Unlock instant, AI-driven research and patent intelligence for your innovation.

Data access method, server and terminal

A server-side, data access technology, applied in the network field, can solve problems such as loss of legitimate users of APIKEY, and achieve the effect of ensuring security

Active Publication Date: 2016-01-13
ALIBABA GRP HLDG LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, if the fixed APIKEY is maliciously acquired by an unauthorized user during the application of the API, especially in the environment of using a mobile terminal for wireless communication, the malicious acquirer can illegally use the APIKEY countless times to use the API to conduct illegal activities, resulting in the loss of legitimate users of APIKEY

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Data access method, server and terminal
  • Data access method, server and terminal
  • Data access method, server and terminal

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0026] refer to figure 1 , shows a flowchart of steps of a data access method according to Embodiment 1 of the present application.

[0027] The data access method of the present embodiment includes the following steps:

[0028] Step S102: During a process in which the terminal requests to use the API of the server through the client program, the server receives the request for using the API sent by the terminal.

[0029] Wherein, the request includes an APIKEY (application programming interface signature), and the APIKEY is generated by the terminal according to the dynamic key sent by the server and the public key stored by the terminal. The public key saved by the terminal is obtained through non-communication and encrypted storage, which has strong confidentiality. Even if it is illegally intercepted in the middle, it is difficult to decrypt and obtain.

[0030] The access to the server-side API needs to be carried out through the client program. In this application, the...

Embodiment 2

[0036] refer to figure 2 , shows a schematic diagram of a data access method according to Embodiment 2 of the present application.

[0037] The data access method of the present embodiment includes the following steps:

[0038] Step S202: the client requests the server to use the API.

[0039] Wherein, the client stores a public key (public key) consistent with that of the server. The public keys stored on the client and the server are obtained through non-communication methods, such as through manual input. The client requests the server to use the API through a non-browser client program.

[0040] Preferably, the client in this embodiment is a mobile terminal. But not limited thereto, any client in a general sense, such as a personal computer terminal, can be used to implement this embodiment.

[0041] Step S204: the client generates an APIKEY according to the public key, the dynamic key and / or other request parameters, and requests the server to use the API.

[0042]...

Embodiment 3

[0053] refer to image 3 , shows a flowchart of steps of a data access method according to Embodiment 3 of the present application.

[0054] The data access method of the present embodiment includes the following steps:

[0055] Step S302: the client stores the same key (public key) as the server and the client; the server stores the same key (public key) as the server and the client.

[0056] Wherein, both the public key stored on the client side and the public key stored on the server side are obtained through non-communication methods. In this embodiment, the client is a mobile terminal.

[0057] Step S304: the client requests the server for pages not related to security, and the server saves and returns the client ID (such as sessionid) and the dynamic key.

[0058] In this embodiment, the client requests and accesses the server through a non-browser client program.

[0059] Through the client identification, the server can quickly verify the client's request according...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a data access method, a server and a terminal, wherein the data access method includes that the server receives an application program interface (API) using request sent by the terminal in the process that a primary terminal requires the API of a server-side to be used through client-side programs, wherein the request comprises an APIKEY which is generated by the terminal according to a dynamic secret key sent by the server-side and a public key stored by the terminal, and the client-side programs comprise application programs, except a browser, used for requiring the API of the server-side; based on the request, the server-side determines that the APIKEY sent by the terminal is in accordance with an APIKEY of the server-side; and the server-side allows the terminal to use the API, and generates a novel dynamic secret key to be sent to the terminal for the use in a next request. Through the data access method, the server and the terminal, the safety of the API use by APIKEY legal users is effectively guaranteed.

Description

technical field [0001] The present application relates to the field of network technology, in particular to a data access method, server and terminal. Background technique [0002] With the rapid development of the Internet and e-commerce, more and more service platforms emerge as the times require. In order to provide users with more and better services, these service platforms often need to access third-party applications. In this case, while users use the diversified services provided by these platforms, the security of using these applications and services is constantly challenged. [0003] The communication security between the third-party application and the service platform API (Application Programming Interface, Application Programming Interface) server is the main aspect of the security of the application and service provided by the platform for the user to use. To ensure this security, requests from third-party applications are usually encrypted when they are made...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L9/32
Inventor 阳鹤翔
Owner ALIBABA GRP HLDG LTD