CN106657140A - Application authorization method and apparatus - Google Patents

Application authorization method and apparatus Download PDF

Info

Publication number
CN106657140A
CN106657140A CN201710035916.4A CN201710035916A CN106657140A CN 106657140 A CN106657140 A CN 106657140A CN 201710035916 A CN201710035916 A CN 201710035916A CN 106657140 A CN106657140 A CN 106657140A
Authority
CN
China
Prior art keywords
access token
user account
party
password
service provider
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710035916.4A
Other languages
Chinese (zh)
Other versions
CN106657140B (en
Inventor
刘铁俊
陈帅
张向阳
孟亚楠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xiaomi Mobile Software Co Ltd
Beijing Smartmi Technology Co Ltd
Original Assignee
Beijing Xiaomi Mobile Software Co Ltd
Beijing Smartmi Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Xiaomi Mobile Software Co Ltd, Beijing Smartmi Technology Co Ltd filed Critical Beijing Xiaomi Mobile Software Co Ltd
Priority to CN201710035916.4A priority Critical patent/CN106657140B/en
Publication of CN106657140A publication Critical patent/CN106657140A/en
Application granted granted Critical
Publication of CN106657140B publication Critical patent/CN106657140B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the invention relates to an application authorization method and apparatus, and belongs to the field of information security. The method comprises the following steps: acquiring a use account bound with a third party application, wherein the third party application is bound with the user account after being authorized by a user; and when a change of a password of the user account is detected, sending password change information to a third party server corresponding to the third party application, wherein the third party server is used for indicating the third party application to perform re-authorization according to the password change information. In the application authorization method and apparatus provided by the embodiment of the invention, when the password of the user account changes, the third party application cannot access the previous authorized information, thereby preventing the leakage of related information of the user account and improving the security of the user account bound with the third party application.

Description

Using authorization method and device
Technical field
It relates to information security field, more particularly to a kind of to apply authorization method and device.
Background technology
OAuth (Open Authorization, open to authorize) is used as a kind of open standard agreement, it is allowed to third-party application In the case where user authorizes, the information that user stores at service provider is accessed.
In the case where user authorizes, third-party application obtains the access token of service provider distribution, and using the visit Token is asked, corresponding information is obtained from service provider by third-party server.In order to avoid the offer of frequent access service Fang Zaocheng service providers access pressure is excessive, and third-party server delays to the information got from service provider Deposit, the application of subsequent third side directly can obtain corresponding information according to access token from third-party server.
However, within the period of validity of access token, even if user have modified the user's account registered at service provider Number password, third-party application is still able to that information is obtained from third-party server according to the access token that is previously assigned, from And bring the potential safety hazard of information leakage.
The content of the invention
The embodiment of the present disclosure provides one kind using authorization method and device, and technical scheme is as follows:
According to the first aspect of the embodiment of the present disclosure, there is provided one kind application authorization method, the method includes:
The user account with third-party application binding is obtained, third-party application is carried out after user's mandate with user account Binding;
When the password for detecting user account is changed, send close to the corresponding third-party server of third-party application Code modification information, third-party server is used to be indicated to re-start third-party application mandate according to password change information.
Optionally, the method, also includes:
Receive the registration request that third-party server sends, the third party that is stored with the default registration field of registration request clothes The callback interface of business device;
The first corresponding relation between third-party server and callback interface is stored;
When the password for detecting user account is changed, send close to the corresponding third-party server of third-party application Code modification information, including:
When the password for detecting user account is changed, third-party server correspondence is obtained according to the first corresponding relation Callback interface;
Password change information is sent to third-party server by callback interface.
Optionally, the method, also includes:
The detection request that third-party server sends is received, detection request includes the access order that third-party server is stored Board;
When detecting access token and being invalid, it is determined that the password of the corresponding user account of access token is changed, and The step of performing third-party server transmission password change information corresponding to third-party application.
Optionally, second for being stored with service provider servers between user account and the access token of distribution is corresponding Relation;
When the password for detecting user account is changed, send close to the corresponding third-party server of third-party application Code modification information, including:
When the password for detecting user account is changed, the corresponding visit of user account is obtained according to the second corresponding relation Ask token;
The password change information comprising access token is sent to third-party server, third-party server is used for according to password Modification information removes access token or at least one in the corresponding cache information of access token.
According to the second aspect of the embodiment of the present disclosure, there is provided one kind application authorization method, the method includes:
The password change information that service provider servers send is received, password change information is service provider servers What the password for detecting user account sent when changing, user account third-party application corresponding with third-party server is tied up It is fixed;
The access request that third-party application sends is received, access request includes the access that service provider servers distribute Token;
When password change information indicates that the password of the corresponding user account of access token is changed, indicate that third party should With re-starting mandate.
Optionally, the method, also includes:
Registration request is sent to service provider servers, be stored with the 3rd service in the default registration field of registration request The callback interface of device, service provider servers are used to carry out the first corresponding relation between the 3rd server and callback interface Storage;
The password change information that service provider servers send is received, including:
The password change information that service provider servers send is received by callback interface.
Optionally, the method, also includes:
Detection request is sent to service provider servers, detection request includes the access order that third-party server is stored Whether effectively board, service provider servers are used for test access token, and detect access token it is invalid when send password Modification information.
Optionally, password change information includes the corresponding access token of user account;
The method, also includes:
According at least one in password change erasing of information access token or the corresponding cache information of access token.
According to the third aspect of the embodiment of the present disclosure, there is provided one kind application authorization device, the device includes:
Acquisition module, is configured to obtain the user account with third-party application binding, and third-party application is awarded through user Bound with user account after power;
First sending module, when being configured as detecting the password of user account and changing, to third-party application pair The third-party server answered sends password change information, and third-party server is used to be indicated to third party according to password change information Using re-starting mandate.
Optionally, the device, also includes:
First receiver module, is configured to receive the registration request that third-party server sends, the default note of registration request Be stored with the callback interface of third-party server in volume field;
Memory module, is configured to store the first corresponding relation between third-party server and callback interface;
First sending module, including:
Acquisition submodule, when being configured as detecting the password of user account and changing, according to the first corresponding relation Obtain the corresponding callback interface of third-party server;
Sending submodule, is configured to callback interface and sends password change information to third-party server.
Optionally, the device, also includes:
Second receiver module, is configured to receive the detection request that third-party server sends, and detection request includes the The access token of tripartite's server storage;
First sending module, is additionally configured to, when detecting access token and being invalid, determine the corresponding user of access token The password of account is changed, and sends password change information to the corresponding third-party server of third-party application.
Optionally, second for being stored with service provider servers between user account and the access token of distribution is corresponding Relation;
First sending module, is additionally configured to:
When the password for detecting user account is changed, the corresponding visit of user account is obtained according to the second corresponding relation Ask token;
The password change information comprising access token is sent to third-party server, third-party server is used for according to password Modification information removes access token or at least one in the corresponding cache information of access token.
According to the fourth aspect of the embodiment of the present disclosure, there is provided one kind application authorization device, the device includes:
3rd receiver module, is configured to receive the password change information that service provider servers send, password change Information is that service provider servers are detected when the password of user account is changed and sent, and user account takes with third party The corresponding third-party application binding of business device;
4th receiver module, is configured to receive the access request that third-party application sends, and access request includes service The access token of provider's server-assignment;
Indicating module, is configured as password change information and indicates that the password of the corresponding user account of access token becomes When more, indicate that third-party application re-starts mandate.
Optionally, the device, also includes:
Second sending module, is configured to send registration request, the default note of registration request to service provider servers Be stored with the callback interface of the 3rd server in volume field, and service provider servers are used for the 3rd server and callback interface Between the first corresponding relation stored;
3rd receiver module, is configured to:
The password change information that service provider servers send is received by callback interface.
Optionally, the device, also includes:
3rd sending module, is configured to send detection request to service provider servers, and detection request includes the Whether effectively the access token of tripartite's server storage, service provider servers are used for test access token, and are detecting Password change information is sent when access token is invalid.
Optionally, password change information includes the corresponding access token of user account;
Device, also includes:
Module is removed, is configured to according to password change erasing of information access token or the corresponding cache information of access token In at least one.
According to the 5th aspect of the embodiment of the present disclosure, there is provided one kind application authorization device, the device includes:
Processor;
For storing the memory of processor executable;
Wherein, the processor is configured to:
The user account with third-party application binding is obtained, third-party application is carried out after user's mandate with user account Binding;
When the password for detecting user account is changed, send close to the corresponding third-party server of third-party application Code modification information, third-party server is used to be indicated to re-start third-party application mandate according to password change information.
According to the 6th aspect of the embodiment of the present disclosure, there is provided one kind application authorization device, the device includes:
Processor;
For storing the memory of processor executable;
Wherein, the processor is configured to:
The password change information that service provider servers send is received, password change information is service provider servers What the password for detecting user account sent when changing, user account third-party application corresponding with third-party server is tied up It is fixed;
The access request that third-party application sends is received, access request includes the access that service provider servers distribute Token;
When password change information indicates that the password of the corresponding user account of access token is changed, indicate that third party should With re-starting mandate.
The technical scheme that the embodiment of the present disclosure is provided can include following beneficial effect:
Whether service provider servers are changed by detection with the password of the user account of third-party application binding, And when the password for detecting user account is changed, to the corresponding third-party server of third-party application password change is sent Indicate, during the access request sent so as to the subsequently received third-party application of third-party server, instruction user should to third party With authorizing again so that after user account password change, third-party application cannot conduct interviews according to previous authorization message, from And the leakage of user account relevant information is avoided, improve the security with the user account of third-party application binding.
It should be appreciated that the general description of the above and detailed description hereinafter are only exemplary and explanatory, not The disclosure can be limited.
Description of the drawings
Accompanying drawing herein is merged in specification and constitutes the part of this specification, shows the enforcement for meeting the disclosure Example, and be used to explain the principle of the disclosure together with specification.
Fig. 1 is the schematic diagram of the implementation environment according to the exemplary embodiment of the disclosure one;
Fig. 2 is the method flow diagram of the application authorization method according to the exemplary embodiment of the disclosure one;
Fig. 3 is the method flow diagram of the application authorization method for implementing to exemplify according to disclosure another exemplary;
Fig. 4 is the method flow diagram of the application authorization method according to the another exemplary embodiment of the disclosure;
Fig. 5 is the block diagram of the application authorization device according to the exemplary embodiment of the disclosure one;
Fig. 6 is the block diagram of the application authorization device according to the exemplary embodiment of the disclosure one;
Fig. 7 is a kind of block diagram of the application authorization device according to an exemplary embodiment.
Specific embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Explained below is related to During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the disclosure.Conversely, they be only with it is such as appended The example of the consistent apparatus and method of some aspects described in detail in claims, the disclosure.
The storage program that can realize some functions in memory or instruction are referred in " module " being mentioned above; " multiple " mentioned in this article refer to two or more."and/or", describes the incidence relation of affiliated partner, and expression can be with There are three kinds of relations, for example, A and/or B can be represented:Individualism A, while there is A and B, individualism B these three feelings Condition.Character "/" typicallys represent forward-backward correlation pair as if a kind of relation of "or".
Fig. 1 is the schematic diagram of the implementation environment according to the exemplary embodiment of the disclosure one.The implementation environment includes User terminal 110, third-party server 120 and service provider servers 130.
User terminal 110 is the electronic equipment that operation has third-party application, and the third-party application is third party's web application Or third party application (Mobile solution), the electronic equipment can be smart mobile phone, panel computer, convenient computer on knee Or desktop computer etc..Wherein, the third-party application supports OAuth agreements, i.e. user in service provider servers 130 After register user account, third-party application can be bound with the user account, and authorize third-party application to access user The information stored at service provider servers 130.In a kind of possible embodiment, third-party application is authorized through user Afterwards, service provider servers 130 are that third-party application distributes an access token, and third-party application is i.e. according to the access token Corresponding information is obtained from service provider servers 130.
It is connected by wired or wireless network between user terminal 110 and third-party server 120.
Third-party server 120 is the background server of third-party application in user terminal 110, and the third-party server 120 in advance in the registration OAuth services of service provider servers 130 so that third-party application can under user's authorization conditions, Can be bound with the user account of registration in service provider servers 130.It is through the third-party application of user's mandate The relevant information of user bound account is obtained from service provider servers 130 by third-party server 120.
Optionally, after user's mandate, service provider servers 130 are i.e. to third-party server for third-party application 120 access tokens for sending distribution, 120 pairs of access tokens of third-party server are replicated, and a copy of it is stored in locally, Another is then sent to third-party application.Third-party application is by third-party server 120 from service provider servers 130 During acquisition information, third-party server 120 is anti-to the corresponding access token of third-party application and service provider servers 130 The information of feedback is associated storage, and subsequent third side is applied when obtaining information according to access token, and third-party server 120 is direct The corresponding cache information of the access token is fed back into third-party application, and is no longer needed from service provider servers 130 Obtain.
It is connected by wired or wireless network between third-party server 120 and service provider servers 130.
Service provider servers 130 are to provide the server of OAuth services.Service provider servers 130 are one Server, some server groups into server cluster or cloud computing center.
Optionally, the service provider servers 130 include authorization server and information storage server.Authorization server For in user's authorization stages, being the third-party application distribution access token for authorizing according to user account, wherein, for same the Tripartite applies, and is that the access token of different user account distribution is different, is different third-party applications point for same user account The access token matched somebody with somebody is different;Information storage server is then used in information acquisition phase, according to the access that third-party application sends Token, to third-party application the relevant information of correspondence user account is provided.
When the OAuth provided using service provider servers 130 is serviced, third-party application can be with user in advance in clothes The user account registered at business provider server 130 is bound, and in the case where user account and password need not be known, The relevant information of user bound account is obtained according to the access token of the distribution of service provider servers 130.
Service provider servers are used for the application authorization method of service provider servers side in the embodiment of the present disclosure 130, schematically illustrated so that the application authorization method of third-party server side is used for third-party server 120 as an example.
Fig. 2 is the method flow diagram of the application authorization method according to the exemplary embodiment of the disclosure one.The present embodiment It is used to be illustrated as a example by implementation environment shown in Fig. 1 using authorization method by this.The method may include steps of.
In step 201, service provider servers obtain the user account with third-party application binding, third-party application Bound with user account after user authorizes.
User completes after account registration at service provider servers, user of the service provider servers i.e. to registering Account is stored.When user using third-party application and ask with the user account bound when, service provider service Device is stored to user account with the binding relationship of third-party application, wherein, same user account can simultaneously bind multiple Third-party application.
Such as, the service provider servers are the background server of instant messaging application program, and user is in the service Instant messaging account (user account) is have registered at provider's server, when clothes are supported in shopping class application program (third-party application) When the OAuth that business provider server is provided is serviced, user can authorize the shopping class application program to tie up with instant messaging account It is fixed, wherein, user by being input into user account and password in the mandate interface that provides in service provider servers, and by servicing After provider's server verifies the information of user input, complete to authorize and binding procedure.
Schematically, the binding relationship of user account and third-party application is as shown in Table 1.
Table one
User account Third-party application
Zhangsan Third-party application A, third-party application B
Lisi Third-party application B, third-party application C
Wangwu Third-party application A, third-party application C
Service provider servers safeguard that the user account of third-party application is bound in acquisition to each user account, And further by following step 202 detect the user account password whether change.
In step 202., when the password for detecting user account is changed, service provider servers are to third party Password change information is sent using corresponding third-party server.
Optionally, service provider servers are got after the user account of binding third-party application, detect such user Whether the password of account changes.When the password for detecting user account is changed, the user account binding is determined Third-party application not existence information disclosure risk;When the password for detecting user account is changed, it is determined that with the user There is the risk for revealing user profile, and execution step 202 in the third-party application of account binding.
It should be noted that in other possible embodiments, service provider servers can also detect use When the password of family account is changed, further detect that whether the user account is bound, and detecting use with third-party application When family account is bound with third-party application, execution step 202, the embodiment of the present disclosure is not defined to this.
When the password for detecting user account is changed, and the user account is when having bound third party application, clothes Business provider server sends password change to the corresponding third-party server of (with user account binding) third-party application Information.
Optionally, it is previously stored with service provider servers corresponding between user account and the access token of distribution Relation, when user account generation password change is detected, service provider servers search correspondence i.e. from the corresponding relation Access token, and the access token for just finding is added in password change information.Schematically, access token and user Corresponding relation between account is as shown in Table 2.
Table two
User account Access token
Zhangsan Access Token A、Access Token B
Lisi Access Token C、Access Token D
Wangwu Access Token E、Access Token F
Wherein, the quantity phase of the third-party application that the quantity of user account correspondence access token is bound with the user account Together.Such as, as shown in Table 2, user account " Zhangsan " correspondence access token " Access Token A " and " Access Token B ", represent the user account and two third-party application bindings.
It should be noted that when multiple access tokens are got according to user account, service provider servers enter one Step determines each self-corresponding third-party application of each access token, and the password change information for carrying access token is sent to it is right The third-party server (correspondence third-party application) answered.
Accordingly, due to each access token for the service provider servers distribution that is stored with third-party server, because This, when password change information is received, third-party server can determine according to password change information needs which is visited Ask that token and corresponding cache information are processed.
It should be noted that when service provider servers detect user account generation password change, by user's account Number corresponding all access tokens are purged, and in subsequent process, third-party application will be unable to according to the access order being previously assigned Board obtains the relevant information of relative users account, so as to avoid information leakage.
In step 203, third-party server receives the password change information that service provider servers send.
In a kind of possible embodiment, be stored with access token and according to the access token in third-party server The information cached from service provider servers.Order is accessed when including in the password change information that third-party server gets During board, will the access token and/or the corresponding cache information of the access token be purged.Schematically, access token with The corresponding relation of access token correspondence cache information is as shown in Table 3.
Table three
Access token Cache information
Access Token A Cache information A
Access Token B Cache information B
Access Token C Cache information C
Such as, when the password change information for receiving includes access token " Access Token A ", third party's clothes Business device removes " Access Token A " and corresponding cache information A.In subsequent process, third-party application will be unable to basis " Access Token A " obtains corresponding cache information A, so as to avoid information leakage.
In step 204, third-party server receives the access request that third-party application sends, and access request includes clothes The access token of business provider's server-assignment.
After user authorizes, third-party application i.e. according to the access token of service provider servers distribution, by the Tripartite's server obtains corresponding information from service provider servers.
In a kind of possible embodiment, third-party application sends the visit for carrying access token to third-party server Request is asked, accordingly, third-party server receives the access request that third-party application sends.
In step 205, when password change information indicates that the password of the corresponding user account of the access token is changed When, third-party server indicates that third-party application re-starts mandate.
Further, third-party server obtains the access token included in access request, and detects whether to receive pin Password change information to the access token.If being not received for the password change information of the access token, it is determined that the visit Ask that the corresponding user account of token does not occur password change, corresponding cache information is obtained according to the access token, or according to this Access token obtains corresponding information from service provider servers, and by the feedback of the information for getting to third-party application;If Receive the password change information for the access token, it is determined that the corresponding user account of the access token occurs password and becomes More, in order to avoid user account information leakage, third-party server indicates that the third-party application for sending the access request enters again Row is authorized.
In a kind of possible embodiment, third-party server to third-party application sends authorized order again, indicates It is currently in use the user of third-party application to be authorized according to the password after user account and renewal again.
It should be noted that the mode authorized again to third-party application is with reference to existing OAuth agreements, the present embodiment Will not be described here.
In sum, in the present embodiment, user's account that service provider servers are bound by detection with third-party application Number password whether change, and when the password for detecting user account is changed, to third-party application corresponding Tripartite's server sends password change and indicates, so as to the access request that the subsequently received third-party application of third-party server sends When, instruction user is authorized again to third-party application so that after user account password change, and third-party application cannot be according to previous Authorization message conduct interviews, so as to avoid the leakage of user account relevant information, improve with third-party application binding use The security of family account.
In actual application, when third-party server registers OAuth services at service provider servers, to clothes Business provider server provides extra callback interface;In subsequent process, when service provider servers detect binding the 3rd When the user account of Fang Yingyong occurs password change, i.e., password change letter is sent to third-party server by the callback interface Breath, indicates that corresponding third-party application re-starts mandate by third-party server according to the password change information.Adopt below Schematically embodiment is illustrated.
Fig. 3 is the method flow diagram of the application authorization method for implementing to exemplify according to disclosure another exemplary.This enforcement Example is used to be illustrated as a example by implementation environment shown in Fig. 1 by this using authorization method.The method may include steps of.
In step 301, third-party server sends registration request to service provider servers, registration request it is default Register the callback interface of the 3rd server that is stored with field.
When third-party server needs the OAuth services for using service provider servers, need to provide in service in advance Registered at square server.In correlation technique, when third-party server is registered, it is desirable to provide the mark of third-party server Know and Redirect Address (redirect_uri).After completing registration, when service provider servers receive user letter is authorized During breath (user account filled in comprising user and password), service provider servers are i.e. according to the third-party application for initiating to authorize Corresponding Redirect Address, returns authorization code (Authorization Code), so as to third party's service to third-party server Device exchanges access token for from service provider servers according to the authorization code.
And in the embodiment of the present invention, third-party server sends in registration request to service provider servers and increased volume Outer default registration field, the default registration field is used to store the callback interface of third-party server, and the callback interface is used In the password change information for receiving service provider servers transmission.
In a kind of possible embodiment, password_ is included in the registration request that third-party server sends Notify_uri fields, the field is used to store callback interface with character string forms, such as, the callback interface is http:// www.example.com/password_notify。
In step 302, service provider servers receive the registration request that third-party server sends.
Accordingly, the callback interface is extracted in the default registration field of service provider servers registration request.
In step 303, service provider servers are closed to the first correspondence between third-party server and callback interface System is stored.
Service provider servers are closed to the corresponding relation between the callback interface that extracts and third-party server Connection storage, schematically, the corresponding relation between callback interface and third-party server is as shown in Table 4.
Table four
Third-party server Callback interface
Server001 http://www.A.com/password_notify
Server002 http://www.B.com/password_notify
Server003 http://www.C.com/password_notify
In step 304, service provider servers obtain the user account with third-party application binding, third-party application Bound with user account after user authorizes.
The embodiment of above-mentioned steps 304 is similar to the embodiment of step 201, and the present embodiment will not be described here.
In step 305, when the password for detecting user account is changed, service provider servers are according to first Corresponding relation obtains the corresponding callback interface of third-party server.
When the password for detecting the user account for binding third-party application is changed, service provider servers are from table In corresponding relation shown in four, callback interface corresponding with third-party server is obtained.
Such as, service provider servers detect user account Zhangsan generation password changes, and the user account Binding is by third-party application A (correspondence third-party server Server001) and third-party application B (correspondence third-party server When Server002), corresponding callback interface is obtained in corresponding relation shown in service provider servers from table four, got Callback interface is respectively http://www.A.com/password_notify and http://www.B.com/password_ notify。
Within step 306, service provider servers send password change letter by callback interface to third-party server Breath, the password change information includes access token.
Further, service provider servers send to carry to corresponding third-party server and access by callback interface The password change information of token, indicates that third-party server is authorized to the corresponding third-party application of access token again.
In step 307, third-party server receives the password change that service provider servers send by callback interface More information.
Accordingly, third-party server receives the password change letter that service provider servers send by callback interface Breath.
In step 308, third-party server is according to password change erasing of information access token or the access token correspondence Cache information at least one.
Third-party server is received after password change information, obtains the access token included in password change information, and From the access token that prestores (as shown in Table 3), the access token and/or the corresponding cache information of the access token are carried out clearly Remove.
In a step 309, third-party server receives the access request that third-party application sends, and access request includes clothes The access token of business provider's server-assignment.
In the step 310, when password change information indicates that the password of the corresponding user account of the access token is changed When, third-party server indicates that third-party application re-starts mandate.
The embodiment of this step is similar to above-mentioned steps 206, and the present embodiment will not be described here.
In the present embodiment, third-party server to service provider servers by registration OAuth service stages, providing Receive the callback interface of password change information so that service provider servers when detecting user account and changing, energy Enough third-party server is notified in time by the callback interface, so that third-party server is to the corresponding access of relative users account Token is purged, it is to avoid third-party application obtains the information cached at third-party server according to previous access token, from And improve the security of user profile.
In another embodiment, third-party server is obtained by way of poll from service provider servers The password change situation of user account, and according to the feedback result of service provider servers, to the user that password change occurs The corresponding access token of account is processed.Illustrated using schematic embodiment below
Fig. 4 is the method flow diagram of the application authorization method according to the another exemplary embodiment of the disclosure.This enforcement Example is used to be illustrated as a example by implementation environment shown in Fig. 1 by this using authorization method.The method may include steps of.
In step 401, third-party server sends detection request to service provider servers, and detection request includes The access token of third-party server storage.
In a kind of possible embodiment, third-party server locally stored each of interval acquiring at predetermined time intervals Access token, and the detection request for carrying the access token is sent to service provider servers.Such as, the predetermined time interval For 1 hour.
In step 402, service provider servers receive the detection request that third-party server sends.
Accordingly, service provider servers receive the detection request, and extract each visit included in the detection request Ask token.
Further, whether the access token for including in service provider servers detection detection request is effective.
Because user account occurs after password change, service provider servers can will be originally the user account distribution Access token is deleted, therefore, in a kind of possible embodiment, service provider servers receive third party's service After the detection request that device sends, it is retrieved as being wrapped in effective access token of the third-party server distribution, and detection request Effective access token of each access token for containing with the presence or absence of matching.
If effective access token of the access token comprising matching included in detection request, it is determined that access token is effective; If the access token included in detection request is not comprising effective access token of matching, it is determined that access token is invalid.
Such as, service provider servers extract the access token included in detection request and are respectively:Access Token A, Access Token B, Access Token C and Access Token D, and distribute for third-party server Effectively access token is respectively:Access Token B, Access Token C and Access Token D, it is determined that Access Token A are invalid access token.
In step 403, when detecting access token and being invalid, service provider servers determine the access token correspondence The password of user account change, send password change information to third-party server.
For the ineffective access token for detecting.Service provider servers send password change information by way of to Third-party server is fed back, wherein, comprising the invalid access token for detecting in the password change information.
In step 404, third-party server receives the password change information that service provider servers send.
Accordingly, third-party server extracts ineffective access token from the password change information for receiving.
In step 405, third-party server is according to password change erasing of information ineffective access token or the ineffective access At least one in the corresponding cache information of token.
Further, third-party server enters to ineffective access token and/or the corresponding cache information of ineffective access token Row is removed, it is to avoid subsequent third side's application program obtains respective cache information from third-party server according to ineffective access token And cause information leakage.
Optionally, third-party server sends access token and eliminates and refers to the corresponding third-party application of ineffective access token Order, indicates that third-party application is purged to the ineffective access token for storing.
In a step 406, third-party server receives the access request that third-party application sends, and access request includes clothes The access token of business provider's server-assignment.
In step 407, when password change information indicates that the password of the corresponding user account of the access token is changed When, third-party server indicates that third-party application re-starts mandate.
The embodiment of above-mentioned steps 406 to 407 is similar to the embodiment of step 204 to 205, and the present embodiment here is not Repeat again.
In the present embodiment, third-party server finds locally stored ineffective access token by way of active poll, And ineffective access token and corresponding cache information are deleted, when there is password change so as to avoid user account, the 3rd Fang Yingyong obtains the information cached at third-party server according to previous access token, improves the security of user profile; And third-party server need not arrange extra callback interface, the difficulty of scheme realization is reduced.
It should be noted that in above-mentioned each embodiment, can be single the step of with service provider servers as executive agent The application authorization method of service provider servers side is solely implemented as, can be single the step of with third-party server as executive agent The application authorization method of third-party server side is solely implemented as, the present embodiment will not be described here.
It is following for disclosure device embodiment, can be used for performing method of disclosure embodiment.For disclosure device reality The details not disclosed in example is applied, method of disclosure embodiment is refer to.
Fig. 5 is the block diagram of the application authorization device according to the exemplary embodiment of the disclosure one.This applies authorization device All or part of of service provider servers 130 shown in Fig. 1 can be implemented as by hardware or software and hardware combining.Should Include using authorization device:
Acquisition module 510, is configured to obtain the user account with third-party application binding, and third-party application is through user Bound with user account after mandate;
First sending module 520, when being configured as detecting the password of user account and changing, to third-party application Corresponding third-party server sends password change information, and third-party server is used to be indicated to the 3rd according to password change information Fang Yingyong re-starts mandate.
Optionally, the device, also includes:
First receiver module 530, is configured to receive the registration request that third-party server sends, registration request it is default Register the callback interface of the third-party server that is stored with field;
Memory module 540, is configured to deposit the first corresponding relation between third-party server and callback interface Storage;
First sending module 520, including:
Acquisition submodule 521, when being configured as detecting the password of user account and changing, closes according to the first correspondence System obtains the corresponding callback interface of third-party server;
Sending submodule 522, is configured to callback interface and sends password change information to third-party server.
Optionally, the device, also includes:
Second receiver module 550, is configured to receive the detection request that third-party server sends, and detection request includes The access token of third-party server storage;
First sending module 520, is additionally configured to, when detecting access token and being invalid, determine the corresponding use of access token The password of family account is changed, and sends password change information to the corresponding third-party server of third-party application.
Optionally, second for being stored with service provider servers between user account and the access token of distribution is corresponding Relation;
First sending module 520, is additionally configured to:
When the password for detecting user account is changed, the corresponding visit of user account is obtained according to the second corresponding relation Ask token;
The password change information comprising access token is sent to third-party server, third-party server is used for according to password Modification information removes access token or at least one in the corresponding cache information of access token.
In sum, in the present embodiment, user's account that service provider servers are bound by detection with third-party application Number password whether change, and when the password for detecting user account is changed, to third-party application corresponding Tripartite's server sends password change and indicates, so as to the access request that the subsequently received third-party application of third-party server sends When, instruction user is authorized again to third-party application so that after user account password change, and third-party application cannot be according to previous Authorization message conduct interviews, so as to avoid the leakage of user account relevant information, improve with third-party application binding use The security of family account.
In the present embodiment, third-party server to service provider servers by registration OAuth service stages, providing Receive the callback interface of password change information so that service provider servers when detecting user account and changing, energy Enough third-party server is notified in time by the callback interface, so that third-party server is to the corresponding access of relative users account Token is purged, it is to avoid third-party application obtains the information cached at third-party server according to previous access token, from And improve the security of user profile.
In the present embodiment, third-party server finds locally stored ineffective access token by way of active poll, And ineffective access token and corresponding cache information are deleted, when there is password change so as to avoid user account, the 3rd Fang Yingyong obtains the information cached at third-party server according to previous access token, improves the security of user profile; And third-party server need not arrange extra callback interface, the difficulty of scheme realization is reduced.
Fig. 6 is the block diagram of the application authorization device according to the exemplary embodiment of the disclosure one.This applies authorization device All or part of of third-party server 120 shown in Fig. 1 can be implemented as by hardware or software and hardware combining.The application Authorization device includes:
3rd receiver module 610, is configured to receive the password change information that service provider servers send, and password becomes More information is that service provider servers are detected when the password of user account is changed and sent, user account and third party The corresponding third-party application binding of server;
4th receiver module 620, is configured to receive the access request that third-party application sends, and access request includes clothes The access token of business provider's server-assignment;
Indicating module 630, is configured as password change information and indicates that the password of the corresponding user account of access token is sent out When changing more, indicate that third-party application re-starts mandate.
Optionally, the device, also includes:
Second sending module 640, is configured to send registration request to service provider servers, registration request it is default The callback interface of the 3rd server that is stored with field is registered, service provider servers are used to connect the 3rd server and readjustment The first corresponding relation between mouthful is stored;
3rd receiver module 610, is configured to:The password change that service provider servers send is received by callback interface More information.
Optionally, the device, also includes:
3rd sending module 650, is configured to send detection request to service provider servers, and detection request includes Whether effectively the access token of third-party server storage, service provider servers are used for test access token, and in detection Password change information is sent when token valid is accessed.
Optionally, password change information includes the corresponding access token of user account;
The device, also includes:
Module 660 is removed, is configured to according to password change erasing of information access token or the corresponding caching of access token At least one in information.
In sum, in the present embodiment, user's account that service provider servers are bound by detection with third-party application Number password whether change, and when the password for detecting user account is changed, to third-party application corresponding Tripartite's server sends password change and indicates, so as to the access request that the subsequently received third-party application of third-party server sends When, instruction user is authorized again to third-party application so that after user account password change, and third-party application cannot be according to previous Authorization message conduct interviews, so as to avoid the leakage of user account relevant information, improve with third-party application binding use The security of family account.
In the present embodiment, third-party server to service provider servers by registration OAuth service stages, providing Receive the callback interface of password change information so that service provider servers when detecting user account and changing, energy Enough third-party server is notified in time by the callback interface, so that third-party server is to the corresponding access of relative users account Token is purged, it is to avoid third-party application obtains the information cached at third-party server according to previous access token, from And improve the security of user profile.
In the present embodiment, third-party server finds locally stored ineffective access token by way of active poll, And ineffective access token and corresponding cache information are deleted, when there is password change so as to avoid user account, the 3rd Fang Yingyong obtains the information cached at third-party server according to previous access token, improves the security of user profile; And third-party server need not arrange extra callback interface, the difficulty of scheme realization is reduced.
With regard to the device in above-described embodiment, wherein modules perform the concrete mode of operation in relevant the method Embodiment in be described in detail, explanation will be not set forth in detail herein.
Fig. 7 is a kind of block diagram of the application authorization device according to an exemplary embodiment.This applies authorization device 700 The third-party server 120 or service provider servers 130 being capable of achieving shown in Fig. 1.With reference to Fig. 7, using authorization device 700 Including process assembly 722, it further includes one or more processors, and the memory money by representated by memory 732 Source, for storing the instruction that can be performed by processing component 722, such as application program.The application program stored in memory 732 can With including it is one or more each corresponding to one group of instruction module.Additionally, process assembly 722 is configured to perform Instruction, to perform the application authorization method of above-mentioned third-party server side or service provider servers side.
Can also include that a power supply module 726 is configured to perform using authorization device 700 using authorization device 700 Power management, a wired or wireless network interface 750 is configured to that network, and one will be connected to using authorization device 700 Input and output (I/O) interface 758.Can operate based on the operating system for being stored in memory 732, example using authorization device 700 Such as Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM or similar.
Those skilled in the art will readily occur to its of the disclosure after considering specification and putting into practice invention disclosed herein Its embodiment.The application is intended to any modification, purposes or the adaptations of the disclosure, these modifications, purposes or Person's adaptations follow the general principle of the disclosure and including the undocumented common knowledge in the art of the disclosure Or conventional techniques.Description and embodiments are considered only as exemplary, and the true scope of the disclosure and spirit are by following Claim is pointed out.
It should be appreciated that the disclosure is not limited to the precision architecture for being described above and being shown in the drawings, and And can without departing from the scope carry out various modifications and changes.The scope of the present disclosure is only limited by appended claim.

Claims (18)

1. one kind application authorization method, it is characterised in that for service provider servers, methods described includes:
Obtain with third-party application binding user account, the third-party application through user mandate after with the user account Bound;
When the password for detecting the user account is changed, send out to the corresponding third-party server of the third-party application Password change information, the third-party server is sent to be used to be indicated to the third-party application weight according to the password change information Newly authorized.
2. method according to claim 1, it is characterised in that methods described, also includes:
The registration request that the third-party server sends is received, is stored with the default registration field of the registration request described The callback interface of third-party server;
The first corresponding relation between the third-party server and the callback interface is stored;
It is described when the password for detecting the user account is changed, to the corresponding third party's service of the third-party application Device sends password change information, including:
When the password for detecting the user account is changed, third party's clothes are obtained according to first corresponding relation The corresponding callback interface of business device;
The password change information is sent to the third-party server by the callback interface.
3. method according to claim 1, it is characterised in that methods described, also includes:
The detection request that the third-party server sends is received, the detection request includes the third-party server storage Access token;
When detecting the access token and being invalid, the password for determining the corresponding user account of the access token becomes More, and perform it is described to the corresponding third-party server of the third-party application send password change information the step of.
4. according to the arbitrary described method of claims 1 to 3, it is characterised in that be stored with the service provider servers The second corresponding relation between user account and the access token of distribution;
It is described when the password for detecting the user account is changed, then to the third-party application corresponding third party clothes Business device sends password change information, including:
When the password for detecting the user account is changed, the user account is obtained according to second corresponding relation The corresponding access token;
The password change information comprising the access token, the third-party server are sent to the third-party server For in the access token according to the password change erasing of information or the corresponding cache information of the access token at least It is a kind of.
5. one kind application authorization method, it is characterised in that for third-party server, methods described includes:
The password change information that service provider servers send is received, the password change information is the service provider clothes Business device detects what is sent when the password of user account is changed, the user account the corresponding with third-party server the 3rd Fang Yingyong binds;
The access request that third-party application sends is received, the access request includes the service provider servers distribution Access token;
When the password change information indicates that the password of the corresponding user account of the access token is changed, indicate described Third-party application re-starts mandate.
6. method according to claim 5, it is characterised in that methods described, also includes:
Registration request is sent to the service provider servers, is stored with the default registration field of the registration request described The callback interface of the 3rd server, the service provider servers are used between the 3rd server and the callback interface First corresponding relation is stored;
It is described to receive the password change information that service provider servers send, including:
The password change information that the service provider servers send is received by the callback interface.
7. method according to claim 5, it is characterised in that methods described, also includes:
Detection request is sent to the service provider servers, the detection request includes the third-party server storage Access token, whether effectively the service provider servers are used to detect the access token, and are detecting the visit The password change information is sent when asking token valid.
8. according to the arbitrary described method of claim 5 to 7, it is characterised in that the password change information includes the use The corresponding access token of family account;
Methods described, also includes:
In access token or the corresponding cache information of the access token according to the password change erasing of information at least It is a kind of.
9. one kind application authorization device, it is characterised in that for service provider servers, described device includes:
Acquisition module, is configured to obtain the user account with third-party application binding, and the third-party application is awarded through user User account is bound described in Quan Houyu;
First sending module, when being configured as detecting the password of the user account and changing, should to the third party Password change information is sent with corresponding third-party server, the third-party server is used for according to the password change information Instruction re-starts mandate to the third-party application.
10. device according to claim 9, it is characterised in that described device, also includes:
First receiver module, is configured to receive the registration request that the third-party server sends, the registration request it is pre- If the callback interface of the third-party server that is stored with registration field;
Memory module, is configured to deposit the first corresponding relation between the third-party server and the callback interface Storage;
First sending module, including:
Acquisition submodule, when being configured as detecting the password of the user account and changing, according to first correspondence The corresponding callback interface of third-party server described in Relation acquisition;
Sending submodule, is configured to the callback interface and sends the password change letter to the third-party server Breath.
11. devices according to claim 9, it is characterised in that described device, also include:
Second receiver module, is configured to receive the detection request that the third-party server sends, and wraps in the detection request Include the access token of the third-party server storage;
First sending module, is additionally configured to, when detecting the access token and being invalid, determine the access token pair The password of the user account answered is changed, and sends described close to the corresponding third-party server of the third-party application Code modification information.
12. according to the arbitrary described device of claim 9 to 11, it is characterised in that store in the service provider servers There is the second corresponding relation between user account and the access token of distribution;
First sending module, is additionally configured to:
When the password for detecting the user account is changed, the user account is obtained according to second corresponding relation The corresponding access token;
The password change information comprising the access token, the third-party server are sent to the third-party server For in the access token according to the password change erasing of information or the corresponding cache information of the access token at least It is a kind of.
13. one kind application authorization devices, it is characterised in that for third-party server, described device includes:
3rd receiver module, is configured to receive the password change information that service provider servers send, the password change Information is that the service provider servers are detected when the password of user account is changed and sent, the user account with The corresponding third-party application binding of third-party server;
4th receiver module, is configured to receive the access request that third-party application sends, and the access request includes described The access token of service provider servers distribution;
Indicating module, is configured as the password change information and indicates that the password of the corresponding user account of the access token is sent out When changing more, indicate that the third-party application re-starts mandate.
14. devices according to claim 13, it is characterised in that described device, also include:
Second sending module, be configured to the service provider servers send registration request, the registration request it is pre- If the callback interface of the 3rd server that is stored with registration field, the service provider servers are used to service the 3rd The first corresponding relation between device and the callback interface is stored;
3rd receiver module, is configured to:
The password change information that the service provider servers send is received by the callback interface.
15. devices according to claim 13, it is characterised in that described device, also include:
3rd sending module, is configured to send detection request to the service provider servers, wraps in the detection request The access token of the third-party server storage is included, the service provider servers are used for whether detecting the access token Effectively, and detect the access token it is invalid when send the password change information.
16. according to the arbitrary described device of claim 13 to 15, it is characterised in that the password change information includes described The corresponding access token of user account;
Described device, also includes:
Module is removed, access token or the access token according to the password change erasing of information is configured to corresponding At least one in cache information.
17. one kind application authorization devices, it is characterised in that described device includes:
Processor;
For storing the memory of processor executable;
Wherein, the processor is configured to:
Obtain with third-party application binding user account, the third-party application through user mandate after with the user account Bound;
When the password for detecting the user account is changed, send out to the corresponding third-party server of the third-party application Password change information, the third-party server is sent to be used to be indicated to the third-party application weight according to the password change information Newly authorized.
18. one kind application authorization devices, it is characterised in that described device includes:
Processor;
For storing the memory of processor executable;
Wherein, the processor is configured to:
The password change information that service provider servers send is received, the password change information is the service provider clothes Business device detects what is sent when the password of user account is changed, the user account the corresponding with third-party server the 3rd Fang Yingyong binds;
The access request that third-party application sends is received, the access request includes the service provider servers distribution Access token;
When the password change information indicates that the password of the corresponding user account of the access token is changed, indicate described Third-party application re-starts mandate.
CN201710035916.4A 2017-01-18 2017-01-18 Application authorization method and device Active CN106657140B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710035916.4A CN106657140B (en) 2017-01-18 2017-01-18 Application authorization method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710035916.4A CN106657140B (en) 2017-01-18 2017-01-18 Application authorization method and device

Publications (2)

Publication Number Publication Date
CN106657140A true CN106657140A (en) 2017-05-10
CN106657140B CN106657140B (en) 2020-02-28

Family

ID=58840765

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710035916.4A Active CN106657140B (en) 2017-01-18 2017-01-18 Application authorization method and device

Country Status (1)

Country Link
CN (1) CN106657140B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107920060A (en) * 2017-10-11 2018-04-17 北京京东尚科信息技术有限公司 Data access method and device based on account
CN110121873A (en) * 2017-10-23 2019-08-13 华为技术有限公司 A kind of access token management method, terminal and server
WO2020057209A1 (en) * 2018-09-21 2020-03-26 腾讯科技(深圳)有限公司 Information display method, apparatus and device for virtual objects and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013186070A1 (en) * 2012-06-12 2013-12-19 Telefonica, S.A. A method and a system for providing access to protected resources via an oauth protocol
CN104350501A (en) * 2012-05-25 2015-02-11 佳能株式会社 Authorization server and client apparatus, server cooperative system, and token management method
CN104426843A (en) * 2013-08-21 2015-03-18 北大方正集团有限公司 Micro blog account automatic authorization method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104350501A (en) * 2012-05-25 2015-02-11 佳能株式会社 Authorization server and client apparatus, server cooperative system, and token management method
WO2013186070A1 (en) * 2012-06-12 2013-12-19 Telefonica, S.A. A method and a system for providing access to protected resources via an oauth protocol
CN104426843A (en) * 2013-08-21 2015-03-18 北大方正集团有限公司 Micro blog account automatic authorization method and device

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107920060A (en) * 2017-10-11 2018-04-17 北京京东尚科信息技术有限公司 Data access method and device based on account
CN107920060B (en) * 2017-10-11 2020-06-05 北京京东尚科信息技术有限公司 Data access method and device based on account
CN110121873A (en) * 2017-10-23 2019-08-13 华为技术有限公司 A kind of access token management method, terminal and server
CN110121873B (en) * 2017-10-23 2021-06-01 华为技术有限公司 Access token management method, terminal and server
US11736292B2 (en) 2017-10-23 2023-08-22 Huawei Technologies Co., Ltd. Access token management method, terminal, and server
WO2020057209A1 (en) * 2018-09-21 2020-03-26 腾讯科技(深圳)有限公司 Information display method, apparatus and device for virtual objects and storage medium
US11498000B2 (en) 2018-09-21 2022-11-15 Tencent Technology (Shenzhen) Company Limited Information display method and apparatus for virtual object, device, and storage medium

Also Published As

Publication number Publication date
CN106657140B (en) 2020-02-28

Similar Documents

Publication Publication Date Title
US11218460B2 (en) Secure authentication for accessing remote resources
CN111783067B (en) Automatic login method and device between multiple network stations
CN103716326B (en) Resource access method and URG
US8683565B2 (en) Authentication
CN104917721B (en) Authorization method, device and system based on oAuth agreement
EP3297243B1 (en) Trusted login method and device
CN103916244B (en) Verification method and device
CN103428179B (en) A kind of log in the method for many domain names website, system and device
CN103069742B (en) For by the method and apparatus of key bindings to name space
CN108605037B (en) Method for transmitting digital information
US11582229B2 (en) Systems and methods of application single sign on
US20120159598A1 (en) User authentication system and method using personal identification number
CN105978994B (en) A kind of login method of web oriented system
JP4897503B2 (en) Account linking system, account linking method, linkage server device
CN106657140A (en) Application authorization method and apparatus
US9210155B2 (en) System and method of extending a host website
CN108718323A (en) A kind of identity identifying method and system
JP2016148919A (en) User attribute information management system and user attribute information management method
CN110430213A (en) Service request processing method, apparatus and system
JP7018455B2 (en) Systems and methods to prevent session fixation on the domain portal
CN106888200B (en) Identification association method, information sending method and device
CN104378395B (en) Access the method and device of OTT application, server push message
US12101419B2 (en) Blockchain network-based virtual common ID service method and service provision server using same
KR20150102292A (en) System and method for providing location authentication service using message
KR20230005527A (en) Method and system of using services through tokens issued on blockchain network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant