Movatterモバイル変換

[0]ホーム
URL:

CN106470190A - A kind of Web real-time communication platform authentication cut-in method and device - Google Patents

A kind of Web real-time communication platform authentication cut-in method and deviceDownload PDF

Info

Publication number
CN106470190A
CN106470190ACN201510510506.1ACN201510510506ACN106470190ACN 106470190 ACN106470190 ACN 106470190ACN 201510510506 ACN201510510506 ACN 201510510506ACN 106470190 ACN106470190 ACN 106470190A
Authority
CN
China
Prior art keywords
time communication
web real
access token
application
power
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201510510506.1A
Other languages
Chinese (zh)
Inventor
董振江
李从兵
双锴
郭逊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE CorpfiledCriticalZTE Corp
Priority to CN201510510506.1ApriorityCriticalpatent/CN106470190A/en
Priority to PCT/CN2016/095951prioritypatent/WO2017028804A1/en
Publication of CN106470190ApublicationCriticalpatent/CN106470190A/en
Withdrawnlegal-statusCriticalCurrent

Links

Classifications

Landscapes

Abstract

The present invention provides a kind of Web real-time communication platform authentication cut-in method and device, and wherein method includes:Receive the logging request carrying checking information that the application of Web real-time Communication for Power sends, the logging request that the application of Web real-time Communication for Power is sent is verified, and return the login authentication success message during success of checking information login authentication;Authentication verification is carried out to the checking information after login authentication success, after authentication verification success, apply to Web real-time Communication for Power and send effective access token and unique identity, make the application of Web real-time Communication for Power direct the user to Web real-time Communication for Power application homepage according to the unique identity receiving, and the connection with Web real-time communication server WS is set up according to effective access token.The embodiment of the present invention can strengthen the user account safety of Web real-time communication service platform, and the user for Web real-time communication service and Web real-time communication service platform provide security guarantee.

Description

Translated fromChinese
一种Web实时通信平台鉴权接入方法及装置A Web real-time communication platform authentication access method and device

技术领域technical field

本发明涉及通信技术领域,尤其涉及一种Web实时通信平台鉴权接入方法及装置。The invention relates to the field of communication technology, in particular to a method and device for authenticating access to a Web real-time communication platform.

背景技术Background technique

WebRTC(Web Real-Time Communication,Web实时通信)是一项支持浏览器进行实时音视频通话和数据共享的技术。WebRTC应用可以在无需插件的情况下直接通过浏览器进行实时通话和文件传送。在具体的业务实施上,通信方使用独立于IP的账号来使用WebRTC服务。虽然业界WebRTC服务平台都会有负责登录鉴权的网元实体,但提供的功能比较简单,只包括基本的登录验证功能,这种做法导致的不良后果是用户帐户管理的安全性较差,进而存在引发平台服务安全性的风险。此外,业务面向的只有自身的用户,无法拓展业务的使用范畴。WebRTC (Web Real-Time Communication, Web real-time communication) is a technology that supports browsers for real-time audio and video calls and data sharing. WebRTC applications can conduct real-time calls and file transfers directly through the browser without plug-ins. In terms of specific business implementation, the communication party uses an account independent of IP to use WebRTC services. Although all WebRTC service platforms in the industry will have network element entities responsible for login authentication, the functions provided are relatively simple, including only basic login verification functions. Initiate the risk of platform service security. In addition, the business is only oriented to its own users, and it is impossible to expand the scope of use of the business.

业界拓展业务使用范畴的一种较为普遍的做法是使用Oauth开放授权标准。其中比较有代表性的包括新浪微博开放平台、Facebook开放平台等。值得注意的是,这些开放平台在基于Oauth进行认证授权的过程当中,普遍存在的问题是开放平台的合法用户才能接入并使用平台提供的服务,其他第三方接入平台的用户不具备使用开放平台服务的能力。在这种模式下,基于开放平台开放的服务能力开发的第三方平台的应用的使用范畴也被限制在固定的用户范围,即这些用户既是第三方接入平台的用户,又是开放平台的用户。简言之,这种做法所拓展的是服务的使用范围,而不是用户范围。A relatively common practice in the industry to expand the scope of business use is to use the Oauth open authorization standard. The more representative ones include Sina Weibo open platform, Facebook open platform and so on. It is worth noting that in the process of authentication and authorization of these open platforms based on Oauth, the common problem is that only legitimate users of the open platform can access and use the services provided by the platform, and users of other third-party access platforms do not have the ability to use the open platform. platform service capabilities. In this mode, the scope of use of third-party platform applications developed based on the open service capabilities of the open platform is also limited to a fixed range of users, that is, these users are both users of the third-party access platform and users of the open platform . In short, this approach expands the scope of use of the service, not the scope of users.

发明内容Contents of the invention

本发明的目的在于提供一种Web实时通信平台鉴权接入方法及装置,可以增强WebRTC服务平台的用户帐户安全性,并有效拓展WebRTC服务平台的用户范畴。The purpose of the present invention is to provide a Web real-time communication platform authentication access method and device, which can enhance the user account security of the WebRTC service platform and effectively expand the user category of the WebRTC service platform.

本发明实施例提供一种Web实时通信平台鉴权接入方法,应用于Web实时通信登录鉴权网元实体WAS,所述方法包括:An embodiment of the present invention provides an authentication access method for a Web real-time communication platform, which is applied to a Web real-time communication login authentication network element entity WAS, and the method includes:

接收Web实时通信应用发送的携带验证信息的登录请求,对所述Web实时通信应用发送的所述登录请求进行验证,并返回所述验证信息登录验证成功时的登录验证成功消息;Receive a login request carrying verification information sent by the Web real-time communication application, verify the login request sent by the Web real-time communication application, and return a login verification success message when the verification information login verification is successful;

对登录验证成功后的验证信息进行鉴权验证,在鉴权验证成功后,向所述Web实时通信应用发送有效访问令牌和唯一身份标识,使得所述Web实时通信应用根据接收到的唯一身份标识将用户定向到Web实时通信应用主页,并根据有效访问令牌建立与Web实时通信服务器WS的连接。Perform authentication verification on the verification information after the login verification is successful, and send a valid access token and unique identity to the Web real-time communication application after the authentication verification is successful, so that the Web real-time communication application The identification directs the user to the homepage of the Web real-time communication application, and establishes a connection with the Web real-time communication server WS according to a valid access token.

其中,所述对所述Web实时通信应用发送的所述登录请求进行验证,并返回所述验证信息登录验证成功时的登录验证成功消息,包括:Wherein, the verification of the login request sent by the Web real-time communication application, and returning a successful login verification message when the verification information login verification is successful, includes:

接收所述Web实时通信应用发送的携带验证信息的登录请求,根据所述登录请求生成一个随机数RandomNumer,存入会话并与登录页面一起返回给所述Web实时通信应用;Receive the login request carrying verification information sent by the Web real-time communication application, generate a random number RandomNumer according to the login request, store it in the session and return it to the Web real-time communication application together with the login page;

接收所述Web实时通信应用发送的对所述验证信息进行加密后生成的第一加密结果Hashone、用户名username以及RandomNumber;receiving the first encryption result Hasone, username and RandomNumber generated after encrypting the verification information sent by the Web real-time communication application;

在数据库中对所述username进行验证,并对接收到所述Hashone和所述RandomNumber进行加密运算得到第二加密结果Hashtwo;Verifying the username in the database, and performing an encryption operation on the received Hashone and the RandomNumber to obtain a second encryption result Hashtwo;

根据所述username在数据库中查找到对应的密码Password_Hash,对所述Password_Hash和存入会话的所述RandomNumber进行加密计算得到第三加密结果Hashthree;Find the corresponding password Password_Hash in the database according to the username, and encrypt and calculate the Password_Hash and the RandomNumber stored in the session to obtain the third encryption result Hashthree;

判断所述Hashthree和所述Hashtwo是否一致,当两者一致则说明登录验证成功,向所述Web实时通信应用返回登录验证成功消息。Judging whether the Hashthree is consistent with the Hashtwo, if the two are consistent, it means that the login verification is successful, and returns a login verification success message to the Web real-time communication application.

其中,所述对登录验证成功后的验证信息进行鉴权验证,在鉴权验证成功后,向所述Web实时通信应用发送有效访问令牌和唯一身份标识,包括:Wherein, the authentication verification is performed on the verification information after the login verification is successful, and after the authentication verification is successful, a valid access token and a unique identity are sent to the Web real-time communication application, including:

对所述验证信息进行鉴权验证,生成有效客户端代码Codeclient并返回至所述Web实时通信应用,由所述Web实时通信应用将接收到的有效Codeclient写入自身会话中;Perform authentication verification on the verification information, generate a valid client code Codeclient and return to the Web real-time communication application, and write the received valid Codeclient into its own session by the Web real-time communication application;

接收所述Web实时通信应用发送的携带有效Codeclient的信息授权超文本传输协议HTTP请求,对有效Codeclient进行验证,验证通过后向所述Web实时通信应用发送有效访问令牌,由所述Web实时通信应用将接收到的有效访问令牌写入自身会话中;Receive the information authorization hypertext transfer protocol HTTP request carrying the valid Codeclient sent by the Web real-time communication application, verify the valid Codeclient, and send a valid access token to the Web real-time communication application after the verification is passed, and the Web real-time communication The application writes the received valid access token into its own session;

接收所述Web实时通信应用发送的携带有效访问令牌的信息授权HTTP请求,对有效访问令牌进行验证,验证通过后向所述Web实时通信应用WA发送唯一身份标识。Receive an information authorization HTTP request carrying a valid access token sent by the real-time Web communication application, verify the valid access token, and send a unique identity to the real-time Web communication application WA after the verification is passed.

其中,当所述Web实时通信应用为当前平台Web实时通信应用WA时,所述对所述验证信息进行鉴权验证,生成有效客户端代码Codeclient并返回至所述Web实时通信应用,具体为:Wherein, when the Web real-time communication application is the current platform Web real-time communication application WA, the authentication verification is performed on the verification information, a valid client code Codeclient is generated and returned to the Web real-time communication application, specifically:

对所述验证信息进行鉴权验证,生成代码Code和有效Codeclient,并将生成的Code进行存储,将生成的有效Codeclient发送至所述WA,其中所述验证信息包括第一用户名Username1和第一密码Password1。Perform authentication verification on the verification information, generate a code Code and a valid Codeclient, store the generated Code, and send the generated valid Codeclient to the WA, wherein the verification information includes the first username Username1 and the first Password Password1.

其中,在接收所述WA发送的携带验证信息的登录请求之前,所述方法还包括:Wherein, before receiving the login request carrying verification information sent by the WA, the method further includes:

接收所述WA发送携带自身会话中的第一访问令牌的验证处理HTTP请求,对第一访问令牌进行验证;receiving the verification process HTTP request sent by the WA that carries the first access token in its own session, and verifying the first access token;

向所述WA发送第一访问令牌无效的消息,接收所述WA发送的携带自身会话中第一Codeclient的鉴权处理HTTP请求,对第一Codeclient进行验证,在验证失败后检查自身会话中的Code值是否过期;Send a message that the first access token is invalid to the WA, receive the authentication processing HTTP request that carries the first Codeclient in its own session sent by the WA, verify the first Codeclient, and check the code client in its own session after the verification fails. Whether the Code value has expired;

当自身会话中的Code值过期时,跳转到WAS登录界面。When the Code value in its own session expires, jump to the WAS login interface.

其中,当向所述WA发送第一访问令牌有效的消息时,所述方法包括:Wherein, when sending a message that the first access token is valid to the WA, the method includes:

向所述WA发送唯一身份标识,使得所述WA调用所述WS提供的各种服务。The unique identity is sent to the WA, so that the WA invokes various services provided by the WS.

其中,当自身会话中的Code值没有过期时,所述方法包括:Wherein, when the Code value in the own session has not expired, the method includes:

直接向所述WA返回与所述WA对应的有效Codeclient。Directly return a valid Codeclient corresponding to the WA to the WA.

其中,当所述Web实时通信应用为第三方业务平台的Web实时通信应用TPWA时,接收所述TPWA发送的携带验证信息的登录请求之前,所述方法还包括:Wherein, when the Web real-time communication application is a Web real-time communication application TPWA of a third-party service platform, before receiving the login request carrying verification information sent by the TPWA, the method further includes:

接收所述TPWA发送的申请接入请求,对所述申请接入请求进行核准后,向所述TPWA返回第三方应用身份标识和第二密码,所述验证信息包括第三方应用身份标识和第二密码。receiving the application access request sent by the TPWA, and returning the third-party application identity and the second password to the TPWA after the application and access request is approved, and the verification information includes the third-party application identity and the second password; password.

其中,所述方法还包括:Wherein, the method also includes:

对第三方应用身份标识和第二密码验证成功后,生成有效Codeclient,对有效Codeclient进行验证,验证成功后,生成临时访问令牌返回至所述TPWA;对临时访问令牌验证通过后,生成临时用户名发送至所述TPWA,使得所述TPWA重定向到主页。After successfully verifying the third-party application identity and the second password, generate a valid Codeclient, and verify the valid Codeclient. After the verification is successful, generate a temporary access token and return it to the TPWA; after passing the verification of the temporary access token, generate a temporary A username is sent to the TPWA causing the TPWA to redirect to the home page.

本发明实施例还提供一种Web实时通信平台鉴权接入方法,应用于Web实时通信应用,所述方法包括:The embodiment of the present invention also provides an authentication access method for a Web real-time communication platform, which is applied to a Web real-time communication application, and the method includes:

向Web实时通信登录鉴权网元实体WAS发送携带验证信息的登录请求,使得所述WAS对所述Web实时通信应用发送的登录请求进行验证;Send a login request carrying verification information to the Web real-time communication login authentication network element entity WAS, so that the WAS verifies the login request sent by the Web real-time communication application;

接收所述WAS返回的登录验证成功消息;receiving the login verification success message returned by the WAS;

在所述WAS对登录验证成功后的验证信息进行鉴权验证成功后,接收所述WAS发送的有效访问令牌和唯一身份标识,根据接收到的唯一身份标识将用户定向到Web实时通信应用主页,并根据有效访问令牌建立与Web实时通信服务器WS的连接。After the WAS successfully authenticates the verification information after the login verification is successful, it receives the valid access token and the unique identity sent by the WAS, and directs the user to the Web real-time communication application homepage according to the received unique identity , and establish a connection with the Web real-time communication server WS according to a valid access token.

其中,所述向Web实时通信登录鉴权网元实体WAS发送携带验证信息的登录请求,使得所述WAS对所述Web实时通信应用发送的登录请求进行验证,包括:Wherein, the sending a login request carrying verification information to the Web real-time communication login authentication network element entity WAS, so that the WAS verifies the login request sent by the Web real-time communication application, includes:

向所述WAS发送携带验证信息的登录请求,并接收所述WAS返回的携带一随机数RandomNumber的登录页面;Send a login request carrying verification information to the WAS, and receive a login page carrying a random number RandomNumber returned by the WAS;

对所述验证信息进行加密生成第一加密结果Hashone,将所述Hashone、用户名username以及所述RandomNumber发送至所述WAS,使得所述WAS根据接收到的所述Hashone、所述Username和所述RandomNumber对所述Web实时通信应用发送的登录请求进行验证。Encrypt the verification information to generate a first encryption result Hashone, and send the Hashone, username username, and the RandomNumber to the WAS, so that the WAS RandomNumber verifies the login request sent by the Web real-time communication application.

其中,所述接收所述WAS发送的有效访问令牌和唯一身份标识的步骤,包括:Wherein, the step of receiving the valid access token and the unique identity sent by the WAS includes:

接收所述WAS根据所述验证信息鉴权验证中生成的有效客户端代码Codeclient,将接收到的有效Codeclient写入自身会话中;Receiving the valid client code Codeclient generated by the WAS according to the verification information authentication verification, and writing the received valid Codeclient into its own session;

向所述WAS发送携带有效Codeclient的信息授权HTTP请求,使得所述WAS对有效Codeclient进行验证,并接收所述WAS在有效Codeclient验证通过后发送的有效访问令牌,将接收到的有效访问令牌写入自身会话中;Send an information authorization HTTP request carrying a valid Codeclient to the WAS, so that the WAS can verify the valid Codeclient, and receive the valid access token sent by the WAS after the valid Codeclient is verified, and the received valid access token write into its own session;

向所述WAS发送携带有效访问令牌的信息授权HTTP请求,使得所述WAS对有效访问令牌进行验证,验证通过后接收所述WAS发送的唯一身份标识。Send an information authorization HTTP request carrying a valid access token to the WAS, so that the WAS can verify the valid access token, and receive the unique identity sent by the WAS after the verification is passed.

其中,当Web实时通信应用为当前平台Web实时通信应用WA时,所述向Web实时通信登录鉴权网元实体WAS发送携带验证信息的登录请求之前,所述方法还包括:Wherein, when the Web real-time communication application is the current platform Web real-time communication application WA, before sending the login request carrying verification information to the Web real-time communication login authentication network element entity WAS, the method further includes:

向所述WAS发送携带自身会话中的第一访问令牌的验证处理HTTP请求,由所述WAS对第一访问令牌进行验证;Send a verification processing HTTP request carrying the first access token in its own session to the WAS, and the WAS verifies the first access token;

接收所述WAS发送的第一访问令牌无效的消息,向所述WAS发送携带自身会话中第一Codeclient的鉴权处理HTTP请求,由所述WAS对第一Codeclient进行验证,并在验证失败后检查自身会话中的Code值是否过期,当所述WAS自身会话中的Code值过期时,跳转到WAS登录界面。Receive the message that the first access token sent by the WAS is invalid, send an authentication processing HTTP request carrying the first Codeclient in its own session to the WAS, and the WAS will verify the first Codeclient, and after the verification fails, Check whether the Code value in the self-session is expired, and jump to the WAS login interface when the Code value in the WAS self-session expires.

其中,当接收所述WAS发送的第一访问令牌有效的消息时,所述方法包括:Wherein, when receiving the message that the first access token sent by the WAS is valid, the method includes:

接收所述WAS发送唯一身份标识,调用所述WS提供的各种服务。Receive the unique identity sent by the WAS, and invoke various services provided by the WS.

其中,当所述WAS自身会话中的Code值没有过期时,所述方法还包括:Wherein, when the Code value in the session of the WAS itself has not expired, the method further includes:

接收所述WAS返回与所述WA对应的有效Codeclient。Receiving the WAS returns a valid Codeclient corresponding to the WA.

其中,当所述Web实时通信应用为第三方业务平台的Web实时通信应用TPWA时,向Web实时通信登录鉴权网元实体WAS发送携带验证信息的登录请求之前,所述方法还包括:Wherein, when the Web real-time communication application is a Web real-time communication application TPWA of a third-party service platform, before sending a login request carrying verification information to the Web real-time communication login authentication network element entity WAS, the method further includes:

向所述WAS发送申请接入请求,由所述WAS对所述申请接入请求进行核准;Sending an access application request to the WAS, and the WAS approves the access application request;

接收所述WAS发送的第三方应用身份标识和第二密码,所述验证信息包括第三方应用身份标识和第二密码;receiving the third-party application identity and the second password sent by the WAS, the verification information including the third-party application identity and the second password;

与第三方业务平台建立连接,完成在第三方业务平台的登录鉴权。Establish a connection with the third-party business platform and complete the login authentication on the third-party business platform.

其中,所述方法还包括:Wherein, the method also includes:

接收所述WAS生成的有效Codeclient,将接收到的有效Codeclient写入自身会话中;Receive the valid Codeclient generated by the WAS, and write the received valid Codeclient into its own session;

向所述WAS发送携带有效Codeclient的信息授权HTTP请求,使得所述WAS对有效Codeclient进行验证,并接收所述WAS在有效Codeclient验证通过后发送的临时访问令牌,将接收到的临时访问令牌写入自身会话中;Send an information authorization HTTP request carrying a valid Codeclient to the WAS, so that the WAS can verify the valid Codeclient, and receive the temporary access token sent by the WAS after the valid Codeclient is verified, and the received temporary access token write into its own session;

向所述WAS发送携带临时访问令牌的信息授权HTTP请求,使得所述WAS对临时访问令牌进行验证,验证通过后接收所述WAS发送唯一身份标识。Send an information authorization HTTP request carrying a temporary access token to the WAS, so that the WAS can verify the temporary access token, and receive the unique identity sent by the WAS after the verification is passed.

本发明实施例还提供一种Web实时通信平台鉴权接入方法,应用于Web实时通信服务器WS,所述方法包括:The embodiment of the present invention also provides a Web real-time communication platform authentication access method, which is applied to the Web real-time communication server WS, and the method includes:

接收浏览器发送的携带有效访问令牌的WebSocket连接请求;Receive the WebSocket connection request sent by the browser with a valid access token;

提取有效访问令牌,向Web实时通信登录鉴权网元实体WAS发送携带有效访问令牌的验证处理HTTP请求,由所述WAS对有效访问令牌进行验证,返回验证通过信息;Extract a valid access token, send a verification processing HTTP request carrying a valid access token to the Web real-time communication login authentication network element entity WAS, and the WAS will verify the valid access token and return the verification pass information;

接收所述WAS返回的验证通过信息,向浏览器返回连接成功消息,完成与浏览器下的各个Web实时通信应用的连接。Receive the verification pass information returned by the WAS, return a connection success message to the browser, and complete the connection with each Web real-time communication application under the browser.

本发明实施例还提供一种Web实时通信平台鉴权接入装置,应用于Web实时通信登录鉴权网元实体WAS,所述装置包括:The embodiment of the present invention also provides a Web real-time communication platform authentication access device, which is applied to the Web real-time communication login authentication network element entity WAS, and the device includes:

接收验证模块,用于接收Web实时通信应用发送的携带验证信息的登录请求,对所述Web实时通信应用发送的所述登录请求进行验证,并返回所述验证信息登录验证成功时的登录验证成功消息;The receiving verification module is used to receive the login request carrying verification information sent by the Web real-time communication application, verify the login request sent by the Web real-time communication application, and return the verification information when the login verification is successful. information;

验证发送模块,用于对登录验证成功后的验证信息进行鉴权验证,在鉴权验证成功后,向所述Web实时通信应用发送有效访问令牌和唯一身份标识,使得所述Web实时通信应用根据接收到的唯一身份标识将用户定向到Web实时通信应用主页,并根据有效访问令牌建立与Web实时通信服务器WS的连接。The verification sending module is used to perform authentication verification on the verification information after the login verification is successful, and after the authentication verification is successful, send a valid access token and a unique identity to the Web real-time communication application, so that the Web real-time communication application According to the received unique identity, the user is directed to the home page of the real-time web communication application, and a connection with the real-time web communication server WS is established according to the valid access token.

本发明实施例还提供一种Web实时通信平台鉴权接入装置,应用于Web实时通信应用,所述装置包括:The embodiment of the present invention also provides an authentication access device for a Web real-time communication platform, which is applied to a Web real-time communication application, and the device includes:

第二发送模块,用于向Web实时通信登录鉴权网元实体WAS发送携带验证信息的登录请求,使得所述WAS对所述Web实时通信应用发送的登录请求进行验证;The second sending module is configured to send a login request carrying verification information to the Web real-time communication login authentication network element entity WAS, so that the WAS verifies the login request sent by the Web real-time communication application;

第二接收模块,用于接收所述WAS返回的登录验证成功消息;The second receiving module is configured to receive the login verification success message returned by the WAS;

第四处理模块,用于在所述WAS对登录验证成功后的验证信息进行鉴权验证成功后,接收所述WAS发送的有效访问令牌和唯一身份标识,根据接收到的唯一身份标识将用户定向到Web实时通信应用主页,并根据有效访问令牌建立与Web实时通信服务器WS的连接。The fourth processing module is used to receive the valid access token and the unique identity sent by the WAS after the WAS successfully authenticates the verification information after the login verification is successful, and send the user to the user according to the received unique identity Orient to the web real-time communication application home page, and establish a connection with the web real-time communication server WS according to the valid access token.

本发明实施例还提供一种Web实时通信平台鉴权接入装置,应用于Web实时通信服务器WS,所述装置包括:The embodiment of the present invention also provides a Web real-time communication platform authentication access device, which is applied to the Web real-time communication server WS, and the device includes:

第五接收模块,用于接收浏览器发送的携带有效访问令牌的WebSocket连接请求;The fifth receiving module is configured to receive a WebSocket connection request carrying a valid access token sent by the browser;

提取发送模块,用于提取有效访问令牌,向Web实时通信登录鉴权网元实体WAS发送携带有效访问令牌的验证处理HTTP请求,由所述WAS对有效访问令牌进行验证,返回验证通过信息;The extraction and sending module is used to extract a valid access token, and sends a verification processing HTTP request carrying a valid access token to the Web real-time communication login authentication network element entity WAS, and the WAS verifies the valid access token, and returns a verification pass information;

接收返回模块,用于接收所述WAS返回的验证通过信息,向浏览器返回连接成功消息,完成与浏览器下的各个Web实时通信应用的连接。The receiving and returning module is used to receive the verification passing information returned by the WAS, return a connection success message to the browser, and complete the connection with each Web real-time communication application under the browser.

本发明实施例上述技术方案至少包括如下技术效果:The foregoing technical solutions of the embodiments of the present invention at least include the following technical effects:

通过对验证信息进行登录鉴权验证成功后,使得WebRTC应用获得WAS颁发的有效访问令牌和唯一身份标识,进而可以使用WebRTC平台提供的各种即时通信服务,从而为WebRTC服务的用户和WebRTC服务平台提供安全性保障;且提供了WebRTC服务平台不同WebRTC应用之间的单点登录能力,以使得同一个用户在不同WebRTC应用之间切换时更加便捷;进一步地,为第三方业务平台的WebRTC应用提供Oauth2.0的接入能力,使得第三方业务平台上的WebRTC应用获取使用WebRTC平台提供的各种即时通信服务能力,进而极大地拓展WebRTC平台服务的用户范畴。After the successful login authentication verification of the verification information, the WebRTC application can obtain a valid access token and unique identity issued by WAS, and then can use various instant messaging services provided by the WebRTC platform, thereby providing WebRTC service users and WebRTC services The platform provides security guarantees; and provides single sign-on capabilities between different WebRTC applications on the WebRTC service platform, so that it is more convenient for the same user to switch between different WebRTC applications; Provide the access capability of Oauth2.0, so that the WebRTC application on the third-party business platform can obtain various instant messaging service capabilities provided by the WebRTC platform, thereby greatly expanding the user scope of the WebRTC platform service.

附图说明Description of drawings

图1为本发明实施例Web实时通信平台鉴权接入方法步骤流程示意图一;Fig. 1 is a schematic flow chart of steps of a Web real-time communication platform authentication access method in an embodiment of the present invention;

图2为本发明实施例WebRTC服务平台典型架构图;Fig. 2 is a typical architecture diagram of the WebRTC service platform of the embodiment of the present invention;

图3为本发明实施例Web实时通信平台鉴权接入方法步骤流程示意图二;FIG. 3 is a second schematic flow diagram of steps of a Web real-time communication platform authentication access method according to an embodiment of the present invention;

图4为本发明实施例Web实时通信平台鉴权接入方法步骤流程示意图三;FIG. 4 is a schematic diagram of steps of a method for authenticating and accessing a Web real-time communication platform according to an embodiment of the present invention;

图5为本发明实施例Web实时通信平台鉴权接入方法步骤流程示意图四;FIG. 5 is a schematic diagram of steps of a method for authenticating and accessing a Web real-time communication platform according to an embodiment of the present invention;

图6为本发明实施例接入不同WebRTC应用,支持单点登录的示意图;Fig. 6 is a schematic diagram of accessing different WebRTC applications and supporting single sign-on according to an embodiment of the present invention;

图7为本发明实施例Web实时通信平台鉴权接入方法步骤流程示意图五;FIG. 7 is a schematic diagram of steps of a method for authenticating and accessing a Web real-time communication platform according to an embodiment of the present invention;

图8为本发明实施例Web实时通信平台鉴权接入方法步骤流程示意图六;FIG. 8 is a sixth schematic flow diagram of steps of an authentication access method for a Web real-time communication platform according to an embodiment of the present invention;

图9为本发明实施例第三方平台的WebRTC应用接入WAS后进行WebRTC通信的典型架构图;9 is a typical architecture diagram of WebRTC communication after the WebRTC application of the third-party platform is connected to WAS according to the embodiment of the present invention;

图10为本发明实施例Web实时通信平台鉴权接入方法步骤流程示意图七;FIG. 10 is a schematic diagram of the step-by-step flow of the authentication access method of the Web real-time communication platform according to the embodiment of the present invention;

图11为本发明实施例Web实时通信平台鉴权接入装置示意图一;FIG. 11 is a schematic diagram of an authentication access device for a Web real-time communication platform according to an embodiment of the present invention;

图12为本发明实施例Web实时通信平台鉴权接入装置示意图二;FIG. 12 is a second schematic diagram of an authentication and access device for a Web real-time communication platform according to an embodiment of the present invention;

图13为本发明实施例Web实时通信平台鉴权接入装置示意图三。FIG. 13 is a third schematic diagram of an authentication access device for a Web real-time communication platform according to an embodiment of the present invention.

具体实施方式detailed description

为使本发明要解决的技术问题、技术方案和优点更加清楚,下面将结合附图及具体实施例进行详细描述。In order to make the technical problems, technical solutions and advantages to be solved by the present invention clearer, the following will describe in detail with reference to the drawings and specific embodiments.

本发明实施例提供一种Web实时通信平台鉴权接入方法,应用于Web实时通信登录鉴权网元实体(WebRTC Authentication Server,WAS),如图1所示,所述方法包括:An embodiment of the present invention provides an authentication access method for a Web real-time communication platform, which is applied to a Web real-time communication login authentication network element entity (WebRTC Authentication Server, WAS). As shown in FIG. 1, the method includes:

步骤S101、接收Web实时通信应用发送的携带验证信息的登录请求,对所述Web实时通信应用发送的所述登录请求进行验证,并返回所述验证信息登录验证成功时的登录验证成功消息;Step S101. Receive a login request carrying verification information sent by the real-time Web communication application, verify the login request sent by the real-time Web communication application, and return a successful login verification message when the verification information login verification is successful;

步骤S102、对登录验证成功后的验证信息进行鉴权验证,在鉴权验证成功后,向所述Web实时通信应用发送有效访问令牌和唯一身份标识,使得所述Web实时通信应用根据接收到的唯一身份标识将用户定向到Web实时通信应用主页,并根据有效访问令牌建立与Web实时通信服务器WS的连接。Step S102: Perform authentication verification on the verification information after the login verification is successful, and send a valid access token and a unique identity to the Web real-time communication application after the authentication verification is successful, so that the Web real-time communication application according to the received The unique identity of the user is directed to the homepage of the real-time web communication application, and a connection with the real-time web communication server WS is established according to a valid access token.

具体的,接收WebRTC应用发送的携带验证信息的登录请求后,对登录请求进行验证,并在验证成功后向WebRTC应用返回登录验证成功消息,同时在登录验证成功后,需要对登录验证成功后的验证信息进行鉴权验证,且在鉴权成功后向WebRTC应用发送有效访问令牌和唯一身份标识,WebRTC应用在接收到唯一身份标识和有效访问令牌之后可以使用WebRTC平台提供的各种即时通信服务,其中访问令牌可简写为AccessToken。Specifically, after receiving the login request carrying verification information sent by the WebRTC application, the login request is verified, and a login verification success message is returned to the WebRTC application after the verification is successful. The authentication information is authenticated, and after the authentication is successful, a valid access token and a unique identity are sent to the WebRTC application. After receiving the unique identity and a valid access token, the WebRTC application can use various instant messaging provided by the WebRTC platform service, where the access token can be abbreviated as AccessToken.

本发明实施例通过为WebRTC服务平台提供Oauth2.0登录鉴权能力,使得WebRTC应用只有在获得WAS颁发的有效访问令牌和唯一身份标识之后才可以使用WebRTC平台提供的各种即时通信服务,从而为WebRTC服务的用户和WebRTC服务平台提供安全性保障。The embodiment of the present invention provides the Oauth2.0 login authentication capability for the WebRTC service platform, so that the WebRTC application can use various instant messaging services provided by the WebRTC platform only after obtaining a valid access token and a unique identity issued by WAS, thereby Provide security protection for WebRTC service users and WebRTC service platform.

如图2所示,是使用本发明WAS之后的WebRTC服务平台典型架构图。包括WAS,WebRTC服务器(WebRTC Server,WS)和WebRTC应用。用户在使用WebRTC应用时,需要通过WAS的登录鉴权,才可以使用WebRTC应用提供的基于WebRTC服务平台的实时通信业务。As shown in Figure 2, it is a typical architecture diagram of the WebRTC service platform after using the WAS of the present invention. Including WAS, WebRTC server (WebRTC Server, WS) and WebRTC application. When users use WebRTC applications, they need to pass WAS login authentication before they can use the real-time communication services based on WebRTC service platform provided by WebRTC applications.

在本发明上述实施例中,步骤S101包括:In the above embodiments of the present invention, step S101 includes:

步骤S1011、接收所述Web实时通信应用发送的携带验证信息的登录请求,根据所述登录请求生成一个随机数RandomNumer,存入会话并与登录页面一起返回给所述Web实时通信应用;Step S1011, receiving the login request carrying verification information sent by the real-time Web communication application, generating a random number RandomNumer according to the login request, storing it in the session and returning it to the real-time Web communication application together with the login page;

步骤S1012、接收所述Web实时通信应用发送的对所述验证信息进行加密后生成的第一加密结果Hashone、用户名username以及RandomNumber;Step S1012, receiving the first encryption result Hasone, username and RandomNumber sent by the Web real-time communication application and generated after encrypting the verification information;

步骤S1013、在数据库中对所述username进行验证,并对接收到所述Hashone和所述RandomNumber进行加密运算得到第二加密结果Hashtwo;Step S1013, verifying the username in the database, and performing an encryption operation on the received Hasone and the RandomNumber to obtain a second encryption result Hashtwo;

步骤S1014、根据所述username在数据库中查找到对应的密码Password_Hash,对所述Password_Hash和存入会话中的所述RandomNumber进行加密计算得到第三加密结果Hashthree;Step S1014, find the corresponding password Password_Hash in the database according to the username, encrypt and calculate the Password_Hash and the RandomNumber stored in the session to obtain a third encryption result Hashthree;

步骤S1015、判断所述Hashthree和所述Hashtwo是否一致,当两者一致则说明登录验证成功,向所述Web实时通信应用返回登录验证成功消息。Step S1015 , judging whether the Hashthree and the Hashtwo are consistent, if they are consistent, it means that the login verification is successful, and return a successful login verification message to the Web real-time communication application.

具体的,在接收到WebRTC应用发送的携带验证信息的登录请求后,根据登录请求生成一个随机数RandomNumer,将RandomNumer存入自身当前会话中,并将用户登录页面与RandomNumer一起返回给WebRTC应用。其中验证信息包括:用户名username和密码Password。Specifically, after receiving the login request with verification information sent by the WebRTC application, a random number RandomNumer is generated according to the login request, the RandomNumer is stored in its current session, and the user login page and the RandomNumer are returned to the WebRTC application. The authentication information includes: username username and password Password.

用户输入验证信息,WebRTC应用对验证信息做哈希加密:Hashone=MD5(MD5(Password),Username)得到Hashone。接收WebRTC应用发送的Hashone、Username和RandomNumber,并验证Username在数据库中的存在,当验证得到的结果是Username在数据库中存在时,则对WebRTC应用发送的Hashone和WebRTC应用发送的RandomNumber进行第二次哈希运算Hashtwo=MD5(HASH(RandomNumber),Hashone),得到Hashtwo。The user inputs the verification information, and the WebRTC application performs hash encryption on the verification information: Hasone=MD5(MD5(Password), Username) to get the Hashone. Receive the Hashone, Username, and RandomNumber sent by the WebRTC application, and verify the existence of the Username in the database. When the result of the verification is that the Username exists in the database, perform a second pass on the Hashones sent by the WebRTC application and the RandomNumber sent by the WebRTC application. Hash operation Hashtwo=MD5(HASH(RandomNumber), Hashone), to obtain Hashtwo.

根据Username,在数据库中查找与Username对应的密码Password_Hash,需要说明的是,数据库中密码Password_Hash不是明文存储,而是用户注册时输入验证信息后且进行哈希加密后存储的,即Password_Hash=MD5(MD5(Password),Username)运算得到。根据查找得到的Password_Hash和会话中存储的RandomNumber,采用哈希运算进行计算得到Hashthree:Hashthree=MD5(HASH(RandomNumber),Password_Hash)。According to the Username, look up the password Password_Hash corresponding to the Username in the database. It should be noted that the password Password_Hash in the database is not stored in plain text, but is stored after the user enters the verification information during registration and performs hash encryption, that is, Password_Hash=MD5( MD5 (Password), Username) operation to get. According to the obtained Password_Hash and the RandomNumber stored in the session, the Hash operation is used to calculate Hashthree: Hashthree=MD5(HASH(RandomNumber), Password_Hash).

比较Hashthree和Hashtwo是否一致,如果一致则说明登录验证成功。不管验证成功与否,RandomNumber将被抛弃,下一次登录时,WAS将产生新的随机数参与加密过程。Compare whether Hashthree and Hashtwo are consistent, and if they are consistent, the login verification is successful. Regardless of whether the verification is successful or not, RandomNumber will be discarded, and WAS will generate a new random number to participate in the encryption process at the next login.

在本发明上述实施例中,步骤S102包括:In the above embodiments of the present invention, step S102 includes:

步骤S1021、对所述验证信息进行鉴权验证,生成有效客户端代码Codeclient并返回至所述Web实时通信应用,由所述Web实时通信应用将接收到的有效Codeclient写入自身会话中;Step S1021, perform authentication verification on the verification information, generate a valid client code Codeclient and return it to the Web real-time communication application, and the Web real-time communication application writes the received valid Codeclient into its own session;

步骤S1022、接收所述Web实时通信应用发送的携带有效Codeclient的信息授权HTTP请求,对有效Codeclient进行验证,验证通过后向所述Web实时通信应用发送有效访问令牌,由所述Web实时通信应用将接收到的有效访问令牌写入自身会话中;Step S1022, receiving the information authorization HTTP request carrying a valid Codeclient sent by the real-time Web communication application, verifying the valid Codeclient, and sending a valid access token to the real-time Web communication application after the verification is passed, and the real-time Web communication application Write the received valid access token into its own session;

步骤S1023、接收所述Web实时通信应用发送的携带有效访问令牌的信息授权HTTP请求,对有效访问令牌进行验证,验证通过后向所述Web实时通信应用WA发送唯一身份标识。Step S1023: Receive the information authorization HTTP request carrying the valid access token sent by the real-time Web communication application, verify the valid access token, and send a unique identity to the real-time Web communication application WA after the verification is passed.

具体的,WAS对验证信息进行鉴权验证,生成有效Codeclient后发送至WebRTC应用,WebRTC应用在接收到有效Codeclient后写入自身会话中。然后WAS对WebRTC应用发送的有效Codeclient进行验证,在验证通过向WebRTC应用发送有效访问令牌,WebRTC应用将有效访问令牌写入自身会话中。WAS对WebRTC应用发送的有效访问令牌进行验证,验证通过后发送唯一身份标识,使得WebRTC应用在接收到有效访问令牌和唯一身份标识之后可以使用WebRTC平台提供的各种即时通信服务。Specifically, WAS performs authentication and verification on the verification information, generates a valid Codeclient and sends it to the WebRTC application, and the WebRTC application writes it into its own session after receiving the valid Codeclient. Then WAS verifies the valid Codeclient sent by the WebRTC application. After the verification, the WebRTC application sends a valid access token to the WebRTC application, and the WebRTC application writes the valid access token into its own session. WAS verifies the valid access token sent by the WebRTC application, and sends a unique identity after the verification is passed, so that the WebRTC application can use various instant messaging services provided by the WebRTC platform after receiving a valid access token and unique identity.

在本发明上述实施例中,当所述Web实时通信应用为当前平台Web实时通信应用WA时,所述对所述验证信息进行鉴权验证,生成有效客户端代码Codeclient并返回至所述Web实时通信应用,具体为:In the above embodiments of the present invention, when the Web real-time communication application is the current platform Web real-time communication application WA, the authentication verification is performed on the verification information, a valid client code Codeclient is generated and returned to the Web real-time Communication applications, specifically:

对所述验证信息进行鉴权验证,生成代码Code和有效Codeclient,并将生成的Code进行存储,将生成的有效Codeclient发送至所述WA,其中所述验证信息包括第一用户名Username1和第一密码Password1。Perform authentication verification on the verification information, generate a code Code and a valid Codeclient, store the generated Code, and send the generated valid Codeclient to the WA, wherein the verification information includes the first username Username1 and the first Password Password1.

具体的,Code为用户是否登录的主要凭证,只存储在WAS中,不能将Code返回给WA,但是WA需要一个类似的Code,从而携带这个Code去取得有效访问令牌。在本发明实施例中,对应于每个WA在验证信息进行鉴权验证成功后,会生产一个有效Codeclient作为Code的代替,并将Code与Codeclient关系存储到数据库中,其中有效Codeclient有效访问令牌一一对应。Specifically, the Code is the main credential for the user to log in. It is only stored in the WAS, and the Code cannot be returned to the WA, but the WA needs a similar Code to carry this Code to obtain a valid access token. In the embodiment of the present invention, corresponding to each WA, after successful authentication and verification of the verification information, an effective Codeclient will be produced as a replacement for the Code, and the relationship between the Code and the Codeclient will be stored in the database, where the effective Codeclient has an effective access token One to one correspondence.

WA可以携带有效访问令牌来获取用户名和其他用户信息,同时WebRTC系统中,连接WS服务器也要携带有效访问令牌,首次取得有效访问令牌的唯一方式是提供有效Codeclient。WA can carry a valid access token to obtain user name and other user information. At the same time, in the WebRTC system, connecting to the WS server also needs to carry a valid access token. The only way to obtain a valid access token for the first time is to provide a valid Codeclient.

在本发明上述实施例中,在接收所述WA发送的携带验证信息的登录请求之前,所述方法还包括:In the above embodiments of the present invention, before receiving the login request carrying verification information sent by the WA, the method further includes:

接收所述WA发送携带自身会话中的第一访问令牌的验证处理HTTP请求,对第一访问令牌进行验证;receiving the verification process HTTP request sent by the WA that carries the first access token in its own session, and verifying the first access token;

向所述WA发送第一访问令牌无效的消息,接收所述WA发送的携带自身会话中第一Codeclient的鉴权处理HTTP请求,对第一Codeclient进行验证,在验证失败后检查自身会话中的Code值是否过期;Send a message that the first access token is invalid to the WA, receive the authentication processing HTTP request that carries the first Codeclient in its own session sent by the WA, verify the first Codeclient, and check the code client in its own session after the verification fails. Whether the Code value has expired;

当自身会话中的Code值过期时,跳转到WAS登录界面。When the Code value in its own session expires, jump to the WAS login interface.

具体的,如图3所示,WA提取自身会话中第一访问令牌,WAS对WA发送的携带自身会话中的第一访问令牌进行验证,当验证不通过时,向WA返回不通过信息。WA在接收到验证不通过信息后,提取自身会话中的第一Codeclient和事先指定的重定向地址redirectURL向WAS发送鉴权处理HTTP请求,WAS对第一Codeclient进行验证,当验证不通过时,向WA返回不通过信息。此时WAS检查自身会话中Code值无效,跳转到WAS自身登录界面。Specifically, as shown in Figure 3, the WA extracts the first access token in its own session, and the WAS verifies the first access token in its own session sent by the WA, and returns failure information to the WA when the verification fails . After receiving the information that the verification fails, WA extracts the first Codeclient in its own session and the redirect URL specified in advance to send an authentication processing HTTP request to WAS, and WAS verifies the first Codeclient. WA returns fail information. At this time, WAS checks that the Code value in its own session is invalid, and jumps to the login interface of WAS itself.

用户输入Username1和Password1,在对Username1和Password1进行登录验证成功后,需要对Username1和Password1进行鉴权验证,WAS生成Code和有效Codeclient,在WAS的会话中存储Code,重定向到WA传送来的重定向地址,通过重定向地址回传对于WA的有效Codeclient。WA将接收到的有效Codeclient写入自身的会话中,向WAS发送携带有效Codeclient的信息授权HTTP请求,WAS对有效Codeclient进行验证,并在验证通过后,返回有效访问令牌。WA将接收到的有效访问令牌写入自身的会话中,向WAS发送携带有效访问令牌的信息授权HTTP请求,WAS对有效访问令牌进行验证,并在验证通过后,返回唯一身份标识,也就是第一用户名,WA重定向到应用主页。然后WA携带有效访问令牌向WS发起WebSocket连接请求,WS提取有效访问令牌,向WAS发送验证处理HTTP请求,WAS验证通过,返回通过信息,WS返回连接成功消息给WA,至此,WA成功连接WS,可以发送或接收WebRTC的相关信令,进而使用WebRTC服务器WS提供的相关服务。The user enters Username1 and Password1. After successful login verification of Username1 and Password1, authentication and verification of Username1 and Password1 are required. WAS generates a Code and a valid Codeclient, stores the Code in the WAS session, and redirects to the redirection message sent by WA. The redirection address returns the valid Codeclient for WA through the redirection address. WA writes the received valid Codeclient into its own session, sends an HTTP request carrying valid Codeclient information to WAS, WAS verifies the valid Codeclient, and returns a valid access token after the verification is passed. WA writes the received valid access token into its own session, sends an information authorization HTTP request carrying a valid access token to WAS, WAS verifies the valid access token, and returns a unique identity after the verification is passed, That is the first username, WA redirects to the application home page. Then WA carries a valid access token to WS to initiate a WebSocket connection request, WS extracts a valid access token, sends a verification processing HTTP request to WAS, WAS passes the verification, returns a pass message, and WS returns a connection success message to WA, so far, WA is successfully connected WS can send or receive WebRTC related signaling, and then use the related services provided by WebRTC server WS.

在本发明上述实施例中,再次登录同一个WA时,WA中的访问令牌为有效访问令牌,其详细过程如下:In the above embodiments of the present invention, when logging in to the same WA again, the access token in the WA is a valid access token, and the detailed process is as follows:

如图4所示,用户刷新WA的统一资源定位符URL,WA提取自身会话中的有效访问令牌,向WAS发送验证处理HTTP请求,经WAS验证成功后返回通过信息。向WAS发送携带有效访问令牌的信息授权HTTP请求,WAS对有效访问令牌进行验证,并在验证通过后,返回唯一身份标识,WA重定向到应用主页。然后WA携带有效访问令牌向WS发起WebSocket连接请求,WS提取有效访问令牌,向WAS发送验证处理HTTP请求,WAS验证通过,返回通过信息,WS返回连接成功消息给WA,至此,WA成功连接WS,可以发送或接收WebRTC的相关信令,进而使用WebRTC服务器WS提供的相关服务。As shown in Figure 4, the user refreshes the Uniform Resource Locator URL of the WA, and the WA extracts the valid access token in its own session, sends a verification processing HTTP request to the WAS, and returns a pass message after the verification is successful. Send an information authorization HTTP request carrying a valid access token to WAS. WAS verifies the valid access token, and returns a unique identity after the verification is passed, and WA redirects to the application homepage. Then WA carries a valid access token to WS to initiate a WebSocket connection request, WS extracts a valid access token, sends a verification processing HTTP request to WAS, WAS passes the verification, returns a pass message, and WS returns a connection success message to WA, so far, WA is successfully connected WS can send or receive WebRTC related signaling, and then use the related services provided by WebRTC server WS.

在本发明上述实施例中,当用户已经登录了WAS的某一个WebRTC应用,用户在这个应用中点击其他应用的链接,不需要用户再次输入用户名密码,可以直接登录到其他应用中。具体流程如图5所示:In the above embodiments of the present invention, when the user has logged into a certain WebRTC application of WAS, the user clicks the link of other applications in this application, and the user can directly log in to other applications without inputting the user name and password again. The specific process is shown in Figure 5:

用户输入WebRTC应用1(WebRTC Application 1,WA1)的URL,WA1完成登录鉴权的流程,返回WA1主页。用户在WA1主页点击其他(WebRTCApplication 2,WA2)链接URL。WA2提取自身会话中的第二访问令牌,WAS对第二访问令牌进行验证,当验证不通过时,向WA2返回不通过信息。WA2在接收到验证不通过信息后,提取自身会话中的第二Codeclient以及事先指定的重定向地址redirectURL,向WAS发送鉴权处理HTTP请求,WAS对第二Codeclient进行验证,当验证不通过时,向WA2返回不通过信息。此时WAS检查自身会话中Code值有效,生成有效Codeclient,通过重定向地址回传对于WA2的有效Codeclient。The user inputs the URL of WebRTC Application 1 (WebRTC Application 1, WA1), WA1 completes the login authentication process, and returns to the WA1 homepage. The user clicks other (WebRTCApplication 2, WA2) link URLs on the WA1 homepage. WA2 extracts the second access token in its own session, WAS verifies the second access token, and returns failure information to WA2 when the verification fails. After receiving the verification failure information, WA2 extracts the second Codeclient in its own session and the redirect URL specified in advance, and sends an authentication processing HTTP request to WAS. WAS verifies the second Codeclient. When the verification fails, Return failure information to WA2. At this time, WAS checks that the Code value in its own session is valid, generates a valid Codeclient, and returns the valid Codeclient for WA2 through the redirection address.

WA2将接收到的有效Codeclient写入自身的会话中,向WAS发送携带有效Codeclient的信息授权HTTP请求,WAS对有效Codeclient进行验证,并在验证通过后,返回有效访问令牌。WA2将接收到的有效访问令牌写入自身的会话中,向WAS发送携带有效访问令牌的信息授权HTTP请求,WAS对有效访问令牌进行验证,并在验证通过后,返回唯一身份标识,WA2重定向到应用主页。WA2 writes the received valid Codeclient into its own session, sends an HTTP request carrying valid Codeclient information to WAS, WAS verifies the valid Codeclient, and returns a valid access token after the verification is passed. WA2 writes the received valid access token into its own session, sends an information authorization HTTP request carrying a valid access token to WAS, WAS verifies the valid access token, and returns a unique identity after the verification is passed, WA2 redirects to the app home page.

然后WA2携带有效访问令牌向WS发起WebSocket连接请求,WS提取有效访问令牌,向WAS发送验证处理HTTP请求,WAS验证通过,返回通过信息,WS返回连接成功消息给WA2,至此,WA2成功连接WS,可以发送或接收WebRTC的相关信令,进而使用WebRTC服务器WS提供的相关服务。Then WA2 carries a valid access token to initiate a WebSocket connection request to WS. WS extracts a valid access token and sends a verification processing HTTP request to WAS. WAS passes the verification and returns a pass message. WS returns a connection success message to WA2. So far, WA2 is successfully connected. WS can send or receive WebRTC related signaling, and then use the related services provided by WebRTC server WS.

图6是使用本发明WAS之后,同时接入不同WA,提供单点登录能力的示意图。如果某一用户在使用WA1时已经完成与WAS之间的登录鉴权过程,则在WA1中访问WA2时,WA2会发起与WAS之间的单点登录过程,使得用户不用再次输入用户名密码,直接使用登录WA1过程中的账号信息直接登录WA2。Fig. 6 is a schematic diagram of accessing different WAs at the same time after using the WAS of the present invention to provide a single sign-on capability. If a user has completed the login authentication process with WAS when using WA1, when accessing WA2 in WA1, WA2 will initiate a single sign-on process with WAS, so that the user does not need to enter the username and password again. Directly use the account information in the process of logging in to WA1 to directly log in to WA2.

在本发明上述实施例中,当所述Web实时通信应用为第三方业务平台的Web实时通信应用TPWA时,接收所述TPWA发送的携带验证信息的登录请求之前,所述方法还包括:In the above embodiment of the present invention, when the Web real-time communication application is a Web real-time communication application TPWA of a third-party service platform, before receiving the login request carrying verification information sent by the TPWA, the method further includes:

接收所述TPWA发送的申请接入请求,对所述申请接入请求进行核准后,向所述TPWA返回第三方应用身份标识和第二密码,所述验证信息包括第三方应用身份标识和第二密码。这里的第三方应用身份标识与上述的用户名所代表的含义相同,用户名是对第一用户名和第三方应用身份标识的一个总体概括,密码是对第一密码和第二密码的总体概括。receiving the application access request sent by the TPWA, and returning the third-party application identity and the second password to the TPWA after the application and access request is approved, and the verification information includes the third-party application identity and the second password; password. The third-party application identity here has the same meaning as the above-mentioned username. The username is a general summary of the first user name and the third-party application identity, and the password is a general summary of the first password and the second password.

向所述TPWA返回第三方应用身份标识和第二密码后,由所述TPWA携带第三方应用身份标识和第二密码向所述WAS发送登录请求,所述WAS对第三方应用身份标识和第二密码进行验证。After returning the third-party application identity and the second password to the TPWA, the TPWA carries the third-party application identity and the second password to send a login request to the WAS, and the WAS applies the third-party application identity and the second password to the WAS. password for verification.

在对第三方应用身份标识和第二密码验证成功后,对第三方应用身份标识和第二密码进行鉴权验证,生成有效Codeclient,对有效Codeclient进行验证,验证成功后,生成临时访问令牌返回至所述TPWA;对临时访问令牌验证通过后,生成临时用户名发送至所述TPWA,使得所述TPWA重定向到主页。After successfully verifying the third-party application ID and the second password, authenticate and verify the third-party application ID and the second password, generate a valid Codeclient, and verify the valid Codeclient. After the verification is successful, generate a temporary access token and return to the TPWA; after passing the verification of the temporary access token, generate a temporary username and send it to the TPWA, so that the TPWA is redirected to the homepage.

本发明实施例还提供一种Web实时通信平台鉴权接入方法,应用于Web实时通信应用,如图7所示,所述方法包括:The embodiment of the present invention also provides an authentication access method for a Web real-time communication platform, which is applied to a Web real-time communication application, as shown in FIG. 7 , the method includes:

步骤S201、向Web实时通信登录鉴权网元实体WAS发送携带验证信息的登录请求,使得所述WAS对所述Web实时通信应用发送的登录请求进行验证;Step S201, sending a login request carrying verification information to the Web real-time communication login authentication network element entity WAS, so that the WAS verifies the login request sent by the Web real-time communication application;

步骤S202、接收所述WAS返回的登录验证成功消息;Step S202, receiving the login verification success message returned by the WAS;

步骤S203、在所述WAS对登录验证成功后的验证信息进行鉴权验证成功后,接收所述WAS发送的有效访问令牌和唯一身份标识,根据接收到的唯一身份标识将用户定向到Web实时通信应用主页,并根据有效访问令牌建立与Web实时通信服务器WS的连接。Step S203, after the WAS successfully authenticates the verification information after the successful login verification, receives the valid access token and the unique identity sent by the WAS, and directs the user to the real-time Web site according to the received unique identity The homepage of the communication application, and establishes a connection with the Web real-time communication server WS according to a valid access token.

具体的,WebRTC应用发送携带验证信息的登录请求至WAS,由WAS对登录请求进行验证,并在验证成功后向WebRTC应用返回登录验证成功消息,同时WAS需要对登录验证成功后的验证信息进行鉴权验证,WebRTC应用接收在鉴权成功后WAS发送的有效访问令牌和唯一身份标识,WebRTC应用在接收到有效访问令牌和唯一身份标识之后可以使用WebRTC平台提供的各种即时通信服务。Specifically, the WebRTC application sends a login request carrying verification information to WAS, and the WAS verifies the login request, and returns a successful login verification message to the WebRTC application after the verification is successful. At the same time, WAS needs to authenticate the verification information after the successful login verification. Authorization verification, the WebRTC application receives the valid access token and unique identity sent by WAS after successful authentication, and the WebRTC application can use various instant messaging services provided by the WebRTC platform after receiving the valid access token and unique identity.

WebRTC应用只有在获得WAS颁发的有效访问令牌和唯一身份标识之后才可以使用WebRTC平台提供的各种即时通信服务,从而为WebRTC服务的用户和WebRTC服务平台提供安全性保障。WebRTC applications can use various instant messaging services provided by the WebRTC platform only after obtaining a valid access token and unique identity issued by WAS, thereby providing security guarantees for WebRTC service users and the WebRTC service platform.

在本发明上述实施例中,步骤S201包括:In the above embodiments of the present invention, step S201 includes:

步骤S2011、向所述WAS发送携带验证信息的登录请求,并接收所述WAS返回的携带一随机数RandomNumber的登录页面;Step S2011, sending a login request carrying authentication information to the WAS, and receiving a login page carrying a random number RandomNumber returned by the WAS;

步骤S2012、对所述验证信息进行加密生成第一加密结果Hashone,将所述Hashone、用户名Username以及所述RandomNumber发送至所述WAS,使得所述WAS根据接收到的所述Hashone、所述Username和所述RandomNumber对所述Web实时通信应用发送的登录请求进行验证。Step S2012: Encrypt the verification information to generate a first encryption result Hashone, and send the Hashone, Username and RandomNumber to the WAS, so that the WAS and the RandomNumber to verify the login request sent by the Web real-time communication application.

具体的,向WAS发送携带验证信息的登录请求后,WAS会根据登录请求生成一个随机数RandomNumer,接收WAS发送的用户登录页面与RandomNumer。然后用户输入验证信息,验证信息包括用户名Username和密码Password,WebRTC应用对接收到验证信息进行哈希加密计算:Hashone=MD5(MD5(Password),Username)得到Hashone。向WAS发送Hashone、Username和RandomNumber,当数据库中查找到Username后由WAS对接收到的Hashone和RandomNumber进行第二次哈希加密运算,以得到Hashtwo:Hashtwo=MD5(HASH(RandomNumber),Hashone),并根据与Username对应的密码Password_Hash和会话中存储的RandomNumber,采用哈希运算进行计算得到Hashthree:Hashthree=MD5(HASH(RandomNumber),Password_Hash)。比较Hashthree和Hashtwo是否一致,如果一致则说明登录验证成功。Specifically, after sending a login request carrying verification information to WAS, WAS will generate a random number RandomNumer according to the login request, and receive the user login page and RandomNumer sent by WAS. Then the user enters the verification information, which includes the user name Username and the password Password, and the WebRTC application performs hash encryption calculation on the received verification information: Hasone=MD5(MD5(Password), Username) to obtain the Hashone. Send Hashone, Username, and RandomNumber to WAS, and when the Username is found in the database, WAS performs a second hash encryption operation on the received Hashone and RandomNumber to obtain Hashtwo: Hashtwo=MD5(HASH(RandomNumber), Hashone), And according to the password Password_Hash corresponding to the Username and the RandomNumber stored in the session, the Hash operation is used to calculate and obtain Hashthree: Hashthree=MD5(HASH(RandomNumber), Password_Hash). Compare whether Hashthree and Hashtwo are consistent, and if they are consistent, the login verification is successful.

在本发明上述实施例中,步骤S203包括:In the above embodiments of the present invention, step S203 includes:

步骤S2031、接收所述WAS根据所述验证信息鉴权验证中生成的有效客户端代码Codeclient,将接收到的有效Codeclient写入自身会话中;Step S2031, receiving the valid client code Codeclient generated by the WAS according to the authentication verification of the verification information, and writing the received valid Codeclient into its own session;

步骤S2032、向所述WAS发送携带有效Codeclient的信息授权HTTP请求,使得所述WAS对有效Codeclient进行验证,并接收所述WAS在有效Codeclient验证通过后发送的有效访问令牌,将接收到的有效访问令牌写入自身会话中;Step S2032: Send an information authorization HTTP request carrying a valid Codeclient to the WAS, so that the WAS can verify the valid Codeclient, and receive the valid access token sent by the WAS after the valid Codeclient is verified, and pass the received valid codeclient. The access token is written into its own session;

步骤S2033、向所述WAS发送携带有效访问令牌的信息授权HTTP请求,使得所述WAS对有效访问令牌进行验证,验证通过后接收所述WAS发送的唯一身份标识。Step S2033, sending an information authorization HTTP request carrying a valid access token to the WAS, so that the WAS can verify the valid access token, and receive the unique identity sent by the WAS after the verification is passed.

具体的,接收WAS对验证信息进行鉴权验证生成的有效Codeclient,WebRTC应用在接收到有效Codeclient后写入自身会话中。然后向WAS发送携带有效Codeclient的信息授权HTTP请求,使得WAS对有效Codeclient进行验证,WebRTC应用接收验证通过后WAS发送有效访问令牌,WebRTC应用将有效访问令牌写入自身会话中。向WAS发送携带有效访问令牌的信息授权HTTP请求,使得WAS对有效访问令牌进行验证,接收在验证通过后WAS发送的唯一身份标识,WebRTC应用在接收到有效访问令牌和唯一身份标识之后可以使用WebRTC平台提供的各种即时通信服务。Specifically, after receiving the valid Codeclient generated by WAS for authenticating and verifying the verification information, the WebRTC application writes the valid Codeclient into its own session after receiving the valid Codeclient. Then send an HTTP request carrying valid Codeclient information to WAS, so that WAS can verify the valid Codeclient. After the WebRTC application receives the verification, WAS sends a valid access token, and the WebRTC application writes the valid access token into its own session. Send an information authorization HTTP request carrying a valid access token to WAS, so that WAS can verify the valid access token, and receive the unique identity sent by WAS after the verification is passed. After the WebRTC application receives the valid access token and unique identity Various instant messaging services provided by the WebRTC platform can be used.

在本发明上述实施例中,当Web实时通信应用为当前平台Web实时通信应用WA时,所述向Web实时通信登录鉴权网元实体WAS发送携带验证信息的登录请求之前,所述方法还包括:In the above embodiment of the present invention, when the real-time Web communication application is the real-time Web communication application WA on the current platform, before sending the login request carrying verification information to the real-time Web communication login authentication network element entity WAS, the method further includes :

向所述WAS发送携带自身会话中的第一访问令牌的验证处理HTTP请求,由所述WAS对第一访问令牌进行验证;Send a verification processing HTTP request carrying the first access token in its own session to the WAS, and the WAS verifies the first access token;

接收所述WAS发送的第一访问令牌无效的消息,向所述WAS发送携带自身会话中第一Codeclient的鉴权处理HTTP请求,由所述WAS对第一Codeclient进行验证,并在验证失败后检查自身会话中的Code值是否过期,当所述WAS自身会话中的Code值过期时,跳转到WAS登录界面。Receive the message that the first access token sent by the WAS is invalid, send an authentication processing HTTP request carrying the first Codeclient in its own session to the WAS, and the WAS will verify the first Codeclient, and after the verification fails, Check whether the Code value in the self-session is expired, and jump to the WAS login interface when the Code value in the WAS self-session expires.

具体的,WA提取自身会话中第一访问令牌,向WAS发送验证处理HTTP请求,使得WAS对WA发送的携带自身会话中的第一访问令牌进行验证,当验证不通过时,WA接收WAS返回的不通过信息,提取自身会话中的第一Codeclient,向WAS发送鉴权处理HTTP请求,使得WAS对WA发送的携带自身会话中的第一Codeclient进行验证,当验证不通过时,WA接收WAS返回的不通过信息,此时WAS检查自身会话中Code值无效,跳转到WAS自身登录界面。Specifically, WA extracts the first access token in its own session, and sends a verification processing HTTP request to WAS, so that WAS can verify the first access token in its own session sent by WA. When the verification fails, WA receives WAS The returned failure information extracts the first Codeclient in its own session, and sends an authentication processing HTTP request to WAS, so that WAS can verify the first Codeclient in its own session sent by WA. When the verification fails, WA receives WAS If the failed message is returned, WAS checks that the Code value in its own session is invalid, and jumps to the login interface of WAS itself.

在本发明上述实施例中,当接收所述WAS发送的第一访问令牌有效的消息时,所述方法包括:In the above embodiment of the present invention, when receiving the message that the first access token sent by the WAS is valid, the method includes:

接收所述WAS发送唯一身份标识,调用所述WS提供的各种服务。Receive the unique identity sent by the WAS, and invoke various services provided by the WS.

WA携带自身会话中的第一访问令牌,向WAS询问是否有效时,如果WAS检查到第一访问令牌尚在有效期内,则说明用户前面已经登录过,则直接通过第一访问令牌从WAS获得唯一性标识并调用WS提供的各种服务。具体的应用场景包括用户临时断开或进行刷新浏览器这样的操作。When WA carries the first access token in its own session and asks WAS whether it is valid, if WAS checks that the first access token is still valid, it means that the user has logged in before, and then directly uses the first access token from WAS obtains a unique identifier and invokes various services provided by WS. Specific application scenarios include operations such as temporary disconnection by the user or refreshing the browser.

在本发明上述实施例中,当所述WAS自身会话中的Code值没有过期时,所述方法还包括:In the above-mentioned embodiment of the present invention, when the Code value in the session of the WAS itself has not expired, the method further includes:

接收所述WAS返回与所述WA对应的有效Codeclient。Receiving the WAS returns a valid Codeclient corresponding to the WA.

WAS检查WAS当中与WA相对应的会话中的Code值,发现Code值有效并且没有过期,说明用户已经登录了某一个应用WA,此时WAS直接返回这个WA对应的有效Codeclient,不需要重定向到登录页面。具体的应用场景为用户在使用多个WA之间进行切换时。WAS checks the Code value in the session corresponding to WA in WAS, and finds that the Code value is valid and has not expired, indicating that the user has logged in to a certain application WA. At this time, WAS directly returns the valid Codeclient corresponding to this WA, and does not need to be redirected to log in page. A specific application scenario is when a user switches between using multiple WAs.

在本发明上述实施例中,当所述Web实时通信应用为第三方业务平台的Web实时通信应用TPWA时,向Web实时通信登录鉴权网元实体WAS发送携带验证信息的登录请求之前,所述方法还包括:In the above embodiments of the present invention, when the real-time Web communication application is the real-time Web communication application TPWA of a third-party service platform, before sending a login request carrying verification information to the Web real-time communication login authentication network element entity WAS, the Methods also include:

向所述WAS发送申请接入请求,由所述WAS对所述申请接入请求进行核准;Sending an access application request to the WAS, and the WAS approves the access application request;

接收所述WAS发送的第三方应用身份标识和第二密码,所述验证信息包括第三方应用身份标识和第二密码;receiving the third-party application identity and the second password sent by the WAS, the verification information including the third-party application identity and the second password;

与第三方业务平台建立连接,完成在第三方业务平台的登录鉴权。Establish a connection with the third-party business platform and complete the login authentication on the third-party business platform.

具体的,如图8所示,TPWA通过邮件或其他方式申请接入WAS,WAS的管理者核准后,邮件或其他方式返回第三方应用身份标识id和第二密码password2。TPWA的用户输入TPWA的URL,TPWA完成在第三方业务平台自身的登录鉴权步骤。Specifically, as shown in FIG. 8 , the TPWA applies for accessing the WAS by email or other methods, and after the WAS manager approves, the third-party application identity id and the second password password2 are returned by email or other methods. The user of the TPWA inputs the URL of the TPWA, and the TPWA completes the login authentication steps on the third-party service platform itself.

然后,TPWA向WAS发送携带第三方应用id、第二密码和重定向地址的第三方处理HTTP请求,WAS验证第三方应用id、第二密码合法,生成TPWA的有效Codeclient,并通过重定向地址向TPWA回传有效Codeclient。Then, TPWA sends a third-party processing HTTP request carrying the third-party application id, second password and redirection address to WAS. WAS verifies that the third-party application id and second password are legal, generates a valid Codeclient for TPWA, and sends the request to the WAS through the redirection address. TPWA returns a valid Codeclient.

TPWA向WAS发送携带有效Codeclient的信息授权HTTP请求,由WAS对有效Codeclient进行验证,在验证通过后,TPWA接收WAS为第三方应用生成的临时访问令牌。TPWA sends an information authorization HTTP request carrying a valid Codeclient to WAS, and WAS verifies the valid Codeclient. After the verification is passed, TPWA receives the temporary access token generated by WAS for the third-party application.

TPWA向WAS发送携带临时访问令牌的信息授权HTTP请求,由WAS对临时访问令牌进行验证,在验证通过后,TPWA接收WAS为第三方应用生成的临时用户名,TPWA重定向到主页。TPWA sends an information authorization HTTP request carrying a temporary access token to WAS, and WAS verifies the temporary access token. After the verification is passed, TPWA receives the temporary username generated by WAS for the third-party application, and TPWA redirects to the home page.

浏览器携带临时访问令牌向WS发起WebSocket连接请求,WS提取临时访问令牌向WAS发送验证处理HTTP请求,WAS对临时访问令牌进行验证,并在验证成功后,返回通过信息,WS返回连接成功消息给浏览器。至此,TPWA成功连接WS,可以使用临时用户名作为用户名与WAS管理的各WA进行WebRTC通信。The browser carries a temporary access token to initiate a WebSocket connection request to WS, WS extracts the temporary access token and sends a verification processing HTTP request to WAS, WAS verifies the temporary access token, and returns pass information after the verification is successful, and WS returns the connection Success message to the browser. So far, TPWA has successfully connected to WS, and can use the temporary username as the username to perform WebRTC communication with each WA managed by WAS.

如图9所示,第三方平台的WebRTC应用接入WAS,使得WAS管理的WebRTC应用与第三方平台的WebRTC应用能够互联,进行WebRTC业务通信的典型架构图。第三方平台的WebRTC应用在进行完第三方平台本身的登录鉴权后,向WAS进行第三方平台的WebRTC应用登录鉴权流程。在鉴权通过后,则第三方平台的WebRTC应用可以连接WS,使用所需要的服务能力。As shown in Figure 9, the WebRTC application of the third-party platform is connected to WAS, so that the WebRTC application managed by WAS and the WebRTC application of the third-party platform can be interconnected, and a typical architecture diagram of WebRTC business communication. After the WebRTC application of the third-party platform completes the login authentication of the third-party platform itself, it performs the login authentication process of the WebRTC application of the third-party platform to WAS. After the authentication is passed, the WebRTC application of the third-party platform can connect to WS and use the required service capabilities.

在本发明上述实施例中,TPWA向WAS发送第三方应用id、第二密码和重定向地址时。考虑到传输的安全性,会对第三方应用身份标识、第二密码以及重定向地址进行加密。经过加密后得到的Value值传递至WAS,WAS在收到Value值之后进行反向运算得到第三方应用id和重定向地址,两者之间以$符合分割。In the above embodiments of the present invention, when the TPWA sends the third-party application id, the second password and the redirection address to the WAS. Considering the security of transmission, the third-party application identity, second password and redirection address will be encrypted. The value obtained after encryption is passed to WAS, and WAS performs a reverse operation after receiving the Value value to obtain the third-party application id and redirection address, which are separated by $.

具体算法如下:The specific algorithm is as follows:

Value=URLEncoding(Base64(ID+$+Encrypt(ID+$+redirectURL)+$+Digest),Value=URLEncoding(Base64(ID+$+Encrypt(ID+$+redirectURL)+$+Digest),

Digest=Base64(Hash(ID+$+redirectURL))Digest=Base64(Hash(ID+$+redirectURL))

Encrypt加密算法为3DES,加密的密钥为password2,$为标记符号。The Encrypt encryption algorithm is 3DES, the encrypted key is password2, and $ is a mark symbol.

本发明实施例提供一种Web实时通信平台鉴权接入方法,应用于Web实时通信服务器WS,如图10所示,所述方法包括:An embodiment of the present invention provides an authentication access method for a Web real-time communication platform, which is applied to a Web real-time communication server WS, as shown in FIG. 10 , the method includes:

步骤S301、接收浏览器发送的携带有效访问令牌的WebSocket连接请求;Step S301, receiving a WebSocket connection request carrying a valid access token sent by the browser;

步骤S302、提取有效访问令牌,向Web实时通信登录鉴权网元实体WAS发送携带有效访问令牌的验证处理HTTP请求,由所述WAS对有效访问令牌进行验证,返回验证通过信息;Step S302, extracting a valid access token, sending a verification processing HTTP request carrying a valid access token to the web real-time communication login authentication network element entity WAS, and the WAS verifies the valid access token and returns verification passing information;

步骤S303、接收所述WAS返回的验证通过信息,向浏览器返回连接成功消息,完成与浏览器下的各个Web实时通信应用的连接。Step S303, receiving the verification pass information returned by the WAS, returning a connection success message to the browser, and completing the connection with each Web real-time communication application under the browser.

具体的,WS接收浏览器携带临时访问令牌发起WebSocket连接请求,WS提取临时访问令牌向WAS发送验证处理HTTP请求,由WAS对临时访问令牌进行验证,并在验证成功后,返回通过信息,WS接收到通过信息后,返回连接成功消息给浏览器,完成与浏览器下的各个Web实时通信应用的连接。Specifically, WS receives the browser that carries the temporary access token to initiate a WebSocket connection request, WS extracts the temporary access token and sends a verification processing HTTP request to WAS, WAS verifies the temporary access token, and returns pass information after the verification is successful After receiving the passing information, the WS returns a connection success message to the browser, and completes the connection with various Web real-time communication applications under the browser.

本发明实施例提供一种Web实时通信平台鉴权接入装置,应用于Web实时通信登录鉴权网元实体WAS,如图11所示,装置方法包括:An embodiment of the present invention provides an authentication access device for a Web real-time communication platform, which is applied to a Web real-time communication login authentication network element entity WAS. As shown in FIG. 11 , the device method includes:

接收验证模块40,用于接收Web实时通信应用发送的携带验证信息的登录请求,对所述Web实时通信应用发送的所述登录请求进行验证,并返回所述验证信息登录验证成功时的登录验证成功消息;The receiving verification module 40 is configured to receive the login request carrying verification information sent by the Web real-time communication application, verify the login request sent by the Web real-time communication application, and return the login verification when the verification information login verification is successful success message;

验证发送模块41,用于对登录验证成功后的验证信息进行鉴权验证,在鉴权验证成功后,向所述Web实时通信应用发送有效访问令牌和唯一身份标识,使得所述Web实时通信应用根据接收到的唯一身份标识将用户定向到Web实时通信应用主页,并根据有效访问令牌建立与Web实时通信服务器WS的连接。The verification sending module 41 is used to perform authentication verification on the verification information after the login verification is successful, and after the authentication verification is successful, send a valid access token and a unique identity to the Web real-time communication application, so that the Web real-time communication The application directs the user to the home page of the real-time web communication application according to the received unique identity, and establishes a connection with the real-time web communication server WS according to the valid access token.

在本发明上述实施例中,所述接收验证模块40包括:In the above embodiments of the present invention, the receiving verification module 40 includes:

接收生成子模块401,用于接收所述Web实时通信应用发送的携带验证信息的登录请求,根据所述登录请求生成一个随机数RandomNumer,存入会话并与登录页面一起返回给所述Web实时通信应用;Receiving and generating sub-module 401, configured to receive the login request carrying authentication information sent by the Web real-time communication application, generate a random number RandomNumer according to the login request, store it in the session and return it to the Web real-time communication together with the login page application;

接收子模块402,用于接收所述Web实时通信应用发送的对所述验证信息进行加密后生成的第一加密结果Hashone、用户名Username以及RandomNumber;The receiving submodule 402 is configured to receive the first encryption result Hasone, Username and RandomNumber sent by the Web real-time communication application and generated after encrypting the verification information;

第一加密子模块403,用于在数据库中对所述Username进行验证,并对接收到所述Hashone和所述RandomNumber进行加密运算得到第二加密结果Hashtwo;The first encryption sub-module 403 is configured to verify the Username in the database, and perform an encryption operation on the received Hasone and the RandomNumber to obtain a second encryption result Hashtwo;

第二加密子模块404,用于根据所述Username在数据库中查找到对应的密码Password_Hash,对所述Password_Hash和存入会话的所述RandomNumber进行加密计算得到第三加密结果Hashthree;The second encryption submodule 404 is used to find the corresponding password Password_Hash in the database according to the Username, and encrypt and calculate the Password_Hash and the RandomNumber stored in the session to obtain a third encryption result Hashthree;

判断子模块405,用于判断所述Hashthree和所述Hashtwo是否一致,当两者一致则说明登录验证成功,向所述Web实时通信应用返回登录验证成功消息。The judging sub-module 405 is used to judge whether the Hashthree is consistent with the Hashtwo, if they are consistent, it means that the login verification is successful, and returns a login verification success message to the Web real-time communication application.

在本发明上述实施例中,所述验证发送模块41包括:In the above-mentioned embodiments of the present invention, the verification sending module 41 includes:

生成子模块411,用于对所述验证信息进行鉴权验证,生成有效客户端代码Codeclient并返回至所述Web实时通信应用,由所述Web实时通信应用将接收到的有效Codeclient写入自身会话中;Generating sub-module 411, used to authenticate and verify the verification information, generate a valid client code Codeclient and return it to the Web real-time communication application, and write the received valid Codeclient into its own session by the Web real-time communication application middle;

第一处理子模块412,用于接收所述Web实时通信应用发送的携带有效Codeclient的信息授权HTTP请求,对有效Codeclient进行验证,验证通过后向所述Web实时通信应用发送有效访问令牌,由所述Web实时通信应用将接收到的有效访问令牌写入自身会话中;The first processing sub-module 412 is configured to receive an information authorization HTTP request carrying a valid Codeclient sent by the Web real-time communication application, verify the valid Codeclient, and send a valid access token to the Web real-time communication application after the verification is passed, by The Web real-time communication application writes the received valid access token into its own session;

第二处理子模块413,用于接收所述Web实时通信应用发送的携带有效访问令牌的信息授权HTTP请求,对有效访问令牌进行验证,验证通过后向所述Web实时通信应用WA发送唯一身份标识。The second processing sub-module 413 is configured to receive the information authorization HTTP request carrying a valid access token sent by the Web real-time communication application, verify the valid access token, and send a unique ID to the Web real-time communication application WA after the verification is passed. identification.

在本发明上述实施例中,当所述Web实时通信应用为当前平台Web实时通信应用WA时,所述生成子模块411进一步用于:In the above embodiments of the present invention, when the Web real-time communication application is the current platform Web real-time communication application WA, the generating submodule 411 is further used for:

对所述验证信息进行鉴权验证,生成Code和有效Codeclient,并将生成的Code进行存储,将生成的有效Codeclient发送至所述WA,其中所述验证信息包括第一用户名Username1和第一密码Password1。Perform authentication verification on the verification information, generate a Code and a valid Codeclient, store the generated Code, and send the generated valid Codeclient to the WA, wherein the verification information includes the first username Username1 and the first password Password1.

在本发明上述实施例中,所述装置还包括:In the above-mentioned embodiment of the present invention, the device also includes:

第一接收模块42,用于在所述接收验证模块40接收所述WA发送的携带验证信息的登录请求之前,接收所述WA发送携带自身会话中的第一访问令牌的验证处理HTTP请求,对第一访问令牌进行验证;The first receiving module 42 is configured to receive, before the receiving verification module 40 receives the login request carrying the verification information sent by the WA, the verification processing HTTP request sent by the WA and carrying the first access token in its own session, verifying the first access token;

第一处理模块43,用于向所述WA发送第一访问令牌无效的消息,接收所述WA发送的携带自身会话中第一Codeclient的鉴权处理HTTP请求,对第一Codeclient进行验证,在验证失败后检查自身会话中的Code值是否过期;The first processing module 43 is configured to send to the WA a message that the first access token is invalid, receive the authentication processing HTTP request that carries the first Codeclient in its own session sent by the WA, and verify the first Codeclient, and then After verification fails, check whether the Code value in its own session has expired;

跳转模块44,用于当自身会话中的Code值过期时,跳转到WAS登录界面。The jump module 44 is used for jumping to the WAS login interface when the Code value in the own session expires.

在本发明上述实施例中,当向所述WA发送第一访问令牌有效的消息时,所述装置还包括:In the above embodiments of the present invention, when sending a message that the first access token is valid to the WA, the device further includes:

第一发送模块45,用于向所述WA发送唯一身份标识,使得所述WA调用所述WS提供的各种服务。The first sending module 45 is configured to send a unique identity to the WA, so that the WA invokes various services provided by the WS.

在本发明上述实施例中,当自身会话中的Code值没有过期时,所述装置还包括:In the above embodiment of the present invention, when the Code value in the own session has not expired, the device further includes:

返回模块46,用于直接向所述WA返回与所述WA对应的有效Codeclient。The return module 46 is configured to directly return a valid Codeclient corresponding to the WA to the WA.

在本发明上述实施例中,当所述Web实时通信应用为第三方业务平台的Web实时通信应用TPWA时,所述装置还包括:In the above embodiment of the present invention, when the Web real-time communication application is a Web real-time communication application TPWA of a third-party service platform, the device further includes:

第二处理模块47,用于在所述接收验证模块40接收所述TPWA发送的携带验证信息的登录请求之前,接收所述TPWA发送的申请接入请求,对所述申请接入请求进行核准后,向所述TPWA返回第三方应用身份标识和第二密码,所述验证信息包括第三方应用身份标识和第二密码。The second processing module 47 is configured to receive the application access request sent by the TPWA before the receiving verification module 40 receives the login request carrying verification information sent by the TPWA, and after the application access request is approved , returning the third-party application ID and the second password to the TPWA, where the verification information includes the third-party application ID and the second password.

在本发明上述实施例中,所述装置还包括:In the above-mentioned embodiment of the present invention, the device also includes:

第三处理模块48,用于对第三方应用身份标识和第二密码验证成功后,生成有效Codeclient,对有效Codeclient进行验证,验证成功后,生成临时访问令牌返回至所述TPWA;对临时访问令牌验证通过后,生成临时用户名发送至所述TPWA,使得所述TPWA重定向到主页。The third processing module 48 is used to generate a valid Codeclient after successful verification of the third-party application identity and the second password, and verify the valid Codeclient. After the verification is successful, generate a temporary access token and return to the TPWA; After the token is verified, a temporary username is generated and sent to the TPWA, so that the TPWA is redirected to the homepage.

本发明实施例提供一种Web实时通信平台鉴权接入装置,应用于Web实时通信应用,如图12所示,所述装置包括:An embodiment of the present invention provides an authentication access device for a Web real-time communication platform, which is applied to a Web real-time communication application. As shown in FIG. 12 , the device includes:

第二发送模块50,用于向Web实时通信登录鉴权网元实体WAS发送携带验证信息的登录请求,使得所述WAS对所述Web实时通信应用发送的登录请求进行验证;The second sending module 50 is configured to send a login request carrying verification information to the Web real-time communication login authentication network element entity WAS, so that the WAS verifies the login request sent by the Web real-time communication application;

第二接收模块51,用于接收所述WAS返回的登录验证成功消息;The second receiving module 51 is configured to receive the login verification success message returned by the WAS;

第四处理模块52,用于在所述WAS对登录验证成功后的验证信息进行鉴权验证成功后,接收所述WAS发送的有效访问令牌和唯一身份标识,根据接收到的唯一身份标识将用户定向到Web实时通信应用主页,并根据有效访问令牌建立与Web实时通信服务器WS的连接。The fourth processing module 52 is configured to receive the valid access token and the unique identity sent by the WAS after the WAS successfully authenticates the verification information after the successful login verification, and send the valid access token and the unique identity according to the received unique identity. The user is directed to the homepage of the Web real-time communication application, and establishes a connection with the Web real-time communication server WS according to a valid access token.

在本发明上述实施例中,所述第二发送模块50包括:In the above embodiments of the present invention, the second sending module 50 includes:

发送接收子模块501,用于向所述WAS发送携带验证信息的登录请求,并接收所述WAS返回的携带一随机数RandomNumber的登录页面;Sending and receiving sub-module 501, configured to send a login request carrying verification information to the WAS, and receive a login page carrying a random number RandomNumber returned by the WAS;

加密发送子模块502,用于对所述验证信息进行加密生成第一加密结果Hashone,将所述Hashone、用户名Username以及所述RandomNumber发送至所述WAS,使得所述WAS根据接收到的所述Hashone、所述Username和所述RandomNumber对所述Web实时通信应用发送的登录请求进行验证。Encrypted sending sub-module 502, configured to encrypt the verification information to generate a first encrypted result Hasone, and send the Hasone, username, and RandomNumber to the WAS, so that the WAS according to the received Hasone, the Username and the RandomNumber verify the login request sent by the Web real-time communication application.

在本发明上述实施例中,所述第四处理模块52包括:In the above embodiments of the present invention, the fourth processing module 52 includes:

接收写入子模块521,用于接收所述WAS根据所述验证信息鉴权验证中生成的有效客户端代码Codeclient,将接收到的有效Codeclient写入自身会话中;The receiving and writing sub-module 521 is used to receive the valid client code Codeclient generated by the WAS according to the authentication verification of the verification information, and write the received valid Codeclient into its own session;

第一发送子模块522,用于向所述WAS发送携带有效Codeclient的信息授权HTTP请求,使得所述WAS对有效Codeclient进行验证,并接收所述WAS在有效Codeclient验证通过后发送的有效访问令牌,将接收到的有效访问令牌写入自身会话中;The first sending sub-module 522 is configured to send an information authorization HTTP request carrying a valid Codeclient to the WAS, so that the WAS can verify the valid Codeclient, and receive the valid access token sent by the WAS after the valid Codeclient is verified. , write the received valid access token into its own session;

第二发送子模块523,用于向所述WAS发送携带有效访问令牌的信息授权HTTP请求,使得所述WAS对有效访问令牌进行验证,验证通过后接收所述WAS发送的唯一身份标识。The second sending sub-module 523 is configured to send an information authorization HTTP request carrying a valid access token to the WAS, so that the WAS can verify the valid access token, and receive the unique identity sent by the WAS after the verification is passed.

在本发明上述实施例中,当Web实时通信应用为当前平台Web实时通信应用WA时,所述装置还包括:In the foregoing embodiments of the present invention, when the Web real-time communication application is the current platform Web real-time communication application WA, the device also includes:

第三发送模块53,用于所述第二发送模块50向所述WAS发送携带验证信息的登录请求之前,向所述WAS发送携带自身会话中的第一访问令牌的验证处理HTTP请求,由所述WAS对第一访问令牌进行验证;The third sending module 53 is configured to send a verification processing HTTP request carrying the first access token in its own session to the WAS before the second sending module 50 sends the login request carrying the verification information to the WAS, by The WAS verifies the first access token;

接收发送模块54,用于接收所述WAS发送的第一访问令牌无效的消息,向所述WAS发送携带自身会话中第一Codeclient的鉴权处理HTTP请求,由所述WAS对第一Codeclient进行验证,并在验证失败后检查自身会话中的Code值是否过期,当所述WAS自身会话中的Code值过期时,跳转到WAS登录界面。The receiving and sending module 54 is configured to receive the message that the first access token sent by the WAS is invalid, and send to the WAS an authentication processing HTTP request carrying the first Codeclient in its own session, and the WAS performs an authentication process on the first Codeclient. Verify, and check whether the Code value in the self-session expires after the verification fails, and jump to the WAS login interface when the Code value in the WAS self-session expires.

在本发明上述实施例中,当接收所述WAS发送的第一访问令牌有效的消息时,所述装置包括:In the above embodiments of the present invention, when receiving the message that the first access token is valid sent by the WAS, the device includes:

接收调用模块55,用于接收所述WAS发送唯一身份标识,调用所述WS提供的各种服务。The receiving calling module 55 is used for receiving the unique identity sent by the WAS, and calling various services provided by the WS.

在本发明上述实施例中,当所述WAS自身会话中的Code值没有过期时,所述装置还包括:In the above embodiments of the present invention, when the Code value in the WAS session itself has not expired, the device further includes:

第三接收模块56,用于接收所述WAS返回与所述WA对应的有效Codeclient。The third receiving module 56 is configured to receive a valid Codeclient corresponding to the WA returned by the WAS.

在本发明上述实施例中,当所述Web实时通信应用为第三方业务平台的Web实时通信应用TPWA时,所述装置还包括:In the above embodiment of the present invention, when the Web real-time communication application is a Web real-time communication application TPWA of a third-party service platform, the device further includes:

申请接入模块57,用于所述第二发送模块50向所述WAS发送携带验证信息的登录请求之前,向所述WAS发送申请接入请求,由所述WAS对所述申请接入请求进行核准;The application access module 57 is configured to send an application access request to the WAS before the second sending module 50 sends a login request carrying verification information to the WAS, and the WAS performs an access request on the application access request. approved;

第四接收模块58,用于接收所述WAS发送的第三方应用身份标识和第二密码,所述验证信息包括第三方应用身份标识和第二密码;The fourth receiving module 58 is configured to receive the third-party application identity and the second password sent by the WAS, and the verification information includes the third-party application identity and the second password;

连接模块59,用于与第三方业务平台建立连接,完成在第三方业务平台的登录鉴权。The connection module 59 is used to establish a connection with the third-party service platform, and complete login authentication on the third-party service platform.

在本发明上述实施例中,所述装置还包括:In the above-mentioned embodiment of the present invention, the device also includes:

接收写入模块60,用于接收所述WAS生成的有效Codeclient,将接收到的有效Codeclient写入自身会话中;Receiving and writing module 60, used to receive the valid Codeclient generated by the WAS, and write the received valid Codeclient into its own session;

第五处理模块61,用于向所述WAS发送携带有效Codeclient的信息授权HTTP请求,使得所述WAS对有效Codeclient进行验证,并接收所述WAS在有效Codeclient验证通过后发送的临时访问令牌,将接收到的临时访问令牌写入自身会话中;The fifth processing module 61 is configured to send an information authorization HTTP request carrying a valid Codeclient to the WAS, so that the WAS can verify the valid Codeclient, and receive the temporary access token sent by the WAS after the valid Codeclient is verified, Write the received temporary access token into its own session;

发送接收模块62用于向所述WAS发送携带临时访问令牌的信息授权HTTP请求,使得所述WAS对临时访问令牌进行验证,验证通过后接收所述WAS发送唯一身份标识。The sending and receiving module 62 is used to send an information authorization HTTP request carrying a temporary access token to the WAS, so that the WAS can verify the temporary access token, and receive the unique identity sent by the WAS after the verification is passed.

本发明实施例提供一种Web实时通信平台鉴权接入装置,应用于Web实时通信服务器WS,如图13所示,所述装置包括:An embodiment of the present invention provides an authentication access device for a Web real-time communication platform, which is applied to a Web real-time communication server WS, as shown in FIG. 13 , the device includes:

第五接收模块70,用于接收浏览器发送的携带有效访问令牌的WebSocket连接请求;The fifth receiving module 70 is configured to receive a WebSocket connection request carrying a valid access token sent by the browser;

提取发送模块71,用于提取有效访问令牌,向Web实时通信登录鉴权网元实体WAS发送携带有效访问令牌的验证处理HTTP请求,由所述WAS对有效访问令牌进行验证,返回验证通过信息;The extraction and sending module 71 is used to extract a valid access token, and sends a verification processing HTTP request carrying a valid access token to the Web real-time communication login authentication network element entity WAS, and the WAS verifies the valid access token and returns the verification pass information;

接收返回模块72,用于接收所述WAS返回的验证通过信息,向浏览器返回连接成功消息,完成与浏览器下的各个Web实时通信应用的连接。The receiving and returning module 72 is configured to receive the verification passing information returned by the WAS, return a connection success message to the browser, and complete the connection with various Web real-time communication applications under the browser.

本发明实施例Web实时通信平台鉴权接入方法,通过对验证信息进行登录鉴权验证成功后,使得WebRTC应用获得WAS颁发的有效访问令牌和唯一身份标识,进而可以使用WebRTC平台提供的各种即时通信服务,从而为WebRTC服务的用户和WebRTC服务平台提供安全性保障;且提供了WebRTC服务平台不同WebRTC应用之间的单点登录能力,以使得同一个用户在不同WebRTC应用之间切换时更加便捷;进一步地,为第三方业务平台的WebRTC应用提供Oauth2.0的接入能力,使得第三方业务平台上的WebRTC应用获取使用WebRTC平台提供的各种即时通信服务能力,进而极大地拓展WebRTC平台服务的用户范畴。The authentication access method of the Web real-time communication platform in the embodiment of the present invention, after successful login authentication and verification of the verification information, enables the WebRTC application to obtain a valid access token and a unique identity issued by WAS, and then can use various information provided by the WebRTC platform. An instant messaging service to provide security for WebRTC service users and the WebRTC service platform; and provide a single sign-on capability between different WebRTC applications on the WebRTC service platform, so that the same user can switch between different WebRTC applications It is more convenient; further, it provides Oauth2.0 access capabilities for WebRTC applications on third-party business platforms, enabling WebRTC applications on third-party business platforms to obtain various instant messaging service capabilities provided by the WebRTC platform, thereby greatly expanding WebRTC User category of platform services.

需要说明的是,本发明实施例提供的Web实时通信平台鉴权接入装置是应用上述方法的装置,则上述方法的所有实施例均适用于该装置,且均能达到相同或相似的有益效果。It should be noted that the Web real-time communication platform authentication access device provided by the embodiment of the present invention is a device that applies the above method, then all the embodiments of the above method are applicable to this device, and can achieve the same or similar beneficial effects .

以上所述是本发明的优选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明所述原理的前提下,还可以作出若干改进和润饰,这些改进和润饰也应视为本发明的保护范围。The above description is a preferred embodiment of the present invention, it should be pointed out that for those of ordinary skill in the art, without departing from the principle of the present invention, some improvements and modifications can also be made, and these improvements and modifications can also be made. It should be regarded as the protection scope of the present invention.

Claims (21)

CN201510510506.1A2015-08-192015-08-19A kind of Web real-time communication platform authentication cut-in method and deviceWithdrawnCN106470190A (en)

Priority Applications (2)

Application NumberPriority DateFiling DateTitle
CN201510510506.1ACN106470190A (en)2015-08-192015-08-19A kind of Web real-time communication platform authentication cut-in method and device
PCT/CN2016/095951WO2017028804A1 (en)2015-08-192016-08-19Web real-time communication platform authentication and access method and device

Applications Claiming Priority (1)

Application NumberPriority DateFiling DateTitle
CN201510510506.1ACN106470190A (en)2015-08-192015-08-19A kind of Web real-time communication platform authentication cut-in method and device

Publications (1)

Publication NumberPublication Date
CN106470190Atrue CN106470190A (en)2017-03-01

Family

ID=58050890

Family Applications (1)

Application NumberTitlePriority DateFiling Date
CN201510510506.1AWithdrawnCN106470190A (en)2015-08-192015-08-19A kind of Web real-time communication platform authentication cut-in method and device

Country Status (2)

CountryLink
CN (1)CN106470190A (en)
WO (1)WO2017028804A1 (en)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN107153793A (en)*2017-05-172017-09-12成都麟成科技有限公司A kind of preventing decryption method of significant data storage
CN107846447A (en)*2017-09-212018-03-27烽火通信科技股份有限公司A kind of method of the home terminal access message-oriented middleware based on MQTT agreements
CN108776923A (en)*2018-06-052018-11-09深圳壹账通智能科技有限公司Order method of payment, system, computer equipment and storage medium
CN109327437A (en)*2018-09-292019-02-12深圳市多易得信息技术股份有限公司Concurrent websocket business information processing method and server-side
CN110061952A (en)*2018-01-192019-07-26腾讯科技(深圳)有限公司Information processing method, device, storage medium and electronic device
CN110266722A (en)*2019-07-052019-09-20深圳市浩科电子有限公司A kind of method and system of multipath access server
CN110493239A (en)*2019-08-262019-11-22京东数字科技控股有限公司The method and apparatus of authentication
CN111107109A (en)*2020-01-082020-05-05世纪恒通科技股份有限公司Log-in-free technology based on token
CN111526111A (en)*2019-02-022020-08-11腾讯科技(深圳)有限公司Control method, device and equipment for logging in light application and computer storage medium
CN112118236A (en)*2020-09-042020-12-22紫光云(南京)数字技术有限公司Platform application open authorization management method
CN112199656A (en)*2020-12-032021-01-08湖北亿咖通科技有限公司Access authority acquisition method of service platform and access control method of service platform
CN112218388A (en)*2020-09-152021-01-12贵阳朗玛信息技术股份有限公司Method and device for reconnection of broken network
CN112640389A (en)*2018-09-072021-04-09贝宝公司Using ephemeral URL passwords to thwart massive attacks
WO2022033278A1 (en)*2020-08-112022-02-17华为技术有限公司Ims data channel-based communication method and device
CN114070616A (en)*2021-11-152022-02-18广东亿迅科技有限公司Distributed session sharing method and system based on redis cache
CN114079569A (en)*2020-07-312022-02-22中移(苏州)软件技术有限公司Open authorization method and device, equipment and storage medium
CN114615084A (en)*2022-04-112022-06-10西安热工研究院有限公司Single sign-on and logout method and system applied to front-end and back-end separation scene, electronic equipment and storage medium
CN115242474A (en)*2022-07-142022-10-25观澜网络(杭州)有限公司Real-time communication system, method, terminal equipment and storage medium
CN115514576A (en)*2022-10-092022-12-23中国南方电网有限责任公司 Access identity authentication method, device, equipment and medium for power monitoring system
CN115988004A (en)*2022-09-052023-04-18鹿马智能科技(上海)有限公司 Communication method, system, electronic device and medium between multiple terminals

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN108667810A (en)*2018-04-182018-10-16珠海横琴盛达兆业科技投资有限公司A kind of secure log verification method based on small routine
CN111355583B (en)*2018-12-202022-12-27中移(杭州)信息技术有限公司Service providing system, method, device, electronic equipment and storage medium
WO2021003751A1 (en)*2019-07-112021-01-14深圳市鹰硕技术有限公司Single-account multi-identity login method and apparatus, server, and storage medium
US11652813B2 (en)2019-10-042023-05-16Mastercard International IncorporatedSystems and methods for real-time identity verification using a token code
US11449636B2 (en)2019-10-042022-09-20Mastercard International IncorporatedSystems and methods for secure provisioning of data using secure tokens
CN115333792B (en)*2019-12-312025-09-26华为云计算技术有限公司 Identity authentication method, device and related equipment
CN111447184A (en)*2020-03-092020-07-24上海数据交易中心有限公司Single sign-on method, device, system and computer readable storage medium
CN111510461B (en)*2020-04-262022-02-22成都安恒信息技术有限公司System and method for managing WEB application centralized release authority
CN112612985B (en)*2020-12-242024-07-23广州致远电子股份有限公司Multi-user and multi-type message pushing system and method based on WebSocket
CN112800139A (en)*2021-02-232021-05-14浪潮云信息技术股份公司Third-party application data synchronization system based on message queue
CN113364798A (en)*2021-06-212021-09-07浪潮云信息技术股份公司Redis-based user access frequency processing device
CN113781194A (en)*2021-09-062021-12-10青岛微智慧信息有限公司 Access supervision method and system suitable for flexible employment
CN114726632B (en)*2022-04-142024-04-05广州鑫景信息科技服务有限公司Login method, login equipment and storage medium
CN115277234B (en)*2022-08-012024-01-09重庆标能瑞源储能技术研究院有限公司Security authentication method and system based on Internet of things platform micro-service
CN116170759B (en)*2023-02-102024-12-13北京自如信息科技有限公司 A local area network access method and system based on WeChat
CN116743418B (en)*2023-03-212024-09-24云盾智慧安全科技有限公司Website safety protection method and device
CN116962092B (en)*2023-09-212023-12-26畅捷通信息技术股份有限公司Ecological integrated login method, system, electronic equipment and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN104144167A (en)*2014-08-152014-11-12深圳市蜂联科技有限公司User login authentication method of open intelligent gateway platform
CN104283681A (en)*2013-07-082015-01-14华为技术有限公司 A method, device and system for verifying user's legitimacy

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
WO2014145417A1 (en)*2013-03-152014-09-18MARKUS, IsidoroMethod and apparatus for secure interaction with a computer service provider
CN104113511B (en)*2013-04-172018-03-23中国移动通信集团公司A kind of method, system and relevant apparatus for accessing IMS network
CN104468487B (en)*2013-09-232018-10-19华为技术有限公司Communication authentication method and device, terminal device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN104283681A (en)*2013-07-082015-01-14华为技术有限公司 A method, device and system for verifying user's legitimacy
CN104144167A (en)*2014-08-152014-11-12深圳市蜂联科技有限公司User login authentication method of open intelligent gateway platform

Cited By (29)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN107153793A (en)*2017-05-172017-09-12成都麟成科技有限公司A kind of preventing decryption method of significant data storage
CN107153793B (en)*2017-05-172020-03-27深圳市马博士网络科技有限公司Important data storage anti-deciphering method
CN107846447A (en)*2017-09-212018-03-27烽火通信科技股份有限公司A kind of method of the home terminal access message-oriented middleware based on MQTT agreements
CN110061952A (en)*2018-01-192019-07-26腾讯科技(深圳)有限公司Information processing method, device, storage medium and electronic device
CN110061952B (en)*2018-01-192021-08-06腾讯科技(深圳)有限公司Information processing method, information processing apparatus, storage medium, and electronic apparatus
CN108776923A (en)*2018-06-052018-11-09深圳壹账通智能科技有限公司Order method of payment, system, computer equipment and storage medium
CN112640389A (en)*2018-09-072021-04-09贝宝公司Using ephemeral URL passwords to thwart massive attacks
CN112640389B (en)*2018-09-072024-03-08贝宝公司System, method, and machine-readable medium for protecting uniform resource locators
US11750596B2 (en)2018-09-072023-09-05Paypal, Inc.Using ephemeral URL passwords to deter high-volume attacks
CN109327437B (en)*2018-09-292020-02-21深圳市多易得信息技术股份有限公司Concurrent websocket service information processing method and server
CN109327437A (en)*2018-09-292019-02-12深圳市多易得信息技术股份有限公司Concurrent websocket business information processing method and server-side
CN111526111A (en)*2019-02-022020-08-11腾讯科技(深圳)有限公司Control method, device and equipment for logging in light application and computer storage medium
CN110266722A (en)*2019-07-052019-09-20深圳市浩科电子有限公司A kind of method and system of multipath access server
CN110493239A (en)*2019-08-262019-11-22京东数字科技控股有限公司The method and apparatus of authentication
CN111107109A (en)*2020-01-082020-05-05世纪恒通科技股份有限公司Log-in-free technology based on token
CN114079569A (en)*2020-07-312022-02-22中移(苏州)软件技术有限公司Open authorization method and device, equipment and storage medium
CN114079569B (en)*2020-07-312024-05-03中移(苏州)软件技术有限公司Open authorization method and device, equipment and storage medium
WO2022033278A1 (en)*2020-08-112022-02-17华为技术有限公司Ims data channel-based communication method and device
CN112118236A (en)*2020-09-042020-12-22紫光云(南京)数字技术有限公司Platform application open authorization management method
CN112218388A (en)*2020-09-152021-01-12贵阳朗玛信息技术股份有限公司Method and device for reconnection of broken network
CN112199656A (en)*2020-12-032021-01-08湖北亿咖通科技有限公司Access authority acquisition method of service platform and access control method of service platform
CN114070616A (en)*2021-11-152022-02-18广东亿迅科技有限公司Distributed session sharing method and system based on redis cache
CN114070616B (en)*2021-11-152024-02-27广东亿迅科技有限公司Distributed session sharing method and system based on redis cache
CN114615084A (en)*2022-04-112022-06-10西安热工研究院有限公司Single sign-on and logout method and system applied to front-end and back-end separation scene, electronic equipment and storage medium
CN114615084B (en)*2022-04-112024-04-16西安热工研究院有限公司 A single sign-on and sign-off method, system, electronic device and storage medium for front-end and back-end separation scenarios
CN115242474A (en)*2022-07-142022-10-25观澜网络(杭州)有限公司Real-time communication system, method, terminal equipment and storage medium
CN115242474B (en)*2022-07-142024-06-07观澜网络(杭州)有限公司Real-time communication system, method, terminal equipment and storage medium
CN115988004A (en)*2022-09-052023-04-18鹿马智能科技(上海)有限公司 Communication method, system, electronic device and medium between multiple terminals
CN115514576A (en)*2022-10-092022-12-23中国南方电网有限责任公司 Access identity authentication method, device, equipment and medium for power monitoring system

Also Published As

Publication numberPublication date
WO2017028804A1 (en)2017-02-23

Similar Documents

PublicationPublication DateTitle
CN106470190A (en)A kind of Web real-time communication platform authentication cut-in method and device
US9722984B2 (en)Proximity-based authentication
CN103944900B (en)It is a kind of that attack prevention method and its device are asked across station based on encryption
CN111062023B (en)Method and device for realizing single sign-on of multi-application system
US8689339B2 (en)Method, system and apparatus for game data transmission
CN107347068A (en)Single-point logging method and system, electronic equipment
CN102946384B (en)User authentication method and equipment
CN105099707B (en)A kind of offline authentication method, server and system
CN108322416B (en)Security authentication implementation method, device and system
CN101534192B (en)System used for providing cross-domain token and method thereof
CN105917630A (en)Redirect to inspection proxy using single-sign-on bootstrapping
CN103001770B (en)A kind of user rs authentication method, server and system
CN101304318A (en)Safe network authentication system and method
CN106331003B (en) A method and device for accessing an application portal system on a cloud desktop
CN103444215B (en) Method and apparatus for avoiding the hazards of cyber-attacks
CN107517194B (en)Return source authentication method and device of content distribution network
US20170070486A1 (en)Server public key pinning by url
CN107786515A (en)A kind of method and apparatus of certificate verification
CN109495458A (en)A kind of method, system and the associated component of data transmission
CN103368831B (en)A kind of anonymous instant communicating system identified based on frequent visitor
CN110166471A (en)A kind of portal authentication method and device
CN103546292A (en)Third-party certification system or method with multiple identification codes
CN114158046B (en)Method and device for realizing one-key login service
CN104918245A (en)Identity authentication method, device, server and client
CN117336092A (en)Client login method and device, electronic equipment and storage medium

Legal Events

DateCodeTitleDescription
PB01Publication
PB01Publication
SE01Entry into force of request for substantive examination
SE01Entry into force of request for substantive examination
WW01Invention patent application withdrawn after publication
WW01Invention patent application withdrawn after publication

Application publication date:20170301
[8]ページ先頭
©2009-2025 Movatter.jp