Nothing Special   »   [go: up one dir, main page]

CN116248351A - Resource access method and device, electronic equipment and storage medium - Google Patents

Resource access method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN116248351A
CN116248351A CN202211714040.3A CN202211714040A CN116248351A CN 116248351 A CN116248351 A CN 116248351A CN 202211714040 A CN202211714040 A CN 202211714040A CN 116248351 A CN116248351 A CN 116248351A
Authority
CN
China
Prior art keywords
target
resource
authentication
access
authorization token
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211714040.3A
Other languages
Chinese (zh)
Inventor
张建荣
谢继刚
徐益军
杨贵森
易小安
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Unicom Digital Technology Co Ltd
Unicom Cloud Data Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Unicom Digital Technology Co Ltd
Unicom Cloud Data Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd, Unicom Digital Technology Co Ltd, Unicom Cloud Data Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202211714040.3A priority Critical patent/CN116248351A/en
Publication of CN116248351A publication Critical patent/CN116248351A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a resource access method, a device, electronic equipment and a storage medium, relates to the technical field of communication, and solves the technical problems that related resources in the related technology are possibly unreasonable in access process, resources are possibly leaked, and the safety of resource access is affected. The method comprises the following steps: receiving a resource access request sent by a terminal; determining whether a target authorization token exists in the resource access request; determining whether the duration of the target authorization token is greater than a duration threshold value under the condition that the target authorization token exists in the resource access request; sending an authentication request to an authentication server under the condition that the duration time is longer than the duration time threshold value; receiving an authentication success response sent by the authentication server, wherein the authentication success response is used for informing the target account of having the authority to access the target resource; and sending the resource access request to the target service server based on the resource address of the target resource.

Description

Resource access method and device, electronic equipment and storage medium
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a resource access method, a device, an electronic device, and a storage medium.
Background
Currently, a terminal may acquire an internet protocol (internet protocol, IP) address of a certain service server, and send a service access request to the service server based on the IP address to access related resources stored in the service server.
However, in the above method, the access procedure of the related resource may not be reasonable. For example, any terminal may access the relevant resource after acquiring the IP address of the service server. Leakage of resources may occur, which affects the security of resource access.
Disclosure of Invention
The invention provides a resource access method, a device, electronic equipment and a storage medium, which solve the technical problems that the access process of related resources in the related technology is possibly unreasonable, the leakage of the resources is caused, and the safety of the resource access is influenced.
In a first aspect, the present invention provides a resource access method, including: receiving a resource access request sent by a terminal, wherein the resource access request comprises a resource address of a target resource, and the resource access request is used for requesting to access the target resource; determining whether a target authorization token exists in the resource access request, wherein the target authorization token is an authorization token of a target account, and the target account is an account corresponding to the terminal; determining whether the duration of the target authorization token is greater than a duration threshold value under the condition that the target authorization token exists in the resource access request; if the duration is longer than the duration threshold, sending an authentication request to an authentication server, wherein the authentication request comprises the resource address, the account identifier of the target account and a preset field, and the authentication request is used for requesting to determine the access right of the target account; receiving an authentication success response sent by the authentication server, wherein the authentication success response comprises the target authorization token, the authentication success response is used for informing the target account of the authority to access the target resource, and indicating the gateway to reset the duration of the target authorization token; and sending the resource access request to the target service server based on the resource address of the target resource.
Optionally, the above resource access method further includes: and receiving an authentication failure response sent by the authentication server, wherein the authentication failure response is used for informing that the target account does not have the authority to access the target resource.
Optionally, the resource access request further includes an encryption field, and the resource access method further includes: and decrypting the encrypted field based on a target key to obtain the preset field, wherein the target key is a key corresponding to the resource address.
In a second aspect, the present invention provides a resource access method, including: receiving an authentication request sent by a gateway, wherein the authentication request comprises a resource address of a target resource, an account identifier of a target account and a preset field, and the authentication request is used for requesting to determine the access right of the target account; determining at least one resource address corresponding to the account identifier in case that the preset field is stored in the authentication server; and under the condition that the resource address of the target resource exists in the at least one resource address, sending an authentication success response to the gateway so that the gateway sends the resource access request to a target service server based on the resource address of the target resource, wherein the authentication success response comprises a target authorization token, the target authorization token is an authorization token of the target account, the authentication success response is used for informing that the target account has the authority to access the target resource, and the gateway is instructed to reset the duration of the target authorization token.
Optionally, the above resource access method further includes: and in the case that the resource address of the target resource does not exist in the at least one resource address, sending an authentication failure response to the gateway, wherein the authentication failure response is used for informing that the target account does not have the authority to access the target resource.
In a third aspect, the present invention provides a resource access device, including: the device comprises a receiving module, a determining module and a sending module; the receiving module is used for receiving a resource access request sent by the terminal, wherein the resource access request comprises a resource address of a target resource, and the resource access request is used for requesting to access the target resource; the determining module is used for determining whether a target authorization token exists in the resource access request, wherein the target authorization token is an authorization token of a target account, and the target account is an account corresponding to the terminal; the determining module is further configured to determine, if the duration of the target authorization token is greater than a duration threshold in a case where the target authorization token exists in the resource access request; the sending module is used for sending an authentication request to the authentication server under the condition that the duration time is longer than the duration time threshold value, wherein the authentication request comprises the resource address, the account identifier of the target account and a preset field, and the authentication request is used for requesting to determine the access authority of the target account; the receiving module is further configured to receive an authentication success response sent by the authentication server, where the authentication success response includes the target authorization token, and the authentication success response is used to notify that the target account has permission to access the target resource, and instruct the gateway to reset the duration of the target authorization token; the sending module is further configured to send the resource access request to a target service server based on the resource address of the target resource.
Optionally, the receiving module is further configured to receive an authentication failure response sent by the authentication server, where the authentication failure response is used to notify that the target account does not have a right to access the target resource.
Optionally, the resource access request further includes an encryption field, and the resource access device further includes: a processing module; the processing module is configured to decrypt the encrypted field based on a target key, to obtain the preset field, where the target key is a key corresponding to the resource address.
In a fourth aspect, the present invention provides a resource access device, including: the device comprises a receiving module, a determining module and a sending module;
the receiving module is used for receiving an authentication request sent by the gateway, wherein the authentication request comprises a resource address of a target resource, an account identifier of a target account and a preset field, and the authentication request is used for requesting to determine the access right of the target account; the determining module is used for determining at least one resource address corresponding to the account identifier under the condition that the preset field is stored in the authentication server; the sending module is configured to send an authentication success response to the gateway when the resource address of the target resource exists in the at least one resource address, so that the gateway sends the resource access request to the target service server based on the resource address of the target resource, the authentication success response includes a target authorization token, the target authorization token is an authorization token of the target account, the authentication success response is used for notifying that the target account has permission to access the target resource, and instructs the gateway to reset the duration of the target authorization token.
Optionally, the sending module is further configured to send an authentication failure response to the gateway, where the at least one resource address does not have a resource address of the target resource, and the authentication failure response is used to notify that the target account does not have a right to access the target resource.
In a fifth aspect, the present invention provides an electronic device, comprising: a processor and a memory configured to store processor-executable instructions; wherein the processor is configured to execute the instructions to implement any of the above-described alternative resource access methods of the first aspect, or to implement any of the above-described alternative resource access methods of the second aspect.
In a sixth aspect, the present invention provides a computer readable storage medium having instructions stored thereon that, when executed by an electronic device, enable the electronic device to perform any one of the above-described alternative resource access methods of the first aspect, or to perform any one of the above-described alternative resource access methods of the second aspect.
According to the resource access method, the device, the electronic equipment and the storage medium, the gateway can acquire the resource access request of the terminal, then determine whether a target authorization token exists in the resource access request, when the target authorization token exists in the resource access request, the gateway is indicated to authenticate the target account at a certain moment in a historical time period, the target account is determined to have the authority to access the target resource, at the moment, the server is determined to be longer than a duration threshold value, when the duration of the target authorization token is longer than the duration threshold value, the gateway is indicated to not authenticate the target account for a longer time, at the moment, the server can send an authentication request to the authentication server, and after receiving an authentication success response sent by the authentication server, the resource access request is sent to the target service server based on the resource address of the target resource. In the invention, the gateway can send the authentication request to the authentication server under the condition that the target account is not authenticated for a long time, and because the authentication success response is used for indicating the gateway to reset the duration of the target authorization token, the gateway can determine that the duration of the target authorization token after the reset is smaller than or equal to the duration threshold value, then the gateway sends the resource access request to the target service server based on the resource address of the target resource under the condition that the duration of the target authorization token is smaller than the duration threshold value, and can send the resource access request with the authority for accessing the target resource to the target service server, thereby improving the safety of resource access and the efficiency of resource access.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below.
FIG. 1 is a schematic diagram of a network architecture of a resource access system according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart of a resource access method according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating another method for accessing resources according to an embodiment of the present invention;
FIG. 4 is a flowchart illustrating another method for accessing resources according to an embodiment of the present invention;
FIG. 5 is a flowchart illustrating another method for accessing resources according to an embodiment of the present invention;
FIG. 6 is a flowchart illustrating another method for accessing resources according to an embodiment of the present invention;
FIG. 7 is a flowchart illustrating another method for accessing resources according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a resource access device according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of a resource access device according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of a resource access device according to an embodiment of the present invention;
fig. 11 is a schematic structural diagram of another resource access device according to an embodiment of the present invention.
Detailed Description
The resource access method, the device, the electronic equipment and the storage medium provided by the embodiment of the invention are described in detail below with reference to the accompanying drawings.
The terms "first" and "second" and the like in the description and in the drawings are used for distinguishing between different objects and not for describing a particular sequence of objects, e.g., a first field and a second field, etc. are used for distinguishing between different fields and not for describing a particular sequence of fields.
Furthermore, references to the terms "comprising" and "having" and any variations thereof in the description of the present application are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed but may optionally include other steps or elements not listed or inherent to such process, method, article, or apparatus.
It should be noted that, in the embodiments of the present invention, words such as "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "e.g." in an embodiment of the present invention is not to be taken as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.
The term "and/or" as used herein includes the use of either or both of these methods.
In the description of the present application, unless otherwise indicated, the meaning of "a plurality" means two or more.
Based on the description in the background art, in the related art, the access process of the related resource may not be reasonable, for example, any terminal may access the related resource after acquiring the IP address of the service server, which may cause leakage of the resource and affect the security of resource access. Based on this, the embodiment of the invention provides a resource access method, a device, an electronic device and a storage medium, in which a gateway can send an authentication request to an authentication server under the condition that the target account is not authenticated for a long time, and because the authentication success response is used for indicating the gateway to reset the duration of the target authorization token, the gateway can determine that the duration of the target authorization token after the reset is less than or equal to a duration threshold, and then send the resource access request to the target service server based on the resource address of the target resource under the condition that the duration of the target authorization token is less than the duration threshold, so that the resource access request with the authority to access the target resource can be sent to the target service server, the security of resource access can be improved, and the efficiency of resource access can be improved.
The method, the device, the electronic equipment and the storage medium for accessing the resources provided by the embodiment of the invention can be applied to a resource access system, as shown in fig. 1, wherein the resource access system comprises a terminal 101, a gateway 102, a server 103 and a server 104. In general, in practical applications, the connection between the above-mentioned devices or service functions may be a wireless connection, and for convenience and intuitiveness, the connection relationship between the devices is schematically shown by a solid line in fig. 1.
The terminal 101 may be a mobile phone, a tablet computer, a desktop, a laptop, a handheld computer, a notebook, an ultra-mobile personal computer (ultra-mobile personal computer, UMPC), a netbook, a cellular phone, a personal digital assistant (personal digital assistant, PDA), an augmented reality (augmented reality, AR) \virtual reality (VR) device, etc., and the specific form of the terminal 101 is not particularly limited in this disclosure. The system can perform man-machine interaction with a user through one or more modes of a keyboard, a touch pad, a touch screen, a remote controller, voice interaction or handwriting equipment and the like. In the embodiment of the invention, the terminal is used for sending a resource access request to the gateway, wherein the resource access request is used for requesting to access the target resource.
The server 103 and the server 104 may be independent physical servers, or may be a server cluster or a distributed system formed by a plurality of physical servers, or may be cloud servers for providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, network acceleration services (content delivery network, CDN), basic cloud computing services such as big data and artificial intelligence platforms, and the like. In the embodiment of the present invention, the server 103 is an authentication server, where the server 103 is configured to receive an authentication request sent by a gateway, and send an authentication success response to the gateway when the authentication request is not changed, where the authentication request is used to request to determine an access right of a target account, and at least one resource address corresponding to an account identifier of the target account is determined when a preset field is stored in the server 103, and when a resource address of the target resource exists in the at least one resource address; the server 104 is a service server of the target resource, and the server 104 is configured to receive a resource access request sent by the gateway.
The resource access method, the device, the electronic equipment and the storage medium provided by the embodiment of the invention are applied to a resource access scene, and particularly, after a gateway receives a resource access request sent by a terminal, whether a target authorization token exists in the resource access request can be determined, if the target authorization token exists in the resource access request, whether the duration of the target authorization token is greater than or equal to a duration threshold value is determined, then, if the duration is greater than the duration threshold value, an authentication request is sent to an authentication server, and after an authentication success response sent by the authentication server is received, the resource access request is sent to a target service server based on the resource address of the target resource.
The resource access method provided by the embodiment of the present invention is fully described below from the perspective of interaction of each device in the resource access system in combination with the resource access system shown in fig. 1, so as to illustrate a process that the gateway sends the resource access request to the service server and a process that the authentication server determines the access authority of the target account.
As shown in fig. 2, the resource access method provided by the embodiment of the present invention may include S101-S106.
S101, the gateway receives a resource access request sent by the terminal.
Wherein the resource access request includes a resource address of a target resource, the resource access request being for requesting access to the target resource.
Alternatively, the resource address of the target resource may be a uniform resource locator (uniform resource locator, URL) of the target resource, or may be an IP address of a service server of the target resource.
Alternatively, the resource access request may be a hypertext transfer protocol (hypertext transfer protocol, HTTP) request.
S102, the gateway determines whether a target authorization token exists in the resource access request.
The target authorization token is an authorization token of a target account, and the target account is an account corresponding to the terminal.
It may be appreciated that the target authorization token may include an identification of the target account, and the gateway may determine that the target authorization token is an authorization token for the target account based on the identification of the target account.
In the embodiment of the invention, the target authorization token is used for representing that the gateway authenticates the target account in the historical time period, determining that the target account has the authority to access the target resource, and transmitting the target authorization token to the terminal by the gateway after the gateway authenticates the target account in the historical time period.
In one implementation of the embodiment of the present invention, the target authorization token is further used to characterize that the gateway has authenticated the target account within the historical period of time, and determine that the target account is an account pre-stored by the gateway.
Optionally, the target authorization token may be a unique string, and may uniquely identify a correspondence between the target account and the access rights of the target resource.
Optionally, the target authorization token may further include a plurality of resource addresses, where the plurality of resource addresses are a plurality of resource addresses having access rights for the target account, and after the gateway receives the resource access request of the terminal, it may determine whether the target account has the rights to access the target resource according to the plurality of resource addresses included in the target authorization token.
S103, under the condition that a target authorization token exists in the resource access request, the gateway determines whether the duration of the target authorization token is greater than a duration threshold.
It may be appreciated that, in the case where the target authorization token exists in the resource access request, it is stated that when the gateway authenticates the target account at a time in the historical period, it is determined that the target account has the right to access the target resource, and at this time, the gateway may determine whether the duration of the target authorization token is greater than the duration threshold.
In one implementation manner of the embodiment of the present invention, the authentication server may store the valid time of each authorization token, including an authorization time and a duration threshold, where the authorization time is a time when the gateway determines that the target account has the authority to access the target resource in a historical time period, and when the gateway determines that the resource access request includes the target authorization token, the gateway may determine, according to the authorization time of the target authorization token and the time when the gateway receives the resource access request, the duration of the target authorization token, so as to determine whether the duration is greater than the duration threshold.
Alternatively, the duration threshold may be 1 hour.
And S104, the gateway sends an authentication request to the authentication server under the condition that the duration time is greater than or equal to the time threshold.
The authentication request comprises the resource address, the account identifier of the target account and a preset field, and is used for requesting to determine the access right of the target account.
It may be appreciated that in the case where the duration of the target authorization token is greater than the duration threshold, it is indicated that the gateway does not authenticate the target account for a longer period of time, at which time the server may send an authentication request to the authentication server, specifically requesting the authentication server to redetermine whether the target account has permission to access the target resource.
In the embodiment of the invention, the resource access request further comprises a preset field and an account identifier of the target account, and the gateway can acquire the resource address of the target resource, the account identifier of the target account and the preset field from the resource access request and then send an authentication request to the authentication server under the condition that the duration time is longer than the duration threshold.
Optionally, the authentication server may store a field corresponding to each account in the plurality of accounts, when the authentication server stores the account identifier of the target account and a preset field corresponding to the account identifier, the authentication server may determine that authentication is successful on the target account, then determine at least one resource address corresponding to the target account, and in a case that the resource address of the target resource is stored in the at least one resource address, the authentication server determines that the target account has a right to access the target resource.
Alternatively, the preset field may include a first field and a second field. The first field comprises an authentication field expression, the first field is used for authenticating the target account, the second field comprises an authentication field expression, and the second field is used for authenticating the target account.
Illustratively, table 1 below is an example of a resource access request provided by an embodiment of the present invention. As shown in table 1, the resource access request includes a resource address, an account identifier, a timeout period, a request mode, a content format, a first field, a second field, and an authorization token.
TABLE 1
Project name Content of the item
Resource address URL of target resource
Account identification Sign 1
Timeout time 12:01
Request mode GET,POST
Content format JSON
First field Authentication field expression
Second field Authentication field expression
Authorization token Target authorization token
As shown in table 1, the resource access request includes a URL of the target resource with the resource address, the account is identified as 1, the timeout time is 12:01, the timeout time is used to represent that the resource access request is a timeout request after 12:01, and the resource access request fails; the request mode of the resource access request is GET, POST, etc., the content format of the resource access request is JSON format, the first field is an authentication field expression, optionally, the authentication field expression is a terminal self-defined authentication field expression, the second field is an authentication field expression, optionally, the authentication field expression can also be a terminal self-defined authentication expression, and the target authorization token exists in the resource access request. After receiving the resource access request, the gateway may determine that the target authorization token is stored in the resource access request, determine a duration of the target authorization token, and in the case that the duration is greater than the duration threshold, the gateway may obtain an account identifier of a target account included in the resource access request, the first field, the second field, and a resource address of the target resource, and then send an authentication request to the authentication server.
In an implementation manner of the embodiment of the present invention, when the gateway determines that the target authorization token does not exist in the resource access request, it indicates that the gateway does not authenticate the target account in a historical period, that is, the target account is requested to access the target resource for the first time, at this time, the gateway may also send the authentication request to the authentication server, and further after the gateway receives an authentication success response sent by the authentication server, may send the target authorization token to the terminal, so that the terminal may access the target resource based on the target authorization token in a duration threshold.
S105, the gateway receives an authentication success response sent by the authentication server.
Wherein the authentication success response includes the target authorization token, the authentication success response being for informing the target account of the right to access the target resource, and instructing the gateway to reset the duration of the target authorization token.
It may be appreciated that, after the authentication server successfully authenticates the target account, the target authorization token may be generated and the authentication success response may be sent to the gateway, and the gateway may determine that the target account has the access right of the target resource after receiving the authentication success response, at which time the gateway may reset the duration of the target authorization token.
And S106, the gateway sends a resource access request to the target service server based on the resource address of the target resource.
It may be understood that, after receiving the authentication success response sent by the authentication server, the gateway indicates that the target account has the right to access the target resource, and at this time, the elbow may send the resource access request to the target service server based on the resource address of the target resource.
In one implementation manner of the embodiment of the present invention, when the duration of the target authorization token is less than or equal to the duration threshold, it is indicated that the gateway has determined that the target account has the right to access the target resource in a shorter history duration, and at this time, the gateway may determine that the target account has the right to access the target resource in a shorter duration, and send the resource access request to the target service server based on the resource address of the target resource.
The technical scheme provided by the embodiment at least has the following beneficial effects: the S101-S106 indicate that the gateway may acquire the resource access request of the terminal, then determine whether a target authorization token exists in the resource access request, when the gateway authenticates the target account at a certain moment in the historical time period under the condition that the target authorization token exists in the resource access request, it is determined that the target account has the authority to access the target resource, at this time, the server determines whether the duration of the target authorization token is greater than a duration threshold, and when the duration is greater than the duration threshold, it is determined that the gateway does not authenticate the target account for a longer time, at this time, the server may send an authentication request to the authentication server, and after receiving an authentication success response sent by the authentication server, send the resource access request to the target service server based on the resource address of the target resource. In the invention, the gateway can send the authentication request to the authentication server under the condition that the target account is not authenticated for a long time, and because the authentication success response is used for indicating the gateway to reset the duration of the target authorization token, the gateway can determine that the duration of the target authorization token after the reset is smaller than or equal to the duration threshold value, then the gateway sends the resource access request to the target service server based on the resource address of the target resource under the condition that the duration of the target authorization token is smaller than the duration threshold value, and can send the resource access request with the authority for accessing the target resource to the target service server, thereby improving the safety of resource access and the efficiency of resource access.
Referring to fig. 2, as shown in fig. 3, the above-mentioned resource access method further includes S107.
S107, the gateway receives the authentication failure response sent by the authentication server.
Wherein the authentication failure response is used to inform the target account that it does not have permission to access the target resource.
It may be understood that when the authentication result of the authentication server on the target account is authentication failure, the authentication failure response may be sent to the gateway, and the preset field may not be stored in the authentication server, where the gateway may determine that the target account does not have the access right of the target resource.
Alternatively, the gateway may send a resource access failure response to the terminal, the resource access failure response being used to notify that the target account cannot access the target resource.
Referring to fig. 2, as shown in fig. 4, the resource access request further includes an encryption field, and the resource access method further includes S108.
S108, the gateway decrypts the encrypted field based on the target key to obtain a preset field.
The target key is a key corresponding to the resource address.
In the embodiment of the invention, the gateway can determine the target key based on the resource address of the target resource, and then decrypt the encrypted field based on the target key to obtain the preset field.
It may be understood that the target key is a private key stored in the gateway, the gateway may decrypt the encrypted field based on the private key, a public key may be stored in the terminal, and the terminal may encrypt the preset field based on the public key to obtain the encrypted field.
Optionally, the gateway may store the first correspondence, where the first correspondence includes a plurality of resource addresses and a private key corresponding to each resource in the plurality of resource addresses.
In an alternative implementation manner, the resource access request may further include a decryption algorithm, and the gateway may further decrypt the encrypted field based on the target key and the decryption algorithm to obtain a preset field, and then send the authentication request to the authentication server.
In another alternative implementation, the format of the preset field may be different from the format that can be identified by the authentication server, for example, the format of the preset field is JSON format, the format that can be identified by the authentication server is LUA format, at this time, the gateway may store the LUA format that can be identified by the authentication server, parse the preset field by LUA, and then send the parsed preset field to the authentication server.
As shown in fig. 5, when the resource access method provided by the embodiment of the present invention is applied to the server 103 shown in fig. 1, the method further includes S201 to S203.
S201, the authentication server receives an authentication request sent by the gateway.
The authentication request comprises a resource address of a target resource, an account identifier of a target account and a preset field, and is used for requesting to determine the access right of the target account.
Specifically, the authentication request is used to request a determination of whether the target account has permission to access the target account.
In an implementation manner of the embodiment of the present invention, the preset field may include a first field and a second field, where the first field is used to characterize an authentication field, the authentication field is used to characterize an authentication field, and the authentication server may perform identity verification on the target account based on the authentication field and perform authority verification on the target account based on the authentication field.
S202, under the condition that a preset field is stored in the authentication server, the authentication server determines at least one resource address corresponding to the account identifier.
It can be understood that, in the case that the preset field is stored in the authentication server, it is indicated that the identity of the target account is normal and the authority for accessing the resource address is provided, and at this time, the authentication server may determine at least one resource address corresponding to the account identifier of the target account.
It should be appreciated that the at least one resource address is a resource address for which the target account has access rights.
Optionally, the authentication server may store a second correspondence, where the second correspondence includes identifiers of a plurality of accounts and at least one resource address corresponding to an identifier of each account in the identifiers of the plurality of accounts, and then the authentication server may determine, based on the second correspondence and the account identifier of the target account, the at least one resource address corresponding to the account identifier of the target account.
Optionally, in the case that the preset field is not stored in the authentication server, specifically in the case that the first field is not stored in the authentication server, it indicates that the identity of the target account is abnormal, and the target account may be being used by another person, and in the case that the second field is not stored in the authentication server, it indicates that the target account has no access right of any resource address, at this time, the server may send an authentication failure response to the gateway.
And S203, under the condition that the resource address of the target resource exists in at least one resource address, the authentication server sends an authentication success response to the gateway so that the gateway sends a resource access request to the target service server based on the resource address of the target resource.
The authentication success response comprises a target authorization token, wherein the target authorization token is an authorization token of the target account, the authentication success response is used for informing the target account of the authority to access the target resource, and the gateway is instructed to reset the duration of the target authorization token.
It may be appreciated that in the case where the resource address of the target resource exists in the at least one resource address, the target account is stated to have the right to access the target resource, at this time, the server may generate a target authorization token based on the identification of the target account, and send an authentication success response to the gateway, so that the gateway resets the duration of the target authorization token, and in turn, the gateway may send the resource access request to the target service server based on the resource address of the target resource without being authenticated again by the authentication server, in the case where the duration of the target authorization token is less than the duration threshold.
In the embodiment of the invention, the authentication server can receive an authentication request sent by a gateway, the authentication request comprises a resource address of a target resource, an account identifier of a target account and a preset field, the authentication server indicates that the identity of the target account is normal and has the authority to access the resource address under the condition that the preset field is stored in the authentication server, at the moment, the authentication server can determine at least one resource address corresponding to the account identifier, and the server can send an authentication success response to the gateway because the authority to access the target resource exists in the at least one resource address. In the invention, the authentication server sends the authentication success response to the gateway under the condition that the authentication server stores the preset field and the resource address of the target resource exists in at least one resource address corresponding to the account identifier, so that the access right of the target account with the target resource can be accurately determined, the authentication accuracy is improved, and the authentication success response comprises the target authorization token and is used for indicating the gateway to reset the duration of the target authorization token, therefore, the gateway can send the resource access request to the target service server based on the resource address of the target resource without authentication again, and the authentication efficiency is improved.
Referring to fig. 5, as shown in fig. 6, the above-mentioned resource access method further includes S204.
S204, the authentication server sends an authentication failure response to the gateway under the condition that the resource address of the target resource does not exist in at least one resource address.
Wherein the authentication failure response is used to inform the target account that it does not have permission to access the target resource.
It will be appreciated that in the case where there is no resource address of the target resource in the at least one resource address, indicating that the target account does not have access to the target resource, the authentication server may send an authentication failure response to the gateway, the authentication failure response being used to inform the gateway that the target account does not have access to the target resource.
As shown in fig. 7, the resource access method provided by the embodiment of the present invention is described below in a manner that each device shown in fig. 1 interacts.
S301, the gateway receives a resource access request sent by the terminal.
Wherein the resource access request includes a resource address of a target resource, and the resource access request is used for requesting access to the target resource.
S302, the gateway determines whether a target authorization token exists in the resource access request.
The target authorization token is an authorization token of a target account, and the target account is an account corresponding to the terminal.
S303, under the condition that a target authorization token exists in the resource access request, the gateway determines whether the duration of the target authorization token is greater than a duration threshold.
And S304, the gateway sends an authentication request to the authentication server under the condition that the duration time is longer than the duration time threshold value.
The authentication request comprises the resource address, the account identifier of the target account and a preset field, and is used for requesting to determine the access right of the target account.
S305, the authentication server receives an authentication request sent by the gateway.
S306, under the condition that a preset field is stored in the authentication server, the authentication server determines at least one resource address corresponding to the account identifier.
S307, the authentication server sends an authentication success response to the gateway under the condition that the resource address of the target resource exists in at least one resource address, so that the gateway sends a resource access request to the target service server based on the resource address of the target resource.
The authentication success response comprises a target authorization token, wherein the target authorization token is an authorization token of the target account, and the authentication success response is used for informing the target account of the authority to access the target resource and indicating the gateway to reset the duration of the target authorization token.
S308, the gateway receives an authentication success response sent by the authentication server.
It will be appreciated that the duration of the target authorization token may be reset after the gateway receives the authentication success response so that the terminal may access the target resource based on the target authorization token.
S309, the gateway sends a resource access request to the target service server based on the resource address of the target resource.
In the embodiment of the invention, the gateway can receive the resource access request sent by the terminal, then determine whether a target authorization token exists in the resource access request, and when the target authorization token exists in the resource access request, the gateway determines that the target account has the authority to access the target resource when the target account is authenticated at a certain moment in a historical time period, at this time, the gateway can determine whether the duration of the target authorization token is greater than a duration threshold, and when the duration is greater than the duration threshold, the gateway does not authenticate the target account for a long time, at this time, the gateway can send an authentication request to the authentication server, so that the authentication server can redetermine the access authority of the target account, the security of high resource access can be improved, the authentication server stores the preset field, and when at least one resource address corresponding to the account identifier exists in the resource address, the authentication success response is sent to the gateway, the authentication success response can be accurately determined, the target has the target resource access success response is not required, and the authentication success response is not required to be reset, and the authentication response is required to be sent to the target service on the basis of the authentication token.
The embodiment of the invention can divide the functional modules of the electronic equipment and the like according to the method example, for example, each functional module can be divided corresponding to each function, and two or more functions can be integrated in one processing module. The integrated modules may be implemented in hardware or in software functional modules. It should be noted that, in the embodiment of the present invention, the division of the modules is schematic, which is merely a logic function division, and other division manners may be implemented in actual implementation.
In the case of dividing the respective functional modules with the respective functions, fig. 8 shows a schematic diagram of one possible configuration of the resource access device involved in the above-described embodiment, and as shown in fig. 8, the resource access device 20 may include: a receiving module 201, a determining module 202 and a transmitting module 203.
A receiving module 201, configured to receive a resource access request sent by a terminal, where the resource access request includes a resource address of a target resource, and the resource access request is used to request access to the target resource.
The determining module 202 is configured to determine whether a target authorization token exists in the resource access request, where the target authorization token is an authorization token of a target account, and the target account is an account corresponding to the terminal.
The determining module 202 is further configured to determine, if the duration of the target authorization token is greater than a duration threshold, in the case that the target authorization token is present in the resource access request.
And the sending module 203 is configured to send an authentication request to an authentication server, where the duration is greater than the duration threshold, the authentication request includes the resource address, an account identifier of the target account, and a preset field, and the authentication request is used to request to determine an access right of the target account.
The receiving module 201 is further configured to receive an authentication success response sent by the authentication server, where the authentication success response includes the target authorization token, and the authentication success response is used to notify that the target account has the right to access the target resource, and instruct the gateway to reset the duration of the target authorization token.
The sending module 203 is further configured to send the resource access request to the target service server based on the resource address of the target resource.
Optionally, the receiving module 201 is further configured to receive an authentication failure response sent by the authentication server, where the authentication failure response is used to notify that the target account does not have a right to access the target resource.
Optionally, the resource access request further includes an encryption field, and the resource access device 20 further includes: a processing module 204.
And the processing module 204 is configured to decrypt the encrypted field based on a target key, to obtain the preset field, where the target key is a key corresponding to the resource address.
In case of an integrated unit, fig. 9 shows a schematic diagram of one possible configuration of the resource access device involved in the above-described embodiment. As shown in fig. 9, the resource access device 30 may include: a processing module 301 and a communication module 302. The processing module 301 may be used to control and manage the actions of the resource access device 30. The communication module 302 may be used to support communication of the resource access device 30 with other entities. Optionally, as shown in fig. 9, the resource access device 30 may further comprise a storage module 303 for storing program code and data of the resource access device 30.
Wherein the processing module 301 may be a processor or a controller. The communication module 302 may be a transceiver, a transceiver circuit, a communication interface, or the like. The storage module 303 may be a memory.
When the processing module 301 is a processor, the communication module 302 is a transceiver, and the storage module 303 is a memory, the processor, the transceiver, and the memory may be connected through a bus. The bus may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus or an extended industry standard architecture (extended industry standard architecture, EISA) bus, or the like. The buses may be divided into address buses, data buses, control buses, etc.
In the case of dividing the respective functional modules with the respective functions, fig. 10 shows a schematic diagram of one possible configuration of the resource access device involved in the above-described embodiment, and as shown in fig. 10, the resource access device 40 may include: a receiving module 401, a determining module 402 and a transmitting module 403.
The receiving module 401 is configured to receive an authentication request sent by a gateway, where the authentication request includes a resource address of a target resource, an account identifier of a target account, and a preset field, and the authentication request is used to request to determine an access right of the target account.
A determining module 402, configured to determine at least one resource address corresponding to the account identifier in a case that the preset field is stored in the authentication server.
A sending module 403, configured to send an authentication success response to the gateway, where the resource address of the target resource exists in the at least one resource address, so that the gateway sends the resource access request to the target service server based on the resource address of the target resource, where the authentication success response includes a target authorization token, where the target authorization token is an authorization token of the target account, where the authentication success response is used to notify that the target account has a right to access the target resource, and instruct the gateway to reset a duration of the target authorization token.
Optionally, the sending module 403 is further configured to send an authentication failure response to the gateway, where the resource address of the target resource does not exist in the at least one resource address, where the authentication failure response is used to notify that the target account does not have the right to access the target resource.
In case of an integrated unit, fig. 11 shows a schematic diagram of one possible configuration of the resource access device involved in the above-described embodiment. As shown in fig. 11, the resource access device 50 may include: a processing module 501 and a communication module 502. The processing module 501 may be used to control and manage the actions of the resource access device 50. The communication module 502 may be used to support communication of the resource access device 50 with other entities. Optionally, as shown in fig. 11, the resource access device 50 may further comprise a storage module 503 for storing program code and data of the resource access device 50.
Wherein the processing module 501 may be a processor or a controller. The communication module 502 may be a transceiver, a transceiver circuit, a communication interface, or the like. The storage module 503 may be a memory.
Where the processing module 501 is a processor, the communication module 502 is a transceiver, and the storage module 503 is a memory, the processor, the transceiver, and the memory may be connected by a bus. The bus may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus or an extended industry standard architecture (extended industry standard architecture, EISA) bus, or the like. The buses may be divided into address buses, data buses, control buses, etc.
It should be understood that, in various embodiments of the present invention, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation process of the embodiments of the present invention.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented using a software program, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions described in accordance with embodiments of the present invention are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, digital subscriber terminal line (Digital Subscriber Line, DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) means. The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device including one or more servers, data centers, etc. that can be integrated with the medium. The usable medium may be a magnetic medium (e.g., a floppy Disk, a hard Disk, a magnetic tape), an optical medium (e.g., a DVD), or a semiconductor medium (e.g., a Solid State Disk (SSD)), or the like.
The foregoing is merely illustrative of the present invention, and the present invention is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (12)

1. A method for accessing resources, applied to a gateway, the method comprising:
receiving a resource access request sent by a terminal, wherein the resource access request comprises a resource address of a target resource, and the resource access request is used for requesting to access the target resource;
determining whether a target authorization token exists in the resource access request, wherein the target authorization token is an authorization token of a target account, and the target account is an account corresponding to the terminal;
determining whether the duration of the target authorization token is greater than a duration threshold value under the condition that the target authorization token exists in the resource access request;
sending an authentication request to an authentication server under the condition that the duration time is longer than the duration time threshold, wherein the authentication request comprises the resource address, the account identifier of the target account and a preset field, and the authentication request is used for requesting to determine the access right of the target account;
Receiving an authentication success response sent by the authentication server, wherein the authentication success response comprises the target authorization token, and the authentication success response is used for informing the target account of the authority to access the target resource and indicating the gateway to reset the duration of the target authorization token;
and sending the resource access request to a target service server based on the resource address of the target resource.
2. The resource access method of claim 1, wherein the method further comprises:
and receiving an authentication failure response sent by the authentication server, wherein the authentication failure response is used for informing that the target account does not have the authority to access the target resource.
3. The resource access method according to claim 1 or 2, wherein the resource access request further comprises an encryption field, the method further comprising:
and decrypting the encrypted field based on a target key to obtain the preset field, wherein the target key is a key corresponding to the resource address.
4. A method for accessing resources, applied to an authentication server, the method comprising:
receiving an authentication request sent by a gateway, wherein the authentication request comprises a resource address of a target resource, an account identifier of a target account and a preset field, and the authentication request is used for requesting to determine the access right of the target account;
Determining at least one resource address corresponding to the account identifier under the condition that the preset field is stored in the authentication server;
and sending an authentication success response to the gateway under the condition that the resource address of the target resource exists in the at least one resource address, so that the gateway sends the resource access request to a target service server based on the resource address of the target resource, wherein the authentication success response comprises a target authorization token, the target authorization token is an authorization token of the target account, the authentication success response is used for informing that the target account has the authority to access the target resource, and the gateway is instructed to reset the duration of the target authorization token.
5. The method of resource access according to claim 4, wherein the method further comprises:
and if the resource address of the target resource does not exist in the at least one resource address, sending an authentication failure response to the gateway, wherein the authentication failure response is used for informing that the target account does not have the authority to access the target resource.
6. A resource access device for use in a gateway, the resource access device comprising: the device comprises a receiving module, a determining module and a sending module;
The receiving module is used for receiving a resource access request sent by a terminal, wherein the resource access request comprises a resource address of a target resource, and the resource access request is used for requesting to access the target resource;
the determining module is used for determining whether a target authorization token exists in the resource access request, wherein the target authorization token is an authorization token of a target account, and the target account is an account corresponding to the terminal;
the determining module is further configured to determine, if the duration of the target authorization token is greater than a duration threshold in a case where the target authorization token exists in the resource access request;
the sending module is configured to send an authentication request to an authentication server when the duration is longer than the duration threshold, where the authentication request includes the resource address, an account identifier of the target account, and a preset field, and the authentication request is used to request to determine access rights of the target account;
the receiving module is further configured to receive an authentication success response sent by the authentication server, where the authentication success response includes the target authorization token, and the authentication success response is used to notify that the target account has permission to access the target resource, and instruct a gateway to reset a duration of the target authorization token;
The sending module is further configured to send the resource access request to a target service server based on a resource address of the target resource.
7. The resource access device of claim 6, wherein the resource access device,
the receiving module is further configured to receive an authentication failure response sent by the authentication server, where the authentication failure response is used to notify that the target account does not have permission to access the target resource.
8. The resource access device of claim 6 or 7, wherein the resource access request further comprises an encryption field, the resource access device further comprising: a processing module;
the processing module is configured to decrypt the encrypted field based on a target key to obtain the preset field, where the target key is a key corresponding to the resource address.
9. A resource access device for application to an authentication server, the resource access device comprising: the device comprises a receiving module, a determining module and a sending module;
the receiving module is used for receiving an authentication request sent by a gateway, wherein the authentication request comprises a resource address of a target resource, an account identifier of a target account and a preset field, and the authentication request is used for requesting to determine the access right of the target account;
The determining module is used for determining at least one resource address corresponding to the account identifier under the condition that the preset field is stored in the authentication server;
the sending module is configured to send an authentication success response to the gateway when the resource address of the target resource exists in the at least one resource address, so that the gateway sends the resource access request to a target service server based on the resource address of the target resource, the authentication success response includes a target authorization token, where the target authorization token is an authorization token of the target account, and the authentication success response is used to notify that the target account has permission to access the target resource, and instruct the gateway to reset a duration of the target authorization token.
10. The resource access device of claim 9, wherein the resource access device,
the sending module is further configured to send an authentication failure response to the gateway when the resource address of the target resource does not exist in the at least one resource address, where the authentication failure response is used to notify that the target account does not have permission to access the target resource.
11. An electronic device, the electronic device comprising:
a processor;
a memory configured to store the processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the resource access method of any of claims 1-3 or to implement the resource access method of any of claims 4 or 5.
12. A computer readable storage medium having instructions stored thereon, which, when executed by an electronic device, cause the electronic device to perform the resource access method of any of claims 1-3 or to implement the resource access method of claim 4 or 5.
CN202211714040.3A 2022-12-29 2022-12-29 Resource access method and device, electronic equipment and storage medium Pending CN116248351A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211714040.3A CN116248351A (en) 2022-12-29 2022-12-29 Resource access method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211714040.3A CN116248351A (en) 2022-12-29 2022-12-29 Resource access method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN116248351A true CN116248351A (en) 2023-06-09

Family

ID=86625255

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211714040.3A Pending CN116248351A (en) 2022-12-29 2022-12-29 Resource access method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116248351A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116980233A (en) * 2023-09-21 2023-10-31 宝略科技(浙江)有限公司 Authorization verification method, system and medium for discrete data high-frequency access
CN117650950A (en) * 2024-01-30 2024-03-05 浙江省电子信息产品检验研究院(浙江省信息化和工业化融合促进中心) Secure communication method and apparatus

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116980233A (en) * 2023-09-21 2023-10-31 宝略科技(浙江)有限公司 Authorization verification method, system and medium for discrete data high-frequency access
CN116980233B (en) * 2023-09-21 2024-01-30 宝略科技(浙江)有限公司 Authorization verification method and system for discrete data during high-frequency access
CN117650950A (en) * 2024-01-30 2024-03-05 浙江省电子信息产品检验研究院(浙江省信息化和工业化融合促进中心) Secure communication method and apparatus
CN117650950B (en) * 2024-01-30 2024-04-19 浙江省电子信息产品检验研究院(浙江省信息化和工业化融合促进中心) Secure communication method and apparatus

Similar Documents

Publication Publication Date Title
CN111212095B (en) Authentication method, server, client and system for identity information
EP2999189A1 (en) Network authentication method for secure electronic transactions
US20090158033A1 (en) Method and apparatus for performing secure communication using one time password
CN109756446B (en) Access method and system for vehicle-mounted equipment
KR101451359B1 (en) User account recovery
US20090158048A1 (en) Method, client and system for reversed access to management server using one-time password
CN104798083A (en) Method and system for verifying an access request
US20210234850A1 (en) System and method for accessing encrypted data remotely
US11424915B2 (en) Terminal registration system and terminal registration method with reduced number of communication operations
CN116248351A (en) Resource access method and device, electronic equipment and storage medium
CN111614686A (en) Key management method, controller and system
CN114301617A (en) Identity authentication method and device for multi-cloud application gateway, computer equipment and medium
CN115473655B (en) Terminal authentication method, device and storage medium for access network
CN104301288A (en) Method and system for online identity authentication, online transaction certification, and online certification protection
CN108667800B (en) Access authority authentication method and device
KR101619928B1 (en) Remote control system of mobile
KR102053993B1 (en) Method for Authenticating by using Certificate
WO2013073780A1 (en) Method and server for providing automatic login function
WO2015151251A1 (en) Network service providing device, network service providing method, and program
CN116318911A (en) Domain name access method and device, electronic equipment and storage medium
CN114024682A (en) Cross-domain single sign-on method, service equipment and authentication equipment
CN113079506A (en) Network security authentication method, device and equipment
WO2012121497A2 (en) Distinct identifier-based authentication system and method
WO2012115403A2 (en) Location information-based authentication system and method
KR101879842B1 (en) User authentication method and system using one time password

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination