CN107045603A - Control method and device are called in a kind of application - Google Patents
Control method and device are called in a kind of application Download PDFInfo
- Publication number
- CN107045603A CN107045603A CN201710231637.5A CN201710231637A CN107045603A CN 107045603 A CN107045603 A CN 107045603A CN 201710231637 A CN201710231637 A CN 201710231637A CN 107045603 A CN107045603 A CN 107045603A
- Authority
- CN
- China
- Prior art keywords
- application
- authentication
- information
- call
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/629—Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Automation & Control Theory (AREA)
- Computer And Data Communications (AREA)
- Telephonic Communication Services (AREA)
Abstract
Control method and device are called this application discloses a kind of application, wherein method includes:Authentication server receives the authentication request of the first application, the authentication request is generated after the first application receives the call request of the second application, for asking authentication server to determine to carry the authentication information of the first application described in second application call in the legitimacy of the second application call first application, the authentication request;Authentication server is according to default application authorization message, determine whether the authentication information meets the condition of the first application described in second application call, the application authorization message includes the customer identification information each applied, the authentication password each applied and the access mandate information each applied in system;If it is satisfied, then the authentication server determines that the first application is called to be legal described in second application call, and authentication result information is sent to the described first application.Using the present invention, the security of enterprises under network environment application can be improved.
Description
Technical field
The present invention relates to Computer Applied Technology, control method and device are called in more particularly to a kind of application.
Background technology
At present, in the mobile Internet epoch, many enterprises are with the extension of business scale and species, the application of enterprises
Amount of software is more and more, meanwhile, mutually calling between each application software is also more and more universal.In this way, in internet environment
Various hacker softwares be readily available call relation between application software, the application software to enterprises is attacked and broken
It is bad.If for example, an application software is by hacker attacks, hacker can be by its in the application software unauthorized access enterprise
His application software.
The application call control program under a kind of network environment is not yet proposed at present, it is various non-in internet environment to prevent
Method accesses the attack and destruction to application software, it is ensured that the security of enterprise's application.
The content of the invention
In view of this, control method and device, Ke Yiti are called it is a primary object of the present invention to provide a kind of application
The security of high enterprises under network environment application.
In order to achieve the above object, technical scheme proposed by the present invention is:
Control method is called in a kind of application, including:
Authentication server receives the authentication request of the first application, and the authentication request is that first application receives second
Generated after the call request of application, for asking the authentication server to determine the first application described in second application call
Legitimacy, the authentication information of the first application described in second application call is carried in the authentication request;
The authentication server determines whether the authentication information meets described second according to default application authorization message
Described in application call first application condition, the application authorization message include system in each apply customer identification information,
The authentication password each applied and the access mandate information each applied;
If it is satisfied, then the authentication server determines that the first application is called to be legal described in second application call,
And send authentication result information to the described first application.
Control device is called in a kind of application, in authentication server, including:
Request reception unit, the authentication request for receiving the first application, the authentication request is that first application connects
Generated after the call request for receiving the second application, for asking the authentication server to determine described in second application call
The authentication information of the first application described in second application call is carried in the legitimacy of first application, the authentication request;
Authenticating unit, for according to default application authorization message, determining whether the authentication information meets described second
Described in application call first application condition, the application authorization message include system in each apply customer identification information,
The authentication password each applied and the access mandate information each applied;If it is satisfied, then determining the second application call institute
State the first application to call to be legal, and authentication result information is sent to the described first application.
In summary, control method and device are called in application proposed by the present invention, by advance in authentication server
The access mandate information each applied in configuration system, every time call apply when, provide respective service before, first triggering mirror
Power server is called to this and authenticated, and this execution called is determined whether further according to authenticating result, in this way, can be with
The legitimacy of application call is ensured, so as to improve the security of enterprises under network environment application.
Brief description of the drawings
Fig. 1 is the method flow schematic diagram of the embodiment of the present invention;
Fig. 2 is the apparatus structure schematic diagram of the embodiment of the present invention;
Fig. 3 is the system structure diagram of the embodiment of the present invention.
Embodiment
It is right below in conjunction with the accompanying drawings and the specific embodiments to make the object, technical solutions and advantages of the present invention clearer
The present invention is described in further detail.
The present invention core concept be:Application request is called for each, it is right according to the application authorization message being pre-configured with
The legitimacy of the request is audited, only by the request of examination & verification, just allows response.In this way, rogue attacks can be improved
Difficulty, is conducive to improving the security of enterprises under network environment application.
Fig. 1 is the method flow schematic diagram of the embodiment of the present invention, as shown in figure 1, the application that the embodiment is realized is called
Control method mainly includes:
Step 101, authentication server receive the authentication request of the first application, and the authentication request is that first application connects
Generated after the call request for receiving the second application, for asking the authentication server to determine described in second application call
The authentication information of the first application described in second application call is carried in the legitimacy of first application, the authentication request.
In this step, each application (i.e. application APP) is when receiving the call request of other application, it is necessary to first touch
Hair authentication server is authenticated to the legitimacy of the call request, to ensure in subsequent process, only to authenticating successful adjust
Corresponding application service is provided with request.So, each call request for receiving of application is filtered by active, can be with
Effectively improve using called legitimacy, so as to ensure the security called between the application under network environment.
The authentication server can be cloud server in actual applications.
It is preferred that realize for convenience, using can directly install the filtering of SDK (SDK) using it
Device, request authentication server is authenticated to the legitimacy of call request, i.e. when the mistake of the SDK located at the first application porch
When filter receives the call request of the second application, by the filter in the SDK of the first application send corresponding authentication request to
Authentication server.
Specifically, the authentication information can include:The identification information of first application, the identification of second application
Information and the authentication password of first application.
The access mandate information each applied is used for the access mandate for limiting application, specifically, Ke Yiwei:Each application can
The application of access, or:The application that each application can be accessed, specifically can by those skilled in the art according to
It is actually needed the suitable describing mode of selection.
Step 102, the authentication server determine whether the authentication information meets according to default application authorization message
The condition of first application described in second application call, the user that the application authorization message includes each applying in system knows
Other information, the authentication password each applied and the access mandate information each applied.
In this step, authentication server will carry out phase according to default application authorization message to the authentication request received
The authentication answered, i.e. determine whether the authentication information meets the condition of the first application described in second application call.
The access mandate information is used for the access mandate for limiting application, specifically, Ke Yiwei:Using addressable application
Scope, or:Using the application that can be accessed, it specifically can according to actual needs be selected to close by those skilled in the art
Suitable describing mode.
It is preferred that can determine whether the authentication information is met described in second application call using following methods
The condition of one application:
The authentication server judges whether the authentication information matches with the corresponding information in the application authorization message,
If it is, determining that the authentication information meets the condition of the first application described in second application call.
Further, when access mandate information is addressable application, authentication server can use following sides
Method determines whether the authentication information meets the condition of the first application described in second application call:
The authentication server judges whether include described first in the customer identification information in the application authorization message
In the identification information of application, the authentication information it is described first application authentication password whether with the application authorization message
The authentication password of first application is consistent, and whether includes described first in the addressable application of second application
The identification information of application;If the judged result is to be, the authentication server judges that the authentication information meets institute
State the condition of the first application described in the second application call.
Here, judge whether include the identification of the described first application in the customer identification information in the application authorization message
Whether the authentication password of first application in information, the authentication information should with described in the application authorization message first
Authentication password is consistent, is verified for the legitimacy to authentication request, i.e., whether the application of the determination request authentication
For validated user.Judge whether include the identification information of the described first application in the addressable application of second application,
Then it is used for the legitimacy for determining that the second application accesses the first application.By carrying out above-mentioned several judgements, application can be substantially ensured that
The reliability and the validity of authentication called.
In actual applications, authentication server is received after authentication request, and legitimacy that can be first to authentication request is carried out
Checking, then after it is determined that asking the application of the authentication for validated user, judges the recipient (i.e. first of the call request
Using) whether sending in the addressable scope of application (the i.e. second application) of the call request, if it is, determining authentication
Pass through.
Step 103, if it is satisfied, then the authentication server determines described in second application call the first application to close
Method is called, and sends authentication result information to the described first application.
Here, in the case where being defined as legal call, authentication server notifies authentication result information to the first application,
Only it is at it to whether receiving call request and being controlled according to the authentication result information of authentication server so as to the first application
It is legal when calling, just allow the second application call this application, so as to effectively prevent various unauthorized access in internet environment
Attack and destruction to application software, it is ensured that the security of enterprise's application.
In actual applications, in the case where being defined as illegally calling, authentication server directly will can also be called illegally
Authenticating result notify to first application.
Fig. 2 calls control device structural representation for a kind of application corresponding with the above method.In actual applications,
The device will be arranged in authentication server, as shown in Fig. 2 the device includes:
Request reception unit 201, the authentication request for receiving the first application, the authentication request is first application
Generated after the call request for receiving the second application, for asking the authentication server to determine the second application call institute
State the authentication information that the first application described in second application call is carried in the legitimacy of the first application, the authentication request;
Authenticating unit 202, for according to default application authorization message, determining whether the authentication information meets described
The condition of first application described in two application calls, the application authorization message includes the user's identification letter each applied in system
Breath, the authentication password each applied and the access mandate information each applied;If it is satisfied, then determining second application call
First application is called to be legal, and sends authentication result information to the described first application.
It is preferred that the authentication request is sent by the filter in the described first SDK SDK applied.
It is preferred that the authentication information includes the identification information of the described first application, the identification information of second application
With the authentication password of the described first application.
It is preferred that the authenticating unit 202, for judge the authentication information whether with the application authorization message
Corresponding information is matched, if it is, determining that the authentication information meets the condition of the first application described in second application call.
It is preferred that the access mandate information is addressable application;The authenticating unit 202, for judging
Whether state includes in the described first identification information applied, the authentication information using in the customer identification information in authorization message
It is described first application authentication password whether with described in the application authorization message first application authentication password it is consistent, with
And whether include the identification information of the described first application in the addressable application of second application;If described judge knot
Fruit is to be, then judges that the authentication information meets the condition of the first application described in second application call.
Fig. 3 calls control system architecture schematic diagram for a kind of application corresponding with the above method, as shown in figure 3, should
System includes:
Call control client 301, during call request for receiving other application when the application of this client, request
The legitimacy of 302 pairs of call requests of authentication server is authenticated;According to the authenticating result, it is determined whether receive described
Call request;
Authentication server 302, for the request according to the authentication, according to default application authorization message, is carried out corresponding
Authentication, authenticating result is notified to the application for asking the authentication;The application authorization message includes each applying in system
Customer identification information, authentication password and access mandate information.
The access mandate information can be:Using addressable application, or:Should using what can be accessed
With scope, suitable describing mode can be specifically selected according to actual needs by those skilled in the art.
It is preferred that described call control client 301, for being received when the filter for the SDK for being located at application porch
During the call request, authentication request is sent to the authentication server 302 using the filter, the authentication request is carried
The sender of the call request and the customer identification information of recipient and the authentication password of the recipient.
It is preferred that the authentication server 302, for according to the application authorization message, it is determined that the request authentication
Application be validated user after, judge to send the call request application whether application that can be to be authenticated described in access request,
If it is, authentication passes through, and otherwise, failed authentication.
It is preferred that described call control client 301, for when the authentication passes through, receiving the call request,
During the failed authentication, refuse the call request.
In summary, presently preferred embodiments of the present invention is these are only, is not intended to limit the scope of the present invention.
Within the spirit and principles of the invention, any modification, equivalent substitution and improvements made etc., should be included in the present invention's
Within protection domain.
Claims (10)
1. control method is called in a kind of application, it is characterised in that including:
Authentication server receives the authentication request of the first application, and the authentication request is that first application receives the second application
Call request after generate, for asking the authentication server to determine the conjunction of the first application described in second application call
The authentication information of the first application described in second application call is carried in method, the authentication request;
The authentication server determines whether the authentication information meets second application according to default application authorization message
Call the condition of first application, it is customer identification information that the application authorization message includes each applying in system, each
The authentication password of application and the access mandate information each applied;
If it is satisfied, then the authentication server determines that the first application is called to be legal described in second application call, and
Authentication result information is sent to the described first application.
2. according to the method described in claim 1, it is characterised in that the authentication request is by first software development applied
Filter in kit SDK is sent.
3. method according to claim 1 or 2, it is characterised in that the authentication information includes the knowledge of the described first application
The authentication password of other information, the identification information of second application and first application.
4. according to the method described in claim 1, it is characterised in that the authentication server determines whether the authentication information is full
The condition of first application described in foot second application call, including:
The authentication server judges whether the authentication information matches with the corresponding information in the application authorization message, if
It is, it is determined that the authentication information meets the condition of the first application described in second application call.
5. method according to claim 3, it is characterised in that the access mandate information is addressable application;
The authentication server determines whether the authentication information meets the condition of the first application described in second application call,
Including:
The authentication server judges whether include the described first application in the customer identification information in the application authorization message
Identification information, first application in the authentication information authentication password whether with described in the application authorization message
The authentication password of first application is consistent, and whether includes the described first application in the addressable application of second application
Identification information;
If the judged result is to be, the authentication server judges that the authentication information meets second application and adjusted
With the condition of the described first application.
6. control device is called in a kind of application, in authentication server, it is characterised in that including:
Request reception unit, the authentication request for receiving the first application, the authentication request is that first application is received
Generated after the call request of second application, for asking the authentication server to determine first described in second application call
The authentication information of the first application described in second application call is carried in the legitimacy of application, the authentication request;
Authenticating unit, for according to default application authorization message, determining whether the authentication information meets second application
Call the condition of first application, it is customer identification information that the application authorization message includes each applying in system, each
The authentication password of application and the access mandate information each applied;If it is satisfied, then determining described in second application call the
One application is called to be legal, and sends authentication result information to the described first application.
7. device according to claim 6, it is characterised in that the authentication request is by first software development applied
Filter in kit SDK is sent.
8. the device according to claim 6 or 7, it is characterised in that the authentication information includes the knowledge of the described first application
The authentication password of other information, the identification information of second application and first application.
9. device according to claim 6, it is characterised in that the authenticating unit, for judging that the authentication information is
The no corresponding information with the application authorization message is matched, if it is, determining that the authentication information meets described second and answered
With the condition for calling first application.
10. device according to claim 8, it is characterised in that the access mandate information is addressable application;
The authenticating unit, for judging whether include the described first application in the customer identification information in the application authorization message
Whether the authentication password of first application in identification information, the authentication information is with described in the application authorization message the
The authentication password of one application is consistent, and whether includes the described first application in the addressable application of second application
Identification information;If the judged result is to be, judge that the authentication information is met described in second application call
The condition of one application.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710231637.5A CN107045603A (en) | 2017-04-11 | 2017-04-11 | Control method and device are called in a kind of application |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710231637.5A CN107045603A (en) | 2017-04-11 | 2017-04-11 | Control method and device are called in a kind of application |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107045603A true CN107045603A (en) | 2017-08-15 |
Family
ID=59544988
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710231637.5A Pending CN107045603A (en) | 2017-04-11 | 2017-04-11 | Control method and device are called in a kind of application |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107045603A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109829271A (en) * | 2018-12-27 | 2019-05-31 | 深圳云天励飞技术有限公司 | Method for authenticating and Related product |
CN110324276A (en) * | 2018-03-28 | 2019-10-11 | 腾讯科技(深圳)有限公司 | A kind of method, system, terminal and electronic equipment logging in application |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101552798A (en) * | 2008-04-03 | 2009-10-07 | 西门子公司 | Control method and terminal equipment and system for realizing same |
CN101754213A (en) * | 2008-11-28 | 2010-06-23 | 爱思开电讯投资(中国)有限公司 | Smart card, terminal equipment, and authentication server for guaranteeing application safety and methods thereof |
CN102664933A (en) * | 2012-04-06 | 2012-09-12 | 中国联合网络通信集团有限公司 | User authorization method, application terminal, open platform and system |
CN105472605A (en) * | 2014-08-15 | 2016-04-06 | 中国电信股份有限公司 | Mobile phone application calling authentication method, multifunctional universal smart card and mobile terminal |
-
2017
- 2017-04-11 CN CN201710231637.5A patent/CN107045603A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101552798A (en) * | 2008-04-03 | 2009-10-07 | 西门子公司 | Control method and terminal equipment and system for realizing same |
CN101754213A (en) * | 2008-11-28 | 2010-06-23 | 爱思开电讯投资(中国)有限公司 | Smart card, terminal equipment, and authentication server for guaranteeing application safety and methods thereof |
CN102664933A (en) * | 2012-04-06 | 2012-09-12 | 中国联合网络通信集团有限公司 | User authorization method, application terminal, open platform and system |
CN105472605A (en) * | 2014-08-15 | 2016-04-06 | 中国电信股份有限公司 | Mobile phone application calling authentication method, multifunctional universal smart card and mobile terminal |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110324276A (en) * | 2018-03-28 | 2019-10-11 | 腾讯科技(深圳)有限公司 | A kind of method, system, terminal and electronic equipment logging in application |
CN110324276B (en) * | 2018-03-28 | 2022-01-07 | 腾讯科技(深圳)有限公司 | Method, system, terminal and electronic device for logging in application |
CN109829271A (en) * | 2018-12-27 | 2019-05-31 | 深圳云天励飞技术有限公司 | Method for authenticating and Related product |
CN109829271B (en) * | 2018-12-27 | 2021-07-20 | 深圳云天励飞技术有限公司 | Authentication method and related product |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111131242B (en) | Authority control method, device and system | |
CN107135073B (en) | Interface calling method and device | |
WO2016188256A1 (en) | Application access authentication method, system, apparatus and terminal | |
CA2689847C (en) | Network transaction verification and authentication | |
JP5231433B2 (en) | System and method for authenticating remote server access | |
US9185091B2 (en) | Extensible access control architecture | |
JP5844471B2 (en) | How to control access to Internet-based applications | |
WO2019047513A1 (en) | Internet defense method and authentication server | |
US20100115578A1 (en) | Authentication in a network using client health enforcement framework | |
CN111614672A (en) | CAS basic verification method and CAS-based authority authentication device | |
JP2015039214A (en) | Method and system for protecting against id theft or replication abuse | |
WO2009037700A2 (en) | Remote computer access authentication using a mobile device | |
CN113536258A (en) | Terminal access control method and device, storage medium and electronic equipment | |
CN101986598B (en) | Authentication method, server and system | |
JP2007310512A (en) | Communication system, service providing server, and user authentication server | |
US11770385B2 (en) | Systems and methods for malicious client detection through property analysis | |
CN111405036A (en) | Service access method, device, related equipment and computer readable storage medium | |
CN104463584B (en) | The method for realizing mobile terminal App secure payments | |
CN112448930A (en) | Account registration method, device, server and computer readable storage medium | |
JP2009003559A (en) | Computer system for single sign-on server, and program | |
CN116319024A (en) | Access control method and device of zero trust system and zero trust system | |
CN111147740B (en) | Method and device for controlling intelligent camera | |
CN114938288A (en) | Data access method, device, equipment and storage medium | |
KR20020027702A (en) | Method for intercepting the harmfulness site connection on the Internet | |
CN112910882B (en) | Network management method, device, system and computer readable storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170815 |
|
RJ01 | Rejection of invention patent application after publication |