WO2016188335A1 - Procédé, appareil, et système de contrôle d'accès pour des données utilisateur - Google Patents

Procédé, appareil, et système de contrôle d'accès pour des données utilisateur Download PDF

Info

Publication number
WO2016188335A1
WO2016188335A1 PCT/CN2016/082162 CN2016082162W WO2016188335A1 WO 2016188335 A1 WO2016188335 A1 WO 2016188335A1 CN 2016082162 W CN2016082162 W CN 2016082162W WO 2016188335 A1 WO2016188335 A1 WO 2016188335A1
Authority
WO
WIPO (PCT)
Prior art keywords
account
context information
server
access request
data
Prior art date
Application number
PCT/CN2016/082162
Other languages
English (en)
Chinese (zh)
Inventor
赵坤
Original Assignee
阿里巴巴集团控股有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 阿里巴巴集团控股有限公司 filed Critical 阿里巴巴集团控股有限公司
Publication of WO2016188335A1 publication Critical patent/WO2016188335A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • H04L67/63Routing a service request depending on the request content or context
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6272Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Definitions

  • the system provided by the ISV is an uncontrollable third-party system
  • various human factors cannot be estimated (for example, privately allowed within the time allowed by the user's authorization).
  • the user data leakage caused by hacking or attacking, or the security of the uncontrollable third-party system is poor, making the data open environment of the data development platform and the system provided by the ISV less secure. .
  • an access control apparatus for user data including: a first receiving module, configured to receive a data access request sent by a first server, where the data access request is initiated by an account a request for including context information of the account; a forwarding module for forwarding the data access request to the data source server; and a second receiving module, configured to receive data to be accessed by the data access request returned by the data source server, wherein, when the data source The server determines, according to the context information included in the data access request, that the account that initiates the data access request is a secure access account, and the data access request is a secure access request, allowing the third-party system to access the data source according to the data access request.
  • FIG. 6 is a schematic diagram of a service flow interaction of an access control system for user data according to Embodiment 1 of the present application;
  • FIG. 7 is a schematic flowchart of a method for controlling access of user data according to Embodiment 2 of the present application.
  • a method embodiment of an access control method for user data is also provided, which needs to be said. It will be understood that the steps illustrated in the flowchart of the figures may be executed in a computer system such as a set of computer executable instructions, and, although the logical order is illustrated in the flowchart, in some cases, The steps shown or described are performed in an order different from that herein.
  • the third-party system may request to access the user data stored in the data source server by forwarding the data access request to the data source server, and then the data source server reads the user data according to the data access request.
  • the third-party system may request to access the user data stored in the data source server by forwarding the data access request to the data source server, and then the data source server reads the user data according to the data access request.
  • the third-party system involved in the present application implements related system functions for a system server provided by a software provider, and can trigger a third-party system to implement related functions by at least one of the following methods: in a browser. Enter the address to open the webpage of the above third-party system to access the corresponding system server, invoke the related functions of the third-party system, and activate the third-party system by triggering the plug-in installed on the client to access the corresponding system server.
  • the related functions of the third-party system are activated by triggering the application software installed on the client to access the corresponding system server.
  • the third-party system may include an order management system, a logistics management system, or a virtual machine server, and the data source may be generated and recorded by the account when using the Taobao and Tmall websites.
  • User data for example, for Taobao buyers, the data source may include: user avatar, user nickname, user registration time, user login information, user mobile phone number, user mailbox, user address, user history shopping information, user shopping demand, user Collection information and user payment information, etc.
  • the third-party system can access the data related to the seller's account in the data source provided by Taobao (such as product information of the order, transaction content, transaction amount and product evaluation) to obtain the user. Data, complete the order management function provided by the third-party system.
  • Taobao such as product information of the order, transaction content, transaction amount and product evaluation
  • the current account (which may be a legitimate account or a forged account impersonating the legitimate account) sends a data access request to the first server, and the first server receives each received message.
  • a data access request is verified, that is, the first server determines whether the data access request carries the account. Whether the information below, and/or the context information can pass the verification, when the verification of the data access request is passed, the first server allows the data access request to be sent to the third-party system, and the third-party system can then Access requests to access the data source.
  • the first server includes the context information of the account in determining the data access request, and/or allows the data access if the context information of the account is verified.
  • the login server can form a subset of the complete context information and return it to the client by extracting the necessary information in the complete context information.
  • the returned context information can satisfy the requirement of the first server to verify whether the context information is carried in the data access request, and/or to verify whether the included context information is correct
  • the complete context information is returned to the client.
  • a subset of methods can be effectively reduced The amount of information sent by the login server to the client. In the case that a large number of users initiate a login request to the login server in a short period of time, this method can effectively save the system resources of the login server and reduce the data transmission burden of the login server.
  • step S2014 the client receives the context information returned by the login server
  • the following implementation steps may be performed:
  • the login server does not perform the above step S2013, that is, the login server does not encrypt the account information
  • the first server may implement the first server storage by updating specific element data in the user context information stored in the first server. Legal access to identification information.
  • the foregoing steps S502 to S506 of the present application provide an alternative for the first server to verify the context information of the account.
  • the first server sends the read account context information to the context information server, and the context information server completes the matching authentication work of the context information, and if the matching is successful, determines that the context information of the account is legal information, and generates an account.
  • the legal access identification information is sent to the first server.
  • the first server implements verification of the context information of the account by receiving the legal access identifier information sent by the context information server.
  • step S207 of the present application after the third-party system receives the data access request sent by the first server, the third-party system forwards the data access request to the data source server, and the data access request is used to instruct the third-party system to request the data source. User data of the legal account stored.
  • the data source server accesses the first server or the context information server to query whether the legal access identification information of the account is available. For an account capable of querying the legal access identification information, the data source server determines that the data access request initiated by the account is a secure access request.
  • Step S209 The data source server returns data to be accessed by the data access request to the third party system.
  • step S209 of the present application after the data source server determines that the data access request is a secure access request, the data source server returns the data to be accessed by the data access request to the third party system.
  • the data source server implements the effect of determining whether the data access request is initiated by a legitimate account by querying whether the user has the legal access identification information of the account, and avoids the adverse consequences of the malicious account reading the user data by impersonating the legitimate account data access request.
  • the context information (Context information) of the above account can determine whether the third party system can obtain and can obtain the user data of multiple high privilege levels.
  • high-level data generally involves user privacy, such as user mobile phone number, home address, and even credit card information.
  • Low-level data is generally not classified, such as user nickname, user avatar information, etc., and generally can be classified according to user privacy level. . Since the context information corresponding to the account can verify whether the data access request initiated by the client account is initiated by a legitimate user, if not, the third party system cannot obtain the user data, thus effectively preventing the third party system from being hacked or artificially The reason is that the user data is maliciously read and written, and the security of the user data is greatly improved.
  • Step S2082 The data source server verifies whether the online information of the account is included in the context information
  • the first access data may include information corresponding to the second security level, for example, User's nickname information, user's avatar information, etc.
  • the risk status of the account can be divided into areas such as high security risk, suspected risk status, and trusted status.
  • Security risk status information can be generated by the login server.
  • the account security risk status information included in the account context information can enable the data source server to further control the degree of openness of the data.
  • the account is logged in to the client, and a login request is initiated to the login server.
  • the client can be a software product, such as a software such as a Taobao client or a Tmall client, or a mobile terminal device or a computer device.
  • the login server stores the account password information of the account and the complete context information of the account.
  • Taobao's sellers to implement order management functions. For example, when using a third-party system that provides order management functions, Taobao sellers first need to log in to Taobao client, Taobao seller account to login server, such as Taobao server, initiate login request, complete Taobao seller. Login of the account.
  • Step F The first server verifies whether the context information is carried in the data access request.
  • the first server verifies whether the data access request carries at least content that appears to be context information.
  • the order management function of the seller of Taobao is still implemented.
  • the data access request of the seller account received by the first server may be the punishment of the real Taobao seller by opening the order management platform, or may be a forged account. Pretending to be issued by the seller's account.
  • the first server does not know in advance whether the originating account of the received data access request is legitimate. Then, only the account that receives the login server returning context information may contain context information in the data access request it sends. At this time, the first server first verifies whether the data access request includes context information to determine the originating account of the data access request.
  • Step K Forward the data access request.
  • Step M The first server returns a legal access identifier information query result to the data source server.
  • Step S602 The client obtains context information of the account.
  • the foregoing steps provided by the present application may be implemented to determine whether an account initiating the data access request is a legitimate account by checking whether the received data access request carries context information and/or context information of the account. Judging from the kind of information contained in the above context information, the context information is data having non-fixed values and the hacker cannot steal characteristics. Therefore, it is highly credible to verify whether the account is legal based on the context information.
  • the solution of introducing the context checking mechanism in the present application can make the verification result of the account more accurate, and specifically, can effectively solve the problem that the user data is randomly accessed within the time allowed by the user authorization.
  • Step S6032 After the account is logged in to the client, a login request is initiated to the login server.
  • Step S6034 The client receives the context information returned by the login server, where the context information is a subset of the complete context information generated by the login server according to the login request.
  • step S6054 the specific step of verifying the context information of the account includes:
  • Step S60543 The first server generates legal access identification information of the account, where the legal access identification information is used to represent that the account that initiated the data access request is a legal account.
  • step S6054 the specific step of verifying the context information of the account includes:
  • the context information server matches the context information with the pre-existing local complete context information. If the matching is successful, the verification result is that the context information of the account is legal information.
  • the context information (Context information) of the above account can determine whether the third party system can obtain and can obtain the user data of multiple high privilege levels.
  • high-level data generally involves user privacy, such as user mobile phone number, home address, and even credit card information.
  • Low-level data is generally not classified, such as user nickname, user avatar information, etc., and generally can be classified according to user privacy level. . Since the context information corresponding to the account can verify whether the data access request initiated by the client account is initiated by a legitimate user, if not, the third party system cannot obtain the user data, thus effectively preventing the third party system from being hacked or artificially The reason is that the user data is maliciously read and written, and the security of the user data is greatly improved.
  • the step may further include: implementing, by the data source server, whether the context information includes the online information of the account; When the context information contains the online information of the account, the data source server executes to the third party. The step in which the system returns the data to be accessed by the data access request.
  • the security risk status information is information used to represent the current risk status of the account.
  • the second access data can only include information corresponding to the first risk state, for example, the user's nickname information, the user's avatar. Information, etc.
  • the second access data can include information corresponding to the second risk status, for example, the user's payment information, the user's mobile phone number, or User's address information, etc.
  • the first server After the current account (which may be a legitimate account or a fake account impersonates the legal account) sends a data access request to the first server, the first server will receive each received A data access request is verified, that is, the first server determines whether the data access request carries the account context information, and/or whether the context information can be verified, and when the verification of the data access request is passed, The first server allows the data access request to be sent to the third party system, and the third party system can access the data source according to the data access request.
  • the data source server determines, according to the context information included in the data access request, that the account that initiates the data access request is a secure access account, and the specific implementation steps of the data access request being a secure access request include: :
  • the first server checks each data access request received. , that is, the first server determines whether the data access request carries the account context information, and/or whether the context information can pass the verification; when the verification of the data access request passes, the first server allows the data access request to be sent to A third-party system, and then a third-party system, can access the data source based on the data access request.
  • the foregoing reading subunit 902, the matching subunit 904, and the generating subunit 906 correspond to the steps S402 to S406 in the first embodiment, and the examples and applications implemented by the three modules and corresponding steps.
  • the scene is the same, but is not limited to the content disclosed in the first embodiment.
  • the foregoing module may be implemented in the computer terminal 10 provided in the first embodiment as a part of the device, and may be implemented by software or by hardware.
  • the scene is the same, but is not limited to the content disclosed in the third embodiment above.
  • the foregoing module may be implemented in the computer terminal 10 provided in the third embodiment as a part of the device, and may be implemented by software or by using software. Hardware implementation.
  • the first server 143 is in communication with the client terminal 141, configured to transparently transmit the data access request after the authentication data access request includes the context information of the account, and/or the verification context information is the legal information;
  • the third-party system server 145 is in communication with the first server 143, and configured to receive a data access request transparently transmitted by the first server;
  • the data source server 147 is in communication with the third-party system server 145, and is configured to receive a data access request forwarded by the third-party system server, and determine, according to the context information included in the data access request, that the account that initiates the data access request is a secure access account.
  • the access data corresponding to the data access request is returned to the third-party system server.
  • the foregoing system may further include: a login server and a context information server.
  • the processor 51 may further execute the following step: the first server sends the context information to the context information server after determining that the data access request carries the context information; Receiving, by the server, the verification result of the context information by the context information server; if the verification result is that the context information of the account is legal information, the first server receives the location generated by the context information server The legal access identifier information of the account, wherein the legal access identifier information is used to represent the account of the initiated data access request as a legal account; wherein the context information server associates the context information with a pre-existing local The complete context information is matched, and if the matching is successful, the verification result is that the context information of the account is the legal information.
  • the processor 51 may further execute the following program code: the data source server generates corresponding second access data according to the security risk status information, and returns the second access data to the first Tripartite system.
  • the processor 51 may further execute the following program code: the first server does not include the context information of the account in determining the data access request, or the context information verification of the account fails. In case, the first server sends the data access request to the third-party system, or the first server prohibits sending the data access request to the third-party system, and sends an alarm message.
  • an access control scheme for user data is provided.
  • FIG. 15 is only for illustration, and the computer terminal can also be a smart phone (such as an Android mobile phone, an iOS mobile phone, etc.), a tablet computer, an applause computer, and a mobile Internet device (Mobile Internet Devices, MID). ), PAD and other terminal devices.
  • Fig. 15 does not limit the structure of the above electronic device.
  • computer terminal A may also include more or fewer components (such as a network interface, display device, etc.) than shown in FIG. 15, or have a different configuration than that shown in FIG.
  • the memory 53 can be used to store software programs and modules, such as the security vulnerability detection method and the program instruction/module corresponding to the device in the embodiment of the present application, and the processor 51 executes by executing the software program and the module stored in the memory 53.
  • Software programs and modules such as the security vulnerability detection method and the program instruction/module corresponding to the device in the embodiment of the present application
  • the processor 51 executes by executing the software program and the module stored in the memory 53.
  • Various functional applications and data processing that is, detection methods for implementing the aforementioned system vulnerability attacks.
  • Memory 53 may include high speed random access memory and may also include non-volatile memory such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory.
  • memory 53 may further include memory remotely located relative to processor 51, which may be connected to terminal A via a network. Examples of such networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.
  • the processor 51 may further execute the following program code: the first server receives an account initiated data access request; the first server verifies whether the data access request carries the context information of the account, and/or the context of the account The information is verified; the first server includes the context information of the account in determining the data access request, and/or allows the data access request to be sent to the third party system if the context information of the account is verified, so that the third party system A data access request accesses the data source.
  • the processor 51 may further execute the following program code: the data source server security risk status information generates the corresponding second access data, and returns the second access data to the third-party system.
  • the program is executed by instructing the terminal device-related hardware, and the program may be stored in a computer readable storage medium, and the storage medium may include: a flash disk, a read-only memory (ROM), a random access device ( Random Access Memory (RAM), disk or CD.
  • ROM read-only memory
  • RAM Random Access Memory
  • the memory 53 can be used to store software programs and modules, such as the security vulnerability detection method and the program instruction/module corresponding to the device in the embodiment of the present application, and the processor 51 executes by executing the software program and the module stored in the memory 53.
  • Software programs and modules such as the security vulnerability detection method and the program instruction/module corresponding to the device in the embodiment of the present application
  • the processor 51 executes by executing the software program and the module stored in the memory 53.
  • Various functional applications and data processing that is, detection methods for implementing the aforementioned system vulnerability attacks.
  • Memory 53 may include high speed random access memory and may also include non-volatile memory such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory.
  • memory 53 may further include memory remotely located relative to processor 51, which may be connected to terminal A via a network. Examples of such networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.
  • the memory 53 is configured to store preset action conditions and information of the preset rights user, and an application.
  • the processor 51 can call the information and the application stored by the memory 53 through the transmission device to perform the following steps: the third party system receives the data access request sent by the first server, wherein the data access request is an account initiated by the account. a request for context information; the third party system forwards the data access request to the data source server; the third party system receives the data to be accessed by the data access request returned by the data source server, wherein, when the data source server according to the context information included in the data access request, When the account that initiates the data access request is determined to be a secure access account, and the data access request is a secure access request, the third party system is allowed to access the data source according to the data access request.
  • the processor 51 may further execute the following program code: the first server forwards the received data access request to the third-party system, where the specific implementation step of sending the data access request to the first server includes: After logging in to the client, the login request is initiated to the login server; the client receives the context information returned by the login server, where the context information is a subset of the complete context information generated by the login server according to the login request; the client obtains the context information of the account; The client sends an account-triggered data access request to the first service. Server, wherein the data access request includes at least context information.
  • FIG. 15 is only for illustration, and the computer terminal can also be a smart phone (such as an Android mobile phone, an iOS mobile phone, etc.), a tablet computer, an applause computer, and a mobile Internet device (Mobile Internet Devices, MID). ), PAD and other terminal devices.
  • Fig. 15 does not limit the structure of the above electronic device.
  • computer terminal 15 may also include more or fewer components (such as a network interface, display device, etc.) than shown in FIG. 15, or have a different configuration than that shown in FIG.
  • the storage medium is further configured to store program code for: generating, by the data source server, corresponding first access data according to the security privacy level information, and returning the first access data to The third party system.
  • the storage medium is further configured to store program code for performing the following steps: the data source server generates the corresponding second access data by the security risk status information, and returns the second access data to the A third-party system.
  • the storage medium is configured to store program code for performing the following steps: the client obtains context information of the account; the client sends an account-triggered data access request to the first server, where the data The access request includes at least context information; the client receives the access data acquired by the first server according to the data access request; wherein the first server determines that the data access request includes context information of the account, and/or checks the context information of the account.
  • the data access request is allowed to be sent to the third party system, so that the third party system accesses the data source according to the data access request.
  • the storage medium is further configured to store program code for performing the following steps: the first server receives an account initiated data access request; the first server verifies whether the data access request carries context information of the account, and/or The context information of the account is verified; the first server includes the context information of the account in determining the data access request, and/or allows the data access request to be sent to the third party if the context information of the account is verified.
  • the system enables third-party systems to access data sources based on data access requests.
  • Embodiments of the present application also provide a storage medium.
  • the foregoing storage medium may be used to save the program code executed by the access control method of the user data provided in Embodiment 3 above.
  • the integrated unit if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium.
  • a computer readable storage medium A number of instructions are included to cause a computer device (which may be a personal computer, server or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present application.
  • the foregoing storage medium includes: a U disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk, and the like. .

Abstract

L'invention concerne un procédé, un appareil, et un système de commande d'accès pour des données utilisateur. Le procédé comprend les étapes suivantes : un premier serveur reçoit une demande d'accès aux données initiée par un compte ; le premier serveur vérifie si la demande d'accès aux données contient des informations de contexte du compte, et/ou vérifie les informations de contexte du compte ; et le premier serveur autorise l'envoi de la demande d'accès aux données à un système tiers lorsqu'il est déterminé que la demande d'accès aux données contient les informations de contexte du compte et/ou que la vérification des informations de contexte est concluante, de sorte que le système tiers accède à une source de données en réponse à la demande d'accès aux données. La présente invention résout le problème technique lié, dans l'état de la technique, au fait que la sécurité d'une source de données est faible car la sécurité d'un compte initiant un accès durant un processus au cours duquel un utilisateur accède à la source de données au moyen d'un système tiers est faible elle aussi.
PCT/CN2016/082162 2015-05-22 2016-05-16 Procédé, appareil, et système de contrôle d'accès pour des données utilisateur WO2016188335A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510267072.7A CN106302332B (zh) 2015-05-22 2015-05-22 用户数据的访问控制方法、装置及系统
CN201510267072.7 2015-05-22

Publications (1)

Publication Number Publication Date
WO2016188335A1 true WO2016188335A1 (fr) 2016-12-01

Family

ID=57392504

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/082162 WO2016188335A1 (fr) 2015-05-22 2016-05-16 Procédé, appareil, et système de contrôle d'accès pour des données utilisateur

Country Status (2)

Country Link
CN (1) CN106302332B (fr)
WO (1) WO2016188335A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112583777A (zh) * 2019-09-30 2021-03-30 北京国双科技有限公司 用户登录的实现方法及装置

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106961435B (zh) * 2017-03-22 2019-12-13 北京深思数盾科技股份有限公司 一种访问保护方法和系统
CN107908538A (zh) * 2017-12-12 2018-04-13 郑州云海信息技术有限公司 一种服务器系统性能的自动化测试方法及系统
CN109165353A (zh) * 2018-09-25 2019-01-08 安徽灵图壹智能科技有限公司 一种基于区块链的租房信息检索方法及系统
CN109753778A (zh) * 2018-12-30 2019-05-14 北京城市网邻信息技术有限公司 用户的审核方法、装置、设备及存储介质
CN110049031B (zh) * 2019-04-08 2021-05-18 厦门网宿有限公司 一种接口安全认证方法及服务器、认证中心服务器
CN112448921A (zh) * 2019-08-30 2021-03-05 华为技术有限公司 检测后门的方法和装置
CN111475523A (zh) * 2020-04-10 2020-07-31 得到(天津)文化传播有限公司 请求响应方法、装置、设备和存储介质

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080134305A1 (en) * 2005-12-16 2008-06-05 Hinton Heather M Method and system for extending authentication methods
CN103297437A (zh) * 2013-06-20 2013-09-11 中国软件与技术服务股份有限公司 一种移动智能终端安全访问服务器的方法
CN104518876A (zh) * 2013-09-29 2015-04-15 腾讯科技(深圳)有限公司 服务登录方法及装置

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8850554B2 (en) * 2010-02-17 2014-09-30 Nokia Corporation Method and apparatus for providing an authentication context-based session
CN102724647B (zh) * 2012-06-06 2014-08-13 电子科技大学 一种能力访问授权方法及系统
US9245144B2 (en) * 2012-09-27 2016-01-26 Intel Corporation Secure data container for web applications

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080134305A1 (en) * 2005-12-16 2008-06-05 Hinton Heather M Method and system for extending authentication methods
CN103297437A (zh) * 2013-06-20 2013-09-11 中国软件与技术服务股份有限公司 一种移动智能终端安全访问服务器的方法
CN104518876A (zh) * 2013-09-29 2015-04-15 腾讯科技(深圳)有限公司 服务登录方法及装置

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112583777A (zh) * 2019-09-30 2021-03-30 北京国双科技有限公司 用户登录的实现方法及装置
CN112583777B (zh) * 2019-09-30 2023-04-18 北京国双科技有限公司 用户登录的实现方法及装置

Also Published As

Publication number Publication date
CN106302332A (zh) 2017-01-04
CN106302332B (zh) 2019-10-15

Similar Documents

Publication Publication Date Title
JP6701364B2 (ja) パスワードなしのコンピュータログインのサービス支援モバイルペアリングのためのシステム及び方法
US20190281028A1 (en) System and method for decentralized authentication using a distributed transaction-based state machine
WO2016188335A1 (fr) Procédé, appareil, et système de contrôle d'accès pour des données utilisateur
CN101227468B (zh) 用于认证用户到网络的方法、设备和系统
US9628282B2 (en) Universal anonymous cross-site authentication
US9197420B2 (en) Using information in a digital certificate to authenticate a network of a wireless access point
JP2019531567A (ja) 装置認証のシステム及び方法
CN114679293A (zh) 基于零信任安全的访问控制方法、设备及存储介质
WO2017036310A1 (fr) Procédé et dispositif de mise à jour d'informations d'authentification
US20120324545A1 (en) Automated security privilege setting for remote system users
JP2017521934A (ja) クライアントとサーバとの間の相互検証の方法
US11409861B2 (en) Passwordless authentication
CN112989426B (zh) 授权认证方法及装置、资源访问令牌的获取方法
US20210399897A1 (en) Protection of online applications and webpages using a blockchain
US10834074B2 (en) Phishing attack prevention for OAuth applications
US11533625B2 (en) Authentication method and network device
Luvanda et al. Identifying threats associated with man-in-the middle attacks during communications between a mobile device and the back end server in mobile banking applications
CN106576050B (zh) 三层安全和计算架构
US10693873B2 (en) Securing remote authentication
Binu et al. A mobile based remote user authentication scheme without verifier table for cloud based services
US20220353081A1 (en) User authentication techniques across applications on a user device
CN114978544A (zh) 一种访问认证方法、装置、系统、电子设备及介质
CN108574657B (zh) 接入服务器的方法、装置、系统以及计算设备和服务器
Rivers et al. A Study on Cyber Attacks and Vulnerabilities in Mobile Payment Applications
TWI778319B (zh) 跨平台授權存取資源方法及授權存取系統

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16799224

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16799224

Country of ref document: EP

Kind code of ref document: A1