CN104113552A - Platform authorization method, platform server side, application client side and system - Google Patents
Platform authorization method, platform server side, application client side and system Download PDFInfo
- Publication number
- CN104113552A CN104113552A CN201410364874.5A CN201410364874A CN104113552A CN 104113552 A CN104113552 A CN 104113552A CN 201410364874 A CN201410364874 A CN 201410364874A CN 104113552 A CN104113552 A CN 104113552A
- Authority
- CN
- China
- Prior art keywords
- platform service
- service end
- applications client
- checking
- authentication information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The embodiment of the invention discloses a platform authorization method, a platform server side, an application client side and a system. The method includes receiving a first verification message sent by the application client side through a first path and obtaining terminal identification of the terminal of the application client side; recording the mapping relationship between the received random strings and the terminal identification; receiving a second verification message sent by the application client side through a second path; reading identity authentication information submitted in a registration process from a database according to the received identification, decrypting and verifying encrypted identity strings, extracting the corresponding terminal identification from the recorded mapping relationship if the consistency is determined, and obtaining corresponding user account information according to the terminal identification; generating an authorized access token according to the user account information and the identity authentication information and sending the authorized access token to the application client side. The platform authorization method, the platform server side, the application client side and the system enable a user to have no awareness of the authorization process and can further improve the security of the authorization.
Description
Technical field
The present invention relates to computer communication technology field, relate in particular to a kind of platform authorization method, platform service end and applications client and system.
Background technology
Open platform refer to by website, provided, towards third-party open infrastructure service platform, such as the open cloud platform such as Baidu, Tengxun, Ali, Sina's microblogging.Third-party applications client is for cloud ability and the user data of the various high values that obtain these open platforms and provide, the open interface of authorizing of supporting that each large platform provides is removed in capital, to obtain user, on these platforms, give the granted access token producing after this application client authorization, and obtain by the OpenAPI (Open Application Programming Interface, open application interface) that access token calls each large platform and provides cloud ability and the related data of user on corresponding open platform that this application client needs.
In prior art, user needs before to applications client mandate the first existing account based on user to login this platform, otherwise which user platform cannot know will be corresponding applications client mandate, and in order to guarantee safety, generally all need applications client to provide network view (WebView) or external browser to load the login authorization page that corresponding platform provides, user logins mandate in this login authorization page, so that applications client can not directly touch the sensitive informations such as user's account, password.But it is very disagreeableness many times that such flow process is experienced:
During the first, due to mandate, need to load a web page (webpage), and the loading velocity of web page depends on the network speed of user's mobile device, under most of 2G environment, the loading velocity of this page is extremely slow, and user need to wait for just can see login mandate interface for a long time;
The second, because web page is provided by the unification of open platform end, it is generally to carry out flexibly customizing to the style of this page, layout, content etc. that third party applies, many times, the style of this page can be come in and gone out very large with the style of applications client self, third party is applied and be difficult to accept, especially third party, play in application;
If three, applications client loads login by external browser and authorizes page, the sharply decline that can cause user to experience, if loaded by WebView, third party application remains way and takes the sensitive informations such as the account of user's input, password, and its fail safe is not high enough;
Four, when applications client needs user data that a plurality of open platforms provide and cloud ability to realize a function simultaneously, must try every possible means to guide user on a plurality of platforms, to login in turn mandate, in the situation that each login mandate all will go out a login mandate interface, such work cannot effectively be carried out substantially.Applications client needs, and in the interference-free situation of user, the smooth and easy licensing issue that completes a plurality of platforms, could obtain maximum conversion ratio like this.
Summary of the invention
In view of this, the embodiment of the present invention provides a kind of platform authorization method, platform service end and applications client and system, obtains the mechanism of platform service end mandate to improve applications client.
First aspect, the embodiment of the present invention provides a kind of platform authorization method of platform service end, comprising:
Platform service termination is received the terminal iidentification that applications client is verified message by first of the first path transmission and obtained described applications client place terminal, and described the first checking message comprises random string;
Described platform service end carries out record to the mapping relations between received random string and described terminal iidentification;
Described platform service termination is received the second checking message that described applications client sends by the second path, described the second checking message comprises described random string, described applications client is encrypted the identity ciphering string of generation by default cryptographic algorithm to authentication information, and authentication information described in registration process is in identify label corresponding to described platform service end;
Described platform service end reads according to received described identify label the authentication information of submitting in registration process from database, and by default decipherment algorithm, described identity ciphering string is decrypted;
If the authentication information that described platform service end checking deciphering obtains is consistent with the authentication information reading from database, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification;
Described platform service end generates granted access token according to described user account information and described authentication information, sends to described applications client.
Second aspect, the embodiment of the present invention also provides a kind of platform authorization method of applications client, comprising:
Applications client sends the first checking message by first via radial platform service end, described the first checking message comprises random string, for described platform service end, the mapping relations between described random string and the terminal iidentification of described applications client place terminal is carried out to record;
Applications client is encrypted and generates identity ciphering string authentication information by default cryptographic algorithm;
Applications client sends the second checking message by the second path to described platform service end, described the second checking message comprises described random string, described identity ciphering string, and authentication information described in registration process is in identify label corresponding to described platform service end, for described platform service end, according to described identify label, from database, read the authentication information of submitting in registration process, and by default decipherment algorithm, described identity ciphering string is decrypted, if the authentication information that described platform service end checking deciphering obtains is consistent with the authentication information reading from database, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification, and generate granted access token according to described user account information and described authentication information,
Applications client receives the granted access token that described platform service end sends.
The third aspect, the embodiment of the present invention also provides a kind of platform service end, comprising:
The first checking message sink unit, receives for platform service termination the terminal iidentification that applications client is verified message by first of the first path transmission and obtained described applications client place terminal, and described the first checking message comprises random string;
Mapping relations record cell, carries out record for the mapping relations between the random string to received and described terminal iidentification;
The second checking message sink unit, the the second checking message sending by the second path for receiving described applications client, described the second checking message comprises described random string, described applications client is encrypted the identity ciphering string of generation by default cryptographic algorithm to authentication information, and authentication information described in registration process is in identify label corresponding to described platform service end;
Information extraction and decryption unit, for reading from database the authentication information of submitting to registration process according to received described identify label, and be decrypted described identity ciphering string by default decipherment algorithm;
Account information acquiring unit, if the authentication information obtaining for checking deciphering is consistent with the authentication information reading from database, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification;
Granted unit, for generating granted access token according to described user account information and described authentication information, sends to described applications client.
Fourth aspect, the embodiment of the present invention also provides a kind of applications client, comprising:
The first checking message sending unit, for send the first checking message by first via radial platform service end, described the first checking message comprises random string, for described platform service end, the mapping relations between described random string and the terminal iidentification of described applications client place terminal is carried out to record;
Ciphering unit, for being encrypted and generating identity ciphering string authentication information by default cryptographic algorithm;
The second checking message sending unit, for sending the second checking message by the second path to described platform service end, described the second checking message comprises described random string, described identity ciphering string, and authentication information described in registration process is in identify label corresponding to described platform service end, for described platform service end, according to described identify label, from database, read the authentication information of submitting in registration process, and by default decipherment algorithm, described identity ciphering string is decrypted, if the authentication information that described platform service end checking deciphering obtains is consistent with the authentication information reading from database, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification, and generate granted access token according to described user account information and described authentication information,
Granted access token receiving element, the granted access token sending for receiving described platform service end.
The 5th side's application surface, the embodiment of the present invention also provides a kind of platform authorization method, comprising:
Applications client sends the first checking message by first via radial platform service end, and described the first checking message comprises random string;
Platform service termination is received the terminal iidentification that applications client is verified message by first of the first path transmission and obtained described applications client place terminal;
Described platform service end carries out record to the mapping relations between received random string and described terminal iidentification;
Applications client is encrypted and generates identity ciphering string authentication information by default cryptographic algorithm;
Applications client sends the second checking message by the second path to described platform service end, described the second checking message comprises described random string, described identity ciphering string, and authentication information described in registration process is in identify label corresponding to described platform service end;
Described platform service termination is received the second checking message that described applications client sends by the second path;
Described platform service end reads according to received described identify label the authentication information of submitting in registration process from database, and by default decipherment algorithm, described identity ciphering string is decrypted;
If the authentication information that described platform service end checking deciphering obtains is consistent with the authentication information reading from database, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification;
Described platform service end generates granted access token according to described user account information and described authentication information, sends to described applications client;
Applications client receives the granted access token that described platform service end sends.
The 6th aspect, the embodiment of the present invention also provides a kind of platform authoring system, comprising: the applications client that the platform service end that any embodiment of the present invention provides and any embodiment of the present invention provide.
The technical scheme that the embodiment of the present invention proposes sends respectively by applications client the first checking message that comprises random string to platform service end by two paths, comprise described random string, the second checking message of identity ciphering string and identify label, if the authentication information that described platform service end checking obtains according to received identity ciphering string deciphering is consistent with the authentication information reading from database, according to described random string, obtain corresponding user account information, and generate granted access token according to described user account information and described authentication information, send to described applications client, without logining by webpage, can make user to licensing process unaware, and can further improve the fail safe of mandate.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme in the embodiment of the present invention, below the accompanying drawing of required use during the embodiment of the present invention is described is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to the content of the embodiment of the present invention and these accompanying drawings other accompanying drawing.
Fig. 1 is the flow chart of the platform authorization method of the platform service end described in the embodiment of the present invention one;
Fig. 2 is the flow chart of the platform authorization method of the applications client described in the embodiment of the present invention two;
Fig. 3 is the structured flowchart of the platform service end described in the embodiment of the present invention three;
Fig. 4 is the structured flowchart of the applications client described in the embodiment of the present invention four;
Fig. 5 is the mutual schematic diagram of platform service end and applications client in the platform authorization method described in the embodiment of the present invention five;
Fig. 6 is the flow chart of the platform authorization method described in the embodiment of the present invention six.
Embodiment
For the technical scheme of technical problem that the present invention is solved, employing and the technique effect that reaches clearer, below in conjunction with accompanying drawing, the technical scheme of the embodiment of the present invention is described in further detail, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those skilled in the art, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
Below in conjunction with accompanying drawing and by embodiment, further illustrate technical scheme of the present invention.
Embodiment mono-
Fig. 1 is the platform authorization method flow chart of the platform service end that provides of the embodiment of the present invention one, the present embodiment applicable in applications client request call open platform, need terminal use to authorize OpenAPI time obtain granted access token situation, wherein, described applications client can be for being installed on the system tool in application software, instant communication client, Entertainment client or the terminal in terminal, i.e. third party's application.The method can be brought in execution by platform service, and platform service end is to third party application, to provide the server of platform service, and as shown in Figure 1, the platform authorization method of the platform service end described in the present embodiment comprises:
S101, platform service termination are received the terminal iidentification that applications client is verified message by first of the first path transmission and obtained described applications client place terminal, and described the first checking message comprises random string.
In order to prevent applications client, maliciously obtain the user data of platform side, the first checking message that system interface by calling terminal system and providing sends to platform service end is provided the first checking message sending by the first path, for example, can call short message interface and forward described the first checking message by Short Message Service Gateway.
As preferably, described applications client generates random string, and creates and comprise described random string and destination address is the checking note of described platform service end.Described applications client sends described checking note to Short Message Service Gateway, indicates described Short Message Service Gateway that described checking note is carried out to protocol conversion, generates the first checking message that comprises described random string, sends to described platform service end.Short Message Service Gateway can extract the terminal iidentification of note transmit leg from checking note, is carried in the first checking message and sends, and described platform service termination is extracted described random string and terminal iidentification after receiving.
S102, described platform service end carry out record to the mapping relations between received random string and described terminal iidentification.
Described terminal iidentification is the identification code for unique distinguishing terminal, as long as during the first checking message that platform service termination receipts applications client sends by the first path, which terminal can be used for identifying is, described terminal iidentification includes but not limited to the device identification of telephone number and terminal.Terminal iidentification is used for identifying the account of oneself conventionally by user, can obtain accordingly accounts information.
S103, described platform service termination are received the second checking message that described applications client sends by the second path, described the second checking message comprises described random string, described applications client is encrypted the identity ciphering string of generation by default cryptographic algorithm to authentication information, and authentication information described in registration process is in identify label corresponding to described platform service end.
In the process that applications client or application server are registered on platform service end, platform service end can be each applications client or an identify label of application server distribution, for each applications client or application server are carried out to unique identification, i.e. this identify label and corresponding authentication information can, corresponding to an applications client, can be also all applications client corresponding to a class application service.Meanwhile, for the sake of security, in registration process, each applications client or application server also can be submitted authentication information (for example applying key) to platform service end, to carry out authentication.At platform service end, can in database, to the mapping relations between described identify label and described authentication information, carry out record, for associative search.Each applications client or application server, when initiating access request to platform service end, need to send identify label and authentication information in order to carry out identity difference and authentication, for example, authentication information is used as to bag name and packet signature.
Further, described the second checking message also can comprise the data access authority list that described applications client expectation is obtained.
In order to guarantee safety, described the second path can be based on SSL (Secure Sockets Layer, SSL) agreement, further, described the second path can be based on HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer, Secure Hypertext Transfer Protocol) agreement.For example, the second checking message sending based on described the second path can be the HTTPS request sending based on HTTPS.In order to prevent applications client, utilize described the second path maliciously to obtain the user data of platform side, applications client need to be done necessary security protection for described the second path and to promote other clients, utilize difficulty and the cost in this path, for example provide socket SOCKET interface to replace HTTP (Hypertext Transfer Protocol, HTML (Hypertext Markup Language)) interface, described the second checking message is made to corresponding symmetric cryptography or asymmetric encryption, increase anti-across the request forgery attack processing policy etc. of standing.
S104, described platform service end read according to received described identify label the authentication information of submitting in registration process from database, and by default decipherment algorithm, described identity ciphering string are decrypted.
The mapping relations of described platform service end between identify label and described authentication information, according to received described identify label, extract authentication information.
In order further to improve security performance, as preferably, this operation also can increase the operation of an expired judgement, expired to determine whether.Be specially: after the deciphering of described identity ciphering string, described platform service end also can judge that deciphering obtains network time stamp with current system timestamp between difference whether within the scope of pre-set threshold value, if meet triggering following, operate.Accordingly, this network time stabs as applications client is when producing identity ciphering string, using current time stamp as network time stamp, adds in identity ciphering string.
If the authentication information that the described platform service end checking of S105 deciphering obtains is consistent with the authentication information reading from database, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification.
S106, described platform service end generate granted access token according to described user account information and described authentication information, send to described applications client.
Platform service end can send to described applications client by described the first path or described the second path by generating granted access token, due to size of data problem with to the data of receiving property easy to use problem, be preferably by described the second path and send.
The granted access token that the applications client of third party application gets from platform service end or application service end, the OpenAPI interface that can provide by described granted access token calling platform side obtains corresponding cloud ability and user data.
As preferably, this operation also can comprise: described platform service end deciphering obtains the expected data list of access rights that applications client provides, and according to described user account information, described authentication information and expected data list of access rights, generates granted access token.
Further, if obtain the operation failure of corresponding user account information according to described terminal iidentification, according to described terminal iidentification registration, obtain new user account information.That is, if there is no described account information, can be according to user account of the terminal iidentification auto registration obtaining by described the first path.
Further, in described access token, also can comprise described platform service end is the data access authority list that the authority information opened of described applications client and/or expectation are obtained.It should be noted that, the present embodiment is applicable to the granted access token situation of an one or more open platform of applications client acquisition request.
It should be noted that, the first path described in the present embodiment and described the second path are two different paths, applications client is sent and is verified that the opportunity of message can be identical by two paths respectively, also can be successively different, before only extracting the step of corresponding terminal iidentification according to described random string from recorded described mapping relations in the satisfied operation of needs S105, operation S102 completes, be preferably the first checking message and second and verify that message sends simultaneously, or the first checking message first sends than the second checking message.
The technical scheme that the embodiment of the present invention proposes sends respectively by platform service end the first checking message that comprises random string from applications client by two paths, comprise described random string, the second checking message of identity ciphering string and identify label, if the authentication information that described platform service end checking obtains according to received identity ciphering string deciphering is consistent with the authentication information reading from database, according to described random string, obtain corresponding user account information, and generate granted access token according to described user account information and described authentication information, send to described applications client, can make user to licensing process unaware, and can further improve the fail safe of mandate.
Embodiment bis-
Fig. 2 is the platform authorization method flow chart of the applications client that provides of the embodiment of the present invention two, the present embodiment applicable in applications client request call open platform, need terminal use to authorize OpenAPI time obtain granted access token situation, wherein, described applications client can be for being installed on the system tool in application software, instant communication client, Entertainment client or the terminal in terminal, i.e. third party's application.The method can be brought in execution by application client, and as shown in Figure 2, the platform authorization method of the applications client described in the present embodiment comprises:
S201, applications client send the first checking message by first via radial platform service end, and described the first checking message comprises random string
In order to prevent applications client, maliciously obtain the user data of platform side, the first checking message that the system interface that the first checking message sending by the first path is preferably to be provided by calling system sends to platform service end, for example, can forward described the first checking message by Short Message Service Gateway.
As preferably, described applications client generates random string, and creates and comprise described random string and destination address is the checking note of described platform service end.Described applications client sends described checking note to Short Message Service Gateway, indicate described Short Message Service Gateway that described checking note is carried out to protocol conversion, the first checking message that generation comprises described random string, send to described platform service end, described platform service termination is extracted described random string and terminal iidentification after receiving.Short Message Service Gateway can extract the terminal iidentification of note transmit leg from checking note, is carried in the first checking message and sends, and described platform service termination is extracted described random string and terminal iidentification after receiving.
S202, applications client are encrypted and generate identity ciphering string authentication information by default cryptographic algorithm.
S203, applications client send the second checking message by the second path to described platform service end, described the second checking message comprises described random string, described identity ciphering string, and authentication information described in registration process is in identify label corresponding to described platform service end.
Further, described the second checking message also can comprise the data access authority list that the expectation of described applications client is obtained, and clearly proposes to need the data area of access rights of the data of application for applications client to platform service end.
In order to guarantee safety, described the second path can be based on ssl protocol, and further, described the second path can be based on HTTPS agreement.For example, described the second path can be the HTTPS request sending based on HTTPS agreement.In order to prevent applications client, utilize described the second path maliciously to obtain the user data of platform side, applications client need to be done necessary security protection for described the second path and to promote other clients, utilize difficulty and the cost in this path, for example provide SOCKET interface to replace HTTP interface, described the second checking message is made to corresponding symmetric cryptography or asymmetric encryption, increase anti-across the request forgery attack processing policy etc. of standing.
S204, applications client receive the granted access token that described platform service end sends.
It should be noted that, the first path described in the present embodiment and described the second path are two different paths, applications client is sent and is verified that the opportunity of message can be identical by two paths respectively, also can be successively different, only need to meet before platform service end extracts the operation of corresponding terminal iidentification according to described random string from recorded described mapping relations, by first via radial platform service end, send the first checking message successfully, be preferably the first checking message and second and verify that message sends simultaneously, or first checking message than second, verify that message first sends.
The technical scheme that the embodiment of the present invention proposes sends respectively by applications client the first checking message that comprises random string to platform service end by two paths, with the second checking message that comprises described random string, identity ciphering string and identify label, for described platform service end return authorization access token, can further improve the fail safe of mandate, and make user to licensing process unaware.
Embodiment tri-
Fig. 3 is the structured flowchart of the platform service end described in the embodiment of the present invention three, and as shown in Figure 3, the platform service end described in the present embodiment comprises:
The first checking message sink unit 301, the terminal iidentification of verifying message by first of the first path transmission and obtaining described applications client place terminal for receiving applications client, described the first checking message comprises random string;
Mapping relations record cell 302, carries out record for the mapping relations between the random string to received and described terminal iidentification;
The second checking message sink unit 303, the the second checking message sending by the second path for receiving described applications client, described the second checking message comprises described random string, described applications client is encrypted the identity ciphering string of generation by default cryptographic algorithm to authentication information, and authentication information described in registration process is in identify label corresponding to described platform service end;
Information extraction and decryption unit 304, for reading from database the authentication information of submitting to registration process according to received described identify label, and be decrypted described identity ciphering string by default decipherment algorithm;
Account information acquiring unit 305, if the authentication information obtaining for checking deciphering is consistent with the authentication information reading from database, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification;
Granted unit 306, for generating granted access token according to described user account information and described authentication information, sends to described applications client.
Further, described the first checking message sink unit 301 specifically for: receive the first checking message that described applications client forwards by Short Message Service Gateway, wherein, described the first checking message is that the checking note that described Short Message Service Gateway sends according to described applications client is carried out the message after protocol format conversion, in described checking note, carries described random string;
The terminal iidentification that obtains described applications client place terminal from described the first checking message, described terminal iidentification is note initiator's terminal iidentification that described Short Message Service Gateway extracts from described checking note.
Further, described the second path can be based on ssl protocol, and further, described the second path can be based on HTTPS agreement.
Further, described account information acquiring unit 305 also comprises timestamp judgement subelement, described timestamp judges that subelement is for after being decrypted described identity ciphering string by default decipherment algorithm, if the network time that judgement deciphering obtains stamp with current system timestamp between difference in predetermined threshold value, triggering following operates.Accordingly, this network time stabs as applications client is when producing identity ciphering string, using current time stamp as network time stamp, adds in identity ciphering string.
Further, described account information acquiring unit 305 also comprises new account registration subelement, described new account registration subelement is for after obtaining corresponding user account information according to described terminal iidentification, if obtain the operation failure of corresponding user account information according to described terminal iidentification, according to described terminal iidentification registration, obtain new user account information.
Further, described granted unit 306 also for, deciphering obtains the expected data list of access rights that applications client provides, and according to described user account information, described authentication information and expected data list of access rights, generates granted access token.
Further, described authentication information comprises name and packet signature.
Further, described terminal is designated cell-phone number.
The applications client that the present embodiment provides can be carried out the platform authorization method of the applications client that the embodiment of the present invention one provides, and possesses the corresponding functional module of manner of execution and beneficial effect.
Embodiment tetra-
Fig. 4 is the structured flowchart of the applications client described in the embodiment of the present invention four, and as shown in Figure 4, the applications client described in the present embodiment comprises:
The first checking message sending unit 401, for send the first checking message by first via radial platform service end, described the first checking message comprises random string, for described platform service end, the mapping relations between described random string and the terminal iidentification of described applications client place terminal is carried out to record;
Ciphering unit 402, for being encrypted and generating identity ciphering string authentication information by default cryptographic algorithm;
The second checking message sending unit 403, for sending the second checking message by the second path to described platform service end, described the second checking message comprises described random string, described identity ciphering string, and authentication information described in registration process is in identify label corresponding to described platform service end, for described platform service end, according to described identify label, from database, read the authentication information of submitting in registration process, and by default decipherment algorithm, described identity ciphering string is decrypted, if the authentication information that described platform service end checking deciphering obtains is consistent with the authentication information reading from database, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification, and generate granted access token according to described user account information and described authentication information,
Granted access token receiving element 404, the granted access token sending for receiving described platform service end.
Further, described the first checking message sending unit 401 specifically for: generate random string, and create and comprise described random string and destination address is the checking note of described platform service end; And,
Send described checking note to Short Message Service Gateway, to indicate described Short Message Service Gateway that described checking note is carried out to protocol conversion and to extract note initiator's terminal iidentification of described checking note, the first checking message that generation comprises described random string, sends to described platform service end.
Described the second checking message sending unit 403 specifically for: based on Secure Hypertext Transfer Protocol HTTPS, to described platform service end, send the HTTPS request that comprises the second checking message.
The applications client that the present embodiment provides can be carried out the platform authorization method of the applications client that the embodiment of the present invention two provides, and possesses the corresponding functional module of manner of execution and beneficial effect.
Further, described authentication information comprises name and packet signature.
Further, described terminal is designated cell-phone number.
The applications client that the present embodiment provides can be carried out the platform authorization method of the applications client that the embodiment of the present invention two provides, and possesses the corresponding functional module of manner of execution and beneficial effect.
Embodiment five
Fig. 5 is in the platform authorization method of the platform service end described in the embodiment of the present invention five, the mutual schematic diagram of platform service end and applications client in the platform authorization method of applications client, the present embodiment is mainly used in the application program of mobile phone (calling applications client in the following text) of Android system, the system based on being comprised of platform service end, applications client and Short Message Service Gateway.As shown in Figure 5, the method described in the present embodiment comprises:
501, applications client sends the first checking message that includes random string to platform service end.
Be that applications client sends note to platform service end, the form that applications client requires according to platform side generates a random short message content string, and send to the interface of the direct transmission note providing by calling system, described short message content string is sent to the Short Message Service Gateway that platform side provides, to indicate described interface that described checking note is carried out to protocol conversion and to extract note initiator's terminal iidentification of described checking note, the first checking message that generation comprises described random string, sends to described platform service end.
502, Short Message Service Gateway sends client place terminal iidentification and the first checking message to platform service end.
Short Message Service Gateway is transmitted to based on HTML (Hypertext Markup Language) HTTP the cell-phone number of short message content string and transmission note the platform service end of platform side by sending HTTP request;
Platform service termination is received after short message content string and cell-phone number, the mapping relations data toward described short message content string of caching system storage to cell-phone number, and certain expired time (the general time is shorter, for example 1 minute) is set.
503, platform service end sends the second checking message to applications client, includes random string, identity ciphering string, and identify label.
By the Internet, send authorization information.Applications client is after note sends successfully, the SDK SDK that calling platform side provides (Software Development Kit, SDK) interface that bag provides obtains the authentication information of current application client, described authentication information is the bag name according to applications client, packet signature, current network timestamp, the default information such as fixed key are carried out the encryption string of symmetric cryptography generation, in order to prevent concrete cryptographic algorithm, by third party, obtained, thereby affect the fail safe of the technical program, whole signature algorithm (comprises applications client bag name, packet signature, obtaining of the default data such as key) all pass through JNI (Java Native Interface, JAVA calls this locality) technology realizes by C/C++ code layer,
Applications client is by described short message content string, the data access authority list that applications client authentication information and expectation are obtained, the application ID (authentication information described in registration process is in identify label corresponding to described platform service end) distributing when applications client is registered in platform side sends to the authorization server of platform side to obtain access token, in order to guarantee fail safe, this network request generally need to be based on SSL (Secure Sockets Layer SSL), as based on HTTPS agreement to as described in platform service end send the HTTPS request comprise the second checking message.;
After this, platform service termination is received after request, application client identity authorization information is decrypted, obtain the information such as described network time stamp, applications client bag name and packet signature, then the difference that judges current system timestamp and described network time stamp whether in pre-set threshold value, if otherwise not in, think a Replay Attack request, directly return to corresponding error message, otherwise continue next step.
Platform service end reads according to described application ID the authority information that described applications client submits to applications client bag name and packet signature, platform side to open to described applications client intervention when platform is registered from database, and whether judgement the applications client bag name, packet signature that read be consistent with the value of deciphering the applications client bag name that obtains, packet signature from applications client authentication information, if inconsistent, think a forgery attack request, directly return to corresponding error message, otherwise continue next step;
Platform service end reads out corresponding cell-phone number according to described short message content string from described caching system, and obtain corresponding user account information (if there is no described account information according to described cell-phone number, according to user account of cell-phone number auto registration), the data such as the authority information of then opening to described applications client according to described user account information, described application ID, platform side and described data access authority list generate a granted access token.
504, platform service end returns to generated granted access token to applications client.
OpenAPI is the common a kind of application in service type website, the service provider of website is packaged into a series of API (Application Programming Interface by the website service of oneself, API) open away, for third party developer, the API opening is just known as OpenAPI.Applications client gets after granted access token, and the OpenAPI interface that can provide by access token calling platform side obtains corresponding cloud ability and user data.
Owing to triggering user after cell-phone number one key authorization requests, whole process all there will not be any other user interface, therefore, if there are a plurality of platforms, all support this technology, applications client just can complete by the mode of interface interchange repeatedly the obtaining of granted access token of each platform, thereby solves the problem of above-mentioned fourth aspect.
Embodiment six
Fig. 6 is the platform authorization method flow chart that the embodiment of the present invention six provides, the present embodiment applicable in applications client request call open platform, need terminal use to authorize OpenAPI time obtain granted access token situation, wherein, described applications client can be for being installed on the system tool in application software, instant communication client, Entertainment client or the terminal in terminal, i.e. third party's application.The method is brought in execution by platform service end and application client, and as shown in Figure 6, the platform authorization method described in the present embodiment comprises:
S601, applications client send the first checking message by first via radial platform service end, and described the first checking message comprises random string.
S602, platform service termination are received the terminal iidentification that applications client is verified message by first of the first path transmission and obtained described applications client place terminal.
S603, described platform service end carry out record to the mapping relations between received random string and described terminal iidentification.
S604, applications client are encrypted and generate identity ciphering string authentication information by default cryptographic algorithm.
S605, applications client send the second checking message by the second path to described platform service end, described the second checking message comprises described random string, described identity ciphering string, and authentication information described in registration process is in identify label corresponding to described platform service end.
S606, described platform service termination are received the second checking message that described applications client sends by the second path.
S607, described platform service end read according to received described identify label the authentication information of submitting in registration process from database, and by default decipherment algorithm, described identity ciphering string are decrypted.
If the authentication information that the described platform service end checking of S608 deciphering obtains is consistent with the authentication information reading from database, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification.
S609, described platform service end generate granted access token according to described user account information and described authentication information, send to described applications client.
S610, applications client receive the granted access token that described platform service end sends.
In the technical scheme that the present embodiment proposes, the explanation of each operation refers to the respective operations of embodiment mono-and embodiment bis-, has the beneficial effect of embodiment mono-and embodiment bis-.
The embodiment of the present invention also provides a kind of platform authoring system, comprising: the applications client that the platform service end that any embodiment of the present invention provides and any embodiment of the present invention provide.
All or part of content in the technical scheme that above embodiment provides can realize by software programming, and its software program is stored in the storage medium can read, storage medium for example: the hard disk in computer, CD or floppy disk.
Note, above are only preferred embodiment of the present invention and institute's application technology principle.Skilled person in the art will appreciate that and the invention is not restricted to specific embodiment described here, can carry out for a person skilled in the art various obvious variations, readjust and substitute and can not depart from protection scope of the present invention.Therefore, although the present invention is described in further detail by above embodiment, the present invention is not limited only to above embodiment, in the situation that not departing from the present invention's design, can also comprise more other equivalent embodiment, and scope of the present invention is determined by appended claim scope.
Claims (18)
1. a platform authorization method for platform service end, is characterized in that, comprising:
Platform service termination is received the terminal iidentification that applications client is verified message by first of the first path transmission and obtained described applications client place terminal, and described the first checking message comprises random string;
Described platform service end carries out record to the mapping relations between received random string and described terminal iidentification;
Described platform service termination is received the second checking message that described applications client sends by the second path, described the second checking message comprises described random string, described applications client is encrypted the identity ciphering string of generation by default cryptographic algorithm to authentication information, and authentication information described in registration process is in identify label corresponding to described platform service end;
Described platform service end reads according to received described identify label the authentication information of submitting in registration process from database, and by default decipherment algorithm, described identity ciphering string is decrypted;
If the authentication information that described platform service end checking deciphering obtains is consistent with the authentication information reading from database, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification;
Described platform service end generates granted access token according to described user account information and described authentication information, sends to described applications client.
2. method according to claim 1, is characterized in that, the first checking message that platform service termination receipts applications client sends by the first path the terminal iidentification that obtains described applications client place terminal comprise:
Described platform service termination is received the first checking message that described applications client forwards by Short Message Service Gateway, wherein, described the first checking message is that the checking note that described Short Message Service Gateway sends according to described applications client is carried out the message after protocol format conversion, in described checking note, carries described random string;
Described platform service end obtains the terminal iidentification of described applications client place terminal from described the first checking message, and described terminal iidentification is note initiator's terminal iidentification that described Short Message Service Gateway extracts from described checking note.
3. method according to claim 1, is characterized in that: the HTTPS request of described the second path for sending based on Secure Hypertext Transfer Protocol HTTPS.
4. method according to claim 1, is characterized in that, described platform service end also comprises after described identity ciphering string being decrypted by default decipherment algorithm:
If described platform service end judgement deciphering obtains network time stamp with current system timestamp between difference in predetermined threshold value, triggering following operates.
5. according to the arbitrary described method of claim 1-4, it is characterized in that, described platform service end comprises according to described user account information and described authentication information generation granted access token:
Described platform service end deciphering obtains the expected data list of access rights that applications client provides, and according to described user account information, described authentication information and expected data list of access rights, generates granted access token.
6. according to the arbitrary described method of claim 1-4, it is characterized in that, described authentication information comprises name and packet signature.
7. a platform authorization method for applications client, is characterized in that, comprising:
Applications client sends the first checking message by first via radial platform service end, described the first checking message comprises random string, for described platform service end, the mapping relations between described random string and the terminal iidentification of described applications client place terminal is carried out to record;
Applications client is encrypted and generates identity ciphering string authentication information by default cryptographic algorithm;
Applications client sends the second checking message by the second path to described platform service end, described the second checking message comprises described random string, described identity ciphering string, and authentication information described in registration process is in identify label corresponding to described platform service end, for described platform service end, according to described identify label, from database, read the authentication information of submitting in registration process, and by default decipherment algorithm, described identity ciphering string is decrypted, if the authentication information that described platform service end checking deciphering obtains is consistent with the authentication information reading from database, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification, and generate granted access token according to described user account information and described authentication information,
Applications client receives the granted access token that described platform service end sends.
8. method according to claim 7, is characterized in that, applications client sends the first checking message by first via radial platform service end and comprises:
Described applications client generates random string, and establishment comprises described random string and destination address is the checking note of described platform service end;
Described applications client sends described checking note to Short Message Service Gateway, to indicate described Short Message Service Gateway that described checking note is carried out to protocol conversion and to extract note initiator's terminal iidentification of described checking note, the first checking message that generation comprises described random string, sends to described platform service end.
9. according to the method described in claim 7 or 8, it is characterized in that, applications client sends the second checking message by the second path to described platform service end and specifically comprises:
Described applications client sends the HTTPS request that comprises the second checking message to described platform service end based on Secure Hypertext Transfer Protocol HTTPS.
10. method according to claim 7, it is characterized in that, the operation that applications client sends the second checking message by the second path to described platform service end specifically comprises: applications client, when sending described the first checking message or after sending described the first checking message success, sends the second checking message by the second path to described platform service end.
11. 1 kinds of platform authorization methods, is characterized in that, comprising:
Applications client sends the first checking message by first via radial platform service end, and described the first checking message comprises random string;
Platform service termination is received the terminal iidentification that applications client is verified message by first of the first path transmission and obtained described applications client place terminal;
Described platform service end carries out record to the mapping relations between received random string and described terminal iidentification;
Applications client is encrypted and generates identity ciphering string authentication information by default cryptographic algorithm;
Applications client sends the second checking message by the second path to described platform service end, described the second checking message comprises described random string, described identity ciphering string, and authentication information described in registration process is in identify label corresponding to described platform service end;
Described platform service termination is received the second checking message that described applications client sends by the second path;
Described platform service end reads according to received described identify label the authentication information of submitting in registration process from database, and by default decipherment algorithm, described identity ciphering string is decrypted;
If the authentication information that described platform service end checking deciphering obtains is consistent with the authentication information reading from database, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification;
Described platform service end generates granted access token according to described user account information and described authentication information, sends to described applications client;
Applications client receives the granted access token that described platform service end sends.
12. 1 kinds of platform service ends, is characterized in that, comprising:
The first checking message sink unit, the terminal iidentification of verifying message by first of the first path transmission and obtaining described applications client place terminal for receiving applications client, described the first checking message comprises random string;
Mapping relations record cell, carries out record for the mapping relations between the random string to received and described terminal iidentification;
The second checking message sink unit, the the second checking message sending by the second path for receiving described applications client, described the second checking message comprises described random string, described applications client is encrypted the identity ciphering string of generation by default cryptographic algorithm to authentication information, and authentication information described in registration process is in identify label corresponding to described platform service end;
Information extraction and decryption unit, for reading from database the authentication information of submitting to registration process according to received described identify label, and be decrypted described identity ciphering string by default decipherment algorithm;
Account information acquiring unit, if the authentication information obtaining for checking deciphering is consistent with the authentication information reading from database, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification;
Granted unit, for generating granted access token according to described user account information and described authentication information, sends to described applications client.
13. platform service ends according to claim 12, is characterized in that, described first checking message sink unit specifically for:
Receive the first checking message that described applications client forwards by Short Message Service Gateway, wherein, described the first checking message is that the checking note that described Short Message Service Gateway sends according to described applications client is carried out the message after protocol format conversion, in described checking note, carries described random string;
The terminal iidentification that obtains described applications client place terminal from described the first checking message, described terminal iidentification is note initiator's terminal iidentification that described Short Message Service Gateway extracts from described checking note.
14. platform service ends according to claim 12, is characterized in that:
Described account information acquiring unit also comprises timestamp judgement subelement, for after described platform service end is decrypted described identity ciphering string by default decipherment algorithm, if described platform service end judgement deciphering obtains network time stamp with current system timestamp between difference in predetermined threshold value, triggering following operates; And/or
Described granted unit also for, the deciphering of described platform service end obtains the expected data list of access rights that applications client provides, and according to described user account information, described authentication information and expected data list of access rights, generates granted access token.
15. according to the arbitrary described platform service end of claim 12-14, it is characterized in that, described the second path is the HTTP request sending based on HTML (Hypertext Markup Language) HTTP; And/or
Described authentication information comprises name and packet signature; And/or
Described terminal be designated cell-phone number.
16. 1 kinds of applications client, is characterized in that, comprising:
The first checking message sending unit, for send the first checking message by first via radial platform service end, described the first checking message comprises random string, for described platform service end, the mapping relations between described random string and the terminal iidentification of described applications client place terminal is carried out to record;
Ciphering unit, for being encrypted and generating identity ciphering string authentication information by default cryptographic algorithm;
The second checking message sending unit, for sending the second checking message by the second path to described platform service end, described the second checking message comprises described random string, described identity ciphering string, and authentication information described in registration process is in identify label corresponding to described platform service end, for described platform service end, according to described identify label, from database, read the authentication information of submitting in registration process, and by default decipherment algorithm, described identity ciphering string is decrypted, if the authentication information that described platform service end checking deciphering obtains is consistent with the authentication information reading from database, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification, and generate granted access token according to described user account information and described authentication information,
Granted access token receiving element, the granted access token sending for receiving described platform service end.
17. applications client according to claim 16, is characterized in that, described the first checking message sending unit specifically for: generate random string, and create and comprise described random string and destination address is the checking note of described platform service end; And,
Send described checking note to Short Message Service Gateway, to indicate described Short Message Service Gateway that described checking note is carried out to protocol conversion and to extract note initiator's terminal iidentification of described checking note, the first checking message that generation comprises described random string, sends to described platform service end;
Described the second checking message sending unit specifically for: based on HTML (Hypertext Markup Language) HTTP, to described platform service end, send the HTTP request that comprises the second checking message.
18. 1 kinds of platform authoring systems, is characterized in that, comprising:
The arbitrary described platform service end of claim 12-15 and the arbitrary described applications client of claim 16-17.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410364874.5A CN104113552B (en) | 2014-07-28 | 2014-07-28 | A kind of platform authorization method, platform service end and applications client and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410364874.5A CN104113552B (en) | 2014-07-28 | 2014-07-28 | A kind of platform authorization method, platform service end and applications client and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104113552A true CN104113552A (en) | 2014-10-22 |
| CN104113552B CN104113552B (en) | 2017-06-16 |
Family
ID=51710185
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410364874.5A Active CN104113552B (en) | 2014-07-28 | 2014-07-28 | A kind of platform authorization method, platform service end and applications client and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104113552B (en) |
Cited By (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104980920A (en) * | 2015-05-20 | 2015-10-14 | 小米科技有限责任公司 | Method and device for establishing communication connection of intelligent terminal |
| CN105262717A (en) * | 2015-08-31 | 2016-01-20 | 福建天晴数码有限公司 | Network service security management method and device |
| CN105491058A (en) * | 2015-12-29 | 2016-04-13 | Tcl集团股份有限公司 | API access distributed authorization method and system |
| CN105827395A (en) * | 2016-04-29 | 2016-08-03 | 上海斐讯数据通信技术有限公司 | Network user authentication method |
| CN106161470A (en) * | 2016-08-31 | 2016-11-23 | 北京深思数盾科技股份有限公司 | A kind of authorization method, client, server and system |
| CN107147656A (en) * | 2017-05-26 | 2017-09-08 | 努比亚技术有限公司 | Method for building up, system and the readable storage medium storing program for executing of remote control |
| CN107634832A (en) * | 2017-09-12 | 2018-01-26 | 云南撇捺势信息技术有限公司 | Character string encryption, verification method, device, computer-readable recording medium |
| CN107896227A (en) * | 2017-12-14 | 2018-04-10 | 珠海格力电器股份有限公司 | A kind of data calling method, device and device data cloud platform |
| WO2018096505A1 (en) * | 2016-11-28 | 2018-05-31 | International Business Machines Corporation | Protecting a web server against an unauthorized client application |
| CN108287849A (en) * | 2017-01-10 | 2018-07-17 | 北京奇虎科技有限公司 | The cross-platform page jump control method in operation side and its corresponding device |
| CN108989291A (en) * | 2018-06-25 | 2018-12-11 | 阿里巴巴集团控股有限公司 | Login validation method, the verification method of automated log on, server-side and client |
| CN109033808A (en) * | 2018-07-03 | 2018-12-18 | 福建天晴数码有限公司 | A kind of method and account server-side for experiencing game |
| CN110012463A (en) * | 2019-04-02 | 2019-07-12 | 河南管软信息技术有限公司 | Data security methods and system applied to mobile client |
| CN110545272A (en) * | 2019-08-29 | 2019-12-06 | 珠海格力电器股份有限公司 | Identity authentication method, authority authentication method, device and user management system |
| CN110661817A (en) * | 2019-10-25 | 2020-01-07 | 新华三大数据技术有限公司 | Resource access method and device and service gateway |
| CN110942556A (en) * | 2019-12-27 | 2020-03-31 | 合肥美的智能科技有限公司 | Authentication method of unmanned retail terminal, server and client |
| WO2020102974A1 (en) * | 2018-11-20 | 2020-05-28 | 深圳市欢太科技有限公司 | Data access method, data access apparatus, and mobile terminal |
| CN112087411A (en) * | 2019-06-12 | 2020-12-15 | 阿里巴巴集团控股有限公司 | System, method and device for authorization processing and electronic equipment |
| CN112434315A (en) * | 2020-11-20 | 2021-03-02 | 湖南快乐阳光互动娱乐传媒有限公司 | Attachment access method, server and access terminal |
| US10967880B2 (en) | 2018-07-23 | 2021-04-06 | International Business Machines Corporation | Remotely controlling use of features based on automatic validation requests |
| CN112631735A (en) * | 2020-12-30 | 2021-04-09 | 北京天融信网络安全技术有限公司 | Virtual machine authorization management method and device, electronic equipment and storage medium |
| CN112689285A (en) * | 2020-12-10 | 2021-04-20 | 航天信息股份有限公司 | Authorization authentication method and system for mobile terminal SDK |
| CN113489714A (en) * | 2021-07-02 | 2021-10-08 | 上海瀚之友信息技术服务有限公司 | Multi-module-based intelligent message cross processing method and system |
| CN113672898A (en) * | 2021-08-20 | 2021-11-19 | 济南浪潮数据技术有限公司 | Service authorization method, authorization device, system, electronic device and storage medium |
| CN114125827A (en) * | 2021-11-24 | 2022-03-01 | 北京天融信网络安全技术有限公司 | Terminal management method, device and centralized management system |
| CN114937330A (en) * | 2022-01-25 | 2022-08-23 | 浙江浩瀚能源科技有限公司 | Touch-and-charge charging control system based on NFC function of mobile phone terminal |
| CN116611093A (en) * | 2023-06-13 | 2023-08-18 | 瀚高基础软件(济南)有限公司 | Method and equipment for authorizing use of database resources |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040059686A1 (en) * | 2002-09-19 | 2004-03-25 | Levesque Daniel Robert | On-line cryptographically based payment authorization method and apparatus |
| US20090077636A1 (en) * | 2007-09-19 | 2009-03-19 | Duffie Iii John Brawner | Authorizing network access based on completed educational task |
| CN101562621A (en) * | 2009-05-25 | 2009-10-21 | 阿里巴巴集团控股有限公司 | User authorization method and system and device thereof |
| WO2009139673A1 (en) * | 2008-05-13 | 2009-11-19 | Telefonaktiebolaget Lm Ericsson (Publ) | Verifying a message in a communication network |
| CN103001936A (en) * | 2011-09-16 | 2013-03-27 | 北京新媒传信科技有限公司 | Method and system for third party application interface authorization |
| CN103051630A (en) * | 2012-12-21 | 2013-04-17 | 微梦创科网络科技(中国)有限公司 | Method, device and system for implementing authorization of third-party application based on open platform |
| CN103888451A (en) * | 2014-03-10 | 2014-06-25 | 百度在线网络技术(北京)有限公司 | Method, device and system for certification authorization |
| CN103905457A (en) * | 2014-04-10 | 2014-07-02 | 北京数码视讯科技股份有限公司 | Server, client terminal, authentication system, user authentication method and data access method |
-
2014
- 2014-07-28 CN CN201410364874.5A patent/CN104113552B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040059686A1 (en) * | 2002-09-19 | 2004-03-25 | Levesque Daniel Robert | On-line cryptographically based payment authorization method and apparatus |
| US20090077636A1 (en) * | 2007-09-19 | 2009-03-19 | Duffie Iii John Brawner | Authorizing network access based on completed educational task |
| WO2009139673A1 (en) * | 2008-05-13 | 2009-11-19 | Telefonaktiebolaget Lm Ericsson (Publ) | Verifying a message in a communication network |
| CN101562621A (en) * | 2009-05-25 | 2009-10-21 | 阿里巴巴集团控股有限公司 | User authorization method and system and device thereof |
| CN103001936A (en) * | 2011-09-16 | 2013-03-27 | 北京新媒传信科技有限公司 | Method and system for third party application interface authorization |
| CN103051630A (en) * | 2012-12-21 | 2013-04-17 | 微梦创科网络科技(中国)有限公司 | Method, device and system for implementing authorization of third-party application based on open platform |
| CN103888451A (en) * | 2014-03-10 | 2014-06-25 | 百度在线网络技术(北京)有限公司 | Method, device and system for certification authorization |
| CN103905457A (en) * | 2014-04-10 | 2014-07-02 | 北京数码视讯科技股份有限公司 | Server, client terminal, authentication system, user authentication method and data access method |
Cited By (44)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104980920A (en) * | 2015-05-20 | 2015-10-14 | 小米科技有限责任公司 | Method and device for establishing communication connection of intelligent terminal |
| CN104980920B (en) * | 2015-05-20 | 2018-10-02 | 小米科技有限责任公司 | Intelligent terminal establishes the method and device of communication connection |
| CN105262717A (en) * | 2015-08-31 | 2016-01-20 | 福建天晴数码有限公司 | Network service security management method and device |
| CN105491058B (en) * | 2015-12-29 | 2020-01-14 | Tcl集团股份有限公司 | API access distributed authorization method and system |
| CN105491058A (en) * | 2015-12-29 | 2016-04-13 | Tcl集团股份有限公司 | API access distributed authorization method and system |
| CN105827395A (en) * | 2016-04-29 | 2016-08-03 | 上海斐讯数据通信技术有限公司 | Network user authentication method |
| CN106161470A (en) * | 2016-08-31 | 2016-11-23 | 北京深思数盾科技股份有限公司 | A kind of authorization method, client, server and system |
| CN106161470B (en) * | 2016-08-31 | 2019-02-26 | 北京深思数盾科技股份有限公司 | A kind of authorization method, client, server and system |
| WO2018096505A1 (en) * | 2016-11-28 | 2018-05-31 | International Business Machines Corporation | Protecting a web server against an unauthorized client application |
| US10063533B2 (en) | 2016-11-28 | 2018-08-28 | International Business Machines Corporation | Protecting a web server against an unauthorized client application |
| GB2573422B (en) * | 2016-11-28 | 2020-04-01 | Ibm | Protecting a web server against an unauthorized client application |
| US10574642B2 (en) | 2016-11-28 | 2020-02-25 | International Business Machines Corporation | Protecting a web server against an unauthorized client application |
| GB2573422A (en) * | 2016-11-28 | 2019-11-06 | Ibm | Protecting a web server against an unauthorized client application |
| CN108287849A (en) * | 2017-01-10 | 2018-07-17 | 北京奇虎科技有限公司 | The cross-platform page jump control method in operation side and its corresponding device |
| CN107147656B (en) * | 2017-05-26 | 2021-08-03 | 努比亚技术有限公司 | Method and system for establishing remote control and readable storage medium |
| CN107147656A (en) * | 2017-05-26 | 2017-09-08 | 努比亚技术有限公司 | Method for building up, system and the readable storage medium storing program for executing of remote control |
| CN107634832B (en) * | 2017-09-12 | 2018-11-09 | 云南撇捺势信息技术有限公司 | Character string encryption, verification method, device, computer readable storage medium |
| CN107634832A (en) * | 2017-09-12 | 2018-01-26 | 云南撇捺势信息技术有限公司 | Character string encryption, verification method, device, computer-readable recording medium |
| CN107896227A (en) * | 2017-12-14 | 2018-04-10 | 珠海格力电器股份有限公司 | A kind of data calling method, device and device data cloud platform |
| CN108989291A (en) * | 2018-06-25 | 2018-12-11 | 阿里巴巴集团控股有限公司 | Login validation method, the verification method of automated log on, server-side and client |
| CN108989291B (en) * | 2018-06-25 | 2021-02-05 | 创新先进技术有限公司 | Login verification method, automatic login verification method, server side and client side |
| CN109033808A (en) * | 2018-07-03 | 2018-12-18 | 福建天晴数码有限公司 | A kind of method and account server-side for experiencing game |
| US11760369B2 (en) | 2018-07-23 | 2023-09-19 | Kyndryl, Inc. | Remotely controlling use of features based on automatic validation requests |
| US10967880B2 (en) | 2018-07-23 | 2021-04-06 | International Business Machines Corporation | Remotely controlling use of features based on automatic validation requests |
| WO2020102974A1 (en) * | 2018-11-20 | 2020-05-28 | 深圳市欢太科技有限公司 | Data access method, data access apparatus, and mobile terminal |
| CN110012463A (en) * | 2019-04-02 | 2019-07-12 | 河南管软信息技术有限公司 | Data security methods and system applied to mobile client |
| CN112087411A (en) * | 2019-06-12 | 2020-12-15 | 阿里巴巴集团控股有限公司 | System, method and device for authorization processing and electronic equipment |
| CN110545272A (en) * | 2019-08-29 | 2019-12-06 | 珠海格力电器股份有限公司 | Identity authentication method, authority authentication method, device and user management system |
| CN110661817A (en) * | 2019-10-25 | 2020-01-07 | 新华三大数据技术有限公司 | Resource access method and device and service gateway |
| CN110661817B (en) * | 2019-10-25 | 2022-08-26 | 新华三大数据技术有限公司 | Resource access method and device and service gateway |
| CN110942556A (en) * | 2019-12-27 | 2020-03-31 | 合肥美的智能科技有限公司 | Authentication method of unmanned retail terminal, server and client |
| CN112434315A (en) * | 2020-11-20 | 2021-03-02 | 湖南快乐阳光互动娱乐传媒有限公司 | Attachment access method, server and access terminal |
| CN112689285A (en) * | 2020-12-10 | 2021-04-20 | 航天信息股份有限公司 | Authorization authentication method and system for mobile terminal SDK |
| CN112689285B (en) * | 2020-12-10 | 2023-08-15 | 航天信息股份有限公司 | Authorization authentication method and system for mobile terminal SDK |
| CN112631735B (en) * | 2020-12-30 | 2024-06-21 | 北京天融信网络安全技术有限公司 | Virtual machine authorization management method and device, electronic equipment and storage medium |
| CN112631735A (en) * | 2020-12-30 | 2021-04-09 | 北京天融信网络安全技术有限公司 | Virtual machine authorization management method and device, electronic equipment and storage medium |
| CN113489714A (en) * | 2021-07-02 | 2021-10-08 | 上海瀚之友信息技术服务有限公司 | Multi-module-based intelligent message cross processing method and system |
| CN113672898A (en) * | 2021-08-20 | 2021-11-19 | 济南浪潮数据技术有限公司 | Service authorization method, authorization device, system, electronic device and storage medium |
| CN113672898B (en) * | 2021-08-20 | 2023-12-22 | 济南浪潮数据技术有限公司 | Service authorization method, authorization device, system, electronic device and storage medium |
| CN114125827A (en) * | 2021-11-24 | 2022-03-01 | 北京天融信网络安全技术有限公司 | Terminal management method, device and centralized management system |
| CN114125827B (en) * | 2021-11-24 | 2023-11-10 | 北京天融信网络安全技术有限公司 | Terminal management method, device and centralized management system |
| CN114937330A (en) * | 2022-01-25 | 2022-08-23 | 浙江浩瀚能源科技有限公司 | Touch-and-charge charging control system based on NFC function of mobile phone terminal |
| CN116611093A (en) * | 2023-06-13 | 2023-08-18 | 瀚高基础软件(济南)有限公司 | Method and equipment for authorizing use of database resources |
| CN116611093B (en) * | 2023-06-13 | 2024-03-08 | 瀚高基础软件(济南)有限公司 | Method and equipment for authorizing use of database resources |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104113552B (en) | 2017-06-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104113552A (en) | Platform authorization method, platform server side, application client side and system | |
| CN104158802A (en) | Platform authorization method, platform service side, application client side and system | |
| CN104113551A (en) | Platform authorization method, platform server side, application client side and system | |
| US10728044B1 (en) | User authentication with self-signed certificate and identity verification and migration | |
| CN104113549A (en) | Platform authorization method, platform server side, application client side and system | |
| US20200092273A1 (en) | Account management using a portable data store | |
| CN103379098B (en) | Content sharing method, device and network system thereof | |
| US20160359841A1 (en) | Reset and recovery of managed security credentials | |
| CA2861384C (en) | Account management for multiple network sites | |
| CN106209749A (en) | Single-point logging method and the processing method and processing device of device, relevant device and application | |
| CN105378744A (en) | User and device authentication in enterprise systems | |
| CN106060078B (en) | User information encryption method, register method and verification method applied to cloud platform | |
| CN103607284A (en) | Identity authentication method and equipment and server | |
| CN106302606B (en) | Across the application access method and device of one kind | |
| CN104967597A (en) | Third-party application message authentication method and system based on secure channel | |
| JP2017097542A (en) | Authentication control program, authentication control device, and authentication control method | |
| CN110069909A (en) | It is a kind of to exempt from the close method and device for logging in third party system | |
| CN104463584A (en) | Method for achieving mobile terminal App safety payment | |
| CN110753018A (en) | Login authentication method and system | |
| CN110166471A (en) | A kind of portal authentication method and device | |
| CN101789973A (en) | Method and system for constructing Mashup application | |
| CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
| CN109450990A (en) | A kind of cloud storage implementation method and electronic equipment based on educational system | |
| US11316838B2 (en) | Method and apparatus for transmitting router security information | |
| Huang et al. | Mutual authentications to parties with QR-code applications in mobile systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |