CN107045603A - Control method and device are called in a kind of application - Google Patents

Control method and device are called in a kind of application Download PDF

Info

Publication number
CN107045603A
CN107045603A CN201710231637.5A CN201710231637A CN107045603A CN 107045603 A CN107045603 A CN 107045603A CN 201710231637 A CN201710231637 A CN 201710231637A CN 107045603 A CN107045603 A CN 107045603A
Authority
CN
China
Prior art keywords
application
authentication
information
call
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710231637.5A
Other languages
Chinese (zh)
Inventor
孙吉平
吴新
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Senseshield Technology Co Ltd
Original Assignee
Beijing Senseshield Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Senseshield Technology Co Ltd filed Critical Beijing Senseshield Technology Co Ltd
Priority to CN201710231637.5A priority Critical patent/CN107045603A/en
Publication of CN107045603A publication Critical patent/CN107045603A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/629Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Automation & Control Theory (AREA)
  • Computer And Data Communications (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Control method and device are called this application discloses a kind of application, wherein method includes:Authentication server receives the authentication request of the first application, the authentication request is generated after the first application receives the call request of the second application, for asking authentication server to determine to carry the authentication information of the first application described in second application call in the legitimacy of the second application call first application, the authentication request;Authentication server is according to default application authorization message, determine whether the authentication information meets the condition of the first application described in second application call, the application authorization message includes the customer identification information each applied, the authentication password each applied and the access mandate information each applied in system;If it is satisfied, then the authentication server determines that the first application is called to be legal described in second application call, and authentication result information is sent to the described first application.Using the present invention, the security of enterprises under network environment application can be improved.

Description

Control method and device are called in a kind of application
Technical field
The present invention relates to Computer Applied Technology, control method and device are called in more particularly to a kind of application.
Background technology
At present, in the mobile Internet epoch, many enterprises are with the extension of business scale and species, the application of enterprises Amount of software is more and more, meanwhile, mutually calling between each application software is also more and more universal.In this way, in internet environment Various hacker softwares be readily available call relation between application software, the application software to enterprises is attacked and broken It is bad.If for example, an application software is by hacker attacks, hacker can be by its in the application software unauthorized access enterprise His application software.
The application call control program under a kind of network environment is not yet proposed at present, it is various non-in internet environment to prevent Method accesses the attack and destruction to application software, it is ensured that the security of enterprise's application.
The content of the invention
In view of this, control method and device, Ke Yiti are called it is a primary object of the present invention to provide a kind of application The security of high enterprises under network environment application.
In order to achieve the above object, technical scheme proposed by the present invention is:
Control method is called in a kind of application, including:
Authentication server receives the authentication request of the first application, and the authentication request is that first application receives second Generated after the call request of application, for asking the authentication server to determine the first application described in second application call Legitimacy, the authentication information of the first application described in second application call is carried in the authentication request;
The authentication server determines whether the authentication information meets described second according to default application authorization message Described in application call first application condition, the application authorization message include system in each apply customer identification information, The authentication password each applied and the access mandate information each applied;
If it is satisfied, then the authentication server determines that the first application is called to be legal described in second application call, And send authentication result information to the described first application.
Control device is called in a kind of application, in authentication server, including:
Request reception unit, the authentication request for receiving the first application, the authentication request is that first application connects Generated after the call request for receiving the second application, for asking the authentication server to determine described in second application call The authentication information of the first application described in second application call is carried in the legitimacy of first application, the authentication request;
Authenticating unit, for according to default application authorization message, determining whether the authentication information meets described second Described in application call first application condition, the application authorization message include system in each apply customer identification information, The authentication password each applied and the access mandate information each applied;If it is satisfied, then determining the second application call institute State the first application to call to be legal, and authentication result information is sent to the described first application.
In summary, control method and device are called in application proposed by the present invention, by advance in authentication server The access mandate information each applied in configuration system, every time call apply when, provide respective service before, first triggering mirror Power server is called to this and authenticated, and this execution called is determined whether further according to authenticating result, in this way, can be with The legitimacy of application call is ensured, so as to improve the security of enterprises under network environment application.
Brief description of the drawings
Fig. 1 is the method flow schematic diagram of the embodiment of the present invention;
Fig. 2 is the apparatus structure schematic diagram of the embodiment of the present invention;
Fig. 3 is the system structure diagram of the embodiment of the present invention.
Embodiment
It is right below in conjunction with the accompanying drawings and the specific embodiments to make the object, technical solutions and advantages of the present invention clearer The present invention is described in further detail.
The present invention core concept be:Application request is called for each, it is right according to the application authorization message being pre-configured with The legitimacy of the request is audited, only by the request of examination & verification, just allows response.In this way, rogue attacks can be improved Difficulty, is conducive to improving the security of enterprises under network environment application.
Fig. 1 is the method flow schematic diagram of the embodiment of the present invention, as shown in figure 1, the application that the embodiment is realized is called Control method mainly includes:
Step 101, authentication server receive the authentication request of the first application, and the authentication request is that first application connects Generated after the call request for receiving the second application, for asking the authentication server to determine described in second application call The authentication information of the first application described in second application call is carried in the legitimacy of first application, the authentication request.
In this step, each application (i.e. application APP) is when receiving the call request of other application, it is necessary to first touch Hair authentication server is authenticated to the legitimacy of the call request, to ensure in subsequent process, only to authenticating successful adjust Corresponding application service is provided with request.So, each call request for receiving of application is filtered by active, can be with Effectively improve using called legitimacy, so as to ensure the security called between the application under network environment.
The authentication server can be cloud server in actual applications.
It is preferred that realize for convenience, using can directly install the filtering of SDK (SDK) using it Device, request authentication server is authenticated to the legitimacy of call request, i.e. when the mistake of the SDK located at the first application porch When filter receives the call request of the second application, by the filter in the SDK of the first application send corresponding authentication request to Authentication server.
Specifically, the authentication information can include:The identification information of first application, the identification of second application Information and the authentication password of first application.
The access mandate information each applied is used for the access mandate for limiting application, specifically, Ke Yiwei:Each application can The application of access, or:The application that each application can be accessed, specifically can by those skilled in the art according to It is actually needed the suitable describing mode of selection.
Step 102, the authentication server determine whether the authentication information meets according to default application authorization message The condition of first application described in second application call, the user that the application authorization message includes each applying in system knows Other information, the authentication password each applied and the access mandate information each applied.
In this step, authentication server will carry out phase according to default application authorization message to the authentication request received The authentication answered, i.e. determine whether the authentication information meets the condition of the first application described in second application call.
The access mandate information is used for the access mandate for limiting application, specifically, Ke Yiwei:Using addressable application Scope, or:Using the application that can be accessed, it specifically can according to actual needs be selected to close by those skilled in the art Suitable describing mode.
It is preferred that can determine whether the authentication information is met described in second application call using following methods The condition of one application:
The authentication server judges whether the authentication information matches with the corresponding information in the application authorization message, If it is, determining that the authentication information meets the condition of the first application described in second application call.
Further, when access mandate information is addressable application, authentication server can use following sides Method determines whether the authentication information meets the condition of the first application described in second application call:
The authentication server judges whether include described first in the customer identification information in the application authorization message In the identification information of application, the authentication information it is described first application authentication password whether with the application authorization message The authentication password of first application is consistent, and whether includes described first in the addressable application of second application The identification information of application;If the judged result is to be, the authentication server judges that the authentication information meets institute State the condition of the first application described in the second application call.
Here, judge whether include the identification of the described first application in the customer identification information in the application authorization message Whether the authentication password of first application in information, the authentication information should with described in the application authorization message first Authentication password is consistent, is verified for the legitimacy to authentication request, i.e., whether the application of the determination request authentication For validated user.Judge whether include the identification information of the described first application in the addressable application of second application, Then it is used for the legitimacy for determining that the second application accesses the first application.By carrying out above-mentioned several judgements, application can be substantially ensured that The reliability and the validity of authentication called.
In actual applications, authentication server is received after authentication request, and legitimacy that can be first to authentication request is carried out Checking, then after it is determined that asking the application of the authentication for validated user, judges the recipient (i.e. first of the call request Using) whether sending in the addressable scope of application (the i.e. second application) of the call request, if it is, determining authentication Pass through.
Step 103, if it is satisfied, then the authentication server determines described in second application call the first application to close Method is called, and sends authentication result information to the described first application.
Here, in the case where being defined as legal call, authentication server notifies authentication result information to the first application, Only it is at it to whether receiving call request and being controlled according to the authentication result information of authentication server so as to the first application It is legal when calling, just allow the second application call this application, so as to effectively prevent various unauthorized access in internet environment Attack and destruction to application software, it is ensured that the security of enterprise's application.
In actual applications, in the case where being defined as illegally calling, authentication server directly will can also be called illegally Authenticating result notify to first application.
Fig. 2 calls control device structural representation for a kind of application corresponding with the above method.In actual applications, The device will be arranged in authentication server, as shown in Fig. 2 the device includes:
Request reception unit 201, the authentication request for receiving the first application, the authentication request is first application Generated after the call request for receiving the second application, for asking the authentication server to determine the second application call institute State the authentication information that the first application described in second application call is carried in the legitimacy of the first application, the authentication request;
Authenticating unit 202, for according to default application authorization message, determining whether the authentication information meets described The condition of first application described in two application calls, the application authorization message includes the user's identification letter each applied in system Breath, the authentication password each applied and the access mandate information each applied;If it is satisfied, then determining second application call First application is called to be legal, and sends authentication result information to the described first application.
It is preferred that the authentication request is sent by the filter in the described first SDK SDK applied.
It is preferred that the authentication information includes the identification information of the described first application, the identification information of second application With the authentication password of the described first application.
It is preferred that the authenticating unit 202, for judge the authentication information whether with the application authorization message Corresponding information is matched, if it is, determining that the authentication information meets the condition of the first application described in second application call.
It is preferred that the access mandate information is addressable application;The authenticating unit 202, for judging Whether state includes in the described first identification information applied, the authentication information using in the customer identification information in authorization message It is described first application authentication password whether with described in the application authorization message first application authentication password it is consistent, with And whether include the identification information of the described first application in the addressable application of second application;If described judge knot Fruit is to be, then judges that the authentication information meets the condition of the first application described in second application call.
Fig. 3 calls control system architecture schematic diagram for a kind of application corresponding with the above method, as shown in figure 3, should System includes:
Call control client 301, during call request for receiving other application when the application of this client, request The legitimacy of 302 pairs of call requests of authentication server is authenticated;According to the authenticating result, it is determined whether receive described Call request;
Authentication server 302, for the request according to the authentication, according to default application authorization message, is carried out corresponding Authentication, authenticating result is notified to the application for asking the authentication;The application authorization message includes each applying in system Customer identification information, authentication password and access mandate information.
The access mandate information can be:Using addressable application, or:Should using what can be accessed With scope, suitable describing mode can be specifically selected according to actual needs by those skilled in the art.
It is preferred that described call control client 301, for being received when the filter for the SDK for being located at application porch During the call request, authentication request is sent to the authentication server 302 using the filter, the authentication request is carried The sender of the call request and the customer identification information of recipient and the authentication password of the recipient.
It is preferred that the authentication server 302, for according to the application authorization message, it is determined that the request authentication Application be validated user after, judge to send the call request application whether application that can be to be authenticated described in access request, If it is, authentication passes through, and otherwise, failed authentication.
It is preferred that described call control client 301, for when the authentication passes through, receiving the call request, During the failed authentication, refuse the call request.
In summary, presently preferred embodiments of the present invention is these are only, is not intended to limit the scope of the present invention. Within the spirit and principles of the invention, any modification, equivalent substitution and improvements made etc., should be included in the present invention's Within protection domain.

Claims (10)

1. control method is called in a kind of application, it is characterised in that including:
Authentication server receives the authentication request of the first application, and the authentication request is that first application receives the second application Call request after generate, for asking the authentication server to determine the conjunction of the first application described in second application call The authentication information of the first application described in second application call is carried in method, the authentication request;
The authentication server determines whether the authentication information meets second application according to default application authorization message Call the condition of first application, it is customer identification information that the application authorization message includes each applying in system, each The authentication password of application and the access mandate information each applied;
If it is satisfied, then the authentication server determines that the first application is called to be legal described in second application call, and Authentication result information is sent to the described first application.
2. according to the method described in claim 1, it is characterised in that the authentication request is by first software development applied Filter in kit SDK is sent.
3. method according to claim 1 or 2, it is characterised in that the authentication information includes the knowledge of the described first application The authentication password of other information, the identification information of second application and first application.
4. according to the method described in claim 1, it is characterised in that the authentication server determines whether the authentication information is full The condition of first application described in foot second application call, including:
The authentication server judges whether the authentication information matches with the corresponding information in the application authorization message, if It is, it is determined that the authentication information meets the condition of the first application described in second application call.
5. method according to claim 3, it is characterised in that the access mandate information is addressable application;
The authentication server determines whether the authentication information meets the condition of the first application described in second application call, Including:
The authentication server judges whether include the described first application in the customer identification information in the application authorization message Identification information, first application in the authentication information authentication password whether with described in the application authorization message The authentication password of first application is consistent, and whether includes the described first application in the addressable application of second application Identification information;
If the judged result is to be, the authentication server judges that the authentication information meets second application and adjusted With the condition of the described first application.
6. control device is called in a kind of application, in authentication server, it is characterised in that including:
Request reception unit, the authentication request for receiving the first application, the authentication request is that first application is received Generated after the call request of second application, for asking the authentication server to determine first described in second application call The authentication information of the first application described in second application call is carried in the legitimacy of application, the authentication request;
Authenticating unit, for according to default application authorization message, determining whether the authentication information meets second application Call the condition of first application, it is customer identification information that the application authorization message includes each applying in system, each The authentication password of application and the access mandate information each applied;If it is satisfied, then determining described in second application call the One application is called to be legal, and sends authentication result information to the described first application.
7. device according to claim 6, it is characterised in that the authentication request is by first software development applied Filter in kit SDK is sent.
8. the device according to claim 6 or 7, it is characterised in that the authentication information includes the knowledge of the described first application The authentication password of other information, the identification information of second application and first application.
9. device according to claim 6, it is characterised in that the authenticating unit, for judging that the authentication information is The no corresponding information with the application authorization message is matched, if it is, determining that the authentication information meets described second and answered With the condition for calling first application.
10. device according to claim 8, it is characterised in that the access mandate information is addressable application; The authenticating unit, for judging whether include the described first application in the customer identification information in the application authorization message Whether the authentication password of first application in identification information, the authentication information is with described in the application authorization message the The authentication password of one application is consistent, and whether includes the described first application in the addressable application of second application Identification information;If the judged result is to be, judge that the authentication information is met described in second application call The condition of one application.
CN201710231637.5A 2017-04-11 2017-04-11 Control method and device are called in a kind of application Pending CN107045603A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710231637.5A CN107045603A (en) 2017-04-11 2017-04-11 Control method and device are called in a kind of application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710231637.5A CN107045603A (en) 2017-04-11 2017-04-11 Control method and device are called in a kind of application

Publications (1)

Publication Number Publication Date
CN107045603A true CN107045603A (en) 2017-08-15

Family

ID=59544988

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710231637.5A Pending CN107045603A (en) 2017-04-11 2017-04-11 Control method and device are called in a kind of application

Country Status (1)

Country Link
CN (1) CN107045603A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109829271A (en) * 2018-12-27 2019-05-31 深圳云天励飞技术有限公司 Method for authenticating and Related product
CN110324276A (en) * 2018-03-28 2019-10-11 腾讯科技(深圳)有限公司 A kind of method, system, terminal and electronic equipment logging in application

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101552798A (en) * 2008-04-03 2009-10-07 西门子公司 Control method and terminal equipment and system for realizing same
CN101754213A (en) * 2008-11-28 2010-06-23 爱思开电讯投资(中国)有限公司 Smart card, terminal equipment, and authentication server for guaranteeing application safety and methods thereof
CN102664933A (en) * 2012-04-06 2012-09-12 中国联合网络通信集团有限公司 User authorization method, application terminal, open platform and system
CN105472605A (en) * 2014-08-15 2016-04-06 中国电信股份有限公司 Mobile phone application calling authentication method, multifunctional universal smart card and mobile terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101552798A (en) * 2008-04-03 2009-10-07 西门子公司 Control method and terminal equipment and system for realizing same
CN101754213A (en) * 2008-11-28 2010-06-23 爱思开电讯投资(中国)有限公司 Smart card, terminal equipment, and authentication server for guaranteeing application safety and methods thereof
CN102664933A (en) * 2012-04-06 2012-09-12 中国联合网络通信集团有限公司 User authorization method, application terminal, open platform and system
CN105472605A (en) * 2014-08-15 2016-04-06 中国电信股份有限公司 Mobile phone application calling authentication method, multifunctional universal smart card and mobile terminal

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110324276A (en) * 2018-03-28 2019-10-11 腾讯科技(深圳)有限公司 A kind of method, system, terminal and electronic equipment logging in application
CN110324276B (en) * 2018-03-28 2022-01-07 腾讯科技(深圳)有限公司 Method, system, terminal and electronic device for logging in application
CN109829271A (en) * 2018-12-27 2019-05-31 深圳云天励飞技术有限公司 Method for authenticating and Related product
CN109829271B (en) * 2018-12-27 2021-07-20 深圳云天励飞技术有限公司 Authentication method and related product

Similar Documents

Publication Publication Date Title
CN111131242B (en) Authority control method, device and system
CN107135073B (en) Interface calling method and device
WO2016188256A1 (en) Application access authentication method, system, apparatus and terminal
CA2689847C (en) Network transaction verification and authentication
JP5231433B2 (en) System and method for authenticating remote server access
US9185091B2 (en) Extensible access control architecture
JP5844471B2 (en) How to control access to Internet-based applications
WO2019047513A1 (en) Internet defense method and authentication server
US20100115578A1 (en) Authentication in a network using client health enforcement framework
CN111614672A (en) CAS basic verification method and CAS-based authority authentication device
JP2015039214A (en) Method and system for protecting against id theft or replication abuse
WO2009037700A2 (en) Remote computer access authentication using a mobile device
CN113536258A (en) Terminal access control method and device, storage medium and electronic equipment
CN101986598B (en) Authentication method, server and system
JP2007310512A (en) Communication system, service providing server, and user authentication server
US11770385B2 (en) Systems and methods for malicious client detection through property analysis
CN111405036A (en) Service access method, device, related equipment and computer readable storage medium
CN104463584B (en) The method for realizing mobile terminal App secure payments
CN112448930A (en) Account registration method, device, server and computer readable storage medium
JP2009003559A (en) Computer system for single sign-on server, and program
CN116319024A (en) Access control method and device of zero trust system and zero trust system
CN111147740B (en) Method and device for controlling intelligent camera
CN114938288A (en) Data access method, device, equipment and storage medium
KR20020027702A (en) Method for intercepting the harmfulness site connection on the Internet
CN112910882B (en) Network management method, device, system and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170815

RJ01 Rejection of invention patent application after publication