CN102546534A - Auto-distributive system for access permissions - Google Patents
Auto-distributive system for access permissions Download PDFInfo
- Publication number
- CN102546534A CN102546534A CN2010105895999A CN201010589599A CN102546534A CN 102546534 A CN102546534 A CN 102546534A CN 2010105895999 A CN2010105895999 A CN 2010105895999A CN 201010589599 A CN201010589599 A CN 201010589599A CN 102546534 A CN102546534 A CN 102546534A
- Authority
- CN
- China
- Prior art keywords
- access rights
- authorized
- server
- equipment
- distribution system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides an auto-distributive system for access permissions, which comprises a server, an authorizing device and an authorized device. The server stores various resources; the authorizing device is provided with a first access permission for accessing the various resources of the server; and the authorized device receives an authorizing instruction from the authorizing device and can make an access request to the server after receiving the authorizing instruction, wherein the access request includes the authorizing instruction. The auto-distributive system for the access permissions is capable of providing high authorizing flexibility on the premise of ensuring safety, thereby providing brand-new user experience.
Description
?
Technical field
The present invention relates to Digital Right Management, relate in particular to when protecting authority safely pipe unit kobold not and live access rights that the expansion authority uses from distribution system.
Background technology
The develop rapidly of Along with computer technology, the computer application in business administration has reached universal, utilizes all kinds of basic managements of computer realization just to become particularly important.For large and medium-sized enterprise; Support enterprise's high efficiency to accomplish the routine matter of management with computer; Be to adapt to the system of modern enterprise to require, promote business administration and move towards scientific, normalized necessary condition, computer management has incomparable advantage: retrieval rapidly, search conveniently, reliability is high, memory space is big, good confidentiality, the life-span is long, cost is low etc.And among this, be that enterprise is valued the most for safety problem always.The magnitude relationship of personal authority in the enterprise employee for the operating position of resource, and excessive authority can cause the leakage of important information or stolen by other people.And as the bank of the financial industry most important thing, other people target of public criticism especially then.Data relationship in the bank millions of clients' vital interests, and the size of operator's authority directly influences the fail safe of customer information.No matter in fact a company be the concealed degree of internally or externally sharing degree about resource to the magnitude relationship of authority; Have only and improve good access rights for valuable source; Being only one of necessary factor that ensures enterprise's normal development, also is to prevent that self rights and interests does not receive other people to encroach on best bet.
Right management method is intended to realize management control, and control is from landing beginning, and each client device can be carried out the operation behavior in the own authority allowed band under the authority of oneself.
Need a kind of when protecting digital rights safely the user not pipe unit expand the system of authority neatly.
Summary of the invention
The objective of the invention is to expand neatly rights of using.
To the actual needs of current industry, the present invention proposes a kind of access rights from distribution system, comprising: server, store various resources; Authorisation device possesses first access rights of various resources of the said server of visit; And be authorized to equipment, receive authorized order from said authorisation device; Wherein, saidly be authorized to equipment and after receiving said authorized order, can send an access request to said server, said access request comprises said authorized order.
According to one embodiment of present invention, in distribution system, said server comprises communication module, authentication module and memory at least in above-mentioned access rights.
According to one embodiment of present invention; In above-mentioned access rights in distribution system; Said authorisation device and saidly be authorized to equipment via said communication module and said server communication; Wherein after said communication module receives said access request, this access request is sent to the checking that said authentication module is carried out server end.
According to one embodiment of present invention; In above-mentioned access rights in distribution system; After the checking of carrying out said server end, said server is checked the mandate source of said authorized order according to said access request, and verifies the authority of said authorized order to said mandate source.
According to one embodiment of present invention, in distribution system, said authorized order is authorized to equipment second access rights is provided to said, and said second access rights are lower than said first access rights in above-mentioned access rights.
According to one embodiment of present invention, in distribution system, said authorized order is authorized to equipment second access rights is provided to said in above-mentioned access rights, and said second access rights equal said first access rights.
According to one embodiment of present invention, in distribution system, the checking of said server end further comprises in above-mentioned access rights: if verify successfully, then said be authorized to equipment through the checking; If authentication failed then indicates saidly to be authorized to equipment again to said authorisation device request one authorized order.
According to one embodiment of present invention, in above-mentioned access rights in distribution system, said be authorized to equipment through verify the back visit said server with said second access rights.
According to one embodiment of present invention, in above-mentioned access rights in distribution system, said authorisation device and saidly be authorized to equipment and be client device.
Be appreciated that technical scheme of the present invention can be in the mandate flexibility of guaranteeing to provide bigger under the prerequisite of fail safe, so that a kind of brand-new experience to be provided.
Should be appreciated that the above generality of the present invention is described and following detailed description all is exemplary and illustrative, and be intended to further explanation is provided for as claimed in claim the present invention.
Description of drawings
Accompanying drawing mainly is to be used to provide the present invention is further understood.Accompanying drawing shows embodiments of the invention, and plays the effect of explaining the principle of the invention with this specification.In the accompanying drawing:
Fig. 1 schematically shows the system architecture of access rights of the present invention from distribution system.
Fig. 2 shows access rights according to the present invention from the concrete power limit of the distribution system flow chart from the basic step of distribution method.
Embodiment
Describe technical scheme of the present invention in detail below in conjunction with accompanying drawing.
Fig. 1 schematically shows the system architecture of access rights of the present invention from distribution system.
As shown in Figure 1, the present invention comprises server 101 and the plurality of client end equipment 102-1 ~ 102-N that a quilt is visited at least.This server 101 is connected with each client device 102-1 ~ 102-N respectively.Server 101 can be the combination of wireless connections, wired connection or wireless and wired connection with the connected mode of client device.In addition, also can connect on demand between each client device.Concrete connected mode can be to adopt any connectivity scenario known in the art.
Client device 102-1 ~ 102-N can be any terminal equipment that can communicate by letter through wired or wireless mode.These client devices can be any terminal equipments that needs the above-mentioned server 101 of visit.For example, client device 102-1 ~ 102-N can be mobile phone, PDA, PMP or MP3 player, but the invention is not restricted to this.
In distribution system, server 101 is stored various resources in above-mentioned access rights.Client device 102-1 ~ 102-N can be divided into authorisation device and be authorized to equipment.Wherein, authorisation device, for example the 102-1 among Fig. 1 possesses first access rights of the various resources of access server 101, and is authorized to equipment, and for example the 102-2 among Fig. 1 receives authorized order from authorisation device 102-1.Be authorized to equipment 102-2 and after receiving authorized order, can send an access request to server 101, this access request comprises above-mentioned authorized order.
In addition, as shown in Figure 1, server 101 can further comprise communication module 103, authentication module 104 and memory 105.Authorisation device 102-1 be authorized to equipment 102-2 and communicate by letter with server 101 via communication module 103.After communication module 103 receives access request, this access request is sent to the checking that authentication module 104 is carried out server end.
According to a preferred embodiment of the present invention, after the checking of carrying out server end, server 101 can be according to the mandate source of said access request inspection authorized order, i.e. authorisation device 102-1 in this example, and to the authority of this mandate source checking authorized order.Be appreciated that aforesaid authorized order provides second access rights to being authorized to equipment 102-2, these second access rights should be less than or equal to first access rights.
On the other hand; The checking of server end may further include: if verify successfully; Then saidly be authorized to equipment 102-2, the various resources of being stored in then just can the memory 105 of access server 101, for example various content of multimedia, picture, file, database or the like through checking.If authentication failed, then this server 101 also can be indicated and is authorized to equipment 102-2 and ask an authorized order to authorisation device 102-1 again.Certainly, be authorized to equipment 102-2 through the checking after can only be with the above-mentioned second access rights access server 101.
Below the system of contact Fig. 1 describes right management method of the present invention in detail.
Fig. 2 shows access rights according to the present invention from the concrete power limit of the distribution system flow chart from the basic step of distribution method.As shown in Figure 2, authority of the present invention comprises from distribution method at least:
Step 201, first equipment sends to second equipment with an authorized order, and wherein said first equipment possesses first access rights to said server;
Step 202, said second equipment receives said authorized order;
Step 203, said second device-to-server sends access request, and wherein said access request comprises said authorized order;
Step 204, the said access request of said server authentication,
Step 205, said server is checked the mandate source of said authorized order according to said access request, said server is verified the authority of said authorized order to said mandate source,
If verify successfully, then said second equipment is through checking (step 206);
If authentication failed is then got back to the step (step 201) that said first equipment sends to an authorized order second equipment.
In addition, according to one embodiment of present invention, said authorized order provides second access rights to said second equipment, and said second access rights are lower than said first access rights.
In addition, according to another embodiment of the present invention, said authorized order provides second access rights to said second equipment, and said second access rights equal said first access rights.
After step 206, second equipment is visited said server through verifying the back with said second access rights.
The right management method of the application of the invention, a client device can be given other client devices with the new authority that is equal to or less than self authority, thereby can in time expand the use of authority.In addition, server of the present invention also is asked to carry out verification operation to the mandate source of giving this new client authority by new client-access the time, therefore can guarantee the reliability of the act of authorization further, has improved the reliability of whole authoring system.
Will be understood by those skilled in the art that, under the situation that does not break away from the spirit and scope of the present invention that are defined by the claims, can carry out various replacements, modification and change in form and details.Therefore, will understand, the foregoing description only is an illustrative purpose, and is not interpreted as limitation of the present invention.
Access rights according to the present invention are from distribution system, and pipe unit does not use content neatly in the protection digital rights.
Claims (9)
1. access rights comprise from distribution system:
Server is stored various resources;
Authorisation device possesses first access rights of various resources of the said server of visit; And
Be authorized to equipment, receive authorized order from said authorisation device;
Wherein, saidly be authorized to equipment and after receiving said authorized order, can send an access request to said server, said access request comprises said authorized order.
2. access rights as claimed in claim 1 is characterized in that from distribution system said server comprises communication module, authentication module and memory at least.
3. access rights as claimed in claim 2 are from distribution system; It is characterized in that; Said authorisation device and saidly be authorized to equipment via said communication module and said server communication; Wherein after said communication module receives said access request, this access request is sent to the checking that said authentication module is carried out server end.
4. access rights as claimed in claim 3 are from distribution system; It is characterized in that; After the checking of carrying out said server end, said server is checked the mandate source of said authorized order according to said access request, and verifies the authority of said authorized order to said mandate source.
5. access rights as claimed in claim 1 is characterized in that from distribution system, and said authorized order is authorized to equipment second access rights are provided to said, and said second access rights are lower than said first access rights.
6. access rights as claimed in claim 1 is characterized in that from distribution system, and said authorized order is authorized to equipment second access rights are provided to said, and said second access rights equal said first access rights.
7. access rights as claimed in claim 5 is characterized in that from distribution system the checking of said server end further comprises:
If verify successfully, then said be authorized to equipment through the checking;
If authentication failed then indicates saidly to be authorized to equipment again to said authorisation device request one authorized order.
8. access rights as claimed in claim 7 is characterized in that from distribution system, saidly are authorized to equipment and visit said server through verifying the back with said second access rights.
9. access rights as claimed in claim 1 is characterized in that from distribution system, said authorisation device and saidly be authorized to equipment and be client device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2010105895999A CN102546534A (en) | 2010-12-15 | 2010-12-15 | Auto-distributive system for access permissions |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2010105895999A CN102546534A (en) | 2010-12-15 | 2010-12-15 | Auto-distributive system for access permissions |
Publications (1)
Publication Number | Publication Date |
---|---|
CN102546534A true CN102546534A (en) | 2012-07-04 |
Family
ID=46352508
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2010105895999A Pending CN102546534A (en) | 2010-12-15 | 2010-12-15 | Auto-distributive system for access permissions |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102546534A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103973690A (en) * | 2014-05-09 | 2014-08-06 | 北京智谷睿拓技术服务有限公司 | Resource access method and resource access device |
CN103973691A (en) * | 2014-05-09 | 2014-08-06 | 北京智谷睿拓技术服务有限公司 | Resource access method and resource access device |
TWI704470B (en) * | 2018-08-31 | 2020-09-11 | 香港商阿里巴巴集團服務有限公司 | Method, device and electronic equipment for acquiring and returning user resources |
-
2010
- 2010-12-15 CN CN2010105895999A patent/CN102546534A/en active Pending
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103973690A (en) * | 2014-05-09 | 2014-08-06 | 北京智谷睿拓技术服务有限公司 | Resource access method and resource access device |
CN103973691A (en) * | 2014-05-09 | 2014-08-06 | 北京智谷睿拓技术服务有限公司 | Resource access method and resource access device |
CN103973691B (en) * | 2014-05-09 | 2018-02-02 | 北京智谷睿拓技术服务有限公司 | Resource access method and resource access device |
TWI704470B (en) * | 2018-08-31 | 2020-09-11 | 香港商阿里巴巴集團服務有限公司 | Method, device and electronic equipment for acquiring and returning user resources |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110414268B (en) | Access control method, device, equipment and storage medium | |
CN104270386B (en) | Across application system user (asu) information integrating method and identity information management server | |
US20180160255A1 (en) | Nfc tag-based web service system and method using anti-simulation function | |
US9288054B2 (en) | Method and apparatus for authenticating and managing application using trusted platform module | |
KR101403626B1 (en) | Method of integrated smart terminal security management in cloud computing environment | |
CN107113613B (en) | Server, mobile terminal, network real-name authentication system and method | |
CN109756446A (en) | A kind of access method and system of mobile unit | |
CN103684797B (en) | User and the association authentication method and system of subscriber terminal equipment | |
CN102468961A (en) | Distributive enterprise identification authentication method, system and embedded terminal | |
CN104579676B (en) | It is anti-tamper to provide the method and system of multiple digital certificates for multiple public keys of equipment | |
KR101441581B1 (en) | Multi-layer security apparatus and multi-layer security method for cloud computing environment | |
US20160078243A1 (en) | Secured file system management | |
CN104484628B (en) | It is a kind of that there is the multi-application smart card of encrypting and decrypting | |
CN104796412A (en) | End-to-end cloud service system and method for accessing sensitive data thereof | |
CN106686585A (en) | Binding method and system | |
CN104268457A (en) | Information processing method, electronic device and server | |
CN102404112A (en) | Access authentication method for credible terminal | |
CN104601555A (en) | Trusted security control method of virtual cloud terminal | |
CN1601954B (en) | Moving principals across security boundaries without service interruption | |
US20140068256A1 (en) | Methods and apparatus for secure mobile data storage | |
CN102571874A (en) | On-line audit method and device in distributed system | |
CN102546534A (en) | Auto-distributive system for access permissions | |
CN102571684A (en) | Permission management method | |
CN103902922A (en) | Method and system for preventing file from being stolen | |
CN106713228A (en) | Cloud platform key management method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120704 |