WO2020102974A1 - Procédé d'accès à des données, système d'accès à des données et terminal mobile - Google Patents

Procédé d'accès à des données, système d'accès à des données et terminal mobile

Info

Publication number
WO2020102974A1
WO2020102974A1 PCT/CN2018/116434 CN2018116434W WO2020102974A1 WO 2020102974 A1 WO2020102974 A1 WO 2020102974A1 CN 2018116434 W CN2018116434 W CN 2018116434W WO 2020102974 A1 WO2020102974 A1 WO 2020102974A1
Authority
WO
WIPO (PCT)
Prior art keywords
metadata
check value
access token
data access
clear text
Prior art date
Application number
PCT/CN2018/116434
Other languages
English (en)
Chinese (zh)
Inventor
杨阳
郑忠
Original Assignee
深圳市欢太科技有限公司
Oppo广东移动通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市欢太科技有限公司, Oppo广东移动通信有限公司 filed Critical 深圳市欢太科技有限公司
Priority to PCT/CN2018/116434 priority Critical patent/WO2020102974A1/fr
Priority to CN201880098468.5A priority patent/CN112823503B/zh
Publication of WO2020102974A1 publication Critical patent/WO2020102974A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present application belongs to the field of information processing technology, and particularly relates to a data access method, a data access device, a mobile terminal, and a computer-readable storage medium.
  • the open authentication application program interface (OAuth, An open protocol to allow secure API authorization) in a simple and standard method from desktop applications and web application standards is a third-party application program interface (API) authentication authorization access protocol.
  • API application program interface
  • This application provides a data access method, a data access device, a mobile terminal, and a computer-readable storage medium, which can improve the security of private information transmission.
  • the first aspect of the present application provides a data access method, including:
  • the data access request includes first metadata and an encrypted access token, and the access token includes second metadata;
  • the data access request further includes a key used to encrypt the access token after being encrypted using a public key
  • the decrypting the encrypted access token includes:
  • the encrypted access token is decrypted according to the decrypted key.
  • the second metadata includes a second clear text check value, and then if the encrypted access token is successfully decrypted, the access order is obtained
  • the second metadata included in the card is:
  • the selection of whether to respond to the data access request according to the second metadata and the first metadata is specifically:
  • the second metadata included in the access token is specifically:
  • the data access method further includes:
  • the selection of whether to respond to the data access request according to the second metadata and the first metadata is specifically: :
  • the terminal identifier is a legal terminal identifier
  • a clear text verification value is the same, and in response to the data access request, if the second clear text verification value is different from the first clear text verification value, the data access request is identified as illegal access.
  • the second metadata further includes a second ciphertext verification value
  • the data access request includes the subject ciphertext
  • responding to the data access request is specifically:
  • the second clear text check value is the same as the first clear text check value, compare the first cipher text check value corresponding to the subject cipher text with the second cipher text check value, The first ciphertext verification value is the same as the second ciphertext verification value, and responds to the data access request.
  • the second metadata further includes a second timestamp, then if the encrypted access order is successfully decrypted Card, and obtaining the second metadata included in the access token is specifically:
  • responding to the data access request is specifically:
  • the second clear text check value is the same as the first clear text check value, obtain the first time stamp of the server itself, and if the difference between the second time stamp and the first time stamp is less than or equal to The preset time difference value responds to the data access request.
  • the data access method further includes:
  • the second metadata further includes a second time stamp and a second ciphertext verification value, and the data access request Including the main body ciphertext, if the encrypted access token is successfully decrypted, acquiring the second metadata included in the access token is specifically:
  • responding to the data access request is specifically:
  • the second clear text check value is the same as the first clear text check value, obtain the first time stamp of the server itself, and if the difference between the second time stamp and the first time stamp is less than or equal to Preset a time difference, compare the first ciphertext check value corresponding to the subject ciphertext with the second ciphertext check value, if the first ciphertext check value and the second ciphertext The verification value is the same and responds to the data access request.
  • the second aspect of the present application provides a data access device, including:
  • a first data access request receiving unit configured to receive a data access request, where the data access request includes first metadata and an encrypted access token, and the access token includes second metadata;
  • An access token decryption unit used to decrypt the encrypted access token
  • a second metadata acquisition unit for acquiring the second metadata included in the access token if the encrypted access token is successfully decrypted
  • a third aspect of the present application provides a mobile terminal, including a memory, a processor, and a computer program stored in the memory and executable on the processor.
  • the processor implements the computer program as follows step:
  • the data access request further includes a key used to encrypt the access token after being encrypted using a public key, and correspondingly, the decrypting the encryption Later access tokens include:
  • the encrypted access token is decrypted according to the decrypted key.
  • the latest public key private key pair in the system is obtained, And return the public key in the public key private key pair to the client.
  • the second metadata includes a second clear text check value, and if the encrypted access token is successfully decrypted, the access token is obtained
  • the included second metadata is specifically:
  • the selection of whether to respond to the data access request according to the second metadata and the first metadata is specifically:
  • the second metadata includes a terminal identification, and if the encrypted access token is successfully decrypted, the The second metadata included in the access token is specifically:
  • the selection of whether to respond to the data access request according to the second metadata and the first metadata specifically includes:
  • the terminal identifier is a legal terminal identifier
  • a clear text verification value is the same, and in response to the data access request, if the second clear text verification value is different from the first clear text verification value, the data access request is identified as illegal access.
  • the second metadata further includes a second ciphertext verification value, and the data access request includes the subject ciphertext, then If the encrypted access token is successfully decrypted, obtaining the second metadata included in the access token is specifically:
  • the second clear text check value is the same as the first clear text check value, compare the first cipher text check value corresponding to the subject cipher text with the second cipher text check value, if the The first ciphertext verification value is the same as the second ciphertext verification value, and responds to the data access request.
  • the second metadata further includes a second time stamp, and then if the encrypted access token is successfully decrypted , Obtaining the second metadata included in the access token is specifically:
  • responding to the data access request is specifically:
  • the second clear text check value is the same as the first clear text check value, obtain the first time stamp of the server itself, and if the difference between the second time stamp and the first time stamp is less than or equal to The preset time difference value responds to the data access request.
  • a fourth aspect of the present application provides a computer-readable storage medium that stores a computer program, and when the computer program is executed by a processor, implements the steps of the data access method.
  • FIG. 1 is a schematic flowchart of a data access method according to Embodiment 1 of the present application
  • FIG. 2 is a schematic flowchart of another data access method according to Embodiment 2 of the present application.
  • FIG. 3 is a schematic structural diagram of a data access device according to Embodiment 3 of the present application.
  • FIG. 4 is a schematic structural diagram of another data access device according to Embodiment 4 of the present application.
  • FIG. 5 is a schematic diagram of a mobile terminal provided in Embodiment 5 of the present application.
  • the data access method in the embodiment of the present application includes:
  • Step S11 Receive a data access request, where the data access request includes first metadata and an encrypted access token, and the access token includes second metadata;
  • the client constructs the access token according to the second metadata.
  • the second metadata is constructed based on the first metadata.
  • the second metadata may be constructed based on part or all of the first metadata.
  • the first metadata may be metadata corresponding to plain text or metadata corresponding to cipher text, and the first metadata may be selected to be transmitted in plain text.
  • the data access request includes a key used to encrypt the access token.
  • the access token needs to be encrypted before transmission, for example, using a symmetric encryption algorithm to encrypt,
  • Step S12 decrypt the encrypted access token
  • Step S13 If the encrypted access token is successfully decrypted, obtain the second metadata included in the access token;
  • the encrypted access token can be successfully decrypted.
  • Step S14 Select whether to respond to the data access request according to the second metadata and the first metadata.
  • the second metadata and the first metadata include information of the same attribute, for example, if both the second metadata and the first metadata include a check value, then select whether the check value is the same In response to the data access request, if the verification values are the same, it responds to the data access request, such as feeding back data corresponding to the data access request to the client. Otherwise, it does not respond to the data access request.
  • the public key is used to encrypt the key used to encrypt the access token, as shown in Figure 2 As shown:
  • Step S22 using a preset private key to decrypt the key used to encrypt the access token after being encrypted using the public key;
  • a decryption algorithm used to decrypt the access token and a private key used to decrypt the encrypted key used to encrypt the access token are set.
  • the server decrypts the key used to encrypt the access token after being encrypted by the public key according to the private key. If the client's public key is correct, the server can decrypt the key used to encrypt the access token based on the preset private key.
  • step S23 if the key used to encrypt the access token is decrypted, the encrypted access token is decrypted according to the decrypted key.
  • Step S24 If the encrypted access token is successfully decrypted, obtain the second metadata included in the access token;
  • Step S25 Select whether to respond to the data access request according to the second metadata and the first metadata.
  • step S24 and step S25 are the same as step S13 and step S14 of the first embodiment, and will not be repeated here.
  • the client in order to improve the success rate of decrypting the key, if the key used to encrypt the access token is not decrypted, the latest public key private key pair in the system is obtained, and the public key The public key in the private key pair is returned to the client.
  • the client here refers to a legitimate client recorded by the server, which is not necessarily the client that sends the current data access request, so as to avoid sending the public key to the illegal client.
  • the second metadata includes a second clear text check value
  • the step S13 is specifically:
  • step S14 (or step S25) is specifically:
  • the first clear text check value can be directly in the first metadata, that is, the first clear text check value can be sent by sending the first metadata; in addition, the first clear text check value can also be determined by subsequent calculations For example, when the first metadata includes only plaintext metadata, after receiving the plaintext metadata, the server calculates the first plaintext check value corresponding to the first metadata according to the plaintext metadata.
  • the second metadata includes the second terminal identifier, then the step S13 (or step S24) is specifically:
  • the data access method further includes:
  • the terminal identifier corresponding to the client that sends the data access request is obtained. If the terminal identifier corresponding to the obtained client is the same as the terminal identifier obtained from the access token, it is determined that the terminal identifier is a legal terminal identifier, otherwise, It is determined that the terminal identification is an illegal terminal identification. Or, the server pre-stores a legal terminal ID, if the terminal ID obtained from the access token is the same as any stored terminal ID, the terminal ID is determined to be a legal terminal ID, otherwise, the terminal ID is determined to be illegal Terminal identification.
  • the second plaintext check value is further compared with the first plaintext check value corresponding to the first metadata, and if the second plain text check value is The first clear text verification value is the same, and in response to the data access request, if the second clear text verification value is different from the first clear text verification value, the data access request is identified as illegal access. Judging whether to respond to the data access request by the terminal identification and the clear text verification value can further improve the accuracy of the judgment result, and thus can ensure the security of the client's private data.
  • the terminal identification after verifying that the terminal identification is a legal terminal identification, it is verified whether the frequency of client access corresponding to the terminal identification is legal.
  • the corresponding access current limit if legal, compares the second clear text check value with the first clear text check value corresponding to the first metadata, if the second clear text check value is equal to the first clear text
  • the verification value is the same, and in response to the data access request, if the second plaintext verification value is different from the first plaintext verification value, the data access request is identified as illegal access.
  • the second metadata further includes a second ciphertext verification value
  • the data access request includes the subject ciphertext
  • the second clear text verification value may also be acquired.
  • the second clear text check value is the same as the first clear text check value, compare the first cipher text check value corresponding to the subject cipher text with the second cipher text check value, if the The first ciphertext verification value is the same as the second ciphertext verification value, and responds to the data access request.
  • the data access request is identified as illegal access.
  • step S13 is specifically:
  • the terminal identifier is a legal terminal identifier
  • a plaintext check value is the same
  • the text verification value is the same and responds to the data access request.
  • the validity time of the access token can be set, and the validity time is reflected by the second time stamp.
  • the second metadata includes a second time stamp, and the step S13 (or step S24) is specifically:
  • responding to the data access request is specifically:
  • the second clear text check value is the same as the first clear text check value, obtain the first time stamp of the server itself, and if the difference between the second time stamp and the first time stamp is less than or equal to The preset time difference value responds to the data access request.
  • the data access method further includes:
  • the second metadata further includes a second timestamp and a second ciphertext verification value
  • the data access request includes the subject ciphertext
  • the second clear text check value is the same as the first clear text check value, obtain the first time stamp of the server itself, and if the difference between the second time stamp and the first time stamp is less than or equal to Preset a time difference, compare the first ciphertext check value corresponding to the subject ciphertext with the second ciphertext check value, if the first ciphertext check value and the second ciphertext The verification value is the same and responds to the data access request.
  • the encrypted access token If the encrypted access token is successfully decrypted, obtain the terminal identifier, second time stamp, second clear text check value, and second cipher text check value included in the access token;
  • the terminal identification is a legal terminal identification
  • obtain the first time stamp of the service party itself and if the difference between the second time stamp and the first time stamp is less than or equal to a preset time difference, the The second clear text check value is compared with the first clear text check value corresponding to the first metadata, and if the second clear text check value is the same as the first clear text check value, the subject cipher text is mapped Compares the first ciphertext verification value with the second ciphertext verification value, and responds to the data access request if the first ciphertext verification value is the same as the second ciphertext verification value.
  • step S13 is specifically as follows:
  • the encrypted access token If the encrypted access token is successfully decrypted, obtain the terminal identifier, second time stamp, second clear text check value, and second cipher text check value included in the access token;
  • the second metadata is constructed based on the first metadata.
  • the second metadata may be constructed based on part or all of the first metadata.
  • the first metadata may be metadata corresponding to plain text or metadata corresponding to cipher text, and the first metadata may optionally be transmitted in plain text.
  • the data access request includes a key used to encrypt the access token.
  • the access token decryption unit 32 is used to decrypt the encrypted access token
  • the second metadata obtaining unit 33 is configured to obtain the second metadata included in the access token if the encrypted access token is successfully decrypted;
  • the server since the data access request includes the encrypted access token, the server will only choose whether to respond to the received after decrypting the access token and comparing the second metadata with the first metadata
  • the data access request that is, due to the addition of a selection process, can ensure the security of the client's private information without requiring the client's key.
  • the fourth embodiment of the present application provides another data access device.
  • the above data access device may be integrated into a mobile terminal.
  • the data access device 4 in the embodiment of the present application includes:
  • the data access request receiving unit 41 is configured to receive a data access request including first metadata, an encrypted access token, and a public key to encrypt the key used to encrypt the access token,
  • the access token includes second metadata;
  • the key decryption unit 42 is used to decrypt the key used to encrypt the access token after being encrypted using the public key by using a preset private key;
  • the access token decrypting unit 43 is configured to decrypt the encrypted access token according to the decrypted key if the key used to encrypt the access token is decrypted.
  • the second metadata obtaining unit 44 is configured to obtain second metadata included in the access token if the encrypted access token is successfully decrypted;
  • the data access request selection response unit 45 is configured to select whether to respond to the data access request based on the second metadata and the first metadata.
  • the data access device 4 in order to increase the success rate of decrypting the key, further includes:
  • the public key sending unit is used to obtain the latest public key private key pair in the system if the key used to encrypt the access token is not decrypted, and return the public key in the public key private key pair to the customer end.
  • the client here refers to a legitimate client recorded by the server, which is not necessarily the client that sends the current data access request, so as to avoid sending the public key to the illegal client.
  • the second metadata includes a second clear text check value
  • the second metadata acquisition unit 44 is specifically configured to:
  • the data access request selection response unit 45 is specifically used for:
  • the second metadata includes the second terminal identification, and the second metadata acquisition unit 44 is specifically configured to:
  • the data access device 4 further includes:
  • the terminal identifier is a legal judgment unit, which is used to judge whether the terminal identifier is a legal terminal identifier, and mark the data access request as illegal access when the terminal identifier is an illegal terminal identifier.
  • the data access request selection response unit 45 is executed, and the data access request selection response unit 45 is specifically used to:
  • the data access device 4 further includes: an access frequency legality judgment unit, configured to verify that the terminal ID corresponds to the terminal ID after verifying that the terminal ID is a legal terminal ID Whether the access frequency of the client is legal, and if not, the access limit corresponding to this data access request is limited. If it is legal, the data access request selection response unit 45 is executed, and the data access request selection response unit 45 is specifically used to:
  • the second metadata further includes a second ciphertext verification value
  • the data access request includes the subject ciphertext
  • the second metadata acquisition unit 44 is specifically configured to:
  • the data access request selection response unit 45 is specifically used for:
  • the data access request is identified as illegal access.
  • the second metadata obtaining unit 44 is specifically configured to:
  • the data access device 4 further includes:
  • Whether the terminal identification is legal judgment unit is used to determine whether the terminal identification is a legal terminal identification, and when the terminal identification is an illegal terminal identification, identify the data access request as illegal access;
  • the data access request selection response unit 45 is specifically configured to: if the terminal identification is a legal terminal identification, verify the second clear text check value and the first clear text check corresponding to the first metadata Value comparison, if the second clear text check value is the same as the first clear text check value, compare the first cipher text check value corresponding to the subject cipher text with the second cipher text check value, If the first ciphertext verification value is the same as the second ciphertext verification value, respond to the data access request.
  • the validity time of the access token can be set, and the validity time is reflected by the second time stamp.
  • the second metadata includes a second timestamp, and the second metadata acquisition unit 44 is specifically configured to:
  • the data access request selection response unit 45 is specifically used for:
  • the server itself is obtained
  • the first timestamp if the difference between the second timestamp and the first timestamp is less than or equal to a preset time difference, respond to the data access request.
  • the second metadata further includes a second timestamp and a second ciphertext verification value, and the data access request includes the subject ciphertext, then the second metadata acquisition unit 44 is specifically configured to :
  • the server itself is obtained
  • the first timestamp if the difference between the second timestamp and the first timestamp is less than or equal to a preset time difference, the first ciphertext check value corresponding to the subject ciphertext is The second ciphertext verification value is compared, and if the first ciphertext verification value is the same as the second ciphertext verification value, respond to the data access request.
  • the second metadata acquisition unit 44 is specifically used to:
  • Whether the terminal identification is legal judgment unit is used to determine whether the terminal identification is a legal terminal identification, and when the terminal identification is an illegal terminal identification, identify the data access request as illegal access;
  • the data access request selection response unit 45 is specifically configured to: if the terminal identification is a legal terminal identification, acquire the first time stamp of the service party itself, and if the difference between the second time stamp and the first time stamp is If the value is less than or equal to the preset time difference, compare the second clear text check value with the first clear text check value corresponding to the first metadata, if the second clear text check value is equal to the first
  • the plain text check value is the same, and the first cipher text check value corresponding to the subject cipher text is compared with the second cipher text check value, if the first cipher text check value is the second cipher text
  • the verification value is the same and responds to the data access request.
  • the second metadata acquisition unit 44 is specifically used to:
  • the encrypted access token If the encrypted access token is successfully decrypted, obtain the terminal identifier, second time stamp, second clear text check value, and second cipher text check value included in the access token;
  • the data access device 4 further includes:
  • Whether the terminal identification is legal judgment unit is used to determine whether the terminal identification is a legal terminal identification, and when the terminal identification is an illegal terminal identification, identify the data access request as illegal access;
  • the terminal ID is a legal terminal ID
  • verify whether the client's access frequency corresponding to the terminal ID is legal and if the client's access frequency corresponding to the terminal ID is legal, obtain the first time stamp of the server itself.
  • the difference between the second time stamp and the first time stamp is less than or equal to a preset time difference, and the second clear text check value is compared with the first clear text check value corresponding to the first metadata, If the second clear text check value is the same as the first clear text check value, compare the first cipher text check value corresponding to the subject cipher text with the second cipher text check value, if the The first ciphertext verification value is the same as the second ciphertext verification value, and responds to the data access request.
  • the mobile terminal in the embodiment of the present application includes: a memory 501, one or more processors 502 (only one is shown in FIG. 5) and stored in the memory 501 A computer program that can be run on a processor.
  • the memory 501 is used to store software programs and modules.
  • the processor 502 executes various functional applications and data processing by running the software programs and units stored in the memory 501 to obtain resources corresponding to the preset events. Specifically, the processor 502 implements the following steps by running the above computer program stored in the memory 501:
  • the data access request includes first metadata and an encrypted access token, and the access token includes second metadata;
  • the data access request further includes a public key for encryption The key of the access token
  • the decrypting the encrypted access token includes:
  • the encrypted access token is decrypted according to the decrypted key.
  • the processor 502 further implements the following steps when running the above-mentioned computer program stored in the memory 501:
  • the key used to encrypt the access token is not decrypted, the latest public key private key pair in the system is obtained, and the public key in the public key private key pair is returned to the client.
  • the second metadata includes a second clear text check value, then if the encrypted access order is successfully decrypted Card, and obtaining the second metadata included in the access token is specifically:
  • the selection of whether to respond to the data access request according to the second metadata and the first metadata is specifically:
  • the second metadata includes a terminal identification, then if the encrypted access token is successfully decrypted, the The second metadata included in the access token is specifically:
  • the selection of whether to respond to the data access request according to the second metadata and the first metadata is specifically:
  • responding to the data access request is specifically:
  • the second clear text check value is the same as the first clear text check value, compare the first cipher text check value corresponding to the subject cipher text with the second cipher text check value, if the The first ciphertext verification value is the same as the second ciphertext verification value, and responds to the data access request.
  • the second metadata further includes a second timestamp, if the encrypted access token is successfully decrypted , Obtaining the second metadata included in the access token is specifically:
  • the processor 502 further implements the following steps when running the above computer program stored in the memory 501:
  • the second clear text check value is the same as the first clear text check value, obtain the first time stamp of the server itself, and if the difference between the second time stamp and the first time stamp is less than or equal to Preset a time difference, compare the first ciphertext check value corresponding to the subject ciphertext with the second ciphertext check value, if the first ciphertext check value and the second ciphertext The verification value is the same and responds to the data access request.
  • the above mobile terminal may further include: one or more input devices 503 (only one is shown in FIG. 5) and one or more output devices 504 (only one is shown in FIG. 5).
  • the memory 501, the processor 502, the input device 503, and the output device 504 are connected through a bus 505.
  • the so-called processor 502 may be a central processing unit (Central Processing Unit, CPU), and the processor may also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP) , Application Specific Integrated Circuit (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • the general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
  • the input device 503 may include a keyboard, a touchpad, a fingerprint sensor (for collecting user's fingerprint information and fingerprint direction information), a microphone, etc.
  • the output device 504 may include a display, a speaker, and the like.
  • the memory 501 may include a read-only memory and a random access memory, and provide instructions and data to the processor 502. Part or all of the memory 501 may also include non-volatile random access memory. For example, the memory 501 may also store device type information.
  • each functional unit and module is used as an example for illustration.
  • the above-mentioned functions may be allocated by different functional units
  • Module completion means that the internal structure of the above device is divided into different functional units or modules to complete all or part of the functions described above.
  • the functional units and modules in the embodiments may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the above integrated unit may use hardware It can also be implemented in the form of software functional units.
  • the specific names of each functional unit and module are only for the purpose of distinguishing each other, and are not used to limit the protection scope of the present application.
  • the disclosed device and method may be implemented in other ways.
  • the system embodiments described above are only schematic.
  • the division of the above-mentioned modules or units is only a division of logical functions.
  • there may be other divisions for example, multiple units or components may be combined Or it can be integrated into another system, or some features can be ignored or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place or may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
  • the above integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a computer-readable storage medium.
  • the present application can implement all or part of the processes in the methods of the above embodiments, and can also be completed by instructing relevant hardware through a computer program.
  • the above computer program can be stored in a computer-readable storage medium, and the computer program When executed by the processor, the steps of the foregoing method embodiments may be implemented.
  • the above-mentioned computer program includes computer program code, and the above-mentioned computer program code may be in the form of source code, object code, executable file or some intermediate form.
  • the above-mentioned computer-readable storage medium may include: any entity or device capable of carrying the above-mentioned computer program code, recording medium, U disk, removable hard disk, magnetic disk, optical disk, computer-readable memory, read-only memory (ROM, Read-Only Memory) ), Random Access Memory (RAM, Random Access Memory), electrical carrier signals, telecommunications signals and software distribution media, etc.
  • ROM Read-Only Memory
  • RAM Random Access Memory
  • electrical carrier signals telecommunications signals and software distribution media, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé d'accès à des données, un terminal mobile, et un support de stockage lisible par ordinateur. Le procédé d'accès à des données consiste à : recevoir une demande d'accès à des données, la demande d'accès à des données comprenant des premières métadonnées et un jeton d'accès chiffré, le jeton d'accès comprenant des secondes métadonnées (S11) ; décrypter ledit jeton d'accès (S12) ; si ledit jeton d'accès est déchiffré avec succès, obtenir les secondes métadonnées comprises dans le jeton d'accès (S13) ; et sélectionner, selon les secondes métadonnées et les premières métadonnées, s'il faut répondre à la demande d'accès à des données (S14). Le procédé selon l'invention permet d'assurer la sécurité des informations privées d'un client.
PCT/CN2018/116434 2018-11-20 2018-11-20 Procédé d'accès à des données, système d'accès à des données et terminal mobile WO2020102974A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2018/116434 WO2020102974A1 (fr) 2018-11-20 2018-11-20 Procédé d'accès à des données, système d'accès à des données et terminal mobile
CN201880098468.5A CN112823503B (zh) 2018-11-20 2018-11-20 一种数据访问方法、数据访问装置及移动终端

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2018/116434 WO2020102974A1 (fr) 2018-11-20 2018-11-20 Procédé d'accès à des données, système d'accès à des données et terminal mobile

Publications (1)

Publication Number Publication Date
WO2020102974A1 true WO2020102974A1 (fr) 2020-05-28

Family

ID=70773102

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/116434 WO2020102974A1 (fr) 2018-11-20 2018-11-20 Procédé d'accès à des données, système d'accès à des données et terminal mobile

Country Status (2)

Country Link
CN (1) CN112823503B (fr)
WO (1) WO2020102974A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113609504A (zh) * 2021-08-11 2021-11-05 珠海格力电器股份有限公司 一种数据处理方法、装置、系统、电子设备及存储介质
CN115292697A (zh) * 2022-10-10 2022-11-04 北京安帝科技有限公司 一种基于入侵行为分析的内存保护方法及装置
CN115459929A (zh) * 2022-09-06 2022-12-09 中国建设银行股份有限公司 安全验证方法、装置、电子设备、系统、介质和产品
CN115842679A (zh) * 2022-12-30 2023-03-24 江西曼荼罗软件有限公司 一种基于数字信封技术的数据传输方法及系统
CN117579403A (zh) * 2024-01-17 2024-02-20 永鼎行远(南京)信息科技有限公司 一种可信应用接入的装置

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116701006A (zh) * 2022-02-28 2023-09-05 华为技术有限公司 一种组件通信方法及计算设备

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104113552A (zh) * 2014-07-28 2014-10-22 百度在线网络技术(北京)有限公司 一种平台授权方法、平台服务端及应用客户端和系统
CN105429978A (zh) * 2015-11-13 2016-03-23 中国建设银行股份有限公司 数据访问方法、设备及系统
US20160359629A1 (en) * 2015-02-05 2016-12-08 Apple Inc. Relay service for communication between controllers and accessories
CN107979590A (zh) * 2017-11-02 2018-05-01 财付通支付科技有限公司 数据共享方法、客户端、服务器、计算设备及存储介质

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105187389B (zh) * 2015-08-07 2019-01-04 北京思特奇信息技术股份有限公司 一种基于数字混淆加密的网页访问方法及系统
CN106230838A (zh) * 2016-08-04 2016-12-14 中国银联股份有限公司 一种第三方应用访问资源的方法和装置
CN108259437B (zh) * 2016-12-29 2021-06-04 北京神州泰岳软件股份有限公司 一种http访问方法、http服务器和系统
CN108243188B (zh) * 2017-12-29 2021-05-07 苏州朗润创新知识产权运营有限公司 一种接口访问、接口调用和接口验证处理方法及装置
CN108494740B (zh) * 2018-03-01 2021-08-24 捷开通讯(深圳)有限公司 令牌生成和校验方法、智能终端及服务器
CN108471432B (zh) * 2018-07-11 2020-09-11 北京智芯微电子科技有限公司 防止网络应用程序接口被恶意攻击的方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104113552A (zh) * 2014-07-28 2014-10-22 百度在线网络技术(北京)有限公司 一种平台授权方法、平台服务端及应用客户端和系统
US20160359629A1 (en) * 2015-02-05 2016-12-08 Apple Inc. Relay service for communication between controllers and accessories
CN105429978A (zh) * 2015-11-13 2016-03-23 中国建设银行股份有限公司 数据访问方法、设备及系统
CN107979590A (zh) * 2017-11-02 2018-05-01 财付通支付科技有限公司 数据共享方法、客户端、服务器、计算设备及存储介质

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113609504A (zh) * 2021-08-11 2021-11-05 珠海格力电器股份有限公司 一种数据处理方法、装置、系统、电子设备及存储介质
CN113609504B (zh) * 2021-08-11 2024-05-07 珠海格力电器股份有限公司 一种数据处理方法、装置、系统、电子设备及存储介质
CN115459929A (zh) * 2022-09-06 2022-12-09 中国建设银行股份有限公司 安全验证方法、装置、电子设备、系统、介质和产品
CN115459929B (zh) * 2022-09-06 2024-05-10 中国建设银行股份有限公司 安全验证方法、装置、电子设备、系统、介质和产品
CN115292697A (zh) * 2022-10-10 2022-11-04 北京安帝科技有限公司 一种基于入侵行为分析的内存保护方法及装置
CN115842679A (zh) * 2022-12-30 2023-03-24 江西曼荼罗软件有限公司 一种基于数字信封技术的数据传输方法及系统
CN117579403A (zh) * 2024-01-17 2024-02-20 永鼎行远(南京)信息科技有限公司 一种可信应用接入的装置
CN117579403B (zh) * 2024-01-17 2024-03-29 永鼎行远(南京)信息科技有限公司 一种可信应用接入的装置

Also Published As

Publication number Publication date
CN112823503B (zh) 2022-08-16
CN112823503A (zh) 2021-05-18

Similar Documents

Publication Publication Date Title
WO2020102974A1 (fr) Procédé d'accès à des données, système d'accès à des données et terminal mobile
US20210367795A1 (en) Identity-Linked Authentication Through A User Certificate System
CN108965230B (zh) 一种安全通信方法、系统及终端设备
US9197420B2 (en) Using information in a digital certificate to authenticate a network of a wireless access point
CN108737106B (zh) 区块链系统上用户验证方法、装置、终端设备及存储介质
US20160080157A1 (en) Network authentication method for secure electronic transactions
WO2019109097A1 (fr) Traitement d'une demande de document de vérification d'identité utilisant un système de certification d'utilisateur et une base de documents d'identité d'utilisateur
JP2005102163A (ja) 機器認証システム、機器認証サーバ、端末機器、機器認証方法、機器認証プログラム、及び記憶媒体
US20100228982A1 (en) Fast-reconnection of negotiable authentication network clients
CN110958209B (zh) 基于共享密钥的双向认证方法及系统、终端
CN103546289A (zh) 一种基于USBKey的安全传输数据的方法及系统
US10439809B2 (en) Method and apparatus for managing application identifier
US20230284027A1 (en) Method for establishing communication channel, and user terminal
CN112766962A (zh) 证书的接收、发送方法及交易系统、存储介质、电子装置
WO2020057314A1 (fr) Procédé, dispositif et système permettant d'émettre un certificat d'esim en ligne
WO2021036511A1 (fr) Procédé de lecture, stockage et chiffrement de données, équipement terminal et support d'enregistrement
CN111756528A (zh) 一种量子会话密钥分发方法、装置及通信架构
CN109302425B (zh) 身份认证方法及终端设备
WO2021041771A1 (fr) Techniques décentralisées pour la vérification de données dans la sécurité de couche de transport et d'autres contextes
CN110690969A (zh) 一种多方协同完成双向ssl/tls认证的方法和系统
CN113038463B (zh) 一种通讯加密认证实验装置
WO2023284691A1 (fr) Procédé, système et appareil d'ouverture de compte
CN107395350B (zh) 密钥及密钥句柄的生成方法、系统及智能密钥安全设备
CN114692120B (zh) 国密认证方法、虚拟机、终端设备、系统及存储介质
CN112910641B (zh) 用于跨链交易监管的验证方法、装置、中继链节点及介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18940993

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18940993

Country of ref document: EP

Kind code of ref document: A1

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 29/09/2021)

122 Ep: pct application non-entry in european phase

Ref document number: 18940993

Country of ref document: EP

Kind code of ref document: A1