Method, device and system for carrying out service access control on third-party application

A technology of service access and corresponding relationship, applied in the field of service access control for third-party applications, can solve problems such as property security threats, and achieve the effects of improving security, ensuring security, and increasing difficulty

Active Publication Date: 2015-01-14
ALIBABA GRP HLDG LTD
View PDF7 Cites 31 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For example, after a third-party application steals information such as the protocol and its parameters used in the interaction process in some way, it can forge an a

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and system for carrying out service access control on third-party application
  • Method, device and system for carrying out service access control on third-party application
  • Method, device and system for carrying out service access control on third-party application

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0052] Example one

[0053] In the first embodiment, the technical solution of the present application is introduced from the perspective of the first server, that is, in the method involved, the execution subject of each step is the first server, and the first server is still in the form of a JS component Expose some features to third-party applications. See figure 1 , The method can include the following steps:

[0054] S101: After receiving the service access request, determine whether the sender of the service access request is the preset JS software development kit JSSDK; wherein, the JSSDK is provided by the first server and is added by the third-party application. The component code automatically downloads the JSSDK to the local third-party application;

[0055] The first thing to note is that if a third-party application adds a JS component exposed by the first server, the corresponding interface can be displayed on the webpage of the third-party application. For example, a...

Example Embodiment

[0080] Example two

[0081] The first embodiment above introduced the technical solutions provided by the embodiments of the present application from the perspective of the first server. In the second embodiment, the technical solutions provided by the embodiments of the present application were introduced from the perspective of the proxy server. See figure 2 , The method of service access control to third-party applications from the perspective of the proxy server may include the following steps:

[0082] S201: Receive a service access request sent by the first server; the service access request is a service access request sent by a third-party application to the first server through the JSSDK; wherein, the JSSDK is provided by the first server and in the third-party application The added JS component code automatically downloads the JSSDK to the local third-party application;

[0083] S202: Perform security verification on the service access request according to the information ...

Example Embodiment

[0088] Example three

[0089] The third embodiment introduces the technical solutions provided by the embodiments of the present application from the perspective of JSSDK. Among them, the JS component corresponding to the specific function in the first server is added to the third-party application, and the code of the JS component automatically downloads the JSSDK provided by the first server to the local third-party application, see image 3 , The method of service access control to third-party applications from the perspective of JSSDK may include the following steps:

[0090] S301: Monitoring operation instructions related to the specific function issued by the user;

[0091] S302: After receiving the operation instruction, generate a service access request;

[0092] When specifically generating a service access request, it can be to determine the API that needs to be called, and assemble the API parameters to generate a request for calling the API. Among them, when assembling AP...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses a method, device and system for carrying out service access control on a third-party application. The method includes the steps of judging whether a transmitting party of a service access request is a preset JS software developing tool pack JSSDK after receiving the service access request, if the answer is positive, sending the service access request to a preset proxy server so that the proxy server can carry out safety verification on the service access request according to information carried in the service access request, if the service access request passes the verification, transmitting the service access request to a first server again, judging whether the transmitting party of the service access request is the proxy server after receiving the service access request again, and if the answer is positive, feeding back response information according to a designated backhaul address in the service access request. By means of the method, device and system for carrying out service access control on the third-party application, the difficult of faking the service access request can be increased and safety is improved.

Description

technical field [0001] The present application relates to the technical field of service access control in the first server, in particular to a method, device and system for service access control of third-party applications. Background technique [0002] In the Internet age, encapsulating website services into a series of data interfaces that are easily recognizable by computers, and then opening them up for use by third-party developers, this behavior is called open API (Application Programming Interface, application programming interface), providing open API The platform itself is called an open platform. Through an open platform, websites can not only provide simple access to web pages, but also perform complex data interactions, transforming their web sites into development platforms equivalent to operating systems. Third-party developers can develop rich and colorful applications based on these existing and public Web sites. [0003] For example, for an e-commerce tr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/10
Inventor 阳际荣庄娇艳崔婧
Owner ALIBABA GRP HLDG LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap