[go: up one dir, main page]

CN109522726B - Authentication method for applet, server and computer readable storage medium - Google Patents

Authentication method for applet, server and computer readable storage medium Download PDF

Info

Publication number
CN109522726B
CN109522726B CN201811202378.4A CN201811202378A CN109522726B CN 109522726 B CN109522726 B CN 109522726B CN 201811202378 A CN201811202378 A CN 201811202378A CN 109522726 B CN109522726 B CN 109522726B
Authority
CN
China
Prior art keywords
user
request
client
applet
application platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811202378.4A
Other languages
Chinese (zh)
Other versions
CN109522726A (en
Inventor
王玉民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kangjian Information Technology Shenzhen Co Ltd
Original Assignee
Kangjian Information Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kangjian Information Technology Shenzhen Co Ltd filed Critical Kangjian Information Technology Shenzhen Co Ltd
Priority to CN201811202378.4A priority Critical patent/CN109522726B/en
Publication of CN109522726A publication Critical patent/CN109522726A/en
Application granted granted Critical
Publication of CN109522726B publication Critical patent/CN109522726B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)

Abstract

The invention is applicable to the technical field of computers, and provides an authentication method, a server and a computer readable storage medium of an applet, wherein the method comprises the following steps: if a user authorization authentication request from a client is received, acquiring an encryption character string received and forwarded by the client from an application platform and acquiring a key from the application platform, wherein the encryption character string is obtained by encrypting user information of a user currently logged in the application platform by the application platform, the client is a client of an applet, and the applet relies on the application platform as a carrier; and decrypting the encrypted character string according to the key to obtain the user information. The invention ensures that the authentication information is real and effective when the user logs in the applet client, and simultaneously can realize one-key operation, thereby simplifying the login process, saving the time spent by the user in the login process and improving the user experience.

Description

Authentication method for applet, server and computer readable storage medium
Technical Field
The present invention relates to the field of computer technologies, and in particular, to an authentication method, a server, and a computer readable storage medium for an applet.
Background
The conventional internet web page authentication process generally implements authentication by storing attributes and configuration information required for a specific user session using session (time domain) objects. The use process of the applet also needs authentication, and the applet is logged in through the page of the third party application, but there is no cookie (data stored on the local terminal of the user) concept in the applet, so the authentication cannot be realized by using the traditional authentication mode that the session object stores the attribute and configuration information required by the session of the specific user. Therefore, in the authentication process of the applet, authentication is generally performed by using login modes such as account password login or mobile phone dynamic code verification, but the flow of the login modes is complicated, and a user needs to spend a certain time for processing, so that the user experience is poor.
Disclosure of Invention
In view of this, the embodiments of the present invention provide an authentication method, a server and a computer readable storage medium for a applet, so as to solve the problem that in the prior art, the flow of the login method of the applet is complicated, and a user needs to spend a certain time for processing.
A first aspect of an embodiment of the present invention provides a method, including:
If a user authorization authentication request from a client is received, acquiring an encryption character string received and forwarded by the client from an application platform and acquiring a key from the application platform, wherein the encryption character string is obtained by encrypting user information of a user currently logged in the application platform by the application platform, the client is a client of an applet, and the applet relies on the application platform as a carrier;
decrypting the encrypted character string according to the key to obtain the user information;
If the user information is inquired in a pre-stored user information base, generating a notification of successful authorization, receiving a user identification of the user of the application platform, generating authentication information according to the user identification of the user, storing the authentication information in a database, and sending the authentication information and the notification of successful authorization to the client.
A second aspect of an embodiment of the present invention provides a server comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of, when executing the computer program:
If a user authorization authentication request from a client is received, acquiring an encryption character string received and forwarded by the client from an application platform and acquiring a key from the application platform, wherein the encryption character string is obtained by encrypting user information of a user currently logged in the application platform by the application platform, the client is a client of an applet, and the applet relies on the application platform as a carrier;
decrypting the encrypted character string according to the key to obtain the user information;
If the user information is inquired in a pre-stored user information base, generating a notification of successful authorization, receiving a user identification of the user of the application platform, generating authentication information according to the user identification of the user, storing the authentication information in a database, and sending the authentication information and the notification of successful authorization to the client.
A third aspect of the embodiments of the present invention provides a computer-readable storage medium storing a computer program, characterized in that the computer program when executed by a processor implements the steps of the above method.
The authentication method, the server and the computer readable storage medium for implementing the applet provided by the embodiment of the invention have the following beneficial effects:
According to the embodiment of the invention, the user triggers the user authorization authentication request through one key of the virtual key on the client login interface, the encrypted character string received and forwarded by the client from the application platform is obtained, the key is obtained from the application platform, the encrypted character string is decrypted according to the key to obtain the user information, the server stores all user information with login permission in the pre-stored user information base, the server judges whether the user information is inquired in the pre-stored user information base, and when the server inquires the user information in the pre-stored user information base, the user is judged to have permission, so that when the user logs in the applet client, one-key operation can be realized while the authentication information is ensured to be truly and effectively, the login flow is simplified, the time spent by the user in the login process is saved, and the user experience is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of an implementation of an authentication method of an applet according to a first embodiment of the present invention;
Fig. 2 is a schematic flow chart of an implementation of an authentication method of an applet according to a second embodiment of the present invention;
Fig. 3 is a schematic flow chart of an implementation of an authentication method of an applet according to a third embodiment of the present invention;
fig. 4 is a schematic flow chart of an implementation of an authentication method of a applet according to a fourth embodiment of the present invention;
FIG. 5 is a schematic diagram of a server according to a fifth embodiment of the present invention;
Fig. 6 is a schematic diagram of a server according to a sixth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The applet in the embodiment of the invention refers to a mobile terminal application which can be used without downloading and installing based on the development completion of a specific programming language. The applet is not required to be manually installed in an operating system of the mobile terminal, and is usually required to be used as a carrier by relying on an application platform, and the application platform can be an instant messaging application. After the development of the applet is completed through the applet development platform, the developer issues the developed applet to the service end of the application platform to realize the docking with the application platform.
Referring to fig. 1, fig. 1 is a schematic flow chart of an authentication method of an applet in a first embodiment of the invention. The execution subject of the authentication method of the applet in this embodiment is a server. The authentication method of the applet as illustrated in the drawings may comprise the steps of:
S101, if a user authorization authentication request from a client is received, acquiring an encryption character string received and forwarded by the client from an application platform, and acquiring a key from the application platform, wherein the encryption character string is obtained by encrypting user information of a user currently logged in the application platform by the application platform, the client is a client of an applet, and the applet relies on the application platform as a carrier.
When a user uses an applet of a mobile terminal, the user needs to enter an application platform on which the applet is loaded on the mobile terminal, and a client login entry of the applet is found in the application platform. When a user logs in a client of the applet, the server corresponding to the applet needs to authenticate the user information of the user to determine whether the user is a user with authority. The user can trigger the user authorization authentication request through a virtual key on a client login interface, and the client sends the user authorization authentication request to the server.
If the server receives the user authorization authentication request from the client, the server acquires the encrypted character string received and forwarded by the client from the application platform supported by the applet and acquires the secret key from the application platform supported by the applet. It should be noted that, the client directly obtains the encrypted character string from the application platform supported by the applet through the API interface, where the API interface is a data sharing interface opened to the client of the applet by the application platform supported by the applet, and the client of the applet is used to obtain the encrypted character string information from the application platform; the server acquires a key from an application platform supported by the applet through an API interface, wherein the API interface is a data sharing interface which is opened to the applet server by the application platform supported by the applet, and the applet server acquires key information from the application platform; since the corresponding encrypted string and key do not pass through any public network, tampering is difficult, and thus the security of the encrypted string and key acquired by the server can be ensured. The encrypted character string is obtained by encrypting the user information of the user currently logged in the application platform by the application platform supported by the applet, wherein the user information at least comprises mobile phone number information, and the user information also comprises nickname, gender, region and other information; the key acquired by the server from the application platform is an encryption key of the encryption character string obtained by the application platform by encrypting the user information of the user currently logged in the application platform.
S102, decrypting the encrypted character string according to the key to obtain the user information.
In S102, the server decrypts the encrypted string with the key obtained from the application platform to obtain the user information of the user, that is, the corresponding mobile phone number information is obtained, and the obtained user information includes nickname, gender, region and other information.
And S103, if the user information is inquired in a pre-stored user information base, generating a notification of successful authorization, receiving a user identification of the user of the application platform, generating authentication information according to the user identification of the user, storing the authentication information in a database, and transmitting the authentication information and the notification of successful authorization to the client.
In S103, the server stores all the user information with login rights in the pre-stored user information base, the server determines whether the user information is queried in the pre-stored user information base, if the server queries the user information in the pre-stored user information base, the server determines that the user has rights, and if the server does not query the user information in the pre-stored user information base, the server determines that the user does not have rights. It should be noted that, the server may determine that the user has the authority through whether the corresponding mobile phone number information is queried in the user information base, when the server queries the corresponding mobile phone number information, or else, determine that the user does not have the authority.
When the server judges that the user has the authority, the server generates a notification of successful authority, receives the user identification of the user from the application platform through the API interface, generates authentication information according to the user identification of the user, and stores the authentication information into a database, wherein the authentication information is used for ensuring the communication security between the server and the client. The user identifier is an OpenID of the application platform user when using the applet, that is, the user identifier is unique identification information of the application platform user when using the applet. The authentication information includes information such as a token, refreshToken parameters, token_ expires _in parameters, and an API key. The token information comprises a user identifier, a time stamp and a signature, wherein the signature is a character string with a certain length obtained by compressing the time stamp through a hash algorithm according to the user identifier in the token. The refresh token parameter is used as an encryption string for refreshing the token, and the API key is used as key information for making a request or a response between the server and the client. the token_ expires _in parameter is used as a parameter for marking the timeout time of the token, wherein the timeout time set by the token_ expires _in parameter is generally 10 minutes, the corresponding token is invalid every 10 minutes, and the token_ expires _in parameter is required to be requested through refreshToken parameters so as to refresh the parameter value corresponding to the token once, and the timeout time can be modified by a manager in the configuration of the server according to requirements.
The server sends authentication information and a notification of successful authorization to the client, and a request and a response between the client and the server are encrypted through the authentication information so as to ensure the security of data transmission; in addition, the client side displays the notice of successful applet login on a display interface according to the notice of successful authorization, so that a user can timely check the notice of successful applet login.
The server receives the encrypted character string which is obtained by the client from the application platform supported by the applet through the API interface and the key which is obtained by the application platform supported by the applet through the API interface, and the corresponding encrypted character string and the key are obtained by the interface provided by the application platform supported by the applet without any public network, so that the encrypted character string and the key obtained by the server are difficult to tamper, and the security of the encrypted character string and the key obtained by the server can be ensured; the server stores all user information with login permission in a pre-stored user information base, the server judges whether the user information is queried in the pre-stored user information base, and when the server queries the user information in the pre-stored user information base, the server judges that the user has permission, so that when the user logs in at the applet client, the user can realize one-key operation while ensuring that authentication information is true and effective, the login process is simplified, the time spent by the user in the login process is saved, and the user experience is improved.
Referring to fig. 2, fig. 2 is a schematic flow chart of an implementation of an authentication method of an applet according to a second embodiment of the present invention. The present embodiment differs from the first embodiment in that S204 is further included after S202 in the present embodiment. Wherein S201 to S203 are the same as S101 to S103 in the first embodiment, please refer to the related descriptions of S101 to S103 in the first embodiment, and are not repeated here. S204 is specifically as follows:
s204, if the user information is not inquired in a pre-stored user information base, generating a notification of authorization failure, and sending the notification of authorization failure to the client.
The server stores all user information with login permission in a pre-stored user information base, the server judges whether the user information is inquired in the pre-stored user information base, when the server inquires the user information in the pre-stored user information base, the server judges that the user has permission, and when the user information is not inquired in the pre-stored user information base, the server judges that the user does not have permission. It should be noted that, the server determines that the user has authority by specifically determining whether the corresponding mobile phone number information is queried in the user information base, when the server queries the corresponding mobile phone number information, the user can be determined to have authority, otherwise, the server determines that the user does not have authority. When the server judges that the user does not have the right, the server generates notification of the authorization failure and sends the notification of the authorization failure to the client, and the client displays the notification of the applet login failure on a display interface according to the notification of the authorization failure, so that the user can timely check the notification of the applet login failure.
Referring to fig. 3, fig. 3 is a schematic flow chart of an implementation of an authentication method of an applet according to a third embodiment of the present invention. The difference between this embodiment and the first embodiment is that the present embodiment further includes S304 to S307 after S303, and S301 to S303 are the same as steps S101 to S103 in the first embodiment, and specific reference is made to the description related to S101 to S103 in the first embodiment, which is not repeated here. S304 to S307 are specifically as follows:
S304, receiving a data request of the client, wherein the data request comprises a token, a request parameter, a random number, a time stamp and a request ciphertext, and the request ciphertext is generated by encrypting the token, the request parameter, the random number and the time stamp by the client through the API key.
The authentication information stored in the server at least comprises an API key, when a user executes a corresponding function at the client after the client passes identity verification, a corresponding data request is initiated to the server through the client, wherein the data request comprises a token, a request parameter, a random number, a timestamp and a request ciphertext, the request ciphertext is specifically generated by encrypting the token, the request parameter, the random number and the timestamp by the client, and the encrypted key is the API key. The server receives the data request of the client, processes the data request of the client, judges whether to release the data request, and executes corresponding response according to the data request.
S305, inquiring the database according to the token in the data request to obtain the API key, and encrypting the token, the request parameter, the random number and the timestamp according to the API key to generate a comparison ciphertext.
After receiving the token in the data request, the server inquires a corresponding API key in the data storing authentication information according to the token, encrypts the token, the request parameter, the random number and the timestamp by taking the API key as a salt value to generate a comparison ciphertext which is compared and checked with the request ciphertext, and in order to ensure the safety of the data, the comparison ciphertext and the request ciphertext which are generated through encryption are encrypted and checked by taking the API key as the salt value, and when the data request sent to the server by the client is intercepted by lawless persons and tampered with the information in the request parameter, the situation can be found in time by comparing and checking the comparison ciphertext and the request ciphertext, so that the information leakage is avoided, and the safety of data transmission between the server and the client is ensured.
And S306, if the comparison ciphertext is consistent with the request ciphertext, releasing the data request.
S307, if the comparison ciphertext is inconsistent with the request ciphertext, intercepting the data request.
The server compares the comparison ciphertext with the request ciphertext, if the comparison ciphertext is consistent with the request ciphertext, the request parameter in the data request is not tampered, which indicates that the data request is safe, so the server releases the data request and executes corresponding response according to the data request. If the comparison ciphertext is inconsistent with the request ciphertext, the request parameter in the data request is tampered, which indicates that the data request is unsafe, and therefore the server intercepts the data request.
Further, the method for generating the comparison ciphertext comprises the following steps:
and encrypting the token, the request parameter, the random number and the timestamp by using the API key as a salt value through a message digest algorithm to generate the comparison ciphertext.
Because the data request sent to the server by the client comprises the token, the request parameter, the random number, the time stamp and the request ciphertext, the request ciphertext is generated by encrypting the MD5 message digest algorithm by taking the API key as a salt value. When the server verifies the security of the data request, the server encrypts an MD5 message digest algorithm by taking the API key as a salt value to generate a comparison ciphertext, performs comparison verification according to the comparison ciphertext and the request ciphertext, and verifies the security of the data request according to the comparison result of the comparison ciphertext and the request ciphertext, so that the risk of data leakage can be reduced.
When a request and a response are carried out between a server and a client, a comparison ciphertext generated through encryption is compared with a request ciphertext, and the comparison ciphertext and the request ciphertext are generated through encryption by taking an API key as a salt value according to a token, a request parameter, a random number and a time stamp.
Referring to fig. 4, fig. 4 is a schematic flow chart of an implementation of an authentication method of an applet according to a fourth embodiment of the present invention. The difference between this embodiment and the third embodiment is that S4051-S4052 are further included before S405 in this embodiment, S4053-S4054 are further included after S4051, and S401-S407 are the same as S301-S307 in the third embodiment, and specific reference is made to the related descriptions of S301-S307 in the third embodiment, which are not repeated here. S4051 to S4054 are specifically as follows:
s4051, judging whether the same data request exists in the preset time.
Before comparing and checking the comparison ciphertext in the data requests, the server determines whether the same data request exists within a preset time, wherein the same data request refers to a data request containing the same request parameters, and the preset time is a preset time interval of the server, for example, ten minutes. Since for normal data requests, the client will not send multiple data requests in a short time, when the server receives multiple identical data requests sent by the client in a short time, the data requests may be malicious requests, and an interception measure needs to be taken.
S4052, if the same data request does not exist within the preset time, determining that the data request is not replay attack.
And when the same data request does not exist within the preset time, the server judges that the data request is not replay attack, and the server compares and verifies the comparison ciphertext in the data request.
Further, after S4051, the method further includes:
S4053, if the same data request exists in the preset time, judging that the data request is a replay attack, and rejecting the data request;
And S4054, adding the Internet protocol address of the client corresponding to the data request into a restricted access list.
If the same data request exists in the preset time, the data request is a replay attack and possibly malicious data request, the data request is directly refused, and the server adds the ip internet protocol address of the client corresponding to the data request into the restricted access list.
Referring to fig. 5, fig. 5 is a schematic diagram of a server according to a fifth embodiment of the present invention. The server includes units for performing the steps in the embodiments corresponding to fig. 1 to 4. Refer specifically to the related descriptions in the respective embodiments of fig. 1 to fig. 4. For convenience of explanation, only the portions related to the present embodiment are shown. Referring to fig. 5, the server 5 includes:
The obtaining unit 101 is configured to obtain an encrypted string received and forwarded by the client from the application platform if a user authorization authentication request from the client is received, and obtain a key from the application platform, where the encrypted string is obtained by encrypting, by the application platform, user information of a user currently logged in to the application platform, the client is a client of an applet, and the applet relies on the application platform as a carrier.
And the decryption unit 102 is configured to decrypt the encrypted string according to the key to obtain the user information.
The first generating unit 103 is configured to generate a notification of successful authorization if the user information is queried in a pre-stored user information base, receive a user identifier of the user of the application platform, generate authentication information according to the user identifier of the user, store the authentication information in a database, and send the authentication information and the notification of successful authorization to the client.
Optionally, the server further includes:
And the second generation unit is used for generating a notification of authorization failure if the user information is not queried in a pre-stored user information base, and sending the notification of authorization failure to the client.
Optionally, the authentication information includes at least an API key, and the server further includes:
The receiving unit is used for receiving a data request of the client, wherein the data request comprises a token, a request parameter, a random number, a time stamp and a request ciphertext, and the request ciphertext is generated by encrypting the token, the request parameter, the random number and the time stamp through the API key by the client.
And the encryption unit is used for inquiring the database according to the token in the data request to obtain the API key, and encrypting the token, the request parameter, the random number and the time stamp according to the API key to generate a comparison ciphertext.
The execution unit is used for releasing the data request if the comparison ciphertext is consistent with the request ciphertext; and if the comparison ciphertext is inconsistent with the request ciphertext, intercepting the data request.
Optionally, the server further includes:
the judging unit is used for judging whether the same data request exists in the preset time;
And the first judging unit is used for judging that the data request is not replay attack if the same data request does not exist in the preset time.
Optionally, the server further includes:
The second judging unit is used for judging that the data request is a replay attack and rejecting the data request if the same data request exists in the preset time;
And the limiting unit is used for adding the Internet protocol address of the client corresponding to the request into a limited access list.
Optionally, the method for generating the comparison ciphertext includes:
and encrypting the token, the request parameter, the random number and the timestamp by using the API key as a salt value through a message digest algorithm to generate the comparison ciphertext.
Fig. 6 is a schematic diagram of a server according to a sixth embodiment of the present invention. As shown in fig. 6, the server 6 of this embodiment includes: a processor 60, a memory 61 and a computer program 62, e.g. a control program of a server, stored in said memory 61 and being executable on said processor 60. The processor 60, when executing the computer program 62, implements the steps in the above-described evaluation method embodiments of the respective servers, such as S101 to S103 shown in fig. 1. Or the processor 60, when executing the computer program 62, performs the functions of the units in the above-described device embodiments, for example the units 103 to 103 shown in fig. 3.
Illustratively, the computer program 62 may be partitioned into one or more units that are stored in the memory 61 and executed by the processor 60 to complete the present invention. The one or more elements may be a series of computer program instruction segments capable of performing a specific function describing the execution of the computer program 62 in the server 6. For example, the computer program 62 may be divided into an acquisition unit, a decryption unit and a first generation unit, each unit functioning specifically as described above.
The server may include, but is not limited to, a processor 60, a memory 61. It will be appreciated by those skilled in the art that fig. 6 is merely an example of the server 6 and is not limiting of the server 6, and may include more or fewer components than shown, or may combine certain components, or different components, e.g., the server may also include an input-output server, a network access server, a bus, etc.
The Processor 60 may be a central processing unit (Central Processing Unit, CPU), other general purpose Processor, digital signal Processor (DIGITAL SIGNAL Processor, DSP), application SPECIFIC INTEGRATED Circuit (ASIC), off-the-shelf Programmable gate array (Field-Programmable GATE ARRAY, FPGA) or other Programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 61 may be an internal storage unit of the server 6, such as a hard disk or a memory of the server 6. The memory 61 may be an external storage server of the server 6, such as a plug-in hard disk, a smart memory card (SMART MEDIA CARD, SMC), a Secure Digital (SD) card, a flash memory card (FLASH CARD), or the like, which are provided on the server 6. Further, the memory 61 may also include both an internal storage unit of the server 6 and an external storage server. The memory 61 is used for storing the computer program and other programs and data required by the server. The memory 61 may also be used for temporarily storing data that has been output or is to be output.
The above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention, and are intended to be included in the scope of the present invention.

Claims (8)

1. A method of authentication of an applet, comprising:
If a user authorization authentication request from a client is received, acquiring an encryption character string received and forwarded by the client from an application platform and acquiring a key from the application platform, wherein the encryption character string is obtained by encrypting user information of a user currently logged in the application platform by the application platform, the client is a client of an applet, and the applet relies on the application platform as a carrier;
decrypting the encrypted character string according to the key to obtain the user information;
If the user information is inquired in a pre-stored user information base, generating a notification of successful authorization, receiving a user identification of the user of the application platform, generating authentication information according to the user identification of the user, storing the authentication information in a database, and sending the authentication information and the notification of successful authorization to the client;
the authentication information at least comprises an API key, and if the user information is queried in a pre-stored user information base, a notification of successful authorization is generated, a user identifier of the user of a third party application is received, the authentication information is generated according to the user identifier of the user and stored in a database, and the authentication information and the notification of successful authorization are sent to the client side, and then the authentication information and the notification of successful authorization further comprise:
receiving a data request of the client, wherein the data request comprises a token, a request parameter, a random number, a time stamp and a request ciphertext, and the request ciphertext is generated by encrypting the token, the request parameter, the random number and the time stamp by the client through the API key;
Inquiring the database according to the token in the data request to obtain the API key, and encrypting the token, the request parameter, the random number and the timestamp according to the API key to generate a comparison ciphertext;
if the comparison ciphertext is consistent with the request ciphertext, releasing the data request; and if the comparison ciphertext is inconsistent with the request ciphertext, intercepting the data request.
2. The method for authenticating an applet according to claim 1, wherein after decrypting the encrypted string according to the key to obtain the user information, comprising:
if the user information is not queried in a pre-stored user information base, generating a notification of authorization failure, and sending the notification of authorization failure to the client.
3. The method for authenticating an applet according to claim 1, wherein said obtaining said API key from said database query based on said token in said data request, prior to encrypting said token, said request parameter, said random number and said timestamp based on said API key to generate a comparison ciphertext, comprises:
Judging whether the same data request exists in a preset time;
And if the same data request does not exist within the preset time, judging that the data request is not replay attack.
4. A method of authenticating an applet according to claim 3 wherein said determining if there is the same data request within a predetermined time further comprises:
if the same data request exists in the preset time, judging that the data request is a replay attack, and rejecting the data request;
and adding the Internet protocol address of the client corresponding to the data request into a restricted access list.
5. The method for authenticating an applet according to claim 1 wherein the method for generating the comparison ciphertext comprises:
and encrypting the token, the request parameter, the random number and the timestamp by using the API key as a salt value through a message digest algorithm to generate the comparison ciphertext.
6. A server comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, the processor implementing the steps of when executing the computer program:
If a user authorization authentication request from a client is received, acquiring an encryption character string received and forwarded by the client from an application platform and acquiring a key from the application platform, wherein the encryption character string is obtained by encrypting user information of a user currently logged in the application platform by the application platform, the client is a client of an applet, and the applet relies on the application platform as a carrier;
decrypting the encrypted character string according to the key to obtain the user information;
If the user information is inquired in a pre-stored user information base, generating a notification of successful authorization, receiving a user identification of the user of the application platform, generating authentication information according to the user identification of the user, storing the authentication information in a database, and sending the authentication information and the notification of successful authorization to the client;
The authentication information at least comprises an API key, if the user information is queried in a pre-stored user information base, a notification of successful authorization is generated, a user identifier of the user of a third party application is received, the authentication information is generated according to the user identifier of the user and stored in a database, and after the authentication information and the notification of successful authorization are sent to the client, the processor further realizes the following steps when executing the computer program:
receiving a request of the client, wherein the request comprises a token, a request parameter, a random number, a time stamp and a request ciphertext, and the request ciphertext is generated by encrypting the token, the request parameter, the random number and the time stamp by the client through the API key;
Inquiring the database according to the token in the request to obtain the API key, and encrypting the token, the request parameter, the random number and the time stamp according to the API key to generate a comparison ciphertext which is compared and checked with the request ciphertext;
if the comparison ciphertext is consistent with the request ciphertext, releasing the request; and if the comparison ciphertext is inconsistent with the request ciphertext, intercepting the request.
7. The server of claim 6, wherein after decrypting the encrypted string according to the key to obtain the user information, the processor when executing the computer program further performs the steps of:
if the user information is not queried in a pre-stored user information base, generating a notification of authorization failure, and sending the notification of authorization failure to the client.
8. A computer readable storage medium storing a computer program, characterized in that the computer program when executed by a processor implements the steps of the method according to any one of claims 1 to 5.
CN201811202378.4A 2018-10-16 2018-10-16 Authentication method for applet, server and computer readable storage medium Active CN109522726B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811202378.4A CN109522726B (en) 2018-10-16 2018-10-16 Authentication method for applet, server and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811202378.4A CN109522726B (en) 2018-10-16 2018-10-16 Authentication method for applet, server and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN109522726A CN109522726A (en) 2019-03-26
CN109522726B true CN109522726B (en) 2024-06-25

Family

ID=65771716

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811202378.4A Active CN109522726B (en) 2018-10-16 2018-10-16 Authentication method for applet, server and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN109522726B (en)

Families Citing this family (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112039826B (en) * 2019-06-03 2023-05-30 北京京东尚科信息技术有限公司 Login method and device applied to applet end, electronic equipment and readable medium
CN110321696B (en) * 2019-07-01 2020-08-25 阿里巴巴集团控股有限公司 Account security protection method and system based on small program
CN110557502B (en) * 2019-08-09 2021-03-23 五八有限公司 Method and device for calling up applet, electronic device and readable storage medium
CN110688124B (en) * 2019-08-23 2023-03-17 北京奇艺世纪科技有限公司 Applet processing method, apparatus, electronic device and computer readable storage medium
CN112565156B (en) * 2019-09-10 2023-06-27 北京京东尚科信息技术有限公司 Information registration method, device and system
CN111901287B (en) * 2019-10-22 2022-12-23 刘高峰 Method and device for providing encryption information for light application and intelligent equipment
CN110933109B (en) * 2019-12-17 2022-03-29 中国建设银行股份有限公司 Dynamic small program authentication method and device
CN111541542B (en) * 2019-12-31 2023-09-15 远景智能国际私人投资有限公司 Request sending and verification methods, devices and equipment
CN111245825B (en) * 2020-01-09 2022-05-10 百度在线网络技术(北京)有限公司 Applet login method, server and electronic device
CN111523102B (en) * 2020-04-24 2023-10-27 腾讯科技(深圳)有限公司 Applet login method, device, equipment and computer readable storage medium
CN111565178B (en) * 2020-04-26 2022-06-14 天津中新智冠信息技术有限公司 Service information issuing method, device, server, client and storage medium
CN111643907B (en) * 2020-05-29 2025-08-22 腾讯科技(深圳)有限公司 Game login method, device, storage medium and electronic device
CN112000951B (en) * 2020-08-31 2024-05-17 上海商汤智能科技有限公司 Access method, device, system, electronic equipment and storage medium
CN112073188B (en) * 2020-08-31 2023-01-24 北京市商汤科技开发有限公司 Authentication method, device, equipment and computer readable storage medium
CN112153055B (en) * 2020-09-25 2023-04-18 北京百度网讯科技有限公司 Authentication method and device, computing equipment and medium
CN112182623B (en) * 2020-10-13 2022-05-13 支付宝(杭州)信息技术有限公司 Method and device for protecting user privacy
CN114647556B (en) * 2020-12-17 2025-08-08 中国联合网络通信集团有限公司 Page behavior monitoring method, device, electronic device and storage medium
CN115242433B (en) * 2022-06-13 2024-02-09 易保网络技术(上海)有限公司 Data processing method, system, electronic device and computer readable storage medium
CN116318899B (en) * 2023-02-17 2023-10-17 深圳市创势互联科技有限公司 Data encryption and decryption processing method, system, equipment and medium
CN116647732B (en) * 2023-07-27 2024-04-19 深圳市华曦达科技股份有限公司 Updating configuration method and device based on intelligent television box security
CN118368279B (en) * 2024-05-22 2026-01-02 奇瑞新能源汽车股份有限公司 An HTTP interface authentication method and related equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101026736A (en) * 2007-03-14 2007-08-29 中兴通讯股份有限公司 Method and system for J2ME business authentication for IPTV system
CN108200089A (en) * 2018-02-07 2018-06-22 腾讯云计算(北京)有限责任公司 Implementation method, device, system and the storage medium of information security

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2318486B (en) * 1996-10-16 2001-03-28 Ibm Data communications system
CN102902908B (en) * 2012-10-08 2015-10-21 北京奇虎科技有限公司 Exempt from ActiveX plug-in security pick-up unit and method are installed
DE102014207704B4 (en) * 2013-04-26 2019-11-28 Avago Technologies International Sales Pte. Ltd. METHOD AND SYSTEMS FOR SECURING AUTHENTICATION OF APPLICATIONS IN A NETWORK
CN104113549B (en) * 2014-07-28 2017-07-18 百度在线网络技术(北京)有限公司 A kind of platform authorization method, platform service end and applications client and system
CN106911684B (en) * 2017-02-17 2020-06-16 武汉斗鱼网络科技有限公司 Authentication method and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101026736A (en) * 2007-03-14 2007-08-29 中兴通讯股份有限公司 Method and system for J2ME business authentication for IPTV system
CN108200089A (en) * 2018-02-07 2018-06-22 腾讯云计算(北京)有限责任公司 Implementation method, device, system and the storage medium of information security

Also Published As

Publication number Publication date
CN109522726A (en) 2019-03-26

Similar Documents

Publication Publication Date Title
CN109522726B (en) Authentication method for applet, server and computer readable storage medium
CN111708991B (en) Service authorization method, device, computer equipment and storage medium
US20220417241A1 (en) Methods, Systems, and Devices for Server Control of Client Authorization Proof of Possession
US8196186B2 (en) Security architecture for peer-to-peer storage system
CN110213276B (en) Authorization verification method under micro-service architecture, server, terminal and medium
CN110175466B (en) Security management method and device for open platform, computer equipment and storage medium
US20160014112A1 (en) Wireless communication of a user identifier and encrypted time-sensitive data
CN104753674B (en) A kind of verification method and equipment of application identity
CN109510802B (en) Authentication method, device and system
CN106572105A (en) URL (Uniform Resource Locator) verification method and device
CN112257093B (en) Authentication method, terminal and storage medium for data object
EP4468153A1 (en) Model invoking method and apparatus, and storage medium
CN117640109B (en) API (application program interface) secure access method and device, electronic equipment and storage medium
CN112968910B (en) Replay attack prevention method and device
CN112311769B (en) Method, system, electronic device and medium for security authentication
CN117579374B (en) OpenAPI-based service access authority authentication method, device, system and server
CN115473655B (en) Terminal authentication method, device and storage medium for access network
CN108989302B (en) OPC proxy connection system and connection method based on secret key
CN110807210B (en) Information processing method, platform, system and computer storage medium
CN108900595B (en) Method, apparatus, device and computing medium for accessing cloud storage server data
CN108737087B (en) Email account password protection method and computer-readable storage medium
KR20170111809A (en) Bidirectional authentication method using security token based on symmetric key
CN114710508A (en) A blockchain-based data synchronization method and related device
CN110399706B (en) Authorization authentication method, device and computer system
CN110532741B (en) Personal information authorization method, authentication center and service provider

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.)

Applicant after: Ping An Wanjia Medical Management Co.,Ltd.

Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.)

Applicant before: PING'AN WANJIA MEDICAL INVESTMENT MANAGEMENT Co.,Ltd.

CB02 Change of applicant information
TA01 Transfer of patent application right

Effective date of registration: 20231213

Address after: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.)

Applicant after: KANGJIAN INFORMATION TECHNOLOGY (SHENZHEN) Co.,Ltd.

Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.)

Applicant before: Ping An Wanjia Medical Management Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant