CN101771676B - Setting and authentication method for cross-domain authorization and relevant device and system - Google Patents

Setting and authentication method for cross-domain authorization and relevant device and system Download PDF

Info

Publication number
CN101771676B
CN101771676B CN 200810242174 CN200810242174A CN101771676B CN 101771676 B CN101771676 B CN 101771676B CN 200810242174 CN200810242174 CN 200810242174 CN 200810242174 A CN200810242174 A CN 200810242174A CN 101771676 B CN101771676 B CN 101771676B
Authority
CN
China
Prior art keywords
page
user
server
information
resource information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN 200810242174
Other languages
Chinese (zh)
Other versions
CN101771676A (en
Inventor
孙谦
胡立新
谭东晖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN 200810242174 priority Critical patent/CN101771676B/en
Priority to PCT/CN2009/076318 priority patent/WO2010075798A1/en
Publication of CN101771676A publication Critical patent/CN101771676A/en
Application granted granted Critical
Publication of CN101771676B publication Critical patent/CN101771676B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a setting method for cross-domain authorization. The method comprises the following steps: receiving request of a user for the access to resource information; displaying a first page containing the resource information based on the request, wherein the first page is provided by a first server positioned in a first field; displaying a second page containing the relational information of the user based on the first page, wherein the second page is provided by a second server positioned in a second field; receiving the relational information corresponding to the resource information, which is selected from the second page by the user; and transmitting the resource information and the relational information which is selected from the second page to the first server so that the first server stores records corresponding to the selected relational information and the resource information, and treats the corresponding records as the authorization information for the access to the resource information. The embodiment of the invention also discloses an authentication method and a terminal for cross-domain authorization, and a relevant device and a system. By adopting the embodiment of the invention, the resource information of the user, which is positioned in the first field, can be authorized to the relational information of the second field, thereby improving the experience of the user.

Description

A kind of setting of cross-domain authorization, method for authenticating, relevant apparatus and system
Technical field
The present invention relates to computer application field, relate in particular to a kind of setting, label power method, relevant apparatus and system of cross-domain authorization.
Background technology
SNS (Social Network Site) website, Chinese is commonly referred to as the social network sites server, is based on the network virtual social network-i i-platform that the social networking relationships system thinking is set up.From Myspace to Facebook, happy net and school net etc., social network sites server both domestic and external has moved to maturity, and becomes the part of more and more daily lives of people.The various application of user in the social network sites platform occurred simultaneously offering in a large number, this application generally is that application server provides, and these colourful social application have really been brought value for the user just.Use Website server and separate independently with the social network sites server often, can be runed by different service providers, and the application Website server generally is arranged in different territories from the social network sites server.The user can have a lot of resource informations in using Website server, such as photo, video, diary, miniature blog, web site collection or positional information etc., in the social network sites server, then storing user's relation information, such as information such as contact person's (being also referred to as buddy list etc.) and groups.
The user wish with own resource using Website server can conditionally be shared with own in social network sites some contact person or the group of appointment, if relation information and resource information can realize by common authority setting in same territory the time, if and not in same territory the time, then use Website server can not be without approval and arbitrarily calling party at the relation information of social network sites server, like this, how to realize to use user that resource information in the Website server licenses to the relation information in the same area not and be cross-domain authorization and be one and need at present the problem that solves.
Summary of the invention
The embodiment of the invention provides a kind of setting, label power method, relevant apparatus and system of cross-domain authorization, licenses to the relation information in the second territory to realize the resource information that the user is in the first territory, experiences thereby can improve the user.
The embodiment of the invention provides a kind of method to set up of cross-domain authorization, comprising:
Receive the request of user access resources information;
Show the first page of the resource information that comprises described user according to above-mentioned request, described first page is that the first server that is in the first territory provides;
Show second page of the relation information that comprises above-mentioned user according to above-mentioned first page, described second page is that the second server that is in the second territory provides;
Receive the user at the relation information of above-mentioned second page selection corresponding to above-mentioned resource information;
Send the relation information that above-mentioned resource information and above-mentioned user select to above-mentioned first server in second page, so that first server is stored the relation information of above-mentioned selection and the corresponding record of resource information, and with the authorization message of above-mentioned corresponding record as the above-mentioned resource information of access.
The embodiment of the invention also provides a kind of method for authenticating of cross-domain authorization, and it comprises:
Receive the user is in resource information in the first territory first server by terminal access request;
Obtain authorization message corresponding to above-mentioned resource information, above-mentioned authorization message records the relation information that is in the second territory second server corresponding to above-mentioned resource information;
Judge whether above-mentioned user belongs to above-mentioned relation information;
If so, then allow described user to access above-mentioned resource information, access above-mentioned resource information otherwise refuse above-mentioned user.
The embodiment of the invention also provides a kind of method for authenticating of cross-domain authorization, and it comprises:
Receive the user by the request of terminal;
Authorization message according to the above-mentioned user of above-mentioned acquisition request;
Obtain the resource information that above-mentioned user is authorized to access according to above-mentioned authorization message;
Described resource information is sent to described terminal.
The embodiment of the invention also provides a kind of method to set up of cross-domain authorization, and it comprises:
Receive the user by the request of the access resources information of terminal transmission;
Send the first page that includes resource information to terminal according to above-mentioned request, so that the request of obtaining that above-mentioned terminal is obtained relation information according to described first page to the second server transmission in the second territory, and above-mentioned terminal is obtained the relation information of described second server transmission and above-mentioned relation information is presented at second page;
The resource information that receiving terminal sends and user are at the relation information of described second page selection corresponding to above-mentioned resource information, store the relation information of described selection and the corresponding record of resource information, and with the authorization message of described corresponding record as the above-mentioned resource information of access.
The embodiment of the invention also provides a kind of terminal, and it comprises:
The request receiving module is used for receiving the request of user access resources information;
Display module for the first page that shows the resource information that includes the described user who is positioned at the first territory according to above-mentioned request, shows second page of the relation information that includes the described user who is positioned at the second territory according to above-mentioned first page;
The relation information receiver module is used for receiving the user at the relation information of above-mentioned second page selection corresponding to above-mentioned resource information;
Sending module, for the relation information that sends above-mentioned resource information and select at second page to first server, so that first server is stored the relation information of above-mentioned selection and the corresponding record of resource information, and with the authorization message of above-mentioned corresponding record as the described resource information of access.
The embodiment of the invention also provides a kind of server, it is characterized in that, comprising:
Receiver module is used for receiving the user by the request of terminal;
Acquisition module is used for the authorization message according to the above-mentioned user of above-mentioned acquisition request, and obtains the resource information that described user is authorized to access according to above-mentioned authorization message;
Sending module is used for above-mentioned resource information is sent to described terminal.
The embodiment of the invention also provides a kind of server, and it comprises:
Receiver module is used for receiving the user is in the first territory first server resource information by terminal access request;
Acquisition module is used for obtaining authorization message corresponding to above-mentioned resource information, and above-mentioned authorization message records the relation information that is in the second territory second server corresponding to above-mentioned resource information;
Processing module is used for judging whether above-mentioned user belongs to described relation information; Allow above-mentioned user to access above-mentioned resource information when being being judged as, refuse above-mentioned user when no and access above-mentioned resource information being judged as.
The embodiment of the invention also provides a kind of server, and it comprises:
Receiver module is used for receiving the request that the user sends by terminal;
Sending module, be used for sending the first page that includes resource information to terminal according to above-mentioned request, so that the request of obtaining that above-mentioned terminal is obtained relation information according to described first page to the second server transmission in the second territory, and described terminal is obtained the relation information of described second server transmission and above-mentioned relation information is presented at second page;
Memory module, be used for resource information that receiving terminal sends and user and select relation information corresponding to above-mentioned resource information at described second page, store the relation information of described selection and the corresponding record of resource information, and with the authorization message of above-mentioned corresponding record as the described resource information of access.
The embodiment of the invention also provides a kind of system of cross-domain authorization, it is characterized in that, comprising:
First server is positioned at the first territory, is used for receiving the request that the user sends by terminal; Send the first page that includes resource information to terminal according to above-mentioned request, so that the request of obtaining that above-mentioned terminal is obtained relation information according to described first page to the second server transmission in the second territory, and above-mentioned terminal is obtained the relation information of described second server transmission and above-mentioned relation information is presented at second page; The resource information that receiving terminal sends and user are at the relation information of described second page selection corresponding to described resource information, store the relation information of above-mentioned selection and the corresponding record of resource information, and with the authorization message of described corresponding record as the above-mentioned resource information of access;
Second server is positioned at the second territory, is used for sending to above-mentioned terminal above-mentioned user's relation information.
Setting, method for authenticating, terminal, server and the system of the cross-domain authorization that the employing embodiment of the invention provides, can realize the resource information that the user is in the first territory licensed to and be positioned at this user in relation information such as contact person, the group etc. in another territory, thereby improve user's experience.The user can directly utilize in the second server own existing relation information to come the resource in the first server is carried out association mandate, and namely the user can make things convenient for to such an extent that resource is shared mandate from the visual angle of oneself.
Description of drawings
The flow chart of the method to set up of a kind of cross-domain authorization that Fig. 1 provides for an embodiment of the present invention;
The flow chart of the method to set up of a kind of cross-domain authorization that Fig. 2 provides for another embodiment of the present invention;
The schematic diagram of the method to set up of a kind of cross-domain authorization that Fig. 3 provides for another embodiment of the present invention;
The flow chart of the method to set up of a kind of cross-domain authorization that Fig. 4 provides for the another kind of embodiment of the present invention;
The schematic diagram of the browser of terminal in the method to set up of a kind of cross-domain authorization that Fig. 5 provides for the embodiment of the invention;
The flow chart of the method for authenticating of a kind of cross-domain authorization that Fig. 6 provides for an embodiment of the present invention;
The flow chart of the method for authenticating of a kind of cross-domain authorization that Fig. 7 provides for another embodiment of the present invention;
The flow chart of the method for authenticating of a kind of cross-domain authorization that Fig. 8 provides for the another kind of embodiment of the present invention;
The structural representation of a kind of terminal that Fig. 9 provides for an embodiment of the present invention;
The structural representation of a kind of server that Figure 10 provides for an embodiment of the present invention;
The structural representation of a kind of server that Figure 11 provides for another embodiment of the present invention;
The structural representation of a kind of server that Figure 12 provides for the another kind of embodiment of the present invention;
The structural representation of the system of a kind of cross-domain authorization that Figure 13 provides for an embodiment of the present invention.
Embodiment
The embodiment of the invention provides a kind of method to set up of cross-domain authorization, and shown in please refer to the drawing 1, it comprises:
101: receive the request of user access resources information;
102: show the first page of the resource information that comprises above-mentioned user according to above-mentioned request, above-mentioned first page is that the first server that is in the first territory provides;
103: show second page of the relation information that comprises above-mentioned user according to above-mentioned first page, above-mentioned second page is that the second server that is in the second territory provides;
104: receive the user at the relation information of above-mentioned second page selection corresponding to above-mentioned resource information;
105: the relation information that sends above-mentioned resource information and in second page, select to above-mentioned first server, so that first server is stored the relation information of above-mentioned selection and the corresponding record of resource information, and with the authorization message of above-mentioned corresponding record as the above-mentioned resource information of access.
Adopt above-described embodiment, can realize that the resource information that the user is in the first territory licenses to the relation information in the second territory, experience thereby can improve the user.
Among another embodiment provided by the invention, be in the first server in the first territory, it stores user's resource information, such as photo, video, web site collection, and blog daily record etc.; Be in the second server in second territory different from the first territory, it stores the relation informations such as this user's contact person and group.As shown in Figure 2, the method to set up of a kind of cross-domain authorization of providing of the embodiment of the invention mainly may further comprise the steps:
Step 201, terminal receive the request of user's access resources information.
The user is by the resource information in the terminal first server, this access mode can adopt the OpenID technology, be that first server is as the relying party of OpenID (open identify label), second server is as the provider of OpenID, first server receives the user and uses the OpenID identify label to carry out, pass through the mode that is redirected according to the OpenID agreement, the browser of terminal can be forwarded on second page of second server the user is authenticated, the user provides password or other authentication information such as fingerprint etc., by turning back to the first page that first server shows in terminal by being redirected again after the above-mentioned authentication, include the resource information that the user is arranged on this first page, such as photo, video, web site collection, blog daily record etc.
First server can also arrange at the browser end of terminal session cookie and be used for keeping current user conversation, just needn't authenticate when follow-up this user accesses first server again.If the browser of this terminal forbidding cookie can directly carry session information to keep active user's session in HTTP request and response message.These two kinds modes of keeping session all are the common technologies in the Internet service, repeat no more herein.
Except can adopting the OpenID technology, can also adopt other cross-domain identity identifying technology such as single-point (SSO, Single Sign On), comprise OpenSSO and the Passport of Microsoft etc., simplify the licensing process of user's resource information, the user can be by terminal first server of browser login, follow-up need to be to the resource information mandate time user browser can directly access the relation information that second server obtains the user, and need not again to authenticate at second server.
If certainly do not want to use extra cross-domain identity identifying technology, also can allow the user after the access first server, visit again second server to obtain user's relation information, namely an independent second server gets final product again.
Step 202, first server are passed through the browser display first page of user terminal, and namely the authorization page of the resource information in the first server shows resource information in this first page, and button or the hyperlink of determining mandate.Hypertext code (comprising scripted code) in this first page is all generated by first server, and is sent to the browser end demonstration of user terminal by this first server.
Step 203, show second page of inclusion relation information according to above-mentioned first page.
The browser of terminal also shows second page of the relation information that comprises the user, and the hypertext code of this second page is generated by second server (comprising scripted code).This second page can have multiple display modes, as in first page with iframe (Inline Frame, inline frame) form shows, perhaps when clicking certain button or link in first page, eject relation information such as contact person and group etc. that a new browser page shows the user.
Comprise again an iframe frame page that points to first server in second page, be called the 3rd page, generally be made as hiding style.By the iframe frame page of above-mentioned the second page middle finger to first server, can break through the restriction that can't directly carry out cross-domain communication in the browser, make transmission that first server and second server can carry out by user's browser information and exchange.
Shown in please refer to the drawing 3, form with iframe in the first page shows second page, as seen by second page from the first page of first server to second server, arrive again the 3rd page of first server, return a such ring-type information transmission channels of first page of first server, realized the cross-domain transmission of relation information in browser, make first server can obtain easily the relation information of the user in the second server, thereby the resource in using is authorized.
Second page can show by the source address that second page is set in first page, as can be in the javascript of first page script function the source address attribute of second page of iframe form being arranged, is exemplified below:
iframe1.src=“http://snsexample.com/relationship.php”;
And for second page that ejects form, directly use hyperlink address as:
<a href=" http://snsexample.com/relationship.php " target=" _ blank "〉show group and contact person</a
Perhaps the corresponding script of the click event of button open new page as:
window.open(′http://snsexample.com/relationship.php′);
If the user is to carry out authentication by second server during by the terminal first server, as adopt the modes such as OpenID or single-point, be that the user is when step 101 is passed through the authentication of second server, second server can arrange corresponding session cookie item at the browser end of user's terminal, the data of this cookie item can comprise the session informations such as session identification, and the user accesses second server and just can authenticate in current sessions.Namely second page obtains first the cookie data of browser end of user's terminal, then carries the cookie data to this user's of second server acquisition request relation information, and the relation information that obtains is presented in this page.
If first server and second server can not adopt the modes such as OpenID or single-point to make the user only carry out authentication in a server, then the user on first server after, because second server corresponding to second page face do not have corresponding session information such as cookie data, then second page shows before user's the relation information, to carry out authentication on the prompting user elder generation second server.
As shown in Figure 4, comprise resource information in the first page, such as photo, also have a button of determining mandate.In first page, can adopt the form of inline frame to comprise second page, can comprise contacts list in the relation information that second page shows, the contact person can divide into groups to show, as is grouped into colleague, classmate and household etc., shows a check box each contact person or group names front.Can also show in addition some public group and group members that the user creates or participates in, for user selection.No matter be contact person's grouping, or public group, can identify with unique group to represent.What second page showed can be contact person's name or the pet name, and the title of group, but when the information of reality transmits, use generally be contact person's user ID, and group sign.
Except above-mentioned contact person and group, second server can also detect once had other users that communicate by letter with the user recently, and as transmission message was arranged in second server, mail by the record of phone, then is also shown in these users in second page.Future telecommunication and the Internet closely merge, in the second server of telecom operators' operation, be easy to obtain user's communications records (such as note, phone etc.), there was the people who writes to each other not necessarily can be in above-mentioned user's contact person and group with the user, but the user wishes and can have the people who writes to each other to share some resources with these temporarily sometimes, and these people's (can be called interim contact person) information in fact also belongs to user's relation data.
In addition, because the user may license to some relation informations such as contact person or group to current resource information, first page can also be from the existing authorization message of this user of first server acquisition request to current resource information, and the contact person that will obtain the authorization and group information etc. pass to second page as the parameter of the second page source address URL (URL(uniform resource locator)).Be exemplified below:
iframe1.src=“http://snsexample.com/relationship.php#groups=group1”;
Wherein the parameter in the bookmark namely the part of this address above mentioned " # " back represent that current resource has licensed to the group1 of group.
Except using the bookmark parameter, also can use source address inquiry string "? " after comprise parameter, as:
iframe1.src=“http://snsexample.com/relationship.php?groups=group1”;
Certainly use same address at needs, the URL by iframe transmits in the situation of bulk information, and the bookmark " # " is best mode.
Second page can be when this window load events (window.onLoad) occurs, in the current page address, obtain above-mentioned parameter, then when showing user's relation information, the group such as the group1 that have obtained the authorization according to above-mentioned parameter are set to selected state.Thus the user can understand which relation information such as contact person or group obtained the authorization the access current resource information.The example that comprises simultaneously group and contact person in the parameter is as follows:
iframe1.src=“http://snsexample.com/relationship.php#groups=group1&
contacts=usera+userb”;
The current resource of Parametric Representation in the address above mentioned has been authorized to the group1 of group and contact person usera and userb.Group1 is the group sign, and usera and userb are user ID.
Step 204, user choice relation information in second page, and user-selected relation information passed to the 3rd page.Second page is selected by terminal or cancellation when selecting group or contact person's event to occur (such as the onClick event of the check box of corresponding relationship people or group) the user, all the current relation information of choosing (group or contact person) is passed to the 3rd page, the method of its transmission can be specified by the source address attribute that the 3rd page is set the page address of the 3rd page, and the relation information of user selection is included in sends the 3rd page in the address parameter to.The source address of the 3rd set page is exemplified below:
iframe2.src=“http://appexample.com/auth.php#groups=group1+group2&
contacts=usera+userb+userc”;
The selected group1 of group and group2 and contact person usera, userb and the userc of licensing to of the current resource of Parametric Representation in the address above mentioned.
Step 205, the 3rd page pass to first page with the relation information of the user selection that second page sends.Timing function of the 3rd page setup, every one predetermined time the interval such as 500 milliseconds of execution once, obtain the relation information of user selection in the parameter in the current page address, when it changes, just pass to first page.Because predetermined time interval very short (being generally less than 1 second), these relation informations that the 3rd page obtains can reflect in real time that the mandate that the user makes at second page selects, then with these relation informations (as " groups=group1+group2﹠amp; Contacts=usera+userb+userc ") pass to the corresponding scripts routine processes of first page.Because the 3rd page and first page are positioned at same territory, namely all in first server, there is not the problem of cross-domain communication, relation information can transmit normally.For second page of inline frame form, the processing scripts in the 3rd page is exemplified below:
function?transmit(){
parent.parent.receive(window.location.hash);
}
setInterval(transmit,500);
Above-mentioned script is every 500 milliseconds of execution above-mentioned transmit () function once, and the corresponding scripts program (being above-mentioned receive function) that the parameter in the source address of this page (being content corresponding to window.location.hash) is passed to first page (being object parent.parent) is processed.
For second page of the form of ejection, the processing scripts in the 3rd page is exemplified below:
function?transmit(){
parent.opener.receive(window.location.hash);
}
setInterval(transmit,500);
What wherein first page was corresponding is the parent.opener object, and these are different during from second page of inline frame form.
Step 206, after the user is defined as selected contact person and/or group's authorization resources information, first page is submitted to first server with the final selected relation information of user and resource information etc.
Comprise button or a hyperlink of determine authorizing in the first page, can called after " share " or " determining " etc.After this button was activated by the user, first page was submitted to the first server server with the final selected relation information of user and resource information etc.The relation information that the first server storage is user-selected and the corresponding record of resource information, and with the authorization message of this corresponding record as this resource information of access.In addition, can also comprise the mandate time in the above-mentioned authorization message, namely first page is submitted to the final selected relation information of user and corresponding resource information etc. the time of first server.
By above step as seen, only just finished the transmission of the relation information of corresponding resource information between first server and the second server at the browser end of terminal, send second page of second server such as the relation information of having authorized to from the first page of first server, and the relation information of user selection sends first page from second page of second server to through the 3rd page.Needn't between first server and second server, directly transmit any data, can finish cross-domain resource authorization, realize simply efficiently taking full advantage of the computing capability of terminal.The customer relationship information that the first server that lacks relation information is taken full advantage of in the second server strengthens the social functions of self using, and attracts more user's access.
In the method to set up of a kind of cross-domain authorization that another embodiment of the present invention provides, if user's terminal browser forbidding cookie, for the fail safe that guarantees that cross-domain information is transmitted, before information is transmitted, at first between the first territory and the second territory, exchange password, all to be with password during later transmission of information, when receiving the information of transmission, will verify password first.Shown in please refer to the drawing 5, detailed process is as follows:
Step 301, first page are obtained first password.This first password can utilize random function to generate by first page voluntarily, perhaps from first server acquisition request first password.Because some browser self can not utilize random function to generate the higher password of fail safe, therefore the mode of obtaining password from server is adopted in suggestion, and password can be a random string.Can use session identification (Session ID) between first server and the user browser as first password, because session identification all is a uncertain random string usually.
Step 302, first page pass to second page with above-mentioned first password.In the window load events (window.onLoad) of second page, obtain the cryptographic parameter that first page arranges in the source address of second page, as can in the bookmark parameter, comprising password.Second page is used for the follow-up password authentification of carrying out with the first password buffer memory of receiving.
Step 303, second page obtain the second password, and this second password is sent to the 3rd page.This second password can be generated voluntarily by second page equally, perhaps from second server acquisition request the second password, and give the 3rd page with the second password transmission, also can use session identification (Session ID) between second server and the user browser as the second password.
Step 304, the 3rd page again with the second password transmission to first page.This second password of first page buffer memory is used for the follow-up password authentification of carrying out.So far finished the cross-domain password exchange between first server and the second server.
Step 305, when the relation information of follow-up transmission user selection, first page and second page all will be with respectively the separately corresponding password in territory in the URL bookmark parameter that arranges., when the source address attribute of second page is set, carries password and be exemplified below such as first page:
iframe1.src=“http://snsexample.com/relationship.php#groups=group1&
password=qw3e45s32328f3nl”;
Except relation information, also comprise first password " qw3e45s32328f3nl " in the bookmark parameter of address above mentioned.
Step 306, second page are verified in the face of password.In the window load events of second page, take out the password in the bookmark parameter such as above-mentioned password " qw3e45s32328f3nl " in this window address, then this password and the first password of buffer memory are before compared checking, checking is by the rear subsequent treatment of just carrying out.As needing to take out the relation information of having authorized in the parameter in the follow-up step.
When step 307, second page pass to the 3rd page with user-selected relation information, also carry the second password.
Step 308, the 3rd page carry out password authentification.In the window timing device function of the 3rd page, take out the password in the bookmark parameter in this window address, then this password and the second password of buffer memory are before compared checking, checking is by the rear subsequent treatment of just carrying out.
The like this request of local access second page of other outside current browser instances or the 3rd page corresponding address owing to can't obtain above-mentioned password, therefore can not leaked user's relation information or resource authorization information etc.
In the method for authenticating of a kind of cross-domain authorization that an embodiment of the present invention provides, the authentication process process when having described other users and accessing resource information in the first server.For being described clearly, will have that the user of resource information is called first user in the first server, the user that access the resource information of first user is the second user.Suppose that first user has licensed to the A of group with the resource information in the first server such as photograph album P, the member among the A of group comprises the second user.See also Fig. 6, the step of this embodiment is as follows:
Step 401, first server receive the second user and access the resource information of first user such as the request of photograph album P, this resource information is in the above-mentioned first server that is in the first territory, above-mentioned request can be carried out such as OpenID for the second user uses, and also can carry out by other means.
Step 402, first server inquiry also obtain first user to the authorization message of this resource information, and this authorization message records the relation information that is in the second territory second server corresponding to this resource information.
Step 403, first server judge whether the second user belongs to above-mentioned relation information.
Step 404 is if then first server allows the second user to access above-mentioned resource information, accesses above-mentioned resource information otherwise refuse the second user.
By the method that above-described embodiment provides, first server can be by to user's checking, and the resource information of another subscriber authorisation is shared to this user, experiences thereby can improve the user.
In order to allow the acquisition user's that first server tries one's best few relation information, the whole groups that belong to such as the second user, and second the whole groups that belong to of user may be a lot, second server also is not easy to all pass to first server, be that first server only stores the corresponding associated person information of resource information of first user and the sign of group in the present embodiment, and do not preserve the concrete contact person in the group.The step of the method for authenticating of the cross-domain authorization that another embodiment of the present invention provides specifically sees also Fig. 7:
Step 501, first server receive the second user and access the resource information of first user such as the request of photograph album P.The above-mentioned first server of this second user can adopt the mode of OpenID, also can adopt other mode.
Step 502, first server are obtained first user to the authorization message record of this resource information according to above-mentioned resource information, and judge whether the second user is the contact person's (comprising interim contact person) who has been authorized to, if so, then allow the second user access, process ends; Otherwise execution in step 503.
Step 503, first server send to second server with the group identification of authorizing in the authorization message record of first user to this resource and the second user's sign, and the request second server judges that whether the second user is the member of the above-mentioned group of authorizing.When the second user is in the group of authorizing at least during the member of one of them, then second server returns sure result of determination.
Step 504, first server receive the result of determination that second server returns, if result of determination is positive result, then first server allows the second user access, otherwise disable access.
By the method that above-described embodiment provides, first server can be by to user's checking, and the resource information of another subscriber authorisation is shared to this user, experiences thereby can improve the user.
After logining first server the user, can show the resource that this user has other users of authority access to share, which addressable resource makes things convenient for the user to know oneself has, and the method for authenticating of a kind of cross-domain authorization that the another kind of embodiment of the present invention provides please refer to Fig. 8, mainly comprises step:
Step 601, first server receive the second user's access request, and in the authorization message of storage, retrieve the corresponding resource information that is authorized to access of group that above-mentioned the second user belongs to, and the resource information that is authorized to access of the second user self correspondence.Because retrieved resource may be a lot, therefore can screen resource with the mandate time of correspondence, as only retrieving the resource that is authorized to access that the mandate time is (within a nearest week) in the predetermined period, perhaps up-to-date (the mandate time is near the current time) predetermined quantity (such as front 10 of being authorized to recently) resource etc.
Step 602, above-mentioned resource information is presented in the page behind the second user.By such scheme, be visible as the user provide property one by one after homepage, show the resource that the user can access.Especially those resources that are shared recently.
After the method that the embodiment of the invention provides can make the user login first server, can show the resource information that this user has other users of authority access to share, experience thereby improve the user.
An embodiment of the present invention provides a kind of terminal 7, and shown in please refer to the drawing 9, it comprises:
Request receiving module 71 is used for receiving the request of user access resources information;
Display module 72 for the first page that shows the resource information that includes the above-mentioned user who is positioned at the first territory according to above-mentioned request, shows second page of the relation information that includes the described user who is positioned at the second territory according to above-mentioned first page;
Relation information receiver module 73 is used for receiving the user at the relation information of above-mentioned second page selection corresponding to above-mentioned resource information;
Sending module 74, for send the relation information that above-mentioned resource information and described user select at second page to first server, so that first server is stored the relation information of above-mentioned selection and the corresponding record of resource information, and with the authorization message of above-mentioned corresponding record as the above-mentioned resource information of access.
Further,
Request receiving module 71 also be used for to receive first server according to the existing authorization message that above-mentioned request sends, and comprises relation information that the user has selected and the corresponding record of resource information in the above-mentioned existing authorization message;
Above-mentioned display module 72 also is used for: show the relation information that above-mentioned user has selected according to above-mentioned existing authorization message at second page.
Further, above-mentioned second page is the new page that is arranged in the inline frame page of first page or opens for clickable hyperlinks or button in first page.
The embodiment of the invention provides a kind of server 8, and shown in please refer to the drawing 10, it comprises:
Receiver module 81 is used for receiving the user by the request of terminal;
Acquisition module 82 is used for the authorization message according to the above-mentioned user of above-mentioned acquisition request, and obtains the resource information that above-mentioned user is authorized to access according to above-mentioned authorization message;
Sending module 83 is used for above-mentioned resource information is sent to above-mentioned terminal.
Further, above-mentioned acquisition module 82 specifically is used for: obtain above-mentioned user in the resource information that is authorized to access of nearest scheduled time or be the up-to-date resource information that is authorized to access of predetermined quantity according to above-mentioned authorization message; Above-mentioned sending module specifically is used for: above-mentioned user is sent to above-mentioned terminal in the resource information that is authorized to access of nearest scheduled time or for the up-to-date resource information that is authorized to access of predetermined quantity.
The embodiment of the invention also provides a kind of server 9, and shown in please refer to the drawing 11, it comprises:
Receiver module 91 is used for receiving the user is in the first territory first server resource information by terminal access request;
Acquisition module 92 is used for obtaining authorization message corresponding to above-mentioned resource information, and above-mentioned authorization message records the relation information that is in the second territory second server corresponding to above-mentioned resource information;
Processing module 93 is used for judging whether above-mentioned user belongs to above-mentioned relation information; Allow above-mentioned user to access above-mentioned resource information when being being judged as, refuse above-mentioned user when no and access above-mentioned resource information being judged as.
Further, above-mentioned relation information comprises contact person or group;
Above-mentioned processing module 93 specifically is used for: judges whether above-mentioned user belongs to the contact person of above-mentioned relation information, if so, then allows above-mentioned user to access above-mentioned resource information, and process ends; If not, then the sign with the group in the above-mentioned relation information and above-mentioned user sends to second server, whether belongs to above-mentioned group so that second server is judged described user; Receive the judged result that above-mentioned second server sends, if above-mentioned judged result is yes, then allow the user to access described resource information, access described resource information otherwise refuse above-mentioned user.
The embodiment of the invention also provides a kind of server 10, and shown in please refer to the drawing 12, it comprises:
Receiver module 101 is used for receiving the request that the user sends by terminal;
Sending module 102, be used for sending the first page that includes resource information to terminal according to above-mentioned request, so that the request of obtaining that above-mentioned terminal is obtained relation information according to described first page to the second server transmission in the second territory, and above-mentioned terminal is obtained the relation information of described second server transmission and described relation information is presented at second page;
Memory module 103, be used for resource information that receiving terminal sends and user and select relation information corresponding to above-mentioned resource information at above-mentioned second page, store the relation information of above-mentioned selection and the corresponding record of resource information, and with the authorization message of above-mentioned corresponding record as the above-mentioned resource information of access.
Further,
Above-mentioned sending module 102 also is used for: send the existing authorization message of storage according to above-mentioned request to terminal, comprise relation information that the user has selected and the corresponding record of resource information in the above-mentioned existing authorization message.
The embodiment of the invention also provides a kind of system 11 of cross-domain authorization, and shown in please refer to the drawing 13, it comprises:
First server 111 is positioned at the first territory, is used for receiving the request that the user sends by terminal;
Send the first page that includes resource information to terminal according to above-mentioned request, so that the request of obtaining that above-mentioned terminal is obtained relation information according to described first page to second server 112 transmissions in the second territory, and above-mentioned terminal is obtained the relation information of described second server 112 transmissions and above-mentioned relation information is presented at second page; The resource information that receiving terminal sends and user are at the relation information of above-mentioned second page selection corresponding to above-mentioned resource information, store the relation information of above-mentioned selection and the corresponding record of resource information, and with the authorization message of above-mentioned corresponding record as the described resource information of access;
Second server 112 is positioned at the second territory, is used for sending to described terminal above-mentioned user's relation information.
By terminal, server and the system that above-described embodiment provides, can realize that the resource information that the user is in the first territory licenses to the relation information in the second territory, experience thereby can improve the user.
One of ordinary skill in the art will appreciate that all or part of step that realizes in above-described embodiment method is to come the relevant hardware of instruction to finish by program, described program can be stored in a kind of computer-readable recording medium, this program is carried out all or part of step in above-described embodiment method when operation.The above-mentioned storage medium of mentioning can be read-only memory, disk or CD etc.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.

Claims (19)

1. the method to set up of a cross-domain authorization is characterized in that, comprising:
Terminal receives the request of user access resources information;
Show that according to described request the first page of the resource information comprise described user, described first page are the authorization page that is in the resource information that the first server in the first territory provides;
Show second page of the relation information that comprises described user according to described first page, described second page is that the second server that is in the second territory provides, and described second page face comprises the 3rd page that points to described first server;
Receive the user at the relation information of described second page selection corresponding to described resource information;
Send the relation information that described resource information and described user select by described the 3rd page to described first server in second page, so that described first server is stored the relation information of described selection and the corresponding record of resource information, and with the authorization message of described corresponding record as the described resource information of access.
2. the method for claim 1 is characterized in that, also comprises:
Receive described first server according to the existing authorization message that described request sends, comprise relation information that the user has selected and the corresponding record of resource information in the described existing authorization message;
The described second page mask body that includes described user's relation information according to described first page demonstration is:
Described first page receives described existing authorization message and described existing authorization message is sent to second page;
Second page shows the relation information that the user has selected in the described existing authorization message.
3. method as claimed in claim 2 is characterized in that:
Described second page is the inline frame page that is arranged in first page, described first page sends to the second page mask body with described existing authorization message: described first page is specified the page address of second page by the source address attribute that second page is set, and described existing authorization message is included in sends second page in the address parameter to; Or
The new page that described second page is opened for clickable hyperlinks or button in first page, described first page sends to the second page mask body with described existing authorization message and is: described first page is included in described existing authorization message second page that sends second server in the address parameter to by page address corresponding to described hyperlink or button is set.
4. method as claimed in claim 3 is characterized in that:
Described second page shows that the relation information that the user has selected in the described existing authorization message is specially:
Described second page takes out the parameter that includes existing authorization message in the second page address in the window load events, and according to described existing authorization message, shows the relation information that the user has selected.
5. such as each described method of claim 1-4, it is characterized in that: described the 3rd page is the inline frame page;
Described reception user selects to be specially corresponding to the relation information of described resource information at described second page: described first page receives second page and specifies the page address of the 3rd page by the source address attribute that described the 3rd page is set, and user-selected relation information is included in sends first page in the address parameter to.
6. method as claimed in claim 5, it is characterized in that: whether the address parameter that described the 3rd page detects in the source address attribute of described the 3rd page within the predetermined time changes, and when described address parameter changes the address parameter that changes is sent to described first page.
7. method as claimed in claim 6, it is characterized in that: described the 3rd page sends to first page with user-selected relation information and is specially: described the 3rd page is processed parameter in the described source address attribute by the script function of calling first page, sends user-selected relation information to first page.
8. method as claimed in claim 5 is characterized in that: also comprise:
First page and second page generate respectively password separately;
First page and the exchange of second page and preservation the other side's password;
When the information of carrying out between follow-up first page and second page transmits, first page or second page are looked unfamiliar into the password of respectively making a fresh start and are sent to the other side, first page or second page verify the password of preserving and the new password that the other side sends over, and faces when first page or second page and just process accordingly when new password that the other side sends over is proved to be successful.
9. method as claimed in claim 5, it is characterized in that: the relation information of described user selection or existing authorization message are by sending in the query string parameter that is arranged on the page address or the bookmark parameter.
10. the method for claim 1 is characterized in that, also comprises:
Receive the user is in resource information in the first territory first server by terminal access request;
Obtain authorization message corresponding to described resource information, described authorization message records the relation information that is in the second territory second server corresponding to described resource information;
Judge whether described user belongs to described relation information;
If so, then allow described user to access described resource information, access described resource information otherwise refuse described user.
11. method as claimed in claim 10 is characterized in that:
Described relation information comprises contact person or group;
Describedly judge whether described user belongs to described relation information; If so, then allow described user to access described resource information, be specially otherwise refuse the step that described user accesses described resource information:
Judge whether described user belongs to the contact person in the described relation information, if so, then allow described user to access described resource information, and process ends; If not, then carry out following step:
Group in the described relation information and described user's sign is sent to second server, whether belong to described group so that second server is judged described user;
Receive the judged result that described second server sends, if described judged result is yes, then allow the user to access described resource information, access described resource information otherwise refuse described user.
12. the method to set up of a cross-domain authorization is characterized in that, comprising:
First server receives the user by the request of the access resources information of terminal transmission;
Described first server sends the first page of the resource information that includes described user to terminal according to described request, so that described terminal sends the request of obtaining of the relation information that obtains described user to the second server in the second territory according to described first page, and described terminal is obtained the described user's that described second server sends relation information and described relation information is presented at second page, and described second page face comprises the 3rd page that points to described first server;
The resource information that receiving terminal sends by described the 3rd page and user select relation information corresponding to described resource information at described second page, store the relation information of described selection and the corresponding record of resource information, and with the authorization message of described corresponding record as the described resource information of access.
13. method as claimed in claim 12 is characterized in that, also comprises:
Send the existing authorization message of storage according to described request to terminal, comprise relation information that the user has selected and the corresponding record of resource information in the described existing authorization message.
14. a terminal is characterized in that, comprising:
The request receiving module is used for receiving the request of user access resources information;
Display module, be used for showing according to described request the first page of the resource information that includes the described user who is positioned at the first territory, show second page of the relation information that includes the described user who is positioned at the second territory according to described first page, described second page face comprises the 3rd page that points to first server;
The relation information receiver module is used for receiving the user at the relation information of described second page selection corresponding to described resource information;
Sending module, be used for sending the relation information that described resource information and described user select at second page by described the 3rd page to described first server, so that described first server is stored the relation information of described selection and the corresponding record of resource information, and with the authorization message of described corresponding record as the described resource information of access.
15. terminal as claimed in claim 14 is characterized in that:
Described receiver module also is used for receiving described first server according to the existing authorization message that described request sends, and comprises relation information that the user has selected and the corresponding record of resource information in the described existing authorization message;
Described display module also is used for: show the relation information that described user has selected according to described existing authorization message at described second page.
16. such as the described terminal of claims 14 or 15, described second page is the new page that is arranged in the inline frame page of described first page or opens for clickable hyperlinks or button in described first page.
17. a server is characterized in that, comprising:
Receiver module is used for receiving the request that the user sends by terminal;
Sending module, be used for sending the first page that includes resource information to terminal according to described request, so that the request of obtaining that described terminal is obtained relation information according to described first page to the second server transmission in the second territory, and described terminal is obtained the relation information of described second server transmission and described relation information is presented at second page, and described second page face comprises the 3rd page that points to first server;
Memory module, be used for resource information that receiving terminal sends by described the 3rd page and user at the relation information of described second page selection corresponding to described resource information, store the relation information of described selection and the corresponding record of resource information, and with the authorization message of described corresponding record as the described resource information of access.
18. server as claimed in claim 17 is characterized in that,
Sending module also is used for sending the existing authorization message of storage according to described request to terminal, comprises relation information that the user has selected and the corresponding record of resource information in the described existing authorization message.
19. the system of a cross-domain authorization is characterized in that, comprising:
First server is positioned at the first territory, is used for receiving the user by the request of the access resources information of terminal transmission; Send the first page of the resource information that includes described user to terminal according to described request, so that described terminal sends the request of obtaining of obtaining relation information according to described first page to the second server that is positioned at the second territory, and described terminal is obtained the relation information of described second server transmission and described relation information is presented at second page, and described second page face comprises the 3rd page that points to described first server; The resource information that receiving terminal sends by described the 3rd page and user select relation information corresponding to described resource information at described second page, store the relation information of described selection and the corresponding record of resource information, and with the authorization message of described corresponding record as the described resource information of access;
Second server is positioned at the second territory, is used for sending to described terminal described user's relation information.
CN 200810242174 2008-12-31 2008-12-31 Setting and authentication method for cross-domain authorization and relevant device and system Expired - Fee Related CN101771676B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN 200810242174 CN101771676B (en) 2008-12-31 2008-12-31 Setting and authentication method for cross-domain authorization and relevant device and system
PCT/CN2009/076318 WO2010075798A1 (en) 2008-12-31 2009-12-31 Configuration and authentication method for cross-domain authorization, the equipment and system thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200810242174 CN101771676B (en) 2008-12-31 2008-12-31 Setting and authentication method for cross-domain authorization and relevant device and system

Publications (2)

Publication Number Publication Date
CN101771676A CN101771676A (en) 2010-07-07
CN101771676B true CN101771676B (en) 2013-04-24

Family

ID=42309830

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200810242174 Expired - Fee Related CN101771676B (en) 2008-12-31 2008-12-31 Setting and authentication method for cross-domain authorization and relevant device and system

Country Status (2)

Country Link
CN (1) CN101771676B (en)
WO (1) WO2010075798A1 (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102143091B (en) * 2010-08-06 2014-07-16 华为技术有限公司 Cross-domain operation realization method, system, server and browser
CN102694779B (en) * 2011-03-24 2017-03-29 中兴通讯股份有限公司 Combination attestation system and authentication method
DK2811708T3 (en) * 2013-06-06 2017-01-16 Nagravision Sa User authentication system and method
CN103391192B (en) * 2013-07-16 2016-09-21 国家电网公司 A kind of based on secret protection across security domain access control system and control method thereof
CN104618217B (en) * 2014-03-24 2018-09-04 腾讯科技(北京)有限公司 Share method, terminal, server and the system of resource
US9203612B1 (en) * 2014-06-02 2015-12-01 Atlanta DTH, Inc. Systems and methods for controlling media distribution
CN104486458B (en) * 2014-12-15 2019-01-08 北京国双科技有限公司 The data processing method and device of cross-domain session
CN106161361B (en) * 2015-04-03 2018-10-02 北京神州泰岳软件股份有限公司 A kind of access method and device of cross-domain resource
CN105183851A (en) * 2015-09-08 2015-12-23 上海上讯信息技术股份有限公司 Interaction method and device overcoming browser same-origin policy limit
CN106708878B (en) * 2015-11-16 2020-06-16 北京国双科技有限公司 Terminal identification method and device
CN105472029B (en) * 2015-12-29 2019-06-21 锐达互动科技股份有限公司 A kind of method and system of the single-sign-on based on caching
CN110300133B (en) * 2018-03-22 2023-04-28 财付通支付科技有限公司 Cross-domain data transmission method, device, equipment and storage medium
CN108595512A (en) * 2018-03-23 2018-09-28 华迪计算机集团有限公司 A kind of information retrieval method and equipment across security domain
CN110502880B (en) * 2019-07-30 2021-06-04 同济大学 Heterogeneous identity association method based on attribute aggregation

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1627683A (en) * 2003-12-09 2005-06-15 鸿富锦精密工业(深圳)有限公司 Unitary authentication authorization management system and method
CN1633085A (en) * 2004-12-29 2005-06-29 北京邮电大学 An access control method based on non-grade inter-role mapping
CN1953455A (en) * 2006-11-15 2007-04-25 北京北大方正电子有限公司 A method, module and server to control access to network resource
CN101262474A (en) * 2008-04-22 2008-09-10 武汉理工大学 A cross-domain access control system for realizing role and group mapping based on cross-domain authorization

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7062654B2 (en) * 2000-11-10 2006-06-13 Sri International Cross-domain access control
US7185359B2 (en) * 2001-12-21 2007-02-27 Microsoft Corporation Authentication and authorization across autonomous network systems

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1627683A (en) * 2003-12-09 2005-06-15 鸿富锦精密工业(深圳)有限公司 Unitary authentication authorization management system and method
CN1633085A (en) * 2004-12-29 2005-06-29 北京邮电大学 An access control method based on non-grade inter-role mapping
CN1953455A (en) * 2006-11-15 2007-04-25 北京北大方正电子有限公司 A method, module and server to control access to network resource
CN101262474A (en) * 2008-04-22 2008-09-10 武汉理工大学 A cross-domain access control system for realizing role and group mapping based on cross-domain authorization

Also Published As

Publication number Publication date
WO2010075798A1 (en) 2010-07-08
CN101771676A (en) 2010-07-07

Similar Documents

Publication Publication Date Title
CN101771676B (en) Setting and authentication method for cross-domain authorization and relevant device and system
CN103023918B (en) The mthods, systems and devices logged in are provided for multiple network services are unified
CN104364762B (en) The system and method that local application is controlled by webpage
CN103916244B (en) Verification method and device
CN102413151B (en) Network resource sharing method and system
US20120210119A1 (en) Method and Apparatus for Secure Internet Browsing
US20080168546A1 (en) Randomized images collection method enabling a user means for entering data from an insecure client-computing device to a server-computing device
US20060253458A1 (en) Determining website reputations using automatic testing
US20090271868A1 (en) Site determining method
US9824207B1 (en) Authentication information update based on fraud detection
CN110113360A (en) For accessing the single group certificate of multiple computing resource services
US20060026692A1 (en) Network resource access authentication apparatus and method
CN101299694A (en) Method and system for managing caller in household network, household gateway
WO2006119480A2 (en) Website reputation product architecture
WO2006119481A9 (en) Indicating website reputations within search results
KR20100121620A (en) Captcha advertising
US20090007245A1 (en) System and method for controlled content access on mobile devices
CN102946384A (en) User authentication method and device
US9449195B2 (en) Method and apparatus to perform online credential reporting
CN103841154B (en) Network media information dissemination method, system and client
CN103220307B (en) Method for subscribing, subscription authorization method and Feeds generation servers
CN106878244B (en) Authenticity certification information providing method and device
CN103023907A (en) Method, equipment and system for acquiring website information
CN105337946B (en) The method and apparatus of webpage fake certification
WO2009154635A1 (en) System and method for controlled content access on mobile devices

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20130424