if the authentication result is authentication passed, The target authentication tool sends the authentication result to at least two target development tools in the software development kit.

Correspondingly, if the authentication result is that the authentication fails, the target authentication tool may not execute the step of sending the authentication result by at least two target development tools in the software development kit.

S607: In the case that the authentication result of the at least two target development tools is that the authentication is passed, start the calling function for the target application.

In an implementation of an embodiment of the present invention, after the calling function is started for the target application, the target application can directly call the above-mentioned target development tool.

According to the technical solutions provided by the above embodiments of this specification, in the process of using the software development kit, the unified authorization and authentication of multiple target development tools can be realized through one-time authorization authentication of the target authentication tool corresponding to the software development kit, which greatly improves the performance of the software development kit. The performance loss of authorization and authentication is reduced, and the authentication method can be modified later, and the target authentication tool can also be directly modified, which effectively reduces the cost of authentication maintenance.

In some embodiments, the target authentication tool is further configured with preset authentication time limit information. After the target authentication tool performs authorization authentication based on the identification information of the target application and the identification information of the authorized application, and obtains the authentication result, the above method may further include: according to The preset authentication aging information generates the validity period information of the authentication result; wherein, the target authentication tool encrypts the authentication result based on the preset encryption key, and obtaining the encryption information may include: the target authentication tool pairs the authentication result and the validity period based on the preset encryption key The information is encrypted to obtain encrypted information.

In an implementation of the embodiment of the present invention, the validity period information may be the valid expiration time point of the authentication result generated at the current time point determined by combining the current time point when the authentication result is generated and the preset authentication time period information (valid time period).

Correspondingly, the at least two target development tools decrypt the encrypted information based on the preset decryption key, and obtaining the authentication result may include: decrypting the encrypted information based on the preset decryption key to obtain the authentication result and validity period information.

In some embodiments, the validity period information may be directly sent to the at least two target development tools without encryption. Wherein, the validity period information can also be sent to the above at least two target development tools after being encrypted separately.

Correspondingly, before starting the calling function for the target application, the above method may further include: performing validity identification on the authentication result according to the validity period information, and obtaining a validity identification result; in the case that the validity identification result is valid, executing the verification for the target application. Initiate the action that invokes the function.

In the above embodiment, by configuring the validity period information for the authentication result, it can be ensured that the authentication result is valid before the valid expiration time point, thereby better guaranteeing the security of the authentication result.

In some embodiments, before encrypting the authentication result based on the preset encryption key to obtain encrypted information, the above method may further include: generating a check code according to the identification information of the authorized application and the authentication result.

In some embodiments, in order to reduce invalid data transmission and reduce system burden, the above-mentioned generating a check code according to the identification information of the authorized application and the authentication result may include: The identification information and the authentication result are used to generate a verification code; correspondingly, if the authentication result is that the authentication fails, the operation of generating the verification code based on the identification information and the authentication result of the authorized application is not performed.

Correspondingly, encrypting the authentication result based on the preset encryption key to obtain the encrypted information may include: encrypting the check code based on the preset encryption key to obtain the encrypted information.

Correspondingly, the at least two target development tools are also configured with identification information of authorized applications, and the at least two target development tools decrypt the encrypted information based on the preset decryption key, and obtaining the authentication result may include: based on the preset decryption key. Decrypt the encrypted information to obtain the decrypted authentication result and the decrypted identification information of the authorized application; perform authorization verification based on the identification information of the authorized application configured by the at least two target development tools and the decrypted identification information of the authorized application , and obtain the secondary authentication result; in the case that the secondary authentication result is the authentication passed, the decrypted authentication result is used as the authentication result.

In some embodiments, authentication and verification may be performed by comparing the configured identification information of the authorized application with the decrypted identification information of the authorized application, wherein when the configured identification information of the authorized application and the decrypted authorized application The authentication and verification result is passed; otherwise, when the configured identification information of the authorized application is inconsistent with the decrypted identification information of the authorized application, the authentication and verification result is not passed.

In the above embodiment, by pre-configuring the target development tool with the identification information of the authorized application, while the target development tool obtains the authentication result, the target development tool can also perform authorization authentication in combination with the identification information of the authorized application, thereby improving the authentication result. It can effectively prevent the development tool from being called, and there is a malicious analogy to the target authentication tool to send the authentication result that has passed the authentication to the target development tool.

The following describes an authorization authentication method provided by an embodiment of the present invention from the target authentication tool corresponding to the software development kit as the execution subject, wherein the target authentication tool is configured with the identification information of the authorized application. In conjunction with FIG. 7 , the method may include: S701: Acquire identification information of the target application in response to the target application's start-up instruction to the software development kit. S703: Perform authorization authentication based on the identification information of the target application and the identification information of the authorized application, and obtain an authentication result. S705: Send an authentication result to at least two target development tools in the software development kit, so that the at least two target development tools start the calling function for the target application when the authentication result is that the authentication is passed.

In some embodiments, the target authentication tool is further configured with a preset encryption key, and sending the authentication result to the at least two target development tools in the software development kit includes: encrypting the authentication result based on the preset encryption key to obtain encrypted information ; Send encrypted information to at least two target development tools in the software development kit.

In some embodiments, the target authentication tool is further configured with preset authentication validity information. After performing authorization and authentication based on the identification information of the target application and the identification information of the authorized application, and obtaining an authentication result, the method further includes: according to the preset authentication validity information Generating the validity period information of the authentication result; encrypting the authentication result based on the preset encryption key, and obtaining the encrypted information includes: encrypting the authentication result and the validity period information based on the preset encryption key to obtain the encrypted information.

In some embodiments, before encrypting the authentication result based on the preset encryption key to obtain encrypted information, the method further includes: generating a check code according to the identification information of the authorized application and the authentication result; based on the preset encryption key pair Encrypting the authentication result to obtain encrypted information includes: encrypting a check code based on a preset encryption key to obtain encrypted information.

In some embodiments, the verification code may include other information besides the identification information and the authentication result of the authorized application, which may be determined in combination with the actual application requirements, such as information to facilitate future expansion of functions, or other verification information .

In some embodiments, the above-mentioned check code may also be time-sensitive; wherein, when the check code is encrypted, the validity period information corresponding to the check code may also be encrypted together, or the corresponding check code may be separately encrypted. The validity period information is encrypted, and can also be directly sent to the above at least two target development tools.

The specific refinement of the above-mentioned embodiment with the target authentication tool as the execution subject has been described in detail in the above-mentioned embodiments related to the method, and will not be described in detail here.

The following describes an authorization authentication method provided by an embodiment of the present invention from at least two target development tools in the software development kit as the execution body. With reference to FIG. 8 , the method may include: S801: Receive the authentication result sent by the target authentication tool, and the authentication result is that the target authentication tool responds to the target application's start instruction for the software development kit, and performs authorization authentication based on the identification information of the target application and the identification information of the authorized application configured by the target authentication tool owned; S803: In the case that the authentication result is that the authentication is passed, start the calling function for the target application.

In some embodiments, the at least two target development tools are configured with a preset decryption key; receiving the authentication result sent by the target authentication tool includes: receiving encrypted information sent by the target authentication tool, where the encrypted information is based on the target authentication tool and the preset Obtained by encrypting the authentication result with the preset encryption key corresponding to the decryption key; decrypting the encrypted information based on the preset decryption key to obtain the authentication result.

In some embodiments, the above-mentioned encrypted information is obtained by the target authentication tool encrypting the authentication result and the validity period information based on a preset encryption key, and decrypting the encrypted information based on the preset decryption key, and obtaining the authentication result includes: The decryption key decrypts the encrypted information to obtain the authentication result and the validity period information; before starting the calling function for the target application, the method further includes: validating the authentication result according to the validity period information to obtain the validity identification result; If the result is valid, execute the operation of invoking the function for the target application.

In some embodiments, the above encryption information is obtained by the target authentication tool encrypting a check code based on a preset encryption key, the check code is generated according to the identification information of the authorized application and the authentication result, and at least two target development tools The identification information of the authorized application is also configured, the encrypted information is decrypted based on the preset decryption key, and obtaining the authentication result includes: decrypting the encrypted information based on the preset decryption key, and obtaining the decrypted authentication result and the decrypted authorized application The identification information of the authorized application; based on the identification information of the authorized application configured by at least two target development tools and the decrypted identification information of the authorized application, the authorization verification is carried out, and the secondary authentication result is obtained; The decrypted authentication result is used as the authentication result.

In some embodiments, the verification code may include other information besides the identification information and the authentication result of the authorized application, which may be determined in combination with actual application requirements, for example, information for the convenience of expanding functions in the future, or other verification information .

In some embodiments, the above check code may also be time-sensitive; wherein, when the check code is encrypted, the validity period information corresponding to the check code may also be encrypted together, or encrypted separately, or directly Sent to at least two of the above target development tools.

The specific refinement of the above-mentioned embodiment with the target development tool as the execution subject has been described in detail in the above-mentioned embodiment related to the method, and will not be described in detail here.

FIG. 9 is a block diagram of an authorization and authentication apparatus according to an embodiment of the present invention. Referring to FIG. 9, the device is set in the target authentication tool corresponding to the software development kit, and the target authentication tool is configured with identification information of the authorized application, and the above-mentioned device includes: an identification information acquisition part 910, which is configured to respond to the activation of the software development kit by the target application. instruction to obtain the identification information of the target application; the authorization authentication part 920 is configured to perform authorization authentication based on the identification information of the target application and the identification information of the authorized application, and obtain the authentication result; the authentication result sending part 930 is configured to send the authentication result to the software development kit. At least two target development tools send authentication results, so that when the authentication result is that the authentication is passed, the at least two target development tools start calling functions for the target application.

In some embodiments, the target authentication tool is further configured with a preset encryption key, and the authentication result sending part 930 includes: an encryption part configured to encrypt the authentication result based on the preset encryption key to obtain encrypted information; an encrypted information sending part , configured to send encrypted information to at least two target development tools in the software development kit, so that the at least two target development tools decrypt the encrypted information based on the preset decryption key to obtain authentication results.

In some embodiments, the target authentication tool is further configured with preset authentication aging information, and at least two target development tools are configured with preset decryption keys; the above-mentioned device further includes: a validity period information generation part configured to be configured according to the preset authentication aging information The validity period information of the authentication result is generated; the encryption part is also configured to encrypt the authentication result and the validity period information based on the preset encryption key to obtain the encrypted information.

In some embodiments, the above device further includes: a verification code generation part, configured to generate a verification code according to the identification information of the authorized application and the authentication result; an encryption part, further configured to pair the verification code based on a preset encryption key Encrypt to get encrypted information.

In some embodiments, the authentication result sending part 930 is further configured to send the authentication result to at least two target development tools in the software development kit when the authentication result is an authentication passed .

Regarding the apparatus in the above embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment of the method, and will not be described in detail here.

Fig. 10 is a block diagram of an authorization authentication apparatus according to an embodiment of the present invention. 10 , the apparatus is provided with at least two target development tools in the software development kit, and the above-mentioned apparatus includes: an authentication result receiving part 1010 configured to receive an authentication result sent by the target authentication tool, and the authentication result is that the target authentication tool responds to the target The application's startup instruction to the software development kit is obtained by performing authorization and authentication based on the identification information of the target application and the identification information of the authorized application configured by the target authentication tool; the function startup part 1020 is invoked, and is configured to be authenticated when the authentication result is passed. , which initiates the call function for the target application.

In some embodiments, at least two target development tools are configured with a preset decryption key; the authentication result receiving part includes: an encrypted information receiving part, configured to receive encrypted information sent by the target authentication tool, the encrypted information is based on the target authentication tool based on and Obtained by encrypting the authentication result with the preset encryption key corresponding to the preset decryption key; the decryption part is configured to decrypt the encrypted information based on the preset decryption key to obtain the authentication result.

In some embodiments, the encrypted information is obtained by the target authentication tool encrypting the authentication result and the validity period information based on a preset encryption key, and the decryption part is further configured to decrypt the encrypted information based on the preset decryption key to obtain the authentication result and validity period information; the above-mentioned device further includes: a validity identification part, configured to perform validity identification on the authentication result according to the validity period information, and obtain the validity identification result; the calling function startup part, configured to be configured to be valid when the validity identification result is valid , which executes the action that initiates the calling function for the target application.

In some embodiments, the encryption information is obtained by the target authentication tool encrypting a check code based on a preset encryption key, the check code is generated according to the identification information of the authorized application and the authentication result, and the at least two target development tools further The identification information of the authorized application is configured, and the decryption part includes: a decryption sub-section, which is configured to decrypt the encrypted information based on the preset decryption key to obtain the decrypted authentication result and the decrypted identification information of the authorized application; the authentication and verification part, It is configured to perform authorization verification based on the identification information of the authorized application configured by at least two target development tools and the decrypted identification information of the authorized application, and obtain a secondary authentication result; the authentication result determination part is configured to be authenticated when the secondary authentication result is passed. In the case of , the decrypted authentication result is used as the authentication result.

Regarding the apparatus in the above embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment of the method, and will not be described in detail here.

FIG. 11 is a block diagram of an apparatus for generating a software development kit according to an embodiment of the present invention. 11 , the apparatus may include: a kit application instruction receiving part 1110 configured to receive a kit application instruction including identification information of an authorized application; a tool acquisition part 1120 configured to acquire at least two kit application instructions corresponding to the kit application instruction A target development tool and an initial authentication tool; the first tool configuration part 1130 is configured to configure the identification information of the authorized application to the initial authentication tool to obtain a target authentication tool, and the target authentication tool is used for the at least two target development kits Perform unified authorization and authentication; the software development kit generating part 1140 is configured to generate software development kits based on at least two target development tools, or is configured to generate software development kits based on at least two target development tools and target authentication tools.

In some embodiments, the above-mentioned apparatus further includes: a preset key pair generating part configured to generate a preset key pair, the preset key pair including a preset encryption key and a preset decryption key; the second tool configuration The third tool configuration part is configured to configure the preset encryption key to the target authentication tool to update the target authentication tool; the third tool configuration part is configured to configure the preset decryption key to the at least two target development tools to update the at least two Target development tools.

In some embodiments, the above-mentioned apparatus further includes: an aging information determination part, configured to determine preset authentication aging information; a fourth tool configuration part, configured to configure the preset authentication aging information to the target authentication tool to update the target authentication tool .

In some embodiments, the above-mentioned apparatus further includes: a fifth tool configuration part, configured to configure the identification information of the authorized application to the at least two target development tools, so as to update the at least two target development tools.

Regarding the device in the above-mentioned embodiment, the specific manner in which each part performs the operation has been described in detail in the embodiment of the method, and will not be described in detail here.

FIG. 12 is a block diagram of an electronic device for generating a software development kit or for authorization and authentication according to an embodiment of the present invention. The electronic device may be a server, and its internal structure diagram may be as shown in FIG. 12 . The electronic device includes a processor, memory and a network interface connected by a system bus. Among them, the processor of the electronic device is used to provide computing and control capabilities. The memory of the electronic device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage medium. The network interface of the electronic device is used to communicate with an external terminal through a network connection. The computer program, when executed by the processor, implements a method of software development kit generation or authorization.

Those skilled in the art can understand that the structure shown in FIG. 12 is only a block diagram of a part of the structure related to the solution of the present invention, and does not constitute a limitation on the electronic device to which the solution of the present invention is applied. The detailed electronic device More or fewer components than shown in the figures may be included, or some components may be combined, or have a different arrangement of components.

Although not shown, the above-mentioned electronic device may also include a Bluetooth module, an input device, etc., which will not be repeated here.

In an exemplary embodiment, an electronic device is also provided, comprising: a processor; a memory for storing instructions executable by the processor; wherein the processor is configured to execute the instructions, so as to realize the implementation of the present invention The example software development kit generates or authorizes the authentication method.

In an exemplary embodiment, a computer-readable storage medium is also provided, when the instructions in the storage medium are executed by the processor of the electronic device, the authorized authentication device can execute the software development kit generated or generated in the embodiment of the present invention or Authorization authentication method.

In an exemplary embodiment, there is also provided a computer program product comprising instructions, which, when executed on a computer, cause the computer to execute the software development kit generation or authorization authentication method in the embodiment of the present invention.

Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above-mentioned embodiments can be completed by instructing the relevant hardware through a computer program, and the computer program can be stored in a non-volatile computer-readable storage In the medium, when the computer program is executed, it may include the processes of the above-mentioned method embodiments. Wherein, any reference to memory, storage, database or other medium used in the various embodiments provided by the present invention may include non-volatile and/or volatile memory. Nonvolatile memory may include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory may include random access memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in various forms such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.

Other embodiments of the invention will readily occur to those skilled in the art upon consideration of the specification and practice of the invention disclosed herein. The present invention is intended to cover any variations, uses or adaptations of the present invention which follow the general principles of the present invention and include common knowledge or conventional techniques in the technical field not disclosed by the present invention . The specification and examples are to be regarded as exemplary only, with the true scope and spirit of the invention being indicated by the following claims.

It should be understood that the present invention is not limited to the precise structures described above and illustrated in the accompanying drawings, and that various modifications and changes may be made without departing from its scope. The scope of the invention is limited only by the appended claims.

Industrial Applicability In the embodiment of the present invention, the identification information of the target application is obtained by responding to the startup instruction of the target application to the software development kit; authorization and authentication are performed based on the identification information of the target application and the identification information of the authorized application to obtain an authentication result; At least two of the target development tools send the authentication result, so that the at least two target development tools start the calling function for the target application when the authentication result is that the authentication is passed. By using the technical solutions provided by the embodiments of the present invention, the performance loss of authorization and authentication and the cost of authentication maintenance can be reduced.

01: Terminal 02: Server 11: Application 12:SDK 13: Security Module 14: Module A 15: Module B 16: Application Module A 17: Application module B 910: Identification information acquisition part 920: Authorization authentication part 930: Authentication result sending part 1010: Authentication result receiving part 1020: Invoke function start part 1110: Kit Application Instruction Receiving Section 1120: Tool Acquisition Section 1130: First Tool Configuration Section 1140: Software development kit generation part S201, S203, S205, S207, S209, S211, S213, S401, S403,S405,S407,S409,S411,S413,S601,S603, S605, S607, S701, S703, S705, S801, S803: Steps

The accompanying drawings, which are incorporated into and constitute a part of the specification, illustrate embodiments consistent with the present invention, and together with the description, serve to explain the principles of the present invention, and do not constitute an unreasonable limitation of the present invention. 1 is a schematic diagram of an application environment of a method for generating a software development kit according to an embodiment of the present invention; 2a is a flowchart of a method for generating a software development kit according to an embodiment of the present invention; 2b is a block diagram of an electronic device for generating a software development kit according to an embodiment of the present invention; 3 is a flowchart of another method for generating a software development kit according to an embodiment of the present invention; 4 is a flowchart of another method for generating a software development kit according to an embodiment of the present invention; 5 is a flowchart of another method for generating a software development kit according to an embodiment of the present invention; 6 is a schematic flowchart of an authorization and authentication method according to an embodiment of the present invention; 7 is a schematic flowchart of an authorization and authentication method according to an embodiment of the present invention; 8 is a schematic flowchart of an authorization authentication method according to an embodiment of the present invention; 9 is a block diagram of an authorization and authentication device according to an embodiment of the present invention; 10 is a block diagram of an authorization and authentication device according to an embodiment of the present invention; 11 is a block diagram of a software development kit generating device according to an embodiment of the present invention; Fig. 12 is a block diagram of an electronic device for generating a software development kit or for authorization and authentication according to an embodiment of the present invention.

S701, S703, S705: Steps

Claims (15)

An authorization authentication method, the method is applied to a target authentication tool corresponding to a software development kit, the target authentication tool is configured with identification information of an authorized application, and the method includes: Acquiring the identification information of the target application in response to the target application's start-up instruction to the software development kit; Perform authorization authentication based on the identification information of the target application and the identification information of the authorized application to obtain an authentication result; Sending the authentication result to the at least two target development tools in the software development kit, so that the at least two target development tools start calling functions for the target application when the authentication result is that the authentication is passed . The authorization authentication method according to claim 1, wherein the target authentication tool is further configured with a preset encryption key, and at least two target development tools in the software development kit are configured with a preset decryption key; the Sending the authentication result to at least two target development tools in the software development kit includes: Encrypting the authentication result based on the preset encryption key to obtain encrypted information; Sending the encrypted information to at least two target development tools in the software development kit, so that the at least two target development tools decrypt the encrypted information based on the preset decryption key to obtain the authentication result. The authorization authentication method according to claim 2, wherein the target authentication tool is further configured with preset authentication aging information, and the authorization authentication is performed based on the identification information of the target application and the identification information of the authorized application, After obtaining the authentication result, the method further includes: generating validity period information of the authentication result according to the preset authentication validity period information; Encrypting the authentication result based on the preset encryption key to obtain encrypted information includes: The authentication result and the validity period information are encrypted based on the preset encryption key to obtain the encrypted information. The authorization authentication method according to claim 2 or 3, wherein, before the authentication result is encrypted based on the preset encryption key to obtain encrypted information, the method further includes: generating a check code according to the identification information of the authorized application and the authentication result; Encrypting the authentication result based on the preset encryption key to obtain encrypted information includes: The check code is encrypted based on the preset encryption key to obtain the encrypted information. The authorization authentication method according to claim 1, wherein the sending the authentication result to at least two target development tools in the software development kit includes: If the authentication result is that the authentication is passed, the authentication result is sent to at least two target development tools in the software development kit. An authorization authentication method, the method is applied to at least two target development tools in a software development kit, and the method includes: Receive an authentication result sent by the target authentication tool, where the authentication result is that the target authentication tool responds to the target application's startup instruction to the software development kit, based on the identification information of the target application and the information configured by the target authentication tool. The identification information of the authorized application is obtained through authorization and authentication; If the authentication result is that the authentication is passed, the calling function is started for the target application. The authorization authentication method according to claim 6, wherein the at least two target development tools are configured with a preset decryption key; and the authentication result sent by the receiving target authentication tool includes: receiving encryption information sent by the target authentication tool, where the encryption information is obtained by the target authentication tool encrypting the authentication result based on a preset encryption key corresponding to the preset decryption key; Decrypt the encrypted information based on the preset decryption key to obtain the authentication result. The authorization authentication method according to claim 7, wherein the encryption information is obtained by encrypting the authentication result and the validity period information of the authentication result by the target authentication tool based on the preset encryption key, and the Decrypting the encrypted information based on the preset decryption key, and obtaining the authentication result includes: Decrypt the encrypted information based on the preset decryption key to obtain the authentication result and the validity period information of the authentication result; Before starting the calling function for the target application, the method further includes: Perform validity identification on the authentication result according to the validity period information of the authentication result to obtain a validity identification result; In the case that the validity identification result is valid, the operation of invoking a function for the target application is executed. The authorization authentication method according to claim 7 or 8, wherein the encryption information is obtained by the target authentication tool encrypting a check code based on the preset encryption key, and the check code is obtained according to the The identification information of the authorized application and the authentication result are generated, the at least two target development tools are also configured with the identification information of the authorized application, and the encrypted information is decrypted based on the preset decryption key. , and obtaining the authentication result includes: Decrypt the encrypted information based on the preset decryption key to obtain the decrypted authentication result and the decrypted identification information of the authorized application; Perform authorization authentication based on the identification information of the authorized application configured by the at least two target development tools and the decrypted identification information of the authorized application to obtain a secondary authentication result; When the secondary authentication result is that the authentication is passed, the decrypted authentication result is used as the authentication result. A software development kit generation method, comprising: receiving a kit application instruction, where the kit application instruction includes identification information of an authorized application; Obtain at least two target development tools and initial certification tools corresponding to the kit application instruction; Configuring the identification information of the authorized application to the initial authentication tool to obtain a target authentication tool, where the target authentication tool is used to perform unified authorization authentication on the at least two target development kits; A software development kit is generated based on the at least two target development tools, or the software development kit is generated based on the at least two target development tools and the target authentication tool. The method for generating a software development kit according to claim 10, wherein the software development kit is generated based on the at least two target development tools, or the software is generated based on the at least two target development tools and the target authentication tool Before developing the kit, the method further includes: generating a preset key pair, the preset key pair including a preset encryption key and a preset decryption key; Configuring the preset encryption key to the target authentication tool to update the target authentication tool; The preset decryption key is configured to the at least two target development tools to update the at least two target development tools. The method for generating a software development kit according to claim 10 or 11, wherein the method further comprises: Determine the information on the preset authentication time limit; The preset authentication aging information is allocated to the target authentication tool to update the target authentication tool. The method for generating a software development kit according to claim 10 or 11, wherein the method further comprises: Configuring the identification information of the authorized application to the at least two target development tools to update the at least two target development tools. An electronic device comprising: processor; memory for storing instructions executable by the processor; Wherein, the processor is configured to execute the instructions to implement the authorization authentication method described in any one of claim items 1 to 9 or the software development kit generation described in any one of claim items 10 to 13 method. A computer-readable storage medium, when the instructions in the storage medium are executed by a processor of an electronic device, the electronic device can execute the authorization and authentication method as described in any one of claim items 1 to 9 or as claimed in item 10 The software development kit generation method described in any one of to 13.

Images