Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Security authentication method, security authentication device and security authentication system for API calling

An API call and security authentication technology, applied in the field of secure API calls, can solve problems affecting user calls, instability, and user center instability, and achieve the effects of accelerating login verification, reducing latency, and improving system performance and stability

Inactive Publication Date: 2017-01-04
ALIBABA GRP HLDG LTD
View PDF4 Cites 41 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Due to the current authentication method for API-type products, each authentication needs to call the user center for authentication, so when unexpected factors such as network call jitter occur, it is very likely to cause intermittent instability in the server calling the user center, which will eventually affect To the user call unstable
For end-consumer products, because they rely on cookies to store Session IDs, there are security holes for forgery attacks, and when malicious users sniff network protocol packets and crack HTTP-related cookie or Session ID values, they can Can pretend to be a legitimate user to interact with the server

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security authentication method, security authentication device and security authentication system for API calling
  • Security authentication method, security authentication device and security authentication system for API calling
  • Security authentication method, security authentication device and security authentication system for API calling

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036]Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with this application. Rather, they are merely examples of apparatuses and methods consistent with aspects of the present application as recited in the appended claims.

[0037] The terminology used in this application is for the purpose of describing particular embodiments only, and is not intended to limit the application. As used in this application and the appended claims, the singular forms "a", "the", and "the" are intended to include the plural forms as well, unless the context clearly dictates otherwise. It should also be understood that the term ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a security authentication method, a security authentication device and a security authentication system for API calling. The method running on a server comprises the steps of after receiving an API request from a client, checking whether a token is valid or not if the API request carries the token; on the condition that the API request does not carry the token or the token is invalid, submitting the authentication information in the API request to a user center for identity verification; after the identity verification is passed at the user center, calculating to obtain a new token and sending the new token to the client; wherein the obtained new token is an encrypted random number obtained according to a pre-agreed parameter through an irreversible algorithm. According to the invention, on the premise that the security is ensured, the authentication efficiency of the client can be reduced. Meanwhile, the performance loss of the load server at the user center can be reduced.

Description

technical field [0001] The present application relates to technologies for safely calling APIs, in particular to a method, device, and system for safety authentication of API calls. Background technique [0002] At present, Internet software products are mainly divided into two categories in terms of product audiences, including mass Internet products for end consumers, such as Sina Weibo Web and Zhihu Web. The characteristic of this type of product is that the object of use of this type of product is human beings, and most of the media content provided is unstructured text (such as novels, blogs), pictures, audio and video, etc. Another type of product is aimed at computers, that is, the main form of service is an API (Application Programming Interface, Application Programming Interface) that provides a programming interface, which is convenient for programmers to use the API for secondary development. The characteristic of this type of product is that the service object i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/0428H04L63/08H04L9/40
Inventor 陈守元邓小勇罗海伟
Owner ALIBABA GRP HLDG LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products