CN106982187A - resource authorization method and device - Google Patents

resource authorization method and device Download PDF

Info

Publication number
CN106982187A
CN106982187A CN201610027825.1A CN201610027825A CN106982187A CN 106982187 A CN106982187 A CN 106982187A CN 201610027825 A CN201610027825 A CN 201610027825A CN 106982187 A CN106982187 A CN 106982187A
Authority
CN
China
Prior art keywords
user
party application
authorization
resource
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610027825.1A
Other languages
Chinese (zh)
Other versions
CN106982187B (en
Inventor
魏向林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201610027825.1A priority Critical patent/CN106982187B/en
Priority to PCT/CN2017/071145 priority patent/WO2017121387A1/en
Publication of CN106982187A publication Critical patent/CN106982187A/en
Application granted granted Critical
Publication of CN106982187B publication Critical patent/CN106982187B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos

Abstract

The invention discloses a kind of resource authorization method and device.This method includes:The mandate access request of third-party application is received, and guides user to authorize third-party application, token is sent to third-party application according to the Authorization result of user;The user resources access request for carrying token that third-party application is sent is received, token is verified, after being verified, determines whether the user resources that third-party application is accessed are to belong to prespecified sensitive resource according to user resources access request;When it is determined that the user resources that third-party application is accessed are sensitive resource, the request for whether authorizing third-party application to obtain sensitive resource is sent to user, the authorization response of user is received, is determined whether sensitive resource returning to third-party application according to authorization response.By means of technical scheme, third party can be effectively prevent and abuse mandate on backstage.

Description

Resource authorization method and device
Technical field
The present invention relates to field of mobile communication, more particularly to a kind of resource authorization method and device.
Background technology
OAuth is an open network standard on authorizing (authorization), is obtained extensively in the whole world General application, current version is 2.0 editions.OAuth between " third-party application " and " service provider ", There is provided an authorization layer (authorization layer)." third-party application " can not be logged in directly, and " service is provided Business ", can only log in authorization layer, be made a distinction user with third-party application with this." third-party application " is logged in Token (token) used in authorization layer, it is different from the password of user.User can log in when, if Put the extent of competence and the term of validity of authorization token.
" third-party application " is logged in after authorization layer, and " service provider " is according to the extent of competence of token and effectively Phase, the data of user's storage is opened to " third-party application ".In the prior art, general authority flow is as follows:
Step 1, after user opens third-party application, third-party application requires that user gives and authorized.
Step 2, user agrees to give third-party application mandate.
Step 3, third-party application uses the mandate that previous step is obtained, to certificate server application token.
Step 4, after certificate server is authenticated to third-party application, errorless, agreement granting order is confirmed Board.
Step 5, third-party application uses token, and resource is obtained to Resource Server application.
Step 6, Resource Server confirms that token is errorless, with purpose third-party application open source.
From above-mentioned processing procedure can be seen that such scheme in third-party application once obtain token after, Can be with the corresponding resource of random access within period of validity.Therefore this link of access resource is being authorized, There are following some unsafe factors in OAuth protocol frames:
1st, third party is when guiding user to authorize, and certificate server often describes not right and wrong to desired authority Often clear, details fails to understand that general user often just have selected agreement on the basis of risk is not understood completely.
2nd, third party holds the access token after this has used corresponding resource, still, effective Some user resources can be continuing with the case of user is completely unwitting in phase, invade user related Rights and interests.For example, third party obtains the buddy list resource of certain user, then in the unwitting situation of the user It is lower to mass-send advertisement matter etc. to good friend.
The content of the invention
In view of third-party application is abusing the problem of authorizing in the prior art, it is proposed that the present invention is to provide one Plant the resource authorization method and device for overcoming above mentioned problem or solving the above problems at least in part.
The present invention provides a kind of resource authorization method, including:
The mandate access request of third-party application is received, and guides user to authorize third-party application, root According to the Authorization result of user token is sent to third-party application;
The user resources access request for carrying token that third-party application is sent is received, token is tested Card, after being verified, the user resources that third-party application is accessed are determined according to user resources access request Whether it is to belong to prespecified sensitive resource;
When it is determined that the user resources that third-party application is accessed are sensitive resource, send and whether authorize to user Third-party application obtains the request of sensitive resource, receives the authorization response of user, is according to authorization response determination It is no that sensitive resource is returned into third-party application.
Present invention also offers a kind of resource authorization device, the server of service provider is arranged at, including:
Token module, for receiving the mandate access request of third-party application, and guides user should to third party With being authorized, token is sent to third-party application according to the Authorization result of user;
Determining module, the user resources access request for carrying token for receiving third-party application transmission, Token is verified, after being verified, determines that third-party application is visited according to user resources access request Whether the user resources asked are to belong to prespecified sensitive resource;
Authorization request module, for when it is determined that the user resources that are accessed of third-party application are sensitive resource, The request for whether authorizing third-party application to obtain sensitive resource is sent to user, the authorization response of user is received, Determined whether sensitive resource returning to third-party application according to authorization response.
The present invention has the beneficial effect that:
By when resource accesses real generation, to user with announcement information definitely, solving existing Third-party application is abusing the problem of authorizing in technology, can effectively prevent third party and be awarded in backstage abuse Power.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technology of the present invention Means, and being practiced according to the content of specification, and in order to allow above and other objects of the present invention, Feature and advantage can become apparent, below especially exemplified by the embodiment of the present invention.
Brief description of the drawings
By reading the detailed description of hereafter preferred embodiment, various other advantages and benefit are for ability Domain those of ordinary skill will be clear understanding.Accompanying drawing is only used for showing the purpose of preferred embodiment, and simultaneously It is not considered as limitation of the present invention.And in whole accompanying drawing, identical is denoted by the same reference numerals Part.In the accompanying drawings:
Fig. 1 is the flow chart of the resource authorization method of the embodiment of the present invention;
Fig. 2 is the signaling process figure of the resource authorization method of the embodiment of the present invention;
Fig. 3 is the signaling process figure of the preferred embodiment of the resource authorization method of the embodiment of the present invention;
Fig. 4 is the structural representation of the resource authorization device of the embodiment of the present invention.
Embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although being shown in accompanying drawing The exemplary embodiment of the disclosure, it being understood, however, that may be realized in various forms the disclosure without should be by Embodiments set forth here is limited.It is opposite to be able to be best understood from this there is provided these embodiments It is open, and can by the scope of the present disclosure completely convey to those skilled in the art.
To prevent third-party application from being authorized in abuse afterwards, the embodiments of the invention provide a kind of resource authorization side Method and device, when third-party application holds token access Resource Server, server needs to add to accessing content To screen, when such as accessing the sensitive resource of higher level, with short message, (PUSH) message, electronics are pushed The modes such as mail inform user.After user is responded with defined authorization, Resource Server could allow the Tripartite continues to access resource.Defined authorization can be authorized once, many sub-authorizations, permanent in time limit Authorize, authorize in limited time etc..Below in conjunction with accompanying drawing and embodiment, the present invention will be described in further detail. It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, the present invention is not limited.
Embodiment of the method
Embodiments in accordance with the present invention are the embodiment of the present invention there is provided a kind of resource authorization method, Fig. 1 The flow chart of resource authorization method, as shown in figure 1, resource authorization method according to embodiments of the present invention includes Following processing:
Step 101, the mandate access request of third-party application is received, and guides user to enter third-party application Row is authorized, and token is sent to third-party application according to the Authorization result of user;Wherein it is possible to according to OAuth Agreement guiding user authorizes to third-party application.
Step 102, the user resources access request for carrying token that third-party application is sent is received, to order Board is verified, after being verified, and determines what third-party application was accessed according to user resources access request Whether user resources are to belong to prespecified sensitive resource;
Step 103, when it is determined that the user resources that third-party application is accessed are sensitive resource, sent out to user The request for whether authorizing third-party application to obtain sensitive resource is sent, the authorization response of user is received, according to mandate Response determines whether sensitive resource returning to third-party application.
Preferably, if the request for authorizing third-party application to obtain sensitive resource is specifically included:Sensitive resource Details, level of security and the request whether authorized;Authorization response is specifically included:Agree to or refuse Authorize and authorization, wherein, authorization includes:Once agree to or refuse to authorize, repeatedly agree to Or refusal authorizes and agrees in limited time or refuse to authorize.
Wherein, in step 103, when it is determined that the user resources that third-party application is accessed are sensitive resource, The user resources access request that third-party application can be sent is hung up;Or, returned to third-party application Wait to respond.
In step 103, determine whether sensitive resource returning to third-party application according to authorization response specific Including:If sensitive resource is returned to third-party application by the authorization response of user to agree to authorize;Such as The authorization response of fruit user authorizes for refusal, then refusal authorization response is returned into third-party application.
In embodiments of the present invention, it is determined that the user resources that third-party application is accessed are not sensitive resources When, the user resources that third-party application is asked are returned into third-party application.
After whether authorizing the request that third-party application obtains sensitive resource to user's transmission, if in pre- timing The interior authorization response for not receiving user's return, then default user refusal mandate.
Below in conjunction with accompanying drawing, the above-mentioned technical proposal to the embodiment of the present invention is described in detail.
Fig. 2 is the signaling process figure of the resource authorization method of the embodiment of the present invention, as shown in Fig. 2 specific bag Include following processing:
Step 201, third-party application request ISP is authorized;
Step 202, after being authorized by OAuth agreements guiding user, ISP returns to third party should With a token;
Step 203, third-party application accesses the related resource of user using this token to service provider requests;
Step 204, ISP judges whether the user resources of this visit are sensitive resource, if not It is sensitive resource, directly returns to resource to third party.If sensitive resource, will hang up the access request or Return to the response that third party one needs to wait;
Step 205, for sensitive resource, ISP will inform detailed the of user by various passages Tripartite's application request message, indicates level of security, it is desirable to which user reaffirms agreement or refuses the mandate;
Step 206, user receives from ISP needs to carry out response after the information, agrees to or refusal is awarded Power, if user is interior for a period of time without any response, is defaulted as refusal and authorizes;User is agreeing to and refused Special delegated authority response can be made according to prompting when absolutely, such as a sub-authorization, many sub-authorizations are forever authorized in time limit, In limited time authorize etc. mode;
Step 207, ISP is replied third party according to the response situation of user.Such as user Agree to authorize and then return to respective resources, otherwise reply the similar responses such as User dennied.
Below in conjunction with example, the above-mentioned technical proposal to the embodiment of the present invention is illustrated.
Fig. 3 is the signaling process figure of the preferred embodiment of the resource authorization method of the embodiment of the present invention, such as Fig. 3 institutes Show, specifically include following processing:
Step 301, third-party application accesses the correlation of certain cellphone subscriber to IM service provider request mandates Information;
Step 302, third-party application opens browser by OAuth agreements, accesses IM service provider's User logs in authorization page.After guiding User logs in and authorizing, one token of third-party application is returned to;
Step 303, third-party application asks to access the relevant information resource of the IM user using the token, The friend information of such as user;
Step 304, IM service provider judges whether the user resources of this visit are sensitive resource, such as What is now accessed is the basic document of the user, such as the pet name, ID etc., then directly licenses to third party.If What is accessed is the sensitive resources such as the information of IM good friends, then will hang up the access request or return to third party one The individual response for needing to wait;
Step 305, for sensitive resources such as IM friend informations, IM service provider will be by various optional Passage, such as short message, push, email etc. inform the request situation of user in detail, indicate and likely relate to Which safety factor, it is desirable to which user reaffirms agreement or refuses the mandate;
Step 306, user is received after request by modes such as short messages, then is informed by modes such as answer short messages IM service provider agrees to or refusal is authorized.If user is interior for a period of time without any response, give tacit consent to Authorized for refusal;User can make special delegated authority response in agreement and refusal according to prompting, such as a sub-authorization, Forever authorized in many sub-authorizations, time limit, in limited time the mode such as mandate;
Step 307, IM service provider is replied third-party application according to the response situation of user. Respective resources are returned if user agrees to authorize, User dennied are otherwise replied;
In summary, by means of the technical scheme of the embodiment of the present invention, by resource access it is real occur when, To user with announcement information definitely, third-party application asking in abuse mandate in the prior art is solved Topic, can allow user more neatly select to use a variety of authorizations, so as to effectively prevent the 3rd Abuse and authorize on backstage in side.
Device embodiment
Embodiments in accordance with the present invention are arranged at the clothes of service provider there is provided a kind of resource authorization device Business device, Fig. 4 is the structural representation of the resource authorization device of the embodiment of the present invention, as shown in figure 4, according to The resource authorization device of the embodiment of the present invention includes:Token module 40, determining module 42 and mandate please The modules of the embodiment of the present invention are described in detail by modulus block 44 below.
Token module 40, for receiving the mandate access request of third-party application, and guides user to third party Using being authorized, token is sent to third-party application according to the Authorization result of user;Token module 40 has Body is used for:User is guided to authorize third-party application according to OAuth agreements.
Determining module 42, the user resources for the carrying token access for receiving third-party application transmission please Ask, token is verified, after being verified, third-party application is determined according to user resources access request Whether the user resources accessed are to belong to prespecified sensitive resource;
Authorization request module 44, for it is determined that the user resources that third-party application is accessed are sensitive resource When, the request for whether authorizing third-party application to obtain sensitive resource is sent to user, the mandate for receiving user should Answer, determined whether sensitive resource returning to third-party application according to authorization response.
Wherein, if the request for authorizing third-party application to obtain sensitive resource is specifically included:Sensitive resource it is detailed Thin information, level of security and the request whether authorized;Authorization response is specifically included:Agree to or refusal is awarded Power and authorization, wherein, authorization includes:Once agree to or refuse authorize, repeatedly agree to or Refusal authorizes and agrees in limited time or refuse to authorize.
Authorization request module 44 specifically for:If the authorization response of user is agrees to authorize, by sensitivity Resource returns to third-party application;If the authorization response of user authorizes for refusal, authorization response will be refused Return to third-party application.
Authorization request module 44 is further used for:The user resources access request that third-party application is sent is hung Rise;Or, return to waiting for response to third-party application.Determine that third-party application is visited in determining module 42 When the user resources asked not are sensitive resource, the user resources that third-party application is asked are returned into third party Using.After whether authorizing the request that third-party application obtains sensitive resource to user's transmission, if predetermined The authorization response of user's return is not received in time, then default user refusal is authorized.
In summary, by means of the technical scheme of the embodiment of the present invention, by resource access it is real occur when, To user with announcement information definitely, third-party application asking in abuse mandate in the prior art is solved Topic, can allow user more neatly select to use a variety of authorizations, so as to effectively prevent the 3rd Abuse and authorize on backstage in side.
Obviously, those skilled in the art can carry out various changes and modification without departing from this hair to the present invention Bright spirit and scope.So, if the present invention these modifications and variations belong to the claims in the present invention and Within the scope of its equivalent technologies, then the present invention is also intended to comprising including these changes and modification.
Algorithm and display be not intrinsic with any certain computer, virtual system or miscellaneous equipment provided herein It is related.Various general-purpose systems can also be used together with based on teaching in this.As described above, structure It is obvious to make the structure required by this kind of system.In addition, the present invention is not also directed to any certain programmed Language.It is understood that, it is possible to use various programming languages realize the content of invention described herein, and The description done above to language-specific be in order to disclose the present invention preferred forms.
In the specification that this place is provided, numerous specific details are set forth.It is to be appreciated, however, that this hair Bright embodiment can be put into practice in the case of these no details.In some instances, not in detail Known method, structure and technology are shown, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the disclosure and help to understand one in each inventive aspect or It is multiple, above in the description of the exemplary embodiment of the present invention, each feature of the invention is sometimes by one Rise and be grouped into single embodiment, figure or descriptions thereof.However, should not be by the method for the disclosure It is construed to reflect following intention:I.e. the present invention for required protection require than in each claim institute it is clear and definite The more features of feature of record.More precisely, as the following claims reflect, hair Bright aspect is all features less than single embodiment disclosed above.Therefore, it then follows embodiment Claims be thus expressly incorporated in the embodiment, wherein the conduct of each claim in itself The separate embodiments of the present invention.
Those skilled in the art, which are appreciated that, to be carried out certainly to the module in the client in embodiment Adaptively change and they are arranged in one or more clients different from the embodiment.Can be with The block combiner in embodiment into a module, and multiple submodule or son can be divided into addition Unit or sub-component.Except at least some in such feature and/or process or unit exclude each other it Outside, can be using any combinations to public in this specification (including adjoint claim, summary and accompanying drawing) All features and all processes or unit carry out group of so disclosed any method or client opened Close.Unless expressly stated otherwise, it is public in this specification (including adjoint claim, summary and accompanying drawing) The each feature opened can be replaced by the alternative features for providing identical, equivalent or similar purpose.
Although in addition, it will be appreciated by those of skill in the art that some embodiments described herein are including other Included some features rather than further feature in embodiment, but the not combination meaning of the feature of be the same as Example Taste, which, is within the scope of the present invention and is formed different embodiments.For example, in following claim In book, the one of any of embodiment claimed mode can use in any combination.
The all parts embodiment of the present invention can be realized with hardware, or with one or more processor The software module of upper operation is realized, or is realized with combinations thereof.It will be understood by those of skill in the art that It can be realized in practice using microprocessor or digital signal processor (DSP) according to of the invention real Apply some or all functions of some or all parts being loaded with the client of sequence network address of example. The present invention be also implemented as some or all equipment for performing method as described herein or Person's program of device (for example, computer program and computer program product).Such journey for realizing the present invention Sequence can be stored on a computer-readable medium, or can have the form of one or more signal.This The signal of sample can be downloaded from internet website and obtained, and either be provided or with any on carrier signal Other forms are provided.
It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and And those skilled in the art can design replacement implementation without departing from the scope of the appended claims Example.In the claims, any reference symbol between bracket should not be configured to claim Limitation.Word "comprising" does not exclude the presence of element or step not listed in the claims.Before element Word "a" or "an" do not exclude the presence of multiple such elements.If the present invention can be by means of including The hardware of dry different elements and realized by means of properly programmed computer.If listing equipment for drying In unit claim, several in these devices can be embodied by same hardware branch. The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame Claim.

Claims (14)

1. a kind of resource authorization method, it is characterised in that including:
The mandate access request of third-party application is received, and guides user to award the third-party application Power, token is sent according to the Authorization result of user to the third-party application;
The user resources access request for carrying the token that the third-party application is sent is received, to described Token is verified, after being verified, and determines that the third party should according to the user resources access request Whether it is to belong to prespecified sensitive resource with the user resources accessed;
When it is determined that the user resources that are accessed of the third-party application are sensitive resource, to user send whether Authorize the third-party application to obtain the request of the sensitive resource, the authorization response of user is received, according to institute Authorization response is stated to determine whether the sensitive resource returning to the third-party application.
2. the method as described in claim 1, it is characterised in that user is to the third-party application for guiding Mandate is carried out to specifically include:
User is guided to authorize the third-party application according to OAuth agreements.
3. the method as described in claim 1, it is characterised in that it is determined that the third-party application is visited When the user resources asked are sensitive resource, methods described further comprises:
The user resources access request that the third-party application is sent is hung up;Or,
Response is returned to waiting for the third-party application.
4. the method as described in claim 1, it is characterised in that
The request for whether authorizing the third-party application to obtain the sensitive resource is specifically included:It is described quick Feel details, level of security and the request whether authorized of resource;
The authorization response is specifically included:Agree to or refusal is authorized and authorization, wherein, it is described to award Power mode includes:Once agree to or refuse mandate, repeatedly agree to or refusal is authorized and prescribed a time limit and agrees to or refuse Authorize absolutely.
5. the method as described in claim 1, it is characterised in that receive the authorization response of user, according to The authorization response determines whether that the sensitive resource is returned into the third-party application specifically includes:
If the authorization response of user is agrees to authorize, the sensitive resource is returned into the third party should With;
If the authorization response of user authorizes for refusal, refusal authorization response is returned into the third party should With.
6. the method as described in claim 1, it is characterised in that it is determined that the third-party application is visited When the user resources asked not are sensitive resource, methods described further comprises:
The user resources that the third-party application is asked return to the third-party application.
7. the method as described in claim 1, it is characterised in that sent to user and whether authorize described the Tripartite's application is obtained after the request of the sensitive resource, and methods described further comprises:
If not receiving the authorization response of user's return in the given time, default user refusal is authorized.
8. a kind of resource authorization device, is arranged at the server of service provider, it is characterised in that including:
Token module, for receiving the mandate access request of third-party application, and guides user to the described 3rd Fang Yingyong is authorized, and token is sent to the third-party application according to the Authorization result of user;
Determining module, is visited for receiving the user resources for carrying the token that the third-party application is sent Request is asked, the token is verified, it is true according to the user resources access request after being verified Whether the user resources that the fixed third-party application is accessed are to belong to prespecified sensitive resource;
Authorization request module, for it is determined that the user resources that the third-party application is accessed are sensitive resource When, the request for whether authorizing the third-party application to obtain the sensitive resource is sent to user, user is received Authorization response, according to the authorization response determine whether by the sensitive resource return to the third party should With.
9. device as claimed in claim 8, it is characterised in that the token module specifically for:Root According to OAuth agreements, guiding user authorizes to the third-party application.
10. device as claimed in claim 8, it is characterised in that authorization request module is further used for:
The user resources access request that the third-party application is sent is hung up;Or,
Response is returned to waiting for the third-party application.
11. device as claimed in claim 8, it is characterised in that
The request for whether authorizing the third-party application to obtain the sensitive resource is specifically included:It is described quick Feel details, level of security and the request whether authorized of resource;
The authorization response is specifically included:Agree to or refusal is authorized and authorization, wherein, it is described to award Power mode includes:Once agree to or refuse mandate, repeatedly agree to or refusal is authorized and prescribed a time limit and agrees to or refuse Authorize absolutely.
12. device as claimed in claim 8, it is characterised in that authorization request module specifically for:
If the authorization response of user is agrees to authorize, the sensitive resource is returned into the third party should With;
If the authorization response of user authorizes for refusal, refusal authorization response is returned into the third party should With.
13. device as claimed in claim 8, it is characterised in that the authorization request module is further used In:When it is not sensitive resource that the determining module, which determines the user resources that the third-party application is accessed, The user resources that the third-party application is asked return to the third-party application.
14. device as claimed in claim 8, it is characterised in that the authorization request module is further used In:After the request that the third-party application obtains the sensitive resource whether being authorized to user's transmission, if The authorization response of user's return is not received in the given time, then default user refusal is authorized.
CN201610027825.1A 2016-01-15 2016-01-15 Resource authorization method and device Active CN106982187B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201610027825.1A CN106982187B (en) 2016-01-15 2016-01-15 Resource authorization method and device
PCT/CN2017/071145 WO2017121387A1 (en) 2016-01-15 2017-01-13 Resource authentication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610027825.1A CN106982187B (en) 2016-01-15 2016-01-15 Resource authorization method and device

Publications (2)

Publication Number Publication Date
CN106982187A true CN106982187A (en) 2017-07-25
CN106982187B CN106982187B (en) 2020-12-01

Family

ID=59310845

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610027825.1A Active CN106982187B (en) 2016-01-15 2016-01-15 Resource authorization method and device

Country Status (2)

Country Link
CN (1) CN106982187B (en)
WO (1) WO2017121387A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109347855A (en) * 2018-11-09 2019-02-15 南京医渡云医学技术有限公司 Data access method, device, system, Electronic Design and computer-readable medium
CN114666125A (en) * 2022-03-21 2022-06-24 阿里云计算有限公司 Resource management method and device and server

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103546489A (en) * 2013-11-05 2014-01-29 腾讯科技(武汉)有限公司 Method, server and system for authority control
CN104734849A (en) * 2013-12-19 2015-06-24 阿里巴巴集团控股有限公司 Method and system for conducting authentication on third-party application
US20150350186A1 (en) * 2014-05-30 2015-12-03 Oracle International Corporation Authorization token cache system and method
CN105207974A (en) * 2014-06-18 2015-12-30 中国电信股份有限公司 Method for realizing user resource differentiated openness, platform, application and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030195858A1 (en) * 2002-04-10 2003-10-16 Fujio Watanabe Distributed information storage, authentication and authorization system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103546489A (en) * 2013-11-05 2014-01-29 腾讯科技(武汉)有限公司 Method, server and system for authority control
CN104734849A (en) * 2013-12-19 2015-06-24 阿里巴巴集团控股有限公司 Method and system for conducting authentication on third-party application
US20150350186A1 (en) * 2014-05-30 2015-12-03 Oracle International Corporation Authorization token cache system and method
CN105207974A (en) * 2014-06-18 2015-12-30 中国电信股份有限公司 Method for realizing user resource differentiated openness, platform, application and system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109347855A (en) * 2018-11-09 2019-02-15 南京医渡云医学技术有限公司 Data access method, device, system, Electronic Design and computer-readable medium
CN109347855B (en) * 2018-11-09 2020-06-05 南京医渡云医学技术有限公司 Data access method, device, system, electronic design and computer readable medium
CN114666125A (en) * 2022-03-21 2022-06-24 阿里云计算有限公司 Resource management method and device and server
CN114666125B (en) * 2022-03-21 2024-03-22 阿里云计算有限公司 Resource management method, device and server

Also Published As

Publication number Publication date
WO2017121387A1 (en) 2017-07-20
CN106982187B (en) 2020-12-01

Similar Documents

Publication Publication Date Title
US10693885B2 (en) Social networking behavior-based identity system
Fett et al. A comprehensive formal security analysis of OAuth 2.0
CN106096343B (en) Message access control method and equipment
Li et al. Analysing the Security of Google’s implementation of OpenID Connect
TWI620090B (en) Login failure sequence for detecting phishing
Leiba Oauth web authorization protocol
CN106998551B (en) Method, system, device and terminal for application access authentication
Sun et al. The devil is in the (implementation) details: an empirical analysis of OAuth SSO systems
US9509721B2 (en) Managing social network accessibility based on age
US11017088B2 (en) Crowdsourced, self-learning security system through smart feedback loops
US9374369B2 (en) Multi-factor authentication and comprehensive login system for client-server networks
US8667579B2 (en) Methods, systems, and computer readable media for bridging user authentication, authorization, and access between web-based and telecom domains
CN101771532B (en) Method, device and system for realizing resource sharing
Werner et al. Cloud identity management: A survey on privacy strategies
CN104954330B (en) A kind of methods, devices and systems to be conducted interviews to data resource
US20150180857A1 (en) Simple user management service utilizing an access token
CN106953831A (en) A kind of authorization method of user resources, apparatus and system
US11770385B2 (en) Systems and methods for malicious client detection through property analysis
CN104184705A (en) Verification method, apparatus, server, user data center and system
CN108259431A (en) The method, apparatus and system of account information are shared between applying more
CN108881309A (en) Access method, device, electronic equipment and the readable storage medium storing program for executing of big data platform
CN109040069A (en) A kind of dissemination method, delivery system and the access method of cloud application program
CN109088890A (en) A kind of identity identifying method, relevant apparatus and system
CA2844888A1 (en) System and method of extending a host website
KR20170016456A (en) Secure unified cloud storage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant