CN102394887A - OAuth protocol-based safety certificate method of open platform and system thereof - Google Patents
OAuth protocol-based safety certificate method of open platform and system thereof Download PDFInfo
- Publication number
- CN102394887A CN102394887A CN2011103541388A CN201110354138A CN102394887A CN 102394887 A CN102394887 A CN 102394887A CN 2011103541388 A CN2011103541388 A CN 2011103541388A CN 201110354138 A CN201110354138 A CN 201110354138A CN 102394887 A CN102394887 A CN 102394887A
- Authority
- CN
- China
- Prior art keywords
- party
- application
- open platform
- application example
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to an OAuth protocol-based safety certificate method of an open platform and a system thereof. The method comprises the following steps that: an open platform checks whether an application example identifier that is consistent with the platform is carried in an access request for application of an unauthorized Request Token, wherein the access request is sent by a third part application apparatus; if not, a new application example identifier is distributed; and the application example identifier, a Request Token that is not authorized by a user and a corresponded token secret key are returned to the third part application apparatus; and the third part application apparatus updates the application example identifier to the local and continuously carries the application example identifier to carry out a subsequent OAuth certificate request; the open platform utilizes the application example identifier to guide the user authorization; and then, an Access Token and a corresponded secret key are issued to the third part application apparatus. According to the invention, the method and the system belong to the network technology field; and accurate certificate and authentication can be carried out on service scenes of a plurality of third part application operation examples; and moreover, flexible charging can be realized.
Description
Technical field
The present invention relates to a kind of open platform safety certifying method and system, belong to network technology based on the OAuth agreement.
Background technology
At present, most of the Internet open platform employing OAuth agreements are to third party's Application and implementation authentication and authentication.OAuth is a kind of agreement of opening; For desktop application perhaps provides a kind of mode simple, standard to visit the API service that needs subscriber authorisation based on the WWW application of B/S pattern; All need pass through authentification of user when any third party is applied in the calling party resource and agree that the rear is addressable, guarantee that like this privacy of user data is maintained secrecy.Because its safety, exploitation are simple, a lot of the Internet manufacturers such as Google, Yahoo, Sina, Tengxun all provide the OAuth authentication service when building open platform.
In the OAuth protocol frame, mainly comprise three types of roles: Service Provider, the ISP of OAuth service is responsible for providing AP services I to supply the third party to use by open platform and calls; Consumer, the consumer or the user of OAuth service are meant that the third party who calls open platform AP services I uses; User, user, the end user who uses the third party to use.
Open platform need be used the third party complete application and development, test, reach the standard grade flow process and operation interface are provided.At first; The developer that the third party uses need use and fill in application message one of open platform side registration; Obtain third party's application identities (parameter name the corresponding OAuth agreement is called oauth_consumer_key) of this application from open platform after succeeding in registration; With the application key (parameter in the corresponding OAuth agreement is called oauth_consumer_secret) of corresponding this third party's application identities,, just can offer the user and use through the issue of reaching the standard grade after exploitation, test, the audit.
When being applied in the AP services I of access open platform, the third party needs earlier through the OAuth authentication: send authentication request to 3 addresss of service of OAuth successively; And the access request of behind the OAuth authentication success, sending the AP services I that calls open platform; Above-mentioned steps all needs by appointment AES to each request message sign (oauth_signature); Wherein open platform is through discerning the third party and use, thereby avoid third party's application identity illegally to be called the AP services I of open platform by forgery third party's application identities of carrying in the request message, parameter such as ask for an autograph.Wherein, the Certificate Authority process of OAuth agreement and related 3 addresss of service are following:
1, the third party uses to the Request of open platform Token URL address and sends request, obtains undelegated Request Token;
2, the third party uses to the User of open platform Authorization URL address and sends request, obtains the Request Token of subscriber authorisation;
3, the third party uses to the Access of open platform Token URL address and sends request, exchanges Access Token for the Request Token that authorizes.
Use ways of services supplied according to the third party, can application scenarios be divided into following two kinds of patterns to the end user:
1, client mode, mostly said terminal is mobile phone terminal or desktop terminal.The user directly moves the third party of containing open platform AP services I and uses when using this type to use on mobile phone or PC browser or pc client.The third party application that the user at first need need from the similar application door download that open platform provides under this pattern is installed configuration to this locality.Be characterized in that the third party uses the AP services I that provides with the direct remote access open platform in terminal and meets consumers' demand.Therefore the user application amount under the client mode is big more, and the number of downloads of third party application copy and the third party on different terminals use running example quantity will be many more.
2, server mode, the user need use through the third party on the web browser or the customization client-access webserver, uses through the third party on the webserver and visits open platform AP services I.The service platform that the third party of network side uses is by developer's framework and deployment, thereby such as realizing using, or adopt plug-in unit mode Application and Development to be embedded in the developer's oneself service routine realization the mixed of types of applications and take based on open platform fully.Third party under the server mode uses and can offer the industry customer usually or the client of enterprise group uses; Therefore third party's quantity of using running example does not receive the influence of end user's quantity, but decide by different industries client or the client's of enterprise group quantity.
Standard OAuth verification process is applicable to that the third party uses as identical resource run entity and serves to the user; The application of perhaps being developed is limited to user oneself and uses; When the user adopted browser or desktop client end to use the third party to use, open platform carried out authentication and authentication to user and third party's application identities.But along with the open platform range of application more and more widely, particularly under the mobile Internet environment, some new application scenarioss having occurred needs to consider.The third party application copy that the developer develops based on open platform will be by a large amount of downloads, and are installed on the huge hardware terminal of quantity size and for mobile Internet service are provided; Simultaneously, a user can have dissimilar hardware terminals, and like portable terminal and PC PC, the user can initiate the access request to same third party's application service from different hardware terminals.Because the OAuth agreement adopts identical third party's application identities oauth_consumer_key, application key oauth_consumer_secret and corresponding signature oauth_signature to visit open platform AP services I; In this case; Exist a large amount of third parties and use identical third party's application identities oauth_consumer_key of running example employing and signature oauth_signature access open platform; Open platform only is difficult to the fail safe that assurance is served through third party's application identities to carry out authentication and authentication from each terminal use's access request; Access request to different user also is difficult to distinguish, and has certain potential safety hazard, if one of them is cracked; Then a large number of users uses third party of the same type to use running example will to declare its own bankruptcy, thus the each side's safety that threatens.
Simultaneously, dissimilar open platforms can provide and each have characteristic type of service API, and is typical in short message service API, multimedia message AP services I being provided, position AP services I such as location, GIS etc. in the telecommunication capability open platform.At first, the third party uses the AP services I that is visited has the charging requirement; Secondly; Open platform uses the third party based on open platform to use for attracting more users; Stimulate use amount; Usually need flexibly charging policy and the third party is used or the user carries out accurate billing and is used, provide free service as being lower than under certain visit capacity or the access frequency situation, and adopt the mode of chargeing as required after being higher than certain threshold values at the platform operation initial stage.For the mobile Internet ability open platform that charge to require is arranged, also can't realize that user and third party are used running example carries out accurate billing and visit statistics, exists and serves defective according to third party's application identities.
Therefore, how carry out accurate authentication and authentication to having the business scenario that a plurality of third parties use running example? Be still the technical barrier that a urgent need will solve.
Summary of the invention
In view of this, the purpose of this invention is to provide a kind of open platform safety certifying method and system, can carry out accurate authentication and authentication having the business scenario that a plurality of third parties use running example based on the OAuth agreement.
In order to achieve the above object, the invention provides a kind of open platform safety certifying method based on the OAuth agreement, said method includes:
In the access request of the undelegated Request Token of application that step 1, open platform inspection third party application apparatus are sent; Whether carry with open platform on preserve consistent application example identification information; If do not have; Then be that said third party's application apparatus distributes new application example sign, and the Request Token without subscriber authorisation of said application example sign, generation is returned to third party's application apparatus with corresponding token key;
The application example identification renewal that step 2, third party's application apparatus return open platform arrives local; And continue to carry said application example sign and carry out follow-up OAuth authentication request; The application example sign that open platform is sent through third party's application apparatus guides the user to resource authorization; After authentication is passed through to third party's application apparatus according to application example sign and third party's application identities then, issue Access Token and corresponding key to third party's application apparatus.
In order to achieve the above object; The present invention also provides a kind of open platform security certification system based on the OAuth agreement; Include open platform and several third party's application apparatus, said open platform links to each other through network with third party's application apparatus, and said open platform further includes:
The Certificate Authority unit; Be used for receiving and check the access request of the undelegated Request Token of application that third party's application apparatus sends; Whether carry with open platform on preserve consistent application example identification information; If no, then be that said third party's application apparatus distributes new application example sign, and the Request Token without subscriber authorisation of said application example sign, generation is returned to third party's application apparatus with corresponding token key; Identify according to third party's application apparatus entrained application example in follow-up OAuth authentication request then; The guiding user authorizes resource; After authentication is passed through to third party's application apparatus according to application example sign and third party's application identification information at last, issue Access Token and corresponding key to third party's application apparatus.
Compared with prior art; The invention has the beneficial effects as follows: the present invention is through the parameter of expansion OAuth agreement; Increasing application example sign oauth_consumer_key_id identifies each third party's application apparatus (being that the third party uses running example); Open platform authentication and authentication to as if third party's application apparatus, thereby realized that the business scenario of a plurality of third parties being used running example carries out accurate authentication and authentication; And can be behind authentication success according to third party's application apparatus; Entrained application example sign and third party's application identities during the resource of the AP services I calling party mandate through open platform; Services request to third party's application and end user writes down and adds up, thereby has the flexible charging ability.
Description of drawings
Fig. 1 is the flow chart of a kind of open platform safety certifying method based on the OAuth agreement of the present invention.
Fig. 2 is the signaling process figure of method embodiment shown in Figure 1.
Fig. 3 is the composition structural representation of the embodiment of a kind of open platform security certification system based on the OAuth agreement of the present invention.
Fig. 4 is the composition structural representation of open platform.
Embodiment
For making the object of the invention, technical scheme and advantage clearer, the present invention is made further detailed description below in conjunction with accompanying drawing.
To above-mentionedly move, the typical application scene of the Internet, the present invention is through the parameter of expansion OAuth agreement: application example sign oauth_consumer_key_id, come third party's application apparatus of each access open platform is identified.
As shown in Figure 1, a kind of open platform safety certifying method based on the OAuth agreement of the present invention includes:
Step 1, when the user when third party's application apparatus sends the resource request of access open platform; Whether is third party's application apparatus inspection this locality assigned the application example sign? If have, then carry said application example sign and initiate the access request of the undelegated Request Token of application to the Request of open platform Token URL address; If no, then directly initiate the access request of the undelegated Request Token of application to the Request of open platform Token URL address;
In the access request of the undelegated Request Token of application that step 2, open platform inspection third party application apparatus are sent; Whether carry with open platform on preserve consistent application example identification information; If do not have; Then be that said third party's application apparatus distributes new application example sign, and the Request Token without subscriber authorisation of said application example sign, generation is returned to third party's application apparatus with corresponding token key;
The application example identification renewal that step 3, third party's application apparatus return open platform arrives local; And continue to carry said application example sign and carry out follow-up OAuth authentication request; The application example sign that open platform is sent through third party's application apparatus guides the user to resource authorization; After authentication is passed through to third party's application apparatus according to application example sign and third party's application identities then, issue Access Token and corresponding key to third party's application apparatus;
Step 4, third party's application apparatus are behind authentication success; Carry parameter informations such as application example sign, third party's application identities and Access Token; The resource of the AP services I calling party mandate through open platform; Open platform carries out record according to said application example sign and third party's application identities to third party's application and end user's services request, and said recorded information can be used for chargeing.
In the Access Token term of validity, the resource that third party's application apparatus can directly have been authorized through the AP services I calling party of open platform; Open platform is according to said application example sign and third party's application identities, to user's services request write down, and charging.
Said third party's application apparatus, promptly the third party uses running example, is the hardware terminal of downloading and be equipped with the third party application copy.Said hardware terminal can be mobile phone, computer, the webserver etc.According to the inventive method, open platform authentication and authentication to as if each third party's application apparatus, that is to say that the third party on different terminals uses running example.
Said application example sign generates by open platform is unified.It should be noted that said third party's application identities is used for different third party's application is identified, and the application example sign is used for different third party's application apparatus that each third party uses are identified.Because an open platform has up to a hundred third parties and uses; And each third party uses corresponding to user up to ten thousand; Like this when millions of users initiate access request simultaneously; For guaranteeing that open platform can carry out effective authentication and authentication to each third party's application apparatus; Application example sign with different third party's application apparatus of identical third party's application identities should have uniqueness, promptly each third party being used under the prerequisite that indicates through third party's application identities, further through the application example sign different third party's application apparatus that same third party uses is indicated.Said application example sign can adopt time series add sequence number/or the mode of random number represent, as adopting " YYYYMMDDHHMMSS " (date Hour Minute Second)+4 random numbers.
Said step 2 further includes:
Is the access request of the undelegated Request Token of application that step 21, open platform reception third party application apparatus are sent checked to carry the application example sign in the said access request? If have, continue step 22; If do not have, then continue step 23;
Do step 22, open platform check that the application example sign of preserving on said application example sign and the open platform is consistent? If then the Request Token without subscriber authorisation with said application example sign, generation returns to third party's application apparatus with corresponding token key; If, then do not continue step 23;
Step 23, open platform generate and preserve new application example sign, and the Request Token without subscriber authorisation with said application example sign, generation returns to third party's application apparatus with corresponding token key then.
Said step 3 further includes:
The application example identification renewal that step 31, third party's application apparatus return open platform arrives local; And carry application example sign; Send the access request of the Request Token of request user authorization to open platform; Open platform identifies according to said application example, and the guiding user authorizes third party's application apparatus institute accessed resources, returns the Request Token of subscriber authorisation at last to third party's application apparatus;
Step 32, third party's application apparatus carry application example sign and third party's application identities; Send authorizing Request Token to exchange into the request of Access Token for to open platform; Open platform is according to said application example sign and third party's application identification information; Inquire about the Request Token of corresponding subscriber authorisation, after the described request authentication is passed through, issue Access Token and corresponding key to third party's application apparatus.
Fig. 2 is the signaling process figure of method embodiment shown in Figure 1, introduces as follows in detail:
Step 1, user pass through the access interface of third party's application apparatus, and to the request that third party's application apparatus sends access services, said service need be visited data resource or the network capabilities that is kept on the open platform;
Step 2, third party's application apparatus carry the application example sign, initiate the access request of the undelegated Request Token of application to the Request of open platform Token URL address;
Step 3, open platform check whether carry the application example sign in the access request of the undelegated Request Token of said application, and to third party's application apparatus return the application example sign, generate without the Request Token of subscriber authorisation and corresponding token key;
The application example identification renewal that step 4, third party's application apparatus return open platform arrives local; Then to the access request of the Request Token of the User of open platform Authorization URL address initiation request subscriber authorisation; Carry the application example sign in the said access request, without the Request Token of subscriber authorisation and corresponding token key;
Step 5, open platform identify according to said application example, and data resource or network capabilities that the guiding user is visited third party's application apparatus are authorized;
Step 6, user can authorize third party's application apparatus can visit said data resource or network capabilities through modes such as usemame/password or identifying codes;
Step 7, open platform return the Request Token of subscriber authorisation to third party's application apparatus;
Step 8, third party's application apparatus initiate to authorize Request Token to exchange into the request of Access Token for to the Access of open platform Token URL address, carry the application example sign in the described request;
Step 9, open platform are inquired about the Request Token of corresponding subscriber authorisation according to application example sign and third party's application identities, after the described request authentication is passed through, issue Access Token and corresponding key to third party's application apparatus;
Step 10, third party's application apparatus carry parameter informations such as application example sign, third party's application identities, Access Token, the resource of the AP services I calling party mandate through open platform;
The AP services I of step 11, open platform returns the data resource that calls to third party's application apparatus;
Step 12, third party's application apparatus are accomplished this service to the user.
As shown in Figure 3; A kind of open platform security certification system of the present invention based on the OAuth agreement; Include open platform and several third party's application apparatus (as third party's application apparatus 1, third party's application apparatus 2 ..., third party's application apparatus n), said open platform links to each other through network with third party's application apparatus.Wherein, third party's application apparatus can be taked client or server mode, and for example third party's application apparatus 1 is respectively mobile phone or the computer of user 1 and user m with third party's application apparatus n, and third party's application apparatus 2 is webservers; The user can initiate the access request to same third party's application from different hardware terminals, and for example user 1 sends access request from third party's application apparatus 1 or third party's application apparatus 2 respectively.
As shown in Figure 4, open platform can further include Certificate Authority unit and Charging Detail Record unit, wherein:
The Certificate Authority unit; Be used for receiving and check the access request of the undelegated Request Token of application that third party's application apparatus sends; Whether carry with open platform on preserve consistent application example identification information; If no, then be that said third party's application apparatus distributes new application example sign, and the Request Token without subscriber authorisation of said application example sign, generation is returned to third party's application apparatus with corresponding token key; Identify according to third party's application apparatus entrained application example in follow-up OAuth authentication request then; The guiding user authorizes resource; After authentication is passed through to third party's application apparatus according to application example sign and third party's application identification information at last, issue Access Token and corresponding key to third party's application apparatus;
Charging Detail Record unit; Be used for behind third party's application apparatus authentication success; Entrained application example sign and third party's application identification information during according to the resource of the AP services I calling party mandate of third party's application apparatus through open platform uses to the third party that services request with the end user writes down, also charging.
Said third party's application apparatus; It is the hardware terminal of downloading and be equipped with the third party application copy; Be used to receive the resource request of the access open platform that the user sends; And check whether this locality has been assigned the application example sign, if having, then carry said application example sign and initiate the access request of the undelegated Request Token of application to the Request of open platform Token URL address; The application example identification renewal that open platform returns is extremely local, and carry said application example sign and carry out follow-up OAuth authentication request.
Said open platform can link to each other through the Internet or mobile network with third party's application apparatus, and said third party's application apparatus can be mobile phone, computer, the webserver.
What be worth explanation is that when downloading again and on the terminal, the third party application copy is installed, the application example sign that original third party's application apparatus is corresponding can become the junk data of open platform, needs regularly to remove.Therefore; Can adopt the application example sign term of validity identical with Access Token, when Access Token lost efficacy, the application example sign was done crash handling equally like this; Open platform is regularly removed the application example identification information of inefficacy, thus the optimization system environment.
The above is merely preferred embodiment of the present invention, and is in order to restriction the present invention, not all within spirit of the present invention and principle, any modification of being made, is equal to replacement, improvement etc., all should be included within the scope that the present invention protects.
Claims (13)
1. open platform safety certifying method based on the OAuth agreement is characterized in that said method includes:
In the access request of the undelegated Request Token of application that step 1, open platform inspection third party application apparatus are sent; Whether carry with open platform on preserve consistent application example identification information; If do not have; Then be that said third party's application apparatus distributes new application example sign, and the Request Tokcn without subscriber authorisation of said application example sign, generation is returned to third party's application apparatus with corresponding token key;
The application example identification renewal that step 2, third party's application apparatus return open platform arrives local; And continue to carry said application example sign and carry out follow-up OAuth authentication request; The application example sign that open platform is sent through third party's application apparatus guides the user to resource authorization; After authentication is passed through to third party's application apparatus according to application example sign and third party's application identities then, issue Access Token and corresponding key to third party's application apparatus.
2. method according to claim 1 is characterized in that, said third party's application apparatus is a hardware terminal of downloading and be equipped with the third party application copy, and said hardware terminal can be mobile phone, computer or the webserver.
3. method according to claim 2; It is characterized in that when on third party's application apparatus, downloading again and the third party application copy is installed, the application example sign that original third party's application apparatus is corresponding needs regularly to remove; Said application example sign adopts the term of validity identical with Access Token; When Access Token lost efficacy, the application example sign was done crash handling equally like this, and open platform is regularly removed the application example identification information of inefficacy.
4. method according to claim 1; It is characterized in that; Said application example sign generates by open platform is unified; Be used for different third party's application apparatus that each third party uses are identified, the application example sign with different third party's application apparatus of identical third party's application identities has uniqueness, and the mode that said application example sign can adopt time series to add sequence number or random number is represented.
5. method according to claim 1 is characterized in that, said method also includes:
When the user when third party's application apparatus sends the resource request of access open platform; Whether is third party's application apparatus inspection this locality assigned the application example sign? If have, then carry said application example sign and initiate the access request of the undelegated Request Token of application to the Request of open platform TokenURL address; If no, then directly initiate the access request of the undelegated Request Token of application to the Request of open platform Token URL address.
6. method according to claim 1 is characterized in that, said method also includes:
Third party's application apparatus is behind authentication success; Carry application example sign, third party's application identities and Access Token parameter information; The resource of the AP services I calling party mandate through open platform; Open platform carries out record according to said application example sign and third party's application identities to third party's application and end user's services request, and said recorded information can be used for chargeing.
7. method according to claim 1 is characterized in that, said step 1 further includes:
Is the access request of the undelegated Request Token of application that step 11, open platform reception third party application apparatus are sent checked to carry the application example sign in the said access request? If have, continue step 12; If do not have, then continue step 13;
Do step 12, open platform check that the application example sign of preserving on said application example sign and the open platform is consistent? If then the Request Token without subscriber authorisation with said application example sign, generation returns to third party's application apparatus with corresponding token key; If, then do not continue step 13;
Step 13, open platform generate and preserve new application example sign, and the Request Token without subscriber authorisation with said application example sign, generation returns to third party's application apparatus with corresponding token key then.
8. method according to claim 1 is characterized in that, said step 2 further includes:
The application example identification renewal that step 21, third party's application apparatus return open platform arrives local; And carry application example sign; Send the access request of the Request Token of request user authorization to open platform; Open platform identifies according to said application example, and the guiding user authorizes third party's application apparatus institute accessed resources, returns the Request Token of subscriber authorisation at last to third party's application apparatus;
Step 22, third party's application apparatus carry application example sign and third party's application identities; Send authorizing Request Token to exchange into the request of Access Token for to open platform; Open platform is according to said application example sign and third party's application identification information; Inquire about the Request Token of corresponding subscriber authorisation, after the described request authentication is passed through, issue Access Token and corresponding key to third party's application apparatus.
9. the open platform security certification system based on the OAuth agreement includes open platform and several third party's application apparatus, and said open platform links to each other through network with third party's application apparatus, it is characterized in that, said open platform further includes:
The Certificate Authority unit; Be used for receiving and check the access request of the undelegated Request Token of application that third party's application apparatus sends; Whether carry with open platform on preserve consistent application example identification information; If no, then be that said third party's application apparatus distributes new application example sign, and the Request Token without subscriber authorisation of said application example sign, generation is returned to third party's application apparatus with corresponding token key; Identify according to third party's application apparatus entrained application example in follow-up OAuth authentication request then; The guiding user authorizes resource; After authentication is passed through to third party's application apparatus according to application example sign and third party's application identification information at last, issue AccessToken and corresponding key to third party's application apparatus.
10. system according to claim 9; It is characterized in that; Said application example sign generates by open platform is unified; Be used for different third party's application apparatus that each third party uses are identified, the application example sign with different third party's application apparatus of identical third party's application identities has uniqueness, and the mode that said application example sign can adopt time series to add sequence number or random number is represented.
11. system according to claim 9 is characterized in that,
Said third party's application apparatus; It is the hardware terminal of downloading and be equipped with the third party application copy; Be used to receive the resource request of the access open platform that the user sends; And check whether this locality has been assigned the application example sign, if having, then carry said application example sign and initiate the access request of the undelegated Request Token of application to the Request of open platform Token URL address; The application example identification renewal that open platform returns is extremely local, and carry said application example sign and carry out follow-up OAuth authentication request, said third party's application apparatus can be mobile phone, computer, the webserver.
12. method according to claim 11; It is characterized in that when on third party's application apparatus, downloading again and the third party application copy is installed, the application example sign that original third party's application apparatus is corresponding needs regularly to remove; Said application example sign adopts the term of validity identical with Access Token; When Access Token lost efficacy, the application example sign was done crash handling equally like this, and open platform is regularly removed the application example identification information of inefficacy.
13. system according to claim 9 is characterized in that, said open platform also includes:
Charging Detail Record unit; Be used for behind third party's application apparatus authentication success; Entrained application example sign and third party's application identification information during according to the resource of the AP services I calling party mandate of third party's application apparatus through open platform uses to the third party that services request with the end user writes down, also charging.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110354138.8A CN102394887B (en) | 2011-11-10 | 2011-11-10 | OAuth protocol-based safety certificate method of open platform and system thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110354138.8A CN102394887B (en) | 2011-11-10 | 2011-11-10 | OAuth protocol-based safety certificate method of open platform and system thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102394887A true CN102394887A (en) | 2012-03-28 |
| CN102394887B CN102394887B (en) | 2014-07-09 |
Family
ID=45862093
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110354138.8A Expired - Fee Related CN102394887B (en) | 2011-11-10 | 2011-11-10 | OAuth protocol-based safety certificate method of open platform and system thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102394887B (en) |
Cited By (43)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102710640A (en) * | 2012-05-31 | 2012-10-03 | 中国联合网络通信集团有限公司 | Authorization requesting method, device and system |
| CN102724204A (en) * | 2012-06-28 | 2012-10-10 | 电子科技大学 | Secure and trusted capability opening platform |
| CN102724647A (en) * | 2012-06-06 | 2012-10-10 | 电子科技大学 | Method and system for access capability authorization |
| CN102761537A (en) * | 2012-03-29 | 2012-10-31 | 北京奇虎科技有限公司 | Method and system for authentication and authorization on basis of client-side plug-in |
| CN102833250A (en) * | 2012-08-28 | 2012-12-19 | 华南理工大学 | Security management method and system for vehicular mobile Internet |
| CN102891859A (en) * | 2012-10-22 | 2013-01-23 | 北京奇虎科技有限公司 | System and method for expiration processing of token interface |
| CN102904894A (en) * | 2012-10-22 | 2013-01-30 | 北京奇虎科技有限公司 | Token managing method and system |
| CN102946397A (en) * | 2012-11-26 | 2013-02-27 | 北京奇虎科技有限公司 | User authentication method and user authentication system |
| CN102946396A (en) * | 2012-11-26 | 2013-02-27 | 北京奇虎科技有限公司 | User agent device, host web server and user authentication method |
| CN103179176A (en) * | 2011-12-26 | 2013-06-26 | 中国移动通信集团公司 | Call method, device and system for web application in cloud/cluster environment |
| CN103378969A (en) * | 2012-04-12 | 2013-10-30 | 腾讯科技(北京)有限公司 | Authorization method, system and third party application system |
| CN103475628A (en) * | 2012-06-07 | 2013-12-25 | 腾讯科技(北京)有限公司 | Method and system for realizing safe micro-blog user resource access through third party interface |
| CN103581140A (en) * | 2012-08-03 | 2014-02-12 | 腾讯科技(深圳)有限公司 | Authorization control method, device and system and authorization request method and device |
| CN103685341A (en) * | 2012-08-31 | 2014-03-26 | 百度在线网络技术(北京)有限公司 | Cloud storage data center and cloud storage data providing method |
| CN103716283A (en) * | 2012-09-29 | 2014-04-09 | 国际商业机器公司 | Web service OAuth certification method for processing call in process and system |
| CN103888451A (en) * | 2014-03-10 | 2014-06-25 | 百度在线网络技术(北京)有限公司 | Method, device and system for certification authorization |
| CN103905376A (en) * | 2012-12-25 | 2014-07-02 | 中国电信股份有限公司 | OAUTH protocol based method and system for bidirectional authentication |
| CN103927376A (en) * | 2014-04-25 | 2014-07-16 | 广州壹网网络技术有限公司 | System and method for conducting information spreading through third party social account |
| WO2014131279A1 (en) * | 2013-03-01 | 2014-09-04 | 中兴通讯股份有限公司 | Bidirectional authorization system, client and method |
| WO2014169496A1 (en) * | 2013-04-16 | 2014-10-23 | Tencent Technology (Shenzhen) Company Limited | Method and system for handling message on instant messaging open platform |
| CN104350501A (en) * | 2012-05-25 | 2015-02-11 | 佳能株式会社 | Authorization server and client apparatus, server cooperative system, and token management method |
| CN104426719A (en) * | 2013-09-11 | 2015-03-18 | 方正信息产业控股有限公司 | Data transfer method and device based on OAUTH (open authorization) protocol testing |
| CN104580074A (en) * | 2013-10-14 | 2015-04-29 | 阿里巴巴集团控股有限公司 | Logging method of client end application and corresponding server of logging method |
| CN104618369A (en) * | 2015-01-27 | 2015-05-13 | 广州市戴为智能科技有限公司 | Method, device and system for unique authorization of Internet-of-Things equipment based on OAuth |
| CN104734849A (en) * | 2013-12-19 | 2015-06-24 | 阿里巴巴集团控股有限公司 | Method and system for conducting authentication on third-party application |
| CN105099704A (en) * | 2015-08-13 | 2015-11-25 | 上海博路信息技术有限公司 | Biometric identification-based OAuth service |
| WO2016029595A1 (en) * | 2014-08-27 | 2016-03-03 | 百度在线网络技术(北京)有限公司 | Method, device, and equipment for calling open platform and non-volatile computer storage medium |
| CN106534175A (en) * | 2016-12-07 | 2017-03-22 | 西安电子科技大学 | Open platform authorization and authentication system and method based on OAuth protocol |
| US9634963B2 (en) | 2013-04-16 | 2017-04-25 | Tencent Technology (Shenzhen) Company Limited | Method and system for handling message on instant messaging open platform |
| CN107147496A (en) * | 2017-04-28 | 2017-09-08 | 广东网金控股股份有限公司 | Under a kind of service-oriented technological frame between different application unified authorization certification method |
| CN107332861A (en) * | 2017-08-11 | 2017-11-07 | 杭州亿方云网络科技有限公司 | A kind of open platform architecture system based on OAuth agreements |
| CN107645474A (en) * | 2016-07-20 | 2018-01-30 | 腾讯科技(深圳)有限公司 | Log in the method for open platform and log in the device of open platform |
| CN107786571A (en) * | 2017-11-07 | 2018-03-09 | 昆山云景商务服务有限公司 | A kind of method of user's unified certification |
| CN108156122A (en) * | 2016-12-06 | 2018-06-12 | 中移(杭州)信息技术有限公司 | Ability introducing method, system and the equipment of ability open platform |
| CN108337227A (en) * | 2017-12-22 | 2018-07-27 | 北京深思数盾科技股份有限公司 | Method and middleware based on OpenID account login application programs |
| CN108900465A (en) * | 2018-04-27 | 2018-11-27 | 厦门二五八网络科技集团股份有限公司 | A kind of SNS platform authorization requests acquisition methods, information issuing method and its storage equipment |
| CN109714177A (en) * | 2017-10-25 | 2019-05-03 | 中兴通讯股份有限公司 | Charging method, platform and readable storage medium storing program for executing |
| CN109756452A (en) * | 2017-11-03 | 2019-05-14 | 中国移动通信有限公司研究院 | A kind of safety certifying method, device and computer readable storage medium |
| CN109949064A (en) * | 2017-12-20 | 2019-06-28 | 北京京东尚科信息技术有限公司 | A kind of open interface calls charging method and device |
| CN110022353A (en) * | 2019-02-28 | 2019-07-16 | 视联动力信息技术股份有限公司 | It is a kind of to service shared method and view networked system |
| CN110881038A (en) * | 2019-11-21 | 2020-03-13 | 深信服科技股份有限公司 | Communication authentication method, system, equipment and storage medium |
| CN113486321A (en) * | 2021-06-29 | 2021-10-08 | 广州锦和科技有限公司 | Authentication and quitting method and platform based on oauth2.0 |
| CN113992415A (en) * | 2021-10-28 | 2022-01-28 | 重庆忽米网络科技有限公司 | Unified authentication and authorization method based on OAuth2 protocol |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010136323A1 (en) * | 2009-05-29 | 2010-12-02 | Alcatel Lucent | System and method for accessing private digital content |
-
2011
- 2011-11-10 CN CN201110354138.8A patent/CN102394887B/en not_active Expired - Fee Related
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010136323A1 (en) * | 2009-05-29 | 2010-12-02 | Alcatel Lucent | System and method for accessing private digital content |
Non-Patent Citations (1)
| Title |
|---|
| 张卫全,胡志远: "浅析作用于web2.0安全防范的OpenID和OAuth机制", 《通信管理与技术》, no. 2, 30 April 2011 (2011-04-30), pages 15 - 18 * |
Cited By (77)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103179176B (en) * | 2011-12-26 | 2016-01-20 | 中国移动通信集团公司 | The call method that web applies under cloud/cluster environment, device and system |
| CN103179176A (en) * | 2011-12-26 | 2013-06-26 | 中国移动通信集团公司 | Call method, device and system for web application in cloud/cluster environment |
| CN102761537A (en) * | 2012-03-29 | 2012-10-31 | 北京奇虎科技有限公司 | Method and system for authentication and authorization on basis of client-side plug-in |
| CN104994064B (en) * | 2012-03-29 | 2018-06-26 | 北京奇虎科技有限公司 | A kind of authorization and authentication method and system based on client plug-in |
| CN104994064A (en) * | 2012-03-29 | 2015-10-21 | 北京奇虎科技有限公司 | Authorization authentication method and system based on client end plug-in |
| CN102761537B (en) * | 2012-03-29 | 2015-06-17 | 北京奇虎科技有限公司 | Method and system for authentication and authorization on basis of client-side plug-in |
| CN103378969A (en) * | 2012-04-12 | 2013-10-30 | 腾讯科技(北京)有限公司 | Authorization method, system and third party application system |
| CN103378969B (en) * | 2012-04-12 | 2018-04-17 | 腾讯科技(北京)有限公司 | A kind of authorization method, system and third-party application system |
| CN104350501B (en) * | 2012-05-25 | 2017-03-01 | 佳能株式会社 | Authorization server and client device, server collaboration system and token management method |
| CN104350501B9 (en) * | 2012-05-25 | 2017-04-19 | 佳能株式会社 | Authorization server and client apparatus, server cooperative system, and token management method |
| CN104350501A (en) * | 2012-05-25 | 2015-02-11 | 佳能株式会社 | Authorization server and client apparatus, server cooperative system, and token management method |
| US9571494B2 (en) | 2012-05-25 | 2017-02-14 | Canon Kabushiki Kaisha | Authorization server and client apparatus, server cooperative system, and token management method |
| CN102710640A (en) * | 2012-05-31 | 2012-10-03 | 中国联合网络通信集团有限公司 | Authorization requesting method, device and system |
| CN102724647B (en) * | 2012-06-06 | 2014-08-13 | 电子科技大学 | Method and system for access capability authorization |
| CN102724647A (en) * | 2012-06-06 | 2012-10-10 | 电子科技大学 | Method and system for access capability authorization |
| CN103475628B (en) * | 2012-06-07 | 2017-08-15 | 腾讯科技(北京)有限公司 | The method and system that microblog users resource security is accessed is realized by third party's interface |
| CN103475628A (en) * | 2012-06-07 | 2013-12-25 | 腾讯科技(北京)有限公司 | Method and system for realizing safe micro-blog user resource access through third party interface |
| CN102724204A (en) * | 2012-06-28 | 2012-10-10 | 电子科技大学 | Secure and trusted capability opening platform |
| CN102724204B (en) * | 2012-06-28 | 2015-04-22 | 电子科技大学 | Secure and trusted capability opening platform |
| CN103581140A (en) * | 2012-08-03 | 2014-02-12 | 腾讯科技(深圳)有限公司 | Authorization control method, device and system and authorization request method and device |
| CN103581140B (en) * | 2012-08-03 | 2018-02-27 | 腾讯科技(深圳)有限公司 | Authentication control method and device and system, authorization requests method and device |
| CN102833250A (en) * | 2012-08-28 | 2012-12-19 | 华南理工大学 | Security management method and system for vehicular mobile Internet |
| CN102833250B (en) * | 2012-08-28 | 2016-04-13 | 华南理工大学 | A kind of method for managing security interconnected for vehicle-mounted mobile and system |
| CN103685341B (en) * | 2012-08-31 | 2016-12-28 | 百度在线网络技术(北京)有限公司 | The offer method of cloud storage data center and cloud storage data |
| CN103685341A (en) * | 2012-08-31 | 2014-03-26 | 百度在线网络技术(北京)有限公司 | Cloud storage data center and cloud storage data providing method |
| CN103716283B (en) * | 2012-09-29 | 2017-03-08 | 国际商业机器公司 | For processing the method and system of the OAuth certification of the Web service called on stream |
| US9614824B2 (en) | 2012-09-29 | 2017-04-04 | International Business Machines Corporation | Handling open authentication of an invoked web service in a process |
| CN103716283A (en) * | 2012-09-29 | 2014-04-09 | 国际商业机器公司 | Web service OAuth certification method for processing call in process and system |
| CN102904894A (en) * | 2012-10-22 | 2013-01-30 | 北京奇虎科技有限公司 | Token managing method and system |
| CN102891859A (en) * | 2012-10-22 | 2013-01-23 | 北京奇虎科技有限公司 | System and method for expiration processing of token interface |
| CN102891859B (en) * | 2012-10-22 | 2016-05-25 | 北京奇虎科技有限公司 | A kind of expired treatment system of token interface and method |
| CN102904894B (en) * | 2012-10-22 | 2016-12-21 | 北京奇虎科技有限公司 | Token management method and system |
| CN102946396B (en) * | 2012-11-26 | 2015-09-16 | 北京奇虎科技有限公司 | User agent's device, host web server and user authen method |
| CN102946396A (en) * | 2012-11-26 | 2013-02-27 | 北京奇虎科技有限公司 | User agent device, host web server and user authentication method |
| CN102946397B (en) * | 2012-11-26 | 2015-11-25 | 北京奇虎科技有限公司 | User authen method and system |
| CN102946397A (en) * | 2012-11-26 | 2013-02-27 | 北京奇虎科技有限公司 | User authentication method and user authentication system |
| CN103905376A (en) * | 2012-12-25 | 2014-07-02 | 中国电信股份有限公司 | OAUTH protocol based method and system for bidirectional authentication |
| CN103905376B (en) * | 2012-12-25 | 2017-07-04 | 中国电信股份有限公司 | A kind of method and system that two-way authentication is carried out based on OAUTH agreements |
| WO2014131279A1 (en) * | 2013-03-01 | 2014-09-04 | 中兴通讯股份有限公司 | Bidirectional authorization system, client and method |
| US9462003B2 (en) | 2013-03-01 | 2016-10-04 | Zte Corporation | Bidirectional authorization system, client and method |
| US9634963B2 (en) | 2013-04-16 | 2017-04-25 | Tencent Technology (Shenzhen) Company Limited | Method and system for handling message on instant messaging open platform |
| WO2014169496A1 (en) * | 2013-04-16 | 2014-10-23 | Tencent Technology (Shenzhen) Company Limited | Method and system for handling message on instant messaging open platform |
| CN104426719A (en) * | 2013-09-11 | 2015-03-18 | 方正信息产业控股有限公司 | Data transfer method and device based on OAUTH (open authorization) protocol testing |
| CN104580074B (en) * | 2013-10-14 | 2018-08-24 | 阿里巴巴集团控股有限公司 | The login method of client application and its corresponding server |
| CN104580074A (en) * | 2013-10-14 | 2015-04-29 | 阿里巴巴集团控股有限公司 | Logging method of client end application and corresponding server of logging method |
| CN104734849B (en) * | 2013-12-19 | 2018-09-18 | 阿里巴巴集团控股有限公司 | The method and system that third-party application is authenticated |
| CN104734849A (en) * | 2013-12-19 | 2015-06-24 | 阿里巴巴集团控股有限公司 | Method and system for conducting authentication on third-party application |
| CN103888451B (en) * | 2014-03-10 | 2017-09-26 | 百度在线网络技术(北京)有限公司 | Authorization method, the apparatus and system of certification |
| CN103888451A (en) * | 2014-03-10 | 2014-06-25 | 百度在线网络技术(北京)有限公司 | Method, device and system for certification authorization |
| CN103927376A (en) * | 2014-04-25 | 2014-07-16 | 广州壹网网络技术有限公司 | System and method for conducting information spreading through third party social account |
| WO2016029595A1 (en) * | 2014-08-27 | 2016-03-03 | 百度在线网络技术(北京)有限公司 | Method, device, and equipment for calling open platform and non-volatile computer storage medium |
| CN104618369A (en) * | 2015-01-27 | 2015-05-13 | 广州市戴为智能科技有限公司 | Method, device and system for unique authorization of Internet-of-Things equipment based on OAuth |
| CN105099704B (en) * | 2015-08-13 | 2018-12-28 | 上海博路信息技术有限公司 | A kind of OAuth service based on bio-identification |
| CN105099704A (en) * | 2015-08-13 | 2015-11-25 | 上海博路信息技术有限公司 | Biometric identification-based OAuth service |
| CN107645474A (en) * | 2016-07-20 | 2018-01-30 | 腾讯科技(深圳)有限公司 | Log in the method for open platform and log in the device of open platform |
| CN107645474B (en) * | 2016-07-20 | 2020-02-14 | 腾讯科技(深圳)有限公司 | Method and device for logging in open platform |
| CN108156122A (en) * | 2016-12-06 | 2018-06-12 | 中移(杭州)信息技术有限公司 | Ability introducing method, system and the equipment of ability open platform |
| CN108156122B (en) * | 2016-12-06 | 2021-08-13 | 中移(杭州)信息技术有限公司 | Method, system and equipment for introducing capability of capability open platform |
| CN106534175A (en) * | 2016-12-07 | 2017-03-22 | 西安电子科技大学 | Open platform authorization and authentication system and method based on OAuth protocol |
| CN106534175B (en) * | 2016-12-07 | 2019-06-21 | 西安电子科技大学 | Open platform authorization identifying system and method based on OAuth agreement |
| CN107147496A (en) * | 2017-04-28 | 2017-09-08 | 广东网金控股股份有限公司 | Under a kind of service-oriented technological frame between different application unified authorization certification method |
| CN107332861A (en) * | 2017-08-11 | 2017-11-07 | 杭州亿方云网络科技有限公司 | A kind of open platform architecture system based on OAuth agreements |
| CN107332861B (en) * | 2017-08-11 | 2020-11-10 | 杭州奇亿云计算有限公司 | Open platform architecture system based on OAuth protocol |
| CN109714177A (en) * | 2017-10-25 | 2019-05-03 | 中兴通讯股份有限公司 | Charging method, platform and readable storage medium storing program for executing |
| CN109756452A (en) * | 2017-11-03 | 2019-05-14 | 中国移动通信有限公司研究院 | A kind of safety certifying method, device and computer readable storage medium |
| CN107786571A (en) * | 2017-11-07 | 2018-03-09 | 昆山云景商务服务有限公司 | A kind of method of user's unified certification |
| CN109949064A (en) * | 2017-12-20 | 2019-06-28 | 北京京东尚科信息技术有限公司 | A kind of open interface calls charging method and device |
| CN109949064B (en) * | 2017-12-20 | 2021-09-03 | 北京京东尚科信息技术有限公司 | Open interface call charging method and device |
| CN108337227B (en) * | 2017-12-22 | 2019-01-29 | 北京深思数盾科技股份有限公司 | Method and middleware based on OpenID account login application program |
| CN108337227A (en) * | 2017-12-22 | 2018-07-27 | 北京深思数盾科技股份有限公司 | Method and middleware based on OpenID account login application programs |
| CN108900465A (en) * | 2018-04-27 | 2018-11-27 | 厦门二五八网络科技集团股份有限公司 | A kind of SNS platform authorization requests acquisition methods, information issuing method and its storage equipment |
| CN110022353A (en) * | 2019-02-28 | 2019-07-16 | 视联动力信息技术股份有限公司 | It is a kind of to service shared method and view networked system |
| CN110022353B (en) * | 2019-02-28 | 2022-04-12 | 视联动力信息技术股份有限公司 | Service sharing method and video networking system |
| CN110881038A (en) * | 2019-11-21 | 2020-03-13 | 深信服科技股份有限公司 | Communication authentication method, system, equipment and storage medium |
| CN110881038B (en) * | 2019-11-21 | 2022-03-22 | 深信服科技股份有限公司 | Communication authentication method, system, equipment and storage medium |
| CN113486321A (en) * | 2021-06-29 | 2021-10-08 | 广州锦和科技有限公司 | Authentication and quitting method and platform based on oauth2.0 |
| CN113992415A (en) * | 2021-10-28 | 2022-01-28 | 重庆忽米网络科技有限公司 | Unified authentication and authorization method based on OAuth2 protocol |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102394887B (en) | 2014-07-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102394887B (en) | OAuth protocol-based safety certificate method of open platform and system thereof | |
| CN108881290B (en) | Block chain based digital certificate use method, system and storage medium | |
| CN112333198B (en) | Secure cross-domain login method, system and server | |
| CN104468518B (en) | Business management method, device and system | |
| CN108684041B (en) | System and method for login authentication | |
| CN111159651B (en) | Block chain online evidence-storing method and system | |
| CN109286632B (en) | Block chain-based big data authorization and evidence-storing method and system | |
| CN109740384A (en) | Data based on block chain deposit card method and apparatus | |
| CN110336833A (en) | Image content common recognition method, server based on block chain | |
| CN103944737A (en) | User identity authentication method, third-party authentication platform and operator authentication platform | |
| RU2676896C2 (en) | Method and system related to authentication of users for accessing data networks | |
| CN103179099B (en) | A kind ofly access the uniform authentication method of open website platform and a kind of website platform | |
| CN102571693A (en) | Capability safety calling method, device and system | |
| CN103685194B (en) | Capacity calling method and device, and terminal | |
| CN104199657A (en) | Call method and device for open platform | |
| CN106130971A (en) | Identity identifying method and certificate server | |
| CN103179176A (en) | Call method, device and system for web application in cloud/cluster environment | |
| CN105338000A (en) | Verification method and verification system | |
| CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
| CN113852639B (en) | Data processing method, device, electronic equipment and computer readable storage medium | |
| US20240129108A1 (en) | Data processing methods and apparatuses based on blockchain, electronic device, computer-readable storage medium, and computer program product | |
| Omar et al. | Smart phone anti-counterfeiting system using a decentralized identity management framework | |
| CN104811421A (en) | Secure communication method and secure communication device based on digital rights management | |
| CN101257518B (en) | Method and system for preventing lawless ordering without through charging gateway in WAP platform | |
| CN113129008A (en) | Data processing method and device, computer readable medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20140709 Termination date: 20161110 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |