CN103546489B - Method, server and system for authority control - Google Patents

Method, server and system for authority control Download PDF

Info

Publication number
CN103546489B
CN103546489B CN201310542555.4A CN201310542555A CN103546489B CN 103546489 B CN103546489 B CN 103546489B CN 201310542555 A CN201310542555 A CN 201310542555A CN 103546489 B CN103546489 B CN 103546489B
Authority
CN
China
Prior art keywords
authentication
request
business operation
action type
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310542555.4A
Other languages
Chinese (zh)
Other versions
CN103546489A (en
Inventor
徐晓敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Wuhan Co Ltd
Original Assignee
Tencent Technology Wuhan Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Wuhan Co Ltd filed Critical Tencent Technology Wuhan Co Ltd
Priority to CN201310542555.4A priority Critical patent/CN103546489B/en
Publication of CN103546489A publication Critical patent/CN103546489A/en
Priority to PCT/CN2014/090216 priority patent/WO2015067163A1/en
Application granted granted Critical
Publication of CN103546489B publication Critical patent/CN103546489B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Abstract

The embodiment of the invention discloses a method, server and system for authority control. The method includes the steps that a service processing server receives a service operation request and determines the operation type of the service operation request; if determining that the operation type belongs to a predefined operation type, the service processing server sends an authentication request to an authority verifying server to make the authority verifying server to perform authentication on a sender of the service operation request; if receiving an instruction for executing the service operation request, the service processing server carries out the service operation corresponding to the service operation request. Because the operation type of the service operation request is determined by the server, when the operation type of the service operation request belongs to the predefined operation type, the operation of second-level authorization is initiated, and the service operation is carried out after the it is ensured that authorization is passed. According to the scheme, the type of an operator and the service corresponding to the service operation are separated, and thus flexible authority setting can be performed on the user, customized second-level authority setting can be achieved, and an application can be applied flexibly so as to promote the service.

Description

A kind of authority control method, server and system
Technical field
The present invention relates to communication technical field, more particularly to a kind of authority control method, server and system.
Background technology
Authority refers to the restriction of functional authority scope, i.e. behavior.It is that incumbent is necessary in order to ensure effectively fulfiling for responsibility Possess, the scope and degree of decision-making is carried out to certain item.
In communication technical field, it is often necessary to which the authority of user is audited, mode general at present is to operate Type is bound with operator's type, in other words preserves the relation between action type and operator, specific as follows:Business Processing server is after operation requests are received, it is first determined the type of operation, and the type of operator, it is then determined that operation Type whether have the operation type authority, if then performing operation, otherwise just refusal operation.
By taking the concrete application in super large population management as an example.There is the manager of various authorities in one colony, each management Member is different according to its type, and respective authority is also not quite similar.The super large colony owner manage colony when, part authority can under Issue manager to use, this relates to the decentralization of sensitive permission.
In general the owner of group can have all permissions, that is to say the authority of maximum;It has been lowered the management of power Member will have authorities more more than group members.
Above scheme carries out the control of all operations by Service Process Server, and according to operator's type authority control is carried out System;Because business and operator's type are that authority binds together, it is unfavorable for customizing two grades of priority assignations.It is unfavorable for what is serviced Upgrading and application.
The content of the invention
A kind of authority control method, server and system are embodiments provided, for realizing carrying out spirit to user Priority assignation living, realizes the two grades of priority assignations for customizing, and flexible Application is obtained so as to lift service such that it is able to make to apply.
A kind of authority control method, including:
Service Process Server receives business operation request, and determines the action type of the business operation request;
Service Process Server if it is determined that the action type belongs to predefined action type, then to authentication service Device sends authentication request, makes the authentication server authenticate the sender that the business operation is asked;
If the Service Process Server receives the instruction for performing the business operation request, the business behaviour is performed Make the corresponding business operation of request.
A kind of authority control method, including:
Authentication server receives the authentication request from Service Process Server;The authentication request is by the business Processing server receive business operation request, and determine business operation ask action type belong to predefined operation class Send after type;
Authentication server is being received after the authentication request of Service Process Server, please to the business operation The sender for asking is authenticated;
The authentication server passes through if it is determined that authenticating, then send to the Service Process Server and perform the industry The instruction of business operation requests.
A kind of authority control method, including:
Business operation request is received, and determines the action type of the business operation request;
If it is determined that the action type belongs to predefined action type, then the sender to business operation request sends out Send authentication to notify, and receive the authentication information that the sender of the business operation request returns;
If the authentication information is matched with the action type, it is determined that authentication pass through, and perform the business operation please Seek corresponding business operation.
A kind of Service Process Server, including:
Service request receiving unit, for receiving business operation request;
Type determining units, for determining the behaviour of the business operation request that the service request receiving unit is received Make type;
Authentication request transmitting element, for if it is determined that the action type belongs to predefined action type, then to authority Examination & verification server sends authentication request, makes the authentication server reflect the sender that the business operation is asked Power;
Receiving unit is indicated, for receiving the instruction for performing the business operation request;
Business performance element, if receiving the instruction for performing the business operation request for the instruction receiving unit, Then perform the business operation and ask corresponding business operation.
A kind of authentication server, including:
Authentication request receiving unit, for receiving the authentication request from Service Process Server;The authentication request by The Service Process Server receive business operation request, and determine business operation ask action type belong to predefined Action type after send;
Authenticating unit, for receiving the authentication request from Service Process Server in the authentication request receiving unit Afterwards, the sender of business operation request is authenticated;
Transmitting element is indicated, if determining that authentication passes through for the authenticating unit, is sent out to the Service Process Server Send the instruction for performing the business operation request.
A kind of server, including:
Request reception unit, for receiving business operation request;Receive the authentication that the sender of business operation request returns Information;
Type units are determined, for determining the operation class of the business operation request that the request reception unit is received Type;
Transmitting element is notified, for if it is determined that the action type belongs to predefined action type, then to the business The sender of operation requests sends authentication and notifies;
Authenticating unit, if matching with the action type for the authentication information, it is determined that authentication passes through;
Business unit is performed, if determining that authentication passes through for the authenticating unit, the business operation request is performed right The business operation answered.
A kind of authority control system, including:Service Process Server and authentication server;
The Service Process Server is the Service Process Server of any one provided in an embodiment of the present invention, the power Limit examination & verification server is the authentication server of any one provided in an embodiment of the present invention.
As can be seen from the above technical solutions, the embodiment of the present invention has advantages below:Business operation is determined by server The action type of request, when predefined action type is belonged to, initiates the operation of secondary authentication, after it is determined that authentication passes through Perform business operation.The program is separated the type of operator with the business corresponding to business operation, so can to Family carries out flexible priority assignation, realizes the two grades of priority assignations for customizing, such that it is able to make using obtain flexible Application so as to Lift service.
Description of the drawings
Technical scheme in order to be illustrated more clearly that the embodiment of the present invention, below will be to making needed for embodiment description Accompanying drawing is briefly introduced, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this For the those of ordinary skill in field, without having to pay creative labor, can be obtaining it according to these accompanying drawings His accompanying drawing.
Fig. 1 is present invention method schematic flow sheet;
Fig. 2 is present invention method schematic flow sheet;
Fig. 3 is present invention method schematic flow sheet;
Fig. 4 is present invention method schematic flow sheet;
Fig. 5 is embodiment of the present invention insert window structural representation;
Fig. 6 is embodiment of the present invention Service Process Server structural representation;
Fig. 7 is embodiment of the present invention authentication server architecture schematic diagram;
Fig. 8 is embodiment of the present invention authentication server architecture schematic diagram;
Fig. 9 is embodiment of the present invention server architecture schematic diagram;
Figure 10 is embodiment of the present invention Service Process Server structural representation;
Figure 11 is embodiment of the present invention authentication server architecture schematic diagram;
Figure 12 is embodiment of the present invention server architecture schematic diagram;
Figure 13 is embodiment of the present invention system structure diagram.
Specific embodiment
In order that the object, technical solutions and advantages of the present invention are clearer, below in conjunction with accompanying drawing the present invention is made into One step ground is described in detail, it is clear that described embodiment is only present invention some embodiments, rather than the enforcement of whole Example.Based on the embodiment in the present invention, what those of ordinary skill in the art were obtained under the premise of creative work is not made All other embodiment, belongs to the scope of protection of the invention.
A kind of authority control method is embodiments provided, the present embodiment method is in Service Process Server side reality It is existing, as shown in figure 1, including:
101:Service Process Server receives business operation request, and determines the action type of above-mentioned business operation request;
Business operation request is the request for performing specific business operation for request, the business operation meeting that its request is performed Attribute with action type, specific action type can be manually set.For example:The operation for delivering information can be just like:Send out Table common language information, deliver literal with special effect information, deliver voice messaging, deliver acquiescence picture, deliver particular picture, deliver language Sound etc.;Initiating colony's operation can be just like:Initiate group's voice, initiate group's video conference etc.;Can also be to other groups The operation of member is such as:Delete common group members, delete specific group members, change group members title, member's class of setting group members Type etc..Its specific operation requests has different business operation collection for different business;Business operation is concentrated, different Business operation can there is a problem of sensitivity according to its object for operating, such as the behaviour in above illustrating to other group members Make, and it is probably that sensitive needs are controlled to deliver the operation such as some information, therefore different business operations also has behaviour Make the attribute of type.The attribute of action type, typically can be by fraction, it is also possible to which each business operation has action type Attribute, not limits this embodiment of the present invention.Used as a citing, action type can be divided into sensitivity by the embodiment of the present invention Operation and non-sensitive operation.Sensitive operation is defined:It is related to the management of sensitive operation, the distribution and recovery of such as manager, room The business such as framework and title adjustment.
102:Service Process Server if it is determined that aforesaid operations type belongs to predefined action type, then to authentication Server sends authentication request, makes above-mentioned authentication server authenticate the sender that above-mentioned business operation is asked;
Because the business operation to user needs to be controlled, then be accomplished by predefining that concrete which action type is needed Be controlled and carry out which rank of other control, above-mentioned predefined action type, can carry out on demand it is preset, specifically such as What preset embodiment of the present invention is not limited.Corresponding to different action types, it is possibility to have different authentication modes, for example: Action type is classified, belongs to predetermined hierarchical categories, just using with only corresponding authentication mode, for example:Only using recognizing The authentication of card code, using the authentication etc. of password.Authentication can be carried out by authentication server, it is also possible to by service server Oneself is carried out, and the implementation authenticated using service server can be given in subsequent embodiment.If by authentication Server is being authenticated, then action type this attribute can be carried in authentication request, specific as follows:Above-mentioned authentication please Ask and carry aforesaid operations type, it is above-mentioned to make above-mentioned authentication server reflect the sender that above-mentioned business operation is asked Power includes:Above-mentioned authentication server is set to carry out the sender that above-mentioned business operation is asked corresponding with aforesaid operations type Authentication.
103:If above-mentioned Service Process Server receives the instruction for performing above-mentioned business operation request, above-mentioned industry is performed The corresponding business operation of business operation requests.
The instruction of above-mentioned business operation request is more than performed, may refer to order property can also be that information informs class, example Such as:Instruction performs above-mentioned business operation and asks corresponding business operation, or, inform the authenticating result of above-mentioned business operation request Pass through for authentication, make service server know that can perform above-mentioned business operation asks corresponding business operation.Therefore on performing Stating the instruction of business operation request can have many forms, and the specific form of expression does not affect the reality of the embodiment of the present invention It is existing, therefore the embodiment of the present invention not restriction.
Above example, by server the action type that business operation is asked is determined, is belonging to predefined action type When, the operation of secondary authentication is initiated, it is determined that authentication is by performing business operation later.The program is by the type and industry of operator The corresponding business of business operation is separated, and flexible priority assignation so can be carried out to user, realizes two grades for customizing Priority assignation, flexible Application is obtained so as to lift service such that it is able to make to apply.
The embodiment of the present invention additionally provides another kind of authority control method, and the present embodiment method is in authentication server one Side realization, as shown in Fig. 2 including:
201:Authentication server receives the authentication request from Service Process Server;Above-mentioned authentication request is by above-mentioned Service Process Server receive business operation request, and determine business operation ask action type belong to predefined behaviour Make to be sent after type;
Business operation request is the request for performing specific business operation for request, the business operation meeting that its request is performed Attribute with action type, specific action type can be manually set.For example:The operation for delivering information can be just like:Send out Table common language information, deliver literal with special effect information, deliver voice messaging, deliver acquiescence picture, deliver particular picture, deliver language Sound etc.;Initiating colony's operation can be just like:Initiate group's voice, initiate group's video conference etc.;Can also be to other groups The operation of member is such as:Delete common group members, delete specific group members, change group members title, member's class of setting group members Type etc..Its specific operation requests has different business operation collection for different business;Business operation is concentrated, different Business operation can there is a problem of sensitivity according to its object for operating, such as the behaviour in above illustrating to other group members Make, and it is probably that sensitive needs are controlled to deliver the operation such as some information, therefore different business operations also has behaviour Make the attribute of type.The attribute of action type, typically can be by fraction, it is also possible to which each business operation has action type Attribute, not limits this embodiment of the present invention.Used as a citing, action type can be divided into sensitivity by the embodiment of the present invention Operation and non-sensitive operation.Sensitive operation is defined:It is related to the management of sensitive operation, the distribution and recovery of such as manager, room The business such as framework and title adjustment.
202:Authentication server is being received after the authentication request of Service Process Server, and above-mentioned business is grasped The sender that work is asked is authenticated;
Because the business operation to user needs to be controlled, then be accomplished by predefining that concrete which action type is needed Be controlled and carry out which rank of other control, above-mentioned predefined action type, can carry out on demand it is preset, specifically such as What preset embodiment of the present invention is not limited.Corresponding to different action types, it is possibility to have different authentication modes, for example: Action type is classified, belongs to predetermined hierarchical categories, just using with only corresponding authentication mode, for example:Only using recognizing The authentication of card code, using the authentication etc. of password.Authentication can be carried out by authentication server, it is also possible to by service server Oneself is carried out, and the implementation authenticated using service server can be given in subsequent embodiment.If by authentication Server is being authenticated, then action type this attribute can be carried in authentication request, specific as follows:If above-mentioned authentication Request bag contains action type;Then the above-mentioned sender to the request of above-mentioned business operation carries out authentication includes:To above-mentioned business operation The sender of request sends authentication and notifies, and receives the authentication information that the sender of above-mentioned business operation request returns, if above-mentioned Authentication information action type matching corresponding with above-mentioned authentication request, it is determined that authentication passes through.
For the sender of operation requests, if it was once run the business operation for performing a certain type, then It is that most probably have this authority always, in order to avoid repeatedly authentication causes the trouble of user operation, is believed also for reducing The expense of order, the embodiment of the present invention can set certain actual effect to carry out the operator of service request control of authority, tool The implementation of body can be as follows:Preferably, also include before being authenticated to the sender of above-mentioned business operation request:It is determined that Before the sender of above-mentioned service request once authentication by whether within the scheduled time, if, it is determined that authentication passes through.
203:Above-mentioned authentication server passes through if it is determined that authenticating, then send to above-mentioned Service Process Server and perform State the instruction of business operation request.
The instruction of above-mentioned business operation request is more than performed, may refer to order property can also be that information informs class, example Such as:Instruction performs above-mentioned business operation and asks corresponding business operation, or, inform the authenticating result of above-mentioned business operation request Pass through for authentication, make service server know that can perform above-mentioned business operation asks corresponding business operation.Therefore on performing Stating the instruction of business operation request can have many forms, and the specific form of expression does not affect the reality of the embodiment of the present invention It is existing, therefore the embodiment of the present invention not restriction.
Above example, by server the action type that business operation is asked is determined, is belonging to predefined action type When, the operation of secondary authentication is initiated, it is determined that authentication is by performing business operation later.The program is by the type and industry of operator The corresponding business of business operation is separated, and flexible priority assignation so can be carried out to user, realizes two grades for customizing Priority assignation, flexible Application is obtained so as to lift service such that it is able to make to apply.
The embodiment of the present invention additionally provides another kind of authority control method, and the present embodiment method is realized in server side, phase Than for above two embodiments, this embodiment scheme has intensive advantage;Above two embodiments then can be with mesh Front server architecture is preferably merged, and those skilled in the art can be selected according to being actually needed for concrete application With, as shown in figure 3, including:
301:Business operation request is received, and determines the action type of above-mentioned business operation request;
Business operation request is the request for performing specific business operation for request, the business operation meeting that its request is performed Attribute with action type, specific action type can be manually set.For example:The operation for delivering information can be just like:Send out Table common language information, deliver literal with special effect information, deliver voice messaging, deliver acquiescence picture, deliver particular picture, deliver language Sound etc.;Initiating colony's operation can be just like:Initiate group's voice, initiate group's video conference etc.;Can also be to other groups The operation of member is such as:Delete common group members, delete specific group members, change group members title, member's class of setting group members Type etc..Its specific operation requests has different business operation collection for different business;Business operation is concentrated, different Business operation can there is a problem of sensitivity according to its object for operating, such as the behaviour in above illustrating to other group members Make, and it is probably that sensitive needs are controlled to deliver the operation such as some information, therefore different business operations also has behaviour Make the attribute of type.The attribute of action type, typically can be by fraction, it is also possible to which each business operation has action type Attribute, not limits this embodiment of the present invention.Used as a citing, action type can be divided into sensitivity by the embodiment of the present invention Operation and non-sensitive operation.Sensitive operation is defined:It is related to the management of sensitive operation, the distribution and recovery of such as manager, room The business such as framework and title adjustment.
302:If it is determined that aforesaid operations type belongs to predefined action type, then to the transmission of above-mentioned business operation request Person sends authentication and notifies, and receives the authentication information that the sender of above-mentioned business operation request returns;
Because the business operation to user needs to be controlled, then be accomplished by predefining that concrete which action type is needed Be controlled and carry out which rank of other control, above-mentioned predefined action type, can carry out on demand it is preset, specifically such as What preset embodiment of the present invention is not limited.Corresponding to different action types, it is possibility to have different authentication modes, for example: Action type is classified, belongs to predetermined hierarchical categories, just using with only corresponding authentication mode, for example:Only using recognizing The authentication of card code, using the authentication etc. of password.
For the sender of operation requests, if it was once run the business operation for performing a certain type, then It is that most probably have this authority always, in order to avoid repeatedly authentication causes the trouble of user operation, is believed also for reducing The expense of order, the embodiment of the present invention can set certain actual effect to carry out the operator of service request control of authority, tool The implementation of body can be as follows:Preferably, the above-mentioned sender to the request of above-mentioned business operation is sent before authentication is notified also Including:Once authentication is determined before the sender of above-mentioned service request by whether within the scheduled time, if, it is determined that authentication Pass through.
303:If above-mentioned authentication information and aforesaid operations type matching, it is determined that authentication passes through, and perform above-mentioned business behaviour Make the corresponding business operation of request.
Above example, by server the action type that business operation is asked is determined, is belonging to predefined action type When, the operation of secondary authentication is initiated, it is determined that authentication is by performing business operation later.The program is by the type and industry of operator The corresponding business of business operation is separated, and flexible priority assignation so can be carried out to user, realizes two grades for customizing Priority assignation, flexible Application is obtained so as to lift service such that it is able to make to apply.
Following examples will be described in detail by taking management and group as an example to embodiment of the present invention scheme, in this enforcement In example, authentication operations are carried out using authentication server, previous embodiment has been described above:Realize in server side, compared to The present embodiment for example have intensive advantage;The present embodiment then can be carried out preferably with current server architecture Fusion, those skilled in the art can be selected according to being actually needed for concrete application, therefore the system architecture of the present embodiment Should not be construed as unique a kind of framework of embodiment of the present invention scheme application.It is single in order to solve current control of authority, sensitivity power The problems such as limiting stolen, the embodiment of the present invention adds secondary authentication plan on the basis of the control of authority using user type Slightly.Refer to shown in Fig. 4, comprise the steps:
401:Client sends the business operation of requested service operation and asks to Service Process Server;
402:Service Process Server carries out sensitive permission judgement, it is determined whether belong to sensitive business operation;
403:In step 402 judged result is yes, it is determined that belong to sensitive business operation, then send authentication request to Authentication server, request sensitive permission authentication;
In this step, can also to send sensitive operational information quick to ask to authentication server for service server Sense authority authentication.Information its form of expression embodiment of the present invention that service server sends can be limited not.
404:Whether the authentication server authentication subscription authentication is in effective time, if it is, 405 are performed, otherwise Perform 408;
Above-mentioned effective time can be configured according to concrete business, and the embodiment of the present invention is not limited this.
405:The authentication server authentication subscription authentication then initiates examination & verification order more than effective time to client, Notify the secondary authentication of user;
406:Client to be received and point out user's checking authority after examination & verification order, after waiting user input authentication information, to Authentication server sends the secondary authentication request of user, carries above-mentioned authentication information.
With common management administrator when room name piece is changed, if the owner in the room is provided with secondary purview certification, pipe Reason operator interfaces occur room administrator password checking interface as shown in Figure 5.It is close that manager is only input into correct room management Code, sensitive operation can just be awarded execution.Frequently point out to be input into password authentification when carrying out sensitive operation in order to avoid manager, Sensitive operation can be carried out within a period of time after good authentication authority and need not again input password.
Show in Figure 5:1st, item:Password authentification;2nd, operation indicating:Please be input into administrator's password;3rd, input frame;Separately Also show outward:Close, determine and cancel.Specific interface form can as desired be modified and extended, the present invention Embodiment is not limited.
407:Authentication server carries out authentication verification, if authentication verification is by entering 408;Industry can otherwise be informed Business server authentication does not pass through;
408:Authentication server sends to Service Process Server and instructs, and notifies that service server business is performed;
409:Service server to have been processed and return business operation result to client after business.
In above example, if step 404 is if it is determined that in effective time, can directly determine that authentication passes through, then Step 405 and step 406 can be without carrying out, step 409 also can be without carrying out the step of.
Above example verifies sensitive operation using simple and reliable secondary audit policy, by ejecting identifying code window The authentication mechanism of this plug-in unit, can support miscellaneous service, and lift Consumer's Experience.
The embodiment of the present invention additionally provides a kind of Service Process Server, as shown in fig. 6, including:
Service request receiving unit 601, for receiving business operation request;
Type determining units 602, for determining that the above-mentioned business operation that above-mentioned service request receiving unit 601 is received please The action type asked;
Authentication request transmitting element 603, for if it is determined that aforesaid operations type belongs to predefined action type, then to power Limit examination & verification server sends authentication request, makes above-mentioned authentication server reflect the sender that above-mentioned business operation is asked Power;
Receiving unit 604 is indicated, for receiving the instruction for performing above-mentioned business operation request;
Business performance element 605, if receive performing above-mentioned business operation request for above-mentioned instruction receiving unit 604 Indicate, then perform above-mentioned business operation and ask corresponding business operation.
In the embodiment of the present invention, business operation request is the request for performing specific business operation for request, its request The business operation of execution can have the attribute of action type, and specific action type can be manually set.For example:Deliver information Operation can be just like:Common language information is delivered, literal with special effect information is delivered, is delivered voice messaging, deliver acquiescence picture, deliver Particular picture, delivers voice etc.;Initiating colony's operation can be just like:Initiate group's voice, initiate group's video conference etc.;May be used also Be the operation to other group members such as:Delete common group members, delete specific group members, change group members title, setting Member type of group members etc..Its specific operation requests has different business operation collection for different business;Industry In business operation set, can there is sensitivity in different business operations according to its object for operating, such as right in above illustrating The operation of other group members, and it is probably that sensitive needs are controlled to deliver the operation such as some information, therefore it is different Business operation also has the attribute of action type.The attribute of action type, typically can be by fraction, it is also possible to each business operation There is the attribute of an action type, this embodiment of the present invention is not limited.Used as a citing, the embodiment of the present invention can be by Action type is divided into sensitive operation and non-sensitive operation.Sensitive operation is defined:It is related to the management of sensitive operation, such as manager's Distribution and recovery, the business such as room framework and title adjustment.
The instruction of above-mentioned business operation request is more than performed, may refer to order property can also be that information informs class, example Such as:Instruction performs above-mentioned business operation and asks corresponding business operation, or, inform the authenticating result of above-mentioned business operation request Pass through for authentication, make service server know that can perform above-mentioned business operation asks corresponding business operation.Therefore on performing Stating the instruction of business operation request can have many forms, and the specific form of expression does not affect the reality of the embodiment of the present invention It is existing, therefore the embodiment of the present invention not restriction.
Above example, by server the action type that business operation is asked is determined, is belonging to predefined action type When, the operation of secondary authentication is initiated, it is determined that authentication is by performing business operation later.The program is by the type and industry of operator The corresponding business of business operation is separated, and flexible priority assignation so can be carried out to user, realizes two grades for customizing Priority assignation, flexible Application is obtained so as to lift service such that it is able to make to apply.
Because the business operation to user needs to be controlled, then be accomplished by predefining that concrete which action type is needed Be controlled and carry out which rank of other control, above-mentioned predefined action type, can carry out on demand it is preset, specifically such as What preset embodiment of the present invention is not limited.Corresponding to different action types, it is possibility to have different authentication modes, for example: Action type is classified, belongs to predetermined hierarchical categories, just using with only corresponding authentication mode, for example:Only using recognizing The authentication of card code, using the authentication etc. of password.Authentication can be carried out by authentication server, it is also possible to by service server Oneself is carried out, and the implementation authenticated using service server can be given in subsequent embodiment.If by authentication Server is being authenticated, then action type this attribute can be carried in authentication request, specific as follows:Alternatively, on Authentication request transmitting element 603 is stated, for sending the authentication request for carrying aforesaid operations type, above-mentioned authentication service is made Device carries out authentication corresponding with aforesaid operations type to the sender that above-mentioned business operation is asked.
The embodiment of the present invention additionally provides a kind of authentication server, as shown in fig. 7, comprises:
Authentication request receiving unit 701, for receiving the authentication request from Service Process Server;Above-mentioned authentication request By above-mentioned Service Process Server receive business operation request, and determine business operation ask action type belong to predetermined Send after the action type of justice;
Authenticating unit 702, for receiving the mirror from Service Process Server in above-mentioned authentication request receiving unit 701 After power request, the sender of above-mentioned business operation request is authenticated;
Transmitting element 703 is indicated, if determining that authentication passes through for above-mentioned authenticating unit 702, to above-mentioned Business Processing clothes Business device sends the instruction for performing above-mentioned business operation request.
Business operation request is the request for performing specific business operation for request, the business operation meeting that its request is performed Attribute with action type, specific action type can be manually set.For example:The operation for delivering information can be just like:Send out Table common language information, deliver literal with special effect information, deliver voice messaging, deliver acquiescence picture, deliver particular picture, deliver language Sound etc.;Initiating colony's operation can be just like:Initiate group's voice, initiate group's video conference etc.;Can also be to other groups The operation of member is such as:Delete common group members, delete specific group members, change group members title, member's class of setting group members Type etc..Its specific operation requests has different business operation collection for different business;Business operation is concentrated, different Business operation can there is a problem of sensitivity according to its object for operating, such as the behaviour in above illustrating to other group members Make, and it is probably that sensitive needs are controlled to deliver the operation such as some information, therefore different business operations also has behaviour Make the attribute of type.The attribute of action type, typically can be by fraction, it is also possible to which each business operation has action type Attribute, not limits this embodiment of the present invention.Used as a citing, action type can be divided into sensitivity by the embodiment of the present invention Operation and non-sensitive operation.Sensitive operation is defined:It is related to the management of sensitive operation, the distribution and recovery of such as manager, room The business such as framework and title adjustment.
The instruction of above-mentioned business operation request is more than performed, may refer to order property can also be that information informs class, example Such as:Instruction performs above-mentioned business operation and asks corresponding business operation, or, inform the authenticating result of above-mentioned business operation request Pass through for authentication, make service server know that can perform above-mentioned business operation asks corresponding business operation.Therefore on performing Stating the instruction of business operation request can have many forms, and the specific form of expression does not affect the reality of the embodiment of the present invention It is existing, therefore the embodiment of the present invention not restriction.
Above example, by server the action type that business operation is asked is determined, is belonging to predefined action type When, the operation of secondary authentication is initiated, it is determined that authentication is by performing business operation later.The program is by the type and industry of operator The corresponding business of business operation is separated, and flexible priority assignation so can be carried out to user, realizes two grades for customizing Priority assignation, flexible Application is obtained so as to lift service such that it is able to make to apply.
Because the business operation to user needs to be controlled, then be accomplished by predefining that concrete which action type is needed Be controlled and carry out which rank of other control, above-mentioned predefined action type, can carry out on demand it is preset, specifically such as What preset embodiment of the present invention is not limited.Corresponding to different action types, it is possibility to have different authentication modes, for example: Action type is classified, belongs to predetermined hierarchical categories, just using with only corresponding authentication mode, for example:Only using recognizing The authentication of card code, using the authentication etc. of password.Authentication can be carried out by authentication server, it is also possible to by service server Oneself is carried out, and the implementation authenticated using service server can be given in subsequent embodiment.If by authentication Server is being authenticated, then action type this attribute can be carried in authentication request, specific as follows:Alternatively, such as Shown in Fig. 8, above-mentioned authenticating unit 702 includes:Authentication notifies transmitting element 801 and authentication subelement 802;
Above-mentioned authentication notifies transmitting element 801, if the authentication request received for above-mentioned authentication request receiving unit 701 Comprising action type, then send authentication to the sender of above-mentioned business operation request and notify;
Authentication subelement 802, for determining the authentication information that the sender of above-mentioned business operation request returns, if with it is upper The corresponding action type matching of authentication request is stated, if, it is determined that authentication passes through.
For the sender of operation requests, if it was once run the business operation for performing a certain type, then It is that most probably have this authority always, in order to avoid repeatedly authentication causes the trouble of user operation, is believed also for reducing The expense of order, the embodiment of the present invention can set certain actual effect to carry out the operator of service request control of authority, tool The implementation of body can be as follows:Preferably, further, above-mentioned authenticating unit 702, is additionally operable to asking above-mentioned business operation Before the sender for asking is authenticated, determine before the sender of above-mentioned service request once authentication by whether the scheduled time it It is interior, if, it is determined that authentication passes through.
The embodiment of the present invention additionally provides a kind of server, as shown in figure 9, including:
Request reception unit 901, for receiving business operation request;Receive the mirror that the sender of business operation request returns Power information;
Type units 902 are determined, for determining the above-mentioned business operation request that above-mentioned request reception unit 901 is received Action type;
Transmitting element 903 is notified, for if it is determined that aforesaid operations type belongs to predefined action type, then to above-mentioned industry The sender of business operation requests sends authentication and notifies;
Authenticating unit 904, if for above-mentioned authentication information and aforesaid operations type matching, it is determined that authentication passes through;
Business unit 905 is performed, if determining that authentication passes through for above-mentioned authenticating unit 904, above-mentioned business operation is performed Ask corresponding business operation.
Business operation request in the embodiment of the present invention is the request for performing specific business operation for request, its request The business operation of execution can have the attribute of action type, and specific action type can be manually set.For example:Deliver information Operation can be just like:Common language information is delivered, literal with special effect information is delivered, is delivered voice messaging, deliver acquiescence picture, deliver Particular picture, delivers voice etc.;Initiating colony's operation can be just like:Initiate group's voice, initiate group's video conference etc.;May be used also Be the operation to other group members such as:Delete common group members, delete specific group members, change group members title, setting Member type of group members etc..Its specific operation requests has different business operation collection for different business;Industry In business operation set, can there is sensitivity in different business operations according to its object for operating, such as right in above illustrating The operation of other group members, and it is probably that sensitive needs are controlled to deliver the operation such as some information, therefore it is different Business operation also has the attribute of action type.The attribute of action type, typically can be by fraction, it is also possible to each business operation There is the attribute of an action type, this embodiment of the present invention is not limited.Used as a citing, the embodiment of the present invention can be by Action type is divided into sensitive operation and non-sensitive operation.Sensitive operation is defined:It is related to the management of sensitive operation, such as manager's Distribution and recovery, the business such as room framework and title adjustment.
Above example, by server the action type that business operation is asked is determined, is belonging to predefined action type When, the operation of secondary authentication is initiated, it is determined that authentication is by performing business operation later.The program is by the type and industry of operator The corresponding business of business operation is separated, and flexible priority assignation so can be carried out to user, realizes two grades for customizing Priority assignation, flexible Application is obtained so as to lift service such that it is able to make to apply.
Because the business operation to user needs to be controlled, then be accomplished by predefining that concrete which action type is needed Be controlled and carry out which rank of other control, above-mentioned predefined action type, can carry out on demand it is preset, specifically such as What preset embodiment of the present invention is not limited.Corresponding to different action types, it is possibility to have different authentication modes, for example: Action type is classified, belongs to predetermined hierarchical categories, just using with only corresponding authentication mode, for example:Only using recognizing The authentication of card code, using the authentication etc. of password.
For the sender of operation requests, if it was once run the business operation for performing a certain type, then It is that most probably have this authority always, in order to avoid repeatedly authentication causes the trouble of user operation, is believed also for reducing The expense of order, the embodiment of the present invention can set certain actual effect to carry out the operator of service request control of authority, tool The implementation of body can be as follows:Alternatively, above-mentioned authenticating unit 904, is additionally operable in above-mentioned notice transmitting element 903 to above-mentioned The sender of business operation request is sent before authentication notice, is determined and once authenticated by being before the sender of above-mentioned service request It is no within the scheduled time, if, it is determined that authentication pass through.
The embodiment of the present invention additionally provides another kind of Service Process Server, as shown in Figure 10, including:Receptor 1001, Emitter 1002, processor 1003 and memorizer 1004;
Wherein above-mentioned processor 1003, for control business operation request is received, and determines above-mentioned business operation request Action type;If it is determined that aforesaid operations type belongs to predefined action type, then sending authentication to authentication server please Ask, make above-mentioned authentication server authenticate the sender that above-mentioned business operation is asked;Above-mentioned Service Process Server If receiving the instruction for performing above-mentioned business operation request, perform above-mentioned business operation and ask corresponding business operation.
In the embodiment of the present invention, business operation request is the request for performing specific business operation for request, its request The business operation of execution can have the attribute of action type, and specific action type can be manually set.For example:Deliver information Operation can be just like:Common language information is delivered, literal with special effect information is delivered, is delivered voice messaging, deliver acquiescence picture, deliver Particular picture, delivers voice etc.;Initiating colony's operation can be just like:Initiate group's voice, initiate group's video conference etc.;May be used also Be the operation to other group members such as:Delete common group members, delete specific group members, change group members title, setting Member type of group members etc..Its specific operation requests has different business operation collection for different business;Industry In business operation set, can there is sensitivity in different business operations according to its object for operating, such as right in above illustrating The operation of other group members, and it is probably that sensitive needs are controlled to deliver the operation such as some information, therefore it is different Business operation also has the attribute of action type.The attribute of action type, typically can be by fraction, it is also possible to each business operation There is the attribute of an action type, this embodiment of the present invention is not limited.Used as a citing, the embodiment of the present invention can be by Action type is divided into sensitive operation and non-sensitive operation.Sensitive operation is defined:It is related to the management of sensitive operation, such as manager's Distribution and recovery, the business such as room framework and title adjustment.
The instruction of above-mentioned business operation request is more than performed, may refer to order property can also be that information informs class, example Such as:Instruction performs above-mentioned business operation and asks corresponding business operation, or, inform the authenticating result of above-mentioned business operation request Pass through for authentication, make service server know that can perform above-mentioned business operation asks corresponding business operation.Therefore on performing Stating the instruction of business operation request can have many forms, and the specific form of expression does not affect the reality of the embodiment of the present invention It is existing, therefore the embodiment of the present invention not restriction.
Above example, by server the action type that business operation is asked is determined, is belonging to predefined action type When, the operation of secondary authentication is initiated, it is determined that authentication is by performing business operation later.The program is by the type and industry of operator The corresponding business of business operation is separated, and flexible priority assignation so can be carried out to user, realizes two grades for customizing Priority assignation, flexible Application is obtained so as to lift service such that it is able to make to apply.
Because the business operation to user needs to be controlled, then be accomplished by predefining that concrete which action type is needed Be controlled and carry out which rank of other control, above-mentioned predefined action type, can carry out on demand it is preset, specifically such as What preset embodiment of the present invention is not limited.Corresponding to different action types, it is possibility to have different authentication modes, for example: Action type is classified, belongs to predetermined hierarchical categories, just using with only corresponding authentication mode, for example:Only using recognizing The authentication of card code, using the authentication etc. of password.Authentication can be carried out by authentication server, it is also possible to by service server Oneself is carried out, and the implementation authenticated using service server can be given in subsequent embodiment.If by authentication Server is being authenticated, then action type this attribute can be carried in authentication request, specific as follows:Alternatively, on Processor 1003 is stated, it is above-mentioned to make above-mentioned authentication server pair if carrying aforesaid operations type for above-mentioned authentication request The sender of above-mentioned business operation request carries out authentication to be included:Make what above-mentioned authentication server was asked above-mentioned business operation Sender carries out authentication corresponding with aforesaid operations type.
The embodiment of the present invention additionally provides another kind of authentication server, as shown in figure 11, including:Receptor 1101, Emitter 1102, processor 1103 and memorizer 1104;
Wherein above-mentioned processor 1103, for control the authentication request from Service Process Server is received;Above-mentioned authentication Request by above-mentioned Service Process Server receive business operation request, and determine business operation ask action type belong to Send after predefined action type;Authentication server receiving after the authentication request of Service Process Server, The sender of above-mentioned business operation request is authenticated;Above-mentioned authentication server if it is determined that authentication passes through, then to above-mentioned Service Process Server sends the instruction for performing above-mentioned business operation request.
Business operation request is the request for performing specific business operation for request, the business operation meeting that its request is performed Attribute with action type, specific action type can be manually set.For example:The operation for delivering information can be just like:Send out Table common language information, deliver literal with special effect information, deliver voice messaging, deliver acquiescence picture, deliver particular picture, deliver language Sound etc.;Initiating colony's operation can be just like:Initiate group's voice, initiate group's video conference etc.;Can also be to other groups The operation of member is such as:Delete common group members, delete specific group members, change group members title, member's class of setting group members Type etc..Its specific operation requests has different business operation collection for different business;Business operation is concentrated, different Business operation can there is a problem of sensitivity according to its object for operating, such as the behaviour in above illustrating to other group members Make, and it is probably that sensitive needs are controlled to deliver the operation such as some information, therefore different business operations also has behaviour Make the attribute of type.The attribute of action type, typically can be by fraction, it is also possible to which each business operation has action type Attribute, not limits this embodiment of the present invention.Used as a citing, action type can be divided into sensitivity by the embodiment of the present invention Operation and non-sensitive operation.Sensitive operation is defined:It is related to the management of sensitive operation, the distribution and recovery of such as manager, room The business such as framework and title adjustment.
The instruction of above-mentioned business operation request is more than performed, may refer to order property can also be that information informs class, example Such as:Instruction performs above-mentioned business operation and asks corresponding business operation, or, inform the authenticating result of above-mentioned business operation request Pass through for authentication, make service server know that can perform above-mentioned business operation asks corresponding business operation.Therefore on performing Stating the instruction of business operation request can have many forms, and the specific form of expression does not affect the reality of the embodiment of the present invention It is existing, therefore the embodiment of the present invention not restriction.
Above example, by server the action type that business operation is asked is determined, is belonging to predefined action type When, the operation of secondary authentication is initiated, it is determined that authentication is by performing business operation later.The program is by the type and industry of operator The corresponding business of business operation is separated, and flexible priority assignation so can be carried out to user, realizes two grades for customizing Priority assignation, flexible Application is obtained so as to lift service such that it is able to make to apply.
Because the business operation to user needs to be controlled, then be accomplished by predefining that concrete which action type is needed Be controlled and carry out which rank of other control, above-mentioned predefined action type, can carry out on demand it is preset, specifically such as What preset embodiment of the present invention is not limited.Corresponding to different action types, it is possibility to have different authentication modes, for example: Action type is classified, belongs to predetermined hierarchical categories, just using with only corresponding authentication mode, for example:Only using recognizing The authentication of card code, using the authentication etc. of password.Authentication can be carried out by authentication server, it is also possible to by service server Oneself is carried out, and the implementation authenticated using service server can be given in subsequent embodiment.If by authentication Server is being authenticated, then action type this attribute can be carried in authentication request, specific as follows:Above-mentioned processor 1103, if including action type for above-mentioned authentication request;Then the above-mentioned sender to the request of above-mentioned business operation authenticates Including:Authentication is sent to the sender of above-mentioned business operation request to notify, and receive the sender of above-mentioned business operation request return The authentication information for returning, if the action type matching corresponding with above-mentioned authentication request of above-mentioned authentication information, it is determined that authentication passes through.
For the sender of operation requests, if it was once run the business operation for performing a certain type, then It is that most probably have this authority always, in order to avoid repeatedly authentication causes the trouble of user operation, is believed also for reducing The expense of order, the embodiment of the present invention can set certain actual effect to carry out the operator of service request control of authority, tool The implementation of body can be as follows:Preferably, above-mentioned processor 1103, is additionally operable in the sender asked above-mentioned business operation Before being authenticated, once authentication is determined before the sender of above-mentioned service request by whether within the scheduled time, if so, then It is determined that authentication passes through.
The embodiment of the present invention additionally provides another kind of server, as shown in figure 12, including:Receptor 1201, emitter 1202nd, processor 1203 and memorizer 1204;
Wherein above-mentioned processor 1203, for control business operation request is received, and determines above-mentioned business operation request Action type;If it is determined that aforesaid operations type belongs to predefined action type, then to the sender of above-mentioned business operation request Send authentication to notify, and receive the authentication information that the sender of above-mentioned business operation request returns;If above-mentioned authentication information with it is upper State action type matching, it is determined that authentication passes through, and perform above-mentioned business operation and ask corresponding business operation.
Business operation request in the embodiment of the present invention is the request for performing specific business operation for request, its request The business operation of execution can have the attribute of action type, and specific action type can be manually set.For example:Deliver information Operation can be just like:Common language information is delivered, literal with special effect information is delivered, is delivered voice messaging, deliver acquiescence picture, deliver Particular picture, delivers voice etc.;Initiating colony's operation can be just like:Initiate group's voice, initiate group's video conference etc.;May be used also Be the operation to other group members such as:Delete common group members, delete specific group members, change group members title, setting Member type of group members etc..Its specific operation requests has different business operation collection for different business;Industry In business operation set, can there is sensitivity in different business operations according to its object for operating, such as right in above illustrating The operation of other group members, and it is probably that sensitive needs are controlled to deliver the operation such as some information, therefore it is different Business operation also has the attribute of action type.The attribute of action type, typically can be by fraction, it is also possible to each business operation There is the attribute of an action type, this embodiment of the present invention is not limited.Used as a citing, the embodiment of the present invention can be by Action type is divided into sensitive operation and non-sensitive operation.Sensitive operation is defined:It is related to the management of sensitive operation, such as manager's Distribution and recovery, the business such as room framework and title adjustment.
Above example, by server the action type that business operation is asked is determined, is belonging to predefined action type When, the operation of secondary authentication is initiated, it is determined that authentication is by performing business operation later.The program is by the type and industry of operator The corresponding business of business operation is separated, and flexible priority assignation so can be carried out to user, realizes two grades for customizing Priority assignation, flexible Application is obtained so as to lift service such that it is able to make to apply.
Because the business operation to user needs to be controlled, then be accomplished by predefining that concrete which action type is needed Be controlled and carry out which rank of other control, above-mentioned predefined action type, can carry out on demand it is preset, specifically such as What preset embodiment of the present invention is not limited.Corresponding to different action types, it is possibility to have different authentication modes, for example: Action type is classified, belongs to predetermined hierarchical categories, just using with only corresponding authentication mode, for example:Only using recognizing The authentication of card code, using the authentication etc. of password.
For the sender of operation requests, if it was once run the business operation for performing a certain type, then It is that most probably have this authority always, in order to avoid repeatedly authentication causes the trouble of user operation, is believed also for reducing The expense of order, the embodiment of the present invention can set certain actual effect to carry out the operator of service request control of authority, tool The implementation of body can be as follows:Above-mentioned processor 1203, is additionally operable to the above-mentioned sender to the request of above-mentioned business operation and sends Before authentication is notified, once authentication is determined before the sender of above-mentioned service request by whether within the scheduled time, if so, then It is determined that authentication passes through.
The embodiment of the present invention additionally provides a kind of authority control system, as shown in figure 13, including:Service Process Server 1301 and authentication server 1302;
Wherein, above-mentioned Service Process Server 1301 is the Business Processing service of any one provided in an embodiment of the present invention Device, above-mentioned authentication server 1302 is the authentication server of any one provided in an embodiment of the present invention.
The action type that business operation is asked is determined by server, when predefined action type is belonged to, is initiated secondary The operation of authentication, it is determined that authentication is by performing business operation later.The program is right with business operation institute by the type of operator The business answered is separated, and flexible priority assignation so can be carried out to user, realizes the two grades of priority assignations for customizing, from And application can be made to obtain flexible Application so as to lift service.
It should be noted that in above-mentioned server, authentication server and Service Process Server embodiment, being wrapped The unit for including simply is divided according to function logic, but is not limited to above-mentioned division, as long as phase can be realized The function of answering;In addition, the specific name of each functional unit is also only to facilitate mutually differentiation, is not limited to this Bright protection domain.
In addition, one of ordinary skill in the art will appreciate that realizing all or part of step in above-mentioned each method embodiment The hardware that program be can be by instruct correlation is completed, and corresponding program can be stored in a kind of computer-readable recording medium In, storage medium mentioned above can be read only memory, disk or CD etc..
The present invention preferably specific embodiment is these are only, but protection scope of the present invention is not limited thereto, it is any Those familiar with the art the change that can readily occur in or replaces in the technical scope that the embodiment of the present invention is disclosed Change, all should be included within the scope of the present invention.Therefore, protection scope of the present invention should be with the protection model of claim Enclose and be defined.

Claims (15)

1. a kind of authority control method, it is characterised in that include:
Service Process Server receives business operation request, and determines the action type of the business operation request;
Service Process Server is then sent out if it is determined that the action type belongs to predefined action type to authentication server Authentication request is sent, makes the authentication server authenticate the sender that the business operation is asked;Wherein, it is described pre- The action type of definition includes the action type that needs preset on demand are controlled;
If the Service Process Server receives the instruction for performing the business operation request, performing the business operation please Seek corresponding business operation.
2. method according to claim 1, it is characterised in that the authentication request carries the action type, described to make The authentication server carries out authentication to the sender that the business operation is asked to be included:
The authentication server is set to carry out mirror corresponding with the action type to the sender that the business operation is asked Power.
3. a kind of authority control method, it is characterised in that include:
Authentication server receives the authentication request from Service Process Server;The authentication request is by the Business Processing Server receive business operation request, and determine business operation ask action type belong to after predefined action type Send;Wherein, the predefined action type includes the action type that needs preset on demand are controlled;
Authentication server is being received after the authentication request of Service Process Server, to business operation request Sender is authenticated;
The authentication server passes through if it is determined that authenticating, then send to the Service Process Server and perform the business behaviour The instruction that work is asked.
4. method according to claim 3, it is characterised in that if the authentication request includes action type;It is then described to institute Stating the sender of business operation request carries out authentication and includes:
Authentication is sent to the sender of business operation request to notify, and receive the sender of the business operation request return Authentication information, if the matching of the authentication information corresponding with authentication request action type, it is determined that authentication passes through.
5. according to the methods described of claim 3 or 4, it is characterised in that the sender of business operation request is authenticated Also include before:
Once authentication is determined before the sender of the service request by whether within the scheduled time, if, it is determined that authentication Pass through.
6. a kind of authority control method, it is characterised in that include:
Business operation request is received, and determines the action type of the business operation request;
If it is determined that the action type belongs to predefined action type, then the sender to business operation request sends mirror Power is notified, and receives the authentication information that the sender of the business operation request returns;Wherein, the predefined action type Including the action type that needs preset on demand are controlled;
If the authentication information is matched with the action type, it is determined that authentication passes through, and it is right to perform the business operation request The business operation answered.
7. method according to claim 6, it is characterised in that the sender to business operation request sends authentication Also include before notice:
Once authentication is determined before the sender of the service request by whether within the scheduled time, if, it is determined that authentication Pass through.
8. a kind of Service Process Server, it is characterised in that include:
Service request receiving unit, for receiving business operation request;
Type determining units, for determining the operation class of the business operation request that the service request receiving unit is received Type;
Authentication request transmitting element, for if it is determined that the action type belongs to predefined action type, then to authentication Server sends authentication request, makes the authentication server authenticate the sender that the business operation is asked;Its In, the predefined action type includes the action type that needs preset on demand are controlled;
Receiving unit is indicated, for receiving the instruction for performing the business operation request;
Business performance element, if receiving the instruction for performing the business operation request for the instruction receiving unit, holds The row business operation asks corresponding business operation.
9. Service Process Server according to claim 8, it is characterised in that
The authentication request transmitting element, for sending the authentication request for carrying the action type, makes the authentication Server carries out authentication corresponding with the action type to the sender that the business operation is asked.
10. a kind of authentication server, it is characterised in that include:
Authentication request receiving unit, for receiving the authentication request from Service Process Server;The authentication request is by described Service Process Server receive business operation request, and determine business operation ask action type belong to predefined behaviour Make to be sent after type;Wherein, the predefined action type includes the action type that needs preset on demand are controlled;
Authenticating unit, for receiving after the authentication request of Service Process Server in the authentication request receiving unit, The sender of business operation request is authenticated;
Transmitting element is indicated, if determining that authentication passes through for the authenticating unit, is sent to the Service Process Server and is held The instruction of the row business operation request.
11. authentication servers according to claim 10, it is characterised in that the authenticating unit includes:Authentication is notified Transmitting element and authentication subelement;
The authentication notifies transmitting element, if including operation class for the authentication request that the authentication request receiving unit is received Type, then send authentication and notify to the sender of business operation request;
Authentication subelement, for determining the authentication information that the sender of the business operation request returns, if with the authentication Corresponding action type is asked to match, if, it is determined that authentication passes through.
12. according to claim 10 or 11 authentication server, it is characterised in that
The authenticating unit, was additionally operable to before the sender asked the business operation authenticates, and determined the business Before the sender of request once authentication by whether within the scheduled time, if, it is determined that authentication passes through.
13. a kind of servers, it is characterised in that include:
Request reception unit, for receiving business operation request;Receive the authentication information that the sender of business operation request returns;
Type units are determined, for determining the action type of the business operation request that the request reception unit is received;
Transmitting element is notified, for if it is determined that the action type belongs to predefined action type, then to the business operation The sender of request sends authentication and notifies;Wherein, the predefined action type is controlled including needs preset on demand Action type;
Authenticating unit, if matching with the action type for the authentication information, it is determined that authentication passes through;
Business unit is performed, if determining that authentication passes through for the authenticating unit, the business operation request is performed corresponding Business operation.
14. according to claim 13 server, it is characterised in that
The authenticating unit, is additionally operable to send to authenticate to the sender that the business operation is asked in the notice transmitting element lead to Before knowing, once authentication is determined before the sender of the service request by whether within the scheduled time, if, it is determined that mirror Power passes through.
A kind of 15. authority control systems, including:Service Process Server and authentication server, it is characterised in that the industry Business processing server is the Service Process Server described in claim 8 or 9, and the authentication server is claim 10 Authentication server described in~13 any one.
CN201310542555.4A 2013-11-05 2013-11-05 Method, server and system for authority control Active CN103546489B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201310542555.4A CN103546489B (en) 2013-11-05 2013-11-05 Method, server and system for authority control
PCT/CN2014/090216 WO2015067163A1 (en) 2013-11-05 2014-11-04 Method, server and system for controling authority

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310542555.4A CN103546489B (en) 2013-11-05 2013-11-05 Method, server and system for authority control

Publications (2)

Publication Number Publication Date
CN103546489A CN103546489A (en) 2014-01-29
CN103546489B true CN103546489B (en) 2017-05-03

Family

ID=49969536

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310542555.4A Active CN103546489B (en) 2013-11-05 2013-11-05 Method, server and system for authority control

Country Status (2)

Country Link
CN (1) CN103546489B (en)
WO (1) WO2015067163A1 (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105205388B (en) * 2014-06-05 2019-03-15 腾讯科技(深圳)有限公司 A kind of right management method and system of application program
CN104270526A (en) * 2014-09-29 2015-01-07 广东欧珀移动通信有限公司 Data traffic control method and system for mobile terminal
CN104301328A (en) * 2014-10-29 2015-01-21 北京思特奇信息技术股份有限公司 Resource operation safety authentication method and system under cloud calculation environment
CN106982187B (en) * 2016-01-15 2020-12-01 中兴通讯股份有限公司 Resource authorization method and device
CN108268798B (en) * 2017-06-30 2023-09-05 勤智数码科技股份有限公司 Data item authority allocation method and system
CN108566327B (en) * 2018-01-09 2021-11-30 徐玉强 Data processing method and device for chat application
CN109740328B (en) * 2019-01-08 2021-07-02 广州虎牙信息科技有限公司 Authority identification method and device, computer equipment and storage medium
CN110795709B (en) * 2019-10-31 2022-08-12 北京达佳互联信息技术有限公司 Method and device for performing business operation, electronic equipment and storage medium
CN113938879A (en) * 2020-06-29 2022-01-14 华为技术有限公司 Communication method and communication device
CN112085326A (en) * 2020-07-31 2020-12-15 廊坊市科维配电技术开发有限公司 Energy consumption management method and equipment
CN113364765A (en) * 2021-06-03 2021-09-07 北京天融信网络安全技术有限公司 Cloud operation and maintenance auditing method and device

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100393166C (en) * 2004-11-19 2008-06-04 中兴通讯股份有限公司 Method and device for realizing PHS wireless network positioning service hierarchical authentication
CN101262590A (en) * 2007-12-21 2008-09-10 深圳市同洲电子股份有限公司 Multi-service integration system, device and method
CN101431659A (en) * 2008-12-08 2009-05-13 中兴通讯股份有限公司 Interactive Web TV system and its processing method
CN101772020B (en) * 2009-01-05 2011-12-28 华为技术有限公司 Method and system for authentication processing, 3GPP authentication authorization accounting server and user device
CN101834834A (en) * 2009-03-09 2010-09-15 华为软件技术有限公司 Authentication method, device and system
US8887264B2 (en) * 2009-09-21 2014-11-11 Ram International Corporation Multi-identity access control tunnel relay object
CN103107888B (en) * 2013-01-24 2015-11-18 贵州大学 The identity identifying method that the dynamic multi-attribute of facing moving terminal is multi-level
CN103546189B (en) * 2013-11-13 2016-04-13 苏州华士无线科技有限公司 Radio-frequency (RF) front-end circuit and system

Also Published As

Publication number Publication date
CN103546489A (en) 2014-01-29
WO2015067163A1 (en) 2015-05-14

Similar Documents

Publication Publication Date Title
CN103546489B (en) Method, server and system for authority control
US9824196B2 (en) Authenticating users requesting access to computing resources
US7571473B1 (en) Identity management system and method
US8353002B2 (en) Chaining information card selectors
CN113239344B (en) Access right control method and device
US8468576B2 (en) System and method for application-integrated information card selection
US8079069B2 (en) Cardspace history validator
US8561172B2 (en) System and method for virtual information cards
CN108351771B (en) Maintaining control over restricted data during deployment to a cloud computing environment
US20170041432A1 (en) Router-host logging
US20100251353A1 (en) User-authorized information card delegation
US20140050317A1 (en) Cloud Key Management System
CN108351807B (en) Event management to maintain control of restricted data in a cloud computing environment
JP6153669B2 (en) System and method for communicating credentials
US20100011409A1 (en) Non-interactive information card token generation
CN109829286B (en) User authority management system and method for WEB application
US9509672B1 (en) Providing seamless and automatic access to shared accounts
CN104954330A (en) Method of accessing data resources, device and system
CN106302612A (en) The creation method of account and device
US20150020167A1 (en) System and method for managing files
CN103559430B (en) application account management method and device based on Android system
CN112187725A (en) Cloud computing resource access method and device, service line service and gateway
US8527632B2 (en) Secure transfer of data files
CN110351719A (en) A kind of wireless network management method, system and electronic equipment and storage medium
CN108471409B (en) The application programming interfaces authentication configuration method and system of voice dialogue platform

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant