WO2022121221A1 - Token-based application access method and apparatus, computer device, and medium - Google Patents

Token-based application access method and apparatus, computer device, and medium Download PDF

Info

Publication number
WO2022121221A1
WO2022121221A1 PCT/CN2021/090948 CN2021090948W WO2022121221A1 WO 2022121221 A1 WO2022121221 A1 WO 2022121221A1 CN 2021090948 W CN2021090948 W CN 2021090948W WO 2022121221 A1 WO2022121221 A1 WO 2022121221A1
Authority
WO
WIPO (PCT)
Prior art keywords
token
target
validity period
target user
generation algorithm
Prior art date
Application number
PCT/CN2021/090948
Other languages
French (fr)
Chinese (zh)
Inventor
彭康康
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2022121221A1 publication Critical patent/WO2022121221A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/101Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
    • G06F21/1014Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to tokens
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2137Time limited access, e.g. to a computer or data

Definitions

  • the present application relates to the technical field of identity verification, and in particular, to a token-based application program access method, apparatus, computer device and computer-readable storage medium.
  • the general process of the token mechanism is as follows: when the client logs in for the first time, the server randomly generates a random string as a token and returns it to the client, and the server saves it. Each subsequent request of the client needs to carry the token returned by the server.
  • the server compares the token saved by the server at the unified entrance. If the comparison is successful, subsequent business processing can be performed. If the comparison fails, it will be directly processed. return.
  • the inventor realized that, on the one hand, under the traditional token mechanism, the use of a single token generation algorithm will lead to the token being cracked, and there is a security risk; You need to log out of the app and log in again, which will interrupt the user's operation process, make the operation troublesome, and reduce the user experience.
  • the purpose of this application is to provide a token-based application program access method, apparatus, computer equipment and computer-readable storage medium.
  • a token-based application access method including:
  • the target token generation algorithm uses the target token generation algorithm and at least based on the associated information of the target user to generate a first token for the target user, and sending the first token to the application client where the target user is located, wherein, the validity period of the first token is the first validity period;
  • the first validity period corresponding to the first token is extended, wherein the deadline range belongs to the first validity period The time range corresponding to the period.
  • a token-based application access device including:
  • a random determination module configured to randomly determine a target token generation algorithm corresponding to the target user according to a plurality of token generation algorithms
  • a generating module configured to generate a first token for the target user by using the target token generation algorithm and at least based on the associated information of the target user, and send the first token to the location where the target user is located
  • the application client wherein the validity period of the first token is the first validity period
  • an acquisition module configured to receive an access request initiated by the target user through the application client, and acquire the second token carried in the access request
  • the passing module is configured to pass the access request if the second token is consistent with the first token and the current time is within the first validity period corresponding to the first token;
  • an extension module configured to extend the first validity period corresponding to the first token when the current time reaches a deadline range corresponding to the target token generation algorithm, wherein the deadline range It belongs to the time range corresponding to the first validity period.
  • a computer device comprising a memory for storing a program accessed by a token-based application program of the processor and a processor, the processor configured to execute the command-based A program accessed by the application program of the card to perform the following processing: randomly determine a target token generation algorithm corresponding to a target user according to a plurality of token generation algorithms; utilize the target token generation algorithm and at least based on the associated information of the target user generating a first token for the target user, and sending the first token to the application client where the target user is located, wherein the validity period of the first token is the first validity period; receiving The target user obtains the second token carried in the access request through the access request initiated by the application client; if the second token is consistent with the first token and the current time is in the Within the first validity period corresponding to the first token, the access request is passed; when the current time reaches the deadline range corresponding to the target token generation algorithm, the first token corresponding to the first token is processed.
  • a validity period is extended, wherein the deadline
  • a computer-readable storage medium storing computer-readable instructions
  • a program accessed by a token-based application program is stored thereon, and the program accessed by the token-based application program is executed by a processor
  • the following processing is implemented when the target token generation algorithm is used: randomly determine the target token generation algorithm corresponding to the target user according to multiple token generation algorithms; a token, and send the first token to the application client where the target user is located, wherein the validity period of the first token is the first validity period; receiving the target user through the For the access request initiated by the application client, obtain the second token carried in the access request; if the second token is consistent with the first token and the current time is in the first token corresponding to the first token Within a valid period, the access request is passed; when the current time reaches the deadline range corresponding to the target token generation algorithm, the first valid period corresponding to the first token is extended, wherein , the deadline range belongs to the time range corresponding to the first validity period.
  • the above token-based application access method, device, computer equipment and computer-readable storage medium randomly determine a target token generation algorithm based on multiple token generation algorithms, and use the target token generation algorithm to generate tokens, therefore, The security and reliability of the token are effectively improved; at the same time, when the current time reaches the deadline range corresponding to the target token generation algorithm, the first validity period corresponding to the first token is also extended. Therefore, It greatly reduces the possibility that the token expiration will interrupt the user's operation, and improves the user experience.
  • FIG. 1 is a schematic diagram of a system architecture of a token-based application program access method according to an exemplary embodiment.
  • Fig. 2 is a flowchart of a token-based application access method according to an exemplary embodiment.
  • FIG. 3 is a flowchart showing details of step 210 of an embodiment according to the embodiment of FIG. 2 .
  • Fig. 4 is a schematic flowchart of a basic flow of a token-based application access method according to an exemplary embodiment.
  • Fig. 5 is a block diagram of a token-based application access device according to an exemplary embodiment.
  • FIG. 6 is an exemplary block diagram of a computer device implementing the above token-based application access method according to an exemplary embodiment.
  • FIG. 7 is a computer-readable storage medium for implementing the above token-based application access method according to an exemplary embodiment.
  • the present application first provides a token-based application access method.
  • a token is a valid credential that allows a user to log in to an application in a certain way.
  • the server generates and assigns a token to the user's client.
  • the user can directly access the application by virtue of the token without logging in.
  • the token-based application access method provided by the present application can not only improve security, but also reduce the possibility of interrupting user operations and ensure user experience.
  • the implementation terminal of this application can be any device with computing, processing and communication functions, which can be connected to an external device for receiving or sending data, and specifically can be a portable mobile device, such as a smart phone, tablet computer, notebook computer, PDA (Personal Digital Assistant), etc., can also be fixed devices, such as computer equipment, field terminals, desktop computers, servers, workstations, etc., or a collection of multiple devices, such as cloud computing physical infrastructure or server clusters .
  • a portable mobile device such as a smart phone, tablet computer, notebook computer, PDA (Personal Digital Assistant), etc.
  • PDA Personal Digital Assistant
  • the implementation terminal of the present application may be a server or a physical infrastructure of cloud computing.
  • FIG. 1 is a schematic diagram of a system architecture of a token-based application program access method according to an exemplary embodiment.
  • the system architecture includes a server 110 and a user terminal 120 .
  • the user terminal 120 is connected with the server 110 through a wired or wireless communication link. Therefore, the user terminal 120 can send data to the server 110 or receive data from the server 110.
  • the server 110 is provided with a server, and the user terminal 120 is provided with a server.
  • the server 110 is the implementation terminal in this embodiment, and the server 110 stores a plurality of token generation algorithms.
  • a specific process may be as follows: the user initiates a registration request to the server 110 through the client on the user terminal 120, and Submit the associated information of the user to the server 110, and the server 110 generates a user ID for the user; then, the server 110 randomly determines the target token generation algorithm by using the stored multiple token generation algorithms, and determines the corresponding deadline range; Then, based on the target token generation algorithm and the associated information, a first token with an expiration date is generated for the target user, and the first token is sent to the client on the user terminal 120, and the user ID, first token, The validity period and the deadline range are correspondingly stored; next, the user initiates an access request to the server 110 through the client on the user terminal 120, and the server 110 will obtain the second token and user ID carried in the access request, where the first The second token does not refer to a token different from the first token, but refers specifically to the token sent by the user; then, the server 110 will find the corresponding first token according to the user ID, and finally find the first token that is
  • a token is compared with a second token, and it is judged whether the second token is within the validity period, and if the comparison is consistent and the second token is within the validity period, the access request will be passed; after that, the server 110 will respond to the It is judged whether the current time is within the deadline. If the current time is within the deadline, the first validity period will be extended. In this way, it is possible to avoid interruption of user operations due to the expiration of the token validity period. user experience.
  • Fig. 2 is a flowchart of a token-based application access method according to an exemplary embodiment. This embodiment can be executed by a server, as shown in FIG. 2 , and includes the following steps:
  • Step 210 Randomly determine a target token generation algorithm corresponding to the target user according to multiple token generation algorithms.
  • the target token generation algorithm corresponding to the target user is randomly determined according to a plurality of token generation algorithms and the subsequent steps are to log in to the application program again when the target user logs in to the application for the first time or the token provided by the target user becomes invalid. executed when.
  • This step may be performed when the target user logs in to the application for the first time, or may be performed when the target user's token expires, that is, when the token expires and the user logs in to the application again.
  • the login here is generally to log in with an account number and password.
  • Token generation algorithms can be of various kinds, and thus, the generated tokens can be strings of various forms.
  • a Universal Unique Identifier UUID, Universally Unique Identifier
  • UUID Universally Unique Identifier
  • a long string based on the MD5 algorithm can be generated
  • a long string based on the SHA-256 algorithm can also be generated.
  • the random determination of the target token generation algorithm corresponding to the target user according to multiple token generation algorithms includes:
  • a token generation algorithm is randomly selected among multiple token generation algorithms as the target token generation algorithm corresponding to the target user.
  • Fig. 3 is a flowchart showing the details of step 210 of an embodiment according to the embodiment of Fig. 2, please refer to Fig. 3, including the following steps:
  • Step 211 Randomly select a first predetermined number of token generation algorithms from a plurality of preset token generation algorithms.
  • the preset multiple token generation algorithms may be pre-stored in the token generation algorithm library, and the number of randomly selected token generation algorithms, that is, the first predetermined number, is smaller than the preset number of multiple token generation algorithms.
  • Step 212 Randomly select a token generation algorithm merging rule from a preset algorithm rule library, and integrate the first predetermined number of token generation algorithms according to the token generation algorithm merging rule, to obtain a combination with the target user. The corresponding target token generation algorithm.
  • a token generation algorithm merging rule in the preset algorithm rule base may be to randomly select a token generation algorithm from a first predetermined number of token generation algorithms as a combination algorithm, and use the token generation algorithm in the first predetermined number of token generation algorithms.
  • Other token generation algorithms except the merging algorithm generate tokens respectively, then each token is spliced into a string according to the order in which each token generation algorithm is selected, and finally the merging algorithm is used to generate tokens for the string. operation.
  • the token generation algorithm is integrated by randomly selecting the token generation algorithm merging rule on the basis of randomly selecting the token generating algorithm. Therefore, the finally obtained target token generating algorithm is based on the randomly selected multiple A token generation algorithm is established, which improves the complexity of the target token generation algorithm, thereby ensuring the security of the generated token.
  • Step 220 Generate a first token for the target user by using the target token generation algorithm and at least based on the associated information of the target user, and send the first token to the application where the target user is located client.
  • the validity period of the first token is the first validity period.
  • the associated information of the target user may be any information related to the target user, for example, the associated information of the target user may be the personal information of the target user.
  • the first validity period of the first token may be a preset fixed period, or may be a not always constant period generated based on certain elements each time a token is generated.
  • the associated information of the target user includes a user type, and the validity period of the first token is determined according to the user type.
  • the user types may include blacklisted suspect users, ordinary users, VIP users, etc.
  • the length of the validity period of the first token corresponding to the blacklisted suspect users, ordinary users, and VIP users may be set to increase sequentially, that is, blacklisted suspect users, ordinary users, and VIP users.
  • the validity period of the first token corresponding to the listed suspect users is the shortest, the validity period of the first token corresponding to ordinary users is second, and the validity period of the first token corresponding to VIP users is the longest. .
  • the associated information includes a plurality of pieces of personal information, each item of personal information corresponds to an information type, and the target token generation algorithm is used for the target user based on at least the associated information of the target user.
  • the target user generates the first token, including:
  • the information type corresponding to the at least one piece of personal information of the target user randomly generate replacement personal information corresponding to the at least one piece of personal information and the corresponding information type is the same;
  • the at least one item of personal information is correspondingly replaced with the corresponding replacement personal information.
  • the personal information of the target user is replaced by randomly generating replacement personal information of the same information type, so that the generated token is not completely based on the personal information of the target user, thereby improving security.
  • the associated information includes a plurality of pieces of personal information, each item of personal information corresponds to an information type, and the target token generation algorithm is used for the target user based on at least the associated information of the target user.
  • the target user generates the first token, including:
  • a first token is generated for the target user using the target token generation algorithm and based on the replaced personal information of the target user.
  • the preset database may be a database into which the corresponding user information is written when each user registers, or may be a database established separately for providing replacement personal information.
  • one piece of personal information of target user A is "work unit: Company A"
  • one piece of personal information of user B is "work unit: company B”
  • both pieces of personal information are of the type of work unit
  • the information of user B's "work unit: Company B" can be used as replacement personal information to replace the information of target user A's "work unit: Company A”.
  • Step 230 Receive an access request initiated by the target user through the application client, and obtain a second token carried in the access request.
  • the first validity period is a length of time
  • the method before receiving the access request initiated by the target user through the application client, the method further includes:
  • the time when the first token is generated, the first token, the first validity period and the deadline range are stored correspondingly.
  • the deadline range corresponds to the target token generation algorithm, and the first validity period also corresponds to the first token and the target token generation algorithm, the deadline range corresponds to the first validity period.
  • the actual time range corresponding to the first validity period can be determined according to the time when the first token is generated and the first validity period defined by the time length. For example, the time when the first token is generated is 8:00, and the first validity period is 60 minutes, then the actual time range corresponding to the first validity period is 8:00 to 9:00.
  • each of the token generation algorithms corresponds to a deadline range
  • the determining the deadline range corresponding to the target token generation algorithm includes:
  • the deadline range corresponding to the target token generation algorithm is determined according to the deadline range corresponding to at least one token generation algorithm on which the target token generation algorithm is based.
  • the randomly selected token generation algorithm when used as the target token generation algorithm, it is determined that the token generation algorithm on which the target token generation algorithm is based is the randomly selected token generation algorithm, and the randomly selected token generation algorithm can be directly selected.
  • the deadline range corresponding to the token generation algorithm is taken as the deadline range corresponding to the target token generation algorithm.
  • the target token generation algorithm is determined based on a plurality of token generation algorithms, and the target token generation algorithm is determined according to a deadline range corresponding to at least one token generation algorithm on which the target token generation algorithm is based.
  • the deadline range corresponding to the target token generation algorithm including:
  • the deadline range with the smallest time length is determined as the deadline range corresponding to the target token generation algorithm.
  • the deadline range corresponding to each token generation algorithm can be obtained by looking up the table.
  • the time for extending the validity period of the token can be made The range should not be too large, so as to ensure the security of extending the validity period of the token to a certain extent.
  • Step 240 Pass the access request if the second token is consistent with the first token and the current time is within the first validity period corresponding to the first token.
  • the method further includes:
  • the access request is rejected.
  • the target user may include the first user identifier, and after the first token is generated, the first token, the first user identifier and the first validity period are stored locally; the access request also includes the second user identifier, When judging whether the first token is consistent with the second token, first find the first user identification that is consistent with the second user identification, then determine the first token stored corresponding to the first user identification, and determine the The first token in the access request is compared with the second token in the access request; in addition, the first valid period stored corresponding to the first token is also determined, and a judgment is made whether the current time is within the first valid period .
  • the target user After passing the access request, the target user can access the required resources provided by the local end through the application client.
  • a first token is generated for the target user using the target token generation algorithm and based at least on the associated information of the target user, and the first token is sent to the target user After the application client is located, the method further includes:
  • the method Before passing the access request if the second token is consistent with the first token and the current time is within the first validity period corresponding to the first token, the method includes:
  • the processing and access speed of the cache server are relatively efficient, so the execution terminal of the present application can be reduced. Manage stress and increase efficiency.
  • Step 250 Extend the first validity period corresponding to the first token when the current time reaches the deadline range corresponding to the target token generation algorithm, wherein the deadline range belongs to the The time range corresponding to the first validity period.
  • the first validity period may be a period of time length, or may be a moment, and the method of extending the first validity period is mainly to increase the time length on the basis of the first validity period.
  • the deadline range belongs to the time range corresponding to the first validity term, that is, the deadline range is within the first validity term range.
  • the deadline range can be the time range between a time within the first validity period and the time when the first validity period ends, that is, the end time of the deadline range can be the same as the end time of the first validity period, and it can be a length of time.
  • the time when the first valid term ends minus the time length can be the start time of the deadline range.
  • the deadline range may be other time ranges within the first validity period. Therefore, the deadline range can be any period of time within the first validity period.
  • extending the first validity period corresponding to the first token includes:
  • the first validity period is 7:30-8:30
  • the end time of the first validity period is 8:30
  • the deadline range is 8:00-8:30
  • the time length of the deadline range is 30 minutes. If the current time is 8:02 and the current time reaches the expiration date range, then the sum of the termination time of the first validity period and the time length of the expiration date range is 9:00.
  • extending the first validity period corresponding to the first token includes:
  • the first validity period is 7:30-8:30
  • the length of the first validity period is 60 minutes
  • the deadline range is 8:00-8:30. If the current time is 8:02, then the current time The sum of the time length with the first validity period is 9:02.
  • extending the first validity period corresponding to the first token includes:
  • the first validity period is 7:30-8:30
  • the length of the first validity period is 60 minutes
  • the deadline range is 8:00-8:30
  • the corresponding start time is 8:00
  • the sum of the start time of the deadline range and the length of the first validity period is 9:00.
  • the first validity period is an expiration time
  • the method before receiving the access request initiated by the target user through the application client, the method further includes:
  • extending the first validity period corresponding to the first token includes:
  • the first validity period is defined as the expiration time, that is, the first validity period is a moment.
  • the calculation can be performed based on various factors such as the first validity period, the time length of the deadline range, and the current time.
  • the length of time to be extended may also be arbitrary, as long as the first validity period can be extended.
  • extending the first validity period corresponding to the first token includes:
  • the fact that the application client does not enter the background means that the operation interface of the application client is always displayed on the top layer of the terminal operating system.
  • the operation interface of the mobile phone terminal has always been at the top layer of the operating system.
  • the first An expiration date is extended, thus ensuring security when the token expiration date is extended.
  • FIG. 4 is a schematic flowchart of a basic flow of a token-based application access method according to an exemplary embodiment.
  • the basic flow of the token-based application access method provided by this application can be shown in Figure 4: the application in the figure can be various types of application client, such as a mobile App or a PC. client.
  • the basic process can be as follows: first, the user logs in to the application for the first time, and provides associated information to the local end through the application; the local end accesses the token rule base, and generates the token based on multiple tokens in the token rule base.
  • the algorithm is randomly determined to obtain the target token generation algorithm; then, the local end uses the target token generation algorithm and associated information to generate a dynamic token as the first token, where the dynamic token means that the first token is generated by using each random
  • the determined target token generation algorithm is generated, so the generation method of the dynamic token is not fixed; then, the dynamic token of the first token will be stored in the database and sent to the user end, so that the user can
  • the terminal obtains the token; when the application initiates an access request, it will carry the second token in the access request, and the server will receive the access request carrying the second token; and then obtain the second token from the access request , the server will also obtain the stored first token from the database; then the server will compare the first token with the second token, if the result of the comparison is inconsistent, it will deny the user's access; if they are consistent,
  • the expiration date database will be queried according to certain rules to determine whether the current time is within the expiration date range corresponding to the target token generation algorithm, and if so, the first valid
  • a target token generation algorithm is randomly determined based on multiple token generation algorithms, and a token is generated by using the target token generation algorithm, Therefore, the security and reliability of the token are effectively improved; at the same time, when the current time reaches the deadline range corresponding to the target token generation algorithm, the first validity period corresponding to the first token is also extended, Therefore, the possibility that the token expiration will interrupt the user's operation is greatly reduced, and the user experience is improved.
  • the present application also provides a token-based application access device, and the following are device embodiments of the present application.
  • Fig. 5 is a block diagram of a token-based application access device according to an exemplary embodiment. As shown in Figure 5, the device 500 includes:
  • the random determination module 510 is configured to randomly determine the target token generation algorithm corresponding to the target user according to the plurality of token generation algorithms
  • a generating module 520 configured to generate a first token for the target user by using the target token generating algorithm and at least based on the associated information of the target user, and send the first token to the target user where the client of the application program is located, wherein the validity period of the first token is the first validity period;
  • the obtaining module 530 is configured to receive the access request initiated by the target user through the application client, and obtain the second token carried in the access request;
  • the module 540 is configured to pass the access request if the second token is consistent with the first token and the current time is within the first validity period corresponding to the first token;
  • the extension module 550 is configured to extend the first validity period corresponding to the first token when the current time reaches the deadline range corresponding to the target token generation algorithm, wherein the deadline The range belongs to the time range corresponding to the first validity period.
  • the random determination module is further configured to:
  • the associated information includes a plurality of pieces of personal information, each piece of personal information corresponds to an information type, and the generating module is further configured to:
  • a first token is generated for the target user using the target token generation algorithm and based on the replaced personal information of the target user.
  • the first validity period is a length of time
  • the generating module is further configured to: before receiving an access request initiated by the target user through the application client:
  • the time when the first token is generated, the first token, the first validity period and the deadline range are stored correspondingly.
  • the generating module is further configured to generate a first token for the target user using the target token generation algorithm and at least based on the associated information of the target user, and to generate the first token for the target user. After the token is sent to the application client where the target user is located:
  • the passing module is further configured to pass the access request before passing the access request if the second token is consistent with the first token and the current time is within the first validity period corresponding to the first token:
  • the extension module is further configured to:
  • the first validity period is an expiration time
  • the generating module is further configured to: before receiving an access request initiated by the target user through the application client:
  • the extension module is further configured to:
  • a computer device which executes all or part of the steps of any one of the token-based application access methods shown above.
  • the computer equipment includes:
  • the memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to enable the at least one processor to execute as illustrated in any of the above-described exemplary embodiments Token-based application access method.
  • aspects of the present application may be implemented as a system, method or program product. Therefore, various aspects of the present application can be embodied in the following forms, namely: a complete hardware implementation, a complete software implementation (including firmware, microcode, etc.), or a combination of hardware and software aspects, which may be collectively referred to herein as implementations "circuit", “module” or "system”.
  • a computer device 600 according to this embodiment of the present application is described below with reference to FIG. 6 .
  • the computer device 600 shown in FIG. 6 is only an example, and should not impose any limitations on the functions and scope of use of the embodiments of the present application.
  • computer device 600 takes the form of a general-purpose computing device.
  • Components of the computer device 600 may include, but are not limited to, the above-mentioned at least one processing unit 610 , the above-mentioned at least one storage unit 620 , and a bus 630 connecting different system components (including the storage unit 620 and the processing unit 610 ).
  • the storage unit stores program codes, and the program codes can be executed by the processing unit 610, so that the processing unit 610 executes various exemplary methods according to the present application described in the above-mentioned “Methods of Embodiments” of this specification. Implementation steps.
  • the storage unit 620 may include a readable medium in the form of a volatile storage unit, such as a random access storage unit (RAM) 621 and/or a cache storage unit 622 , and may further include a read only storage unit (ROM) 623 .
  • RAM random access storage unit
  • ROM read only storage unit
  • the storage unit 620 may also include a program/utility 624 having a set (at least one) of program modules 625 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, An implementation of a network environment may be included in each or some combination of these examples.
  • the bus 630 may be representative of one or more of several types of bus structures, including a memory cell bus or memory cell controller, a peripheral bus, a graphics acceleration port, a processing unit, or a local area using any of a variety of bus structures. bus.
  • the computer device 600 may also communicate with one or more external devices 800 (eg, keyboards, pointing devices, Bluetooth devices, etc.), with one or more devices that enable a user to interact with the computer device 600, and/or with Any device (eg, router, modem, etc.) that enables the computer device 600 to communicate with one or more other computer devices. Such communication may occur through an input/output (I/O) interface 650 , such as with display unit 640 . Also, the computer device 600 may communicate with one or more networks (eg, a local area network (LAN), a wide area network (WAN), and/or a public network such as the Internet) through a network adapter 660 . As shown, network adapter 660 communicates with other modules of computer device 600 via bus 630 . It should be understood that, although not shown, other hardware and/or software modules may be used in conjunction with computer device 600, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives and data backup storage systems.
  • the exemplary embodiments described herein may be implemented by software, or may be implemented by software combined with necessary hardware. Therefore, the technical solutions according to the embodiments of the present application may be embodied in the form of software products, and the software products may be stored in a non-volatile storage medium (which may be CD-ROM, U disk, mobile hard disk, etc.) or on the network , including several instructions to cause a computer device (which may be a personal computer, a server, a terminal device, or a network device, etc.) to execute the method according to the embodiment of the present application.
  • a computer device which may be a personal computer, a server, a terminal device, or a network device, etc.
  • a computer-readable storage medium on which a program product capable of implementing the above-mentioned method of the present specification is stored, and the computer-readable storage medium may be non-volatile or easily accessible. loss of sex.
  • various aspects of the present application can also be implemented in the form of a program product, which includes program code, which is used to cause the program product to run on a terminal device when the program product is executed.
  • the terminal device performs the steps according to various exemplary embodiments of the present application described in the above-mentioned "Example Method" section of this specification.
  • a program product 700 for implementing the above method according to an embodiment of the present application is described, which can adopt a portable compact disk read only memory (CD-ROM) and include program codes, and can be used in a terminal device, For example running on a personal computer.
  • CD-ROM portable compact disk read only memory
  • the program product of the present application is not limited thereto, and in this document, a computer-readable storage medium can be any tangible medium that contains or stores a program that can be used by or in conjunction with an instruction execution system, apparatus, or device.
  • the program product may employ any combination of one or more readable media.
  • the readable medium may be a readable signal medium or a readable storage medium.
  • the readable storage medium may be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus or device, or a combination of any of the above. More specific examples (non-exhaustive list) of readable storage media include: electrical connections with one or more wires, portable disks, hard disks, random access memory (RAM), read only memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disk read only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination of the foregoing.
  • a computer readable signal medium may include a propagated data signal in baseband or as part of a carrier wave with readable program code embodied thereon. Such propagated data signals may take a variety of forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the foregoing.
  • a readable signal medium can also be any readable medium, other than a readable storage medium, that can transmit, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
  • Program code embodied on a readable medium may be transmitted using any suitable medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
  • Program code for carrying out the operations of the present application may be written in any combination of one or more programming languages, including object-oriented programming languages—such as Java, C++, etc., as well as conventional procedural Programming Language - such as the "C" language or similar programming language.
  • the program code may execute entirely on the user's computer device, partly on the user's computer device, as a stand-alone software package, partly on the user's computer device and partly on a remote computer device, or entirely on the remote computer device or execute on the server.
  • the remote computer equipment may be connected to the user computer equipment via any kind of network, including a local area network (LAN) or wide area network (WAN), or may be connected to external computer equipment (eg, using an Internet service provider business via an Internet connection).
  • LAN local area network
  • WAN wide area network

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

A token-based application access method and apparatus, a computer device, and a medium, applied to the field of authentication in financial science and technology. The method comprises: randomly determining a target token generation algorithm; generating a first token for a target user by using the target token generation algorithm and at least on the basis of association information of the target user, and sending the first token to the target user, the validity period of the first token being a first validity period; receiving an access request initiated by the target user, and obtaining a second token carried in the access request; if the second token is consistent with the first token and the current time is within the first validity period, passing the access request; and when the current time reaches a deadline range, extending the first validity period corresponding to the first token, the deadline range being a time range corresponding to the first validity period. The method improves the security and reliability of tokens, reduces the possibility that the expiring of a token interrupts the operation of a user, and improves the user experience.

Description

基于令牌的应用程序访问方法、装置、计算机设备和介质Token-based application access method, apparatus, computer device and medium
本申请要求于2020年12月10日提交中国专利局、申请号为CN 202011458074.1,发明名称为“基于令牌的应用程序访问方法、装置、介质及电子设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application filed on December 10, 2020 with the application number CN 202011458074.1 and the invention title is "Token-based application access method, device, medium and electronic device", which The entire contents of this application are incorporated by reference.
技术领域technical field
本申请涉及身份验证技术领域,特别是涉及一种基于令牌的应用程序访问方法、装置、计算机设备和计算机可读存储介质。The present application relates to the technical field of identity verification, and in particular, to a token-based application program access method, apparatus, computer device and computer-readable storage medium.
背景技术Background technique
随着互联网的蓬勃发展,我们会使用到各种各样的APP。APP在使用过程中,一般都会有鉴权机制,来检查访问者的有效性,目前一般都是采用令牌(TOKEN)的机制进行鉴权。用户登录成功之后,在服务器端会根据用户信息生成一个唯一的值,这个值就是令牌。With the vigorous development of the Internet, we will use all kinds of apps. In the process of using APP, there is generally an authentication mechanism to check the validity of the visitor. At present, the token (TOKEN) mechanism is generally used for authentication. After the user logs in successfully, the server will generate a unique value based on the user information, which is the token.
令牌机制的大体流程如下:客户首次登录,由服务端随机生成一个随机的字符串作为令牌并返回给客户,服务端保存起来。客户后续的每次请求都需要带着服务端返回的令牌,服务端在统一的入口与服务端保存的令牌进行比对,比对成功则可以进行后续的业务处理,比对失败则直接返回。发明人意识到,一方面,在传统的令牌机制下,采用单一的令牌生成算法会导致令牌被破解,存在安全风险;另一方面,如果用户在操作App过程中令牌过期,用户需要退出App并重新登录,这会打断用户的操作过程,操作麻烦,降低了用户体验。The general process of the token mechanism is as follows: when the client logs in for the first time, the server randomly generates a random string as a token and returns it to the client, and the server saves it. Each subsequent request of the client needs to carry the token returned by the server. The server compares the token saved by the server at the unified entrance. If the comparison is successful, subsequent business processing can be performed. If the comparison fails, it will be directly processed. return. The inventor realized that, on the one hand, under the traditional token mechanism, the use of a single token generation algorithm will lead to the token being cracked, and there is a security risk; You need to log out of the app and log in again, which will interrupt the user's operation process, make the operation troublesome, and reduce the user experience.
发明内容SUMMARY OF THE INVENTION
在金融科技的身份验证技术领域,为了解决上述技术问题,本申请的目的在于提供一种基于令牌的应用程序访问方法、装置、计算机设备和计算机可读存储介质。In the field of identity verification technology of financial technology, in order to solve the above technical problems, the purpose of this application is to provide a token-based application program access method, apparatus, computer equipment and computer-readable storage medium.
第一方面,提供了一种基于令牌的应用程序访问方法,包括:In a first aspect, a token-based application access method is provided, including:
根据多个令牌生成算法随机确定与目标用户对应的目标令牌生成算法;Randomly determine the target token generation algorithm corresponding to the target user according to multiple token generation algorithms;
利用所述目标令牌生成算法并至少基于所述目标用户的关联信息为所述目标用户生成第一令牌,并将所述第一令牌发送至所述目标用户所在的应用程序客户端,其中,所述第一令牌的有效期限为第一有效期限;Using the target token generation algorithm and at least based on the associated information of the target user to generate a first token for the target user, and sending the first token to the application client where the target user is located, Wherein, the validity period of the first token is the first validity period;
接收所述目标用户通过所述应用程序客户端发起的访问请求,获取所述访问请求中携带的第二令牌;Receive an access request initiated by the target user through the application client, and obtain the second token carried in the access request;
若所述第二令牌与所述第一令牌一致且当前时间在所述第一令牌对应的第一有效期限内,则通过所述访问请求;If the second token is consistent with the first token and the current time is within the first validity period corresponding to the first token, pass the access request;
在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,对所述第一令牌对应的第一有效期限进行延长,其中,所述截止期限范围属于所述第一有效期限对应的时间范围。When the current time reaches the deadline range corresponding to the target token generation algorithm, the first validity period corresponding to the first token is extended, wherein the deadline range belongs to the first validity period The time range corresponding to the period.
第二方面,提供了一种基于令牌的应用程序访问装置,包括:In a second aspect, a token-based application access device is provided, including:
随机确定模块,被配置为根据多个令牌生成算法随机确定与目标用户对应的目标令牌生成算法;a random determination module, configured to randomly determine a target token generation algorithm corresponding to the target user according to a plurality of token generation algorithms;
生成模块,被配置为利用所述目标令牌生成算法并至少基于所述目标用户的关联信息为所述目标用户生成第一令牌,并将所述第一令牌发送至所述目标用户所在的应用程序客户端,其中,所述第一令牌的有效期限为第一有效期限;A generating module, configured to generate a first token for the target user by using the target token generation algorithm and at least based on the associated information of the target user, and send the first token to the location where the target user is located The application client, wherein the validity period of the first token is the first validity period;
获取模块,被配置为接收所述目标用户通过所述应用程序客户端发起的访问请求,获取所述访问请求中携带的第二令牌;an acquisition module, configured to receive an access request initiated by the target user through the application client, and acquire the second token carried in the access request;
通过模块,被配置为若所述第二令牌与所述第一令牌一致且当前时间在所述第一令 牌对应的第一有效期限内,则通过所述访问请求;The passing module is configured to pass the access request if the second token is consistent with the first token and the current time is within the first validity period corresponding to the first token;
延长模块,被配置为在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,对所述第一令牌对应的第一有效期限进行延长,其中,所述截止期限范围属于所述第一有效期限对应的时间范围。an extension module, configured to extend the first validity period corresponding to the first token when the current time reaches a deadline range corresponding to the target token generation algorithm, wherein the deadline range It belongs to the time range corresponding to the first validity period.
第三方面,提供了一种计算机设备,包括存储器和处理器,所述存储器用于存储所述处理器的基于令牌的应用程序访问的程序,所述处理器配置为经由执行所述基于令牌的应用程序访问的程序来执行以下处理:根据多个令牌生成算法随机确定与目标用户对应的目标令牌生成算法;利用所述目标令牌生成算法并至少基于所述目标用户的关联信息为所述目标用户生成第一令牌,并将所述第一令牌发送至所述目标用户所在的应用程序客户端,其中,所述第一令牌的有效期限为第一有效期限;接收所述目标用户通过所述应用程序客户端发起的访问请求,获取所述访问请求中携带的第二令牌;若所述第二令牌与所述第一令牌一致且当前时间在所述第一令牌对应的第一有效期限内,则通过所述访问请求;在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,对所述第一令牌对应的第一有效期限进行延长,其中,所述截止期限范围属于所述第一有效期限对应的时间范围。In a third aspect, there is provided a computer device comprising a memory for storing a program accessed by a token-based application program of the processor and a processor, the processor configured to execute the command-based A program accessed by the application program of the card to perform the following processing: randomly determine a target token generation algorithm corresponding to a target user according to a plurality of token generation algorithms; utilize the target token generation algorithm and at least based on the associated information of the target user generating a first token for the target user, and sending the first token to the application client where the target user is located, wherein the validity period of the first token is the first validity period; receiving The target user obtains the second token carried in the access request through the access request initiated by the application client; if the second token is consistent with the first token and the current time is in the Within the first validity period corresponding to the first token, the access request is passed; when the current time reaches the deadline range corresponding to the target token generation algorithm, the first token corresponding to the first token is processed. A validity period is extended, wherein the deadline range belongs to the time range corresponding to the first validity period.
第四方面,提供了一种存储有计算机可读指令的计算机可读存储介质,其上存储有基于令牌的应用程序访问的程序,所述基于令牌的应用程序访问的程序被处理器执行时实现以下处理:根据多个令牌生成算法随机确定与目标用户对应的目标令牌生成算法;利用所述目标令牌生成算法并至少基于所述目标用户的关联信息为所述目标用户生成第一令牌,并将所述第一令牌发送至所述目标用户所在的应用程序客户端,其中,所述第一令牌的有效期限为第一有效期限;接收所述目标用户通过所述应用程序客户端发起的访问请求,获取所述访问请求中携带的第二令牌;若所述第二令牌与所述第一令牌一致且当前时间在所述第一令牌对应的第一有效期限内,则通过所述访问请求;在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,对所述第一令牌对应的第一有效期限进行延长,其中,所述截止期限范围属于所述第一有效期限对应的时间范围。In a fourth aspect, a computer-readable storage medium storing computer-readable instructions is provided, and a program accessed by a token-based application program is stored thereon, and the program accessed by the token-based application program is executed by a processor The following processing is implemented when the target token generation algorithm is used: randomly determine the target token generation algorithm corresponding to the target user according to multiple token generation algorithms; a token, and send the first token to the application client where the target user is located, wherein the validity period of the first token is the first validity period; receiving the target user through the For the access request initiated by the application client, obtain the second token carried in the access request; if the second token is consistent with the first token and the current time is in the first token corresponding to the first token Within a valid period, the access request is passed; when the current time reaches the deadline range corresponding to the target token generation algorithm, the first valid period corresponding to the first token is extended, wherein , the deadline range belongs to the time range corresponding to the first validity period.
上述基于令牌的应用程序访问方法、装置、计算机设备和计算机可读存储介质,通过基于多个令牌生成算法随机确定目标令牌生成算法,并利用目标令牌生成算法生成令牌,因此,有效提高了令牌的安全性和可靠性;同时,在当前时间达到与所述目标令牌生成算法对应的截止期限范围时,还对第一令牌对应的第一有效期限进行延长,因此,大大降低了令牌过期会打断用户操作的可能性,提高了用户体验。The above token-based application access method, device, computer equipment and computer-readable storage medium randomly determine a target token generation algorithm based on multiple token generation algorithms, and use the target token generation algorithm to generate tokens, therefore, The security and reliability of the token are effectively improved; at the same time, when the current time reaches the deadline range corresponding to the target token generation algorithm, the first validity period corresponding to the first token is also extended. Therefore, It greatly reduces the possibility that the token expiration will interrupt the user's operation, and improves the user experience.
应当理解的是,以上的一般描述和后文的细节描述仅是示例性的,并不能限制本申请。It is to be understood that the foregoing general description and the following detailed description are exemplary only and do not limit the application.
附图说明Description of drawings
图1是根据一示例性实施例示出的一种基于令牌的应用程序访问方法的系统架构示意图。FIG. 1 is a schematic diagram of a system architecture of a token-based application program access method according to an exemplary embodiment.
图2是根据一示例性实施例示出的一种基于令牌的应用程序访问方法的流程图。Fig. 2 is a flowchart of a token-based application access method according to an exemplary embodiment.
图3是根据图2实施例示出的一实施例的步骤210的细节的流程图。FIG. 3 is a flowchart showing details of step 210 of an embodiment according to the embodiment of FIG. 2 .
图4根据一示例性实施例示出的一种基于令牌的应用程序访问方法的基本流程示意图。Fig. 4 is a schematic flowchart of a basic flow of a token-based application access method according to an exemplary embodiment.
图5是根据一示例性实施例示出的一种基于令牌的应用程序访问装置的框图。Fig. 5 is a block diagram of a token-based application access device according to an exemplary embodiment.
图6是根据一示例性实施例示出的一种实现上述基于令牌的应用程序访问方法的计算机设备的示例框图。FIG. 6 is an exemplary block diagram of a computer device implementing the above token-based application access method according to an exemplary embodiment.
图7是根据一示例性实施例示出的一种实现上述基于令牌的应用程序访问方法的计算机可读存储介质。FIG. 7 is a computer-readable storage medium for implementing the above token-based application access method according to an exemplary embodiment.
具体实施方式Detailed ways
这里将详细地对示例性实施例进行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本申请相一致的所有实施方式。相反,它们仅是与如所附权利要求书中所详述的、本申请的一些方面相一致的装置和方法的例子。Exemplary embodiments will be described in detail herein, examples of which are illustrated in the accompanying drawings. Where the following description refers to the drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The implementations described in the illustrative examples below are not intended to represent all implementations consistent with this application. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present application as recited in the appended claims.
此外,附图仅为本申请的示意性图解,并非一定是按比例绘制。图中相同的附图标记表示相同或类似的部分,因而将省略对它们的重复描述。附图中所示的一些方框图是功能实体,不一定必须与物理或逻辑上独立的实体相对应。Furthermore, the drawings are merely schematic illustrations of the present application and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus their repeated descriptions will be omitted. Some of the block diagrams shown in the figures are functional entities that do not necessarily necessarily correspond to physically or logically separate entities.
本申请首先提供了一种基于令牌的应用程序访问方法。令牌是具有一定有效期的、允许用户以一定方式登录应用程序的凭证。传统方式下,服务器为用户的客户端生成并分配令牌,在有效期内,用户凭借令牌可以直接进入应用程序进行访问,无需登录,而一旦令牌过期,即使用户正在操作和使用应用程序,用户也需要重新利用口令进行登录以进行访问,这种方式不仅安全性低,还会打断用户使用应用程序时的操作,从而降低用户体验。而通过本申请提供的基于令牌的应用程序访问方法,不仅可以提高安全性,还能降低打断用户操作的可能性,保证用户体验。The present application first provides a token-based application access method. A token is a valid credential that allows a user to log in to an application in a certain way. In the traditional way, the server generates and assigns a token to the user's client. During the validity period, the user can directly access the application by virtue of the token without logging in. Once the token expires, even if the user is operating and using the application, The user also needs to re-use the password to log in to gain access, which is not only less secure, but also interrupts the user's operations while using the application, thereby degrading the user experience. The token-based application access method provided by the present application can not only improve security, but also reduce the possibility of interrupting user operations and ensure user experience.
本申请的实施终端可以是任何具有运算、处理以及通信功能的设备,该设备可以与外部设备相连,用于接收或者发送数据,具体可以是便携移动设备,例如智能手机、平板电脑、笔记本电脑、PDA(Personal Digital Assistant)等,也可以是固定式设备,例如,计算机设备、现场终端、台式电脑、服务器、工作站等,还可以是多个设备的集合,比如云计算的物理基础设施或者服务器集群。The implementation terminal of this application can be any device with computing, processing and communication functions, which can be connected to an external device for receiving or sending data, and specifically can be a portable mobile device, such as a smart phone, tablet computer, notebook computer, PDA (Personal Digital Assistant), etc., can also be fixed devices, such as computer equipment, field terminals, desktop computers, servers, workstations, etc., or a collection of multiple devices, such as cloud computing physical infrastructure or server clusters .
可选地,本申请的实施终端可以为服务器或者云计算的物理基础设施。Optionally, the implementation terminal of the present application may be a server or a physical infrastructure of cloud computing.
图1是根据一示例性实施例示出的一种基于令牌的应用程序访问方法的系统架构示意图。如图1所示,该系统架构包括服务器110和用户终端120。用户终端120与服务器110通过有线或者无线通信链路相连,因此,用户终端120可以向服务器110发送数据,也可以接收来自服务器110的数据,服务器110上设有服务端,而用户终端120上设有对应的客户端,服务器110为本实施例中的实施终端,服务器110存储着多个令牌生成算法。当本申请提供的基于令牌的应用程序访问方法应用于图1所示的系统架构中时,一个具体过程可以是这样的:用户通过用户终端120上的客户端向服务器110发起注册请求,并向服务器110提交该用户的关联信息,服务器110为该用户生成用户标识;接着,服务器110利用存储的多个令牌生成算法随机确定出目标令牌生成算法,并确定出对应的截止期限范围;然后基于目标令牌生成算法和关联信息为目标用户生成具有有效期限的第一令牌,并将该第一令牌发送至用户终端120上的客户端,同时将用户标识、第一令牌、有效期限以及截止期限范围对应存储起来;接下来,用户通过用户终端120上的客户端向服务器110发起访问请求,服务器110会获取访问请求中携带的第二令牌和用户标识,此处的第二令牌不是指与第一令牌不同的令牌,而是特指用户发来的令牌;接着,服务器110会依据该用户标识找到与之对应的第一令牌,最后将找到的第一令牌与第二令牌比对,并判断第二令牌是否在有效期限内,在比对一致且第二令牌在有效期限内的情况下会通过访问请求;之后,服务器110会对当前时间是否在截止期限范围内进行判断,在当前时间在截止期限范围内的情况下,会对第一有效期限进行延长,这样,就能够避免因令牌有效期过期而打断用户操作,进而提高用户体验。FIG. 1 is a schematic diagram of a system architecture of a token-based application program access method according to an exemplary embodiment. As shown in FIG. 1 , the system architecture includes a server 110 and a user terminal 120 . The user terminal 120 is connected with the server 110 through a wired or wireless communication link. Therefore, the user terminal 120 can send data to the server 110 or receive data from the server 110. The server 110 is provided with a server, and the user terminal 120 is provided with a server. There is a corresponding client, the server 110 is the implementation terminal in this embodiment, and the server 110 stores a plurality of token generation algorithms. When the token-based application access method provided by this application is applied to the system architecture shown in FIG. 1, a specific process may be as follows: the user initiates a registration request to the server 110 through the client on the user terminal 120, and Submit the associated information of the user to the server 110, and the server 110 generates a user ID for the user; then, the server 110 randomly determines the target token generation algorithm by using the stored multiple token generation algorithms, and determines the corresponding deadline range; Then, based on the target token generation algorithm and the associated information, a first token with an expiration date is generated for the target user, and the first token is sent to the client on the user terminal 120, and the user ID, first token, The validity period and the deadline range are correspondingly stored; next, the user initiates an access request to the server 110 through the client on the user terminal 120, and the server 110 will obtain the second token and user ID carried in the access request, where the first The second token does not refer to a token different from the first token, but refers specifically to the token sent by the user; then, the server 110 will find the corresponding first token according to the user ID, and finally find the first token that is found. A token is compared with a second token, and it is judged whether the second token is within the validity period, and if the comparison is consistent and the second token is within the validity period, the access request will be passed; after that, the server 110 will respond to the It is judged whether the current time is within the deadline. If the current time is within the deadline, the first validity period will be extended. In this way, it is possible to avoid interruption of user operations due to the expiration of the token validity period. user experience.
图2是根据一示例性实施例示出的一种基于令牌的应用程序访问方法的流程图。本实施例可以由服务器执行,如图2所示,包括以下步骤:Fig. 2 is a flowchart of a token-based application access method according to an exemplary embodiment. This embodiment can be executed by a server, as shown in FIG. 2 , and includes the following steps:
步骤210,根据多个令牌生成算法随机确定与目标用户对应的目标令牌生成算法。Step 210: Randomly determine a target token generation algorithm corresponding to the target user according to multiple token generation algorithms.
在一个实施例中,根据多个令牌生成算法随机确定与目标用户对应的目标令牌生成算法及之后的步骤是当目标用户首次登录应用程序或者目标用户提供的令牌失效后再次登录应用程序时执行的。In one embodiment, the target token generation algorithm corresponding to the target user is randomly determined according to a plurality of token generation algorithms and the subsequent steps are to log in to the application program again when the target user logs in to the application for the first time or the token provided by the target user becomes invalid. executed when.
本步骤可以是目标用户在首次登录应用程序时执行的,也可以是目标用户的令牌失效,即令牌超过有效期时,用户再次登录应用程序时执行的。This step may be performed when the target user logs in to the application for the first time, or may be performed when the target user's token expires, that is, when the token expires and the user logs in to the application again.
此处的登录一般是利用账号和密码进行登录。The login here is generally to log in with an account number and password.
令牌生成算法可以是各种各样的,因此,生成的令牌可以为各种形式的字符串。比如可以生成固定位数且为随机数的通用唯一识别码(UUID,Universally Unique Identifier),可以生成基于MD5算法的长字符串,也可以生成基于SHA-256算法的长字符串等。Token generation algorithms can be of various kinds, and thus, the generated tokens can be strings of various forms. For example, a Universal Unique Identifier (UUID, Universally Unique Identifier) with a fixed number of digits and a random number can be generated, a long string based on the MD5 algorithm can be generated, and a long string based on the SHA-256 algorithm can also be generated.
在一个实施例中,所述根据多个令牌生成算法随机确定与目标用户对应的目标令牌生成算法,包括:In one embodiment, the random determination of the target token generation algorithm corresponding to the target user according to multiple token generation algorithms includes:
在多个令牌生成算法中随机选择一个令牌生成算法,作为与目标用户对应的目标令牌生成算法。A token generation algorithm is randomly selected among multiple token generation algorithms as the target token generation algorithm corresponding to the target user.
在一个实施例中,步骤210的具体步骤可以如图3所示。图3是根据图2实施例示出的一实施例的步骤210的细节的流程图,请参见图3,包括以下步骤:In one embodiment, the specific steps of step 210 may be as shown in FIG. 3 . Fig. 3 is a flowchart showing the details of step 210 of an embodiment according to the embodiment of Fig. 2, please refer to Fig. 3, including the following steps:
步骤211,在预设的多个令牌生成算法中随机选择第一预定数目个令牌生成算法。Step 211: Randomly select a first predetermined number of token generation algorithms from a plurality of preset token generation algorithms.
预设的多个令牌生成算法可以预先存储于令牌生成算法库中,随机选择的令牌生成算法的数目,即第一预定数目,小于预设的多个令牌生成算法的数目。The preset multiple token generation algorithms may be pre-stored in the token generation algorithm library, and the number of randomly selected token generation algorithms, that is, the first predetermined number, is smaller than the preset number of multiple token generation algorithms.
步骤212,随机从预设算法规则库选择一个令牌生成算法合并规则,并按照所述令牌生成算法合并规则对所述第一预定数目个令牌生成算法进行整合,得到与所述目标用户对应的目标令牌生成算法。Step 212: Randomly select a token generation algorithm merging rule from a preset algorithm rule library, and integrate the first predetermined number of token generation algorithms according to the token generation algorithm merging rule, to obtain a combination with the target user. The corresponding target token generation algorithm.
比如,预设算法规则库中的一个令牌生成算法合并规则可以为从第一预定数目个令牌生成算法随机选择一个令牌生成算法作为合并算法,利用第一预定数目个令牌生成算法中除合并算法之外的其他令牌生成算法分别生成令牌,然后将各令牌按照各令牌生成算法被选择的先后顺序拼接成字符串,最终利用合并算法对该字符串进行令牌生成的运算。For example, a token generation algorithm merging rule in the preset algorithm rule base may be to randomly select a token generation algorithm from a first predetermined number of token generation algorithms as a combination algorithm, and use the token generation algorithm in the first predetermined number of token generation algorithms. Other token generation algorithms except the merging algorithm generate tokens respectively, then each token is spliced into a string according to the order in which each token generation algorithm is selected, and finally the merging algorithm is used to generate tokens for the string. operation.
在本实施例中,通过在随机选择令牌生成算法的基础上,随机选择令牌生成算法合并规则对令牌生成算法进行整合,因此,最终获得的目标令牌生成算法是基于随机选择的多个令牌生成算法而建立的,提高了目标令牌生成算法的复杂度,从而保证了生成的令牌的安全性。In this embodiment, the token generation algorithm is integrated by randomly selecting the token generation algorithm merging rule on the basis of randomly selecting the token generating algorithm. Therefore, the finally obtained target token generating algorithm is based on the randomly selected multiple A token generation algorithm is established, which improves the complexity of the target token generation algorithm, thereby ensuring the security of the generated token.
步骤220,利用所述目标令牌生成算法并至少基于所述目标用户的关联信息为所述目标用户生成第一令牌,并将所述第一令牌发送至所述目标用户所在的应用程序客户端。Step 220: Generate a first token for the target user by using the target token generation algorithm and at least based on the associated information of the target user, and send the first token to the application where the target user is located client.
其中,所述第一令牌的有效期限为第一有效期限。Wherein, the validity period of the first token is the first validity period.
目标用户的关联信息可以是与目标用户有关的任何信息,比如,目标用户的关联信息可以是目标用户的个人信息。The associated information of the target user may be any information related to the target user, for example, the associated information of the target user may be the personal information of the target user.
当目标用户利用应用程序客户端再次发起访问请求时,就会携带为目标用户生成的该令牌。When the target user uses the application client to initiate an access request again, the token generated for the target user will be carried.
第一令牌的第一有效期限可以是预设的固定期限,也可以是每次生成令牌时基于一定要素而生成的不始终恒定的期限。The first validity period of the first token may be a preset fixed period, or may be a not always constant period generated based on certain elements each time a token is generated.
在一个实施例中,所述目标用户的关联信息包括用户类型,所述第一令牌的有效期限根据所述用户类型确定得到。In one embodiment, the associated information of the target user includes a user type, and the validity period of the first token is determined according to the user type.
比如,用户类型可以包括黑名单嫌疑用户、普通用户、VIP用户等,可以将黑名单嫌疑用户、普通用户、VIP用户所对应的第一令牌的有效期限的时间长度设置为依次递增,即黑名单嫌疑用户对应的第一令牌的有效期限的时间长度最短,普通用户对应的第一令牌的有效期限的时间长度次之,VIP用户对应的第一令牌的有效期限的时间长度最长。For example, the user types may include blacklisted suspect users, ordinary users, VIP users, etc., and the length of the validity period of the first token corresponding to the blacklisted suspect users, ordinary users, and VIP users may be set to increase sequentially, that is, blacklisted suspect users, ordinary users, and VIP users. The validity period of the first token corresponding to the listed suspect users is the shortest, the validity period of the first token corresponding to ordinary users is second, and the validity period of the first token corresponding to VIP users is the longest. .
在一个实施例中,所述关联信息包括多项个人信息,每项个人信息与一个信息类型 相对应,所述利用所述目标令牌生成算法并至少基于所述目标用户的关联信息为所述目标用户生成第一令牌,包括:In one embodiment, the associated information includes a plurality of pieces of personal information, each item of personal information corresponds to an information type, and the target token generation algorithm is used for the target user based on at least the associated information of the target user. The target user generates the first token, including:
根据所述目标用户的至少一项个人信息对应的信息类型,随机生成与至少一项个人信息对应且对应的信息类型相同的替换个人信息;According to the information type corresponding to the at least one piece of personal information of the target user, randomly generate replacement personal information corresponding to the at least one piece of personal information and the corresponding information type is the same;
将所述至少一项个人信息对应替换为对应的替换个人信息。The at least one item of personal information is correspondingly replaced with the corresponding replacement personal information.
在本实施例中,通过随机生成信息类型相同的替换个人信息对目标用户的个人信息进行替换,使得生成的令牌不完全基于目标用户的个人信息,从而提高了安全性。In this embodiment, the personal information of the target user is replaced by randomly generating replacement personal information of the same information type, so that the generated token is not completely based on the personal information of the target user, thereby improving security.
在一个实施例中,所述关联信息包括多项个人信息,每项个人信息与一个信息类型相对应,所述利用所述目标令牌生成算法并至少基于所述目标用户的关联信息为所述目标用户生成第一令牌,包括:In one embodiment, the associated information includes a plurality of pieces of personal information, each item of personal information corresponds to an information type, and the target token generation algorithm is used for the target user based on at least the associated information of the target user. The target user generates the first token, including:
从所述目标用户的个人信息中随机选取至少一项个人信息,作为目标个人信息;Randomly select at least one piece of personal information from the personal information of the target user as the target personal information;
从预设数据库获取与至少一个其他用户对应的个人信息,作为替换个人信息;Obtain personal information corresponding to at least one other user from a preset database as replacement personal information;
针对所述目标用户的个人信息中的每一所述目标个人信息,将该目标个人信息替换为相同信息类型的替换个人信息;For each of the target personal information in the personal information of the target user, replace the target personal information with replacement personal information of the same information type;
利用所述目标令牌生成算法并基于替换后的所述目标用户的个人信息为所述目标用户生成第一令牌。A first token is generated for the target user using the target token generation algorithm and based on the replaced personal information of the target user.
对于一个用户来说,与同一信息类型对应的信息只有一项。预设数据库可以是各用户注册时写入对应的用户信息的数据库,也可以是单独建立的用于提供替换个人信息的数据库。For a user, there is only one item of information corresponding to the same information type. The preset database may be a database into which the corresponding user information is written when each user registers, or may be a database established separately for providing replacement personal information.
比如,目标用户A的一项个人信息为“工作单位:A公司”,用户B的一项个人信息为“工作单位:B公司”,这两项个人信息均为工作单位这一信息类型,那么用户B的“工作单位:B公司”这一信息可以作为替换个人信息对目标用户A的“工作单位:A公司”这项信息进行替换。For example, one piece of personal information of target user A is "work unit: Company A", and one piece of personal information of user B is "work unit: company B", and both pieces of personal information are of the type of work unit, then The information of user B's "work unit: Company B" can be used as replacement personal information to replace the information of target user A's "work unit: Company A".
在本实施例中,通过将所述目标用户的个人信息中一些个人信息项替换为其他其他用户的个人信息,提高了生成的第一令牌的混淆性,从而保证了令牌的隐蔽性和安全性。In this embodiment, by replacing some personal information items in the personal information of the target user with the personal information of other users, the confusion of the generated first token is improved, thereby ensuring the concealment and security of the token. safety.
步骤230,接收所述目标用户通过所述应用程序客户端发起的访问请求,获取所述访问请求中携带的第二令牌。Step 230: Receive an access request initiated by the target user through the application client, and obtain a second token carried in the access request.
目标用户通过应用程序客户端发起访问请求时,会携带为其生成的令牌。When the target user initiates an access request through the application client, it will carry the token generated for it.
在一个实施例中,所述第一有效期限为一个时间长度,在接收所述目标用户通过所述应用程序客户端发起的访问请求之前,所述方法还包括:In one embodiment, the first validity period is a length of time, and before receiving the access request initiated by the target user through the application client, the method further includes:
确定与所述目标令牌生成算法对应的截止期限范围;determining a deadline range corresponding to the target token generation algorithm;
将生成所述第一令牌的时间、所述第一令牌、所述第一有效期限以及所述截止期限范围对应存储。The time when the first token is generated, the first token, the first validity period and the deadline range are stored correspondingly.
由于截止期限范围与目标令牌生成算法对应,而第一有效期限也与第一令牌以及目标令牌生成算法对应,因此,截止期限范围与第一有效期限对应。Since the deadline range corresponds to the target token generation algorithm, and the first validity period also corresponds to the first token and the target token generation algorithm, the deadline range corresponds to the first validity period.
根据生成第一令牌的时间和以时间长度定义的第一有效期限可以确定第一有效期限对应的实际时间范围,比如,生成第一令牌的时间为8:00,第一有效期限为60分钟,那么第一有效期限对应的实际时间范围为8:00~9:00。The actual time range corresponding to the first validity period can be determined according to the time when the first token is generated and the first validity period defined by the time length. For example, the time when the first token is generated is 8:00, and the first validity period is 60 minutes, then the actual time range corresponding to the first validity period is 8:00 to 9:00.
通过将生成所述第一令牌的时间、所述第一令牌、所述第一有效期限以及所述截止期限范围对应存储,可以为后续的步骤提供数据。By storing the time when the first token is generated, the first token, the first validity period and the deadline range, data can be provided for subsequent steps.
在一个实施例中,每一所述令牌生成算法对应一个截止期限范围,所述确定与所述目标令牌生成算法对应的截止期限范围,包括:In one embodiment, each of the token generation algorithms corresponds to a deadline range, and the determining the deadline range corresponding to the target token generation algorithm includes:
根据确定所述目标令牌生成算法所基于的至少一个令牌生成算法对应的截止期限范围,确定与所述目标令牌生成算法对应的截止期限范围。The deadline range corresponding to the target token generation algorithm is determined according to the deadline range corresponding to at least one token generation algorithm on which the target token generation algorithm is based.
比如,当将随机选择的令牌生成算法作为目标令牌生成算法时,确定目标令牌生成 算法所基于的令牌生成算法正是该随机选择的令牌生成算法,可以直接将该随机选择的令牌生成算法对应的截止期限范围,作为与所述目标令牌生成算法对应的截止期限范围。For example, when the randomly selected token generation algorithm is used as the target token generation algorithm, it is determined that the token generation algorithm on which the target token generation algorithm is based is the randomly selected token generation algorithm, and the randomly selected token generation algorithm can be directly selected. The deadline range corresponding to the token generation algorithm is taken as the deadline range corresponding to the target token generation algorithm.
在一个实施例中,所述目标令牌生成算法基于多个令牌生成算法确定得到,所述根据确定所述目标令牌生成算法所基于的至少一个令牌生成算法对应的截止期限范围,确定与所述目标令牌生成算法对应的截止期限范围,包括:In one embodiment, the target token generation algorithm is determined based on a plurality of token generation algorithms, and the target token generation algorithm is determined according to a deadline range corresponding to at least one token generation algorithm on which the target token generation algorithm is based. The deadline range corresponding to the target token generation algorithm, including:
获取确定所述目标令牌生成算法所基于的各令牌生成算法;obtaining each token generation algorithm on which the target token generation algorithm is determined;
在确定出的各令牌生成算法对应的截止期限范围中,确定时间长度最小的截止期限范围作为与所述目标令牌生成算法对应的截止期限范围。Among the determined deadline ranges corresponding to each token generation algorithm, the deadline range with the smallest time length is determined as the deadline range corresponding to the target token generation algorithm.
各令牌生成算法对应的截止期限范围可以通过查表的方式获得。The deadline range corresponding to each token generation algorithm can be obtained by looking up the table.
在本实施例中,通过将确定目标令牌生成算法所基于的各令牌生成算法对应的最小截止期限范围作为目标令牌生成算法对应的截止期限范围,可以使对令牌有效期进行延长的时间范围不至于过大,从而在一定程度上保证对令牌的有效期进行延长时的安全性。In this embodiment, by taking the minimum deadline range corresponding to each token generation algorithm on which the target token generation algorithm is based as the deadline range corresponding to the target token generation algorithm, the time for extending the validity period of the token can be made The range should not be too large, so as to ensure the security of extending the validity period of the token to a certain extent.
步骤240,若所述第二令牌与所述第一令牌一致且当前时间在所述第一令牌对应的第一有效期限内,则通过所述访问请求。Step 240: Pass the access request if the second token is consistent with the first token and the current time is within the first validity period corresponding to the first token.
在一个实施例中,所述方法还包括:In one embodiment, the method further includes:
若所述第二令牌与所述第一令牌不一致或者当前时间不在所述第一令牌对应的第一有效期限内,则拒绝所述访问请求。If the second token is inconsistent with the first token or the current time is not within the first validity period corresponding to the first token, the access request is rejected.
具体来说,目标用户可以包括第一用户标识,当生成第一令牌后,将第一令牌、第一用户标识及第一有效期限对应存储至本地;访问请求还包括第二用户标识,在判断第一令牌与第二令牌是否一致时,首先找到与第二用户标识一致的第一用户标识,然后,确定与该第一用户标识对应存储的第一令牌,并将确定出的第一令牌与访问请求中的第二令牌进行比对;另外,还会确定出与第一令牌对应存储的第一有效期限,并进行当前时间是否在第一有效期限内的判定。Specifically, the target user may include the first user identifier, and after the first token is generated, the first token, the first user identifier and the first validity period are stored locally; the access request also includes the second user identifier, When judging whether the first token is consistent with the second token, first find the first user identification that is consistent with the second user identification, then determine the first token stored corresponding to the first user identification, and determine the The first token in the access request is compared with the second token in the access request; in addition, the first valid period stored corresponding to the first token is also determined, and a judgment is made whether the current time is within the first valid period .
在通过访问请求之后,目标用户可通过应用程序客户端访问由本端提供的其所需的资源。After passing the access request, the target user can access the required resources provided by the local end through the application client.
在一个实施例中,在利用所述目标令牌生成算法并至少基于所述目标用户的关联信息为所述目标用户生成第一令牌,并将所述第一令牌发送至所述目标用户所在的应用程序客户端之后,所述方法还包括:In one embodiment, a first token is generated for the target user using the target token generation algorithm and based at least on the associated information of the target user, and the first token is sent to the target user After the application client is located, the method further includes:
将所述第一令牌存储至缓存服务器中;storing the first token in a cache server;
在若所述第二令牌与所述第一令牌一致且当前时间在所述第一令牌对应的第一有效期限内,则通过所述访问请求之前,所述方法包括:Before passing the access request if the second token is consistent with the first token and the current time is within the first validity period corresponding to the first token, the method includes:
将所述第二令牌发送至缓存服务器,以便所述缓存服务器将所述第一令牌与所述第二令牌进行比对;sending the second token to a cache server so that the cache server compares the first token with the second token;
从所述缓存服务器获取比对结果。Obtain the comparison result from the cache server.
在本实施例中,通过将第一令牌存储至缓存服务器中,并在缓存服务器中进行令牌的比对,而缓存服务器的处理和访问速度比较高效,因此,可以减轻本申请执行终端的处理压力,提高效率。In this embodiment, by storing the first token in the cache server and comparing the tokens in the cache server, the processing and access speed of the cache server are relatively efficient, so the execution terminal of the present application can be reduced. Manage stress and increase efficiency.
步骤250,在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,对所述第一令牌对应的第一有效期限进行延长,其中,所述截止期限范围属于所述第一有效期限对应的时间范围。Step 250: Extend the first validity period corresponding to the first token when the current time reaches the deadline range corresponding to the target token generation algorithm, wherein the deadline range belongs to the The time range corresponding to the first validity period.
第一有效期限可以是一个时间长度段,也可以是一个时刻,对第一有效期限进行延长的方式主要是在第一有效期限基础上增加时间长度。The first validity period may be a period of time length, or may be a moment, and the method of extending the first validity period is mainly to increase the time length on the basis of the first validity period.
截止期限范围属于第一有效期限对应的时间范围,也就是说,截止期限范围在第一有效期限范围内。The deadline range belongs to the time range corresponding to the first validity term, that is, the deadline range is within the first validity term range.
截止期限范围可以是第一有效期限内的一个时刻至第一有效期限结束的时刻之间的 时间范围,即截止期限范围的结束时刻可以与第一有效期限的结束时刻一致,可以以一个时间长度作为截止期限范围,那么第一有效期限结束的时刻减去该时间长度便可以是截止期限范围的起始时刻。当然,截止期限范围可以是第一有效期限内的其他时间范围。因此,截止期限范围可以是第一有效期限内的任意一段时间。The deadline range can be the time range between a time within the first validity period and the time when the first validity period ends, that is, the end time of the deadline range can be the same as the end time of the first validity period, and it can be a length of time. As the deadline range, the time when the first valid term ends minus the time length can be the start time of the deadline range. Of course, the deadline range may be other time ranges within the first validity period. Therefore, the deadline range can be any period of time within the first validity period.
在一个实施例中,所述在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,对所述第一令牌对应的第一有效期限进行延长,包括:In one embodiment, when the current time reaches a deadline range corresponding to the target token generation algorithm, extending the first validity period corresponding to the first token includes:
在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,确定所述第一有效期限的终止时间与所述截止期限范围的时间长度之和;In the case that the current time reaches the deadline range corresponding to the target token generation algorithm, determining the sum of the termination time of the first validity period and the time length of the deadline range;
将所述第一令牌对应的第一有效期限延长至所述和对应的有效期限。Extending the first validity period corresponding to the first token to the sum corresponding validity period.
比如,第一有效期限为7:30-8:30,第一有效期限的终止时间则为8:30,截止期限范围为8:00-8:30,截止期限范围的时间长度为30分钟,若当前时间为8:02,当前时间达到了截止期限范围,那么,第一有效期限的终止时间与截止期限范围的时间长度之和为9:00。For example, the first validity period is 7:30-8:30, the end time of the first validity period is 8:30, the deadline range is 8:00-8:30, and the time length of the deadline range is 30 minutes. If the current time is 8:02 and the current time reaches the expiration date range, then the sum of the termination time of the first validity period and the time length of the expiration date range is 9:00.
在一个实施例中,所述在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,对所述第一令牌对应的第一有效期限进行延长,包括:In one embodiment, when the current time reaches a deadline range corresponding to the target token generation algorithm, extending the first validity period corresponding to the first token includes:
在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,确定当前时间与所述第一有效期限的时间长度之和;In the case that the current time reaches the deadline range corresponding to the target token generation algorithm, determining the sum of the current time and the time length of the first validity period;
将所述第一令牌对应的第一有效期限延长至所述和对应的有效期限。Extending the first validity period corresponding to the first token to the sum corresponding validity period.
比如,第一有效期限为7:30-8:30,第一有效期限的时间长度为60分钟,截止期限范围为8:00-8:30,若当前时间为8:02,那么,当前时间与第一有效期限的时间长度之和为9:02。For example, the first validity period is 7:30-8:30, the length of the first validity period is 60 minutes, and the deadline range is 8:00-8:30. If the current time is 8:02, then the current time The sum of the time length with the first validity period is 9:02.
在一个实施例中,所述在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,对所述第一令牌对应的第一有效期限进行延长,包括:In one embodiment, when the current time reaches a deadline range corresponding to the target token generation algorithm, extending the first validity period corresponding to the first token includes:
在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,确定所述截止期限范围的起始时间与所述第一有效期限的时间长度之和;In the case that the current time reaches the deadline range corresponding to the target token generation algorithm, determining the sum of the start time of the deadline range and the time length of the first valid term;
将所述第一令牌对应的第一有效期限延长至所述和对应的有效期限。Extending the first validity period corresponding to the first token to the sum corresponding validity period.
比如,第一有效期限为7:30-8:30,第一有效期限的时间长度为60分钟,截止期限范围为8:00-8:30,对应的起始时间为8:00,那么,截止期限范围的起始时间与第一有效期限的时间长度之和为9:00。For example, if the first validity period is 7:30-8:30, the length of the first validity period is 60 minutes, the deadline range is 8:00-8:30, and the corresponding start time is 8:00, then, The sum of the start time of the deadline range and the length of the first validity period is 9:00.
在一个实施例中,所述第一有效期限为失效时间,在接收所述目标用户通过所述应用程序客户端发起的访问请求之前,所述方法还包括:In one embodiment, the first validity period is an expiration time, and before receiving the access request initiated by the target user through the application client, the method further includes:
确定与所述目标令牌生成算法对应的截止期限范围;determining a deadline range corresponding to the target token generation algorithm;
将所述第一令牌、所述第一有效期限以及所述截止期限范围对应存储;correspondingly storing the first token, the first validity period and the deadline range;
所述在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,对所述第一令牌对应的第一有效期限进行延长,包括:When the current time reaches the deadline range corresponding to the target token generation algorithm, extending the first validity period corresponding to the first token includes:
在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,确定所述截止期限范围的时间长度与所述第一有效期限之和;In the case that the current time reaches the deadline range corresponding to the target token generation algorithm, determining the sum of the time length of the deadline range and the first validity period;
将所述第一令牌对应的第一有效期限延长至所述和对应的有效期限。Extending the first validity period corresponding to the first token to the sum corresponding validity period.
本实施例与前述实施例类似,但本实施例中将第一有效期限定义为失效时间,即第一有效期限为一个时刻。This embodiment is similar to the previous embodiment, but in this embodiment, the first validity period is defined as the expiration time, that is, the first validity period is a moment.
由此可见,对第一令牌对应的第一有效期限进行延长的方式可以是多种多样的,可以基于第一有效期限、截止期限范围的时间长度、当前时间等多种要素来进行计算,所延长的时间长度也可以是任意的,只需要能够将第一有效期限延长即可。It can be seen that there are various ways to extend the first validity period corresponding to the first token, and the calculation can be performed based on various factors such as the first validity period, the time length of the deadline range, and the current time. The length of time to be extended may also be arbitrary, as long as the first validity period can be extended.
在一个实施例中,所述在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,对所述第一令牌对应的第一有效期限进行延长,包括:In one embodiment, when the current time reaches a deadline range corresponding to the target token generation algorithm, extending the first validity period corresponding to the first token includes:
在当前时间达到与第一有效期限对应的截止期限范围的情况下,若所述应用程序客户端在当前时间之前的预定时间范围内始终没有进入后台,则对所述第一令牌对应的第一有效期限进行延长。When the current time reaches the deadline range corresponding to the first valid term, if the application client has not entered the background within the predetermined time range before the current time, the first token corresponding to the first token An expiration date is extended.
应用程序客户端没有进入后台是指应用程序客户端的操作界面始终在终端操作系统的最上层显示。比如,手机终端的操作界面一直在操作系统的最上层。The fact that the application client does not enter the background means that the operation interface of the application client is always displayed on the top layer of the terminal operating system. For example, the operation interface of the mobile phone terminal has always been at the top layer of the operating system.
本实施例中,通过对当前时间之前的预定时间范围内应用程序客户端是否进入后台进行校验,只有在应用程序客户端在该预定时间范围内一直没有进入后台的情况下,才允许对第一有效期限进行延长,因此保证了令牌有效期限延长时的安全性。In this embodiment, by checking whether the application client enters the background within a predetermined time range before the current time, only if the application client has not entered the background within the predetermined time range, the first An expiration date is extended, thus ensuring security when the token expiration date is extended.
图4根据一示例性实施例示出的一种基于令牌的应用程序访问方法的基本流程示意图。本申请提供的基于令牌的应用程序访问方法的基本流程可以如图4所示:图中的应用程序可以是各种类型的应用程序客户端,比如可以是移动端的App,也可以是PC端的客户端。Fig. 4 is a schematic flowchart of a basic flow of a token-based application access method according to an exemplary embodiment. The basic flow of the token-based application access method provided by this application can be shown in Figure 4: the application in the figure can be various types of application client, such as a mobile App or a PC. client.
具体来说,这个基本流程可以是这样的:首先,用户首次登录应用程序,通过应用程序向本端提供关联信息;本端访问令牌规则库,根据令牌规则库中的多个令牌生成算法随机确定得到目标令牌生成算法;然后,本端利用目标令牌生成算法和关联信息生成动态令牌作为第一令牌,此处的动态令牌是指第一令牌是利用每次随机确定出的目标令牌生成算法生成的,因此,动态令牌的生成方式不是固定的;接着,第一令牌这一动态令牌会被存储至数据库中,并且被发送至用户端,使得用户端获得令牌;当应用程序发起访问请求,会在该访问请求中携带第二令牌,服务端会接收到携带了第二令牌的访问请求;然后从该访问请求中获取第二令牌,服务端还会从数据库获取已存储的第一令牌;接着服务端将第一令牌与第二令牌进行比对,如果比对结果为不一致,则会拒绝用户端的访问;如果一致,则会按照一定规则查询截止期限数据库,以确定当前时间是否在与所述目标令牌生成算法对应的截止期限范围,如果是,则会对第一有效期限进行延长以进行自动续期。Specifically, the basic process can be as follows: first, the user logs in to the application for the first time, and provides associated information to the local end through the application; the local end accesses the token rule base, and generates the token based on multiple tokens in the token rule base. The algorithm is randomly determined to obtain the target token generation algorithm; then, the local end uses the target token generation algorithm and associated information to generate a dynamic token as the first token, where the dynamic token means that the first token is generated by using each random The determined target token generation algorithm is generated, so the generation method of the dynamic token is not fixed; then, the dynamic token of the first token will be stored in the database and sent to the user end, so that the user can The terminal obtains the token; when the application initiates an access request, it will carry the second token in the access request, and the server will receive the access request carrying the second token; and then obtain the second token from the access request , the server will also obtain the stored first token from the database; then the server will compare the first token with the second token, if the result of the comparison is inconsistent, it will deny the user's access; if they are consistent, The expiration date database will be queried according to certain rules to determine whether the current time is within the expiration date range corresponding to the target token generation algorithm, and if so, the first valid period will be extended for automatic renewal.
综上所述,根据图2实施例提供的一种基于令牌的应用程序访问方法,通过基于多个令牌生成算法随机确定目标令牌生成算法,并利用目标令牌生成算法生成令牌,因此,有效提高了令牌的安全性和可靠性;同时,在当前时间达到与所述目标令牌生成算法对应的截止期限范围时,还对第一令牌对应的第一有效期限进行延长,因此,大大降低了令牌过期会打断用户操作的可能性,提高了用户体验。To sum up, according to a token-based application access method provided in the embodiment of FIG. 2 , a target token generation algorithm is randomly determined based on multiple token generation algorithms, and a token is generated by using the target token generation algorithm, Therefore, the security and reliability of the token are effectively improved; at the same time, when the current time reaches the deadline range corresponding to the target token generation algorithm, the first validity period corresponding to the first token is also extended, Therefore, the possibility that the token expiration will interrupt the user's operation is greatly reduced, and the user experience is improved.
本申请还提供了一种基于令牌的应用程序访问装置,以下是本申请的装置实施例。The present application also provides a token-based application access device, and the following are device embodiments of the present application.
图5是根据一示例性实施例示出的一种基于令牌的应用程序访问装置的框图。如图5所示,该装置500包括:Fig. 5 is a block diagram of a token-based application access device according to an exemplary embodiment. As shown in Figure 5, the device 500 includes:
随机确定模块510,被配置为根据多个令牌生成算法随机确定与目标用户对应的目标令牌生成算法;The random determination module 510 is configured to randomly determine the target token generation algorithm corresponding to the target user according to the plurality of token generation algorithms;
生成模块520,被配置为利用所述目标令牌生成算法并至少基于所述目标用户的关联信息为所述目标用户生成第一令牌,并将所述第一令牌发送至所述目标用户所在的应用程序客户端,其中,所述第一令牌的有效期限为第一有效期限;A generating module 520, configured to generate a first token for the target user by using the target token generating algorithm and at least based on the associated information of the target user, and send the first token to the target user where the client of the application program is located, wherein the validity period of the first token is the first validity period;
获取模块530,被配置为接收所述目标用户通过所述应用程序客户端发起的访问请求,获取所述访问请求中携带的第二令牌;The obtaining module 530 is configured to receive the access request initiated by the target user through the application client, and obtain the second token carried in the access request;
通过模块540,被配置为若所述第二令牌与所述第一令牌一致且当前时间在所述第一令牌对应的第一有效期限内,则通过所述访问请求;The module 540 is configured to pass the access request if the second token is consistent with the first token and the current time is within the first validity period corresponding to the first token;
延长模块550,被配置为在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,对所述第一令牌对应的第一有效期限进行延长,其中,所述截止期限范围属于所述第一有效期限对应的时间范围。The extension module 550 is configured to extend the first validity period corresponding to the first token when the current time reaches the deadline range corresponding to the target token generation algorithm, wherein the deadline The range belongs to the time range corresponding to the first validity period.
在一个实施例中,所述随机确定模块被进一步配置为:In one embodiment, the random determination module is further configured to:
在预设的多个令牌生成算法中随机选择第一预定数目个令牌生成算法;Randomly selecting a first predetermined number of token generation algorithms from a plurality of preset token generation algorithms;
随机从预设算法规则库选择一个令牌生成算法合并规则,并按照所述令牌生成算法合并规则对所述第一预定数目个令牌生成算法进行整合,得到与目标用户对应的目标令牌生成算法。Randomly select a token generation algorithm merging rule from the preset algorithm rule library, and integrate the first predetermined number of token generation algorithms according to the token generation algorithm merging rule to obtain a target token corresponding to the target user Generation algorithm.
在一个实施例中,所述关联信息包括多项个人信息,每项个人信息与一个信息类型相对应,所述生成模块被进一步配置为:In one embodiment, the associated information includes a plurality of pieces of personal information, each piece of personal information corresponds to an information type, and the generating module is further configured to:
从所述目标用户的个人信息中随机选取至少一项个人信息,作为目标个人信息;Randomly select at least one piece of personal information from the personal information of the target user as the target personal information;
从预设数据库获取与至少一个其他用户对应的个人信息,作为替换个人信息;Obtain personal information corresponding to at least one other user from a preset database as replacement personal information;
针对所述目标用户的个人信息中的每一所述目标个人信息,将该目标个人信息替换为相同信息类型的替换个人信息;For each of the target personal information in the personal information of the target user, replace the target personal information with replacement personal information of the same information type;
利用所述目标令牌生成算法并基于替换后的所述目标用户的个人信息为所述目标用户生成第一令牌。A first token is generated for the target user using the target token generation algorithm and based on the replaced personal information of the target user.
在一个实施例中,所述第一有效期限为一个时间长度,所述生成模块还被配置为在接收所述目标用户通过所述应用程序客户端发起的访问请求之前:In one embodiment, the first validity period is a length of time, and the generating module is further configured to: before receiving an access request initiated by the target user through the application client:
确定与所述目标令牌生成算法对应的截止期限范围;determining a deadline range corresponding to the target token generation algorithm;
将生成所述第一令牌的时间、所述第一令牌、所述第一有效期限以及所述截止期限范围对应存储。The time when the first token is generated, the first token, the first validity period and the deadline range are stored correspondingly.
在一个实施例中,所述生成模块还被配置为在利用所述目标令牌生成算法并至少基于所述目标用户的关联信息为所述目标用户生成第一令牌,并将所述第一令牌发送至所述目标用户所在的应用程序客户端之后:In one embodiment, the generating module is further configured to generate a first token for the target user using the target token generation algorithm and at least based on the associated information of the target user, and to generate the first token for the target user. After the token is sent to the application client where the target user is located:
将所述第一令牌存储至缓存服务器中;storing the first token in a cache server;
所述通过模块还被配置为在若所述第二令牌与所述第一令牌一致且当前时间在所述第一令牌对应的第一有效期限内,则通过所述访问请求之前:The passing module is further configured to pass the access request before passing the access request if the second token is consistent with the first token and the current time is within the first validity period corresponding to the first token:
将所述第二令牌发送至缓存服务器,以便所述缓存服务器将所述第一令牌与所述第二令牌进行比对;sending the second token to a cache server so that the cache server compares the first token with the second token;
从所述缓存服务器获取比对结果。Obtain the comparison result from the cache server.
在一个实施例中,所述延长模块被进一步配置为:In one embodiment, the extension module is further configured to:
在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,确定所述第一有效期限的终止时间与所述截止期限范围的时间长度之和;In the case that the current time reaches the deadline range corresponding to the target token generation algorithm, determining the sum of the termination time of the first validity period and the time length of the deadline range;
将所述第一令牌对应的第一有效期限延长至所述和对应的有效期限。Extending the first validity period corresponding to the first token to the sum corresponding validity period.
在一个实施例中,所述第一有效期限为失效时间,所述生成模块还被配置为在接收所述目标用户通过所述应用程序客户端发起的访问请求之前:In one embodiment, the first validity period is an expiration time, and the generating module is further configured to: before receiving an access request initiated by the target user through the application client:
确定与所述目标令牌生成算法对应的截止期限范围;determining a deadline range corresponding to the target token generation algorithm;
将所述第一令牌、所述第一有效期限以及所述截止期限范围对应存储;correspondingly storing the first token, the first validity period and the deadline range;
所述延长模块被进一步配置为:The extension module is further configured to:
在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,确定所述截止期限范围的时间长度与所述第一有效期限之和;In the case that the current time reaches the deadline range corresponding to the target token generation algorithm, determining the sum of the time length of the deadline range and the first validity period;
将所述第一令牌对应的第一有效期限延长至所述和对应的有效期限。Extending the first validity period corresponding to the first token to the sum corresponding validity period.
根据本申请的第三方面,还提供了一种计算机设备,执行上述任一所示的基于令牌的应用程序访问方法的全部或者部分步骤。该计算机设备包括:According to a third aspect of the present application, a computer device is also provided, which executes all or part of the steps of any one of the token-based application access methods shown above. The computer equipment includes:
至少一个处理器;以及at least one processor; and
与所述至少一个处理器通信连接的存储器;其中,a memory communicatively coupled to the at least one processor; wherein,
所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够执行如上述任一个示例性实施例所示出的基于令牌的应用程序访问方法。The memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to enable the at least one processor to execute as illustrated in any of the above-described exemplary embodiments Token-based application access method.
所属技术领域的技术人员能够理解,本申请的各个方面可以实现为系统、方法或程序产品。因此,本申请的各个方面可以具体实现为以下形式,即:完全的硬件实施方式、完全的软件实施方式(包括固件、微代码等),或硬件和软件方面结合的实施方式,这里可以统称为“电路”、“模块”或“系统”。As will be appreciated by one skilled in the art, various aspects of the present application may be implemented as a system, method or program product. Therefore, various aspects of the present application can be embodied in the following forms, namely: a complete hardware implementation, a complete software implementation (including firmware, microcode, etc.), or a combination of hardware and software aspects, which may be collectively referred to herein as implementations "circuit", "module" or "system".
下面参照图6来描述根据本申请的这种实施方式的计算机设备600。图6显示的计算机设备600仅仅是一个示例,不应对本申请实施例的功能和使用范围带来任何限制。A computer device 600 according to this embodiment of the present application is described below with reference to FIG. 6 . The computer device 600 shown in FIG. 6 is only an example, and should not impose any limitations on the functions and scope of use of the embodiments of the present application.
如图6所示,计算机设备600以通用计算设备的形式表现。计算机设备600的组件可以包括但不限于:上述至少一个处理单元610、上述至少一个存储单元620、连接不同系统组件(包括存储单元620和处理单元610)的总线630。As shown in FIG. 6, computer device 600 takes the form of a general-purpose computing device. Components of the computer device 600 may include, but are not limited to, the above-mentioned at least one processing unit 610 , the above-mentioned at least one storage unit 620 , and a bus 630 connecting different system components (including the storage unit 620 and the processing unit 610 ).
其中,所述存储单元存储有程序代码,所述程序代码可以被所述处理单元610执行,使得所述处理单元610执行本说明书上述“实施例方法”部分中描述的根据本申请各种示例性实施方式的步骤。Wherein, the storage unit stores program codes, and the program codes can be executed by the processing unit 610, so that the processing unit 610 executes various exemplary methods according to the present application described in the above-mentioned “Methods of Embodiments” of this specification. Implementation steps.
存储单元620可以包括易失性存储单元形式的可读介质,例如随机存取存储单元(RAM)621和/或高速缓存存储单元622,还可以进一步包括只读存储单元(ROM)623。The storage unit 620 may include a readable medium in the form of a volatile storage unit, such as a random access storage unit (RAM) 621 and/or a cache storage unit 622 , and may further include a read only storage unit (ROM) 623 .
存储单元620还可以包括具有一组(至少一个)程序模块625的程序/实用工具624,这样的程序模块625包括但不限于:操作系统、一个或者多个应用程序、其它程序模块以及程序数据,这些示例中的每一个或某种组合中可能包括网络环境的实现。The storage unit 620 may also include a program/utility 624 having a set (at least one) of program modules 625 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, An implementation of a network environment may be included in each or some combination of these examples.
总线630可以为表示几类总线结构中的一种或多种,包括存储单元总线或者存储单元控制器、外围总线、图形加速端口、处理单元或者使用多种总线结构中的任意总线结构的局域总线。The bus 630 may be representative of one or more of several types of bus structures, including a memory cell bus or memory cell controller, a peripheral bus, a graphics acceleration port, a processing unit, or a local area using any of a variety of bus structures. bus.
计算机设备600也可以与一个或多个外部设备800(例如键盘、指向设备、蓝牙设备等)通信,还可与一个或者多个使得用户能与该计算机设备600交互的设备通信,和/或与使得该计算机设备600能与一个或多个其它计算机设备进行通信的任何设备(例如路由器、调制解调器等等)通信。这种通信可以通过输入/输出(I/O)接口650进行,比如与显示单元640通信。并且,计算机设备600还可以通过网络适配器660与一个或者多个网络(例如局域网(LAN),广域网(WAN)和/或公共网络,例如因特网)通信。如图所示,网络适配器660通过总线630与计算机设备600的其它模块通信。应当明白,尽管图中未示出,可以结合计算机设备600使用其它硬件和/或软件模块,包括但不限于:微代码、设备驱动器、冗余处理单元、外部磁盘驱动阵列、RAID系统、磁带驱动器以及数据备份存储系统等。The computer device 600 may also communicate with one or more external devices 800 (eg, keyboards, pointing devices, Bluetooth devices, etc.), with one or more devices that enable a user to interact with the computer device 600, and/or with Any device (eg, router, modem, etc.) that enables the computer device 600 to communicate with one or more other computer devices. Such communication may occur through an input/output (I/O) interface 650 , such as with display unit 640 . Also, the computer device 600 may communicate with one or more networks (eg, a local area network (LAN), a wide area network (WAN), and/or a public network such as the Internet) through a network adapter 660 . As shown, network adapter 660 communicates with other modules of computer device 600 via bus 630 . It should be understood that, although not shown, other hardware and/or software modules may be used in conjunction with computer device 600, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives and data backup storage systems.
通过以上的实施方式的描述,本领域的技术人员易于理解,这里描述的示例实施方式可以通过软件实现,也可以通过软件结合必要的硬件的方式来实现。因此,根据本申请实施方式的技术方案可以以软件产品的形式体现出来,该软件产品可以存储在一个非易失性存储介质(可以是CD-ROM,U盘,移动硬盘等)中或网络上,包括若干指令以使得一台计算机设备(可以是个人计算机、服务器、终端装置、或者网络设备等)执行根据本申请实施方式的方法。From the description of the above embodiments, those skilled in the art can easily understand that the exemplary embodiments described herein may be implemented by software, or may be implemented by software combined with necessary hardware. Therefore, the technical solutions according to the embodiments of the present application may be embodied in the form of software products, and the software products may be stored in a non-volatile storage medium (which may be CD-ROM, U disk, mobile hard disk, etc.) or on the network , including several instructions to cause a computer device (which may be a personal computer, a server, a terminal device, or a network device, etc.) to execute the method according to the embodiment of the present application.
根据本申请的第四方面,还提供了一种计算机可读存储介质,其上存储有能够实现本说明书上述方法的程序产品,所述计算机可读存储介质可以是非易失性,也可以是易失性。在一些可能的实施方式中,本申请的各个方面还可以实现为一种程序产品的形式,其包括程序代码,当所述程序产品在终端设备上运行时,所述程序代码用于使所述终端设备执行本说明书上述“示例性方法”部分中描述的根据本申请各种示例性实施方式的步骤。According to a fourth aspect of the present application, there is also provided a computer-readable storage medium on which a program product capable of implementing the above-mentioned method of the present specification is stored, and the computer-readable storage medium may be non-volatile or easily accessible. loss of sex. In some possible implementations, various aspects of the present application can also be implemented in the form of a program product, which includes program code, which is used to cause the program product to run on a terminal device when the program product is executed. The terminal device performs the steps according to various exemplary embodiments of the present application described in the above-mentioned "Example Method" section of this specification.
参考图7所示,描述了根据本申请的实施方式的用于实现上述方法的程序产品700,其可以采用便携式紧凑盘只读存储器(CD-ROM)并包括程序代码,并可以在终端设备,例如个人电脑上运行。然而,本申请的程序产品不限于此,在本文件中,计算机可读存储 介质可以是任何包含或存储程序的有形介质,该程序可以被指令执行系统、装置或者器件使用或者与其结合使用。Referring to FIG. 7 , a program product 700 for implementing the above method according to an embodiment of the present application is described, which can adopt a portable compact disk read only memory (CD-ROM) and include program codes, and can be used in a terminal device, For example running on a personal computer. However, the program product of the present application is not limited thereto, and in this document, a computer-readable storage medium can be any tangible medium that contains or stores a program that can be used by or in conjunction with an instruction execution system, apparatus, or device.
所述程序产品可以采用一个或多个可读介质的任意组合。可读介质可以是可读信号介质或者可读存储介质。可读存储介质例如可以为但不限于电、磁、光、电磁、红外线、或半导体的系统、装置或器件,或者任意以上的组合。可读存储介质的更具体的例子(非穷举的列表)包括:具有一个或多个导线的电连接、便携式盘、硬盘、随机存取存储器(RAM)、只读存储器(ROM)、可擦式可编程只读存储器(EPROM或闪存)、光纤、便携式紧凑盘只读存储器(CD-ROM)、光存储器件、磁存储器件、或者上述的任意合适的组合。The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium may be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus or device, or a combination of any of the above. More specific examples (non-exhaustive list) of readable storage media include: electrical connections with one or more wires, portable disks, hard disks, random access memory (RAM), read only memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disk read only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination of the foregoing.
计算机可读信号介质可以包括在基带中或者作为载波一部分传播的数据信号,其中承载了可读程序代码。这种传播的数据信号可以采用多种形式,包括但不限于电磁信号、光信号或上述的任意合适的组合。可读信号介质还可以是可读存储介质以外的任何可读介质,该可读介质可以发送、传播或者传输用于由指令执行系统、装置或者器件使用或者与其结合使用的程序。A computer readable signal medium may include a propagated data signal in baseband or as part of a carrier wave with readable program code embodied thereon. Such propagated data signals may take a variety of forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the foregoing. A readable signal medium can also be any readable medium, other than a readable storage medium, that can transmit, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
可读介质上包含的程序代码可以用任何适当的介质传输,包括但不限于无线、有线、光缆、RF等等,或者上述的任意合适的组合。Program code embodied on a readable medium may be transmitted using any suitable medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
可以以一种或多种程序设计语言的任意组合来编写用于执行本申请操作的程序代码,所述程序设计语言包括面向对象的程序设计语言—诸如Java、C++等,还包括常规的过程式程序设计语言—诸如“C”语言或类似的程序设计语言。程序代码可以完全地在用户计算机设备上执行、部分地在用户计算机设备上执行、作为一个独立的软件包执行、部分在用户计算机设备上部分在远程计算机设备上执行、或者完全在远程计算机设备或服务器上执行。在涉及远程计算机设备的情形中,远程计算机设备可以通过任意种类的网络,包括局域网(LAN)或广域网(WAN),连接到用户计算机设备,或者,可以连接到外部计算机设备(例如利用因特网服务提供商来通过因特网连接)。Program code for carrying out the operations of the present application may be written in any combination of one or more programming languages, including object-oriented programming languages—such as Java, C++, etc., as well as conventional procedural Programming Language - such as the "C" language or similar programming language. The program code may execute entirely on the user's computer device, partly on the user's computer device, as a stand-alone software package, partly on the user's computer device and partly on a remote computer device, or entirely on the remote computer device or execute on the server. Where remote computer equipment is involved, the remote computer equipment may be connected to the user computer equipment via any kind of network, including a local area network (LAN) or wide area network (WAN), or may be connected to external computer equipment (eg, using an Internet service provider business via an Internet connection).
此外,上述附图仅是根据本申请示例性实施例的方法所包括的处理的示意性说明,而不是限制目的。易于理解,上述附图所示的处理并不表明或限制这些处理的时间顺序。另外,也易于理解,这些处理可以是例如在多个模块中同步或异步执行的。In addition, the above-mentioned figures are only schematic illustrations of the processes included in the methods according to the exemplary embodiments of the present application, and are not intended to be limiting. It is easy to understand that the processes shown in the above figures do not indicate or limit the chronological order of these processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, for example, in multiple modules.
应当理解的是,本申请并不局限于上面已经描述并在附图中示出的精确结构,并且可以在不脱离其范围执行各种修改和改变。本申请的范围仅由所附的权利要求来限制。It should be understood that the present application is not limited to the precise structures described above and illustrated in the accompanying drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims (20)

  1. 一种基于令牌的应用程序访问方法,包括:A token-based application access method comprising:
    根据多个令牌生成算法随机确定与目标用户对应的目标令牌生成算法;Randomly determine the target token generation algorithm corresponding to the target user according to multiple token generation algorithms;
    利用所述目标令牌生成算法并至少基于所述目标用户的关联信息为所述目标用户生成第一令牌,并将所述第一令牌发送至所述目标用户所在的应用程序客户端,其中,所述第一令牌的有效期限为第一有效期限;Using the target token generation algorithm and at least based on the associated information of the target user to generate a first token for the target user, and sending the first token to the application client where the target user is located, Wherein, the validity period of the first token is the first validity period;
    接收所述目标用户通过所述应用程序客户端发起的访问请求,获取所述访问请求中携带的第二令牌;Receive an access request initiated by the target user through the application client, and obtain the second token carried in the access request;
    若所述第二令牌与所述第一令牌一致且当前时间在所述第一令牌对应的第一有效期限内,则通过所述访问请求;If the second token is consistent with the first token and the current time is within the first validity period corresponding to the first token, pass the access request;
    在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,对所述第一令牌对应的第一有效期限进行延长,其中,所述截止期限范围属于所述第一有效期限对应的时间范围。When the current time reaches the deadline range corresponding to the target token generation algorithm, the first validity period corresponding to the first token is extended, wherein the deadline range belongs to the first validity period The time range corresponding to the period.
  2. 根据权利要求1所述的方法,其中,所述根据多个令牌生成算法随机确定与目标用户对应的目标令牌生成算法,包括:The method according to claim 1, wherein the randomly determining the target token generation algorithm corresponding to the target user according to a plurality of token generation algorithms comprises:
    在预设的多个令牌生成算法中随机选择第一预定数目个令牌生成算法;Randomly selecting a first predetermined number of token generation algorithms from a plurality of preset token generation algorithms;
    随机从预设算法规则库选择一个令牌生成算法合并规则,并按照所述令牌生成算法合并规则对所述第一预定数目个令牌生成算法进行整合,得到与目标用户对应的目标令牌生成算法。Randomly select a token generation algorithm merging rule from the preset algorithm rule library, and integrate the first predetermined number of token generation algorithms according to the token generation algorithm merging rule to obtain a target token corresponding to the target user Generation algorithm.
  3. 根据权利要求1所述的方法,其中,所述关联信息包括多项个人信息,每项个人信息与一个信息类型相对应,所述利用所述目标令牌生成算法并至少基于所述目标用户的关联信息为所述目标用户生成第一令牌,包括:The method of claim 1, wherein the associated information includes a plurality of pieces of personal information, each piece of personal information corresponding to an information type, and wherein the use of the target token generation algorithm is based on at least the target user's The associated information generates a first token for the target user, including:
    从所述目标用户的个人信息中随机选取至少一项个人信息,作为目标个人信息;Randomly select at least one piece of personal information from the personal information of the target user as the target personal information;
    从预设数据库获取与至少一个其他用户对应的个人信息,作为替换个人信息;Obtain personal information corresponding to at least one other user from a preset database as replacement personal information;
    针对所述目标用户的个人信息中的每一所述目标个人信息,将该目标个人信息替换为相同信息类型的替换个人信息;For each of the target personal information in the personal information of the target user, replace the target personal information with replacement personal information of the same information type;
    利用所述目标令牌生成算法并基于替换后的所述目标用户的个人信息为所述目标用户生成第一令牌。A first token is generated for the target user using the target token generation algorithm and based on the replaced personal information of the target user.
  4. 根据权利要求1所述的方法,其中,所述第一有效期限为一个时间长度,在接收所述目标用户通过所述应用程序客户端发起的访问请求之前,所述方法还包括:The method according to claim 1, wherein the first validity period is a length of time, and before receiving an access request initiated by the target user through the application client, the method further comprises:
    确定与所述目标令牌生成算法对应的截止期限范围;determining a deadline range corresponding to the target token generation algorithm;
    将生成所述第一令牌的时间、所述第一令牌、所述第一有效期限以及所述截止期限范围对应存储。The time when the first token is generated, the first token, the first validity period and the deadline range are stored correspondingly.
  5. 根据权利要求1所述的方法,其中,在利用所述目标令牌生成算法并至少基于所述目标用户的关联信息为所述目标用户生成第一令牌,并将所述第一令牌发送至所述目标用户所在的应用程序客户端之后,所述方法还包括:The method of claim 1, wherein a first token is generated for the target user based on at least the associated information of the target user by using the target token generation algorithm, and the first token is sent After reaching the application client where the target user is located, the method further includes:
    将所述第一令牌存储至缓存服务器中;storing the first token in a cache server;
    在若所述第二令牌与所述第一令牌一致且当前时间在所述第一令牌对应的第一有效期限内,则通过所述访问请求之前,所述方法包括:Before passing the access request if the second token is consistent with the first token and the current time is within the first validity period corresponding to the first token, the method includes:
    将所述第二令牌发送至缓存服务器,以便所述缓存服务器将所述第一令牌与所述第二令牌进行比对;sending the second token to a cache server so that the cache server compares the first token with the second token;
    从所述缓存服务器获取比对结果。Obtain the comparison result from the cache server.
  6. 根据权利要求4所述的方法,其中,所述在当前时间达到与所述目标令牌生成算法 对应的截止期限范围的情况下,对所述第一令牌对应的第一有效期限进行延长,包括:The method according to claim 4, wherein when the current time reaches a deadline range corresponding to the target token generation algorithm, the first validity period corresponding to the first token is extended, include:
    在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,确定所述第一有效期限的终止时间与所述截止期限范围的时间长度之和;In the case that the current time reaches the deadline range corresponding to the target token generation algorithm, determining the sum of the termination time of the first validity period and the time length of the deadline range;
    将所述第一令牌对应的第一有效期限延长至所述和对应的有效期限。Extending the first validity period corresponding to the first token to the sum corresponding validity period.
  7. 根据权利要求1所述的方法,其中,所述第一有效期限为失效时间,在接收所述目标用户通过所述应用程序客户端发起的访问请求之前,所述方法还包括:The method according to claim 1, wherein the first validity period is an expiration time, and before receiving an access request initiated by the target user through the application client, the method further comprises:
    确定与所述目标令牌生成算法对应的截止期限范围;determining a deadline range corresponding to the target token generation algorithm;
    将所述第一令牌、所述第一有效期限以及所述截止期限范围对应存储;correspondingly storing the first token, the first validity period and the deadline range;
    所述在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,对所述第一令牌对应的第一有效期限进行延长,包括:When the current time reaches the deadline range corresponding to the target token generation algorithm, extending the first validity period corresponding to the first token includes:
    在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,确定所述截止期限范围的时间长度与所述第一有效期限之和;In the case that the current time reaches the deadline range corresponding to the target token generation algorithm, determining the sum of the time length of the deadline range and the first validity period;
    将所述第一令牌对应的第一有效期限延长至所述和对应的有效期限。Extending the first validity period corresponding to the first token to the sum corresponding validity period.
  8. 一种基于令牌的应用程序访问装置,包括:A token-based application access device, comprising:
    随机确定模块,被配置为根据多个令牌生成算法随机确定与目标用户对应的目标令牌生成算法;a random determination module, configured to randomly determine a target token generation algorithm corresponding to the target user according to a plurality of token generation algorithms;
    生成模块,被配置为利用所述目标令牌生成算法并至少基于所述目标用户的关联信息为所述目标用户生成第一令牌,并将所述第一令牌发送至所述目标用户所在的应用程序客户端,其中,所述第一令牌的有效期限为第一有效期限;A generating module, configured to generate a first token for the target user by using the target token generation algorithm and at least based on the associated information of the target user, and send the first token to the location where the target user is located The application client, wherein the validity period of the first token is the first validity period;
    获取模块,被配置为接收所述目标用户通过所述应用程序客户端发起的访问请求,获取所述访问请求中携带的第二令牌;an acquisition module, configured to receive an access request initiated by the target user through the application client, and acquire the second token carried in the access request;
    通过模块,被配置为若所述第二令牌与所述第一令牌一致且当前时间在所述第一令牌对应的第一有效期限内,则通过所述访问请求;The passing module is configured to pass the access request if the second token is consistent with the first token and the current time is within the first validity period corresponding to the first token;
    延长模块,被配置为在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,对所述第一令牌对应的第一有效期限进行延长,其中,所述截止期限范围属于所述第一有效期限对应的时间范围。an extension module, configured to extend the first validity period corresponding to the first token when the current time reaches a deadline range corresponding to the target token generation algorithm, wherein the deadline range It belongs to the time range corresponding to the first validity period.
  9. 一种计算机设备,包括存储器和处理器,所述存储器中存储有计算机可读指令,所述计算机可读指令被所述处理器执行时,使得所述处理器执行:A computer device, comprising a memory and a processor, wherein computer-readable instructions are stored in the memory, and when the computer-readable instructions are executed by the processor, the processor is caused to execute:
    根据多个令牌生成算法随机确定与目标用户对应的目标令牌生成算法;Randomly determine the target token generation algorithm corresponding to the target user according to multiple token generation algorithms;
    利用所述目标令牌生成算法并至少基于所述目标用户的关联信息为所述目标用户生成第一令牌,并将所述第一令牌发送至所述目标用户所在的应用程序客户端,其中,所述第一令牌的有效期限为第一有效期限;Using the target token generation algorithm and at least based on the associated information of the target user to generate a first token for the target user, and sending the first token to the application client where the target user is located, Wherein, the validity period of the first token is the first validity period;
    接收所述目标用户通过所述应用程序客户端发起的访问请求,获取所述访问请求中携带的第二令牌;Receive an access request initiated by the target user through the application client, and obtain the second token carried in the access request;
    若所述第二令牌与所述第一令牌一致且当前时间在所述第一令牌对应的第一有效期限内,则通过所述访问请求;If the second token is consistent with the first token and the current time is within the first validity period corresponding to the first token, pass the access request;
    在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,对所述第一令牌对应的第一有效期限进行延长,其中,所述截止期限范围属于所述第一有效期限对应的时间范围。When the current time reaches the deadline range corresponding to the target token generation algorithm, the first validity period corresponding to the first token is extended, wherein the deadline range belongs to the first validity period The time range corresponding to the period.
  10. 根据权利要求9所述的计算机设备,其中,所述根据多个令牌生成算法随机确定与目标用户对应的目标令牌生成算法,包括:The computer device according to claim 9, wherein the randomly determining the target token generation algorithm corresponding to the target user according to a plurality of token generation algorithms comprises:
    在预设的多个令牌生成算法中随机选择第一预定数目个令牌生成算法;Randomly selecting a first predetermined number of token generation algorithms from a plurality of preset token generation algorithms;
    随机从预设算法规则库选择一个令牌生成算法合并规则,并按照所述令牌生成算法合并规则对所述第一预定数目个令牌生成算法进行整合,得到与目标用户对应的目标令牌生成算法。Randomly select a token generation algorithm merging rule from the preset algorithm rule library, and integrate the first predetermined number of token generation algorithms according to the token generation algorithm merging rule to obtain a target token corresponding to the target user Generation algorithm.
  11. 根据权利要求9所述的计算机设备,其中,所述关联信息包括多项个人信息,每项个人信息与一个信息类型相对应,所述利用所述目标令牌生成算法并至少基于所述目标用户的关联信息为所述目标用户生成第一令牌,包括:9. The computer device of claim 9, wherein the associated information includes a plurality of pieces of personal information, each piece of personal information corresponding to an information type, and wherein the target token generation algorithm is utilized and based at least on the target user The associated information of the target user generates a first token, including:
    从所述目标用户的个人信息中随机选取至少一项个人信息,作为目标个人信息;Randomly select at least one piece of personal information from the personal information of the target user as the target personal information;
    从预设数据库获取与至少一个其他用户对应的个人信息,作为替换个人信息;Obtain personal information corresponding to at least one other user from a preset database as replacement personal information;
    针对所述目标用户的个人信息中的每一所述目标个人信息,将该目标个人信息替换为相同信息类型的替换个人信息;For each of the target personal information in the personal information of the target user, replace the target personal information with replacement personal information of the same information type;
    利用所述目标令牌生成算法并基于替换后的所述目标用户的个人信息为所述目标用户生成第一令牌。A first token is generated for the target user using the target token generation algorithm and based on the replaced personal information of the target user.
  12. 根据权利要求9所述的计算机设备,其中,所述第一有效期限为一个时间长度,在接收所述目标用户通过所述应用程序客户端发起的访问请求之前,所述计算机可读指令被所述处理器执行时,使得所述处理器还执行:10. The computer device of claim 9, wherein the first validity period is a length of time during which the computer-readable instructions are issued prior to receiving an access request initiated by the target user through the application client. When the processor is executed, the processor is caused to also execute:
    确定与所述目标令牌生成算法对应的截止期限范围;determining a deadline range corresponding to the target token generation algorithm;
    将生成所述第一令牌的时间、所述第一令牌、所述第一有效期限以及所述截止期限范围对应存储。The time when the first token is generated, the first token, the first validity period and the deadline range are stored correspondingly.
  13. 根据权利要求9所述的计算机设备,其中,在利用所述目标令牌生成算法并至少基于所述目标用户的关联信息为所述目标用户生成第一令牌,并将所述第一令牌发送至所述目标用户所在的应用程序客户端之后,所述计算机可读指令被所述处理器执行时,使得所述处理器还执行:9. The computer device of claim 9, wherein a first token is generated for the target user based on at least the associated information of the target user using the target token generation algorithm, and the first token is converted to the target user. After being sent to the application client where the target user is located, when the computer-readable instructions are executed by the processor, the processor further executes:
    将所述第一令牌存储至缓存服务器中;storing the first token in a cache server;
    在若所述第二令牌与所述第一令牌一致且当前时间在所述第一令牌对应的第一有效期限内,则通过所述访问请求之前,所述计算机可读指令被所述处理器执行时,使得所述处理器还执行:before passing the access request, the computer-readable instructions are When the processor is executed, the processor is caused to also execute:
    将所述第二令牌发送至缓存服务器,以便所述缓存服务器将所述第一令牌与所述第二令牌进行比对;sending the second token to a cache server so that the cache server compares the first token with the second token;
    从所述缓存服务器获取比对结果。Obtain the comparison result from the cache server.
  14. 根据权利要求12所述的计算机设备,其中,所述在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,对所述第一令牌对应的第一有效期限进行延长,包括:The computer device according to claim 12, wherein the first validity period corresponding to the first token is extended when the current time reaches a deadline range corresponding to the target token generation algorithm ,include:
    在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,确定所述第一有效期限的终止时间与所述截止期限范围的时间长度之和;In the case that the current time reaches the deadline range corresponding to the target token generation algorithm, determining the sum of the termination time of the first validity period and the time length of the deadline range;
    将所述第一令牌对应的第一有效期限延长至所述和对应的有效期限。Extending the first validity period corresponding to the first token to the sum corresponding validity period.
  15. 根据权利要求9所述的计算机设备,其中,所述第一有效期限为失效时间,在接收所述目标用户通过所述应用程序客户端发起的访问请求之前,所述计算机可读指令被所述处理器执行时,使得所述处理器还执行:9. The computer device of claim 9, wherein the first expiration date is an expiration time, and the computer-readable instructions are executed by the computer-readable instruction prior to receiving an access request initiated by the target user through the application client. When the processor executes, the processor is caused to also execute:
    确定与所述目标令牌生成算法对应的截止期限范围;determining a deadline range corresponding to the target token generation algorithm;
    将所述第一令牌、所述第一有效期限以及所述截止期限范围对应存储;correspondingly storing the first token, the first validity period and the deadline range;
    所述在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,对所述第一令牌对应的第一有效期限进行延长,包括:When the current time reaches the deadline range corresponding to the target token generation algorithm, extending the first validity period corresponding to the first token includes:
    在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,确定所述截止期限范围的时间长度与所述第一有效期限之和;In the case that the current time reaches the deadline range corresponding to the target token generation algorithm, determining the sum of the time length of the deadline range and the first validity period;
    将所述第一令牌对应的第一有效期限延长至所述和对应的有效期限。Extending the first validity period corresponding to the first token to the sum corresponding validity period.
  16. 一种存储有计算机可读指令的计算机可读存储介质,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行:A computer-readable storage medium storing computer-readable instructions that, when executed by one or more processors, cause the one or more processors to execute:
    根据多个令牌生成算法随机确定与目标用户对应的目标令牌生成算法;Randomly determine the target token generation algorithm corresponding to the target user according to multiple token generation algorithms;
    利用所述目标令牌生成算法并至少基于所述目标用户的关联信息为所述目标用户生成第一令牌,并将所述第一令牌发送至所述目标用户所在的应用程序客户端,其中,所述第一令牌的有效期限为第一有效期限;Using the target token generation algorithm and at least based on the associated information of the target user to generate a first token for the target user, and sending the first token to the application client where the target user is located, Wherein, the validity period of the first token is the first validity period;
    接收所述目标用户通过所述应用程序客户端发起的访问请求,获取所述访问请求中携带的第二令牌;Receive an access request initiated by the target user through the application client, and obtain the second token carried in the access request;
    若所述第二令牌与所述第一令牌一致且当前时间在所述第一令牌对应的第一有效期限内,则通过所述访问请求;If the second token is consistent with the first token and the current time is within the first validity period corresponding to the first token, pass the access request;
    在当前时间达到与所述目标令牌生成算法对应的截止期限范围的情况下,对所述第一令牌对应的第一有效期限进行延长,其中,所述截止期限范围属于所述第一有效期限对应的时间范围。When the current time reaches the deadline range corresponding to the target token generation algorithm, the first validity period corresponding to the first token is extended, wherein the deadline range belongs to the first validity period The time range corresponding to the period.
  17. 根据权利要求16所述的计算机可读存储介质,其中,所述根据多个令牌生成算法随机确定与目标用户对应的目标令牌生成算法,包括:The computer-readable storage medium of claim 16, wherein the randomly determining a target token generation algorithm corresponding to the target user according to a plurality of token generation algorithms comprises:
    在预设的多个令牌生成算法中随机选择第一预定数目个令牌生成算法;Randomly selecting a first predetermined number of token generation algorithms from a plurality of preset token generation algorithms;
    随机从预设算法规则库选择一个令牌生成算法合并规则,并按照所述令牌生成算法合并规则对所述第一预定数目个令牌生成算法进行整合,得到与目标用户对应的目标令牌生成算法。Randomly select a token generation algorithm merging rule from a preset algorithm rule library, and integrate the first predetermined number of token generation algorithms according to the token generation algorithm merging rule to obtain a target token corresponding to the target user Generation algorithm.
  18. 根据权利要求16所述的计算机可读存储介质,其中,所述关联信息包括多项个人信息,每项个人信息与一个信息类型相对应,所述利用所述目标令牌生成算法并至少基于所述目标用户的关联信息为所述目标用户生成第一令牌,包括:17. The computer-readable storage medium of claim 16, wherein the associated information includes a plurality of pieces of personal information, each piece of personal information corresponding to an information type, the generating algorithm using the target token and based on at least the The associated information of the target user generates a first token for the target user, including:
    从所述目标用户的个人信息中随机选取至少一项个人信息,作为目标个人信息;Randomly select at least one piece of personal information from the personal information of the target user as the target personal information;
    从预设数据库获取与至少一个其他用户对应的个人信息,作为替换个人信息;Obtain personal information corresponding to at least one other user from a preset database as replacement personal information;
    针对所述目标用户的个人信息中的每一所述目标个人信息,将该目标个人信息替换为相同信息类型的替换个人信息;For each of the target personal information in the personal information of the target user, replace the target personal information with replacement personal information of the same information type;
    利用所述目标令牌生成算法并基于替换后的所述目标用户的个人信息为所述目标用户生成第一令牌。A first token is generated for the target user using the target token generation algorithm and based on the replaced personal information of the target user.
  19. 根据权利要求16所述的计算机可读存储介质,其中,所述第一有效期限为一个时间长度,在接收所述目标用户通过所述应用程序客户端发起的访问请求之前,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器还执行:The computer-readable storage medium according to claim 16, wherein the first validity period is a length of time, and before receiving an access request initiated by the target user through the application client, the computer-readable Instructions, when executed by one or more processors, cause the one or more processors to also execute:
    确定与所述目标令牌生成算法对应的截止期限范围;determining a deadline range corresponding to the target token generation algorithm;
    将生成所述第一令牌的时间、所述第一令牌、所述第一有效期限以及所述截止期限范围对应存储。The time when the first token is generated, the first token, the first validity period and the deadline range are stored correspondingly.
  20. 根据权利要求16所述的计算机可读存储介质,其中,在利用所述目标令牌生成算法并至少基于所述目标用户的关联信息为所述目标用户生成第一令牌,并将所述第一令牌发送至所述目标用户所在的应用程序客户端之后,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器还执行:17. The computer-readable storage medium of claim 16, wherein a first token is generated for the target user using the target token generation algorithm and based at least on the associated information of the target user, and the first token is generated for the target user. After a token is sent to the application client where the target user is located, when the computer-readable instructions are executed by one or more processors, the one or more processors further execute:
    将所述第一令牌存储至缓存服务器中;storing the first token in a cache server;
    在若所述第二令牌与所述第一令牌一致且当前时间在所述第一令牌对应的第一有效期限内,则通过所述访问请求之前,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器还执行:Before passing the access request, the computer-readable instructions are executed by a When executed by one or more processors, cause one or more processors to also execute:
    将所述第二令牌发送至缓存服务器,以便所述缓存服务器将所述第一令牌与所述第二令牌进行比对;sending the second token to a cache server so that the cache server compares the first token with the second token;
    从所述缓存服务器获取比对结果。Obtain the comparison result from the cache server.
PCT/CN2021/090948 2020-12-10 2021-04-29 Token-based application access method and apparatus, computer device, and medium WO2022121221A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011458074.1 2020-12-10
CN202011458074.1A CN112528262A (en) 2020-12-10 2020-12-10 Application program access method, device, medium and electronic equipment based on token

Publications (1)

Publication Number Publication Date
WO2022121221A1 true WO2022121221A1 (en) 2022-06-16

Family

ID=74999079

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/090948 WO2022121221A1 (en) 2020-12-10 2021-04-29 Token-based application access method and apparatus, computer device, and medium

Country Status (2)

Country Link
CN (1) CN112528262A (en)
WO (1) WO2022121221A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115766197A (en) * 2022-11-11 2023-03-07 浙江网商银行股份有限公司 Data processing method and device

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112528262A (en) * 2020-12-10 2021-03-19 平安科技(深圳)有限公司 Application program access method, device, medium and electronic equipment based on token
CN115378878B (en) * 2021-05-21 2023-11-14 北京字跳网络技术有限公司 CDN scheduling method, device, equipment and storage medium
CN113378221B (en) * 2021-06-11 2022-09-23 上海妙一生物科技有限公司 Account information processing method and device
CN113660094B (en) * 2021-08-03 2023-02-24 珠海格力电器股份有限公司 Equipment control method and device, electronic equipment and storage medium
CN114666119B (en) * 2022-03-18 2024-04-02 中国建设银行股份有限公司 Data processing method, device, electronic equipment and medium
CN114928487A (en) * 2022-05-18 2022-08-19 山东浪潮智慧医疗科技有限公司 Method for solving failure of micro-signaling board in high-concurrency scene
CN116431327B (en) * 2023-03-06 2023-11-07 钛信(上海)信息科技有限公司 Task current limiting processing method and fort machine

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101715580A (en) * 2006-12-29 2010-05-26 艾玛迪斯股份有限公司 System and method for extending sessions
CN107645512A (en) * 2017-10-20 2018-01-30 国信嘉宁数据技术有限公司 The method, apparatus and server of a kind of authentication
CN109802941A (en) * 2018-12-14 2019-05-24 平安科技(深圳)有限公司 A kind of login validation method, device, storage medium and server
CN110445615A (en) * 2019-07-12 2019-11-12 平安普惠企业管理有限公司 Network request security verification method, device, medium and electronic equipment
CN111245817A (en) * 2020-01-08 2020-06-05 中国联合网络通信集团有限公司 Automatic refreshing method and device for validity period certificate
CN112528262A (en) * 2020-12-10 2021-03-19 平安科技(深圳)有限公司 Application program access method, device, medium and electronic equipment based on token

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106204038A (en) * 2016-06-24 2016-12-07 广州正峰电子科技有限公司 The method and device that a kind of password string generates
US11569998B2 (en) * 2018-01-25 2023-01-31 Visa International Service Association Token offline provisioning

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101715580A (en) * 2006-12-29 2010-05-26 艾玛迪斯股份有限公司 System and method for extending sessions
CN107645512A (en) * 2017-10-20 2018-01-30 国信嘉宁数据技术有限公司 The method, apparatus and server of a kind of authentication
CN109802941A (en) * 2018-12-14 2019-05-24 平安科技(深圳)有限公司 A kind of login validation method, device, storage medium and server
CN110445615A (en) * 2019-07-12 2019-11-12 平安普惠企业管理有限公司 Network request security verification method, device, medium and electronic equipment
CN111245817A (en) * 2020-01-08 2020-06-05 中国联合网络通信集团有限公司 Automatic refreshing method and device for validity period certificate
CN112528262A (en) * 2020-12-10 2021-03-19 平安科技(深圳)有限公司 Application program access method, device, medium and electronic equipment based on token

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115766197A (en) * 2022-11-11 2023-03-07 浙江网商银行股份有限公司 Data processing method and device

Also Published As

Publication number Publication date
CN112528262A (en) 2021-03-19

Similar Documents

Publication Publication Date Title
WO2022121221A1 (en) Token-based application access method and apparatus, computer device, and medium
US9960912B2 (en) Key management for a rack server system
US9894053B2 (en) Method and system for authenticating service
US9177129B2 (en) Devices, systems, and methods for monitoring and asserting trust level using persistent trust log
WO2021197432A1 (en) Routing method and apparatus for database cluster
US11762979B2 (en) Management of login information affected by a data breach
JP2017045462A (en) System and method for authenticating user by using contact list
WO2022095518A1 (en) Automatic interface test method and apparatus, and computer device and storage medium
WO2021196935A1 (en) Data checking method and apparatus, electronic device, and storage medium
US11640450B2 (en) Authentication using features extracted based on cursor locations
CN110826036A (en) User operation behavior safety identification method and device and electronic equipment
WO2021155683A1 (en) Log printing method and apparatus, electronic device, and storage medium
US9621349B2 (en) Apparatus, method and computer-readable medium for user authentication
CN107657155B (en) Method and device for authenticating user operation authority
US11036837B2 (en) Verifying a user of a computer system
US10904011B2 (en) Configuration updates for access-restricted hosts
US20210021416A1 (en) Systems and methods for using automated browsing to recover secured key from a single data entry
CN116028917A (en) Authority detection method and device, storage medium and electronic equipment
WO2015060950A1 (en) Method and system for authenticating service
US10193880B1 (en) Systems and methods for registering user accounts with multi-factor authentication schemes used by online services
US20200021595A1 (en) Systems and methods to secure platform application services between platform client applications and platform services
CN113612756B (en) Shared login method and device, computer readable storage medium and electronic equipment
US11316843B1 (en) Systems for authenticating users from a separate user interface
US20240031386A1 (en) Digital Security Violation System
CN109525554B (en) Financial data communication method, device, medium and electronic equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21901936

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21901936

Country of ref document: EP

Kind code of ref document: A1