CN108337227A - Method and middleware based on OpenID account login application programs - Google Patents
Method and middleware based on OpenID account login application programs Download PDFInfo
- Publication number
- CN108337227A CN108337227A CN201711405557.3A CN201711405557A CN108337227A CN 108337227 A CN108337227 A CN 108337227A CN 201711405557 A CN201711405557 A CN 201711405557A CN 108337227 A CN108337227 A CN 108337227A
- Authority
- CN
- China
- Prior art keywords
- openid
- login
- application program
- accounts
- middleware
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a kind of method and middleware based on OpenID account login application programs, the safety of multiple and different application programs is logged in its object is to improve user by OpenID login modes.The method of the present invention includes:It is logged in when login application program when by OpenID login modes, middleware monitors the interactive information waited between login application program and OpenID provider's site for service;When listening to OpenID provider's site for service to when login application program sends the first OpenID accounts, middleware intercepts the first OpenID accounts;Middleware acquisition waits for the corresponding unique application identities of login application program;Middleware generates the 2nd OpenID accounts according to the first OpenID accounts and unique application identities, and the 2nd OpenID accounts are supplied to and wait for login application program, and login application program is waited for successfully to log in.During the present invention is applied to user by OpenID login mode login application programs.
Description
Technical field
The present invention relates to technical field of data processing, more particularly to a kind of based on OpenID account login application programs
Method and middleware.
Background technology
Growing with Internet technology, the quantity using the user of internet is also increasing, provides to the user
The quantity of the application program of service is also more and more, and the login mode that different application is logged in using same OpenID accounts is answered
It transports and gives birth to.OpenID is the digital identity identification framework of a customer-centric, and user logs in a support side OpenID
(Relying Part, RP) application program is very simple, and expectation need to only be selected to use in the login interface of the application program
OpenID provider (OpenID Provide, OP), login interface will automatic jump to the corresponding clothes of the OpenID provider
It being engaged in website, user can input chartered login account and login password in OpenID provider's site for service,
When user successfully logs in OpenID provider's site for service, which can be according to the login of user
Account generates corresponding OpenID accounts, and provides the OpenID accounts of generation to the application program, can successfully log in the application
Program brings great convenience to user.
In the implementation of the present invention, following technical problem exists in the prior art in inventor, when user passes through
When OpenID login modes log in multiple and different application programs, after user successfully logs in OpenID provider's site for service,
OpenID provider's site for service is that the OpenID accounts that the user generates are identical, i.e., is stepped on using same OpenID accounts
Multiple and different application programs is recorded, if the OpenID provider's login account and login password of user are known by hacker, hacker
These application programs can be successfully logged in by way of hitting library attack, so as to steal user in different application
User information causes huge interests to lose to user, therefore it is multiple and different to cause user to be logged in by OpenID login modes
The safety of application program is relatively low.
Invention content
In view of this, a kind of method and middleware based on OpenID account login application programs provided by the invention, main
Syllabus is to improve the safety that user logs in multiple and different application programs by OpenID login modes.
In order to reach said effect, present invention generally provides following technical solutions:
In a first aspect, the present invention provides a kind of method based on OpenID account login application programs, this method includes:
It is logged in when login application program when by OpenID login modes, login application program is waited for described in middleware monitoring
It is described to wait for that login application program is that the support sides OpenID apply journey with the interactive information between OpenID provider's site for service
Sequence;
Wait for that login application program sends the first OpenID accounts to described when listening to OpenID provider's site for service
Number when, the middleware intercepts the first OpenID accounts;
The middleware waits for that the corresponding unique application identities of login application program, unique application identities are used described in obtaining
Login application program is waited for described in mark;
The middleware generates the 2nd OpenID accounts according to the first OpenID accounts and unique application identities,
And by the 2nd OpenID accounts be supplied to it is described wait for login application program, so as to successfully log in it is described wait logging in apply journey
Sequence.
Optionally, it is logged in when login application program when by OpenID login modes described, described in middleware monitoring
Before waiting for the interactive information between login application program and OpenID provider's site for service, the method further includes:
Wait for whether login application program supports OpenID login modes to log in described in the middleware judges;
It is described to be logged in when login application program when by OpenID login modes, it waits logging in application described in middleware monitoring
Interactive information between program and OpenID provider's site for service, including:
If so, waiting for the friendship between login application program and OpenID provider's site for service described in the middleware monitoring
Mutual information.
Optionally, described before waiting for the corresponding unique application identities of login application program described in being obtained in the middleware
Method further includes:
The middleware is respectively that each mounted support sides OpenID application program generates corresponding unique application mark
Know.
Optionally, the middleware generates second according to the first OpenID accounts and unique application identities
OpenID accounts, including:
The middleware is combined processing to the first OpenID accounts and unique application identities;
The middleware to after combined treatment the first OpenID accounts and the unique application identities carry out Hash
Operation generates the 2nd OpenID accounts.
Optionally, the middleware by the 2nd OpenID accounts be supplied to it is described wait for login application program, so as to
After waiting for login application program described in success login, the method further includes:
The middleware by the first OpenID accounts, the 2nd OpenID accounts and it is described wait log in apply journey
Mapping relations between sequence are cached, so as to again by OpenID login modes log in described in when login application program,
The middleware obtains the 2nd OpenID accounts after intercepting the first OpenID accounts from caching.
Optionally, the method further includes:
When installing OpenID support side's application programs again, the middleware is the support sides OpenID application program
Generate corresponding unique application identities.
Second aspect, the present invention provides a kind of middleware, which includes:
Monitoring unit waits logging in for logging in when login application program when by OpenID login modes described in monitoring
Interactive information between application program and OpenID provider's site for service, it is described to wait for that login application program is the support sides OpenID
Application program;
Interception unit listens to OpenID provider's site for service for working as the monitoring unit and waits logging in described
When application program sends the first OpenID accounts, the first OpenID accounts are intercepted;
Acquiring unit described waits for the corresponding unique application identities of login application program, unique application mark for obtaining
Know and described waits for login application program for identifying;
First generation unit, for described uniquely the answering according to the first OpenID accounts and acquiring unit acquisition
The 2nd OpenID accounts are generated with mark;
There is provided unit, the 2nd OpenID accounts for generating first generation unit be supplied to described in wait stepping on
Application program is recorded, described login application program is waited for successfully to log in.
Optionally, the middleware further includes:
Judging unit, for being logged in when login application program when by OpenID login modes in the monitoring unit,
It waits logging in before waiting for the interactive information between login application program and OpenID provider's site for service described in monitoring, described in judgement
Whether application program supports OpenID login modes to log in;
The monitoring unit waits for that login application program supports OpenID to step on specifically for working as described in the judging unit judgement
When record mode logs in, the interactive information between login application program and OpenID provider's site for service is waited for described in monitoring.
Optionally, the middleware further includes:
Second generation unit, for waiting for the corresponding unique application mark of login application program described in acquiring unit acquisition
Before knowledge, the respectively each mounted support sides OpenID application program generates corresponding unique application identities.
Optionally, first generation unit includes:
Composite module, for being combined processing to the first OpenID accounts and unique application identities;
Generation module, for after combined treatment the first OpenID accounts and unique application identities breathe out
Uncommon operation, generates the 2nd OpenID accounts.
Optionally, the middleware further includes:
Buffer unit, for the offer unit by the 2nd OpenID accounts be supplied to it is described wait logging in apply journey
Sequence, so as to successfully log in it is described wait for login application program after, by the first OpenID accounts, the 2nd OpenID accounts
And it is described wait for that the mapping relations between login application program are cached, so as to again by OpenID login modes log in institute
It states when login application program, the middleware obtains described second after intercepting the first OpenID accounts from caching
OpenID accounts.
Optionally, the middleware further includes:
Third generation unit, for when installing OpenID support side's application programs again, being the support sides OpenID
Application program generates corresponding unique application identities.
By above-mentioned technical proposal, technical solution provided by the invention at least has following advantages:
A kind of method and middleware based on OpenID account login application programs provided by the invention, and in the prior art
User logs in multiple and different application programs using same OpenID accounts by OpenID login modes and compares, and the present invention can
It is logged in when login application program by OpenID login modes, is monitored by the middleware being installed in terminal device and wait stepping on
The interactive information between application program and OpenID provider's site for service is recorded, middleware is listening to OpenID provider's service
Website intercepts the OpenID accounts, and obtain this and wait for login application program to when login application program sends OpenID accounts
Corresponding unique application identities, so that new OpenID accounts are generated according to the OpenID accounts and unique application identities, and will
Newly-generated OpenID accounts, which are supplied to, waits for login application program, waits stepping on to use newly-generated OpenID accounts successfully to log in
Record application program.Since unique application identities can be identified for that application program, different application programs correspond to different unique applications
Mark, therefore, middleware, can according to the OpenID accounts and the corresponding unique application identities of different application of interception acquisition
Respectively each application program generates different OpenID accounts so that user is logged in multiple and different by OpenID login modes
Application program when, substantially different application programs is logged in using different OpenID accounts, even if knowing to hacker
The OpenID provider's login account and login password of the user can not successfully log in these by way of hitting library attack
Application program, and then improve the safety that user logs in multiple and different application programs by OpenID login modes.
Above description is only the general introduction of technical solution of the present invention, in order to better understand the technical means of the present invention,
And can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can
It is clearer and more comprehensible, below the special specific implementation mode for lifting the present invention.
Description of the drawings
By reading the detailed description of hereafter preferred embodiment, various other advantages and benefit are common for this field
Technical staff will become clear.Attached drawing only for the purpose of illustrating preferred embodiments, and is not considered as to the present invention
Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 shows a kind of method flow based on OpenID account login application programs provided in an embodiment of the present invention
Figure;
Fig. 2 shows another method flows based on OpenID account login application programs provided in an embodiment of the present invention
Figure;
Fig. 3 shows a kind of composition frame chart of middleware provided in an embodiment of the present invention;
Fig. 4 shows the composition frame chart of another middleware provided in an embodiment of the present invention.
Specific implementation mode
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although showing the disclosure in attached drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
Completely it is communicated to those skilled in the art.
An embodiment of the present invention provides a kind of methods based on OpenID account login application programs, as shown in Figure 1, the party
Method generates new OpenID accounts according to OpenID accounts unique application identities corresponding with login application program is waited for that interception obtains
Number, and wait for login application program using newly-generated OpenID accounts login, it improves user and is stepped on by OpenID login modes
The safety of multiple and different application programs is recorded, this method includes:
101, it is logged in when login application program when by OpenID login modes, middleware monitoring waits for login application program
With the interactive information between OpenID provider's site for service.
Wherein, wait for that login application program is the mounted support sides OpenID (Relying Part, RP) in terminal device
Application program, i.e., the mounted application program for supporting to log in by OpenID login modes in terminal device.Middleware is eventually
Mounted generic service or application program in end equipment are installed in the operating system of terminal device and terminal device
Between application program, middleware can provide running environment and development environment for the application program in itself upper layer.
In embodiments of the present invention, the middleware being installed in terminal device can judge to wait for whether login application program is supported
OpenID login modes log in, when middleware judges this when login application program supports OpenID login modes to log in, it is intermediate
Part will begin listening for this and wait between login application program and OpenID provider (OpenID Provide, OP) site for service
Interactive information.
For example, being equipped with application program A in the terminal device of user X, the middleware a being installed in the terminal device can sentence
Whether disconnected application program A supports OpenID login modes to log in, when middleware a judges that application program A supports the login sides OpenID
When formula logs in, middleware a will begin listening for the interactive information between application program A and OpenID provider's site for service.
102, when listen to OpenID provider's site for service to when login application program send the first OpenID accounts when,
Middleware intercepts the first OpenID accounts.
In embodiments of the present invention, user selects the OpenID for it is expected to use in the login interface for waiting for login application program
After provider, wait for that the login interface of login application program will automatic jump in OpenID provider's site for service of selection,
At this point, the user will use login account and login password before this in OpenID provider registration to log in the OpenID and carry
Supplier's site for service;OpenID provider's site for service to the login account of the user and login password authentication success after,
Corresponding first OpenID accounts can be generated according to the login account of the user, and the first OpenID accounts are sent this and wait stepping on
Record application program;It waits logging in using journey to this when the middleware in listening state listens to OpenID provider's site for service
When sequence sends the first OpenID accounts, middleware will intercept the first OpenID accounts.
103, middleware acquisition waits for the corresponding unique application identities of login application program.
Wherein, unique application identities wait for login application program for identifying.
In embodiments of the present invention, middleware obtains OpenID provider's site for service to waiting for login application program in interception
It after the first OpenID accounts sent, obtains this and waits for the corresponding unique application identities of login application program, so that follow-up basis should
First OpenID accounts and unique application identities are generated for logging in the 2nd OpenID accounts for waiting for login application program.
104, middleware generates the 2nd OpenID accounts according to the first OpenID accounts and unique application identities, and by second
OpenID accounts, which are supplied to, waits for login application program, and login application program is waited for successfully to log in.
In embodiments of the present invention, middleware is acquiring after the corresponding unique application identities of login application program,
Corresponding 2nd OpenID accounts are generated according to unique application identities and the first OpenID accounts obtained by abovementioned steps interception
Number, and it is supplied to this to wait for login application program the 2nd newly-generated OpenID accounts, to use the 2nd OpenID accounts
It successfully logs in this and waits for login application program.
It needs to illustrate, since unique application identities can be identified for that application program, different application programs correspond to
Different unique application identities, therefore, the first OpenID accounts and different application that middleware is obtained according to interception correspond to
Unique application identities, can be respectively that each application program generates the 2nd different OpenID accounts so that user passes through
When OpenID login modes log in multiple and different application programs, substantially logged in not using the 2nd different OpenID accounts
Same application program, even if to OpenID provider's login account and login password that hacker has known the user, it can not
These application programs are successfully logged in by way of hitting library attack, and then the user information for effectively preventing the user is stolen by hacker
The case where taking, and causing the user that huge interests is caused to lose.
A kind of method based on OpenID account login application programs provided in an embodiment of the present invention, and is used in the prior art
Family logs in multiple and different application programs using same OpenID accounts by OpenID login modes and compares, the embodiment of the present invention
It can log in when login application program by OpenID login modes, be monitored by the middleware being installed in terminal device
Wait for that the interactive information between login application program and OpenID provider's site for service, middleware are listening to OpenID provider
Site for service intercepts the OpenID accounts to when login application program sends OpenID accounts, and obtains this and wait logging in application
The corresponding unique application identities of program, to generate new OpenID accounts according to the OpenID accounts and unique application identities,
And newly-generated OpenID accounts are supplied to and wait for login application program, to use newly-generated OpenID accounts successfully to log in
Wait for login application program.Since, unique application identities can be identified for that application program, different application programs corresponds to different unique
Application identities, therefore, middleware according to interception obtain OpenID accounts and the corresponding unique application identities of different application,
Can be respectively that each application program generates different OpenID accounts so that user is logged in multiple by OpenID login modes
When different application program, different application programs substantially is logged in using different OpenID accounts, even if to hacker
The OpenID provider's login account and login password of the user are known, can not successfully have been logged in by way of hitting library attack
These application programs, and then improve the safety that user logs in multiple and different application programs by OpenID login modes.
Below in order to be explained in more detail, an embodiment of the present invention provides another kinds to log in application based on OpenID accounts
The method of program in particular according to the first OpenID accounts and waits for that the corresponding unique application identities of login application program generate second
The specific method of OpenID accounts, specifically as shown in Fig. 2, this method includes:
201, middleware is respectively that each mounted support sides OpenID application program generates corresponding unique application mark
Know.
In embodiments of the present invention, due to being according to the first OpenID accounts for intercepting acquisition and to wait for login application program
Corresponding unique application identities are generated for logging in the 2nd OpenID accounts for waiting for login application program, therefore, before this in
Between part can be respectively the corresponding unique application identities of each mounted sides of supporting OpenID application program generation.
It needs to illustrate, middleware is being respectively the application program generation pair of each mounted support sides OpenID
Can be that each application program generates corresponding unique application identities at random when the unique application identities answered, it can also be according to every
The corresponding application message of a application program is that each application program generates corresponding unique application identities, wherein application message packet
It includes but is not limited to:The title of application program, the set-up time of application program, application program frequency of use etc., the present invention is real
It applies in example to this without limiting.
202, it is logged in when login application program when by OpenID login modes, middleware monitoring waits for login application program
With the interactive information between OpenID provider's site for service.
Wherein, it is logged in when login application program about step 202, when by OpenID login modes, middleware is monitored
It waits for the interactive information between login application program and OpenID provider's site for service, can be retouched with relevant portion in reference chart 1
It states, the embodiment of the present invention will not be described in great detail herein.
203, when listen to OpenID provider's site for service to when login application program send the first OpenID accounts when,
Middleware intercepts the first OpenID accounts.
Wherein, about step 203, when listen to OpenID provider's site for service to wait for login application program send first
When OpenID accounts, middleware intercepts the first OpenID accounts, can be implemented with the description of relevant portion in reference chart 1, the present invention
Example will not be described in great detail herein.
204, middleware acquisition waits for the corresponding unique application identities of login application program.
Wherein, the corresponding unique application identities of login application program are waited for about step 204, middleware acquisition, can referred to
The description of relevant portion, the embodiment of the present invention will not be described in great detail herein in Fig. 1.
205, middleware generates the 2nd OpenID accounts according to the first OpenID accounts and unique application identities.
In embodiments of the present invention, middleware obtains the first OpenID that OpenID provider's site for service is sent in interception
Account with get after the corresponding unique application identities of login application program, according to the first OpenID accounts and unique application
Mark is generated for logging in the 2nd OpenID accounts for waiting for login application program.It below will be to how according to the first OpenID accounts
Number and unique application identities generate the 2nd OpenID accounts and be described in detail.
(1) the first OpenID accounts of middleware pair and unique application identities are combined processing.
In embodiments of the present invention, middleware is acquiring after the corresponding unique application identities of login application program,
Processing is combined to the first OpenID accounts and unique application identities.It needs to illustrate, middleware is to first
When OpenID accounts and unique application identities are combined processing, for the priority of the first OpenID accounts and unique application identities
Sequentially, whether include other letters or number in the first OpenID accounts and unique application identities and after combined treatment
Word, the embodiment of the present invention is without specifically limiting.For example, the first OpenID accounts are A, wait for that login application program is corresponding unique
Application identities are B, and the first OpenID and unique application identities after combined treatment can be:AB、BA、ACB、CAB、ABC
Etc., wherein C is arbitrary letter and/or number.
(2) middleware generates the first OpenID accounts and unique application identities progress Hash operation after combined treatment
2nd OpenID accounts.
Wherein, Hash operation refers to that the data of random length are mapped as unique, regular length by hash algorithm
Data, since, hash algorithm has irreversible characteristic, therefore, middleware to after combined treatment the first OpenID accounts and
Unique application identities carry out Hash operation, generate the 2nd OpenID accounts, can reach encrypted effect, so as to ensure to make
The safety for waiting for login application program is logged in the 2nd OpenID accounts.
In embodiments of the present invention, middleware is being combined processing to the first OpenID accounts and unique application identities
Afterwards, to the first OpenID accounts and unique application identities progress Hash operation after combined treatment, the 2nd OpenID is generated
Account.
It needs to illustrate, used hash algorithm includes but not limited to during carrying out Hash operation:
MD2, MD4, MD5 and SHA-1 etc., to this without limiting in the embodiment of the present invention.
206, the 2nd OpenID accounts are supplied to and wait for login application program by middleware, wait logging in application successfully to log in
Program.
Wherein, the 2nd OpenID accounts are supplied to about 206, middleware and wait for login application program, successfully to log in
It waits for login application program, can herein will not be described in great detail with the description of relevant portion in reference chart 1, the embodiment of the present invention.
207, middleware by the first OpenID accounts, the 2nd OpenID accounts and waits for mapping between login application program
Relationship is cached, and to be logged in when login application program again by OpenID login modes, middleware is in interception first
After OpenID accounts, the 2nd OpenID accounts are obtained from caching.
In embodiments of the present invention, the login efficiency of login application program is waited in order to improve to log in, middleware is by step 203
It is middle interception obtain the first OpenID accounts, step 205 generate the 2nd OpenID accounts and this wait for login application program three
Mapping relations between person cache, and wait logging in using journey so that user subsequently logs in this again by OpenID login modes
When sequence, when the OpenID accounts that middleware interception obtains are the first OpenID accounts, middleware can in the buffer directly
The corresponding 2nd OpenID accounts of the first OpenID accounts are obtained, and are supplied to this to wait for that login is answered the 2nd OpenID accounts
With program, login application program is waited for use the 2nd OpenID accounts successfully to log in this, without carrying out step again
205, which generate this, waits logging in using corresponding 2nd OpenID accounts, and then improves to log in by OpenID login modes and wait stepping on
Record the login efficiency of application program.
208, when installing OpenID support side's application programs again, middleware generates for the support sides OpenID application program
Corresponding unique application identities.
In embodiments of the present invention, when installing the support sides OpenID application program in terminal device again, middleware is
The support sides the OpenID application program generates corresponding unique application identities, to ensure subsequently to pass through OpenID login modes
It, can be according to the corresponding unique application identities of the support sides OpenID application program when logging in the support sides the OpenID application program
Generate the 2nd OpenID accounts for logging in the support sides the OpenID application program.
Further, as the realization to method shown in above-mentioned Fig. 1 and Fig. 2, another embodiment of the present invention additionally provides one
Kind middleware.The middleware embodiment is corresponding with preceding method embodiment, and for ease of reading, the present embodiment is no longer to preceding method
Detail content in embodiment is repeated one by one, it should be understood that the middleware in the present embodiment can correspond to realize it is aforementioned
Full content in embodiment of the method.The middleware application is multiple not by the login of OpenID login modes in realization raising user
With the safety of application program, specifically as shown in figure 3, the middleware includes:
Monitoring unit 31 waits stepping on for logging in when login application program when by OpenID login modes described in monitoring
The interactive information between application program and OpenID provider's site for service is recorded, it is described to wait for that login application program is supported for OpenID
Square application program;
Interception unit 32 listens to OpenID provider's site for service for working as monitoring unit 31 and waits logging in described
When application program sends the first OpenID accounts, the first OpenID accounts are intercepted;
Acquiring unit 33 described waits for the corresponding unique application identities of login application program, unique application for obtaining
Mark described waits for login application program for identifying;
First generation unit 34, for described uniquely the answering according to the first OpenID accounts and the acquisition of acquiring unit 33
The 2nd OpenID accounts are generated with mark;
There is provided unit 35, the 2nd OpenID accounts for generating the first generation unit 34, which are supplied to, described to be waited stepping on
Application program is recorded, described login application program is waited for successfully to log in.
Further, as shown in figure 4, the middleware further includes:
Judging unit 36, for being logged in when login application program when by OpenID login modes in monitoring unit 31,
It waits logging in before waiting for the interactive information between login application program and OpenID provider's site for service described in monitoring, described in judgement
Whether application program supports OpenID login modes to log in;
Monitoring unit 31 judges described to wait for that login application program supports OpenID to step on specifically for working as the judging unit 36
When record mode logs in, the interactive information between login application program and OpenID provider's site for service is waited for described in monitoring.
Further, as shown in figure 4, the middleware further includes:
Second generation unit 37 described waits for the corresponding unique application mark of login application program for being obtained in acquiring unit 33
Before knowledge, the respectively each mounted support sides OpenID application program generates corresponding unique application identities.
Further, as shown in figure 4, the first generation unit 34 includes:
Composite module 341, for being combined processing to the first OpenID accounts and unique application identities;
Generation module 342, for after combined treatment the first OpenID accounts and unique application identities into
Row Hash operation generates the 2nd OpenID accounts.
Further, as shown in figure 4, the middleware further includes:
Buffer unit 38, for provide unit 35 by the 2nd OpenID accounts be supplied to it is described wait logging in apply journey
Sequence, so as to successfully log in it is described wait for login application program after, by the first OpenID accounts, the 2nd OpenID accounts
And it is described wait for that the mapping relations between login application program are cached, so as to again by OpenID login modes log in institute
It states when login application program, the middleware obtains described second after intercepting the first OpenID accounts from caching
OpenID accounts.
Further, as shown in figure 4, the middleware further includes:
Third generation unit 39, for when installing OpenID support side's application programs again, being supported for the OpenID
Square application program generates corresponding unique application identities.
A kind of method and middleware based on OpenID account login application programs provided in an embodiment of the present invention, and it is existing
User logs in multiple and different application programs using same OpenID accounts by OpenID login modes and compares in technology, this hair
Bright embodiment can be logged in by OpenID login modes when login application program, in being installed in terminal device
Between part monitor and wait for interactive information between login application program and OpenID provider's site for service, middleware is listening to
OpenID provider's site for service intercepts the OpenID accounts, and obtain to when login application program sends OpenID accounts
This waits for the corresponding unique application identities of login application program, to be generated newly according to the OpenID accounts and unique application identities
OpenID accounts, and newly-generated OpenID accounts are supplied to and wait for login application program, to use newly-generated OpenID
Account successfully logs in and waits for login application program.Since unique application identities can be identified for that application program, different application programs pair
Different unique application identities are answered, therefore, middleware is corresponding according to the OpenID accounts and different application of interception acquisition
Unique application identities can be respectively that each application program generates different OpenID accounts so that user is stepped on by OpenID
When record mode logs in multiple and different application programs, different application journeys is substantially logged in using different OpenID accounts
Even if sequence can not be attacked to OpenID provider's login account and login password that hacker has known the user by hitting library
The mode hit successfully logs in these application programs, and then improves user and log in multiple and different applications by OpenID login modes
The safety of program.Meanwhile the embodiment of the present invention be to after combined treatment OpenID accounts and wait for login application program correspond to
Unique application identities carry out Hash operation, generate new OpenID accounts, since, hash algorithm has irreversible characteristic,
Therefore, for encrypted effect can be reached by the newly-generated OpenID accounts of Hash operation, so as to ensure using new
The OpenID accounts of generation log in the safety for waiting for login application program.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, there is no the portion being described in detail in some embodiment
Point, it may refer to the associated description of other embodiment.
It is understood that the correlated characteristic in the above method and device can be referred to mutually.In addition, in above-described embodiment
" first ", " second " etc. be and not represent the quality of each embodiment for distinguishing each embodiment.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein.
Various general-purpose systems can also be used together with teaching based on this.As described above, it constructs required by this kind of system
Structure be obvious.In addition, the present invention is not also directed to any certain programmed language.It should be understood that can utilize various
Programming language realizes the content of invention described herein, and the description done above to language-specific is to disclose this hair
Bright preferred forms.
In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention
Example can be put into practice without these specific details.In some instances, well known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this description.
Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of each inventive aspect,
Above in the description of exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:It is i.e. required to protect
Shield the present invention claims the more features of feature than being expressly recited in each claim.More precisely, as following
Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
Thus the claims for following specific implementation mode are expressly incorporated in the specific implementation mode, wherein each claim itself
All as a separate embodiment of the present invention.
Those skilled in the art, which are appreciated that, to carry out adaptively the module in the equipment in embodiment
Change and they are arranged in the one or more equipment different from the embodiment.It can be the module or list in embodiment
Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or
Sub-component.Other than such feature and/or at least some of process or unit exclude each other, it may be used any
Combination is disclosed to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so to appoint
Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (including adjoint power
Profit requires, abstract and attached drawing) disclosed in each feature can be by providing the alternative features of identical, equivalent or similar purpose come generation
It replaces.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments
In included certain features rather than other feature, but the combination of the feature of different embodiments means in of the invention
Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed
One of meaning mode can use in any combination.
The all parts embodiment of the present invention can be with hardware realization, or to run on one or more processors
Software module realize, or realized with combination thereof.It will be understood by those of skill in the art that can use in practice
Microprocessor or digital signal processor (DSP) are according to the ... of the embodiment of the present invention based on the login application of OpenID accounts to realize
The some or all functions of the method for program and some or all components in middleware.The present invention is also implemented as using
In executing some or all equipment or program of device of method as described herein (for example, computer program and meter
Calculation machine program product).It is such to realize that the program of the present invention may be stored on the computer-readable medium, or can have one
The form of a or multiple signals.Such signal can be downloaded from internet website and be obtained, or above be carried in carrier signal
For, or provide in any other forms.
It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference mark between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such
Element.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer real
It is existing.In the unit claims listing several devices, several in these devices can be by the same hardware branch
To embody.The use of word first, second, and third does not indicate that any sequence.These words can be explained and be run after fame
Claim.
Claims (12)
1. a kind of method based on OpenID account login application programs, which is characterized in that including:
When by OpenID login modes log in when login application program, middleware monitor described in wait for login application program with
Interactive information between OpenID provider's site for service, it is described to wait for that login application program is the support sides OpenID application program;
When listen to OpenID provider's site for service to it is described when login application program send the first OpenID accounts when,
The middleware intercepts the first OpenID accounts;
The middleware waits for the corresponding unique application identities of login application program described in obtaining, and unique application identities are for marking
Login application program is waited for described in knowledge;
The middleware generates the 2nd OpenID accounts according to the first OpenID accounts and unique application identities, and will
The 2nd OpenID accounts be supplied to it is described wait for login application program, described wait for login application program successfully to log in.
2. according to the method described in claim 1, it is characterized in that, waiting logging in described ought log in by OpenID login modes
When application program, middleware monitor described in wait for interactive information between login application program and OpenID provider's site for service it
Before, the method further includes:
Wait for whether login application program supports OpenID login modes to log in described in the middleware judges;
It is described to be logged in when login application program when by OpenID login modes, wait for login application program described in middleware monitoring
With the interactive information between OpenID provider's site for service, including:
If so, waiting for interacting letter between login application program and OpenID provider's site for service described in the middleware monitoring
Breath.
3. according to the method described in claim 2, it is characterized in that, waiting for login application program pair described in being obtained in the middleware
Before the unique application identities answered, the method further includes:
The middleware is respectively that each mounted support sides OpenID application program generates corresponding unique application identities.
4. according to the method described in claim 3, it is characterized in that, the middleware is according to the first OpenID accounts and institute
It states unique application identities and generates the 2nd OpenID accounts, including:
The middleware is combined processing to the first OpenID accounts and unique application identities;
The middleware to after combined treatment the first OpenID accounts and the unique application identities carry out Hash operation,
Generate the 2nd OpenID accounts.
5. according to the method described in claim 4, it is characterized in that, the 2nd OpenID accounts are provided in the middleware
Wait for login application program to described, so as to successfully log in it is described wait for login application program after, the method further includes:
The middleware by the first OpenID accounts, the 2nd OpenID accounts and it is described wait for login application program it
Between mapping relations cached, so as to again by OpenID login modes log in described in when login application program, it is described
Middleware obtains the 2nd OpenID accounts after intercepting the first OpenID accounts from caching.
6. according to the method described in claim 1-5, which is characterized in that the method further includes:
When installing OpenID support side's application programs again, the middleware generates for the support sides OpenID application program
Corresponding unique application identities.
7. a kind of middleware, which is characterized in that including:
Monitoring unit waits logging in application described in monitoring for logging in when login application program when by OpenID login modes
Interactive information between program and OpenID provider's site for service, it is described to wait for that login application program is applied for the support sides OpenID
Program;
Interception unit, for work as the monitoring unit listen to OpenID provider's site for service to it is described wait log in application
When program sends the first OpenID accounts, the first OpenID accounts are intercepted;
Acquiring unit described waits for that the corresponding unique application identities of login application program, unique application identities are used for obtaining
Login application program is waited for described in mark;
First generation unit, unique application mark for being obtained according to the first OpenID accounts and the acquiring unit
Know and generates the 2nd OpenID accounts;
There is provided unit, the 2nd OpenID accounts for generating first generation unit, which are supplied to, described waits for that login is answered
With program, described login application program is waited for successfully to log in.
8. middleware according to claim 7, which is characterized in that the middleware further includes:
Judging unit is monitored for being logged in when login application program when by OpenID login modes in the monitoring unit
Before the interactive information waited between login application program and OpenID provider's site for service, wait logging in application described in judgement
Whether program supports OpenID login modes to log in;
The monitoring unit waits for that login application program supports the login sides OpenID specifically for working as described in the judging unit judgement
When formula logs in, the interactive information between login application program and OpenID provider's site for service is waited for described in monitoring.
9. middleware according to claim 8, which is characterized in that the middleware further includes:
Second generation unit, for the acquiring unit obtain described in wait for the corresponding unique application identities of login application program it
Before, the respectively each mounted support sides OpenID application program generates corresponding unique application identities.
10. middleware according to claim 9, which is characterized in that first generation unit includes:
Composite module, for being combined processing to the first OpenID accounts and unique application identities;
Generation module, for after combined treatment the first OpenID accounts and the unique application identities carry out Hash fortune
It calculates, generates the 2nd OpenID accounts.
11. middleware according to claim 10, which is characterized in that the middleware further includes:
Buffer unit, for the offer unit by the 2nd OpenID accounts be supplied to it is described wait for login application program,
So as to successfully log in it is described wait for login application program after, by the first OpenID accounts, the 2nd OpenID accounts with
And it is described wait for that the mapping relations between login application program are cached, so as to again by OpenID login modes log in described in
When login application program, the middleware obtains described second after intercepting the first OpenID accounts from caching
OpenID accounts.
12. according to the middleware described in claim 7-11, which is characterized in that the middleware further includes:
Third generation unit, for when installing OpenID support side's application programs again, being applied for the support sides OpenID
The corresponding unique application identities of Program Generating.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711405557.3A CN108337227B (en) | 2017-12-22 | 2017-12-22 | Method and middleware based on OpenID account login application program |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711405557.3A CN108337227B (en) | 2017-12-22 | 2017-12-22 | Method and middleware based on OpenID account login application program |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108337227A true CN108337227A (en) | 2018-07-27 |
| CN108337227B CN108337227B (en) | 2019-01-29 |
Family
ID=62923351
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711405557.3A Active CN108337227B (en) | 2017-12-22 | 2017-12-22 | Method and middleware based on OpenID account login application program |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108337227B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111930499A (en) * | 2020-07-06 | 2020-11-13 | 中国电子科技集团公司电子科学研究院 | DDS middleware application identifier generation method, configuration method and device |
| CN112738143A (en) * | 2019-10-14 | 2021-04-30 | 华为技术有限公司 | Account number binding method, device and system |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101552673A (en) * | 2009-04-30 | 2009-10-07 | 用友软件股份有限公司 | An approach to log in single sign-on system by using OpenID account |
| KR20110068623A (en) * | 2009-12-16 | 2011-06-22 | 주식회사 케이티 | Apparatus, system and method for processing open id authentication |
| CN102394887A (en) * | 2011-11-10 | 2012-03-28 | 杭州东信北邮信息技术有限公司 | OAuth protocol-based safety certificate method of open platform and system thereof |
| TW201225697A (en) * | 2010-09-20 | 2012-06-16 | Interdigital Patent Holdings | Identity management on a wireless device |
| CN102821084A (en) * | 2011-11-23 | 2012-12-12 | 腾讯科技(深圳)有限公司 | Method for identifying open platform, open platform and open system |
| CN103974248A (en) * | 2013-01-24 | 2014-08-06 | ***通信集团公司 | Terminal security protection method, device and system in ability open system |
| CN104125063A (en) * | 2013-04-28 | 2014-10-29 | 腾讯科技(深圳)有限公司 | Authentication method, equipment and system |
| CN105897757A (en) * | 2016-06-12 | 2016-08-24 | 上海携程商务有限公司 | Authorization and authentication system and authorization and authentication method |
| CN107196840A (en) * | 2016-03-14 | 2017-09-22 | 阿里巴巴集团控股有限公司 | Data processing method, device and equipment |
| CN107249001A (en) * | 2017-07-19 | 2017-10-13 | 北京深思数盾科技股份有限公司 | A kind of information processing method, apparatus and system |
-
2017
- 2017-12-22 CN CN201711405557.3A patent/CN108337227B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101552673A (en) * | 2009-04-30 | 2009-10-07 | 用友软件股份有限公司 | An approach to log in single sign-on system by using OpenID account |
| KR20110068623A (en) * | 2009-12-16 | 2011-06-22 | 주식회사 케이티 | Apparatus, system and method for processing open id authentication |
| TW201225697A (en) * | 2010-09-20 | 2012-06-16 | Interdigital Patent Holdings | Identity management on a wireless device |
| CN102394887A (en) * | 2011-11-10 | 2012-03-28 | 杭州东信北邮信息技术有限公司 | OAuth protocol-based safety certificate method of open platform and system thereof |
| CN102821084A (en) * | 2011-11-23 | 2012-12-12 | 腾讯科技(深圳)有限公司 | Method for identifying open platform, open platform and open system |
| CN103974248A (en) * | 2013-01-24 | 2014-08-06 | ***通信集团公司 | Terminal security protection method, device and system in ability open system |
| CN104125063A (en) * | 2013-04-28 | 2014-10-29 | 腾讯科技(深圳)有限公司 | Authentication method, equipment and system |
| CN107196840A (en) * | 2016-03-14 | 2017-09-22 | 阿里巴巴集团控股有限公司 | Data processing method, device and equipment |
| CN105897757A (en) * | 2016-06-12 | 2016-08-24 | 上海携程商务有限公司 | Authorization and authentication system and authorization and authentication method |
| CN107249001A (en) * | 2017-07-19 | 2017-10-13 | 北京深思数盾科技股份有限公司 | A kind of information processing method, apparatus and system |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112738143A (en) * | 2019-10-14 | 2021-04-30 | 华为技术有限公司 | Account number binding method, device and system |
| CN112738143B (en) * | 2019-10-14 | 2022-05-10 | 华为技术有限公司 | Account number binding method, device and system |
| CN111930499A (en) * | 2020-07-06 | 2020-11-13 | 中国电子科技集团公司电子科学研究院 | DDS middleware application identifier generation method, configuration method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108337227B (en) | 2019-01-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9716726B2 (en) | Method of identifying and counteracting internet attacks | |
| CN104980309B (en) | website security detection method and device | |
| US11349814B2 (en) | Automatic placeholder finder-filler | |
| CN104219316B (en) | A kind of call request processing method and processing device in distributed system | |
| US8695027B2 (en) | System and method for application security assessment | |
| US10108801B2 (en) | Web application vulnerability scanning | |
| US20160036849A1 (en) | Method, Apparatus and System for Detecting and Disabling Computer Disruptive Technologies | |
| CN105635178B (en) | Ensure the block type Network Access Method and device of safety | |
| CN104954386B (en) | A kind of network anti-hijacking method and device | |
| EP3709592B1 (en) | Detecting web application vulnerabilities | |
| US20130081129A1 (en) | Outbound Connection Detection and Blocking at a Client Computer | |
| EP3267349A1 (en) | Method and computer system for determining a threat score | |
| WO2013000083A1 (en) | Detecting security vulnerabilities in web applications | |
| CN101873331A (en) | Safety authentication method and system | |
| CN113868659B (en) | Vulnerability detection method and system | |
| CN102957696B (en) | A kind of data processing method and device | |
| US20180302437A1 (en) | Methods of identifying and counteracting internet attacks | |
| CN106302606A (en) | A kind of across application access method and device | |
| CN108965037A (en) | The acquisition and audit analysis method and device of safety test data | |
| CN107360187A (en) | A kind of processing method of network abduction, apparatus and system | |
| CN105959276A (en) | Application control method, device, and terminal device based on third party account login | |
| CN108337227B (en) | Method and middleware based on OpenID account login application program | |
| US20140373158A1 (en) | Detecting security vulnerabilities on computing devices | |
| JP6914436B2 (en) | Systems and methods for authentication | |
| US20120198555A1 (en) | Testing web services that are accessible via service oriented architecture (soa) interceptors |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee after: Beijing Shendun Technology Co.,Ltd. Address before: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. |