Third party application centralized safety management method and system and corresponding communication system

A technology of security management and centralized management, applied in the field of centralized security management, it can solve the problems of abusing network APIs and illegally accessing users

Active Publication Date: 2013-04-24
ALCATEL LUCENT SHANGHAI BELL CO LTD
View PDF6 Cites 39 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0017] 3. Before the user authorizes the third-party application / client, the user must be authenticated by the authorization server, and the user may also need to authenticate the authorization server;
[0024] In addition, since there are many third-party applications / clients, some of which may be developed and provided by individuals, it is possible for attackers to develop malicious network APIs to abuse network APIs for illegal access to user resources

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Third party application centralized safety management method and system and corresponding communication system
  • Third party application centralized safety management method and system and corresponding communication system
  • Third party application centralized safety management method and system and corresponding communication system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] The basic idea of ​​the invention is centralized security management for third party applications / clients that want to access the user's protected resources stored in the resource server. For the sake of brevity, "third-party applications / clients" are collectively referred to as "third-party applications" hereinafter. figure 2 A system and workflow of centralized security management for third-party applications are schematically shown. Such as figure 2 shown, with figure 1 Compared with the existing technical solutions in , a centralized security management system is added, which can perform the following functions:

[0035] - Before the official release of third-party apps:

[0036] ◆Use the digital certificate of the individual developer or service provider to authenticate the individual developer

[0037] or service provider's private key to sign the third-party application to ensure the traceability of the third-party application;

[0038] ◆ Verify that the t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a third party application centralized safety management method and a system and a communication system comprising more than one authorization server, more than one asset server, a user agent, a third party application and a centralized safety management system, wherein the third party application centralized safety management system is responsible for confirming safety of the third party application, conducting digital signature to the third party application, sending authentication credentials capable of enabling the centralized safety management system to confirm the third party application. The method includes: the third party application sends identity, authentication credentials and access permission to the centralized safety management system in a distinguishable method; after successful confirmation, the centralized safety management system sends the identity, the authentication credentials and the access permission to the authorization server; if the access permission is valid, the authorization server sends access token for accessing to a protected resource to the third party application through the centralized safety management system.

Description

technical field [0001] The present invention relates to the communication field, and in particular, relates to a technology for centralized security management of third-party applications / clients that want to access user's protected resources. Background technique [0002] At present, the integration between Internet services has become an inevitable trend. In order to provide better services to their users, many service providers allow third-party applications / clients to provide users with more applications by calling an "open network API (Application Programming Interface)". The core issue of an open platform is user authentication, authorization, and third-party applications / clients safely using open network API interfaces. For users, it is generally not expected that a third party will directly use their user name and password to access the user's protected network resources, unless the two parties have a strong trust relationship. The OAuth (Open Authorization) protoc...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L9/32
CPCH04L63/0823H04L9/32H04L63/0807H04L9/3213H04L63/083H04L12/24H04L63/00H04L63/0892
Inventor 胡志远骆志刚万永根
Owner ALCATEL LUCENT SHANGHAI BELL CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap