CN103546489B - Method, server and system for authority control - Google Patents
Method, server and system for authority control Download PDFInfo
- Publication number
- CN103546489B CN103546489B CN201310542555.4A CN201310542555A CN103546489B CN 103546489 B CN103546489 B CN 103546489B CN 201310542555 A CN201310542555 A CN 201310542555A CN 103546489 B CN103546489 B CN 103546489B
- Authority
- CN
- China
- Prior art keywords
- authentication
- request
- business operation
- action type
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Abstract
The embodiment of the invention discloses a method, server and system for authority control. The method includes the steps that a service processing server receives a service operation request and determines the operation type of the service operation request; if determining that the operation type belongs to a predefined operation type, the service processing server sends an authentication request to an authority verifying server to make the authority verifying server to perform authentication on a sender of the service operation request; if receiving an instruction for executing the service operation request, the service processing server carries out the service operation corresponding to the service operation request. Because the operation type of the service operation request is determined by the server, when the operation type of the service operation request belongs to the predefined operation type, the operation of second-level authorization is initiated, and the service operation is carried out after the it is ensured that authorization is passed. According to the scheme, the type of an operator and the service corresponding to the service operation are separated, and thus flexible authority setting can be performed on the user, customized second-level authority setting can be achieved, and an application can be applied flexibly so as to promote the service.
Description
Technical field
The present invention relates to communication technical field, more particularly to a kind of authority control method, server and system.
Background technology
Authority refers to the restriction of functional authority scope, i.e. behavior.It is that incumbent is necessary in order to ensure effectively fulfiling for responsibility
Possess, the scope and degree of decision-making is carried out to certain item.
In communication technical field, it is often necessary to which the authority of user is audited, mode general at present is to operate
Type is bound with operator's type, in other words preserves the relation between action type and operator, specific as follows:Business
Processing server is after operation requests are received, it is first determined the type of operation, and the type of operator, it is then determined that operation
Type whether have the operation type authority, if then performing operation, otherwise just refusal operation.
By taking the concrete application in super large population management as an example.There is the manager of various authorities in one colony, each management
Member is different according to its type, and respective authority is also not quite similar.The super large colony owner manage colony when, part authority can under
Issue manager to use, this relates to the decentralization of sensitive permission.
In general the owner of group can have all permissions, that is to say the authority of maximum;It has been lowered the management of power
Member will have authorities more more than group members.
Above scheme carries out the control of all operations by Service Process Server, and according to operator's type authority control is carried out
System;Because business and operator's type are that authority binds together, it is unfavorable for customizing two grades of priority assignations.It is unfavorable for what is serviced
Upgrading and application.
The content of the invention
A kind of authority control method, server and system are embodiments provided, for realizing carrying out spirit to user
Priority assignation living, realizes the two grades of priority assignations for customizing, and flexible Application is obtained so as to lift service such that it is able to make to apply.
A kind of authority control method, including:
Service Process Server receives business operation request, and determines the action type of the business operation request;
Service Process Server if it is determined that the action type belongs to predefined action type, then to authentication service
Device sends authentication request, makes the authentication server authenticate the sender that the business operation is asked;
If the Service Process Server receives the instruction for performing the business operation request, the business behaviour is performed
Make the corresponding business operation of request.
A kind of authority control method, including:
Authentication server receives the authentication request from Service Process Server;The authentication request is by the business
Processing server receive business operation request, and determine business operation ask action type belong to predefined operation class
Send after type;
Authentication server is being received after the authentication request of Service Process Server, please to the business operation
The sender for asking is authenticated;
The authentication server passes through if it is determined that authenticating, then send to the Service Process Server and perform the industry
The instruction of business operation requests.
A kind of authority control method, including:
Business operation request is received, and determines the action type of the business operation request;
If it is determined that the action type belongs to predefined action type, then the sender to business operation request sends out
Send authentication to notify, and receive the authentication information that the sender of the business operation request returns;
If the authentication information is matched with the action type, it is determined that authentication pass through, and perform the business operation please
Seek corresponding business operation.
A kind of Service Process Server, including:
Service request receiving unit, for receiving business operation request;
Type determining units, for determining the behaviour of the business operation request that the service request receiving unit is received
Make type;
Authentication request transmitting element, for if it is determined that the action type belongs to predefined action type, then to authority
Examination & verification server sends authentication request, makes the authentication server reflect the sender that the business operation is asked
Power;
Receiving unit is indicated, for receiving the instruction for performing the business operation request;
Business performance element, if receiving the instruction for performing the business operation request for the instruction receiving unit,
Then perform the business operation and ask corresponding business operation.
A kind of authentication server, including:
Authentication request receiving unit, for receiving the authentication request from Service Process Server;The authentication request by
The Service Process Server receive business operation request, and determine business operation ask action type belong to predefined
Action type after send;
Authenticating unit, for receiving the authentication request from Service Process Server in the authentication request receiving unit
Afterwards, the sender of business operation request is authenticated;
Transmitting element is indicated, if determining that authentication passes through for the authenticating unit, is sent out to the Service Process Server
Send the instruction for performing the business operation request.
A kind of server, including:
Request reception unit, for receiving business operation request;Receive the authentication that the sender of business operation request returns
Information;
Type units are determined, for determining the operation class of the business operation request that the request reception unit is received
Type;
Transmitting element is notified, for if it is determined that the action type belongs to predefined action type, then to the business
The sender of operation requests sends authentication and notifies;
Authenticating unit, if matching with the action type for the authentication information, it is determined that authentication passes through;
Business unit is performed, if determining that authentication passes through for the authenticating unit, the business operation request is performed right
The business operation answered.
A kind of authority control system, including:Service Process Server and authentication server;
The Service Process Server is the Service Process Server of any one provided in an embodiment of the present invention, the power
Limit examination & verification server is the authentication server of any one provided in an embodiment of the present invention.
As can be seen from the above technical solutions, the embodiment of the present invention has advantages below:Business operation is determined by server
The action type of request, when predefined action type is belonged to, initiates the operation of secondary authentication, after it is determined that authentication passes through
Perform business operation.The program is separated the type of operator with the business corresponding to business operation, so can to
Family carries out flexible priority assignation, realizes the two grades of priority assignations for customizing, such that it is able to make using obtain flexible Application so as to
Lift service.
Description of the drawings
Technical scheme in order to be illustrated more clearly that the embodiment of the present invention, below will be to making needed for embodiment description
Accompanying drawing is briefly introduced, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this
For the those of ordinary skill in field, without having to pay creative labor, can be obtaining it according to these accompanying drawings
His accompanying drawing.
Fig. 1 is present invention method schematic flow sheet;
Fig. 2 is present invention method schematic flow sheet;
Fig. 3 is present invention method schematic flow sheet;
Fig. 4 is present invention method schematic flow sheet;
Fig. 5 is embodiment of the present invention insert window structural representation;
Fig. 6 is embodiment of the present invention Service Process Server structural representation;
Fig. 7 is embodiment of the present invention authentication server architecture schematic diagram;
Fig. 8 is embodiment of the present invention authentication server architecture schematic diagram;
Fig. 9 is embodiment of the present invention server architecture schematic diagram;
Figure 10 is embodiment of the present invention Service Process Server structural representation;
Figure 11 is embodiment of the present invention authentication server architecture schematic diagram;
Figure 12 is embodiment of the present invention server architecture schematic diagram;
Figure 13 is embodiment of the present invention system structure diagram.
Specific embodiment
In order that the object, technical solutions and advantages of the present invention are clearer, below in conjunction with accompanying drawing the present invention is made into
One step ground is described in detail, it is clear that described embodiment is only present invention some embodiments, rather than the enforcement of whole
Example.Based on the embodiment in the present invention, what those of ordinary skill in the art were obtained under the premise of creative work is not made
All other embodiment, belongs to the scope of protection of the invention.
A kind of authority control method is embodiments provided, the present embodiment method is in Service Process Server side reality
It is existing, as shown in figure 1, including:
101:Service Process Server receives business operation request, and determines the action type of above-mentioned business operation request;
Business operation request is the request for performing specific business operation for request, the business operation meeting that its request is performed
Attribute with action type, specific action type can be manually set.For example:The operation for delivering information can be just like:Send out
Table common language information, deliver literal with special effect information, deliver voice messaging, deliver acquiescence picture, deliver particular picture, deliver language
Sound etc.;Initiating colony's operation can be just like:Initiate group's voice, initiate group's video conference etc.;Can also be to other groups
The operation of member is such as:Delete common group members, delete specific group members, change group members title, member's class of setting group members
Type etc..Its specific operation requests has different business operation collection for different business;Business operation is concentrated, different
Business operation can there is a problem of sensitivity according to its object for operating, such as the behaviour in above illustrating to other group members
Make, and it is probably that sensitive needs are controlled to deliver the operation such as some information, therefore different business operations also has behaviour
Make the attribute of type.The attribute of action type, typically can be by fraction, it is also possible to which each business operation has action type
Attribute, not limits this embodiment of the present invention.Used as a citing, action type can be divided into sensitivity by the embodiment of the present invention
Operation and non-sensitive operation.Sensitive operation is defined:It is related to the management of sensitive operation, the distribution and recovery of such as manager, room
The business such as framework and title adjustment.
102:Service Process Server if it is determined that aforesaid operations type belongs to predefined action type, then to authentication
Server sends authentication request, makes above-mentioned authentication server authenticate the sender that above-mentioned business operation is asked;
Because the business operation to user needs to be controlled, then be accomplished by predefining that concrete which action type is needed
Be controlled and carry out which rank of other control, above-mentioned predefined action type, can carry out on demand it is preset, specifically such as
What preset embodiment of the present invention is not limited.Corresponding to different action types, it is possibility to have different authentication modes, for example:
Action type is classified, belongs to predetermined hierarchical categories, just using with only corresponding authentication mode, for example:Only using recognizing
The authentication of card code, using the authentication etc. of password.Authentication can be carried out by authentication server, it is also possible to by service server
Oneself is carried out, and the implementation authenticated using service server can be given in subsequent embodiment.If by authentication
Server is being authenticated, then action type this attribute can be carried in authentication request, specific as follows:Above-mentioned authentication please
Ask and carry aforesaid operations type, it is above-mentioned to make above-mentioned authentication server reflect the sender that above-mentioned business operation is asked
Power includes:Above-mentioned authentication server is set to carry out the sender that above-mentioned business operation is asked corresponding with aforesaid operations type
Authentication.
103:If above-mentioned Service Process Server receives the instruction for performing above-mentioned business operation request, above-mentioned industry is performed
The corresponding business operation of business operation requests.
The instruction of above-mentioned business operation request is more than performed, may refer to order property can also be that information informs class, example
Such as:Instruction performs above-mentioned business operation and asks corresponding business operation, or, inform the authenticating result of above-mentioned business operation request
Pass through for authentication, make service server know that can perform above-mentioned business operation asks corresponding business operation.Therefore on performing
Stating the instruction of business operation request can have many forms, and the specific form of expression does not affect the reality of the embodiment of the present invention
It is existing, therefore the embodiment of the present invention not restriction.
Above example, by server the action type that business operation is asked is determined, is belonging to predefined action type
When, the operation of secondary authentication is initiated, it is determined that authentication is by performing business operation later.The program is by the type and industry of operator
The corresponding business of business operation is separated, and flexible priority assignation so can be carried out to user, realizes two grades for customizing
Priority assignation, flexible Application is obtained so as to lift service such that it is able to make to apply.
The embodiment of the present invention additionally provides another kind of authority control method, and the present embodiment method is in authentication server one
Side realization, as shown in Fig. 2 including:
201:Authentication server receives the authentication request from Service Process Server;Above-mentioned authentication request is by above-mentioned
Service Process Server receive business operation request, and determine business operation ask action type belong to predefined behaviour
Make to be sent after type;
Business operation request is the request for performing specific business operation for request, the business operation meeting that its request is performed
Attribute with action type, specific action type can be manually set.For example:The operation for delivering information can be just like:Send out
Table common language information, deliver literal with special effect information, deliver voice messaging, deliver acquiescence picture, deliver particular picture, deliver language
Sound etc.;Initiating colony's operation can be just like:Initiate group's voice, initiate group's video conference etc.;Can also be to other groups
The operation of member is such as:Delete common group members, delete specific group members, change group members title, member's class of setting group members
Type etc..Its specific operation requests has different business operation collection for different business;Business operation is concentrated, different
Business operation can there is a problem of sensitivity according to its object for operating, such as the behaviour in above illustrating to other group members
Make, and it is probably that sensitive needs are controlled to deliver the operation such as some information, therefore different business operations also has behaviour
Make the attribute of type.The attribute of action type, typically can be by fraction, it is also possible to which each business operation has action type
Attribute, not limits this embodiment of the present invention.Used as a citing, action type can be divided into sensitivity by the embodiment of the present invention
Operation and non-sensitive operation.Sensitive operation is defined:It is related to the management of sensitive operation, the distribution and recovery of such as manager, room
The business such as framework and title adjustment.
202:Authentication server is being received after the authentication request of Service Process Server, and above-mentioned business is grasped
The sender that work is asked is authenticated;
Because the business operation to user needs to be controlled, then be accomplished by predefining that concrete which action type is needed
Be controlled and carry out which rank of other control, above-mentioned predefined action type, can carry out on demand it is preset, specifically such as
What preset embodiment of the present invention is not limited.Corresponding to different action types, it is possibility to have different authentication modes, for example:
Action type is classified, belongs to predetermined hierarchical categories, just using with only corresponding authentication mode, for example:Only using recognizing
The authentication of card code, using the authentication etc. of password.Authentication can be carried out by authentication server, it is also possible to by service server
Oneself is carried out, and the implementation authenticated using service server can be given in subsequent embodiment.If by authentication
Server is being authenticated, then action type this attribute can be carried in authentication request, specific as follows:If above-mentioned authentication
Request bag contains action type;Then the above-mentioned sender to the request of above-mentioned business operation carries out authentication includes:To above-mentioned business operation
The sender of request sends authentication and notifies, and receives the authentication information that the sender of above-mentioned business operation request returns, if above-mentioned
Authentication information action type matching corresponding with above-mentioned authentication request, it is determined that authentication passes through.
For the sender of operation requests, if it was once run the business operation for performing a certain type, then
It is that most probably have this authority always, in order to avoid repeatedly authentication causes the trouble of user operation, is believed also for reducing
The expense of order, the embodiment of the present invention can set certain actual effect to carry out the operator of service request control of authority, tool
The implementation of body can be as follows:Preferably, also include before being authenticated to the sender of above-mentioned business operation request:It is determined that
Before the sender of above-mentioned service request once authentication by whether within the scheduled time, if, it is determined that authentication passes through.
203:Above-mentioned authentication server passes through if it is determined that authenticating, then send to above-mentioned Service Process Server and perform
State the instruction of business operation request.
The instruction of above-mentioned business operation request is more than performed, may refer to order property can also be that information informs class, example
Such as:Instruction performs above-mentioned business operation and asks corresponding business operation, or, inform the authenticating result of above-mentioned business operation request
Pass through for authentication, make service server know that can perform above-mentioned business operation asks corresponding business operation.Therefore on performing
Stating the instruction of business operation request can have many forms, and the specific form of expression does not affect the reality of the embodiment of the present invention
It is existing, therefore the embodiment of the present invention not restriction.
Above example, by server the action type that business operation is asked is determined, is belonging to predefined action type
When, the operation of secondary authentication is initiated, it is determined that authentication is by performing business operation later.The program is by the type and industry of operator
The corresponding business of business operation is separated, and flexible priority assignation so can be carried out to user, realizes two grades for customizing
Priority assignation, flexible Application is obtained so as to lift service such that it is able to make to apply.
The embodiment of the present invention additionally provides another kind of authority control method, and the present embodiment method is realized in server side, phase
Than for above two embodiments, this embodiment scheme has intensive advantage;Above two embodiments then can be with mesh
Front server architecture is preferably merged, and those skilled in the art can be selected according to being actually needed for concrete application
With, as shown in figure 3, including:
301:Business operation request is received, and determines the action type of above-mentioned business operation request;
Business operation request is the request for performing specific business operation for request, the business operation meeting that its request is performed
Attribute with action type, specific action type can be manually set.For example:The operation for delivering information can be just like:Send out
Table common language information, deliver literal with special effect information, deliver voice messaging, deliver acquiescence picture, deliver particular picture, deliver language
Sound etc.;Initiating colony's operation can be just like:Initiate group's voice, initiate group's video conference etc.;Can also be to other groups
The operation of member is such as:Delete common group members, delete specific group members, change group members title, member's class of setting group members
Type etc..Its specific operation requests has different business operation collection for different business;Business operation is concentrated, different
Business operation can there is a problem of sensitivity according to its object for operating, such as the behaviour in above illustrating to other group members
Make, and it is probably that sensitive needs are controlled to deliver the operation such as some information, therefore different business operations also has behaviour
Make the attribute of type.The attribute of action type, typically can be by fraction, it is also possible to which each business operation has action type
Attribute, not limits this embodiment of the present invention.Used as a citing, action type can be divided into sensitivity by the embodiment of the present invention
Operation and non-sensitive operation.Sensitive operation is defined:It is related to the management of sensitive operation, the distribution and recovery of such as manager, room
The business such as framework and title adjustment.
302:If it is determined that aforesaid operations type belongs to predefined action type, then to the transmission of above-mentioned business operation request
Person sends authentication and notifies, and receives the authentication information that the sender of above-mentioned business operation request returns;
Because the business operation to user needs to be controlled, then be accomplished by predefining that concrete which action type is needed
Be controlled and carry out which rank of other control, above-mentioned predefined action type, can carry out on demand it is preset, specifically such as
What preset embodiment of the present invention is not limited.Corresponding to different action types, it is possibility to have different authentication modes, for example:
Action type is classified, belongs to predetermined hierarchical categories, just using with only corresponding authentication mode, for example:Only using recognizing
The authentication of card code, using the authentication etc. of password.
For the sender of operation requests, if it was once run the business operation for performing a certain type, then
It is that most probably have this authority always, in order to avoid repeatedly authentication causes the trouble of user operation, is believed also for reducing
The expense of order, the embodiment of the present invention can set certain actual effect to carry out the operator of service request control of authority, tool
The implementation of body can be as follows:Preferably, the above-mentioned sender to the request of above-mentioned business operation is sent before authentication is notified also
Including:Once authentication is determined before the sender of above-mentioned service request by whether within the scheduled time, if, it is determined that authentication
Pass through.
303:If above-mentioned authentication information and aforesaid operations type matching, it is determined that authentication passes through, and perform above-mentioned business behaviour
Make the corresponding business operation of request.
Above example, by server the action type that business operation is asked is determined, is belonging to predefined action type
When, the operation of secondary authentication is initiated, it is determined that authentication is by performing business operation later.The program is by the type and industry of operator
The corresponding business of business operation is separated, and flexible priority assignation so can be carried out to user, realizes two grades for customizing
Priority assignation, flexible Application is obtained so as to lift service such that it is able to make to apply.
Following examples will be described in detail by taking management and group as an example to embodiment of the present invention scheme, in this enforcement
In example, authentication operations are carried out using authentication server, previous embodiment has been described above:Realize in server side, compared to
The present embodiment for example have intensive advantage;The present embodiment then can be carried out preferably with current server architecture
Fusion, those skilled in the art can be selected according to being actually needed for concrete application, therefore the system architecture of the present embodiment
Should not be construed as unique a kind of framework of embodiment of the present invention scheme application.It is single in order to solve current control of authority, sensitivity power
The problems such as limiting stolen, the embodiment of the present invention adds secondary authentication plan on the basis of the control of authority using user type
Slightly.Refer to shown in Fig. 4, comprise the steps:
401:Client sends the business operation of requested service operation and asks to Service Process Server;
402:Service Process Server carries out sensitive permission judgement, it is determined whether belong to sensitive business operation;
403:In step 402 judged result is yes, it is determined that belong to sensitive business operation, then send authentication request to
Authentication server, request sensitive permission authentication;
In this step, can also to send sensitive operational information quick to ask to authentication server for service server
Sense authority authentication.Information its form of expression embodiment of the present invention that service server sends can be limited not.
404:Whether the authentication server authentication subscription authentication is in effective time, if it is, 405 are performed, otherwise
Perform 408;
Above-mentioned effective time can be configured according to concrete business, and the embodiment of the present invention is not limited this.
405:The authentication server authentication subscription authentication then initiates examination & verification order more than effective time to client,
Notify the secondary authentication of user;
406:Client to be received and point out user's checking authority after examination & verification order, after waiting user input authentication information, to
Authentication server sends the secondary authentication request of user, carries above-mentioned authentication information.
With common management administrator when room name piece is changed, if the owner in the room is provided with secondary purview certification, pipe
Reason operator interfaces occur room administrator password checking interface as shown in Figure 5.It is close that manager is only input into correct room management
Code, sensitive operation can just be awarded execution.Frequently point out to be input into password authentification when carrying out sensitive operation in order to avoid manager,
Sensitive operation can be carried out within a period of time after good authentication authority and need not again input password.
Show in Figure 5:1st, item:Password authentification;2nd, operation indicating:Please be input into administrator's password;3rd, input frame;Separately
Also show outward:Close, determine and cancel.Specific interface form can as desired be modified and extended, the present invention
Embodiment is not limited.
407:Authentication server carries out authentication verification, if authentication verification is by entering 408;Industry can otherwise be informed
Business server authentication does not pass through;
408:Authentication server sends to Service Process Server and instructs, and notifies that service server business is performed;
409:Service server to have been processed and return business operation result to client after business.
In above example, if step 404 is if it is determined that in effective time, can directly determine that authentication passes through, then
Step 405 and step 406 can be without carrying out, step 409 also can be without carrying out the step of.
Above example verifies sensitive operation using simple and reliable secondary audit policy, by ejecting identifying code window
The authentication mechanism of this plug-in unit, can support miscellaneous service, and lift Consumer's Experience.
The embodiment of the present invention additionally provides a kind of Service Process Server, as shown in fig. 6, including:
Service request receiving unit 601, for receiving business operation request;
Type determining units 602, for determining that the above-mentioned business operation that above-mentioned service request receiving unit 601 is received please
The action type asked;
Authentication request transmitting element 603, for if it is determined that aforesaid operations type belongs to predefined action type, then to power
Limit examination & verification server sends authentication request, makes above-mentioned authentication server reflect the sender that above-mentioned business operation is asked
Power;
Receiving unit 604 is indicated, for receiving the instruction for performing above-mentioned business operation request;
Business performance element 605, if receive performing above-mentioned business operation request for above-mentioned instruction receiving unit 604
Indicate, then perform above-mentioned business operation and ask corresponding business operation.
In the embodiment of the present invention, business operation request is the request for performing specific business operation for request, its request
The business operation of execution can have the attribute of action type, and specific action type can be manually set.For example:Deliver information
Operation can be just like:Common language information is delivered, literal with special effect information is delivered, is delivered voice messaging, deliver acquiescence picture, deliver
Particular picture, delivers voice etc.;Initiating colony's operation can be just like:Initiate group's voice, initiate group's video conference etc.;May be used also
Be the operation to other group members such as:Delete common group members, delete specific group members, change group members title, setting
Member type of group members etc..Its specific operation requests has different business operation collection for different business;Industry
In business operation set, can there is sensitivity in different business operations according to its object for operating, such as right in above illustrating
The operation of other group members, and it is probably that sensitive needs are controlled to deliver the operation such as some information, therefore it is different
Business operation also has the attribute of action type.The attribute of action type, typically can be by fraction, it is also possible to each business operation
There is the attribute of an action type, this embodiment of the present invention is not limited.Used as a citing, the embodiment of the present invention can be by
Action type is divided into sensitive operation and non-sensitive operation.Sensitive operation is defined:It is related to the management of sensitive operation, such as manager's
Distribution and recovery, the business such as room framework and title adjustment.
The instruction of above-mentioned business operation request is more than performed, may refer to order property can also be that information informs class, example
Such as:Instruction performs above-mentioned business operation and asks corresponding business operation, or, inform the authenticating result of above-mentioned business operation request
Pass through for authentication, make service server know that can perform above-mentioned business operation asks corresponding business operation.Therefore on performing
Stating the instruction of business operation request can have many forms, and the specific form of expression does not affect the reality of the embodiment of the present invention
It is existing, therefore the embodiment of the present invention not restriction.
Above example, by server the action type that business operation is asked is determined, is belonging to predefined action type
When, the operation of secondary authentication is initiated, it is determined that authentication is by performing business operation later.The program is by the type and industry of operator
The corresponding business of business operation is separated, and flexible priority assignation so can be carried out to user, realizes two grades for customizing
Priority assignation, flexible Application is obtained so as to lift service such that it is able to make to apply.
Because the business operation to user needs to be controlled, then be accomplished by predefining that concrete which action type is needed
Be controlled and carry out which rank of other control, above-mentioned predefined action type, can carry out on demand it is preset, specifically such as
What preset embodiment of the present invention is not limited.Corresponding to different action types, it is possibility to have different authentication modes, for example:
Action type is classified, belongs to predetermined hierarchical categories, just using with only corresponding authentication mode, for example:Only using recognizing
The authentication of card code, using the authentication etc. of password.Authentication can be carried out by authentication server, it is also possible to by service server
Oneself is carried out, and the implementation authenticated using service server can be given in subsequent embodiment.If by authentication
Server is being authenticated, then action type this attribute can be carried in authentication request, specific as follows:Alternatively, on
Authentication request transmitting element 603 is stated, for sending the authentication request for carrying aforesaid operations type, above-mentioned authentication service is made
Device carries out authentication corresponding with aforesaid operations type to the sender that above-mentioned business operation is asked.
The embodiment of the present invention additionally provides a kind of authentication server, as shown in fig. 7, comprises:
Authentication request receiving unit 701, for receiving the authentication request from Service Process Server;Above-mentioned authentication request
By above-mentioned Service Process Server receive business operation request, and determine business operation ask action type belong to predetermined
Send after the action type of justice;
Authenticating unit 702, for receiving the mirror from Service Process Server in above-mentioned authentication request receiving unit 701
After power request, the sender of above-mentioned business operation request is authenticated;
Transmitting element 703 is indicated, if determining that authentication passes through for above-mentioned authenticating unit 702, to above-mentioned Business Processing clothes
Business device sends the instruction for performing above-mentioned business operation request.
Business operation request is the request for performing specific business operation for request, the business operation meeting that its request is performed
Attribute with action type, specific action type can be manually set.For example:The operation for delivering information can be just like:Send out
Table common language information, deliver literal with special effect information, deliver voice messaging, deliver acquiescence picture, deliver particular picture, deliver language
Sound etc.;Initiating colony's operation can be just like:Initiate group's voice, initiate group's video conference etc.;Can also be to other groups
The operation of member is such as:Delete common group members, delete specific group members, change group members title, member's class of setting group members
Type etc..Its specific operation requests has different business operation collection for different business;Business operation is concentrated, different
Business operation can there is a problem of sensitivity according to its object for operating, such as the behaviour in above illustrating to other group members
Make, and it is probably that sensitive needs are controlled to deliver the operation such as some information, therefore different business operations also has behaviour
Make the attribute of type.The attribute of action type, typically can be by fraction, it is also possible to which each business operation has action type
Attribute, not limits this embodiment of the present invention.Used as a citing, action type can be divided into sensitivity by the embodiment of the present invention
Operation and non-sensitive operation.Sensitive operation is defined:It is related to the management of sensitive operation, the distribution and recovery of such as manager, room
The business such as framework and title adjustment.
The instruction of above-mentioned business operation request is more than performed, may refer to order property can also be that information informs class, example
Such as:Instruction performs above-mentioned business operation and asks corresponding business operation, or, inform the authenticating result of above-mentioned business operation request
Pass through for authentication, make service server know that can perform above-mentioned business operation asks corresponding business operation.Therefore on performing
Stating the instruction of business operation request can have many forms, and the specific form of expression does not affect the reality of the embodiment of the present invention
It is existing, therefore the embodiment of the present invention not restriction.
Above example, by server the action type that business operation is asked is determined, is belonging to predefined action type
When, the operation of secondary authentication is initiated, it is determined that authentication is by performing business operation later.The program is by the type and industry of operator
The corresponding business of business operation is separated, and flexible priority assignation so can be carried out to user, realizes two grades for customizing
Priority assignation, flexible Application is obtained so as to lift service such that it is able to make to apply.
Because the business operation to user needs to be controlled, then be accomplished by predefining that concrete which action type is needed
Be controlled and carry out which rank of other control, above-mentioned predefined action type, can carry out on demand it is preset, specifically such as
What preset embodiment of the present invention is not limited.Corresponding to different action types, it is possibility to have different authentication modes, for example:
Action type is classified, belongs to predetermined hierarchical categories, just using with only corresponding authentication mode, for example:Only using recognizing
The authentication of card code, using the authentication etc. of password.Authentication can be carried out by authentication server, it is also possible to by service server
Oneself is carried out, and the implementation authenticated using service server can be given in subsequent embodiment.If by authentication
Server is being authenticated, then action type this attribute can be carried in authentication request, specific as follows:Alternatively, such as
Shown in Fig. 8, above-mentioned authenticating unit 702 includes:Authentication notifies transmitting element 801 and authentication subelement 802;
Above-mentioned authentication notifies transmitting element 801, if the authentication request received for above-mentioned authentication request receiving unit 701
Comprising action type, then send authentication to the sender of above-mentioned business operation request and notify;
Authentication subelement 802, for determining the authentication information that the sender of above-mentioned business operation request returns, if with it is upper
The corresponding action type matching of authentication request is stated, if, it is determined that authentication passes through.
For the sender of operation requests, if it was once run the business operation for performing a certain type, then
It is that most probably have this authority always, in order to avoid repeatedly authentication causes the trouble of user operation, is believed also for reducing
The expense of order, the embodiment of the present invention can set certain actual effect to carry out the operator of service request control of authority, tool
The implementation of body can be as follows:Preferably, further, above-mentioned authenticating unit 702, is additionally operable to asking above-mentioned business operation
Before the sender for asking is authenticated, determine before the sender of above-mentioned service request once authentication by whether the scheduled time it
It is interior, if, it is determined that authentication passes through.
The embodiment of the present invention additionally provides a kind of server, as shown in figure 9, including:
Request reception unit 901, for receiving business operation request;Receive the mirror that the sender of business operation request returns
Power information;
Type units 902 are determined, for determining the above-mentioned business operation request that above-mentioned request reception unit 901 is received
Action type;
Transmitting element 903 is notified, for if it is determined that aforesaid operations type belongs to predefined action type, then to above-mentioned industry
The sender of business operation requests sends authentication and notifies;
Authenticating unit 904, if for above-mentioned authentication information and aforesaid operations type matching, it is determined that authentication passes through;
Business unit 905 is performed, if determining that authentication passes through for above-mentioned authenticating unit 904, above-mentioned business operation is performed
Ask corresponding business operation.
Business operation request in the embodiment of the present invention is the request for performing specific business operation for request, its request
The business operation of execution can have the attribute of action type, and specific action type can be manually set.For example:Deliver information
Operation can be just like:Common language information is delivered, literal with special effect information is delivered, is delivered voice messaging, deliver acquiescence picture, deliver
Particular picture, delivers voice etc.;Initiating colony's operation can be just like:Initiate group's voice, initiate group's video conference etc.;May be used also
Be the operation to other group members such as:Delete common group members, delete specific group members, change group members title, setting
Member type of group members etc..Its specific operation requests has different business operation collection for different business;Industry
In business operation set, can there is sensitivity in different business operations according to its object for operating, such as right in above illustrating
The operation of other group members, and it is probably that sensitive needs are controlled to deliver the operation such as some information, therefore it is different
Business operation also has the attribute of action type.The attribute of action type, typically can be by fraction, it is also possible to each business operation
There is the attribute of an action type, this embodiment of the present invention is not limited.Used as a citing, the embodiment of the present invention can be by
Action type is divided into sensitive operation and non-sensitive operation.Sensitive operation is defined:It is related to the management of sensitive operation, such as manager's
Distribution and recovery, the business such as room framework and title adjustment.
Above example, by server the action type that business operation is asked is determined, is belonging to predefined action type
When, the operation of secondary authentication is initiated, it is determined that authentication is by performing business operation later.The program is by the type and industry of operator
The corresponding business of business operation is separated, and flexible priority assignation so can be carried out to user, realizes two grades for customizing
Priority assignation, flexible Application is obtained so as to lift service such that it is able to make to apply.
Because the business operation to user needs to be controlled, then be accomplished by predefining that concrete which action type is needed
Be controlled and carry out which rank of other control, above-mentioned predefined action type, can carry out on demand it is preset, specifically such as
What preset embodiment of the present invention is not limited.Corresponding to different action types, it is possibility to have different authentication modes, for example:
Action type is classified, belongs to predetermined hierarchical categories, just using with only corresponding authentication mode, for example:Only using recognizing
The authentication of card code, using the authentication etc. of password.
For the sender of operation requests, if it was once run the business operation for performing a certain type, then
It is that most probably have this authority always, in order to avoid repeatedly authentication causes the trouble of user operation, is believed also for reducing
The expense of order, the embodiment of the present invention can set certain actual effect to carry out the operator of service request control of authority, tool
The implementation of body can be as follows:Alternatively, above-mentioned authenticating unit 904, is additionally operable in above-mentioned notice transmitting element 903 to above-mentioned
The sender of business operation request is sent before authentication notice, is determined and once authenticated by being before the sender of above-mentioned service request
It is no within the scheduled time, if, it is determined that authentication pass through.
The embodiment of the present invention additionally provides another kind of Service Process Server, as shown in Figure 10, including:Receptor 1001,
Emitter 1002, processor 1003 and memorizer 1004;
Wherein above-mentioned processor 1003, for control business operation request is received, and determines above-mentioned business operation request
Action type;If it is determined that aforesaid operations type belongs to predefined action type, then sending authentication to authentication server please
Ask, make above-mentioned authentication server authenticate the sender that above-mentioned business operation is asked;Above-mentioned Service Process Server
If receiving the instruction for performing above-mentioned business operation request, perform above-mentioned business operation and ask corresponding business operation.
In the embodiment of the present invention, business operation request is the request for performing specific business operation for request, its request
The business operation of execution can have the attribute of action type, and specific action type can be manually set.For example:Deliver information
Operation can be just like:Common language information is delivered, literal with special effect information is delivered, is delivered voice messaging, deliver acquiescence picture, deliver
Particular picture, delivers voice etc.;Initiating colony's operation can be just like:Initiate group's voice, initiate group's video conference etc.;May be used also
Be the operation to other group members such as:Delete common group members, delete specific group members, change group members title, setting
Member type of group members etc..Its specific operation requests has different business operation collection for different business;Industry
In business operation set, can there is sensitivity in different business operations according to its object for operating, such as right in above illustrating
The operation of other group members, and it is probably that sensitive needs are controlled to deliver the operation such as some information, therefore it is different
Business operation also has the attribute of action type.The attribute of action type, typically can be by fraction, it is also possible to each business operation
There is the attribute of an action type, this embodiment of the present invention is not limited.Used as a citing, the embodiment of the present invention can be by
Action type is divided into sensitive operation and non-sensitive operation.Sensitive operation is defined:It is related to the management of sensitive operation, such as manager's
Distribution and recovery, the business such as room framework and title adjustment.
The instruction of above-mentioned business operation request is more than performed, may refer to order property can also be that information informs class, example
Such as:Instruction performs above-mentioned business operation and asks corresponding business operation, or, inform the authenticating result of above-mentioned business operation request
Pass through for authentication, make service server know that can perform above-mentioned business operation asks corresponding business operation.Therefore on performing
Stating the instruction of business operation request can have many forms, and the specific form of expression does not affect the reality of the embodiment of the present invention
It is existing, therefore the embodiment of the present invention not restriction.
Above example, by server the action type that business operation is asked is determined, is belonging to predefined action type
When, the operation of secondary authentication is initiated, it is determined that authentication is by performing business operation later.The program is by the type and industry of operator
The corresponding business of business operation is separated, and flexible priority assignation so can be carried out to user, realizes two grades for customizing
Priority assignation, flexible Application is obtained so as to lift service such that it is able to make to apply.
Because the business operation to user needs to be controlled, then be accomplished by predefining that concrete which action type is needed
Be controlled and carry out which rank of other control, above-mentioned predefined action type, can carry out on demand it is preset, specifically such as
What preset embodiment of the present invention is not limited.Corresponding to different action types, it is possibility to have different authentication modes, for example:
Action type is classified, belongs to predetermined hierarchical categories, just using with only corresponding authentication mode, for example:Only using recognizing
The authentication of card code, using the authentication etc. of password.Authentication can be carried out by authentication server, it is also possible to by service server
Oneself is carried out, and the implementation authenticated using service server can be given in subsequent embodiment.If by authentication
Server is being authenticated, then action type this attribute can be carried in authentication request, specific as follows:Alternatively, on
Processor 1003 is stated, it is above-mentioned to make above-mentioned authentication server pair if carrying aforesaid operations type for above-mentioned authentication request
The sender of above-mentioned business operation request carries out authentication to be included:Make what above-mentioned authentication server was asked above-mentioned business operation
Sender carries out authentication corresponding with aforesaid operations type.
The embodiment of the present invention additionally provides another kind of authentication server, as shown in figure 11, including:Receptor 1101,
Emitter 1102, processor 1103 and memorizer 1104;
Wherein above-mentioned processor 1103, for control the authentication request from Service Process Server is received;Above-mentioned authentication
Request by above-mentioned Service Process Server receive business operation request, and determine business operation ask action type belong to
Send after predefined action type;Authentication server receiving after the authentication request of Service Process Server,
The sender of above-mentioned business operation request is authenticated;Above-mentioned authentication server if it is determined that authentication passes through, then to above-mentioned
Service Process Server sends the instruction for performing above-mentioned business operation request.
Business operation request is the request for performing specific business operation for request, the business operation meeting that its request is performed
Attribute with action type, specific action type can be manually set.For example:The operation for delivering information can be just like:Send out
Table common language information, deliver literal with special effect information, deliver voice messaging, deliver acquiescence picture, deliver particular picture, deliver language
Sound etc.;Initiating colony's operation can be just like:Initiate group's voice, initiate group's video conference etc.;Can also be to other groups
The operation of member is such as:Delete common group members, delete specific group members, change group members title, member's class of setting group members
Type etc..Its specific operation requests has different business operation collection for different business;Business operation is concentrated, different
Business operation can there is a problem of sensitivity according to its object for operating, such as the behaviour in above illustrating to other group members
Make, and it is probably that sensitive needs are controlled to deliver the operation such as some information, therefore different business operations also has behaviour
Make the attribute of type.The attribute of action type, typically can be by fraction, it is also possible to which each business operation has action type
Attribute, not limits this embodiment of the present invention.Used as a citing, action type can be divided into sensitivity by the embodiment of the present invention
Operation and non-sensitive operation.Sensitive operation is defined:It is related to the management of sensitive operation, the distribution and recovery of such as manager, room
The business such as framework and title adjustment.
The instruction of above-mentioned business operation request is more than performed, may refer to order property can also be that information informs class, example
Such as:Instruction performs above-mentioned business operation and asks corresponding business operation, or, inform the authenticating result of above-mentioned business operation request
Pass through for authentication, make service server know that can perform above-mentioned business operation asks corresponding business operation.Therefore on performing
Stating the instruction of business operation request can have many forms, and the specific form of expression does not affect the reality of the embodiment of the present invention
It is existing, therefore the embodiment of the present invention not restriction.
Above example, by server the action type that business operation is asked is determined, is belonging to predefined action type
When, the operation of secondary authentication is initiated, it is determined that authentication is by performing business operation later.The program is by the type and industry of operator
The corresponding business of business operation is separated, and flexible priority assignation so can be carried out to user, realizes two grades for customizing
Priority assignation, flexible Application is obtained so as to lift service such that it is able to make to apply.
Because the business operation to user needs to be controlled, then be accomplished by predefining that concrete which action type is needed
Be controlled and carry out which rank of other control, above-mentioned predefined action type, can carry out on demand it is preset, specifically such as
What preset embodiment of the present invention is not limited.Corresponding to different action types, it is possibility to have different authentication modes, for example:
Action type is classified, belongs to predetermined hierarchical categories, just using with only corresponding authentication mode, for example:Only using recognizing
The authentication of card code, using the authentication etc. of password.Authentication can be carried out by authentication server, it is also possible to by service server
Oneself is carried out, and the implementation authenticated using service server can be given in subsequent embodiment.If by authentication
Server is being authenticated, then action type this attribute can be carried in authentication request, specific as follows:Above-mentioned processor
1103, if including action type for above-mentioned authentication request;Then the above-mentioned sender to the request of above-mentioned business operation authenticates
Including:Authentication is sent to the sender of above-mentioned business operation request to notify, and receive the sender of above-mentioned business operation request return
The authentication information for returning, if the action type matching corresponding with above-mentioned authentication request of above-mentioned authentication information, it is determined that authentication passes through.
For the sender of operation requests, if it was once run the business operation for performing a certain type, then
It is that most probably have this authority always, in order to avoid repeatedly authentication causes the trouble of user operation, is believed also for reducing
The expense of order, the embodiment of the present invention can set certain actual effect to carry out the operator of service request control of authority, tool
The implementation of body can be as follows:Preferably, above-mentioned processor 1103, is additionally operable in the sender asked above-mentioned business operation
Before being authenticated, once authentication is determined before the sender of above-mentioned service request by whether within the scheduled time, if so, then
It is determined that authentication passes through.
The embodiment of the present invention additionally provides another kind of server, as shown in figure 12, including:Receptor 1201, emitter
1202nd, processor 1203 and memorizer 1204;
Wherein above-mentioned processor 1203, for control business operation request is received, and determines above-mentioned business operation request
Action type;If it is determined that aforesaid operations type belongs to predefined action type, then to the sender of above-mentioned business operation request
Send authentication to notify, and receive the authentication information that the sender of above-mentioned business operation request returns;If above-mentioned authentication information with it is upper
State action type matching, it is determined that authentication passes through, and perform above-mentioned business operation and ask corresponding business operation.
Business operation request in the embodiment of the present invention is the request for performing specific business operation for request, its request
The business operation of execution can have the attribute of action type, and specific action type can be manually set.For example:Deliver information
Operation can be just like:Common language information is delivered, literal with special effect information is delivered, is delivered voice messaging, deliver acquiescence picture, deliver
Particular picture, delivers voice etc.;Initiating colony's operation can be just like:Initiate group's voice, initiate group's video conference etc.;May be used also
Be the operation to other group members such as:Delete common group members, delete specific group members, change group members title, setting
Member type of group members etc..Its specific operation requests has different business operation collection for different business;Industry
In business operation set, can there is sensitivity in different business operations according to its object for operating, such as right in above illustrating
The operation of other group members, and it is probably that sensitive needs are controlled to deliver the operation such as some information, therefore it is different
Business operation also has the attribute of action type.The attribute of action type, typically can be by fraction, it is also possible to each business operation
There is the attribute of an action type, this embodiment of the present invention is not limited.Used as a citing, the embodiment of the present invention can be by
Action type is divided into sensitive operation and non-sensitive operation.Sensitive operation is defined:It is related to the management of sensitive operation, such as manager's
Distribution and recovery, the business such as room framework and title adjustment.
Above example, by server the action type that business operation is asked is determined, is belonging to predefined action type
When, the operation of secondary authentication is initiated, it is determined that authentication is by performing business operation later.The program is by the type and industry of operator
The corresponding business of business operation is separated, and flexible priority assignation so can be carried out to user, realizes two grades for customizing
Priority assignation, flexible Application is obtained so as to lift service such that it is able to make to apply.
Because the business operation to user needs to be controlled, then be accomplished by predefining that concrete which action type is needed
Be controlled and carry out which rank of other control, above-mentioned predefined action type, can carry out on demand it is preset, specifically such as
What preset embodiment of the present invention is not limited.Corresponding to different action types, it is possibility to have different authentication modes, for example:
Action type is classified, belongs to predetermined hierarchical categories, just using with only corresponding authentication mode, for example:Only using recognizing
The authentication of card code, using the authentication etc. of password.
For the sender of operation requests, if it was once run the business operation for performing a certain type, then
It is that most probably have this authority always, in order to avoid repeatedly authentication causes the trouble of user operation, is believed also for reducing
The expense of order, the embodiment of the present invention can set certain actual effect to carry out the operator of service request control of authority, tool
The implementation of body can be as follows:Above-mentioned processor 1203, is additionally operable to the above-mentioned sender to the request of above-mentioned business operation and sends
Before authentication is notified, once authentication is determined before the sender of above-mentioned service request by whether within the scheduled time, if so, then
It is determined that authentication passes through.
The embodiment of the present invention additionally provides a kind of authority control system, as shown in figure 13, including:Service Process Server
1301 and authentication server 1302;
Wherein, above-mentioned Service Process Server 1301 is the Business Processing service of any one provided in an embodiment of the present invention
Device, above-mentioned authentication server 1302 is the authentication server of any one provided in an embodiment of the present invention.
The action type that business operation is asked is determined by server, when predefined action type is belonged to, is initiated secondary
The operation of authentication, it is determined that authentication is by performing business operation later.The program is right with business operation institute by the type of operator
The business answered is separated, and flexible priority assignation so can be carried out to user, realizes the two grades of priority assignations for customizing, from
And application can be made to obtain flexible Application so as to lift service.
It should be noted that in above-mentioned server, authentication server and Service Process Server embodiment, being wrapped
The unit for including simply is divided according to function logic, but is not limited to above-mentioned division, as long as phase can be realized
The function of answering;In addition, the specific name of each functional unit is also only to facilitate mutually differentiation, is not limited to this
Bright protection domain.
In addition, one of ordinary skill in the art will appreciate that realizing all or part of step in above-mentioned each method embodiment
The hardware that program be can be by instruct correlation is completed, and corresponding program can be stored in a kind of computer-readable recording medium
In, storage medium mentioned above can be read only memory, disk or CD etc..
The present invention preferably specific embodiment is these are only, but protection scope of the present invention is not limited thereto, it is any
Those familiar with the art the change that can readily occur in or replaces in the technical scope that the embodiment of the present invention is disclosed
Change, all should be included within the scope of the present invention.Therefore, protection scope of the present invention should be with the protection model of claim
Enclose and be defined.
Claims (15)
1. a kind of authority control method, it is characterised in that include:
Service Process Server receives business operation request, and determines the action type of the business operation request;
Service Process Server is then sent out if it is determined that the action type belongs to predefined action type to authentication server
Authentication request is sent, makes the authentication server authenticate the sender that the business operation is asked;Wherein, it is described pre-
The action type of definition includes the action type that needs preset on demand are controlled;
If the Service Process Server receives the instruction for performing the business operation request, performing the business operation please
Seek corresponding business operation.
2. method according to claim 1, it is characterised in that the authentication request carries the action type, described to make
The authentication server carries out authentication to the sender that the business operation is asked to be included:
The authentication server is set to carry out mirror corresponding with the action type to the sender that the business operation is asked
Power.
3. a kind of authority control method, it is characterised in that include:
Authentication server receives the authentication request from Service Process Server;The authentication request is by the Business Processing
Server receive business operation request, and determine business operation ask action type belong to after predefined action type
Send;Wherein, the predefined action type includes the action type that needs preset on demand are controlled;
Authentication server is being received after the authentication request of Service Process Server, to business operation request
Sender is authenticated;
The authentication server passes through if it is determined that authenticating, then send to the Service Process Server and perform the business behaviour
The instruction that work is asked.
4. method according to claim 3, it is characterised in that if the authentication request includes action type;It is then described to institute
Stating the sender of business operation request carries out authentication and includes:
Authentication is sent to the sender of business operation request to notify, and receive the sender of the business operation request return
Authentication information, if the matching of the authentication information corresponding with authentication request action type, it is determined that authentication passes through.
5. according to the methods described of claim 3 or 4, it is characterised in that the sender of business operation request is authenticated
Also include before:
Once authentication is determined before the sender of the service request by whether within the scheduled time, if, it is determined that authentication
Pass through.
6. a kind of authority control method, it is characterised in that include:
Business operation request is received, and determines the action type of the business operation request;
If it is determined that the action type belongs to predefined action type, then the sender to business operation request sends mirror
Power is notified, and receives the authentication information that the sender of the business operation request returns;Wherein, the predefined action type
Including the action type that needs preset on demand are controlled;
If the authentication information is matched with the action type, it is determined that authentication passes through, and it is right to perform the business operation request
The business operation answered.
7. method according to claim 6, it is characterised in that the sender to business operation request sends authentication
Also include before notice:
Once authentication is determined before the sender of the service request by whether within the scheduled time, if, it is determined that authentication
Pass through.
8. a kind of Service Process Server, it is characterised in that include:
Service request receiving unit, for receiving business operation request;
Type determining units, for determining the operation class of the business operation request that the service request receiving unit is received
Type;
Authentication request transmitting element, for if it is determined that the action type belongs to predefined action type, then to authentication
Server sends authentication request, makes the authentication server authenticate the sender that the business operation is asked;Its
In, the predefined action type includes the action type that needs preset on demand are controlled;
Receiving unit is indicated, for receiving the instruction for performing the business operation request;
Business performance element, if receiving the instruction for performing the business operation request for the instruction receiving unit, holds
The row business operation asks corresponding business operation.
9. Service Process Server according to claim 8, it is characterised in that
The authentication request transmitting element, for sending the authentication request for carrying the action type, makes the authentication
Server carries out authentication corresponding with the action type to the sender that the business operation is asked.
10. a kind of authentication server, it is characterised in that include:
Authentication request receiving unit, for receiving the authentication request from Service Process Server;The authentication request is by described
Service Process Server receive business operation request, and determine business operation ask action type belong to predefined behaviour
Make to be sent after type;Wherein, the predefined action type includes the action type that needs preset on demand are controlled;
Authenticating unit, for receiving after the authentication request of Service Process Server in the authentication request receiving unit,
The sender of business operation request is authenticated;
Transmitting element is indicated, if determining that authentication passes through for the authenticating unit, is sent to the Service Process Server and is held
The instruction of the row business operation request.
11. authentication servers according to claim 10, it is characterised in that the authenticating unit includes:Authentication is notified
Transmitting element and authentication subelement;
The authentication notifies transmitting element, if including operation class for the authentication request that the authentication request receiving unit is received
Type, then send authentication and notify to the sender of business operation request;
Authentication subelement, for determining the authentication information that the sender of the business operation request returns, if with the authentication
Corresponding action type is asked to match, if, it is determined that authentication passes through.
12. according to claim 10 or 11 authentication server, it is characterised in that
The authenticating unit, was additionally operable to before the sender asked the business operation authenticates, and determined the business
Before the sender of request once authentication by whether within the scheduled time, if, it is determined that authentication passes through.
13. a kind of servers, it is characterised in that include:
Request reception unit, for receiving business operation request;Receive the authentication information that the sender of business operation request returns;
Type units are determined, for determining the action type of the business operation request that the request reception unit is received;
Transmitting element is notified, for if it is determined that the action type belongs to predefined action type, then to the business operation
The sender of request sends authentication and notifies;Wherein, the predefined action type is controlled including needs preset on demand
Action type;
Authenticating unit, if matching with the action type for the authentication information, it is determined that authentication passes through;
Business unit is performed, if determining that authentication passes through for the authenticating unit, the business operation request is performed corresponding
Business operation.
14. according to claim 13 server, it is characterised in that
The authenticating unit, is additionally operable to send to authenticate to the sender that the business operation is asked in the notice transmitting element lead to
Before knowing, once authentication is determined before the sender of the service request by whether within the scheduled time, if, it is determined that mirror
Power passes through.
A kind of 15. authority control systems, including:Service Process Server and authentication server, it is characterised in that the industry
Business processing server is the Service Process Server described in claim 8 or 9, and the authentication server is claim 10
Authentication server described in~13 any one.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310542555.4A CN103546489B (en) | 2013-11-05 | 2013-11-05 | Method, server and system for authority control |
PCT/CN2014/090216 WO2015067163A1 (en) | 2013-11-05 | 2014-11-04 | Method, server and system for controling authority |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310542555.4A CN103546489B (en) | 2013-11-05 | 2013-11-05 | Method, server and system for authority control |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103546489A CN103546489A (en) | 2014-01-29 |
CN103546489B true CN103546489B (en) | 2017-05-03 |
Family
ID=49969536
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310542555.4A Active CN103546489B (en) | 2013-11-05 | 2013-11-05 | Method, server and system for authority control |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN103546489B (en) |
WO (1) | WO2015067163A1 (en) |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105205388B (en) * | 2014-06-05 | 2019-03-15 | 腾讯科技(深圳)有限公司 | A kind of right management method and system of application program |
CN104270526A (en) * | 2014-09-29 | 2015-01-07 | 广东欧珀移动通信有限公司 | Data traffic control method and system for mobile terminal |
CN104301328A (en) * | 2014-10-29 | 2015-01-21 | 北京思特奇信息技术股份有限公司 | Resource operation safety authentication method and system under cloud calculation environment |
CN106982187B (en) * | 2016-01-15 | 2020-12-01 | 中兴通讯股份有限公司 | Resource authorization method and device |
CN108268798B (en) * | 2017-06-30 | 2023-09-05 | 勤智数码科技股份有限公司 | Data item authority allocation method and system |
CN108566327B (en) * | 2018-01-09 | 2021-11-30 | 徐玉强 | Data processing method and device for chat application |
CN109740328B (en) * | 2019-01-08 | 2021-07-02 | 广州虎牙信息科技有限公司 | Authority identification method and device, computer equipment and storage medium |
CN110795709B (en) * | 2019-10-31 | 2022-08-12 | 北京达佳互联信息技术有限公司 | Method and device for performing business operation, electronic equipment and storage medium |
CN113938879A (en) * | 2020-06-29 | 2022-01-14 | 华为技术有限公司 | Communication method and communication device |
CN112085326A (en) * | 2020-07-31 | 2020-12-15 | 廊坊市科维配电技术开发有限公司 | Energy consumption management method and equipment |
CN113364765A (en) * | 2021-06-03 | 2021-09-07 | 北京天融信网络安全技术有限公司 | Cloud operation and maintenance auditing method and device |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100393166C (en) * | 2004-11-19 | 2008-06-04 | 中兴通讯股份有限公司 | Method and device for realizing PHS wireless network positioning service hierarchical authentication |
CN101262590A (en) * | 2007-12-21 | 2008-09-10 | 深圳市同洲电子股份有限公司 | Multi-service integration system, device and method |
CN101431659A (en) * | 2008-12-08 | 2009-05-13 | 中兴通讯股份有限公司 | Interactive Web TV system and its processing method |
CN101772020B (en) * | 2009-01-05 | 2011-12-28 | 华为技术有限公司 | Method and system for authentication processing, 3GPP authentication authorization accounting server and user device |
CN101834834A (en) * | 2009-03-09 | 2010-09-15 | 华为软件技术有限公司 | Authentication method, device and system |
US8887264B2 (en) * | 2009-09-21 | 2014-11-11 | Ram International Corporation | Multi-identity access control tunnel relay object |
CN103107888B (en) * | 2013-01-24 | 2015-11-18 | 贵州大学 | The identity identifying method that the dynamic multi-attribute of facing moving terminal is multi-level |
CN103546189B (en) * | 2013-11-13 | 2016-04-13 | 苏州华士无线科技有限公司 | Radio-frequency (RF) front-end circuit and system |
-
2013
- 2013-11-05 CN CN201310542555.4A patent/CN103546489B/en active Active
-
2014
- 2014-11-04 WO PCT/CN2014/090216 patent/WO2015067163A1/en active Application Filing
Also Published As
Publication number | Publication date |
---|---|
CN103546489A (en) | 2014-01-29 |
WO2015067163A1 (en) | 2015-05-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103546489B (en) | Method, server and system for authority control | |
US9824196B2 (en) | Authenticating users requesting access to computing resources | |
US7571473B1 (en) | Identity management system and method | |
US8353002B2 (en) | Chaining information card selectors | |
CN113239344B (en) | Access right control method and device | |
US8468576B2 (en) | System and method for application-integrated information card selection | |
US8079069B2 (en) | Cardspace history validator | |
US8561172B2 (en) | System and method for virtual information cards | |
CN108351771B (en) | Maintaining control over restricted data during deployment to a cloud computing environment | |
US20170041432A1 (en) | Router-host logging | |
US20100251353A1 (en) | User-authorized information card delegation | |
US20140050317A1 (en) | Cloud Key Management System | |
CN108351807B (en) | Event management to maintain control of restricted data in a cloud computing environment | |
JP6153669B2 (en) | System and method for communicating credentials | |
US20100011409A1 (en) | Non-interactive information card token generation | |
CN109829286B (en) | User authority management system and method for WEB application | |
US9509672B1 (en) | Providing seamless and automatic access to shared accounts | |
CN104954330A (en) | Method of accessing data resources, device and system | |
CN106302612A (en) | The creation method of account and device | |
US20150020167A1 (en) | System and method for managing files | |
CN103559430B (en) | application account management method and device based on Android system | |
CN112187725A (en) | Cloud computing resource access method and device, service line service and gateway | |
US8527632B2 (en) | Secure transfer of data files | |
CN110351719A (en) | A kind of wireless network management method, system and electronic equipment and storage medium | |
CN108471409B (en) | The application programming interfaces authentication configuration method and system of voice dialogue platform |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |