CN106982187A - resource authorization method and device - Google Patents
resource authorization method and device Download PDFInfo
- Publication number
- CN106982187A CN106982187A CN201610027825.1A CN201610027825A CN106982187A CN 106982187 A CN106982187 A CN 106982187A CN 201610027825 A CN201610027825 A CN 201610027825A CN 106982187 A CN106982187 A CN 106982187A
- Authority
- CN
- China
- Prior art keywords
- user
- party application
- authorization
- resource
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
Abstract
The invention discloses a kind of resource authorization method and device.This method includes:The mandate access request of third-party application is received, and guides user to authorize third-party application, token is sent to third-party application according to the Authorization result of user;The user resources access request for carrying token that third-party application is sent is received, token is verified, after being verified, determines whether the user resources that third-party application is accessed are to belong to prespecified sensitive resource according to user resources access request;When it is determined that the user resources that third-party application is accessed are sensitive resource, the request for whether authorizing third-party application to obtain sensitive resource is sent to user, the authorization response of user is received, is determined whether sensitive resource returning to third-party application according to authorization response.By means of technical scheme, third party can be effectively prevent and abuse mandate on backstage.
Description
Technical field
The present invention relates to field of mobile communication, more particularly to a kind of resource authorization method and device.
Background technology
OAuth is an open network standard on authorizing (authorization), is obtained extensively in the whole world
General application, current version is 2.0 editions.OAuth between " third-party application " and " service provider ",
There is provided an authorization layer (authorization layer)." third-party application " can not be logged in directly, and " service is provided
Business ", can only log in authorization layer, be made a distinction user with third-party application with this." third-party application " is logged in
Token (token) used in authorization layer, it is different from the password of user.User can log in when, if
Put the extent of competence and the term of validity of authorization token.
" third-party application " is logged in after authorization layer, and " service provider " is according to the extent of competence of token and effectively
Phase, the data of user's storage is opened to " third-party application ".In the prior art, general authority flow is as follows:
Step 1, after user opens third-party application, third-party application requires that user gives and authorized.
Step 2, user agrees to give third-party application mandate.
Step 3, third-party application uses the mandate that previous step is obtained, to certificate server application token.
Step 4, after certificate server is authenticated to third-party application, errorless, agreement granting order is confirmed
Board.
Step 5, third-party application uses token, and resource is obtained to Resource Server application.
Step 6, Resource Server confirms that token is errorless, with purpose third-party application open source.
From above-mentioned processing procedure can be seen that such scheme in third-party application once obtain token after,
Can be with the corresponding resource of random access within period of validity.Therefore this link of access resource is being authorized,
There are following some unsafe factors in OAuth protocol frames:
1st, third party is when guiding user to authorize, and certificate server often describes not right and wrong to desired authority
Often clear, details fails to understand that general user often just have selected agreement on the basis of risk is not understood completely.
2nd, third party holds the access token after this has used corresponding resource, still, effective
Some user resources can be continuing with the case of user is completely unwitting in phase, invade user related
Rights and interests.For example, third party obtains the buddy list resource of certain user, then in the unwitting situation of the user
It is lower to mass-send advertisement matter etc. to good friend.
The content of the invention
In view of third-party application is abusing the problem of authorizing in the prior art, it is proposed that the present invention is to provide one
Plant the resource authorization method and device for overcoming above mentioned problem or solving the above problems at least in part.
The present invention provides a kind of resource authorization method, including:
The mandate access request of third-party application is received, and guides user to authorize third-party application, root
According to the Authorization result of user token is sent to third-party application;
The user resources access request for carrying token that third-party application is sent is received, token is tested
Card, after being verified, the user resources that third-party application is accessed are determined according to user resources access request
Whether it is to belong to prespecified sensitive resource;
When it is determined that the user resources that third-party application is accessed are sensitive resource, send and whether authorize to user
Third-party application obtains the request of sensitive resource, receives the authorization response of user, is according to authorization response determination
It is no that sensitive resource is returned into third-party application.
Present invention also offers a kind of resource authorization device, the server of service provider is arranged at, including:
Token module, for receiving the mandate access request of third-party application, and guides user should to third party
With being authorized, token is sent to third-party application according to the Authorization result of user;
Determining module, the user resources access request for carrying token for receiving third-party application transmission,
Token is verified, after being verified, determines that third-party application is visited according to user resources access request
Whether the user resources asked are to belong to prespecified sensitive resource;
Authorization request module, for when it is determined that the user resources that are accessed of third-party application are sensitive resource,
The request for whether authorizing third-party application to obtain sensitive resource is sent to user, the authorization response of user is received,
Determined whether sensitive resource returning to third-party application according to authorization response.
The present invention has the beneficial effect that:
By when resource accesses real generation, to user with announcement information definitely, solving existing
Third-party application is abusing the problem of authorizing in technology, can effectively prevent third party and be awarded in backstage abuse
Power.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technology of the present invention
Means, and being practiced according to the content of specification, and in order to allow above and other objects of the present invention,
Feature and advantage can become apparent, below especially exemplified by the embodiment of the present invention.
Brief description of the drawings
By reading the detailed description of hereafter preferred embodiment, various other advantages and benefit are for ability
Domain those of ordinary skill will be clear understanding.Accompanying drawing is only used for showing the purpose of preferred embodiment, and simultaneously
It is not considered as limitation of the present invention.And in whole accompanying drawing, identical is denoted by the same reference numerals
Part.In the accompanying drawings:
Fig. 1 is the flow chart of the resource authorization method of the embodiment of the present invention;
Fig. 2 is the signaling process figure of the resource authorization method of the embodiment of the present invention;
Fig. 3 is the signaling process figure of the preferred embodiment of the resource authorization method of the embodiment of the present invention;
Fig. 4 is the structural representation of the resource authorization device of the embodiment of the present invention.
Embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although being shown in accompanying drawing
The exemplary embodiment of the disclosure, it being understood, however, that may be realized in various forms the disclosure without should be by
Embodiments set forth here is limited.It is opposite to be able to be best understood from this there is provided these embodiments
It is open, and can by the scope of the present disclosure completely convey to those skilled in the art.
To prevent third-party application from being authorized in abuse afterwards, the embodiments of the invention provide a kind of resource authorization side
Method and device, when third-party application holds token access Resource Server, server needs to add to accessing content
To screen, when such as accessing the sensitive resource of higher level, with short message, (PUSH) message, electronics are pushed
The modes such as mail inform user.After user is responded with defined authorization, Resource Server could allow the
Tripartite continues to access resource.Defined authorization can be authorized once, many sub-authorizations, permanent in time limit
Authorize, authorize in limited time etc..Below in conjunction with accompanying drawing and embodiment, the present invention will be described in further detail.
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, the present invention is not limited.
Embodiment of the method
Embodiments in accordance with the present invention are the embodiment of the present invention there is provided a kind of resource authorization method, Fig. 1
The flow chart of resource authorization method, as shown in figure 1, resource authorization method according to embodiments of the present invention includes
Following processing:
Step 101, the mandate access request of third-party application is received, and guides user to enter third-party application
Row is authorized, and token is sent to third-party application according to the Authorization result of user;Wherein it is possible to according to OAuth
Agreement guiding user authorizes to third-party application.
Step 102, the user resources access request for carrying token that third-party application is sent is received, to order
Board is verified, after being verified, and determines what third-party application was accessed according to user resources access request
Whether user resources are to belong to prespecified sensitive resource;
Step 103, when it is determined that the user resources that third-party application is accessed are sensitive resource, sent out to user
The request for whether authorizing third-party application to obtain sensitive resource is sent, the authorization response of user is received, according to mandate
Response determines whether sensitive resource returning to third-party application.
Preferably, if the request for authorizing third-party application to obtain sensitive resource is specifically included:Sensitive resource
Details, level of security and the request whether authorized;Authorization response is specifically included:Agree to or refuse
Authorize and authorization, wherein, authorization includes:Once agree to or refuse to authorize, repeatedly agree to
Or refusal authorizes and agrees in limited time or refuse to authorize.
Wherein, in step 103, when it is determined that the user resources that third-party application is accessed are sensitive resource,
The user resources access request that third-party application can be sent is hung up;Or, returned to third-party application
Wait to respond.
In step 103, determine whether sensitive resource returning to third-party application according to authorization response specific
Including:If sensitive resource is returned to third-party application by the authorization response of user to agree to authorize;Such as
The authorization response of fruit user authorizes for refusal, then refusal authorization response is returned into third-party application.
In embodiments of the present invention, it is determined that the user resources that third-party application is accessed are not sensitive resources
When, the user resources that third-party application is asked are returned into third-party application.
After whether authorizing the request that third-party application obtains sensitive resource to user's transmission, if in pre- timing
The interior authorization response for not receiving user's return, then default user refusal mandate.
Below in conjunction with accompanying drawing, the above-mentioned technical proposal to the embodiment of the present invention is described in detail.
Fig. 2 is the signaling process figure of the resource authorization method of the embodiment of the present invention, as shown in Fig. 2 specific bag
Include following processing:
Step 201, third-party application request ISP is authorized;
Step 202, after being authorized by OAuth agreements guiding user, ISP returns to third party should
With a token;
Step 203, third-party application accesses the related resource of user using this token to service provider requests;
Step 204, ISP judges whether the user resources of this visit are sensitive resource, if not
It is sensitive resource, directly returns to resource to third party.If sensitive resource, will hang up the access request or
Return to the response that third party one needs to wait;
Step 205, for sensitive resource, ISP will inform detailed the of user by various passages
Tripartite's application request message, indicates level of security, it is desirable to which user reaffirms agreement or refuses the mandate;
Step 206, user receives from ISP needs to carry out response after the information, agrees to or refusal is awarded
Power, if user is interior for a period of time without any response, is defaulted as refusal and authorizes;User is agreeing to and refused
Special delegated authority response can be made according to prompting when absolutely, such as a sub-authorization, many sub-authorizations are forever authorized in time limit,
In limited time authorize etc. mode;
Step 207, ISP is replied third party according to the response situation of user.Such as user
Agree to authorize and then return to respective resources, otherwise reply the similar responses such as User dennied.
Below in conjunction with example, the above-mentioned technical proposal to the embodiment of the present invention is illustrated.
Fig. 3 is the signaling process figure of the preferred embodiment of the resource authorization method of the embodiment of the present invention, such as Fig. 3 institutes
Show, specifically include following processing:
Step 301, third-party application accesses the correlation of certain cellphone subscriber to IM service provider request mandates
Information;
Step 302, third-party application opens browser by OAuth agreements, accesses IM service provider's
User logs in authorization page.After guiding User logs in and authorizing, one token of third-party application is returned to;
Step 303, third-party application asks to access the relevant information resource of the IM user using the token,
The friend information of such as user;
Step 304, IM service provider judges whether the user resources of this visit are sensitive resource, such as
What is now accessed is the basic document of the user, such as the pet name, ID etc., then directly licenses to third party.If
What is accessed is the sensitive resources such as the information of IM good friends, then will hang up the access request or return to third party one
The individual response for needing to wait;
Step 305, for sensitive resources such as IM friend informations, IM service provider will be by various optional
Passage, such as short message, push, email etc. inform the request situation of user in detail, indicate and likely relate to
Which safety factor, it is desirable to which user reaffirms agreement or refuses the mandate;
Step 306, user is received after request by modes such as short messages, then is informed by modes such as answer short messages
IM service provider agrees to or refusal is authorized.If user is interior for a period of time without any response, give tacit consent to
Authorized for refusal;User can make special delegated authority response in agreement and refusal according to prompting, such as a sub-authorization,
Forever authorized in many sub-authorizations, time limit, in limited time the mode such as mandate;
Step 307, IM service provider is replied third-party application according to the response situation of user.
Respective resources are returned if user agrees to authorize, User dennied are otherwise replied;
In summary, by means of the technical scheme of the embodiment of the present invention, by resource access it is real occur when,
To user with announcement information definitely, third-party application asking in abuse mandate in the prior art is solved
Topic, can allow user more neatly select to use a variety of authorizations, so as to effectively prevent the 3rd
Abuse and authorize on backstage in side.
Device embodiment
Embodiments in accordance with the present invention are arranged at the clothes of service provider there is provided a kind of resource authorization device
Business device, Fig. 4 is the structural representation of the resource authorization device of the embodiment of the present invention, as shown in figure 4, according to
The resource authorization device of the embodiment of the present invention includes:Token module 40, determining module 42 and mandate please
The modules of the embodiment of the present invention are described in detail by modulus block 44 below.
Token module 40, for receiving the mandate access request of third-party application, and guides user to third party
Using being authorized, token is sent to third-party application according to the Authorization result of user;Token module 40 has
Body is used for:User is guided to authorize third-party application according to OAuth agreements.
Determining module 42, the user resources for the carrying token access for receiving third-party application transmission please
Ask, token is verified, after being verified, third-party application is determined according to user resources access request
Whether the user resources accessed are to belong to prespecified sensitive resource;
Authorization request module 44, for it is determined that the user resources that third-party application is accessed are sensitive resource
When, the request for whether authorizing third-party application to obtain sensitive resource is sent to user, the mandate for receiving user should
Answer, determined whether sensitive resource returning to third-party application according to authorization response.
Wherein, if the request for authorizing third-party application to obtain sensitive resource is specifically included:Sensitive resource it is detailed
Thin information, level of security and the request whether authorized;Authorization response is specifically included:Agree to or refusal is awarded
Power and authorization, wherein, authorization includes:Once agree to or refuse authorize, repeatedly agree to or
Refusal authorizes and agrees in limited time or refuse to authorize.
Authorization request module 44 specifically for:If the authorization response of user is agrees to authorize, by sensitivity
Resource returns to third-party application;If the authorization response of user authorizes for refusal, authorization response will be refused
Return to third-party application.
Authorization request module 44 is further used for:The user resources access request that third-party application is sent is hung
Rise;Or, return to waiting for response to third-party application.Determine that third-party application is visited in determining module 42
When the user resources asked not are sensitive resource, the user resources that third-party application is asked are returned into third party
Using.After whether authorizing the request that third-party application obtains sensitive resource to user's transmission, if predetermined
The authorization response of user's return is not received in time, then default user refusal is authorized.
In summary, by means of the technical scheme of the embodiment of the present invention, by resource access it is real occur when,
To user with announcement information definitely, third-party application asking in abuse mandate in the prior art is solved
Topic, can allow user more neatly select to use a variety of authorizations, so as to effectively prevent the 3rd
Abuse and authorize on backstage in side.
Obviously, those skilled in the art can carry out various changes and modification without departing from this hair to the present invention
Bright spirit and scope.So, if the present invention these modifications and variations belong to the claims in the present invention and
Within the scope of its equivalent technologies, then the present invention is also intended to comprising including these changes and modification.
Algorithm and display be not intrinsic with any certain computer, virtual system or miscellaneous equipment provided herein
It is related.Various general-purpose systems can also be used together with based on teaching in this.As described above, structure
It is obvious to make the structure required by this kind of system.In addition, the present invention is not also directed to any certain programmed
Language.It is understood that, it is possible to use various programming languages realize the content of invention described herein, and
The description done above to language-specific be in order to disclose the present invention preferred forms.
In the specification that this place is provided, numerous specific details are set forth.It is to be appreciated, however, that this hair
Bright embodiment can be put into practice in the case of these no details.In some instances, not in detail
Known method, structure and technology are shown, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the disclosure and help to understand one in each inventive aspect or
It is multiple, above in the description of the exemplary embodiment of the present invention, each feature of the invention is sometimes by one
Rise and be grouped into single embodiment, figure or descriptions thereof.However, should not be by the method for the disclosure
It is construed to reflect following intention:I.e. the present invention for required protection require than in each claim institute it is clear and definite
The more features of feature of record.More precisely, as the following claims reflect, hair
Bright aspect is all features less than single embodiment disclosed above.Therefore, it then follows embodiment
Claims be thus expressly incorporated in the embodiment, wherein the conduct of each claim in itself
The separate embodiments of the present invention.
Those skilled in the art, which are appreciated that, to be carried out certainly to the module in the client in embodiment
Adaptively change and they are arranged in one or more clients different from the embodiment.Can be with
The block combiner in embodiment into a module, and multiple submodule or son can be divided into addition
Unit or sub-component.Except at least some in such feature and/or process or unit exclude each other it
Outside, can be using any combinations to public in this specification (including adjoint claim, summary and accompanying drawing)
All features and all processes or unit carry out group of so disclosed any method or client opened
Close.Unless expressly stated otherwise, it is public in this specification (including adjoint claim, summary and accompanying drawing)
The each feature opened can be replaced by the alternative features for providing identical, equivalent or similar purpose.
Although in addition, it will be appreciated by those of skill in the art that some embodiments described herein are including other
Included some features rather than further feature in embodiment, but the not combination meaning of the feature of be the same as Example
Taste, which, is within the scope of the present invention and is formed different embodiments.For example, in following claim
In book, the one of any of embodiment claimed mode can use in any combination.
The all parts embodiment of the present invention can be realized with hardware, or with one or more processor
The software module of upper operation is realized, or is realized with combinations thereof.It will be understood by those of skill in the art that
It can be realized in practice using microprocessor or digital signal processor (DSP) according to of the invention real
Apply some or all functions of some or all parts being loaded with the client of sequence network address of example.
The present invention be also implemented as some or all equipment for performing method as described herein or
Person's program of device (for example, computer program and computer program product).Such journey for realizing the present invention
Sequence can be stored on a computer-readable medium, or can have the form of one or more signal.This
The signal of sample can be downloaded from internet website and obtained, and either be provided or with any on carrier signal
Other forms are provided.
It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and
And those skilled in the art can design replacement implementation without departing from the scope of the appended claims
Example.In the claims, any reference symbol between bracket should not be configured to claim
Limitation.Word "comprising" does not exclude the presence of element or step not listed in the claims.Before element
Word "a" or "an" do not exclude the presence of multiple such elements.If the present invention can be by means of including
The hardware of dry different elements and realized by means of properly programmed computer.If listing equipment for drying
In unit claim, several in these devices can be embodied by same hardware branch.
The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame
Claim.
Claims (14)
1. a kind of resource authorization method, it is characterised in that including:
The mandate access request of third-party application is received, and guides user to award the third-party application
Power, token is sent according to the Authorization result of user to the third-party application;
The user resources access request for carrying the token that the third-party application is sent is received, to described
Token is verified, after being verified, and determines that the third party should according to the user resources access request
Whether it is to belong to prespecified sensitive resource with the user resources accessed;
When it is determined that the user resources that are accessed of the third-party application are sensitive resource, to user send whether
Authorize the third-party application to obtain the request of the sensitive resource, the authorization response of user is received, according to institute
Authorization response is stated to determine whether the sensitive resource returning to the third-party application.
2. the method as described in claim 1, it is characterised in that user is to the third-party application for guiding
Mandate is carried out to specifically include:
User is guided to authorize the third-party application according to OAuth agreements.
3. the method as described in claim 1, it is characterised in that it is determined that the third-party application is visited
When the user resources asked are sensitive resource, methods described further comprises:
The user resources access request that the third-party application is sent is hung up;Or,
Response is returned to waiting for the third-party application.
4. the method as described in claim 1, it is characterised in that
The request for whether authorizing the third-party application to obtain the sensitive resource is specifically included:It is described quick
Feel details, level of security and the request whether authorized of resource;
The authorization response is specifically included:Agree to or refusal is authorized and authorization, wherein, it is described to award
Power mode includes:Once agree to or refuse mandate, repeatedly agree to or refusal is authorized and prescribed a time limit and agrees to or refuse
Authorize absolutely.
5. the method as described in claim 1, it is characterised in that receive the authorization response of user, according to
The authorization response determines whether that the sensitive resource is returned into the third-party application specifically includes:
If the authorization response of user is agrees to authorize, the sensitive resource is returned into the third party should
With;
If the authorization response of user authorizes for refusal, refusal authorization response is returned into the third party should
With.
6. the method as described in claim 1, it is characterised in that it is determined that the third-party application is visited
When the user resources asked not are sensitive resource, methods described further comprises:
The user resources that the third-party application is asked return to the third-party application.
7. the method as described in claim 1, it is characterised in that sent to user and whether authorize described the
Tripartite's application is obtained after the request of the sensitive resource, and methods described further comprises:
If not receiving the authorization response of user's return in the given time, default user refusal is authorized.
8. a kind of resource authorization device, is arranged at the server of service provider, it is characterised in that including:
Token module, for receiving the mandate access request of third-party application, and guides user to the described 3rd
Fang Yingyong is authorized, and token is sent to the third-party application according to the Authorization result of user;
Determining module, is visited for receiving the user resources for carrying the token that the third-party application is sent
Request is asked, the token is verified, it is true according to the user resources access request after being verified
Whether the user resources that the fixed third-party application is accessed are to belong to prespecified sensitive resource;
Authorization request module, for it is determined that the user resources that the third-party application is accessed are sensitive resource
When, the request for whether authorizing the third-party application to obtain the sensitive resource is sent to user, user is received
Authorization response, according to the authorization response determine whether by the sensitive resource return to the third party should
With.
9. device as claimed in claim 8, it is characterised in that the token module specifically for:Root
According to OAuth agreements, guiding user authorizes to the third-party application.
10. device as claimed in claim 8, it is characterised in that authorization request module is further used for:
The user resources access request that the third-party application is sent is hung up;Or,
Response is returned to waiting for the third-party application.
11. device as claimed in claim 8, it is characterised in that
The request for whether authorizing the third-party application to obtain the sensitive resource is specifically included:It is described quick
Feel details, level of security and the request whether authorized of resource;
The authorization response is specifically included:Agree to or refusal is authorized and authorization, wherein, it is described to award
Power mode includes:Once agree to or refuse mandate, repeatedly agree to or refusal is authorized and prescribed a time limit and agrees to or refuse
Authorize absolutely.
12. device as claimed in claim 8, it is characterised in that authorization request module specifically for:
If the authorization response of user is agrees to authorize, the sensitive resource is returned into the third party should
With;
If the authorization response of user authorizes for refusal, refusal authorization response is returned into the third party should
With.
13. device as claimed in claim 8, it is characterised in that the authorization request module is further used
In:When it is not sensitive resource that the determining module, which determines the user resources that the third-party application is accessed,
The user resources that the third-party application is asked return to the third-party application.
14. device as claimed in claim 8, it is characterised in that the authorization request module is further used
In:After the request that the third-party application obtains the sensitive resource whether being authorized to user's transmission, if
The authorization response of user's return is not received in the given time, then default user refusal is authorized.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610027825.1A CN106982187B (en) | 2016-01-15 | 2016-01-15 | Resource authorization method and device |
PCT/CN2017/071145 WO2017121387A1 (en) | 2016-01-15 | 2017-01-13 | Resource authentication method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610027825.1A CN106982187B (en) | 2016-01-15 | 2016-01-15 | Resource authorization method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106982187A true CN106982187A (en) | 2017-07-25 |
CN106982187B CN106982187B (en) | 2020-12-01 |
Family
ID=59310845
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610027825.1A Active CN106982187B (en) | 2016-01-15 | 2016-01-15 | Resource authorization method and device |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN106982187B (en) |
WO (1) | WO2017121387A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109347855A (en) * | 2018-11-09 | 2019-02-15 | 南京医渡云医学技术有限公司 | Data access method, device, system, Electronic Design and computer-readable medium |
CN114666125A (en) * | 2022-03-21 | 2022-06-24 | 阿里云计算有限公司 | Resource management method and device and server |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103546489A (en) * | 2013-11-05 | 2014-01-29 | 腾讯科技(武汉)有限公司 | Method, server and system for authority control |
CN104734849A (en) * | 2013-12-19 | 2015-06-24 | 阿里巴巴集团控股有限公司 | Method and system for conducting authentication on third-party application |
US20150350186A1 (en) * | 2014-05-30 | 2015-12-03 | Oracle International Corporation | Authorization token cache system and method |
CN105207974A (en) * | 2014-06-18 | 2015-12-30 | 中国电信股份有限公司 | Method for realizing user resource differentiated openness, platform, application and system |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030195858A1 (en) * | 2002-04-10 | 2003-10-16 | Fujio Watanabe | Distributed information storage, authentication and authorization system |
-
2016
- 2016-01-15 CN CN201610027825.1A patent/CN106982187B/en active Active
-
2017
- 2017-01-13 WO PCT/CN2017/071145 patent/WO2017121387A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103546489A (en) * | 2013-11-05 | 2014-01-29 | 腾讯科技(武汉)有限公司 | Method, server and system for authority control |
CN104734849A (en) * | 2013-12-19 | 2015-06-24 | 阿里巴巴集团控股有限公司 | Method and system for conducting authentication on third-party application |
US20150350186A1 (en) * | 2014-05-30 | 2015-12-03 | Oracle International Corporation | Authorization token cache system and method |
CN105207974A (en) * | 2014-06-18 | 2015-12-30 | 中国电信股份有限公司 | Method for realizing user resource differentiated openness, platform, application and system |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109347855A (en) * | 2018-11-09 | 2019-02-15 | 南京医渡云医学技术有限公司 | Data access method, device, system, Electronic Design and computer-readable medium |
CN109347855B (en) * | 2018-11-09 | 2020-06-05 | 南京医渡云医学技术有限公司 | Data access method, device, system, electronic design and computer readable medium |
CN114666125A (en) * | 2022-03-21 | 2022-06-24 | 阿里云计算有限公司 | Resource management method and device and server |
CN114666125B (en) * | 2022-03-21 | 2024-03-22 | 阿里云计算有限公司 | Resource management method, device and server |
Also Published As
Publication number | Publication date |
---|---|
WO2017121387A1 (en) | 2017-07-20 |
CN106982187B (en) | 2020-12-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10693885B2 (en) | Social networking behavior-based identity system | |
Fett et al. | A comprehensive formal security analysis of OAuth 2.0 | |
CN106096343B (en) | Message access control method and equipment | |
Li et al. | Analysing the Security of Google’s implementation of OpenID Connect | |
TWI620090B (en) | Login failure sequence for detecting phishing | |
Leiba | Oauth web authorization protocol | |
CN106998551B (en) | Method, system, device and terminal for application access authentication | |
Sun et al. | The devil is in the (implementation) details: an empirical analysis of OAuth SSO systems | |
US9509721B2 (en) | Managing social network accessibility based on age | |
US11017088B2 (en) | Crowdsourced, self-learning security system through smart feedback loops | |
US9374369B2 (en) | Multi-factor authentication and comprehensive login system for client-server networks | |
US8667579B2 (en) | Methods, systems, and computer readable media for bridging user authentication, authorization, and access between web-based and telecom domains | |
CN101771532B (en) | Method, device and system for realizing resource sharing | |
Werner et al. | Cloud identity management: A survey on privacy strategies | |
CN104954330B (en) | A kind of methods, devices and systems to be conducted interviews to data resource | |
US20150180857A1 (en) | Simple user management service utilizing an access token | |
CN106953831A (en) | A kind of authorization method of user resources, apparatus and system | |
US11770385B2 (en) | Systems and methods for malicious client detection through property analysis | |
CN104184705A (en) | Verification method, apparatus, server, user data center and system | |
CN108259431A (en) | The method, apparatus and system of account information are shared between applying more | |
CN108881309A (en) | Access method, device, electronic equipment and the readable storage medium storing program for executing of big data platform | |
CN109040069A (en) | A kind of dissemination method, delivery system and the access method of cloud application program | |
CN109088890A (en) | A kind of identity identifying method, relevant apparatus and system | |
CA2844888A1 (en) | System and method of extending a host website | |
KR20170016456A (en) | Secure unified cloud storage |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |