Service-orientated interface authentication method based on authorization certificate of operating system

A technology of authorization certificate and operating system, which is applied in the field of interface authentication, can solve the problems of OAuth2.0 interface authentication framework that cannot authorize certificate docking and cannot work normally, and achieve the effect of protecting commercial value, reducing research and development costs, and improving stability

Active Publication Date: 2016-12-07
CHINA STANDARD SOFTWARE
6 Cites 5 Cited by

AI-Extracted Technical Summary

Problems solved by technology

In many customer scenarios, the open platform is deployed and run inside the local area network of the customer cluster environment, which is different from the Internet-oriented application mode of OAuth2.0 in the current market, so OAuth2.0 is not suitable for this scenario;
[0013] The λOAuth2.0 interface authentication framework uses a centralized authentication center, and the authentication data source is s...
View more

Method used

In summary, the service-oriented interface authentication method based on the operating system authorization certificate of the present invention uses the operating system authorization certificate as the authentication data source and is applied to the service-oriented interface authentication, so that the operating system authorization certificate verifies on the one hand Whether this operating system has been commercially authorized, on the other hand, it...
View more

Abstract

The invention provides a service-orientated interface authentication method based on an authorization certificate of an operating system. The authorization certificate of the operating system is used as an unique authentication data source for authorization authentication of an interface of an application platform, namely on the one hand, the authorization certificate of the operating system is used for verifying whether the operating system is authorized, and on the other hand, the authorization certificate of the operating system is used as the authentication data source for the application platform to authenticate a third-party application. During starting and running processes of the application platform, while the authorization certificate of the current operating system is valid is detected continuously, the application platform requests the third-party application to introduce user authentication information when receiving an interface call request of the third-party application, the application platform uses the authorization certificate of the operating system to verify whether the user authentication information is valid, and verify whether the third-party application is authorized. According to the method of the invention, the operating system (OS) where an interface provider is located can be authenticated while ensuring authentication of an interface calling party.

Application Domain

Digital data protectionTransmission

Technology Topic

User authenticationAuthorization +8

Image

  • Service-orientated interface authentication method based on authorization certificate of operating system
  • Service-orientated interface authentication method based on authorization certificate of operating system
  • Service-orientated interface authentication method based on authorization certificate of operating system

Examples

  • Experimental program(1)

Example Embodiment

[0036] In order to better explain the present invention and facilitate understanding, the present invention will be further described below through specific embodiments with reference to the accompanying drawings.
[0037] See Figure 1 to Figure 4 , The service-oriented interface authentication method based on operating system authorization certificate in an embodiment of the present invention mainly includes the following steps:
[0038] The first step is to assign a unique ID to the caller of the third-party application to identify the user, and assign a unique secret_key, which represents the secret key of the ID user. At the same time, the ID and secret_key, as well as the MAC address of the network card of the computer where the third-party application caller wants to deploy the operating system, and the effective start and expiration time of the authorization are used as input data, and the authorization certificate generation tool is used to generate the authorization certificate. For details, see figure 1.
[0039] The second step is to install the open platform in the operating system and start the open platform. The open platform first starts the operating system authorization certificate detection thread when it is started, and cyclically calls the authorization certificate function library to check whether the authorization certificate of the current operating system is valid; when it is invalid, the open platform considers the current operating system authorization certificate to be invalid, and then exits. See the process figure 2.
[0040] In the third step, the caller of the third-party application program generates a six-digit random integer random and the current time time before accessing the interface of the open platform, and then sorts the values ​​of the three parameters ID, random, and time and secret_key in natural order. Then concatenate into a string tmp_str, then use SHA-1 algorithm to digest tmp_str to get encypted_str, and then pass random, time, ID and encypted_str as parameters to the open platform at the same time when accessing the interface. The purpose of this step is to ensure that third-party applications must ensure that authentication information is submitted when accessing the open platform. Any interface access request that does not submit authentication information is directly rejected by the open platform.
[0041] In the fourth step, after the open platform receives the interface call request of the third-party application, it first judges whether the four parameters random, time, encypted_str and ID are included in the request. If not, it will directly reject the request and return an error; if it contains , Then continue to call the authentication function in the function library of the authorization certificate, and pass these four parameters to the authentication function. The authentication function returns whether the authentication is successful or not. See the procedure image 3. The authentication process of the authentication function is as follows Figure 4 As shown (similar to the algorithm that the third-party application caller generates encypted_str when accessing the interface in the third step).
[0042] See Figure 5 The invention also provides an example of a system applying the method of the invention.
[0043] The operating system refers to the current mainstream Linux-based domestic operating system on the market-the winning Kylin server operating system;
[0044] The authorization certificate (ie authorization file): refers to the file used for user authorization on the winning Kylin server operating system;
[0045] The authorization certificate generation tool (ie, the tool used to generate the authorization certificate): refers to the tool used to generate the authorization certificate of the winning Kylin server operating system;
[0046] The open platform: refers to the commercially available Kylin integrated management platform v2.0 (Systemcenter2.0).
[0047] It can be implemented as follows:
[0048] 1) Use authorized certificate generation tool to generate authorization certificate
[0049] The ID is randomly assigned to the caller of the third-party application: app_user_id1, the secret_key is assigned: 205811dc810811e4a14a6c40089a2212, the MAC address of the computer deployed by the third-party is: 6C:40:08:9A:22:12, and the authorization start time is 2014-10 -1000:00:00, the deadline for authorization is 2015-10-1000:00:00, write these data into the interface of the authorization certificate generation tool to generate the authorization certificate of the operating system.
[0050] 2) Install the operating system and import the authorization certificate
[0051] Install the operating system, and then import the authorization certificate into the operating system. The hardware platform and operating system are shown in the following table:
[0052] Table 1 Statistics of software and hardware requirements for operating system deployment
[0053] Hardware environment
[0054] 3) Install the open platform
[0055] Use Systemcenter2.0 as an example of the open platform, and install the open platform in the operating system.
[0056] 4) Set ID and secret_key for third-party applications
[0057] Use the ID and secret_key assigned to the third-party application caller in step 1) to set the ID and secret_key used by the third-party application to submit the corresponding authentication data when calling the open platform interface.
[0058] In summary, the operating system authorization certificate-based service-oriented interface authentication method of the present invention uses the operating system authorization certificate as the authentication data source and is applied to the service-oriented interface authentication, so that the operating system authorization certificate verifies the operating system on the one hand Whether it has been commercially authorized, on the other hand, it can also be used as an authentication data source for the open platform to authenticate third-party applications, realizing a distributed service-oriented interface authentication scheme. It prevents unauthorized unauthorized operating systems from using the interface provider, prevents unauthorized third-party applications from accessing the open platform interface, and prevents the open platform from running on the unauthorized operating system.

PUM

no PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.

Similar technology patents

Method and system for unifying airport data interfaces, electronic equipment and storage medium

PendingCN113010915ASimplify the data interaction processReduce R&D costs
Owner:广州民航信息技术有限公司

Automatic testing method and system based on low codes

PendingCN114461514AImprove writing efficiencyReduce R&D costs
Owner:WUHAN KOTEI INFORMATICS

Classification and recommendation of technical efficacy words

Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products