CN102611709A - Access control method and system for third party resources - Google Patents

Access control method and system for third party resources Download PDF

Info

Publication number
CN102611709A
CN102611709A CN201210093702XA CN201210093702A CN102611709A CN 102611709 A CN102611709 A CN 102611709A CN 201210093702X A CN201210093702X A CN 201210093702XA CN 201210093702 A CN201210093702 A CN 201210093702A CN 102611709 A CN102611709 A CN 102611709A
Authority
CN
China
Prior art keywords
app
user
key
session
resource server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201210093702XA
Other languages
Chinese (zh)
Other versions
CN102611709B (en
Inventor
吕彦鹏
东玮
韩三普
袁家美
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Original Assignee
Qizhi Software Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qizhi Software Beijing Co Ltd filed Critical Qizhi Software Beijing Co Ltd
Priority to CN201210093702.XA priority Critical patent/CN102611709B/en
Publication of CN102611709A publication Critical patent/CN102611709A/en
Application granted granted Critical
Publication of CN102611709B publication Critical patent/CN102611709B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Computer And Data Communications (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses an access control method and a system for third party resources, which are used for an authentication process among a resource server, an App (Application) and user side. The access control method comprises the following steps of: receiving a login request of a user browser end on the App; if the user side does not authenticate the App, showing an authentication page to a user according to an authentication port address of a pre-set database server, and providing an authentication access to the user according to first authentication access information of logging in; and transmitting the authentication access to an App server according to second authentication access information. With the adoption of the authentication provided by the invention, the difficulty of accessing a third party to the resource server is reduced.

Description

A kind of access control method and system to third party's resource
Technical field
The present invention relates to field of computer technology, relate in particular to a kind of access control method and system third party's resource.
Background technology
The Internet era, some platform can be interface with the service encapsulates of self, supplies third party developer to use.We are commonly referred to as open platform these platforms, and perhaps Resource Server is recent internet development than direction faster based on the open platform of Resource Server.
Internet firm provides the interface that can call the said firm's service through Resource Server; And the third party is through calling the interface that Resource Server provides; For the user of the said firm provides some additional applications/application program service (such as service such as supplementing with money), thereby user, third party, Resource Server company reach win-win.
The generation of Resource Server and development also bring some problems, and for example, Resource Server is authentication third party identity how, how to control the authority that the third party visits API (being Application Program Interface, application programming interfaces).Thus, OAuth Certificate Authority agreement is arisen at the historic moment, and can in Web or desktop programs, use simple and standard, the API authentication of safety.
Up to the present; The OAuth agreement has two versions to be widely used by everybody, be respectively OAuth1.0a and OAuth2.0, but the flow process of existing protocol must obtain access token (access token) through authorization code mode; This method comprised for two steps; At first obtain code,, obtain access token then by third party's application service end https acquisition request access token interface.This method flow is long, and the third party need ask server one time.
In the existing procedure, the access token term of validity is 1 hour.The third party uses when attaching access token visit API, if access token is expired this moment, application party receives wrong exception code earlier; According to wrong exception code judge whether into access token expired; Use refresh token brush to get new access token; Use new access token visit API.The expired flow process of above access token, handling process is complicated, and most application party all have a large amount of technical problems to propose when the access-in resource server.
In the existing procedure, two covers that related to OAuth2.0 obtain the method for access token, and this requires the third party that the OAuth agreement is had more deep understanding; Authorize and use refresh token to refresh in the access token flow process in application, each request needs a plurality of parameters of output.
In addition, also have the OpenID certificate scheme at present, though this scheme is simple efficient, but it lacks the action scope controlling Design.
Summary of the invention
Technical problem to be solved by this invention is to provide a kind of access control method and system to third party's resource, to overcome existing procedure complicacy, the problem that threshold is too high.
For solving the problems of the technologies described above, the present invention provides a kind of access control method to third party's resource, is used for the verification process between Resource Server, App application and the user side, comprising:
Receive the logging request that the user browser end is used said App; If this user side is not used this App as yet and is authorized; According to the mandate interface IP address of preset database server, show the mandate page or leaf to the user, to the user granted access is provided according to the first granted access information of logining; According to the second granted access information said granted access is turned to the App application server.
Wherein, the first granted access information according to login provides granted access to the user; Comprise: the App in the said Resource Server is applied in when receiving the logging request that the user browser end uses said App; According to the User_ID of the user side of initiating this logging request in this Resource Server registration; This App is used mandate as yet if determine this user side; Then jump to the mandate interface IP address of this preset Resource Server, and receive Client_ID and Scope parameter in the said first granted access information that this user side uploads, show to the user and authorize page or leaf; Accept user's mandate, wherein said Scope parameter representative is to the action scope of the application programming interfaces API in the said Resource Server.
Wherein, According to the second granted access information said granted access is turned to the App application server; Comprise: said Resource Server is after this user side is used mandate to this App; Generate and said Client_ID and the corresponding Session_Key of User_ID; And return loopback address, Session_Key and the User_ID that this App in the said second granted access information uses to this user side, make this user side browser receive the service end network address that this loopback address of visit points to after the said parameter this App uses, and transmit said Session_Key and User_ID to this network address; Wherein said Session_Key has a short lifetime and a permanent expiration timestamp Expire as the token of visit API.
The present invention and then a kind of access control system to third party's resource also is provided, be used for Resource Server, App uses and user side between authentication, comprising:
Authorization module; Receive the logging request that the user browser end is used said App, do not authorize if this user side is used this App as yet, according to the mandate interface IP address of preset database server; Show the mandate page or leaf to the user, to the user granted access is provided according to the first granted access information of logining;
The token generation module turns to the App application server according to the second granted access information with said granted access.
Wherein, Said authorization module;, when the user provides granted access, be further used for App in said Resource Server and be applied in when receiving the logging request that the user browser end uses said App, according to the first granted access information of login according to the User_ID of the user side of initiating this logging request in this Resource Server registration; This App is used mandate as yet if determine this user side; Then jump to the mandate interface IP address of this preset Resource Server, and receive Client_ID and Scope parameter in the said first granted access information that this user side uploads, show to the user and authorize page or leaf; Accept user's mandate, wherein said Scope parameter representative is to the action scope of the application programming interfaces API in the said Resource Server.
Said token generation module; When said granted access being turned to the App application server according to the second granted access information; Be further used at said Resource Server after this user side is used mandate to this App; Generate and said Client_ID and the corresponding Session_Key of User_ID; And return loopback address, Session_Key and the User_ID that this App in the said second granted access information uses to this user side, make this user side browser receive the service end network address that this loopback address of visit points to after the said parameter this App uses, and transmit said Session_Key and User_ID to this network address; Wherein said Session_Key has a short lifetime and a permanent expiration timestamp Expire as the token of visit API.
Use embodiments of the invention, utilized simplicity, validity and the opening of OpenID, and drawn the characteristics of the action scope control among the OAuth2.0.The present invention has reduced the difficulty that the third party uses the access-in resource server.The invention provides efficient, the safe Certificate Authority agreement of a cover; Thereby the user can safe use third party use; And guarantee can not leak important informations such as user name, password, guarantee that the user had both experienced third party's application service, do not have the hidden danger of secure context again.
Description of drawings
In order to be illustrated more clearly in the technical scheme of the embodiment of the invention; The accompanying drawing of required use is done to introduce simply in will describing embodiment below; Obviously, the accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills; Under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is according to the said access control method flow chart to third party's resource of embodiments of the invention.
Fig. 2 is according to the described access control system sketch map to third party's resource of the embodiment of the invention;
Fig. 3 is according to the another overall schematic of the described access control system to third party's resource of the embodiment of the invention.
Embodiment
To combine the accompanying drawing in the embodiment of the invention below, the technical scheme in the embodiment of the invention is carried out clear, intactly description, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not making the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.
In the present embodiment, open platform that relates to or Resource Server can comprise: Federo environment, Ngnix server, Mysql, redis database server etc.
A kind of access control method that the embodiment of the invention provides to third party's resource; Can at first comprise an authorization flow; Comprise: receive the logging request that the user browser end is used said App, do not authorize if this user side is used this App as yet, according to the mandate interface IP address of preset database server; Show the mandate page or leaf to the user, to the user granted access is provided according to the first granted access information of logining; According to the second granted access information said granted access is turned to the App application server.
Wherein, The first granted access information according to login provides granted access to the user; Specifically comprise: the App in the said Resource Server is applied in when receiving the logging request that the user browser end uses said App; According to the User_ID of the user side of initiating this logging request in this Resource Server registration, this App is used mandate as yet if determine this user side, then jump to the mandate interface IP address of this preset Resource Server; And receive Client_ID and the Scope parameter in the said first granted access information that this user side uploads; Show the mandate page or leaf to the user, accept user's mandate, wherein said Scope parameter representative is to the action scope of the application programming interfaces API in the said Resource Server;
Wherein, According to the second granted access information said granted access is turned to the App application server; Specifically comprise: said Resource Server is after this user side is used mandate to this App; Generate and said Client_ID and the corresponding Session_Key of User_ID; And return loopback address, Session_Key and the User_ID that this App in the said second granted access information uses to this user side, make this user side browser receive the service end network address that this loopback address of visit points to after the said parameter this App uses, and transmit said Session_Key and User_ID to this network address; Wherein said Session_Key has a short lifetime and a permanent expiration timestamp Expire as the token of visit API.
Also can comprise a checking flow process, specifically comprise:
Said Resource Server is when receiving the call request of this App application application programs interface API; Use a short lifetime and the permanent expiration timestamp of current Session_Key according to this App; Verify whether this Session_Key is effective, if effectively then allow this App to use to belonging to calling of API in its Scope parameter role territory.
And said accept subscriber authorisation before, can further include the application for registration flow process that App uses, specifically comprise:
Said Resource Server according to the request that this App uses, obtains the service end network address that this App uses as loopback address, and uses distribution AppKey and AppSecret in the back of succeeding in registration for this App when receiving the application for registration that App uses; And be applied in this authority the selection of different claims according to open authority that this App uses and this App of giving of said Resource Server, confirm the Scope parameter that this App uses;
During the said Resource Server download request that other application programs are used said App in receiving user browser end or platform; If it is client application that this App uses; Then this App Application of C lient_ID and Scope parameter are together downloaded the AppKey that wherein said Client_ID is assigned with when being applied in registration for this App with the client-side program that this App uses.
In addition, can also comprise that one renews flow process, specifically comprise:
Said Resource Server provides one to renew interface; Accept the request that renews of said App application service end; According to Client_ID, Client_Secret and the Session_Key that this App application service end transmits, confirm the corresponding User_ID of Session_Key with this App application, and verify the permanent expiration timestamp Expire of this Session_Key; If do not surpass Expire as yet; Then the short lifetime to this Session_Key renews, and returns User_ID and Expire parameter, the AppKey and the AppSecret that are assigned with when wherein Client_ID and Client_Secret are applied in registration for this App.
Above-mentioned each flow process can be used application also capable of being combined separately, the whole access process that provides a third party to use, and as shown in Figure 1, application capable of being combined comprises the steps:
Step 101: said Resource Server is when receiving the application for registration of App application; Request according to this App application; Obtain the service end network address that this App uses as loopback address, and after succeeding in registration, distribute to this App and use an AppKey and an AppSecret parameter; And be applied in this authority selection to different claims according to open authority that this App uses and this App of giving of said Resource Server; Confirm the Scope parameter that this App uses, said Scope parameter representative is to the action scope of the application programming interfaces API in the said Resource Server;
Step 102: during the said Resource Server download request that other application programs are used said App in receiving user browser end or platform; If it is client application that this App uses; Then this App Application of C lient_ID and Scope parameter are together downloaded the AppKey parameter that wherein said Client_ID parameter is assigned with when being applied in registration for this App with the client-side program that this App uses;
Step 103: the App in the said Resource Server is applied in when receiving the logging request that the user browser end uses said App; According to the User_ID parameter of the user side of initiating this logging request in this Resource Server registration; This App is used mandate as yet if determine this user side, then jump to the mandate interface IP address of this preset Resource Server, and receive said Client_ID and Scope parameter that this user side is uploaded; Show the mandate page or leaf to the user, accept user's mandate;
Step 104: said Resource Server is after this user side is used mandate to this App; Generate one and said Client_ID and the corresponding Session_Key parameter of User_ID parameter; And return loopback address, Session_Key and the User_ID parameter that this App uses to this user side; Make this user side browser receive the service end network address that this loopback address of visit points to after the said parameter this App uses; And transmitting said Session_Key and User_ID parameter to this network address, wherein said Session_Key has a short lifetime and a permanent expiration timestamp Expire as the token of visit API;
Step 105: said Resource Server is when receiving the call request of this App application application programs interface API; Use a short lifetime and the permanent expiration timestamp of current Session_Key according to this App; Verify whether this Session_Key is effective, if effectively then allow this App to use to belonging to calling of API in its Scope action scope;
Step 106: said Resource Server provides one to renew interface; Accept the request that renews of said App application service end; According to Client_ID, Client_Secret and the Session_Key parameter that this App application service end transmits, confirm the corresponding User_ID parameter of Session_Key with this App application, and verify the permanent expiration timestamp Expire of this Session_Key; If do not surpass Expire as yet; Then the short lifetime to this Session_Key renews, and returns User_ID and Expire parameter, the AppKey and the AppSecret parameter that are assigned with when wherein Client_ID and Client_Secret parameter are applied in registration for this App.
Wherein, Said App application service end can be regularly sends the request that renews to the interface that renews of said Resource Server; And renew User_ID and the Expire parameter that interface returns according to said; Whether the Expire that confirms the Session_Key that this User_ID is corresponding expires, if expire then stop the said transmission that renews request.
Effectively whether this Session_Key of said checking step, can comprise: in the short lifetime, and this Session_Key continuously effective; Surpass the short lifetime, Session_Key temporarily lost efficacy; Surpass permanent expiration timestamp, then this Session_Key permanent failure; In the permanent expiration timestamp, the short lifetime of Session_Key is extended through the renewing request of this App application service end.
The short lifetime of said Session_Key can be extended a short lifetime through the renewing request of this App application service end.
During the said Resource Server download request that other application programs are used said App in receiving user browser end or platform; If it is that web uses that this App uses; Then download the network address inlet that this App uses, and its Client_ID and Scope parameter are stored in the server end that this App uses.
Wherein, relevant flow process can specifically describe as follows respectively.
1, authorization flow:
Request: user browser request mandate interface IP address, Client_ID, scope parameter.
Required parameter:
Parameter name
Client_ID Obtain in Resource Server application application
appkey
scope The API action scope of using
Response:
<script>window.(parent.)location.href=$app_callback?session_key=$session?Key&qid=User_ID;</script>
2, request API flow process:
Request: application request api interface address, and transmission session_key parameter.
Required parameter:
Response: api interface return information.
3, renew flow process:
Request: use and renew interface IP address, and transmission Client_ID, client_secret, session_key parameter.
Required parameter:
Parameter name
Client_ID Be applied in the appkey that the Resource Server application obtains
client_secret Be applied in the appsecret that the Resource Server application obtains
session_key Use the session_key that obtains in the Resource Server application
Response: User_ID, expire.
Relevant parameter:
Parameter name
User_ID Renew the affiliated user User_ID of session_key
expire Renew session_key permanent expiration timestamp
4, use (/ application program) access process:
(1) third party applies for the registration of at Resource Server and uses; Especially note filling in readjustment (callback) address (after application authorizes successfully; Subsidiary session key and this address of user id redirect), obtain application keys (key to) appkey and Application Password appsecret after the success application.
(2) use to jump to and authorize page or leaf, by subscriber authorisation, as above authorization flow.After mandate finishes, callback address in the authorization page parent.href jump procedure (1).
(3) the application service end is kept regularly request mechanism, and request renews interface, for session key renews.
(4) application request API, as above " request API flow process ".
Accordingly, as shown in Figure 2, for according to described access control system first sketch map of the embodiment of the invention, must comprise authorization module 203 and token generation module 204 to third party's resource, so that subscriber authorisation to be provided, substantially:
Authorization module 203; Receive the logging request that the user browser end is used said App; If this user side is not used this App as yet and is authorized; According to the mandate interface IP address of preset database server, show the mandate page or leaf to the user, to the user granted access is provided according to the first granted access information of logining; Specifically; According to the login the first granted access information when the user provides granted access; Be further used for App in said Resource Server and be applied in when receiving the logging request that the user browser end uses said App,, this App is used as yet and authorize if determine this user side according to the User_ID parameter of the user side of initiating this logging request in this Resource Server registration; Then jump to the mandate interface IP address of this preset Resource Server; And receive Client_ID and the Scope parameter in the said first granted access information that this user side uploads, and show to the user and authorize page or leaf, accept user's mandate;
Token generation module 204 turns to the App application server according to the second granted access information with said granted access; Be used for specifically at said Resource Server after this user side is used mandate to this App; Generate one and said Client_ID and the corresponding Session_Key parameter of User_ID parameter; And return loopback address, Session_Key and the User_ID parameter that this App in the said second granted access information uses to this user side; Make this user side browser receive the service end network address that this loopback address of visit points to after the said parameter this App uses; And transmit said Session_Key and User_ID parameter to this network address; Wherein said Session_Key has a short lifetime and a permanent expiration timestamp Expire as the token of visit API;
As shown in Figure 3; For according to described access control system second sketch map of the embodiment of the invention to third party's resource; Except comprising authorization module as shown in Figure 2 203 and token generation module 204; Can also comprise again and call authentication module 205, the API in the action scope called with the application that allows to be authorized to; Can also comprise Registering modules 201 and download module 202 again, with provide to third party App use pre-configured, can also comprise again renewing module 206, renew with the short lifetime the application that is authorized to:
Registering modules 201; Be used at said Resource Server when receiving the application for registration of App application; Request according to this App application; Obtain the service end network address that this App uses as loopback address, and after succeeding in registration, distribute to this App and use an AppKey and an AppSecret parameter; And be applied in this authority selection to different claims according to open authority that this App uses and this App of giving of said Resource Server; Confirm the Scope parameter that this App uses, said Scope parameter representative is to the action scope of the application programming interfaces API in the said Resource Server;
Download module 202; Be used for when said Resource Server is receiving the download request that other application programs in user browser end or the platform use said App; If it is client application that this App uses; Then this App Application of C lient_ID and Scope parameter are together downloaded the AppKey parameter that wherein said Client_ID parameter is assigned with when being applied in registration for this App with the client-side program that this App uses;
Authorization module 203; Identical with authorization module 203 functions in embodiment illustrated in fig. 2; Be used for being applied in when receiving the logging request that the user browser end uses said App,, this App used as yet and authorize if determine this user side according to the User_ID parameter of the user side of initiating this logging request in this Resource Server registration at the App of said Resource Server; Then jump to the mandate interface IP address of this preset Resource Server; And receive Client_ID and the Scope parameter in the said first granted access information that this user side uploads, and show to the user and authorize page or leaf, accept user's mandate;
Token generation module 204; Identical with token generation module 204 functions in embodiment illustrated in fig. 2; Be used at said Resource Server after this user side is used mandate to this App; Generate one and said Client_ID and the corresponding Session_Key parameter of User_ID parameter; And return loopback address, Session_Key and the User_ID parameter that this App in the said second granted access information uses to this user side, make this user side browser receive the service end network address that this loopback address of visit points to after the said parameter this App uses, and transmit said Session_Key and User_ID parameter to this network address; Wherein said Session_Key has a short lifetime and a permanent expiration timestamp Expire as the token of visit API;
Call authentication module 205; Be used for said Resource Server when receiving the call request of this App application application programs interface API; Use a short lifetime and the permanent expiration timestamp of current Session_Key according to this App; Verify whether this Session_Key is effective, if effectively then allow this App to use to belonging to calling of API in its Scope action scope;
Renew module 206; Be used for providing one to renew interface, accept the request that renews of said App application service end, according to Client_ID, Client_Secret and the Session_Key parameter of this App application service end transmission at said Resource Server; Confirm the corresponding User_ID parameter of Session_Key with this App application; And verify the permanent expiration timestamp Expire of this Session_Key, if surpass Expire as yet, then the short lifetime to this Session_Key renews; And return User_ID and Expire parameter, the AppKey and the AppSecret parameter that are assigned with when wherein Client_ID and Client_Secret parameter are applied in registration for this App.
Wherein, Said App application service end regularly sends the request that renews to the interface that renews of said Resource Server; And renew User_ID and the Expire parameter that interface returns according to said; Whether the Expire that confirms the Session_Key that this User_ID is corresponding expires, if expire then stop the said transmission that renews request.
In the short lifetime, this Session_Key continuously effective; Surpass the short lifetime, Session_Key temporarily lost efficacy; Surpass permanent expiration timestamp, then this Session_Key permanent failure; In the permanent expiration timestamp, the short lifetime of Session_Key is extended through the renewing request of this App application service end.
The short lifetime of said Session_Key is extended a short lifetime through the renewing request of this App application service end.
Said download module 202; When said Resource Server is receiving the download request that other application programs in user browser end or the platform use said App; If it is that web uses that this App uses; Then download the network address inlet that this App uses, and its Client_ID and Scope parameter are stored in the server end that this App uses.
The running details of each several part is identical with said method embodiment among the said system embodiment, can not give unnecessary details at this with reference to understanding.
The present invention carries out control of authority through the third party being visited API, has given no access rights to different application, if some more senior authorities of application need need the user to authorize again.
Authorize interface through the user through request, the third party uses to have obtained to use and authorizes, and obtains a session_key as request API token.
Renew interface through providing; Addressable this of third party's application service end fixedly renews interface, and session_key is renewed, and removes from the existing procedure; Judge whether expiredly through expired error code, use refresh token to refresh the complicated flow process of access token.
And for session key, embodiments of the invention provide a two lifetime mechanism.Session key has two lifetimes: short lifetime and permanent expiration timestamp.In the short lifetime, session key continuously effective; Surpass short time lifetime, session key ceases to be in force automatically.The permanent expiration timestamp is typically designed to a long period, and in case generates the just no longer change of session key permanent expiration time.In the permanent expiration timestamp, session key can renew the short lifetime, prolonged the short lifetime; Surpass the permanent expiration timestamp, session key permanent failure.
Refresh the page at every turn and generate new session key, the session key of application relies on short expired automatic recovery of lifetime before.
The user uses corresponding to same third party, uses distinct device, can land the use application service simultaneously.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, and what each embodiment stressed all is and the difference of other embodiment that identical similar part is mutually referring to getting final product between each embodiment.
The present invention can describe in the general context of the computer executable instructions of being carried out by computer, for example program module.Usually, program module comprises the routine carrying out particular task or realize particular abstract, program, object, assembly, data structure or the like.Also can in DCE, put into practice the present invention, in these DCEs, by through communication network connected teleprocessing equipment execute the task.In DCE, program module can be arranged in this locality and the remote computer storage medium that comprises memory device.
At last; Also need to prove; In this article; Relational terms such as first and second grades only is used for an entity or operation are made a distinction with another entity or operation, and not necessarily requires or hint relation or the order that has any this reality between these entities or the operation.And; Term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability; Thereby make and comprise that process, method, commodity or the equipment of a series of key elements not only comprise those key elements; But also comprise other key elements of clearly not listing, or also be included as this process, method, commodity or equipment intrinsic key element.Under the situation that do not having much more more restrictions, the key element that limits by statement " comprising ... ", and be not precluded within process, method, commodity or the equipment that comprises said key element and also have other identical element.
More than embodiments of the invention have been carried out detailed introduction, used concrete example among this paper principle of the present invention and execution mode set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, the part that on embodiment and range of application, all can change, in sum, this description should not be construed as limitation of the present invention.

Claims (20)

1. the access control method to third party's resource is used for the verification process between Resource Server, App application and the user side, it is characterized in that, comprising:
Receive the logging request that the user browser end is used said App; If this user side is not used this App as yet and is authorized; According to the mandate interface IP address of preset database server, show the mandate page or leaf to the user, to the user granted access is provided according to the first granted access information of logining;
According to the second granted access information said granted access is turned to the App application server.
2. the method for claim 1 is characterized in that, to the user granted access is provided according to the first granted access information of logining; Comprise:
App in the said Resource Server is applied in when receiving the logging request that the user browser end uses said App; According to the User_ID of the user side of initiating this logging request in this Resource Server registration; This App is used mandate as yet if determine this user side; Then jump to the mandate interface IP address of this preset Resource Server, and receive Client_ID and Scope parameter in the said first granted access information that this user side uploads, show to the user and authorize page or leaf; Accept user's mandate, wherein said Scope parameter representative is to the action scope of the application programming interfaces API in the said Resource Server.
3. the method for claim 1 is characterized in that, according to the second granted access information said granted access is turned to the App application server, comprising:
Said Resource Server is after this user side is used mandate to this App; Generate and said Client_ID and the corresponding Session_Key of User_ID; And return loopback address, Session_Key and the User_ID that this App in the said second granted access information uses to this user side; Make this user side browser receive the service end network address that this loopback address of visit points to after the said parameter this App uses; And transmitting said Session_Key and User_ID to this network address, wherein said Session_Key has a short lifetime and a permanent expiration timestamp Expire as the token of visit API.
4. the method for claim 1 is characterized in that, further comprises:
Said Resource Server is when receiving the call request of this App application application programs interface API; Use a short lifetime and the permanent expiration timestamp of current Session_Key according to this App; Verify whether this Session_Key is effective, if effectively then allow this App to use to belonging to calling of API in its Scope parameter role territory.
5. the method for claim 1 is characterized in that, said accept subscriber authorisation before, further comprise:
Said Resource Server according to the request that this App uses, obtains the service end network address that this App uses as loopback address, and uses distribution AppKey and AppSecret in the back of succeeding in registration for this App when receiving the application for registration that App uses; And be applied in this authority the selection of different claims according to open authority that this App uses and this App of giving of said Resource Server, confirm the Scope parameter that this App uses;
During the said Resource Server download request that other application programs are used said App in receiving user browser end or platform; If it is client application that this App uses; Then this App Application of C lient_ID and Scope parameter are together downloaded the AppKey that wherein said Client_ID is assigned with when being applied in registration for this App with the client-side program that this App uses.
6. the method for claim 1 is characterized in that, further comprises:
Said Resource Server provides one to renew interface; Accept the request that renews of said App application service end; According to Client_ID, Client_Secret and the Session_Key that this App application service end transmits, confirm the corresponding User_ID of Session_Key with this App application, and verify the permanent expiration timestamp Expire of this Session_Key; If do not surpass Expire as yet; Then the short lifetime to this Session_Key renews, and returns User_ID and Expire parameter, the AppKey and the AppSecret that are assigned with when wherein Client_ID and Client_Secret are applied in registration for this App.
7. method as claimed in claim 6; It is characterized in that; Further comprise: said App application service end regularly sends the request that renews to the interface that renews of said Resource Server; And renew User_ID and the Expire that interface returns according to said, confirm whether the Expire of the Session_Key that this User_ID is corresponding expires, if expire then stop the said transmission that renews request.
8. method as claimed in claim 4 is characterized in that, effectively whether this Session_Key of said checking step, comprising: in the short lifetime, and this Session_Key continuously effective; Surpass the short lifetime, Session_Key temporarily lost efficacy; Surpass permanent expiration timestamp, then this Session_Key permanent failure; In the permanent expiration timestamp, the short lifetime of Session_Key is extended through the renewing request of this App application service end.
9. method as claimed in claim 8 is characterized in that, the short lifetime of said Session_Key is extended a short lifetime through the renewing request of this App application service end.
10. method as claimed in claim 5; It is characterized in that; During the said Resource Server download request that other application programs are used said App in receiving user browser end or platform; If it is that web uses that this App uses, then downloads the network address inlet that this App uses, and its Client_ID and Scope parameter are stored in the server end that this App uses.
11. the access control system to third party's resource is used for the authentication between Resource Server, App application and the user side, comprising:
Authorization module; Receive the logging request that the user browser end is used said App, do not authorize if this user side is used this App as yet, according to the mandate interface IP address of preset database server; Show the mandate page or leaf to the user, to the user granted access is provided according to the first granted access information of logining;
The token generation module turns to the App application server according to the second granted access information with said granted access.
12. system as claimed in claim 11 is characterized in that,
Said authorization module; According to the login the first granted access information when the user provides granted access; Being further used for App in said Resource Server is applied in when receiving the logging request that the user browser end uses said App; According to the User_ID of the user side of initiating this logging request in this Resource Server registration, this App is used mandate as yet if determine this user side, then jump to the mandate interface IP address of this preset Resource Server; And receive Client_ID and the Scope parameter in the said first granted access information that this user side uploads; Show the mandate page or leaf to the user, accept user's mandate, wherein said Scope parameter representative is to the action scope of the application programming interfaces API in the said Resource Server.
13. system as claimed in claim 12 is characterized in that,
Said token generation module; When said granted access being turned to the App application server according to the second granted access information; Be further used at said Resource Server after this user side is used mandate to this App; Generate and said Client_ID and the corresponding Session_Key of User_ID; And return loopback address, Session_Key and the User_ID that this App in the said second granted access information uses to this user side, make this user side browser receive the service end network address that this loopback address of visit points to after the said parameter this App uses, and transmit said Session_Key and User_ID to this network address; Wherein said Session_Key has a short lifetime and a permanent expiration timestamp Expire as the token of visit API.
14. system as claimed in claim 13 is characterized in that, further comprises:
Call authentication module; Be used for said Resource Server when receiving the call request of this App application application programs interface API; Use a short lifetime and the permanent expiration timestamp of current Session_Key according to this App; Verify whether this Session_Key is effective, if effectively then allow this App to use to belonging to calling of API in its Scope parameter role territory.
15. system as claimed in claim 13 is characterized in that, further comprises:
Registering modules; Be used at said Resource Server when receiving the application for registration of App application; According to the request that this App uses, obtain the service end network address that this App uses as loopback address, and use distribution AppKey and AppSecret for this App in the back of succeeding in registration; And be applied in this authority the selection of different claims according to open authority that this App uses and this App of giving of said Resource Server, confirm the Scope parameter that this App uses;
Download module; When being used for the said Resource Server download request that other application programs are used said App in receiving user browser end or platform; If it is client application that this App uses; Then this App Application of C lient_ID and Scope parameter are together downloaded the AppKey that wherein said Client_ID is assigned with when being applied in registration for this App with the client-side program that this App uses.
16. system as claimed in claim 13 is characterized in that, further comprises:
Renew module; Be used for providing one to renew interface, accept the request that renews of said App application service end, according to Client_ID, Client_Secret and the Session_Key of this App application service end transmission at said Resource Server; Confirm the corresponding User_ID of Session_Key with this App application; And verify the permanent expiration timestamp Expire of this Session_Key, if surpass Expire as yet, then the short lifetime to this Session_Key renews; And return User_ID and Expire parameter, the AppKey and the AppSecret that are assigned with when wherein Client_ID and Client_Secret are applied in registration for this App.
17. system as claimed in claim 16; It is characterized in that; Said App application service end regularly sends the request that renews to the interface that renews of said Resource Server; And renew User_ID and the Expire that interface returns according to said, confirm whether the Expire of the Session_Key that this User_ID is corresponding expires, if expire then stop the said transmission that renews request.
18. system as claimed in claim 14 is characterized in that, in the short lifetime, and this Session_Key continuously effective; Surpass the short lifetime, Session_Key temporarily lost efficacy; Surpass permanent expiration timestamp, then this Session_Key permanent failure; In the permanent expiration timestamp, the short lifetime of Session_Key is extended through the renewing request of this App application service end.
19. system as claimed in claim 18 is characterized in that, the short lifetime of said Session_Key is extended a short lifetime through the renewing request of this App application service end.
20. system as claimed in claim 15; It is characterized in that; Said download module when said Resource Server is receiving the download request that other application programs in user browser end or the platform use said App, is that web uses if this App uses; Then download the network address inlet that this App uses, and its Client_ID and Scope parameter are stored in the server end that this App uses.
CN201210093702.XA 2012-03-31 2012-03-31 Access control method and system for third party resources Expired - Fee Related CN102611709B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210093702.XA CN102611709B (en) 2012-03-31 2012-03-31 Access control method and system for third party resources

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210093702.XA CN102611709B (en) 2012-03-31 2012-03-31 Access control method and system for third party resources

Publications (2)

Publication Number Publication Date
CN102611709A true CN102611709A (en) 2012-07-25
CN102611709B CN102611709B (en) 2014-11-12

Family

ID=46528862

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210093702.XA Expired - Fee Related CN102611709B (en) 2012-03-31 2012-03-31 Access control method and system for third party resources

Country Status (1)

Country Link
CN (1) CN102611709B (en)

Cited By (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102833250A (en) * 2012-08-28 2012-12-19 华南理工大学 Security management method and system for vehicular mobile Internet
CN102946396A (en) * 2012-11-26 2013-02-27 北京奇虎科技有限公司 User agent device, host web server and user authentication method
CN102946397A (en) * 2012-11-26 2013-02-27 北京奇虎科技有限公司 User authentication method and user authentication system
CN103051623A (en) * 2012-12-20 2013-04-17 微梦创科网络科技(中国)有限公司 Method for limiting calling of open platform
CN103269349A (en) * 2013-06-13 2013-08-28 百度在线网络技术(北京)有限公司 Social log-in method, system and device
CN103347002A (en) * 2013-06-13 2013-10-09 百度在线网络技术(北京)有限公司 Method, system and device for socialized login
WO2014032543A1 (en) * 2012-08-30 2014-03-06 中兴通讯股份有限公司 Authentication and authorization processing method and apparatus
CN103888408A (en) * 2012-12-19 2014-06-25 腾讯科技(深圳)有限公司 Method for uploading data to social networking platform and device thereof
WO2014131279A1 (en) * 2013-03-01 2014-09-04 中兴通讯股份有限公司 Bidirectional authorization system, client and method
CN104219194A (en) * 2013-05-29 2014-12-17 财付通支付科技有限公司 Material information sharing method, material information acquiring method, equipment and system
CN104243433A (en) * 2013-06-20 2014-12-24 腾讯科技(深圳)有限公司 Logging-in method, device and system based on browser client-side account
CN104639548A (en) * 2015-02-03 2015-05-20 北京羽乐创新科技有限公司 Method and device for logging into application
CN104683297A (en) * 2013-11-26 2015-06-03 中兴通讯股份有限公司 Resource access method and device, server and terminal
CN104734849A (en) * 2013-12-19 2015-06-24 阿里巴巴集团控股有限公司 Method and system for conducting authentication on third-party application
CN104753755A (en) * 2013-12-26 2015-07-01 广州华多网络科技有限公司 System access method, system access device, application client, and IM background system
CN105659558A (en) * 2013-09-20 2016-06-08 甲骨文国际公司 Multiple resource servers with single, flexible, pluggable OAuth server and OAuth-protected RESTful OAuth consent management service, and mobile application single sign on OAuth service
WO2016101595A1 (en) * 2014-12-27 2016-06-30 华为技术有限公司 Method, apparatus and system for accessing third-party resource through application
CN104243433B (en) * 2013-06-20 2016-11-30 腾讯科技(深圳)有限公司 Login method based on browser client account, equipment and system
CN106302490A (en) * 2016-08-23 2017-01-04 浪潮电子信息产业股份有限公司 Token-based Web session construction and service calling method
CN106357799A (en) * 2016-10-20 2017-01-25 杭州东方通信软件技术有限公司 Service bus intermediate system and calling method thereof
CN106453396A (en) * 2016-11-18 2017-02-22 传线网络科技(上海)有限公司 Double token account login method and login verification device
CN106528659A (en) * 2016-10-19 2017-03-22 广东欧珀移动通信有限公司 A control method and device for jumping from a browser to an application program
CN108108223A (en) * 2017-11-30 2018-06-01 国网浙江省电力公司信息通信分公司 Container Management platform based on Kubernetes
CN108234448A (en) * 2016-12-12 2018-06-29 Sap欧洲公司 A kind of mandate code stream for being applied in browser
CN108259432A (en) * 2016-12-29 2018-07-06 亿阳安全技术有限公司 A kind of management method of API Calls, equipment and system
CN109756452A (en) * 2017-11-03 2019-05-14 中国移动通信有限公司研究院 A kind of safety certifying method, device and computer readable storage medium
CN109815287A (en) * 2019-01-30 2019-05-28 网易(杭州)网络有限公司 A kind of data base access system
CN109818900A (en) * 2017-11-20 2019-05-28 高德软件有限公司 A kind of data management system and application server
WO2019148727A1 (en) * 2018-02-01 2019-08-08 平安科技(深圳)有限公司 Electronic device, redis-based exception warning method and storage medium
CN110519309A (en) * 2019-10-15 2019-11-29 中国建设银行股份有限公司 Data transmission method, device, terminal, server and storage medium
CN111181728A (en) * 2019-12-24 2020-05-19 西安万像电子科技有限公司 Data processing method and device
CN111639319A (en) * 2020-06-02 2020-09-08 北京字节跳动网络技术有限公司 User resource authorization method, device and computer readable storage medium
CN112099964A (en) * 2019-06-18 2020-12-18 北京思源政通科技集团有限公司 Interface calling method and device, storage medium and electronic device
CN112333134A (en) * 2019-08-05 2021-02-05 维萨国际服务协会 Cryptographically secure dynamic third party resources
CN112506647A (en) * 2020-11-19 2021-03-16 杭州电魂网络科技股份有限公司 Method, system, device and storage medium for load balancing of stateful servers
CN114650183A (en) * 2022-04-11 2022-06-21 远景智能国际私人投资有限公司 Resource management method, device, server and storage medium
WO2022188683A1 (en) * 2021-03-12 2022-09-15 华为技术有限公司 Flexibly authorized access control method, and related apparatus and system
US11553352B2 (en) * 2019-02-28 2023-01-10 Ebay Inc. Complex composite tokens
US11750598B2 (en) 2019-07-19 2023-09-05 Ebay Inc. Multi-legged network attribution using tracking tokens and attribution stack
CN116980233A (en) * 2023-09-21 2023-10-31 宝略科技(浙江)有限公司 Authorization verification method, system and medium for discrete data high-frequency access
WO2024065564A1 (en) * 2022-09-29 2024-04-04 北京小米移动软件有限公司 Api invoking method, apparatus, device, and storage medium

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108933926A (en) * 2018-07-02 2018-12-04 福建星网锐捷通讯股份有限公司 A kind of method and system based on SIP access Haikang fluorite video

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101159557A (en) * 2007-11-21 2008-04-09 华为技术有限公司 Single point logging method, device and system
CN101729540A (en) * 2009-12-02 2010-06-09 江西省电力信息通讯有限公司 Synchronous single sing-on method based on application layer identity messages
CN102315945A (en) * 2011-10-20 2012-01-11 江苏三源教育实业有限公司 Unified identity authentication method based on private agreement
CN102624739A (en) * 2012-03-30 2012-08-01 奇智软件(北京)有限公司 Authentication and authorization method and system applied to client platform
CN102821085A (en) * 2011-11-23 2012-12-12 腾讯科技(深圳)有限公司 Third party authorization login method, open platform and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101159557A (en) * 2007-11-21 2008-04-09 华为技术有限公司 Single point logging method, device and system
CN101729540A (en) * 2009-12-02 2010-06-09 江西省电力信息通讯有限公司 Synchronous single sing-on method based on application layer identity messages
CN102315945A (en) * 2011-10-20 2012-01-11 江苏三源教育实业有限公司 Unified identity authentication method based on private agreement
CN102821085A (en) * 2011-11-23 2012-12-12 腾讯科技(深圳)有限公司 Third party authorization login method, open platform and system
CN102624739A (en) * 2012-03-30 2012-08-01 奇智软件(北京)有限公司 Authentication and authorization method and system applied to client platform

Cited By (66)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102833250B (en) * 2012-08-28 2016-04-13 华南理工大学 A kind of method for managing security interconnected for vehicle-mounted mobile and system
CN102833250A (en) * 2012-08-28 2012-12-19 华南理工大学 Security management method and system for vehicular mobile Internet
WO2014032543A1 (en) * 2012-08-30 2014-03-06 中兴通讯股份有限公司 Authentication and authorization processing method and apparatus
CN102946396A (en) * 2012-11-26 2013-02-27 北京奇虎科技有限公司 User agent device, host web server and user authentication method
CN102946397A (en) * 2012-11-26 2013-02-27 北京奇虎科技有限公司 User authentication method and user authentication system
CN102946396B (en) * 2012-11-26 2015-09-16 北京奇虎科技有限公司 User agent's device, host web server and user authen method
CN102946397B (en) * 2012-11-26 2015-11-25 北京奇虎科技有限公司 User authen method and system
US10116638B2 (en) 2012-12-19 2018-10-30 Tencent Technology (Shenzhen) Company Limited Method and device for uploading data to social platform
CN103888408A (en) * 2012-12-19 2014-06-25 腾讯科技(深圳)有限公司 Method for uploading data to social networking platform and device thereof
CN103888408B (en) * 2012-12-19 2016-03-09 腾讯科技(深圳)有限公司 Upload the data to method and the device of social platform
CN103051623A (en) * 2012-12-20 2013-04-17 微梦创科网络科技(中国)有限公司 Method for limiting calling of open platform
CN103051623B (en) * 2012-12-20 2016-05-11 微梦创科网络科技(中国)有限公司 The method of calling of restriction open platform
US9462003B2 (en) 2013-03-01 2016-10-04 Zte Corporation Bidirectional authorization system, client and method
WO2014131279A1 (en) * 2013-03-01 2014-09-04 中兴通讯股份有限公司 Bidirectional authorization system, client and method
CN104219194A (en) * 2013-05-29 2014-12-17 财付通支付科技有限公司 Material information sharing method, material information acquiring method, equipment and system
CN104219194B (en) * 2013-05-29 2018-04-03 财付通支付科技有限公司 Data information sharing method, data information pull method, equipment and system
CN103347002B (en) * 2013-06-13 2016-10-26 百度在线网络技术(北京)有限公司 Socialization's login method, system and device
CN103269349A (en) * 2013-06-13 2013-08-28 百度在线网络技术(北京)有限公司 Social log-in method, system and device
CN103347002A (en) * 2013-06-13 2013-10-09 百度在线网络技术(北京)有限公司 Method, system and device for socialized login
CN104243433B (en) * 2013-06-20 2016-11-30 腾讯科技(深圳)有限公司 Login method based on browser client account, equipment and system
CN104243433A (en) * 2013-06-20 2014-12-24 腾讯科技(深圳)有限公司 Logging-in method, device and system based on browser client-side account
CN105659558A (en) * 2013-09-20 2016-06-08 甲骨文国际公司 Multiple resource servers with single, flexible, pluggable OAuth server and OAuth-protected RESTful OAuth consent management service, and mobile application single sign on OAuth service
CN105659558B (en) * 2013-09-20 2018-08-31 甲骨文国际公司 Computer implemented method, authorization server and computer-readable memory
US9860234B2 (en) 2013-09-20 2018-01-02 Oracle International Corporation Bundled authorization requests
WO2015078170A1 (en) * 2013-11-26 2015-06-04 中兴通讯股份有限公司 Resource access method and apparatus, and server and terminal
CN104683297A (en) * 2013-11-26 2015-06-03 中兴通讯股份有限公司 Resource access method and device, server and terminal
CN104734849A (en) * 2013-12-19 2015-06-24 阿里巴巴集团控股有限公司 Method and system for conducting authentication on third-party application
CN104734849B (en) * 2013-12-19 2018-09-18 阿里巴巴集团控股有限公司 The method and system that third-party application is authenticated
CN104753755B (en) * 2013-12-26 2019-01-11 广州华多网络科技有限公司 System access method, device, applications client and IM background system
CN104753755A (en) * 2013-12-26 2015-07-01 广州华多网络科技有限公司 System access method, system access device, application client, and IM background system
WO2016101595A1 (en) * 2014-12-27 2016-06-30 华为技术有限公司 Method, apparatus and system for accessing third-party resource through application
CN104639548A (en) * 2015-02-03 2015-05-20 北京羽乐创新科技有限公司 Method and device for logging into application
CN106302490A (en) * 2016-08-23 2017-01-04 浪潮电子信息产业股份有限公司 Token-based Web session construction and service calling method
CN106528659A (en) * 2016-10-19 2017-03-22 广东欧珀移动通信有限公司 A control method and device for jumping from a browser to an application program
CN106528659B (en) * 2016-10-19 2019-12-31 Oppo广东移动通信有限公司 Control method and device for browser to jump to application program
CN106357799B (en) * 2016-10-20 2020-03-27 杭州东方通信软件技术有限公司 Service bus middleware system and calling method thereof
CN106357799A (en) * 2016-10-20 2017-01-25 杭州东方通信软件技术有限公司 Service bus intermediate system and calling method thereof
CN106453396A (en) * 2016-11-18 2017-02-22 传线网络科技(上海)有限公司 Double token account login method and login verification device
CN108234448A (en) * 2016-12-12 2018-06-29 Sap欧洲公司 A kind of mandate code stream for being applied in browser
CN108234448B (en) * 2016-12-12 2021-10-15 Sap欧洲公司 Authorized code stream for application in browser
CN108259432A (en) * 2016-12-29 2018-07-06 亿阳安全技术有限公司 A kind of management method of API Calls, equipment and system
CN109756452A (en) * 2017-11-03 2019-05-14 中国移动通信有限公司研究院 A kind of safety certifying method, device and computer readable storage medium
CN109818900A (en) * 2017-11-20 2019-05-28 高德软件有限公司 A kind of data management system and application server
CN108108223A (en) * 2017-11-30 2018-06-01 国网浙江省电力公司信息通信分公司 Container Management platform based on Kubernetes
CN108108223B (en) * 2017-11-30 2022-05-24 国网浙江省电力公司信息通信分公司 Kubernetes-based container management platform
WO2019148727A1 (en) * 2018-02-01 2019-08-08 平安科技(深圳)有限公司 Electronic device, redis-based exception warning method and storage medium
CN109815287A (en) * 2019-01-30 2019-05-28 网易(杭州)网络有限公司 A kind of data base access system
US11553352B2 (en) * 2019-02-28 2023-01-10 Ebay Inc. Complex composite tokens
US20230370852A1 (en) * 2019-02-28 2023-11-16 Ebay Inc. Complex composite tokens
US11758406B2 (en) * 2019-02-28 2023-09-12 Ebay Inc. Complex composite tokens
US20230052525A1 (en) * 2019-02-28 2023-02-16 Ebay Inc. Complex composite tokens
CN112099964A (en) * 2019-06-18 2020-12-18 北京思源政通科技集团有限公司 Interface calling method and device, storage medium and electronic device
US11916898B2 (en) 2019-07-19 2024-02-27 Ebay Inc. Multi-legged network attribution using tracking tokens and attribution stack
US11750598B2 (en) 2019-07-19 2023-09-05 Ebay Inc. Multi-legged network attribution using tracking tokens and attribution stack
CN112333134A (en) * 2019-08-05 2021-02-05 维萨国际服务协会 Cryptographically secure dynamic third party resources
CN110519309B (en) * 2019-10-15 2022-02-25 中国建设银行股份有限公司 Data transmission method, device, terminal, server and storage medium
CN110519309A (en) * 2019-10-15 2019-11-29 中国建设银行股份有限公司 Data transmission method, device, terminal, server and storage medium
CN111181728A (en) * 2019-12-24 2020-05-19 西安万像电子科技有限公司 Data processing method and device
CN111639319B (en) * 2020-06-02 2023-04-25 抖音视界有限公司 User resource authorization method, device and computer readable storage medium
CN111639319A (en) * 2020-06-02 2020-09-08 北京字节跳动网络技术有限公司 User resource authorization method, device and computer readable storage medium
CN112506647A (en) * 2020-11-19 2021-03-16 杭州电魂网络科技股份有限公司 Method, system, device and storage medium for load balancing of stateful servers
WO2022188683A1 (en) * 2021-03-12 2022-09-15 华为技术有限公司 Flexibly authorized access control method, and related apparatus and system
CN114650183A (en) * 2022-04-11 2022-06-21 远景智能国际私人投资有限公司 Resource management method, device, server and storage medium
WO2024065564A1 (en) * 2022-09-29 2024-04-04 北京小米移动软件有限公司 Api invoking method, apparatus, device, and storage medium
CN116980233A (en) * 2023-09-21 2023-10-31 宝略科技(浙江)有限公司 Authorization verification method, system and medium for discrete data high-frequency access
CN116980233B (en) * 2023-09-21 2024-01-30 宝略科技(浙江)有限公司 Authorization verification method and system for discrete data during high-frequency access

Also Published As

Publication number Publication date
CN102611709B (en) 2014-11-12

Similar Documents

Publication Publication Date Title
CN102611709A (en) Access control method and system for third party resources
CN111131242B (en) Authority control method, device and system
US10484385B2 (en) Accessing an application through application clients and web browsers
CN101647254B (en) Method and system for the provision of services for terminal devices
CN102771102B (en) The network of distribute digital content and management method
US8683226B2 (en) Automatic provisioning in mobile to mobile platforms
US20140380429A1 (en) Authority delegate system, authorization server system, control method, and program
KR102093574B1 (en) Method and apparatus for issuing assertions in a distributed database of a mobile communication network and personalizing Internet of Things devices
CN110602088A (en) Block chain-based right management method, block chain-based right management device, block chain-based right management equipment and block chain-based right management medium
CN104378342A (en) Multi-account verification method, device and system
CN104954330A (en) Method of accessing data resources, device and system
CN104869175A (en) Cross-platform account resource sharing implementation method, device and system
CN105450617A (en) Payment validation method, device and system
CN107005605A (en) Device identification in authorization of service
CN110069909B (en) Method and device for login of third-party system without secret
CN105554146A (en) Remote access method and device
CN105553920A (en) Data interaction method, apparatus, and system
CN105429979A (en) Cross-platform user certificating method and intelligent router, Internet surfing system
KR101824562B1 (en) Gateway and method for authentication
CN111259356B (en) Authorization method, auxiliary authorization component, management server and computer readable medium
CN105337967A (en) Method and system for achieving target server logging by user and central server
CN105162774A (en) Virtual machine login method and device used for terminal
FR3062768A1 (en) TECHNIQUE FOR OBTAINING A PROFILE OF ACCESS TO A NETWORK
CN106789987B (en) Method and system for single sign-on of multi-service interconnection APP (application) of mobile terminal
CN111010375A (en) Distributed authentication and authorization method for allowing third-party application to access resources

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
ASS Succession or assignment of patent right

Owner name: BEIJING QIHU TECHNOLOGY CO., LTD.

Free format text: FORMER OWNER: QIZHI SOFTWARE (BEIJING) CO., LTD.

Effective date: 20120918

Owner name: QIZHI SOFTWARE (BEIJING) CO., LTD.

Effective date: 20120918

C41 Transfer of patent application or patent right or utility model
COR Change of bibliographic data

Free format text: CORRECT: ADDRESS; FROM: 100016 CHAOYANG, BEIJING TO: 100088 XICHENG, BEIJING

TA01 Transfer of patent application right

Effective date of registration: 20120918

Address after: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park)

Applicant after: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Applicant after: Qizhi software (Beijing) Co.,Ltd.

Address before: The 4 layer 100016 unit of Beijing city Chaoyang District Jiuxianqiao Road No. 14 Building C

Applicant before: Qizhi software (Beijing) Co.,Ltd.

C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220725

Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015

Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee before: Qizhi software (Beijing) Co.,Ltd.

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20141112