CN106570421A

CN106570421A - Authority control method and device

Info

Publication number: CN106570421A
Application number: CN201610981457.4A
Authority: CN
Inventors: 朱文进
Original assignee: Nubia Technology Co Ltd
Current assignee: Nubia Technology Co Ltd
Priority date: 2016-10-28
Filing date: 2016-10-28
Publication date: 2017-04-19

Abstract

The invention discloses an authority control method and device. The device comprises a marking module, a first acquisition module, a second acquisition module and a check module, wherein the marking module is used for acquiring authority resources of a system when the system is started, carrying out bit marking on various authority resources in the system and taking various corresponding bits subjected to bit marking as mark bits and information on the mark bits as system bit information; the first acquisition module is used for acquiring a terminal identification of transmitting an access request when detecting the access request transmitted by a terminal for accessing the authority resources, and acquiring a corresponding terminal mark bit and terminal bit information; the second acquisition module is used for acquiring the mark bit of a to-be-accessed authority resource accessed by the access request; and the check module is used for checking whether the access request of the terminal has the access authority or not according to the mark bit of the to-be-accessed authority resource, the terminal bit information and the terminal mark bit. According to the method and the device, the problems that a server side session occupies a lot of memory resources and a character string needs to be compared in the control process are solved, and the user experience is improved.

Description

Permission control device and method

Technical field

The present invention relates to communication technical field, more particularly to a kind of permission control device and method.

Background technology

With developing rapidly for communication technology, based on the consideration of the factors such as safety, general system includes Web page system (Web system), application can all provide control of authority function, realize that controlling user accesses by authorizing different authorities to user The function of authority resource.Control of authority all has vital effect to reliability, the safety and stability of system.Mesh Before, system is all the authority money for possessing that user is loaded after logging in system by user for the basic implementation method of control of authority Source, is then stored in the authority resource of user in the time domain of server end (session).When authority money in user's access system When source, the authority resource in the authority resource that the user to be accessed and the server end user session is compared (the typically all comparison of character string), once user is more, the authority resource of server end session storage users is more, clothes Business device end session just takes a large amount of memory sources, can cause very big pressure to server end, while user's access can be slowed down The speed of resource information, causes user experience poor.

The content of the invention

Present invention is primarily targeted at providing a kind of permission control device and method, it is intended to solve current control of authority The authority information of server end storage user is more in journey, takes a large amount of memory sources, slows down the speed of user access resources information Degree, causes the technical problem that user experience is poor.

For achieving the above object, the embodiment of the present invention provides a kind of permission control device, and the permission control device includes：

Mark module, for upon power-up of the system, obtaining the authority resource of system, is carried out to each authority resource in system Position labelling, each is entered the corresponding positions of line position labelling as marker bit, each power in the information correspondence system at each marker bit The authority of limit resource, using the information at each marker bit as system position information；

First acquisition module, for when detect terminal transmission for access rights resource access request when, obtain The terminal iidentification of access request is sent, and terminal authority resource counterpart terminal marker bit in systems is obtained according to terminal iidentification With terminal position information；

Second acquisition module, for obtaining the marker bit of the authority resource to be visited that access request is accessed；

Correction verification module, for according to the marker bit of authority resource to be visited, terminal position information, terminal label position, verification to be eventually Whether the access request at end has access rights.

Alternatively, first acquisition module includes：

Authentication unit, for when the access request of access rights resource of terminal transmission is detected, verifying the body of terminal Part information, obtains the authority resource of terminal after being proved to be successful；

Acquiring unit, for according to the authority resource of terminal, obtaining the corresponding terminal label position of terminal authorization resource and position Information.

Alternatively, the correction verification module also includes：

Forward direction value given unit, for the terminal label position in ordered arrangement system marks position and terminal position information to be closed Connection, and give terminal position information forward direction value；

Signal generating unit, as other marker bits, other will be given for using the system marks position in addition to terminal label position The system position information of marker bit is reversely worth, to generate verification array；

Verification unit, for according to the marker bit of authority resource to be visited and verification array, verifying the access request of terminal Whether access rights are had.

Alternatively, positive value is the true value of binary digit computing, is reversely worth the falsity for binary digit computing, the verification Unit includes：

Transforming subunit, for the marker bit of authority resource to be visited to be converted into into correspondence binary sequence；

With computing subelement, for the corresponding position in ordered arrangement system marks position letter in binary sequence and verification array Breath sequence is carried out and computing；

First judgment sub-unit, for when being non-zero with operation result, the access request of terminal to have access rights；

Second judgment sub-unit, for when being zero with operation result, the access request of terminal not to have access rights.

Alternatively, the permission control device also includes：

Generation module, for the authority number of resources of detecting system, when the authority number of resources of system is more than the pre- of verification array If during digit, generating new verification array.

For achieving the above object, the present invention also provides a kind of authority control method, and the authority control method includes：When being When system starts, the authority resource of system is obtained, line position labelling is entered to each authority resource in system, each is entered into line position labelling Corresponding positions as marker bit, the authority of each authority resource in the information correspondence system at each marker bit, by each marker bit The information at place is used as system position information；

When detect terminal transmission for access rights resource access request when, obtain send access request terminal Mark, and terminal authority resource counterpart terminal marker bit in systems and terminal position information are obtained according to terminal iidentification；

Obtain the marker bit of the authority resource to be visited that access request is accessed；

Marker bit, terminal position information according to authority resource to be visited, terminal label position, verifying the access request of terminal is It is no to have access rights.

Alternatively, it is described when detect terminal transmission for access rights resource access request when, obtain send visit Ask the terminal iidentification of request, and terminal authority resource counterpart terminal marker bit in systems and terminal are obtained according to terminal iidentification Position information Step includes：

When the access request of access rights resource of terminal transmission is detected, the identity information of terminal is verified, verified into The authority resource of terminal is obtained after work(；

According to the authority resource of terminal, the corresponding terminal label position of terminal authorization resource and position information are obtained.

Alternatively, marker bit, terminal position information, the terminal label position according to authority resource to be visited, verifies terminal Access request include the step of whether have access rights：

By the terminal label position in ordered arrangement system marks position and terminal position information association, and give terminal position information just To value；

Using the system marks position in addition to terminal label position as other marker bits, the system position of other marker bits will be given Information is reversely worth, to generate verification array；

Whether according to the marker bit and verification array of authority resource to be visited, verifying the access request of terminal has access right Limit.

Alternatively, positive value is the true value of binary digit computing, is reversely worth the falsity for binary digit computing, the basis Whether the marker bit and verification array of authority resource to be visited, verifying the access request of terminal has access rights step to include：

The marker bit of authority resource to be visited is converted into into correspondence binary sequence；

The corresponding position information sequence in ordered arrangement system marks position in binary sequence and verification array is carried out and computing；

When being non-zero with operation result, the access request of terminal has access rights；

When being zero with operation result, the access request of terminal does not have access rights.

Alternatively, the system marks position using in addition to terminal label position will give other marks as other marker bits The system position information of note position is reversely worth, and is included after array step with generating to verify：

The authority number of resources of detecting system, when the authority number of resources of system is more than the presetting digit capacity for verifying array, generates New verification array.

The present invention passes through mark module, for upon power-up of the system, obtaining the authority resource of system, to each power in system Limit resource enters line position labelling, and each is entered the corresponding positions of line position labelling as marker bit, and the information correspondence at each marker bit is The authority of each authority resource in system, using the information at each marker bit as system position information；First acquisition module, for working as Detect terminal transmission for access rights resource access request when, obtain the terminal iidentification for sending access request, and root Terminal authority resource counterpart terminal marker bit in systems and terminal position information are obtained according to terminal iidentification；Second acquisition module, For obtaining the marker bit of the authority resource to be visited that access request is accessed；Correction verification module, for being provided according to authority to be visited Whether the marker bit in source, terminal position information, terminal label position, verifying the access request of terminal has access rights.Due to authority control Process servers end session processed does not store the authority resource of terminal, but the corresponding terminal position of storage terminal authorization resource is believed Breath, terminal label position, and the internal memory of the corresponding terminal position information of terminal authorization resource, terminal label position is stored much smaller than storage institute There is the authority resource of terminal, it is thus possible to reduce the internal memory shared by server end session, and whether have the right in verification terminal During the access rights of limit resource, bit arithmetic is directly carried out, rather than compare character string, with the speed of computing character string ratio is much larger than Compared with speed, it is thus possible to reduce verification authority time, lifted Consumer's Experience.

Description of the drawings

Fig. 1 is the hardware architecture diagram for realizing the optional mobile terminal of each embodiment one of the invention；

Fig. 2 is the radio communication device schematic diagram of mobile terminal in Fig. 1；

Fig. 3 is the module diagram of permission control device first embodiment of the present invention；

Fig. 4 is the refinement module schematic diagram of the first acquisition module in permission control device second embodiment of the present invention；

Fig. 5 is the refinement module schematic diagram of correction verification module in permission control device 3rd embodiment of the present invention；

Fig. 6 is the refinement module schematic diagram of verification unit in permission control device fourth embodiment of the present invention；

Fig. 7 is the schematic flow sheet of authority control method first embodiment of the present invention；

Fig. 8 be in authority control method second embodiment of the present invention when detect terminal transmission for access rights resource Access request when, obtain the terminal iidentification for sending access request, and terminal authority in systems is obtained according to terminal iidentification The refinement schematic flow sheet of resource counterpart terminal marker bit and terminal position information Step；

Fig. 9 is marker bit, the terminal position in authority control method 3rd embodiment of the present invention according to authority resource to be visited Information, terminal label position, the refinement schematic flow sheet for verifying the access request of terminal the step of whether having access rights；

Figure 10 is the marker bit in authority control method fourth embodiment of the present invention according to authority resource to be visited and verification Array, verifies whether the access request of terminal has the refinement schematic flow sheet of access rights step；

Figure 11 is the schematic diagram of a scenario of authority control method of the present invention and device；

Figure 12 is the schematic diagram of a scenario of authority control method of the present invention and device；

Figure 13 is the schematic diagram of a scenario of authority control method of the present invention and device；

Figure 14 is the schematic diagram of a scenario of authority control method of the present invention and device.

The realization of the object of the invention, functional characteristics and advantage will be described further referring to the drawings in conjunction with the embodiments.

Specific embodiment

It should be appreciated that specific embodiment described herein is not intended to limit the present invention only to explain the present invention.

The mobile terminal of each embodiment of the invention is realized referring now to Description of Drawings.In follow-up description, use For represent element such as " module ", " part " or " unit " suffix only for be conducive to the present invention explanation, itself Not specific meaning.Therefore, " module " can be used mixedly with " part ".

Mobile terminal can be implemented in a variety of manners.For example, the terminal described in the present invention can include such as moving Phone, smart phone, notebook computer, digit broadcasting receiver, PDA (personal digital assistant), PAD (panel computer), PMP The mobile terminal of (portable media player), guider etc. and such as numeral TV, desk computer etc. are consolidated Determine terminal.Hereinafter it is assumed that terminal is mobile terminal.However, it will be understood by those skilled in the art that, except being used in particular for movement Outside the element of purpose, construction according to the embodiment of the present invention can also apply to the terminal of fixed type.

Fig. 1 is the hardware architecture diagram for realizing the optional mobile terminal of each embodiment one of the invention.

Mobile terminal 1 00 can include wireless communication unit 110, A/V (audio/video) input block 120, user input Unit 130, sensing unit 140, output unit 150, memorizer 160, interface unit 170, controller 180 and power subsystem 190, Mark module 10, the first acquisition module 20, the second acquisition module 30, correction verification module 40.Fig. 1 shows the shifting with various assemblies Dynamic terminal, it should be understood that being not required for implementing all components for illustrating.More or less of group can alternatively be implemented Part.Will be discussed in more detail below the element of mobile terminal.

Wireless communication unit 110 generally includes one or more assemblies, and it allows mobile terminal 1 00 and radio communication device Or the radio communication between network.For example, wireless communication unit can include location information module 115.

Location information module 115 is the module for checking or obtaining the positional information of mobile terminal.Location information module Typical case be GPS (global pick device).According to current technology, GPS module 115 is calculated from three or more satellites Range information and correct time information and for calculate Information application triangulation, so as to according to longitude, latitude Highly accurately calculate three-dimensional current location information.Currently, the method for calculating position and temporal information is defended using three The error of star and the position that calculated by using other satellite correction and temporal information.Additionally, GPS module 115 Can be by Continuous plus current location information in real time come calculating speed information.

A/V input blocks 120 are used to receive audio or video signal.

User input unit 130 can generate key input data to control each of mobile terminal according to the order of user input Plant operation.

Sensing unit 140 detects the current state of mobile terminal 1 00, and (for example, mobile terminal 1 00 opens or closes shape State), the presence or absence of contact (that is, touch input), the mobile terminal of the position of mobile terminal 1 00, user for mobile terminal 1 00 100 orientation, the acceleration of mobile terminal 1 00 or by speed is mobile and direction etc., and generate for controlling mobile terminal 1 00 The order of operation or signal.In addition, sensing unit 140 can detect whether power subsystem 190 provides electric power or interface unit Whether 170 couple with external device (ED).

Interface unit 170 is connected the interface that can pass through with mobile terminal 1 00 as at least one external device (ED).

In addition, when mobile terminal 1 00 is connected with external base, interface unit 170 can serve as allowing to pass through it by electricity Power from base provide to mobile terminal 1 00 path or can serve as allow from base be input into various command signals pass through its It is transferred to the path of mobile terminal.Can serve as recognizing that mobile terminal is from the various command signals or electric power of base input The no signal being accurately fitted within base.Output unit 150 is configured to provide defeated with vision, audio frequency and/or tactile manner Go out signal (for example, audio signal, video signal, alarm signal, vibration signal etc.).

Output unit 150 can include display unit 151, dio Output Modules 152, alarm unit 153 etc..

Display unit 151 may be displayed on the information processed in mobile terminal 1 00.For example, when mobile terminal 1 00 is in electricity During words call mode, display unit 151 can show and converse or other communicate (for example, text messaging, multimedia files Download etc.) related user interface (UI) or graphic user interface (GUI).When mobile terminal 1 00 is in video calling pattern Or during image capture mode, display unit 151 can show the image of capture and/or the image of reception, illustrate video or figure UI or GUI of picture and correlation function etc..

Meanwhile, when the display unit 151 and touch pad touch screen with formation superposed on one another in the form of layer, display unit 151 can serve as input equipment and output device.Display unit 151 can include liquid crystal display (LCD), thin film transistor (TFT) In LCD (TFT-LCD), Organic Light Emitting Diode (OLED) display, flexible display, three-dimensional (3D) display etc. at least It is a kind of.Some in these display may be constructed such that transparence to allow user from outside viewing, and this is properly termed as transparent Display, typical transparent display can be, for example, TOLED (transparent organic light emitting diode) display etc..According to specific The embodiment wanted, mobile terminal 1 00 can include two or more display units (or other display devices), for example, move Dynamic terminal can include outernal display unit (not shown) and inner display unit (not shown).Touch screen can be used for detection and touch Input pressure value and touch input position and touch input area.

Memorizer 160 can store software program for the process and control operation performed by controller 180 etc., Huo Zheke With the data (for example, telephone directory, message, still image, video etc.) for temporarily storing own Jing outputs or will export.And And, memorizer 160 can be storing the vibration of various modes with regard to exporting when touching and being applied to touch screen and audio signal Data.

Memorizer 160 can include the storage medium of at least one type, and the storage medium includes flash memory, hard disk, many Media card, card-type memorizer (for example, SD or DX memorizeies etc.), random access storage device (RAM), static random-access storage Device (SRAM), read only memory (ROM), Electrically Erasable Read Only Memory (EEPROM), programmable read only memory (PROM), magnetic storage, disk, CD etc..And, mobile terminal 1 00 can perform memorizer with by network connection The network storage device cooperation of 160 store function.

The overall operation of the generally control mobile terminal of controller 180.For example, controller 180 is performed and voice call, data The related control of communication, video calling etc. and process.In addition, controller 180 can be included for reproducing (or playback) many matchmakers The multi-media module 181 of volume data, multi-media module 181 can be constructed in controller 180, or is so structured that and control Device 180 is separated.Controller 180 can be with execution pattern identifying processing, by the handwriting input for performing on the touchscreen or picture Draw input and be identified as character or image.

Power subsystem 190 receives external power or internal power under the control of controller 180 and provides operation each unit Appropriate electric power needed for part and component.

Various embodiments described herein can be with using such as computer software, hardware or its any combination of calculating Machine computer-readable recording medium is implementing.For hardware is implemented, embodiment described herein can be by using application-specific IC (ASIC), digital signal processor (DSP), digital signal processing device (DSPD), programmable logic device (PLD), scene can Programming gate array (FPGA), processor, controller, microcontroller, microprocessor, it is designed to perform function described herein Implementing, in some cases, such embodiment can be implemented at least one in electronic unit in controller 180. For software is implemented, the embodiment of such as process or function can with allow to perform the single of at least one function or operation Software module is implementing.Software code can be come by the software application (or program) write with any appropriate programming language Implement, software code can be stored in memorizer 160 and be performed by controller 180.

As shown in Figure 1 mobile terminal 1 00 may be constructed such that using via frame or packet transmission data it is all if any Line and radio communication device and satellite-based communicator are operating.

The communicator that mobile terminal wherein of the invention is operable to is described referring now to Fig. 2.

Such communicator can use different air interface and/or physical layer.For example, used by communicator Air interface includes such as frequency division multiple access (FDMA), time division multiple acess (TDMA), CDMA (CDMA) and universal mobile communications dress Put (UMTS) (especially, Long Term Evolution (LTE)), global mobile communication device (GSM) etc..As non-limiting example, under The description in face is related to cdma communication device, but such teaching is equally applicable to other types of device.

With reference to Fig. 2, cdma wireless communication device can include multiple mobile terminal 1s 00, multiple base stations (BS) 270, base station Controller (BSC) 275 and mobile switching centre (MSC) 280.MSC280 is configured to and Public Switched Telephony Network (PSTN) 290 form interface.MSC280 is also structured to form interface with the BSC275 that can be couple to base station 270 via back haul link. If any one that back haul link can be in the interface that Ganji knows is constructing, the interface includes such as E1/T1, ATM, IP, PPP, frame relay, HDSL, ADSL or xDSL.It will be appreciated that as shown in Figure 2 device can include multiple BSC2750.

Each BS270 can service one or more subregions (or region), by multidirectional antenna or the day of sensing specific direction Each subregion that line is covered is radially away from BS270.Or, each subregion can by for diversity reception two or more Antenna is covered.Each BS270 may be constructed such that the multiple frequency distribution of support, and each frequency distribution has specific frequency spectrum (for example, 1.25MHz, 5MHz etc.).

What subregion and frequency were distributed intersects can be referred to as CDMA Channel.BS270 can also be referred to as base station transceiver Device (BTS) or other equivalent terms.In this case, term " base station " can be used for broadly representing single BSC275 and at least one BS270.Base station can also be referred to as " cellular station ".Or, each subregion of specific BS270 can be claimed For multiple cellular stations.

As shown in Figure 2, broadcast singal is sent to broadcsting transmitter (BT) 295 mobile terminal operated in device 100.As shown in Figure 1 broadcasting reception module 111 is arranged at mobile terminal 1 00 to receive the broadcast sent by BT295 Signal.In fig. 2 it is shown that several global pick device (GPS) satellites 300.Satellite 300 helps position multiple mobile terminals At least one of 100.

In fig. 2, multiple satellites 300 are depicted, but it is understood that, it is possible to use any number of satellite is obtained Useful location information.Used as a typical operation of radio communication device, BS270 is received from various mobile terminal 1s 00 Reverse link signal.Mobile terminal 1 00 generally participates in call, information receiving and transmitting and other types of communication.Certain base station 270 is received Each reverse link signal processed in specific BS270.The data of acquisition are forwarded to the BSC275 of correlation.BSC The mobile management function of call resource allocation and the coordination including the soft switching process between BS270 is provided.BSC275 will also connect The data for receiving are routed to MSC280, and it provides the extra route service for forming interface with PSTN290.Similarly, PSTN290 and MSC280 form interface, and MSC and BSC275 forms interface, and BSC275 correspondingly controls BS270 with by forward direction Link signal is sent to mobile terminal 1 00.

Based on above-mentioned mobile terminal hardware configuration, communication apparatus structure, each embodiment of permission control device of the present invention is proposed, Permission control device is a part for mobile terminal.

With reference to Fig. 3, the present invention provides a kind of permission control device, in permission control device first embodiment, the device Including：

Mark module 10, for upon power-up of the system, obtaining the authority resource of system, enters to each authority resource in system Line position labelling, each is entered the corresponding positions of line position labelling as marker bit, in the information correspondence system at each marker bit each The authority of authority resource, using the information at each marker bit as system position information；

Based on the consideration of the factors such as safety, general system all can be by authorizing different authorities to realize control to user The function of access privilege resource, thus various control of authority functions need to be realized.

Upon power-up of the system, the authority resource of system is obtained, the system includes Web page system, application etc., wherein, webpage The authority resource of system is included but is not limited to：Menu, button, use access rights of control of window etc..Using authority Resource is included but is not limited to：The various use access rights such as inquiry, addition, modification and deletion.The authority resource of system can be entered Row compression storage and labelling, i.e., all permissions resource first in acquisition system is compressed to all permissions resource of system and deposits Chu Bingke sets up index to the authority resource of compression storage, to all permissions resource, respective index and the authority resource all Residing sequence enters line position labelling in authority resource, and the mode of position labelling can be with using the modes such as numbering, different authority resources Its marker bit difference, each is entered the corresponding positions of line position labelling as marker bit, using the information at each marker bit as being System position information, the marker bit of authority resource is corresponded with corresponding authority resource, enters line position mark to all permissions resource successively Until completing, labeling process terminates note, as shown in figure 11, each authority resource in the information correspondence system at each marker bit Authority, the position information of corresponding authority resource can be numerical value, supplemented by assistant solve the above, illustrate to specific embodiment, If certain authority resource is located at No. 9 sequence in system proprietary limit resource, thus its marker bit is 9, if numerical value 1 is represented having The authority of the authority resource, 0 represents the authority without the authority resource, then 1 is the corresponding position information of the authority resource with 0, if Possess the authority of the authority resource, then the position information of the 9th marker bit is 1.When including other again in the authority resource During sub- authority resource, the process to the sub- authority resource is identical with the process to the authority resource.

First acquisition module 20, for when detect terminal transmission for access rights resource access request when, obtain The terminal iidentification for sending access request is taken, and terminal authority resource counterpart terminal labelling in systems is obtained according to terminal iidentification Position and terminal position information；

When detect terminal transmission for access rights resource access request when, when being terminal access resource, institute Terminal is stated including user, because one or more terminals may have access to the authority resource, the terminal for sending access request is obtained Mark, according to terminal iidentification terminal authority resource counterpart terminal marker bit in systems and terminal position information are obtained, and are obtained eventually End authority resource in systems, the authority resource of terminal must be the one or more in the authority resource in system, i.e., eventually The possessed authority resource in end belongs to the authority resource in system, due to entering line position labelling to each authority resource in system, because And the authority resource that terminal is possessed can also find corresponding marker bit, the corresponding marker bit of authority resource that terminal is possessed As terminal label position, according to terminal authority resource in systems, terminal corresponding position letter at terminal label position is generated Breath, i.e., the authority resource for being possessed according to terminal obtains numerical value of the terminal at marker bit, supplemented by assistant solve the above, use With specific embodiment explanation, if terminal possesses corresponding authority resource positioned at No. 1, No. 5, No. 6 sequences, the representative of numerical value 1 has The authority of the authority resource, 0 represents the authority without the authority resource, then the marker bit of terminal is 1,5,6, and terminal is at marker bit Position information be 1.

Second acquisition module 30, for obtaining the marker bit of the authority resource to be visited that access request is accessed；

The marker bit of the authority resource to be visited that access request is accessed is obtained, because authority resource to be visited must belong to system Authority resource, thus serial number of the authority resource to be visited in all System Privileges resources can be obtained, it is to obtain to be visited The marker bit of authority resource, authority resource to be visited described in position information MAP of the authority resource to be visited at the marker bit Authority.

Correction verification module 40, for according to the marker bit of authority resource to be visited, terminal position information, terminal label position, verification Whether the access request of terminal has access rights.

Marker bit, terminal position information according to authority resource to be visited, terminal label position, verifying the access request of terminal is It is no to have access rights to be the marker bit according to authority resource to be visited, the anti-marker bit for looking into terminal and the position at the marker bit Information, whether have access rights, if the position presentation of information terminal of terminal at the marker bit if verifying the access request of terminal Possess the authority resource, then the access request of terminal there are access rights.

In the present embodiment, by mark module 10, for upon power-up of the system, the authority resource of system being obtained, to being Each authority resource enters line position labelling in system, each is entered the corresponding positions of line position labelling as marker bit, at each marker bit The authority of each authority resource in information correspondence system, using the information at each marker bit as system position information；First obtains Module 20, for when detect terminal transmission for access rights resources access request when, obtain and send access request Terminal iidentification, and terminal authority resource counterpart terminal marker bit in systems and terminal position information are obtained according to terminal iidentification； Second acquisition module 30, for obtaining the marker bit of the authority resource to be visited that access request is accessed；Correction verification module 40, is used for Whether marker bit, terminal position information according to authority resource to be visited, terminal label position, verifying the access request of terminal has access Authority.Because when whether verification terminal possesses the access rights to certain resource, the session of server end does not store terminal The authority resource for being possessed, but the corresponding terminal position information of authority resource, the terminal label position that storage terminal is possessed, thus The internal memory shared by the session of server end can be reduced, meanwhile, whether there are access rights in the access request of verification terminal When do not carry out the comparison of character string, but terminal position information, the comparison of terminal label position, it is thus possible to lift verification speed, And then the overall performance of server is improved, and then lift the overall experience of user.

Further, on the basis of permission control device first embodiment of the present invention, the of permission control device is proposed Two embodiments, with reference to Fig. 4, in a second embodiment, first acquisition module 20 includes：

Authentication unit 21, for when User logs in Web page system, verifying the identity information of terminal, obtains after being proved to be successful The authority resource of terminal；

Identity information includes the essential information and authentication information of user, and the essential information is included but is not limited to：The surname of user Name, age, phone, mailbox etc.；The authentication information including but not limited to logs in username and password of client etc., according to The identity information of the user carries out authentication to the user, can be specially：When comparing User logs in the user name that input and Whether password is identical using corresponding username and password with this with what is preserved in authorization resources storehouse, if all same, the use The authentication success at family, if user name is different or password is different, the authentication failure of the user, after being proved to be successful Obtain the authority resource of terminal.

Acquiring unit 22, for according to the authority resource of terminal, obtain the corresponding terminal label position of terminal authorization resource with Position information.

According to the authority resource of terminal, it is to obtain eventually to obtain the corresponding terminal label position of terminal authorization resource with position information The authority resource at end, the Mapping and Converting according to the authority resource of terminal in the session of server end is into corresponding terminal mark The session of note position, i.e. server end is after the authority resource for obtaining terminal to the authority resource and the authority resource of system Compare, according to the marker bit of the authority resource of system, the corresponding terminal label position of terminal authorization resource is obtained, at the end Store corresponding terminal position information at the marker bit of end to map the authority of terminal-pair terminal authorization resource.

In the present embodiment, authentication unit 21, for when the access request of the access rights resource for detecting terminal transmission When, the identity information of terminal is verified, the authority resource of terminal is obtained after being proved to be successful；Acquiring unit 22, for according to terminal Authority resource, obtains the corresponding terminal label position of terminal authorization resource and position information.Due to generating terminal label position and position information Accurately, and then terminal label position and the position information of the terminal of the session storages of server end can replace the authority of terminal to provide Source without the authority resource that directly stores terminal, so as to reduce the internal memory shared by the session of server end.

Further, on the basis of permission control device first embodiment of the present invention, the of permission control device is proposed Three embodiments, with reference to Fig. 5, in the third embodiment, the correction verification module 40 includes：

Forward direction value given unit 41, for the terminal label position in ordered arrangement system marks position and terminal position information to be closed Connection, and give terminal position information forward direction value；

For by the terminal label position in ordered arrangement system marks position and terminal position information association, and give terminal position letter The positive value of breath, the positive value includes a pair of the authority resource 1 of the true value in binary digit computing, system marks position and system Should, and to the authority resource ordered arrangement of system, thus system marks position also corresponding ordered arrangement, terminal possesses System Privileges The one or more of resource, thus terminal possesses the corresponding terminal label position of the one or more authority resource, will have The terminal position presentation of information at terminal label position and terminal position information association, i.e. terminal label position in sequence arranging system marker bit The authority of the corresponding authority resource in the terminal label position, thus possess the one or more authority resource correspondence in terminal Terminal label position at give terminal position information positive value.

Signal generating unit 42, as other marker bits, it will be given for using the system marks position in addition to terminal label position The system position information of its marker bit is reversely worth, to generate verification array；

Using the system marks position in addition to terminal label position as other marker bits, terminal is also generated at other marker bits Corresponding positions information, to map authority of the terminal without the authority resource corresponding to other marker bits, thus gives other marker bits System position information is reversely worth, and the reverse value can be the falsity in binary digit computing, and terminal is in all system marks positions correspondence Correspondence position information is generated at position, the forward direction of position information is worth the authority of corresponding authority resource corresponding with reverse value, and position information is just Verification array is generated to value with reversely value.

Verification unit 43, for according to the marker bit of authority resource to be visited and verification array, the access for verifying terminal please Seeking Truth is no access rights.

Whether according to the marker bit and verification array of authority resource to be visited, verifying the access request of terminal has access right Limit, according to the marker bit of authority resource to be visited, generates authority resource correspondence to be visited authority resource array to be visited, described Give position information positive value at the marker bit of authority resource to be visited, position information given at other marker bits and is reversely worth, it is described just Authority resource array to be visited is generated with reversely value to value, authority resource array to be visited and verification array is compared, terminal is verified Access request whether have access rights.

In the present embodiment, by positive value given unit 41, for by the terminal mark in ordered arrangement system marks position Note position and terminal position information association, and give terminal position information forward direction value；Signal generating unit 42, for will be in addition to terminal label position System marks position as other marker bits, the system position information for giving other marker bits is reversely worth, to generate verification array； Verification unit 43, for whether according to the marker bit of authority resource to be visited and verification array, verifying the access request of terminal to have Access rights, whether due to comparing authority resource array to be visited and verification array, verifying the access request of terminal has access right Speed of the speed of limit more than the comparison of character string, it is thus possible to reduce the time-consuming number verified when accessing during authority, lifted Consumer's Experience.

Further, on the basis of permission control device 3rd embodiment of the present invention, the of permission control device is proposed Four embodiments, with reference to Fig. 6, in the fourth embodiment, forward direction value is the true value of binary digit computing, and reversely value is binary digit fortune The falsity of calculation, the verification unit includes：

Transforming subunit 44, for the marker bit of authority resource to be visited to be converted into into correspondence binary sequence；

According to the marker bit of authority resource to be visited, authority resource correspondence to be visited authority resource array to be visited is generated, Give position information positive value at the marker bit of the authority resource to be visited, position information given at other marker bits and is reversely worth, The positive value generates authority resource array to be visited with reversely value, and the positive value can be binary system for positive value with reversely value The true value of bit arithmetic, true value can be 1, and reverse value is the falsity of binary digit computing, and falsity can be 0, according to the true value and vacation Value, authority resource array to be visited is converted into correspondence binary sequence.

With computing subelement 45, for binary sequence and verification array in the corresponding position in ordered arrangement system marks position Information sequence is carried out and computing；

Supplemented by assistant solve the above, illustrate to specific embodiment, as shown in figure 12, such as terminal possesses No. 1,5 Number and 6 labelled notation positions authority resource, then terminal label position is No. 1, No. 5, and No. 6 positions, the numerical value on respective markers position For 1, the numerical value on remaining is 0.As shown in figure 14, the corresponding position letter in ordered arrangement system marks position in the client checks array Breath sequence is 10001100 ..., if the authority resource to be visited is No. 3 authority resources, the authority resource two to be visited is entered Sequence processed is 00100000 ..., is carried out and computing to described 10001100 ... with 00100000 ....

First judgment sub-unit 46, for when being non-zero with operation result, the access request of terminal to have access rights；

Second judgment sub-unit 47, for when being zero with operation result, the access request of terminal not to have access rights.

As shown in figure 13, it is in the authority resource correspondence markings position to be visited when being non-zero with operation result Place with operation result be non-zero when, the access request of terminal has access rights；When being zero with operation result, the access of terminal Request is without access rights.

In the present embodiment, by transforming subunit 44, for the marker bit of authority resource to be visited to be converted into into correspondence Binary sequence；With computing subelement 45, for binary sequence with verification array in ordered arrangement system marks position it is corresponding Position information sequence carry out and computing；First judgment sub-unit 46, for when being non-zero with operation result, the access of terminal please Access rights are sought；Second judgment sub-unit 47, for when being zero with operation result, the access request of terminal not to have access right Limit, due to only need to store due to determining the authority resource for being not required to store terminal corresponding verification array can accurately verify thus The internal memory that the session of server takes can be reduced, and in the corresponding binary sequence of resource to be visited and verification array The corresponding position information sequence in ordered arrangement system marks position is carried out and computing, does not compare character string, thus speed is fast, improves use Experience at family.

Further, on the basis of permission control device first embodiment of the present invention, the of permission control device is proposed Four embodiments, in the fourth embodiment, the permission control device includes：

Generation module 50, for the authority number of resources of detecting system, when the authority number of resources of system is more than verification array During presetting digit capacity, new verification array is generated.

When presetting digit capacity of the authority number of resources more than verification array, i.e., in a computer, the verification array class Type can be long [] array, int [] array etc., for each verification array, because its storage class determines, and its digit It is to determine, per represents a kind of authority resource, when presetting digit capacity of the authority number of resources more than verification array, generates new school Array is tested, to guarantee that all of authority resource of terminal can be corresponding, is not resulted in and is omitted to affect to generate the verification that terminal is generated The accuracy of array, and cause the dope vector of the terminal that the session of server end stores to replace the authority of terminal The authority information of resource, so that need to directly store the authority resource of terminal to cause the increase of committed memory.Supplemented by assistant's solution Content is stated, is illustrated to specific embodiment, the every group of long types number totally 64 such as in array, it can correspond to 64 kinds of authority moneys Source, when the authority number of resources of system is more than 64, sets up new long type arrays, corresponds to the authority resource of the 65th, according to this class Push away, until all of authority resource has corresponding dope vector corresponding.

In the present embodiment, by generation module 50, for the authority number of resources of detecting system, when the authority resource of system When number is more than the presetting digit capacity for verifying array, new verification array is generated.To guarantee that all of authority resource of terminal can have Corresponding verification array, does not result in and omits to affect the accuracy of the dope vector for generating terminal, and causes server end The dope vector of the terminal of session storages can not replace the authority information of the authority resource of terminal, so that need to directly store The authority resource of terminal is causing the increase of committed memory.

The present invention also provides a kind of authority control method, and authority control method is mainly used on mobile terminal, in authority In control method first embodiment, with reference to Fig. 7, authority control method includes：

Step S10, upon power-up of the system, obtains the authority resource of system, and to each authority resource in system line position mark is entered Note, each is entered the corresponding positions of line position labelling as marker bit, each authority money in the information correspondence system at each marker bit The authority in source, using the information at each marker bit as system position information；

Upon power-up of the system, the authority resource of system is obtained, the system includes Web page system, application etc., wherein, webpage The authority resource of system is included but is not limited to：Menu, button, use access rights of control of window etc..Using authority Resource is included but is not limited to：The various authorities such as inquiry, addition, modification and deletion.The authority resource of system can be compressed and be deposited Storage and labelling, i.e., all permissions resource first in acquisition system is compressed storage and can be right to all permissions resource of system The authority resource of compression storage sets up index, to all permissions resource, respective index and the authority resource in all permissions resource In residing sequence enter line position labelling, the mode of position labelling can be with using modes such as numberings, different its labelling of authority resource Position is different, and each is entered the corresponding positions of line position labelling as marker bit, using the information at each marker bit as system position information, Thus the marker bit of authority resource is corresponded with corresponding authority resource, all permissions resource is entered successively line position labelling until Complete, labeling process terminates, as shown in figure 11, the authority of each authority resource in the information correspondence system at each marker bit, The position information of corresponding authority resource can be numerical value, supplemented by assistant solve the above, to specific embodiment illustrate, if certain power Limit resource is located at No. 9 sequence in system proprietary limit resource, thus its marker bit is 9, if numerical value 1 is represented the authority The authority of resource, 0 represents the authority without the authority resource, then 1 is the corresponding position information of the authority resource with 0, if possessing institute The authority of authority resource is stated, then the position information of the 9th marker bit is 1.When including other sub- authorities again in the authority resource During resource, the process to the sub- authority resource is identical with the process to the authority resource.

Step S20, when detect terminal transmission for access rights resource access request when, obtain send access please The terminal iidentification asked, and terminal authority resource counterpart terminal marker bit in systems and terminal position letter are obtained according to terminal iidentification Breath；

Step S30, obtains the marker bit of the authority resource to be visited that access request is accessed；

Step S40, marker bit, terminal position information according to authority resource to be visited, terminal label position verify the visit of terminal Ask whether request there are access rights.

In the present embodiment, by step S10, upon power-up of the system, obtain system authority resource, in system each Authority resource enters line position labelling, and each is entered the corresponding positions of line position labelling as marker bit, the information correspondence at each marker bit The authority of each authority resource in system, using the information at each marker bit as system position information；Step S20, when detecting Terminal send for access rights resource access request when, the terminal iidentification for sending access request is obtained, and according to terminal Mark obtains terminal authority resource counterpart terminal marker bit in systems and terminal position information；Step S30, obtains access request The marker bit of the authority resource to be visited for being accessed；Step S40, marker bit, terminal position information according to authority resource to be visited, Whether terminal label position, verifying the access request of terminal has access rights.Due to whether possessing to certain resource in verification terminal During access rights, the session of server end does not store the authority resource that terminal is possessed, but stores what terminal was possessed The corresponding terminal position information of authority resource, terminal label position, it is thus possible to reduce interior shared by the session of server end Deposit, meanwhile, the comparison of character string is not carried out when whether the access request for verifying terminal there are access rights, but terminal position is believed Breath, the comparison of terminal label position, it is thus possible to lift verification speed, and then the overall performance of raising server, and then lifting is used The overall experience at family.

Further, on the basis of authority control method first embodiment of the present invention, the of authority control method is proposed Two embodiments, with reference to Fig. 8, in a second embodiment, step S20 includes：

Step S21, when User logs in Web page system, verifies the identity information of terminal, and terminal is obtained after being proved to be successful Authority resource；

Step S22, believes for according to the authority resource of terminal, obtaining the corresponding terminal label position of terminal authorization resource with position Breath.

In the present embodiment, step S21, when the access request of access rights resource of terminal transmission is detected, checking The identity information of terminal, obtains the authority resource of terminal after being proved to be successful；Step S22, according to the authority resource of terminal, obtains eventually The corresponding terminal label position of end authority resource and position information.Due to generating terminal label position with position information accurately, and then server The terminal label position of the terminal of the session storages at end can replace the authority resource of terminal without directly storage with position information The authority resource of terminal, so as to reduce the internal memory shared by the session of server end.

Further, on the basis of authority control method first embodiment of the present invention, the of authority control method is proposed Three embodiments, with reference to Fig. 9, in the third embodiment, step S40 includes：

Step S41, by the terminal label position in ordered arrangement system marks position and terminal position information association, and gives terminal The positive value of position information；

Step S42, using the system marks position in addition to terminal label position as other marker bits, will give other marker bits System position information be reversely worth, to generate verification array；

Using the system marks position in addition to terminal label position as other marker bits, terminal is also generated at other marker bits Corresponding positions information, to map authority of the terminal without the authority resource corresponding to other marker bits, thus gives other marker bits System position information is reversely worth, and the reverse value includes the falsity in binary digit computing, and terminal is in all system marks positions correspondence Correspondence position information is generated at position, the forward direction of position information is worth the authority of corresponding authority resource corresponding with reverse value, and position information is just Verification array is generated to value with reversely value.

Step S43, whether according to the marker bit and verification array of authority resource to be visited, verifying the access request of terminal has Access rights.

In the present embodiment, by step S41, the terminal label position in ordered arrangement system marks position and terminal position are believed Breath association, and give terminal position information forward direction value；Step S42, using the system marks position in addition to terminal label position as other Marker bit, the system position information for giving other marker bits is reversely worth, to generate verification array；Step S43, according to power to be visited The marker bit and verification array of limit resource, whether have access rights, due to comparing authority to be visited if verifying the access request of terminal Resource array and verification array, verify whether the access request of terminal has the speed of access rights more than the speed of the comparison of character string Degree, it is thus possible to reduce the time-consuming number verified when accessing during authority, lift Consumer's Experience.

Further, on the basis of authority control method 3rd embodiment of the present invention, the of authority control method is proposed Four embodiments, with reference to Figure 10, in the fourth embodiment, forward direction value is the true value of binary digit computing, and reversely value is binary digit The falsity of computing, the step S43 unit includes：

Step S44, by the marker bit of authority resource to be visited correspondence binary sequence is converted into；

Step S45, enters to the corresponding position information sequence in ordered arrangement system marks position in binary sequence and verification array Row and computing；

Step S46, when being non-zero with operation result, the access request of terminal has access rights；

Step S47, when being zero with operation result, the access request of terminal does not have access rights.

In the present embodiment, by step S44, the marker bit of authority resource to be visited is converted into into correspondence binary system sequence Row；Step S45, is carried out and fortune to the corresponding position information sequence in ordered arrangement system marks position in binary sequence and verification array Calculate；Step S46, for when being non-zero with operation result, the access request of terminal to have access rights；Step S47, when with computing When being as a result zero, the access request of terminal does not have access rights, due to due to determine be not required to store terminal authority resource and only The internal memory that the session for being thus able to reduce server takes accurately is verified by corresponding verification array need to be stored, and is treated Access the corresponding binary sequence of resource and verify the corresponding position information sequence in ordered arrangement system marks position in array carry out with Computing, does not compare character string, thus speed is fast, improves Consumer's Experience.

Further, on the basis of authority control method first embodiment of the present invention, the of authority control method is proposed Four embodiments, in the fourth embodiment, the authority control method includes：

Step S50, the authority number of resources of detecting system, when the authority number of resources of system is more than the presetting digit capacity for verifying array When, generate new verification array.

In the present embodiment, by step S50, the authority number of resources of detecting system, when the authority number of resources of system is more than During the presetting digit capacity of verification array, new verification array is generated.To guarantee that all of authority resource of terminal can have corresponding Verification array, does not result in and omits to affect the accuracy of the dope vector for generating terminal, and causes the session of server end The dope vector of the terminal of storage can not replace the authority information of the authority resource of terminal, so that the power of terminal need to be stored directly Limit resource to cause the increase of committed memory.

It should be noted that herein, term " including ", "comprising" or its any other variant are intended to non-row His property is included, so that a series of process, method, article or device including key elements not only include those key elements, and And also include other key elements being not expressly set out, or also include for this process, method, article or device institute inherently Key element.In the absence of more restrictions, the key element for being limited by sentence "including a ...", it is not excluded that including being somebody's turn to do Also there is other identical element in the process of key element, method, article or device.

The embodiments of the present invention are for illustration only, do not represent the quality of embodiment.

Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Based on such understanding, technical scheme is substantially done to prior art in other words Going out the part of contribution can be embodied in the form of software product, and the computer software product is stored in a storage medium In (such as ROM/RAM, magnetic disc, CD), including some instructions are used so that a station terminal equipment (can be mobile phone, computer takes Business device, air-conditioner, or network equipment etc.) perform method described in each embodiment of the invention.

The preferred embodiments of the present invention are these are only, the scope of the claims of the present invention is not thereby limited, it is every using this Equivalent structure or equivalent flow conversion that bright description and accompanying drawing content are made, or directly or indirectly it is used in other related skills Art field, is included within the scope of the present invention.

Claims

1. a kind of permission control device, it is characterised in that the permission control device includes：

Mark module, for upon power-up of the system, obtaining the authority resource of system, to each authority resource in system line position mark is entered Note, each is entered the corresponding positions of line position labelling as marker bit, each authority money in the information correspondence system at each marker bit The authority in source, using the information at each marker bit as system position information；

First acquisition module, for when detect terminal transmission for access rights resource access request when, obtain send The terminal iidentification of access request, and terminal authority resource counterpart terminal marker bit in systems and end are obtained according to terminal iidentification End position information；

Correction verification module, for according to the marker bit of authority resource to be visited, terminal position information, terminal label position, verifying terminal Whether access request has access rights.

2. permission control device as claimed in claim 1, it is characterised in that first acquisition module includes：

Authentication unit, for when the access request of access rights resource of terminal transmission is detected, verifying the identity letter of terminal Breath, obtains the authority resource of terminal after being proved to be successful；

3. permission control device as claimed in claim 1, it is characterised in that the correction verification module includes：

Forward direction value given unit, for by the terminal label position in ordered arrangement system marks position and terminal position information association, and Give terminal position information positive value；

Signal generating unit, as other marker bits, other labellings will be given for using the system marks position in addition to terminal label position The system position information of position is reversely worth, to generate verification array；

Verification unit, for according to the marker bit of authority resource to be visited and verification array, whether the access request of verification terminal There are access rights.

4. permission control device as claimed in claim 3, it is characterised in that forward direction value for binary digit computing true value, instead To the falsity that value is binary digit computing, the verification unit includes：

With computing subelement, for binary sequence and verification array in the corresponding position information sequence in ordered arrangement system marks position Row are carried out and computing；

5. permission control device as claimed in claim 1, it is characterised in that the permission control device also includes：

Generation module, for the authority number of resources of detecting system, when the authority number of resources of system is more than the default position for verifying array During number, new verification array is generated.

6. a kind of authority control method, it is characterised in that the authority control method includes：

Upon power-up of the system, the authority resource of system is obtained, line position labelling is entered to each authority resource in system, each is carried out , used as marker bit, the authority of each authority resource in the information correspondence system at each marker bit will be each for the corresponding positions of position labelling Information at individual marker bit is used as system position information；

When detect terminal transmission for access rights resource access request when, obtain send access request terminal mark Know, and terminal authority resource counterpart terminal marker bit in systems and terminal position information are obtained according to terminal iidentification；

Whether marker bit, terminal position information according to authority resource to be visited, terminal label position, verifying the access request of terminal has Access rights.

7. authority control method as claimed in claim 6, it is characterised in that it is described when detect terminal transmission for accessing During the access request of authority resource, the terminal iidentification for sending access request is obtained, and terminal is obtained in system according to terminal iidentification In authority resource counterpart terminal marker bit and terminal position information Step include：

When the access request of access rights resource of terminal transmission is detected, the identity information of terminal is verified, after being proved to be successful Obtain the authority resource of terminal；

8. authority control method as claimed in claim 6, it is characterised in that the labelling according to authority resource to be visited Position, terminal position information, terminal label position, verify the access request of terminal includes the step of whether having access rights：

By the terminal label position in ordered arrangement system marks position and terminal position information association, and it is positive to give terminal position information Value；

Using the system marks position in addition to terminal label position as other marker bits, the system position information of other marker bits will be given Reversely it is worth, to generate verification array；

Whether according to the marker bit and verification array of authority resource to be visited, verifying the access request of terminal has access rights.

9. authority control method as claimed in claim 8, it is characterised in that forward direction value for binary digit computing true value, instead To the falsity that value is binary digit computing, the marker bit according to authority resource to be visited and verification array, terminal is verified Whether access request has access rights step to include：

10. authority control method as claimed in claim 6, it is characterised in that the system by addition to terminal label position Marker bit is reversely worth the system position information for giving other marker bits as other marker bits, with generate verification array step it After include：