Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and storage medium for token interface downgrade

A token and interface technology, applied in the field of security verification, can solve problems such as security risks, algorithm leaks, security risks, etc., and achieve the effect of ensuring normal use, realizing functionality and security

Active Publication Date: 2022-06-07
FUJIAN TIANQUAN EDUCATION TECH LTD
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, since there is no verification in the downgrade process, there are serious hidden dangers in security
Another way to downgrade is to verify locally after each caller’s authentication interface fails, but the local needs to know the token parsing algorithm; if the caller implements local verification, the algorithm will be leaked and cause greater damage. Security risks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and storage medium for token interface downgrade
  • Method and storage medium for token interface downgrade
  • Method and storage medium for token interface downgrade

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0064] Please refer to figure 2 , this embodiment provides a token interface downgrade method, which supports the caller to configure the required token verification method independently and flexibly, so as to be better applicable to the remote token verification interface due to network jitter or failure to respond and other remote verification methods In the case of failure, to ensure that token verification can still be performed safely, and to solve the problem that the existing token verification service cannot be provided normally, which affects business processing or directly skips the verification step and brings security risks.

[0065] The method of this embodiment may include:

[0066] 1. Pre-deployment

[0067] Suppose the generation rule of the token string (token) is:

[0068] {token version number}_{Token type}_{account type}_{account ID}_{expiration time}_{issuance area}_{5-digit random number}, this is the original plaintext string of token; put this charac...

Embodiment 2

[0101] This embodiment corresponds to Embodiment 1, and provides a specific application scenario, including:

[0102] 1. Suppose the generation rule of the token string is: {token version number}_{Token type}_{account type}_{account ID}_{expiration time}_{issuance area}_{5-digit random number}, this is The original plaintext string of the token, after encrypting the string with a fixed encryption key by des encryption, the result obtained is the final token string (ciphertext). The algorithm for parsing the token string (ciphertext) uses the des decryption method, and also uses the same key to parse the token string, and then obtains the plaintext of the token string.

[0103] 2. There is a UC system, which is what we call the account center system. For the function of the system, an sdk tool will be provided, that is, a code tool usually provided in the java language, which can package the java language into an sdk tool for other java. Systematic use of language. The sdk to...

Embodiment 3

[0123] This embodiment corresponds to Embodiment 1 or Embodiment 2, and provides a computer-readable storage medium on which a computer program is stored. When the program is executed by a processor, the program can implement the above-mentioned Embodiment 1 or Embodiment 2. The steps involved in a method of token interface downgrade. The specific steps will not be repeated here. For details, please refer to the descriptions of Embodiment 1 and Embodiment 2.

[0124] To sum up, the method and storage medium for degrading the token interface provided by the present invention realize the automatic reduction and upgrade of the verification mode, can adapt to the current scene, and ensure the safe and normal provision of the verification service; Realize automatic switching of verification methods to improve efficiency. Further, the local verification method is improved, which significantly improves the security of the algorithm; furthermore, three token interface calling methods...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention provides a token interface downgrade method and storage medium. The method includes: S1: acquiring and parsing the token verification algorithm; S2: packaging the parsed token verification algorithm into a token algorithm parsing package and storing it locally Dynamic link library; S3: When the number of times that the remote call token verification interface fails reaches the preset number of times, start the local verification strategy; the execution of the local verification strategy includes: calling the token algorithm parsing package in the local dynamic link library Perform token verification; S4: restart the remote verification strategy when the execution time of the local verification strategy exceeds the preset duration. The present invention can realize the automatic reduction and upgrade of the verification mode without restarting, can adapt to the current scene, ensures that the verification service is provided safely and normally, and is efficient; it can improve the security of the local verification mode; at the same time, it provides three kinds of token interface calls The method can be flexibly configured and switched by the user to ensure that the business provides services.

Description

technical field [0001] The invention relates to the field of security verification, in particular to a method and a storage medium for degrading a token interface. Background technique [0002] The single sign-on and third-party login functions provided by most websites follow the OAuth2.0 protocol. Although the details of most websites are inconsistent and even extended based on the OAuth2.0 protocol, the basic process is certain, and the process is roughly as follows: [0003] 1. The third-party application requests authorization from the authentication server; [0004] 2. The user informs the authentication server to agree to the authorization (usually by scanning the code or entering the user name and password); [0005] 3. The authentication server informs the third-party application of the authorization code (code); [0006] 4. The third-party application uses the authorization code (code) to apply for the Access Token from the authentication server; [0007] 5. Th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L9/32
CPCH04L63/0807H04L9/3213
Inventor 刘德建林伟郭玉湖陈宏
Owner FUJIAN TIANQUAN EDUCATION TECH LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com