WO2016188335A1 - Procédé, appareil, et système de contrôle d'accès pour des données utilisateur - Google Patents
Procédé, appareil, et système de contrôle d'accès pour des données utilisateur Download PDFInfo
- Publication number
- WO2016188335A1 WO2016188335A1 PCT/CN2016/082162 CN2016082162W WO2016188335A1 WO 2016188335 A1 WO2016188335 A1 WO 2016188335A1 CN 2016082162 W CN2016082162 W CN 2016082162W WO 2016188335 A1 WO2016188335 A1 WO 2016188335A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- account
- context information
- server
- access request
- data
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
- H04L67/63—Routing a service request depending on the request content or context
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6272—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Definitions
- the system provided by the ISV is an uncontrollable third-party system
- various human factors cannot be estimated (for example, privately allowed within the time allowed by the user's authorization).
- the user data leakage caused by hacking or attacking, or the security of the uncontrollable third-party system is poor, making the data open environment of the data development platform and the system provided by the ISV less secure. .
- an access control apparatus for user data including: a first receiving module, configured to receive a data access request sent by a first server, where the data access request is initiated by an account a request for including context information of the account; a forwarding module for forwarding the data access request to the data source server; and a second receiving module, configured to receive data to be accessed by the data access request returned by the data source server, wherein, when the data source The server determines, according to the context information included in the data access request, that the account that initiates the data access request is a secure access account, and the data access request is a secure access request, allowing the third-party system to access the data source according to the data access request.
- FIG. 6 is a schematic diagram of a service flow interaction of an access control system for user data according to Embodiment 1 of the present application;
- FIG. 7 is a schematic flowchart of a method for controlling access of user data according to Embodiment 2 of the present application.
- a method embodiment of an access control method for user data is also provided, which needs to be said. It will be understood that the steps illustrated in the flowchart of the figures may be executed in a computer system such as a set of computer executable instructions, and, although the logical order is illustrated in the flowchart, in some cases, The steps shown or described are performed in an order different from that herein.
- the third-party system may request to access the user data stored in the data source server by forwarding the data access request to the data source server, and then the data source server reads the user data according to the data access request.
- the third-party system may request to access the user data stored in the data source server by forwarding the data access request to the data source server, and then the data source server reads the user data according to the data access request.
- the third-party system involved in the present application implements related system functions for a system server provided by a software provider, and can trigger a third-party system to implement related functions by at least one of the following methods: in a browser. Enter the address to open the webpage of the above third-party system to access the corresponding system server, invoke the related functions of the third-party system, and activate the third-party system by triggering the plug-in installed on the client to access the corresponding system server.
- the related functions of the third-party system are activated by triggering the application software installed on the client to access the corresponding system server.
- the third-party system may include an order management system, a logistics management system, or a virtual machine server, and the data source may be generated and recorded by the account when using the Taobao and Tmall websites.
- User data for example, for Taobao buyers, the data source may include: user avatar, user nickname, user registration time, user login information, user mobile phone number, user mailbox, user address, user history shopping information, user shopping demand, user Collection information and user payment information, etc.
- the third-party system can access the data related to the seller's account in the data source provided by Taobao (such as product information of the order, transaction content, transaction amount and product evaluation) to obtain the user. Data, complete the order management function provided by the third-party system.
- Taobao such as product information of the order, transaction content, transaction amount and product evaluation
- the current account (which may be a legitimate account or a forged account impersonating the legitimate account) sends a data access request to the first server, and the first server receives each received message.
- a data access request is verified, that is, the first server determines whether the data access request carries the account. Whether the information below, and/or the context information can pass the verification, when the verification of the data access request is passed, the first server allows the data access request to be sent to the third-party system, and the third-party system can then Access requests to access the data source.
- the first server includes the context information of the account in determining the data access request, and/or allows the data access if the context information of the account is verified.
- the login server can form a subset of the complete context information and return it to the client by extracting the necessary information in the complete context information.
- the returned context information can satisfy the requirement of the first server to verify whether the context information is carried in the data access request, and/or to verify whether the included context information is correct
- the complete context information is returned to the client.
- a subset of methods can be effectively reduced The amount of information sent by the login server to the client. In the case that a large number of users initiate a login request to the login server in a short period of time, this method can effectively save the system resources of the login server and reduce the data transmission burden of the login server.
- step S2014 the client receives the context information returned by the login server
- the following implementation steps may be performed:
- the login server does not perform the above step S2013, that is, the login server does not encrypt the account information
- the first server may implement the first server storage by updating specific element data in the user context information stored in the first server. Legal access to identification information.
- the foregoing steps S502 to S506 of the present application provide an alternative for the first server to verify the context information of the account.
- the first server sends the read account context information to the context information server, and the context information server completes the matching authentication work of the context information, and if the matching is successful, determines that the context information of the account is legal information, and generates an account.
- the legal access identification information is sent to the first server.
- the first server implements verification of the context information of the account by receiving the legal access identifier information sent by the context information server.
- step S207 of the present application after the third-party system receives the data access request sent by the first server, the third-party system forwards the data access request to the data source server, and the data access request is used to instruct the third-party system to request the data source. User data of the legal account stored.
- the data source server accesses the first server or the context information server to query whether the legal access identification information of the account is available. For an account capable of querying the legal access identification information, the data source server determines that the data access request initiated by the account is a secure access request.
- Step S209 The data source server returns data to be accessed by the data access request to the third party system.
- step S209 of the present application after the data source server determines that the data access request is a secure access request, the data source server returns the data to be accessed by the data access request to the third party system.
- the data source server implements the effect of determining whether the data access request is initiated by a legitimate account by querying whether the user has the legal access identification information of the account, and avoids the adverse consequences of the malicious account reading the user data by impersonating the legitimate account data access request.
- the context information (Context information) of the above account can determine whether the third party system can obtain and can obtain the user data of multiple high privilege levels.
- high-level data generally involves user privacy, such as user mobile phone number, home address, and even credit card information.
- Low-level data is generally not classified, such as user nickname, user avatar information, etc., and generally can be classified according to user privacy level. . Since the context information corresponding to the account can verify whether the data access request initiated by the client account is initiated by a legitimate user, if not, the third party system cannot obtain the user data, thus effectively preventing the third party system from being hacked or artificially The reason is that the user data is maliciously read and written, and the security of the user data is greatly improved.
- Step S2082 The data source server verifies whether the online information of the account is included in the context information
- the first access data may include information corresponding to the second security level, for example, User's nickname information, user's avatar information, etc.
- the risk status of the account can be divided into areas such as high security risk, suspected risk status, and trusted status.
- Security risk status information can be generated by the login server.
- the account security risk status information included in the account context information can enable the data source server to further control the degree of openness of the data.
- the account is logged in to the client, and a login request is initiated to the login server.
- the client can be a software product, such as a software such as a Taobao client or a Tmall client, or a mobile terminal device or a computer device.
- the login server stores the account password information of the account and the complete context information of the account.
- Taobao's sellers to implement order management functions. For example, when using a third-party system that provides order management functions, Taobao sellers first need to log in to Taobao client, Taobao seller account to login server, such as Taobao server, initiate login request, complete Taobao seller. Login of the account.
- Step F The first server verifies whether the context information is carried in the data access request.
- the first server verifies whether the data access request carries at least content that appears to be context information.
- the order management function of the seller of Taobao is still implemented.
- the data access request of the seller account received by the first server may be the punishment of the real Taobao seller by opening the order management platform, or may be a forged account. Pretending to be issued by the seller's account.
- the first server does not know in advance whether the originating account of the received data access request is legitimate. Then, only the account that receives the login server returning context information may contain context information in the data access request it sends. At this time, the first server first verifies whether the data access request includes context information to determine the originating account of the data access request.
- Step K Forward the data access request.
- Step M The first server returns a legal access identifier information query result to the data source server.
- Step S602 The client obtains context information of the account.
- the foregoing steps provided by the present application may be implemented to determine whether an account initiating the data access request is a legitimate account by checking whether the received data access request carries context information and/or context information of the account. Judging from the kind of information contained in the above context information, the context information is data having non-fixed values and the hacker cannot steal characteristics. Therefore, it is highly credible to verify whether the account is legal based on the context information.
- the solution of introducing the context checking mechanism in the present application can make the verification result of the account more accurate, and specifically, can effectively solve the problem that the user data is randomly accessed within the time allowed by the user authorization.
- Step S6032 After the account is logged in to the client, a login request is initiated to the login server.
- Step S6034 The client receives the context information returned by the login server, where the context information is a subset of the complete context information generated by the login server according to the login request.
- step S6054 the specific step of verifying the context information of the account includes:
- Step S60543 The first server generates legal access identification information of the account, where the legal access identification information is used to represent that the account that initiated the data access request is a legal account.
- step S6054 the specific step of verifying the context information of the account includes:
- the context information server matches the context information with the pre-existing local complete context information. If the matching is successful, the verification result is that the context information of the account is legal information.
- the context information (Context information) of the above account can determine whether the third party system can obtain and can obtain the user data of multiple high privilege levels.
- high-level data generally involves user privacy, such as user mobile phone number, home address, and even credit card information.
- Low-level data is generally not classified, such as user nickname, user avatar information, etc., and generally can be classified according to user privacy level. . Since the context information corresponding to the account can verify whether the data access request initiated by the client account is initiated by a legitimate user, if not, the third party system cannot obtain the user data, thus effectively preventing the third party system from being hacked or artificially The reason is that the user data is maliciously read and written, and the security of the user data is greatly improved.
- the step may further include: implementing, by the data source server, whether the context information includes the online information of the account; When the context information contains the online information of the account, the data source server executes to the third party. The step in which the system returns the data to be accessed by the data access request.
- the security risk status information is information used to represent the current risk status of the account.
- the second access data can only include information corresponding to the first risk state, for example, the user's nickname information, the user's avatar. Information, etc.
- the second access data can include information corresponding to the second risk status, for example, the user's payment information, the user's mobile phone number, or User's address information, etc.
- the first server After the current account (which may be a legitimate account or a fake account impersonates the legal account) sends a data access request to the first server, the first server will receive each received A data access request is verified, that is, the first server determines whether the data access request carries the account context information, and/or whether the context information can be verified, and when the verification of the data access request is passed, The first server allows the data access request to be sent to the third party system, and the third party system can access the data source according to the data access request.
- the data source server determines, according to the context information included in the data access request, that the account that initiates the data access request is a secure access account, and the specific implementation steps of the data access request being a secure access request include: :
- the first server checks each data access request received. , that is, the first server determines whether the data access request carries the account context information, and/or whether the context information can pass the verification; when the verification of the data access request passes, the first server allows the data access request to be sent to A third-party system, and then a third-party system, can access the data source based on the data access request.
- the foregoing reading subunit 902, the matching subunit 904, and the generating subunit 906 correspond to the steps S402 to S406 in the first embodiment, and the examples and applications implemented by the three modules and corresponding steps.
- the scene is the same, but is not limited to the content disclosed in the first embodiment.
- the foregoing module may be implemented in the computer terminal 10 provided in the first embodiment as a part of the device, and may be implemented by software or by hardware.
- the scene is the same, but is not limited to the content disclosed in the third embodiment above.
- the foregoing module may be implemented in the computer terminal 10 provided in the third embodiment as a part of the device, and may be implemented by software or by using software. Hardware implementation.
- the first server 143 is in communication with the client terminal 141, configured to transparently transmit the data access request after the authentication data access request includes the context information of the account, and/or the verification context information is the legal information;
- the third-party system server 145 is in communication with the first server 143, and configured to receive a data access request transparently transmitted by the first server;
- the data source server 147 is in communication with the third-party system server 145, and is configured to receive a data access request forwarded by the third-party system server, and determine, according to the context information included in the data access request, that the account that initiates the data access request is a secure access account.
- the access data corresponding to the data access request is returned to the third-party system server.
- the foregoing system may further include: a login server and a context information server.
- the processor 51 may further execute the following step: the first server sends the context information to the context information server after determining that the data access request carries the context information; Receiving, by the server, the verification result of the context information by the context information server; if the verification result is that the context information of the account is legal information, the first server receives the location generated by the context information server The legal access identifier information of the account, wherein the legal access identifier information is used to represent the account of the initiated data access request as a legal account; wherein the context information server associates the context information with a pre-existing local The complete context information is matched, and if the matching is successful, the verification result is that the context information of the account is the legal information.
- the processor 51 may further execute the following program code: the data source server generates corresponding second access data according to the security risk status information, and returns the second access data to the first Tripartite system.
- the processor 51 may further execute the following program code: the first server does not include the context information of the account in determining the data access request, or the context information verification of the account fails. In case, the first server sends the data access request to the third-party system, or the first server prohibits sending the data access request to the third-party system, and sends an alarm message.
- an access control scheme for user data is provided.
- FIG. 15 is only for illustration, and the computer terminal can also be a smart phone (such as an Android mobile phone, an iOS mobile phone, etc.), a tablet computer, an applause computer, and a mobile Internet device (Mobile Internet Devices, MID). ), PAD and other terminal devices.
- Fig. 15 does not limit the structure of the above electronic device.
- computer terminal A may also include more or fewer components (such as a network interface, display device, etc.) than shown in FIG. 15, or have a different configuration than that shown in FIG.
- the memory 53 can be used to store software programs and modules, such as the security vulnerability detection method and the program instruction/module corresponding to the device in the embodiment of the present application, and the processor 51 executes by executing the software program and the module stored in the memory 53.
- Software programs and modules such as the security vulnerability detection method and the program instruction/module corresponding to the device in the embodiment of the present application
- the processor 51 executes by executing the software program and the module stored in the memory 53.
- Various functional applications and data processing that is, detection methods for implementing the aforementioned system vulnerability attacks.
- Memory 53 may include high speed random access memory and may also include non-volatile memory such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory.
- memory 53 may further include memory remotely located relative to processor 51, which may be connected to terminal A via a network. Examples of such networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.
- the processor 51 may further execute the following program code: the first server receives an account initiated data access request; the first server verifies whether the data access request carries the context information of the account, and/or the context of the account The information is verified; the first server includes the context information of the account in determining the data access request, and/or allows the data access request to be sent to the third party system if the context information of the account is verified, so that the third party system A data access request accesses the data source.
- the processor 51 may further execute the following program code: the data source server security risk status information generates the corresponding second access data, and returns the second access data to the third-party system.
- the program is executed by instructing the terminal device-related hardware, and the program may be stored in a computer readable storage medium, and the storage medium may include: a flash disk, a read-only memory (ROM), a random access device ( Random Access Memory (RAM), disk or CD.
- ROM read-only memory
- RAM Random Access Memory
- the memory 53 can be used to store software programs and modules, such as the security vulnerability detection method and the program instruction/module corresponding to the device in the embodiment of the present application, and the processor 51 executes by executing the software program and the module stored in the memory 53.
- Software programs and modules such as the security vulnerability detection method and the program instruction/module corresponding to the device in the embodiment of the present application
- the processor 51 executes by executing the software program and the module stored in the memory 53.
- Various functional applications and data processing that is, detection methods for implementing the aforementioned system vulnerability attacks.
- Memory 53 may include high speed random access memory and may also include non-volatile memory such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory.
- memory 53 may further include memory remotely located relative to processor 51, which may be connected to terminal A via a network. Examples of such networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.
- the memory 53 is configured to store preset action conditions and information of the preset rights user, and an application.
- the processor 51 can call the information and the application stored by the memory 53 through the transmission device to perform the following steps: the third party system receives the data access request sent by the first server, wherein the data access request is an account initiated by the account. a request for context information; the third party system forwards the data access request to the data source server; the third party system receives the data to be accessed by the data access request returned by the data source server, wherein, when the data source server according to the context information included in the data access request, When the account that initiates the data access request is determined to be a secure access account, and the data access request is a secure access request, the third party system is allowed to access the data source according to the data access request.
- the processor 51 may further execute the following program code: the first server forwards the received data access request to the third-party system, where the specific implementation step of sending the data access request to the first server includes: After logging in to the client, the login request is initiated to the login server; the client receives the context information returned by the login server, where the context information is a subset of the complete context information generated by the login server according to the login request; the client obtains the context information of the account; The client sends an account-triggered data access request to the first service. Server, wherein the data access request includes at least context information.
- FIG. 15 is only for illustration, and the computer terminal can also be a smart phone (such as an Android mobile phone, an iOS mobile phone, etc.), a tablet computer, an applause computer, and a mobile Internet device (Mobile Internet Devices, MID). ), PAD and other terminal devices.
- Fig. 15 does not limit the structure of the above electronic device.
- computer terminal 15 may also include more or fewer components (such as a network interface, display device, etc.) than shown in FIG. 15, or have a different configuration than that shown in FIG.
- the storage medium is further configured to store program code for: generating, by the data source server, corresponding first access data according to the security privacy level information, and returning the first access data to The third party system.
- the storage medium is further configured to store program code for performing the following steps: the data source server generates the corresponding second access data by the security risk status information, and returns the second access data to the A third-party system.
- the storage medium is configured to store program code for performing the following steps: the client obtains context information of the account; the client sends an account-triggered data access request to the first server, where the data The access request includes at least context information; the client receives the access data acquired by the first server according to the data access request; wherein the first server determines that the data access request includes context information of the account, and/or checks the context information of the account.
- the data access request is allowed to be sent to the third party system, so that the third party system accesses the data source according to the data access request.
- the storage medium is further configured to store program code for performing the following steps: the first server receives an account initiated data access request; the first server verifies whether the data access request carries context information of the account, and/or The context information of the account is verified; the first server includes the context information of the account in determining the data access request, and/or allows the data access request to be sent to the third party if the context information of the account is verified.
- the system enables third-party systems to access data sources based on data access requests.
- Embodiments of the present application also provide a storage medium.
- the foregoing storage medium may be used to save the program code executed by the access control method of the user data provided in Embodiment 3 above.
- the integrated unit if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium.
- a computer readable storage medium A number of instructions are included to cause a computer device (which may be a personal computer, server or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present application.
- the foregoing storage medium includes: a U disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk, and the like. .
Abstract
L'invention concerne un procédé, un appareil, et un système de commande d'accès pour des données utilisateur. Le procédé comprend les étapes suivantes : un premier serveur reçoit une demande d'accès aux données initiée par un compte ; le premier serveur vérifie si la demande d'accès aux données contient des informations de contexte du compte, et/ou vérifie les informations de contexte du compte ; et le premier serveur autorise l'envoi de la demande d'accès aux données à un système tiers lorsqu'il est déterminé que la demande d'accès aux données contient les informations de contexte du compte et/ou que la vérification des informations de contexte est concluante, de sorte que le système tiers accède à une source de données en réponse à la demande d'accès aux données. La présente invention résout le problème technique lié, dans l'état de la technique, au fait que la sécurité d'une source de données est faible car la sécurité d'un compte initiant un accès durant un processus au cours duquel un utilisateur accède à la source de données au moyen d'un système tiers est faible elle aussi.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510267072.7A CN106302332B (zh) | 2015-05-22 | 2015-05-22 | 用户数据的访问控制方法、装置及系统 |
CN201510267072.7 | 2015-05-22 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016188335A1 true WO2016188335A1 (fr) | 2016-12-01 |
Family
ID=57392504
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2016/082162 WO2016188335A1 (fr) | 2015-05-22 | 2016-05-16 | Procédé, appareil, et système de contrôle d'accès pour des données utilisateur |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN106302332B (fr) |
WO (1) | WO2016188335A1 (fr) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112583777A (zh) * | 2019-09-30 | 2021-03-30 | 北京国双科技有限公司 | 用户登录的实现方法及装置 |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106961435B (zh) * | 2017-03-22 | 2019-12-13 | 北京深思数盾科技股份有限公司 | 一种访问保护方法和系统 |
CN107908538A (zh) * | 2017-12-12 | 2018-04-13 | 郑州云海信息技术有限公司 | 一种服务器系统性能的自动化测试方法及系统 |
CN109165353A (zh) * | 2018-09-25 | 2019-01-08 | 安徽灵图壹智能科技有限公司 | 一种基于区块链的租房信息检索方法及系统 |
CN109753778A (zh) * | 2018-12-30 | 2019-05-14 | 北京城市网邻信息技术有限公司 | 用户的审核方法、装置、设备及存储介质 |
CN110049031B (zh) * | 2019-04-08 | 2021-05-18 | 厦门网宿有限公司 | 一种接口安全认证方法及服务器、认证中心服务器 |
CN112448921A (zh) * | 2019-08-30 | 2021-03-05 | 华为技术有限公司 | 检测后门的方法和装置 |
CN111475523A (zh) * | 2020-04-10 | 2020-07-31 | 得到(天津)文化传播有限公司 | 请求响应方法、装置、设备和存储介质 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080134305A1 (en) * | 2005-12-16 | 2008-06-05 | Hinton Heather M | Method and system for extending authentication methods |
CN103297437A (zh) * | 2013-06-20 | 2013-09-11 | 中国软件与技术服务股份有限公司 | 一种移动智能终端安全访问服务器的方法 |
CN104518876A (zh) * | 2013-09-29 | 2015-04-15 | 腾讯科技(深圳)有限公司 | 服务登录方法及装置 |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8850554B2 (en) * | 2010-02-17 | 2014-09-30 | Nokia Corporation | Method and apparatus for providing an authentication context-based session |
CN102724647B (zh) * | 2012-06-06 | 2014-08-13 | 电子科技大学 | 一种能力访问授权方法及系统 |
US9245144B2 (en) * | 2012-09-27 | 2016-01-26 | Intel Corporation | Secure data container for web applications |
-
2015
- 2015-05-22 CN CN201510267072.7A patent/CN106302332B/zh active Active
-
2016
- 2016-05-16 WO PCT/CN2016/082162 patent/WO2016188335A1/fr active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080134305A1 (en) * | 2005-12-16 | 2008-06-05 | Hinton Heather M | Method and system for extending authentication methods |
CN103297437A (zh) * | 2013-06-20 | 2013-09-11 | 中国软件与技术服务股份有限公司 | 一种移动智能终端安全访问服务器的方法 |
CN104518876A (zh) * | 2013-09-29 | 2015-04-15 | 腾讯科技(深圳)有限公司 | 服务登录方法及装置 |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112583777A (zh) * | 2019-09-30 | 2021-03-30 | 北京国双科技有限公司 | 用户登录的实现方法及装置 |
CN112583777B (zh) * | 2019-09-30 | 2023-04-18 | 北京国双科技有限公司 | 用户登录的实现方法及装置 |
Also Published As
Publication number | Publication date |
---|---|
CN106302332A (zh) | 2017-01-04 |
CN106302332B (zh) | 2019-10-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6701364B2 (ja) | パスワードなしのコンピュータログインのサービス支援モバイルペアリングのためのシステム及び方法 | |
US20190281028A1 (en) | System and method for decentralized authentication using a distributed transaction-based state machine | |
WO2016188335A1 (fr) | Procédé, appareil, et système de contrôle d'accès pour des données utilisateur | |
CN101227468B (zh) | 用于认证用户到网络的方法、设备和系统 | |
US9628282B2 (en) | Universal anonymous cross-site authentication | |
US9197420B2 (en) | Using information in a digital certificate to authenticate a network of a wireless access point | |
JP2019531567A (ja) | 装置認証のシステム及び方法 | |
CN114679293A (zh) | 基于零信任安全的访问控制方法、设备及存储介质 | |
WO2017036310A1 (fr) | Procédé et dispositif de mise à jour d'informations d'authentification | |
US20120324545A1 (en) | Automated security privilege setting for remote system users | |
JP2017521934A (ja) | クライアントとサーバとの間の相互検証の方法 | |
US11409861B2 (en) | Passwordless authentication | |
CN112989426B (zh) | 授权认证方法及装置、资源访问令牌的获取方法 | |
US20210399897A1 (en) | Protection of online applications and webpages using a blockchain | |
US10834074B2 (en) | Phishing attack prevention for OAuth applications | |
US11533625B2 (en) | Authentication method and network device | |
Luvanda et al. | Identifying threats associated with man-in-the middle attacks during communications between a mobile device and the back end server in mobile banking applications | |
CN106576050B (zh) | 三层安全和计算架构 | |
US10693873B2 (en) | Securing remote authentication | |
Binu et al. | A mobile based remote user authentication scheme without verifier table for cloud based services | |
US20220353081A1 (en) | User authentication techniques across applications on a user device | |
CN114978544A (zh) | 一种访问认证方法、装置、系统、电子设备及介质 | |
CN108574657B (zh) | 接入服务器的方法、装置、系统以及计算设备和服务器 | |
Rivers et al. | A Study on Cyber Attacks and Vulnerabilities in Mobile Payment Applications | |
TWI778319B (zh) | 跨平台授權存取資源方法及授權存取系統 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16799224 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 16799224 Country of ref document: EP Kind code of ref document: A1 |