CN107222485A - A kind of authorization method and relevant device - Google Patents
A kind of authorization method and relevant device Download PDFInfo
- Publication number
- CN107222485A CN107222485A CN201710447707.0A CN201710447707A CN107222485A CN 107222485 A CN107222485 A CN 107222485A CN 201710447707 A CN201710447707 A CN 201710447707A CN 107222485 A CN107222485 A CN 107222485A
- Authority
- CN
- China
- Prior art keywords
- service provider
- cloud service
- provider side
- terminal device
- side server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
Abstract
The embodiment of the invention discloses a kind of authorization method and relevant device.Present invention method includes:The first temporary credentials that cloud service provider side server receiving terminal equipment is sent, cloud service provider side server determines target authority according to first temporary credentials, second temporary credentials is sent to the terminal device by cloud service provider side server, second temporary credentials is used to indicate the target authority, so that the terminal device accesses the target resource on the server of the cloud service provider side by second temporary credentials.It can be seen that, cloud service provider side server can realize the rights management become more meticulous to the terminal device by second temporary credentials, i.e. so that the terminal device only has the access of target claim to cloud service provider side server, while ensure that terminal device accesses security and the flexibility of the target resource of cloud service provider side server.
Description
Technical field
The present invention relates to communication technical field, more particularly to a kind of authorization method and server.
Background technology
Terminal device is when accessing resource, it is necessary to the mandate of resource owner, mandate of the terminal device in resource owner
Under, you can carry out the access of resource.
The authorization that prior art is provided comprises the following steps:
Step 101, the terminal device are to Resource Owner's (English full name:Resource Owner, English abbreviation:RO)
Send solicited message;
The terminal device asks resource, the request packet as the requesting party of resource by the solicited message
Include the resource path to be accessed, action type, the information such as the user identity of terminal device.
Authorization code Authorization Code Grant are sent to terminal device by step 102, the Resource Owner.
Wherein, the Resource Owner sends out the authorization code Authorization Code Grant as authorized certificate
Give the terminal device.
Step 103, the terminal device are to authorization server (English full name:Authorization Server, English letter
Claim:AS access token solicited message) is sent.
Wherein, the access token solicited message includes the identity documents of the user of the authorization code and terminal device.
Access token is sent to the terminal device by step 104, the authorization server.
The access token is sent to Resource Server (English full name by step 105, the terminal device:Resource
Server, English abbreviation:RS).
Resource is sent to the terminal device by step 106, the Resource Server according to the access token.
Authorization shown in prior art, the Resource Owner is to award in real time to the licensing process of the terminal device
Power, it is impossible to the authority demand become more meticulous is defined to terminal device, is usually a little classifications for authority being divided into coarseness, this mode
That can not meet the rights management demand that becomes more meticulous of cloud service, and with access token be used as authorize after access resource with
Card, security is relatively low.
The content of the invention
The embodiments of the invention provide a kind of authorization method and relevant device.
First aspect of the embodiment of the present invention provides a kind of authorization method, including:
The first temporary credentials that cloud service provider side server receiving terminal equipment is sent, first temporary credentials is used
The resource on the server of the cloud service provider side is accessed in request;
Cloud service provider side server determines target authority, the target authority according to first temporary credentials
For indicating with the authority for accessing the target resource on the server of the cloud service provider side;
Second temporary credentials is sent to the terminal device by cloud service provider side server, and described second is interim
Certificate is used to indicate the target authority, is carried so that the terminal device accesses the cloud service by second temporary credentials
For the target resource on the server of business side.
Second aspect of the embodiment of the present invention provides a kind of authorization method, including:
First temporary credentials is sent to cloud service provider side server by terminal device, and first temporary credentials is used for
Request accesses the resource on the server of the cloud service provider side, and cloud service provider side server provides for cloud service
The server of business side, the terminal device is the server of third party service provider side;
The terminal device receives the second temporary credentials that cloud service provider side server is sent, and described second faces
When certificate be used to indicate that there is target authority, the target authority is used to indicate to have to access cloud service provider side service
The authority of target resource on device;
The terminal device by second temporary credentials access cloud service provider side server on described in
Target resource.
The third aspect of the embodiment of the present invention provides a kind of cloud service provider side server, including:
Receiving unit, the first temporary credentials sent for receiving terminal apparatus, first temporary credentials is used to ask
Access the resource on the server of the cloud service provider side;
Determining unit, for determining target authority according to first temporary credentials, the target authority is used to indicate have
There is the authority for accessing the target resource on the server of the cloud service provider side;
Transmitting element, for the second temporary credentials to be sent into the terminal device, second temporary credentials is used to refer to
Show the target authority, serviced so that the terminal device accesses the cloud service provider side by second temporary credentials
The target resource on device.
Fourth aspect of the embodiment of the present invention provides a kind of terminal device, including:
Transmitting element, for the first temporary credentials to be sent into cloud service provider side server, the described first interim card
Book is used to ask to access the resource on the server of the cloud service provider side;
Receiving unit, for receiving the second temporary credentials that cloud service provider side server is sent, described second
Temporary credentials is used to indicate target authority, and the target authority is used to indicate to have to access cloud service provider side server
On target resource authority;
Access unit, described in being accessed by second temporary credentials on the server of the cloud service provider side
Target resource.
The aspect of the embodiment of the present invention the 5th provides a kind of cloud service provider side server, including:
One or more central processing units, memory, bus system and one or more programs, the center processing
Device is connected with the memory by the bus system;
Wherein one or more of programs are stored in the memory, and one or more of programs include referring to
Order, the instruction makes cloud service provider side server perform such as when being performed by cloud service provider side server
The described method that first aspect of the embodiment of the present invention is provided.
The aspect of the embodiment of the present invention the 6th provides a kind of terminal device, including:
One or more processors unit, memory cell, bus system and one or more programs, the processor
Unit is connected with the memory cell by the bus system;
Wherein one or more of programs are stored in the memory cell, and one or more of programs include referring to
Order, the instruction makes the terminal device perform as described in shown in second aspect of the present invention when being performed by the terminal device
Method.
As can be seen from the above technical solutions, the embodiment of the present invention has advantages below:
Cloud service provider side server can be realized by second temporary credentials and the terminal device is carried out
The rights management become more meticulous, that is, cause the terminal device only to have target claim to cloud service provider side server
Access, at the same ensure that terminal device access cloud service provider side server target resource security and flexibly
Property.
Brief description of the drawings
The step schematic flow sheet for the authorization method that Fig. 1 is provided by prior art;
Fig. 2 is a kind of example structure schematic diagram of the structure of cloud service system provided by the present invention;
Fig. 3 is a kind of example structure schematic diagram of cloud service provider side provided by the present invention server;
Fig. 4 is a kind of example structure schematic diagram of terminal device provided by the present invention;
Fig. 5 is a kind of embodiment flow chart of steps of authorization method provided by the present invention;
Fig. 6 is another embodiment flow chart of steps of authorization method provided by the present invention;
Fig. 7 is another embodiment flow chart of steps of authorization method provided by the present invention;
Fig. 8 is the establishment schematic diagram provided by the present invention for preselecting authority;
Fig. 9 is another example structure schematic diagram of cloud service provider side provided by the present invention server;
Figure 10 is another example structure schematic diagram of terminal device provided by the present invention;
Figure 11 is a kind of exemplary plot of application scenarios provided by the present invention.
Embodiment
The embodiments of the invention provide a kind of authorization method, the authorization method shown in the present embodiment is based on cloud service system,
The structure of cloud service system shown in the present embodiment can be found in shown in Fig. 2, wherein, the cloud service system is provided including cloud service
Business side server.And the cloud service provider side server shown in the present embodiment is the clothes of the service platform side of cloud service provider
Business device.
The cloud service system shown in the present embodiment also includes at least one terminal device 202, and the present embodiment is with described
The number of terminal device 202 is illustrative exemplified by one.
Terminal device 202 shown in the present embodiment is the equipment of third party service provider side.
Wherein, the third party service provider is the service based on cloud computing product for entering cloud service provider foundation
Platform there is provided the software to cloud service developer, service, build a station, enterprise application service, by help user preferably using cloud in terms of
Calculate products & services.
Cloud service provider side server shown in the present embodiment can be Resource Owner Resource Owner, or
Cloud service provider side server can be Resource Server Resource Server, or the cloud service provider side take
Business device can be authorization server Authorization Server.
In the present embodiment, the terminal device 202 can be by OAUTH agreements to cloud service provider side server
Request is authorized.
Below in conjunction with optionally being illustrated to the structure of cloud service provider side server shown in Fig. 3, specifically,
The present embodiment is optional example to the explanation of cloud service provider side server architecture, is not limited, as long as the cloud
Service provider side server can realize the mandate to the terminal device 202, so that the terminal device 202 being capable of basis
Authorize the resource accessed on the server of the cloud service provider side.
Cloud service provider side server can be produced than larger difference because of configuration or performance difference, can be included
One or more central processing units (central processing units, CPU) 301 (for example, one or more
Processor) and memory 302, one or more store the storage medium 305 (such as one of application programs 303 or data 304
Individual or more than one mass memory unit).Wherein, memory 302 and storage medium 305 can be of short duration storage or persistently deposit
Storage.One or more modules (diagram is not marked) can be included by being stored in the program of storage medium 305, and each module can be with
Including being operated to the series of instructions in server.Further, central processing unit 301 could be arranged to and storage medium
305 communications, perform the series of instructions operation in storage medium 305 on the server of cloud service provider side.
Cloud service provider side server can also include one or more power supplys 306, and one or more have
Line or radio network interface 307, one or more input/output interfaces 308, and/or, one or more operation systems
Unite 309, such as Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM etc..
Below in conjunction with illustrative to the concrete structure of the terminal device 202 shown in the present embodiment shown in Fig. 4.
The terminal device includes input block 405, processor unit 403, output unit 401, communication unit 407, deposited
The components such as storage unit 404, radio circuit 408.
These components are communicated by one or more bus.It will be understood by those skilled in the art that shown in Fig. 4
The structure of terminal device does not constitute limitation of the invention, and it both can be busbar network or hub-and-spoke configuration, go back
It can include than illustrating more or less parts, either combine some parts or different parts arrangement.
In embodiments of the present invention, the terminal device can be any movement or portable electric appts, including but
Be not limited to smart mobile phone, removable computer, tablet personal computer, personal digital assistant (Personal Digital Assistant,
PDA), media player, intelligent television etc..
The terminal device includes:
Output unit 401, the image to be shown for exporting.
Specifically, the output unit 401 includes but is not limited to image output unit 4011 and voice output unit 4012.
The image output unit 4011 is used for output character, picture and/or video.The image output unit 4011 can
Including display panel, for example with liquid crystal display (English full name:Liquid Crystal Display, English abbreviation:
LCD), Organic Light Emitting Diode (English full name:Organic Light-Emitting Diode, English abbreviation:OLED), field is sent out
Penetrate display (English full name:Field emission display, English abbreviation FED) etc. form come the display panel that configures.
Or the image output unit 4011 can include reflected displaying device, such as electrophoresis-type (electrophoretic) is shown
Device, or utilize interference of light modulation tech (English full name:Interferometric Modulation of Light) display
Device.
The image output unit 4011 can include individual monitor or various sizes of multiple displays.In the present invention
Embodiment in, touch-screen also can simultaneously be used as output unit 401 display panel.
For example, after touch-screen is detected in touch thereon or close gesture operation, sending processor unit 403 to
To determine the type of touch event, provided on a display panel accordingly according to the type of touch event with post-processor unit 403
Visual output.Although in Fig. 4, input block 405 and output unit 401 are to realize terminal as two independent parts
The input of equipment and output function, but it is in some embodiments it is possible to touch-screen and display panel is integrated and realize
The input of terminal device and output function.For example, the image output unit 4011 can show various Graphic User Interfaces
(English full name:Graphical User Interface, English abbreviation GUI) using as virtual controlling component, including but do not limit
In window, scroll bar, icon and scrapbook, so that user is operated by touch control manner.
In the specific embodiment of the invention, the image output unit 4011 includes wave filter and amplifier, for inciting somebody to action
Video filtering and amplification that processor unit 403 is exported.Voice output unit 4012 includes digital analog converter, for inciting somebody to action
The audio signal that processor unit 403 is exported is converted to analog format from number format.
Processor unit 403, for running corresponding code, is handled receive information, corresponding to generate and export
Interface.
Specifically, the processor unit 403 is the control centre of terminal device, it is whole using various interfaces and connection
The various pieces of individual terminal device, software program and/or module in memory cell are stored in by operation or execution, and adjust
With the data being stored in memory cell, to perform the various functions and/or processing data of terminal device.The processor unit
403 can be by integrated circuit (English full name:Integrated Circuit, English abbreviation:IC) constitute, for example can be by single
The IC of encapsulation is constituted, and can also be made up of the encapsulation IC of many identical functions of connection or difference in functionality.
For example, the processor unit 403 can only include central processing unit (English full name:Central
Processing Unit, English abbreviation:) or graphics processor (English full name CPU:Graphics Processing
Unit, English abbreviation:GPU), digital signal processor (English full name:Digital Signal Processor, English abbreviation:
DSP the combination of the control chip (such as baseband chip)) and in communication unit.In embodiments of the present invention, CPU can be
Single arithmetic core, can also include multioperation core.
Memory cell 404, for store code and data, code is run for processor unit 403.
Specifically, memory cell 404 can be used for storage software program and module, processor unit 403 is deposited by operation
The software program and module in memory cell 404 are stored up, so as to perform the various function application of terminal device and realize data
Processing.Memory cell 404 mainly include program storage area and data storage area, wherein, program storage area can storage program area,
Application program needed at least one function, such as sound playing program, image player program etc.;Data storage area can be stored
Created data (such as voice data, phone directory etc.) etc. are used according to terminal device.
In the specific embodiment of the invention, memory cell 404 can include volatile memory, such as non-volatile dynamic
State random access memory (English full name:Nonvolatile Random Access Memory, English abbreviation NVRAM), phase transformation
Change random access memory (English full name:Phase Change RAM, English abbreviation PRAM), magnetic-resistance random access memory (English
Literary full name:Magetoresistive RAM, English abbreviation MRAM) etc., nonvolatile memory can also be included, for example, at least
One disk memory, Electrical Erasable programmable read only memory (English full name:Electrically Erasable
Programmable Read-Only Memory, English abbreviation EEPROM), flush memory device, such as anti-or flash memory (English full name:
NOR flash memory) or anti-and flash memory (English full name:NAND flash memory).
Operating system and application program performed by nonvolatile storage storage processor unit 403.The processor list
Digital content to internal memory and is stored in mass storage by member 403 from the nonvolatile storage load operating program and data
In.The operating system includes being used to controlling and managing general system tasks, such as memory management, storage device control, power supply
Management etc., and contribute to the various assemblies and/or the driver that are communicated between various software and hardwares.
In embodiments of the present invention, the operating system can be the android system of Google companies, Apple public affairs
Take charge of the iOS system of exploitation or the Windows operating system of Microsoft Corporation exploitation etc., or this kind of insertions of Vxworks
Formula operating system.
The application program includes any application being arranged on terminal device, including but not limited to browser, electronics postal
Part, instant message service, word processing, virtual keyboard, widget (Widget), encryption, digital copyright management, voice are known
Not, speech reproduction, positioning (function of for example being provided by global positioning system), music etc..
Input block 405, for realize user and terminal device interact and/or information is input in terminal device.
For example, the input block 405 can receive the numeral or character information of user's input, set with producing with user
Or the relevant signal input of function control.In the specific embodiment of the invention, input block 405 can be touch-screen, also may be used
To be other human-computer interaction interfaces, such as entity enter key, microphone, other external information capture devices are can also be, for example
Shooting is first-class.
Touch-screen shown in the embodiment of the present invention, collects user in touch or close operational motion thereon.Such as use
Family uses any suitable objects such as finger, stylus or annex on the touchscreen or close to the operational motion of the position of touch-screen,
And corresponding attachment means are driven according to formula set in advance.Optionally, touch-screen may include touch detecting apparatus and touch
Two parts of controller.Wherein, touch detecting apparatus detects the touch operation of user, and the touch operation detected is converted to
Electric signal, and send the electric signal to touch controller;Touch controller receives the electricity from touch detecting apparatus
Signal, and contact coordinate is converted into, then give the processor unit 403.
Order and execution that the touch controller can be sent with reception processing device unit 403.In addition, the touch-screen
Touch-screen can be realized using polytypes such as resistance-type, condenser type, infrared ray and surface acoustic waves.
The present invention other embodiment in, the entity enter key that the input block 405 is used can include but
It is not limited to one in physical keyboard, function key (such as volume control button, switch key etc.), trace ball, mouse, action bars etc.
Plant or a variety of.The input block 405 of microphone form can collect the voice of user or environment input and convert thereof into telecommunications
Number form, the order that processor unit 403 is executable.
In some other embodiment of the present invention, the input block 405 can also be various kinds of sensors part, for example
Hall device, such as physical quantity for detecting terminal device, power, torque, pressure, stress, position, displacement, speed, acceleration
Time that degree, angle, angular speed, revolution, rotating speed and working condition change etc., it is transformed into electricity to be detected and controlled
System.Some other senser elements can also include accrued gravity-feed tank, triaxial accelerometer, gyroscope, electronic compass, ambient light biography
Sensor, proximity transducer, temperature sensor, humidity sensor, pressure sensor, heart rate sensor, Fingerprint Identification Unit etc..
Communication unit 407, for setting up communication channel, makes terminal device by the communication channel to be connected to long-range clothes
It is engaged in device, and from media data under the remote server.The communication unit 407 can include WLAN (English full name:
Wireless Local Area Network, English abbreviation:Wireless LAN) module, bluetooth module, baseband module etc. be logical
Believe module, and the communication module corresponding radio frequency (English full name:Radio Frequency, English abbreviation:RF) circuit,
For carrying out WLAN communication, Bluetooth communication, infrared communication and/or cellular communications system communication, such as broadband
Code division re-accesses (English full name more:Wideband Code Division Multiple Access, English abbreviation:W-CDMA)
And/or high-speed downstream packet access (English full name:High Speed Downlink Packet Access, English abbreviation
HSDPA).The communication for each component that the communication module is used in control terminal equipment, and direct memory access can be supported.
In the different embodiments of the present invention, the various communication modules in the communication unit 407 are general with integrated electricity
Road chip (English full name:Integrated Circuit Chip) form occur, and the property of can be chosen combine, without
Including all communication modules and corresponding antenna sets.For example, the communication unit 407 can only include baseband chip, radio frequency core
Piece and corresponding antenna in a cellular communication system to provide communication function.Set up via the communication unit 407
Wireless communication connection, such as WLAN are accessed or WCDMA accesses, and the terminal device can be connected to Cellular Networks (English
Full name:Cellular Network) or internet.In some optional embodiments of the present invention, in the communication unit 407
Communication module, such as baseband module is desirably integrated into processor unit 403, typical as high pass (Qualcomm) company carries
The APQ+MDM series platforms of confession.
Radio circuit 408, for signal to be received and sent in information transmit-receive or communication process.For example, by the descending of base station
After information is received, handled to processor unit 403;In addition, being sent to base station by up data are designed.Generally, the radio frequency
Circuit 408 includes being used for performing the known circuits of these functions, including but not limited to antenna system, radio frequency transceiver, one or
Multiple amplifiers, tuner, one or more oscillators, digital signal processor, encoding and decoding (Codec) chipset, Yong Hushen
Part module (SIM) card, memory etc..In addition, radio circuit 408 can also be logical by radio communication and network and other equipment
Letter.
The radio communication can use any communication standard or agreement, including but not limited to global system for mobile communications
(English full name:Global System of Mobile communication, English abbreviation:GSM), general grouped wireless takes
Business (English full name:General Packet Radio Service, English abbreviation:GPRS), CDMA (English full name:
Code Division Multiple Access, English abbreviation:CDMA), WCDMA (English full name:Wideband
Code Division Multiple Access, English abbreviation:WCDMA), high speed uplink downlink packet access technology (English
Full name:High Speed Uplink Packet Access, English abbreviation:HSUPA), Long Term Evolution (English full name:Long
Term Evolution, English abbreviation:LTE), Email, Short Message Service (English full name:Short Messaging
Service, English abbreviation:SMS) etc..
Power supply 409, is powered to maintain it to run for the different parts to terminal device.As generality understanding,
The power supply 409 can be built-in battery, such as common lithium ion battery, Ni-MH battery, also including directly to terminal
The external power supply that equipment is powered, such as AC adapters.In certain embodiments of the present invention, the power supply 409 can be with
Make more extensive definition, for example, can also include power-supply management system, charging system, power failure detection circuit, power supply and turn
Parallel operation or inverter, power supply status indicator (such as light emitting diode), and electric energy generation, management and distribution with terminal device
Other associated any components.
Based on shown in Fig. 1 to Fig. 4, below in conjunction with shown in Fig. 5 by executive agent of cloud service provider side server to this
The authorization method that inventive embodiments are provided is described in detail:
The first temporary credentials that step 501, cloud service provider side server receiving terminal equipment are sent.
First temporary credentials is used to ask to access the resource on the server of the cloud service provider side;
Specifically, needing to access the cloud service to the request of cloud service provider side server in the terminal device
In the case of resource on provider's side server, user can log in the targeted website of the terminal device, the target network
Stand as the website for obtaining the cloud service provider side server mandate, by logging in the website so that the terminal is set
It is standby first temporary credentials to be sent to cloud service provider side server.
In the case where terminal device needs to obtain the cloud service provider side server mandate, the terminal device is
First temporary credentials can be sent to cloud service provider side server.
Step 502, cloud service provider side server determine target authority according to first temporary credentials.
Wherein, the target authority is used to indicate the target resource with accessing on the server of the cloud service provider side
Authority.
Second temporary credentials is sent to the terminal device by step 503, cloud service provider side server.
Second temporary credentials shown in the present embodiment is short-term credentials.Can by second temporary credentials it is effective when
Between configure a few minutes to a few houres.Once the voucher of the second temporary credentials expires, then cloud service provider side server will no longer
Second temporary credentials is recognized, so that the terminal device can not access the cloud by second temporary credentials again
Target resource on the server of service provider side.
Cloud service provider side server shown in the present embodiment performs the specific implementation procedure of authorization method, please refer to figure
Embodiment shown in 7.
Based on shown in Fig. 1 to Fig. 4, below in conjunction with shown in Fig. 6 by executive agent of terminal device to institute of the embodiment of the present invention
The authorization method of offer is described in detail:
First temporary credentials is sent to cloud service provider side server by step 601, terminal device.
The explanation of first temporary credentials can be found in the embodiment shown in Fig. 5, not repeat in the present embodiment specifically.
Step 602, the terminal device receive the second temporary credentials that cloud service provider side server is sent.
The explanation of second temporary credentials can be found in the embodiment shown in Fig. 5, not repeat in the present embodiment specifically.
Step 603, the terminal device access cloud service provider side server by second temporary credentials
On the target resource.
Terminal device shown in the present embodiment performs the specific implementation procedure of authorization method, please implementation in detail as shown in Figure 7
Example.
Below in conjunction with specifically being described in detail to the execution flow of the authorization method shown in Fig. 5 and Fig. 6 shown in Fig. 7:
As shown in fig. 7, the authorization method includes:
Solicited message is sent to cloud service provider side server by step 701, the terminal device.
Illustrating for the terminal device shown in the present embodiment, please be referred to shown in above-described embodiment, specifically in this reality
Apply in example and do not repeat.
Specifically, the solicited message shown in the present embodiment includes the first token information that the terminal device has been stored
Token。
Wherein, the first token information Token is used for the terminal device to cloud service provider side server
It is authenticated.
The present embodiment can be a variety of to the type of the first token information Token, and the present embodiment is to first token
Information Token type is not limited.
Terminal device shown in the present embodiment is taken by the first token information Token to the cloud service provider side
Business device request certification, so that cloud service provider side server can be sentenced based on the first token information Token
Break and whether the terminal device is forged, if go beyond one's commission, if be expired etc..
More specifically, the terminal device shown in the present embodiment can be stored with the unification of cloud service provider side server
Resource Locator URL address, then the terminal device shown in the present embodiment can be according to the uniform resource position mark URL
Location sends the solicited message to cloud service provider side server.
More specifically, the terminal device shown in the present embodiment can according to the URL addresses by the solicited message send to
It is used for the website being authenticated to terminal device on the server of the cloud service provider side.
Step 702, cloud service provider side server receive the solicited message that the terminal device is sent.
Specifically, illustrating for cloud service provider side server please be referred to shown in above-described embodiment, specifically exist
Do not repeated in the present embodiment.
Step 703, cloud service provider side server generate the 4th signing messages.
Specifically, the cloud service provider side server shown in the present embodiment is after the solicited message is received,
First key mark, first token information and cloud service provider side server can be generated random time
Complex information echoInfo is encrypted calculating to generate the 4th signing messages.
Specifically, the cloud service provider side server shown in the present embodiment according to the long term keys stored to
The random return information that one key identification, first token information and cloud service provider side server are generated
EchoInfo is encrypted calculating to generate the 4th signing messages.
4th signing messages is sent to the terminal device by step 704, cloud service provider side server.
Step 705, the terminal device judge whether the 4th signing messages meets first condition, if so, then performing
Step 706.
In the present embodiment, after terminal device receives the 4th signing messages, you can to the 4th signing messages
It is decrypted and calculates to obtain first key mark, first token information and the institute that the 4th signing messages is included
State the random return information echoInfo that cloud service provider side server is generated.
The first condition shown in the present embodiment is:First token information included by 4th signing messages
It is identical with first token information that the terminal device has been stored.
In the present embodiment, if the terminal device judges first token letter included by the 4th signing messages
In the case of the first token information identical that breath has been stored with the terminal device, i.e., described terminal device is determined described
In the case that 4th signing messages meets the first condition, then step 706 can be continued executing with.
5th signing messages is sent to cloud service provider side server by step 706, the terminal device.
Specifically, the terminal device shown in the present embodiment believes random reply included by the 4th signing messages
Breath is sent to cloud service provider side server.
Specific sending method is, the terminal device the received random return information is encrypted calculating with
The 5th signing messages is generated, i.e., the 5th signing messages that described terminal device is generated includes the random reply
Information.
The terminal device shown in the present embodiment can be by the 5th signing messages by the random return information
It is sent to cloud service provider side server.
In the present embodiment, the terminal device can call the target interface of cloud service provider side server to realize
Data interaction between the terminal device and cloud service provider side server.
Specifically, the target interface of cloud service provider side server can be cloud service provider side server
Interface API OpenServiceAuhorization.
Terminal device shown in the present embodiment calls the cloud service provider side to service by the 5th signing messages
The target interface of device.
Step 707, cloud service provider side server obtain the random reply included by the 5th signing messages
Information.
Specifically, cloud service provider side server the 5th signing messages is decrypted calculating to obtain
State the random return information included by the 5th signing messages.
Step 708, cloud service provider side server judge whether the 5th signing messages meets second condition,
If so, then performing step 709.
In the present embodiment, cloud service provider side server is getting the institute included by the 5th signing messages
State after random return information, you can judge whether the 5th signing messages meets second condition.
Wherein, the second condition is:The random return information and the cloud included by 5th signing messages
The random return information that service provider side server is generated is identical.
Judge the random reply included by the 5th signing messages in cloud service provider side server
Information is identical with the random return information that cloud service provider side server is generated, i.e., described 5th signing messages
In the case of meeting the second condition, then URL is completed between cloud service provider side server and the terminal device
Confirm, then can carry out data friendship between the cloud service provider side server and the terminal device that complete URL confirmations
Mutually.
Specifically, being completed between cloud service provider side server and the terminal device after URL confirmations, the cloud
The target interface API OpenServiceAuhorization of service provider side server are by terminal device success
Call.
Step 709, cloud service provider side server generate the first signing messages.
Specifically, cloud service provider side server shown in the present embodiment encrypted ticket is encrypted calculating with
The first signing messages is generated, wherein, the encrypted ticket is used to be authenticated the terminal device.
First signing messages is sent to the terminal device by step 710, cloud service provider side server.
In the present embodiment, after cloud service provider side server generates first signing messages, you can by
First signing messages of generation is sent to cloud service provider side server.
Second signing messages is sent to cloud service provider side server by step 711, the terminal device.
Specifically, the terminal device shown in the present embodiment is after first signing messages is received, you can to institute
The first signing messages is stated calculating is decrypted to obtain the encrypted ticket included by first signing messages.
More specifically, the terminal device encrypted ticket is encrypted calculating to generate second A.L.S.
Breath, it is seen then that second signing messages that the terminal device is generated includes the encrypted ticket.
Step 712, cloud service provider side server obtain the encryption included by second signing messages
Bill.
Specifically, the cloud service provider side server shown in the present embodiment can be received transmitted by the terminal device
Second signing messages, and to second signing messages be decrypted calculating wrapped with obtaining second signing messages
The encrypted ticket included.
Step 713, cloud service provider side server obtain the 3rd signing messages.
Specifically, cloud service provider side server described in get included by second signing messages plus
After close bill, you can the encrypted ticket included by second signing messages is encrypted calculating to generate the described 3rd
Signing messages.
Step 714, cloud service provider side server are interim by first in the case of it is determined that meeting third condition
Certificate is sent to the terminal device.
Specifically, the cloud service provider side server shown in the present embodiment judges second signing messages and institute
Whether identical state the 3rd signing messages, if second signing messages is identical with the 3rd signing messages, the cloud service
Provider's side server is that can determine that to meet the third condition, i.e., the third condition shown in the present embodiment is:It is described
3rd signing messages is identical with second signing messages.
Optionally, the terminal device encrypted ticket can be encrypted by the long term keys of the terminal device
Calculate, and the described first interim card is asked to cloud service provider side server by the encrypted ticket after computations
Book, after the terminal device gets first temporary credentials, the terminal device can pass through the described first interim card
Book completes the certification link between the server of the cloud service provider side, the terminal device after being mutually authenticated and described
Cloud service provider side server can carry out real-time authorization flow, wherein, the real-time authorization flow shown in the present embodiment
Basis be that oAuth2.0 agreement real-time authorization flows are asked shown in embodiment as described below.
The first temporary credentials that step 715, the terminal device are sent to cloud service provider side server.
Wherein, first temporary credentials is used to ask to access the resource on the server of the cloud service provider side.
The target interface API that first temporary credentials shown in the present embodiment has been called to the terminal device
OpenServiceAuhorization acquisition request pre-granted weighted codes precode.
It can effectively prevent malice or the terminal of personation from setting by the pre-granted weighted code precode shown in the present embodiment
Standby obtained to cloud service provider side server authorizes, so as to effectively improve the safety of real-time authorization process.
Pre-granted weighted code is sent to the terminal device by step 716, cloud service provider side server.
Specifically, the cloud service provider side server shown in the present embodiment is getting first temporary credentials
Afterwards, you can judge the first temporary credentials and currently received described that cloud service provider side server is stored
Whether one temporary credentials is identical, if so, then the pre-granted weighted code can be sent to institute by cloud service provider side server
State terminal device.
Step 717, the terminal device obtain the authentication information that user submits.
Specifically, the terminal device shown in the present embodiment is after the pre-granted weighted code is received, you can by the mesh
Mark website is redirected, so that the targeted website jumps to the cloud service provider for including the pre-granted weighted code
In the login page of side server.
Specifically, also including key identification in the login page shown in the present embodiment.
The login page shown in the present embodiment can receive user's input for the user name that is logged in and close
Code is to carry out authentication.
Specifically, the present embodiment carried out by taking the username and password of the authentication information including the user as an example it is exemplary
Explanation, in a particular application, the authentication information may also include the other information for certification, specifically in the present embodiment not
Limit.
In the present embodiment, cloud service provider side server can be previously stored with multiple user names and with it is each described
The corresponding password of user name, the user can by log in page from the terminal device to cloud service provider side server
Face inputs the authentication information, if cloud service provider side server described recognizing of determining that the user is currently inputted
Card information has been stored on the server of the cloud service provider side, it is determined that the user have passed through certification.
Step 718, cloud service provider side server are obtained selectes authority.
In the present embodiment, the authentication information submitted in cloud service provider side server according to the user
Determine that the user passes through certification, then cloud service provider side server can provide a user permissions list.
Specifically, the permissions list includes multiple authorities to be selected.
The user can select the authority needed by the permissions list in the multiple authority to be selected.
Specifically, cloud service provider side server receives the selected behaviour that user inputs by the permissions list
Make.
Cloud service provider side server determines selected authority, and the authority of having selected exists for the selected operation
At least one authority in the multiple authority to be selected selected in the permissions list.
For example, thering is an authority to be selected to be to log in microblogging by QQ in the permissions list, if user is in the power
The authority that microblogging is logged in by QQ is have selected in limit list, then cloud service provider side server is that can determine that to step on by QQ
The authority of microblogging is recorded to select authority.
Specifically, after cloud service provider side server gets the selected authority, you can will select
The authentication information of authority and user are bound, then when subsequent user is logged in by the authentication information, can get with
The described of authentication information binding selectes authority, so that the repetition for avoiding user is selected.
Step 719, cloud service provider side server determine pre-selection authority.
The pre-selection authority is terminal device authority selected on the server of the cloud service provider side.
Specifically, the pre-selection authority shown in the present embodiment is realized for user and defines good strategy, the strategy is the terminal
The resource that equipment can be accessed on the server of the cloud service provider side.
As shown in figure 8, the strategy is to include authority and authorization object, authority includes effect, resource, authorizes interface, awards
Power condition etc., authorization object is the user corresponding to authority, i.e., the cloud service provider side server shown in the present embodiment
It is determined that during the pre-selection authority, cloud service provider side server can pass through authority and authorization object realization pair
Preselect the configuration of authority.
Specifically, industry field or service neck that cloud service provider side server can be registered according to terminal device
Domain is created to the strategy.
Specifically, after cloud service provider side server creates good strategy, the terminal device is just given tacit consent to can be with
Perform the resource described in pre-authorization strategy.
Step 720, cloud service provider side server determine target authority.
Specifically, the common factor of authority and the pre-selection authority has been selected described in the determination of cloud service provider side server
For the target authority.
In embodiment, if terminal device described in the present embodiment is not obtained via the permissions list selectes power
Limit, then the target authority shown in the present embodiment is the pre-selection authority.
Specifically, the terminal device is after registration, cloud clothes can be given according to the industry field or service field registered
The default authorisation strategy of business provider side server.So user enters after the website of terminal device, is not selecting other strategies
In the case of, will give tacit consent to allows terminal to access the cloud service provider using terminal device described in the pre-selection Permission Constraints of acquiescence
The resource of side server.
In embodiment, if the terminal device is obtained via the permissions list selectes authority, the present embodiment institute
The target authority shown is the common factor for selecting authority and the pre-selection authority.
I.e. described target authority is included in the selected authority and the pre-selection authority simultaneously.
By the real-time authorization flow shown in the present embodiment, the user using the terminal device is enabled to by the cloud
Service provider side server authorizes the target authority, so that described in the server controls of the cloud service provider side eventually
End equipment is to cloud service provider side server access so that the terminal device is merely able to access the cloud service offer
The target resource on the server of business side, and cloud service provider side server can also control user to access the mesh
Access mode and opportunity of resource etc. are marked, is not limited in the present embodiment specifically.
Below in conjunction with being illustrated shown in Figure 11 with reference to concrete application scene to target authority:
As shown in figure 11, the pre-selection authority shown in the present embodiment is " cloud Host Administration authority (restart, apply, look into by cloud main frame
See) ", i.e., the pre-selection authority shown in the present embodiment entrusts to the terminal to set for cloud service provider side Server Default
Standby authority.
Authority of selecting shown in Figure 11 is " the self-defined third party role of developer ", and cloud service provider side server leads to
Cross the rights management that the selected authority is become more meticulous to the terminal device.
Using application scenarios as shown in figure 11, the terminal device can be logged under the operation of user by wechat
Masses' comment net, and cloud service provider side server can be by target authority to logging in popular comment by wechat
The authority of net is defined, for example, the time that the popular comment net is logged in by wechat, number of times etc. can be limited, specifically at this
Do not limited in embodiment.
Authorization code is sent to the terminal device by step 721, cloud service provider side server.
Specifically, in the present embodiment, in the cloud service provider side, server determines the situation of the target authority
Under, the authorization code that cloud service provider side server has been stored is sent to described by cloud service provider side server
Terminal device.
6th signing messages is sent to cloud service provider side server by step 722, the terminal device.
Wherein, the terminal device is received after the authorization code that cloud service provider side server is sent, i.e.,
The 6th signing messages calculated to generate the authorization code and first temporary credentials can be encrypted.
Step 723, cloud service provider side server judge whether the 6th signing messages meets fourth condition,
If so, target access parameter then is sent into the terminal device.
Specifically, cloud service provider side server is in the case where receiving the 6th signing messages, it is described
Cloud service provider side server the 6th signing messages can be decrypted calculating to obtain the 6th signing messages
The included authorization code and first temporary credentials.
The fourth condition is:The authorization code and the cloud service provider side included by 6th signing messages
The authorization code that server has been stored is identical.
The fourth condition can also be that first temporary credentials and the cloud included by the 6th signing messages take
First temporary credentials that business provider side server has been stored is identical.
In the cloud service provider side, server judges that the 6th signing messages meets the feelings of the fourth condition
Under condition, cloud service provider side server can will be sent to institute for the target access parameter for accessing the target resource
State terminal device.
Wherein, the target authority is used to indicate the target resource with accessing on the server of the cloud service provider side
Authority.
The target access parameter includes the second token information, the second key identification and the second temporary credentials.
Second temporary credentials shown in the present embodiment is short-term credentials.Can by second temporary credentials it is effective when
Between configure a few minutes to a few houres.Once the voucher of the second temporary credentials expires, then cloud service provider side server will no longer
Second temporary credentials is recognized, so that the terminal device can not access the cloud by second temporary credentials again
Target resource on the server of service provider side.
The target access parameter is sent to the terminal device by step 724, cloud service provider side server.
In the present embodiment, the terminal device can be by the target access parameter that has been received by the cloud service
Target resource on provider's side server conducts interviews, and specific access process is as follows:
7th signing messages is sent to cloud service provider side server by step 725, the terminal device.
Wherein, the terminal device is in the case where receiving the target access parameter, and the terminal device can be right
The 7th signing messages calculated to generate is encrypted in the target access parameter.
Step 726, cloud service provider side server generate the 8th signing messages.
Wherein, the mesh that cloud service provider side server is generated to cloud service provider side server
Mark accesses parameter and calculating is encrypted to generate the 8th signing messages.
Step 727, cloud service provider side server determine that the terminal device has and access the target resource
The target authority.
If specifically, cloud service provider side server determines the 7th signing messages and the 8th signature
Information is identical, then cloud service provider side server determines that the terminal device has and accesses the described of the target resource
Target authority.
The terminal device of the target authority is that may have access to the target money on the server of the cloud service provider side
Source.
It can be seen that, using the authorization method shown in the present embodiment, then cloud service provider side server can be to the end
The rights management that end equipment is become more meticulous, so that cloud service provider side server can be to the terminal device
The ability of open access, while ensure that terminal device accesses the safety of the target resource of cloud service provider side server
Data are carried out by signing messages between property and flexibility, and cloud service provider side server and the terminal device
Interaction, so as to improve the safety in data exchange process.
Enter below in conjunction with the concrete structure of the cloud service provider side server provided shown in Fig. 9 the embodiment of the present invention
Row is described in detail:
Cloud service provider side server shown in the present embodiment is used to perform the authorization method shown in Fig. 9, specifically
Implementation procedure in detail as shown in Figure 9, is not repeated specifically please in the present embodiment.
Cloud service provider side server shown in the present embodiment includes:
First processing units 901, for encrypted ticket being encrypted calculating to generate the first signing messages, by described the
One signing messages is sent to the terminal device, receives the second signing messages that the terminal device is sent, second signature
Information includes the terminal device and the encrypted ticket calculated to get is decrypted to first signing messages, to institute
State the second signing messages and calculating is decrypted to obtain the encrypted ticket included by second signing messages, add to described
Close bill is encrypted calculating to generate the 3rd signing messages, however, it is determined that go out the 3rd signing messages and second A.L.S.
Manner of breathing is same, then first temporary credentials is sent into the terminal device.
First signing messages is sent to before the terminal device by the first processing units 901, and described first
Processing unit is specifically for receiving the solicited message that the terminal device is sent, the solicited message includes the terminal device
The first token information stored, takes to first key mark, first token information and the cloud service provider side
Calculating is encrypted to generate the 4th signing messages in the random return information that business device is generated, and the 4th signing messages is sent
To the terminal device, so as to determine first token letter included by the 4th signing messages in the terminal device
In the case of the first token information identical that breath has been stored with the terminal device, the terminal device is by the 5th A.L.S.
Breath is sent to cloud service provider side server, and the 5th signing messages includes the random return information, to described
Calculating is decrypted to obtain the random return information included by the 5th signing messages in 5th signing messages, determines
The institute that the random return information included by 5th signing messages is generated with cloud service provider side server
State in the case of random return information identical, then triggering is performed is sent to the terminal device step by first signing messages
Suddenly.
Receiving unit 902, the first temporary credentials sent for receiving terminal apparatus, first temporary credentials is used for please
Seek the resource accessed on the server of the cloud service provider side;
Determining unit 903, for determining target authority according to first temporary credentials, the target authority is used to indicate
With the authority for accessing the target resource on the server of the cloud service provider side;
Wherein, the determining unit 903 is used to generate permissions list, the permissions list according to first temporary credentials
Including multiple authorities to be selected, the selected operation that user inputs is received by the permissions list, it is determined that authority is selected, it is described
At least one in the multiple authority to be selected that authority is selected by the selected operation in the permissions list has been selected
Individual authority, it is determined that pre-selection authority, the pre-selection authority be the terminal device on the server of the cloud service provider side
Selected authority, it is determined that the authority and the common factor of the pre-selection authority selected is the target authority.
Transmitting element 904, for the second temporary credentials to be sent into the terminal device, second temporary credentials is used for
The target authority is indicated, is taken so that the terminal device accesses the cloud service provider side by second temporary credentials
The target resource being engaged on device.
Wherein, the authorization code that the transmitting element 904 is used to store cloud service provider side server is sent
To the terminal device, receive the terminal device and send the 6th signing messages, the 6th signing messages is that the terminal is set
It is standby that the signing messages calculated to generate is encrypted to the authorization code and first temporary credentials, if judging the 6th label
The authorization code included by name information is identical with the authorization code that cloud service provider side server has been stored, then will
The terminal device is sent to for accessing the target access parameter of the target resource, the target access parameter includes second
Token information, the second key identification and second temporary credentials.
Second processing unit 905, the 7th of the target resource is accessed for being used for of receiving that the terminal device sends
Signing messages, the 7th signing messages terminal device target access parameter is encrypted calculating to generate
Signing messages, the target access parameter generated to cloud service provider side server is encrypted calculating to generate
8th signing messages, however, it is determined that go out the 7th signing messages identical with the 8th signing messages, it is determined that the terminal is set
It is standby that there is the target authority for accessing the target resource.
It is described in detail below in conjunction with the concrete structure of the terminal device provided shown in Figure 10 the embodiment of the present invention:
Cloud service provider side server shown in the present embodiment is used to perform the authorization method shown in Fig. 5, specifically
Implementation procedure in detail as shown in Figure 5, is not repeated specifically please in the present embodiment.
The terminal device shown in the present embodiment includes:
First processing units 1001, for receiving the first signing messages that cloud service provider side server is sent,
First signing messages is that the signature calculated to generate is encrypted to encrypted ticket in cloud service provider side server
Information, calculating is decrypted to first signing messages to obtain the encrypted ticket, the encrypted ticket is encrypted
Calculate to obtain the second signing messages, second signing messages is sent to cloud service provider side server, so that
Cloud service provider side server is in the case of the 3rd signing messages and the second signing messages identical is determined, the cloud
First temporary credentials is sent to the terminal device by service provider side server, and the 3rd signing messages includes institute
Encrypted ticket is stated, first temporary credentials that cloud service provider side server is sent is received.
The first processing units 1001 are receiving the first signing messages that cloud service provider side server is sent
During, specifically for sending solicited message to cloud service provider side server, the solicited message includes described
The first token information that terminal device has been stored, so that cloud service provider side server sends the to the terminal device
Four signing messages, wherein, the 4th signing messages includes first key mark, first token information and cloud clothes
The random return information that business provider side server is generated, receives the 4th signing messages, however, it is determined that go out the 4th label
The first token information identical feelings that first token information included by name information has been stored with the terminal device
Under condition, then calculating is encrypted to the random return information to generate the 5th signing messages, the 5th signing messages is sent out
Cloud service provider side server is given, so as to determine the 5th signature in cloud service provider side server
The random return information included by information is believed with random reply that cloud service provider side server is generated
First signing messages is sent to the terminal device by manner of breathing with the case of.
Transmitting element 1002, for the first temporary credentials to be sent into cloud service provider side server, described first faces
When certificate be used for ask access cloud service provider side server on resource;
Wherein, the transmitting element 1002 is used for, and receives the cloud clothes that cloud service provider side server is sent
The authorization code that business provider side server has been stored, the authorization code and first temporary credentials is encrypted calculating with life
Into the 6th signing messages, the 6th signing messages is sent to cloud service provider side server, if so that described
Cloud service provider side server judges the authorization code and cloud service offer included by the 6th signing messages
The authorization code that business side server has been stored is identical, then will be sent to for the target access parameter for accessing the target resource
The terminal device, the target access parameter includes the second token information, the second key identification and the second interim card
Book, receives the target access parameter.
Receiving unit 1003, it is described for receiving the second temporary credentials that cloud service provider side server is sent
Second temporary credentials is used to indicate target authority, and the target authority is used to indicate to have to access the cloud service provider side clothes
The authority for the target resource being engaged on device;
Access unit 1004, for being accessed by second temporary credentials on the server of the cloud service provider side
The target resource.
Second processing unit 1005, is calculated to generate the 7th A.L.S. for the target access parameter to be encrypted
Breath, is sent to cloud service provider side server, if so that the cloud service provider side by the 7th signing messages
Server determines that the 7th signing messages is identical with the 8th signing messages, it is determined that the terminal device, which has, accesses described
The target authority of target resource, the 8th signing messages is cloud service provider side server to the cloud service
The signing messages calculated to generate is encrypted in the target access parameter that provider's side server is generated.
Understand that cloud service provider side server includes based on the cloud service provider side server shown in Fig. 3:
One or more central processing units 301, memory 302, bus system and one or more programs, institute
Central processing unit 301 is stated with the memory 302 by the bus system to be connected.
Wherein one or more of programs are stored in the memory 302, and one or more of programs include
Instruction, the instruction makes cloud service provider side server execution when being performed by cloud service provider side server
Method as shown in Fig. 5, Fig. 6 or Fig. 7, the specific flow that performs is not repeated in the present embodiment.
Understood based on the terminal device shown in Fig. 4, the terminal device includes one or more processors unit 403, deposited
Storage unit 404, bus system and one or more programs, the processor unit 403 and the memory cell 404 pass through
The bus system is connected;
Wherein one or more of programs are stored in the memory cell 404, one or more of program bags
Instruction is included, the instruction makes the terminal device perform method as shown in Figure 5 when being performed by the terminal device, specifically held
Row process is not repeated in the present embodiment.
It is apparent to those skilled in the art that, for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, may be referred to the corresponding process in preceding method embodiment, will not be repeated here.
In several embodiments provided herein, it should be understood that disclosed system, apparatus and method can be with
Realize by another way.For example, device embodiment described above is only schematical, for example, the unit
Divide, only a kind of division of logic function there can be other dividing mode when actually realizing, such as multiple units or component
Another system can be combined or be desirably integrated into, or some features can be ignored, or do not perform.It is another, it is shown or
The coupling each other discussed or direct-coupling or communication connection can be the indirect couplings of device or unit by some interfaces
Close or communicate to connect, can be electrical, machinery or other forms.
The unit illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit
The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
On NE.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs
's.
In addition, each functional unit in each embodiment of the invention can be integrated in a processing unit, can also
That unit is individually physically present, can also two or more units it is integrated in a unit.Above-mentioned integrated list
Member can both be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.
If the integrated unit is realized using in the form of SFU software functional unit and as independent production marketing or used
When, it can be stored in a computer read/write memory medium.Understood based on such, technical scheme is substantially
The part contributed in other words to prior art or all or part of the technical scheme can be in the form of software products
Embody, the computer software product is stored in a storage medium, including some instructions are to cause a computer
Equipment (can be personal computer, server, or network equipment etc.) performs the complete of each embodiment methods described of the invention
Portion or part steps.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only
Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can store journey
The medium of sequence code.
Described above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to before
Embodiment is stated the present invention is described in detail, it will be understood by those within the art that:It still can be to preceding
State the technical scheme described in each embodiment to modify, or equivalent substitution is carried out to which part technical characteristic;And these
Modification is replaced, and the essence of appropriate technical solution is departed from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (15)
1. a kind of authorization method, it is characterised in that including:
The first temporary credentials that cloud service provider side server receiving terminal equipment is sent, first temporary credentials is used for please
Seek the resource accessed on the server of the cloud service provider side;
Cloud service provider side server determines target authority according to first temporary credentials, and the target authority is used for
Indicate with the authority for accessing the target resource on the server of the cloud service provider side;
Second temporary credentials is sent to the terminal device, second temporary credentials by cloud service provider side server
For indicating the target authority, so that the terminal device accesses the cloud service provider by second temporary credentials
The target resource on the server of side.
2. authorization method according to claim 1, it is characterised in that cloud service provider side server receiving terminal
Before the first temporary credentials that equipment is sent, methods described also includes:
The cloud service provider side server encrypted ticket is encrypted calculating to generate the first signing messages;
First signing messages is sent to the terminal device by cloud service provider side server;
Cloud service provider side server receives the second signing messages that the terminal device is sent, second A.L.S.
Breath includes the terminal device and the encrypted ticket calculated to get is decrypted to first signing messages;
Cloud service provider side server second signing messages is decrypted calculating to obtain second signature
The encrypted ticket included by information;
The cloud service provider side server encrypted ticket is encrypted calculating to generate the 3rd signing messages;
If cloud service provider side server determines that the 3rd signing messages is identical with second signing messages,
First temporary credentials is sent to the terminal device by cloud service provider side server.
3. authorization method according to claim 2, it is characterised in that cloud service provider side server is by described
One signing messages is sent to before the terminal device, and methods described also includes:
Cloud service provider side server receives the solicited message that the terminal device is sent, and the solicited message includes institute
State the first token information that terminal device has been stored;
Cloud service provider side server is identified to first key, first token information and the cloud service are provided
The random return information that business side server is generated is encrypted calculating to generate the 4th signing messages;
4th signing messages is sent to the terminal device by cloud service provider side server, so that at the end
End equipment determines the institute that first token information included by the 4th signing messages has been stored with the terminal device
State in the case of the first token information identical, the 5th signing messages is sent to the cloud service provider side by the terminal device
Server, the 5th signing messages includes the random return information;
Cloud service provider side server the 5th signing messages is decrypted calculating to obtain the 5th signature
The random return information included by information;
If cloud service provider side server determines the random return information included by the 5th signing messages
In the case of the random return information identical generated with cloud service provider side server, triggering performs the cloud
First signing messages is sent to the terminal device step by service provider side server.
4. the authorization method according to any one of claims 1 to 3, it is characterised in that the cloud service provider side service
Device determines that target authority includes according to first temporary credentials:
Cloud service provider side server generates permissions list according to first temporary credentials, and the permissions list includes
Multiple authorities to be selected;
Cloud service provider side server receives the selected operation that user inputs by the permissions list;
Cloud service provider side server determines selected authority, and the selected authority is the selected operation described
At least one authority in the multiple authority to be selected selected in permissions list;
Cloud service provider side server determines pre-selection authority, and the pre-selection authority is that the terminal device takes in the cloud
Selected authority on business provider side server;
Cloud service provider side server has selected the common factor of authority and the pre-selection authority for the target described in determining
Authority.
5. authorization method according to claim 1, it is characterised in that cloud service provider side server faces second
When certificate be sent to the terminal device and include:
The authorization code that cloud service provider side server has been stored is sent to institute by cloud service provider side server
State terminal device;
Cloud service provider side server receives the terminal device and sends the 6th signing messages, the 6th signing messages
The signing messages calculated to generate is encrypted to the authorization code and first temporary credentials for the terminal device;
If cloud service provider side server judges the authorization code and the cloud included by the 6th signing messages
The authorization code that service provider side server has been stored is identical, then cloud service provider side server will be used to access
The target access parameter of the target resource is sent to the terminal device, and the target access parameter is believed including the second token
Breath, the second key identification and second temporary credentials.
6. authorization method according to claim 5, it is characterised in that methods described also includes:
What the cloud service provider side server reception terminal device was sent is used to access the 7th of the target resource
Signing messages, the 7th signing messages terminal device target access parameter is encrypted calculating to generate
Signing messages;
The target access ginseng that cloud service provider side server is generated to cloud service provider side server
Number is encrypted calculating to generate the 8th signing messages;
If cloud service provider side server determines that the 7th signing messages is identical with the 8th signing messages,
Cloud service provider side server determines that the terminal device has the target authority for accessing the target resource.
7. a kind of authorization method, it is characterised in that including:
First temporary credentials is sent to cloud service provider side server by terminal device, and first temporary credentials is used to ask
Access the resource on the server of the cloud service provider side;
The terminal device receives the second temporary credentials that cloud service provider side server is sent, the described second interim card
Book is used to indicate target authority, and the target authority is used to indicate the mesh with accessing on the server of the cloud service provider side
Mark the authority of resource;
The terminal device accesses the target on the server of the cloud service provider side by second temporary credentials
Resource.
8. authorization method according to claim 7, it is characterised in that the first temporary credentials is sent to by the terminal device
Before the server of cloud service provider side, methods described also includes:
The terminal device receives the first signing messages that cloud service provider side server is sent, first A.L.S.
Cease and the signing messages calculated to generate is encrypted to encrypted ticket for cloud service provider side server;
The terminal device first signing messages is decrypted calculating to obtain the encrypted ticket;
The terminal device encrypted ticket is encrypted calculating to obtain the second signing messages;
Second signing messages is sent to cloud service provider side server by the terminal device, so that the cloud takes
Provider's side server be engaged in the case of the 3rd signing messages and the second signing messages identical is determined, the cloud service is provided
First temporary credentials is sent to the terminal device by business side server, and the 3rd signing messages includes the encryption ticket
According to;
The terminal device receives first temporary credentials that cloud service provider side server is sent.
9. authorization method according to claim 8, it is characterised in that the terminal device receives the cloud service provider
Before the first signing messages that side server is sent, methods described also includes:
The terminal device sends solicited message to cloud service provider side server, and the solicited message includes the end
The first token information that end equipment has been stored, so that cloud service provider side server sends the 4th to the terminal device
Signing messages, wherein, the 4th signing messages includes first key mark, first token information and the cloud service
The random return information that provider's side server is generated;
The terminal device receives the 4th signing messages;
If the terminal device determines that first token information included by the 4th signing messages is set with the terminal
In the case of standby the first token information identical stored, then the terminal device is added to the random return information
It is close to calculate to generate the 5th signing messages;
5th signing messages is sent to cloud service provider side server by the terminal device, so that in the cloud
Service provider side server determines the random return information and the cloud service included by the 5th signing messages
In the case of the random return information identical that provider's side server is generated, first signing messages is sent to institute
State terminal device.
10. authorization method according to claim 7, it is characterised in that the terminal device receives the cloud service and provided
The second temporary credentials that business side server is sent includes:
The terminal device has received the cloud service provider side server of cloud service provider side server transmission
The authorization code of storage;
The 6th A.L.S. calculated to generate is encrypted to the authorization code and first temporary credentials in the terminal device
Breath;
6th signing messages is sent to cloud service provider side server by the terminal device, if so that the cloud
Service provider side server judges the authorization code and the cloud service provider included by the 6th signing messages
The authorization code that side server has been stored is identical, then will be sent to institute for the target access parameter for accessing the target resource
Terminal device is stated, the target access parameter includes the second token information, the second key identification and second temporary credentials;
The terminal device receives the target access parameter.
11. authorization method according to claim 10, it is characterised in that methods described also includes:
The terminal device target access parameter is encrypted calculating to generate the 7th signing messages;
7th signing messages is sent to cloud service provider side server by the terminal device, if so that the cloud
Service provider side server determines that the 7th signing messages is identical with the 8th signing messages, it is determined that the terminal device
With the target authority for accessing the target resource, the 8th signing messages is cloud service provider side server
The A.L.S. calculated to generate is encrypted in the target access parameter generated to cloud service provider side server
Breath.
12. a kind of cloud service provider side server, it is characterised in that including:
Receiving unit, the first temporary credentials sent for receiving terminal apparatus, first temporary credentials is used to ask to access
Resource on the server of the cloud service provider side;
Determining unit, for determining target authority according to first temporary credentials, the target authority is used to indicate to have to visit
Ask the authority of the target resource on the server of the cloud service provider side;
Transmitting element, for the second temporary credentials to be sent into the terminal device, second temporary credentials is used to indicate institute
Target authority is stated, so that the terminal device is accessed on the server of the cloud service provider side by second temporary credentials
The target resource.
13. a kind of terminal device, it is characterised in that including:
Transmitting element, for the first temporary credentials to be sent into cloud service provider side server, first temporary credentials is used
The resource on the server of the cloud service provider side is accessed in request;
Receiving unit, for receiving the second temporary credentials that cloud service provider side server is sent, described second is interim
Certificate is used to indicate target authority, and the target authority is used to indicate to have to access on the server of the cloud service provider side
The authority of target resource;
Access unit, for accessing the target on the server of the cloud service provider side by second temporary credentials
Resource.
14. a kind of cloud service provider side server, it is characterised in that including:
One or more central processing units, memory, bus system and one or more programs, the central processing unit and
The memory is connected by the bus system;
Wherein one or more of programs are stored in the memory, and one or more of programs include instruction, institute
State instruction makes cloud service provider side server perform such as right when being performed by cloud service provider side server
It is required that the authorization method described in 1 to 6 any one.
15. a kind of terminal device, it is characterised in that including:
One or more processors unit, memory cell, bus system and one or more programs, the processor unit
It is connected with the memory cell by the bus system;
Wherein one or more of programs are stored in the memory cell, and one or more of programs include instruction,
The instruction makes the terminal device perform awarding as described in any one of claim 7 to 11 when being performed by the terminal device
Power method.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710447707.0A CN107222485B (en) | 2017-06-14 | 2017-06-14 | Authorization method and related equipment |
| PCT/CN2018/089039 WO2018228199A1 (en) | 2017-06-14 | 2018-05-30 | Authorization method and related device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710447707.0A CN107222485B (en) | 2017-06-14 | 2017-06-14 | Authorization method and related equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107222485A true CN107222485A (en) | 2017-09-29 |
| CN107222485B CN107222485B (en) | 2020-08-21 |
Family
ID=59948556
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710447707.0A Active CN107222485B (en) | 2017-06-14 | 2017-06-14 | Authorization method and related equipment |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN107222485B (en) |
| WO (1) | WO2018228199A1 (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018228199A1 (en) * | 2017-06-14 | 2018-12-20 | 腾讯科技(深圳)有限公司 | Authorization method and related device |
| CN109450984A (en) * | 2018-10-16 | 2019-03-08 | 深信服科技股份有限公司 | A kind of management method of cloud framework, equipment and computer readable storage medium |
| CN109547444A (en) * | 2018-11-28 | 2019-03-29 | 腾讯科技(深圳)有限公司 | Virtual objects acquisition methods, device and electronic equipment |
| CN110798434A (en) * | 2018-08-03 | 2020-02-14 | Emc Ip控股有限公司 | Access management to instances on a cloud |
| CN110839005A (en) * | 2018-08-17 | 2020-02-25 | 恩智浦美国有限公司 | Secure enrollment of devices using cloud platform |
| CN111159736A (en) * | 2019-12-25 | 2020-05-15 | 联通(广东)产业互联网有限公司 | Application control method and system of block chain |
| CN111275605A (en) * | 2018-12-04 | 2020-06-12 | 畅想科技有限公司 | Buffer checker |
| CN112000942B (en) * | 2020-10-30 | 2021-01-22 | 成都掌控者网络科技有限公司 | Authority list matching method, device, equipment and medium based on authorization behavior |
| CN112364307A (en) * | 2020-09-30 | 2021-02-12 | 深圳市为汉科技有限公司 | Software authorization method and related equipment |
| CN112956170A (en) * | 2018-11-06 | 2021-06-11 | 维萨国际服务协会 | System and method for managing transaction state objects |
| CN113438314A (en) * | 2021-06-29 | 2021-09-24 | 青岛海尔科技有限公司 | Equipment control method and device, storage medium and electronic device |
| CN113553600A (en) * | 2020-04-23 | 2021-10-26 | 华为技术有限公司 | Resource acquisition method, system, server and storage medium |
| CN113779516A (en) * | 2021-06-29 | 2021-12-10 | 青岛海尔科技有限公司 | Equipment control method and device, storage medium and electronic device |
| WO2022161124A1 (en) * | 2021-01-29 | 2022-08-04 | 北京京东拓先科技有限公司 | Data sharing method and apparatus |
| US11782806B2 (en) | 2018-12-04 | 2023-10-10 | Imagination Technologies Limited | Workload repetition redundancy |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101043403A (en) * | 2007-03-15 | 2007-09-26 | 西安电子科技大学 | Field based digital copyright protecting family network system |
| CN103109510A (en) * | 2012-10-16 | 2013-05-15 | 华为技术有限公司 | Resource safety access method and device |
| CN103685267A (en) * | 2013-12-10 | 2014-03-26 | 小米科技有限责任公司 | Data access method and device |
| CN105208042A (en) * | 2015-10-15 | 2015-12-30 | 黄云鸿 | Resource safety access method and system |
| CN106487765A (en) * | 2015-08-31 | 2017-03-08 | 索尼公司 | Authorize access method and the equipment using the method |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030125012A1 (en) * | 2001-12-28 | 2003-07-03 | Allen Lee S. | Micro-credit certificate for access to services on heterogeneous access networks |
| US20090307759A1 (en) * | 2008-06-06 | 2009-12-10 | Microsoft Corporation | Temporary Domain Membership for Content Sharing |
| CN107222485B (en) * | 2017-06-14 | 2020-08-21 | 腾讯科技(深圳)有限公司 | Authorization method and related equipment |
-
2017
- 2017-06-14 CN CN201710447707.0A patent/CN107222485B/en active Active
-
2018
- 2018-05-30 WO PCT/CN2018/089039 patent/WO2018228199A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101043403A (en) * | 2007-03-15 | 2007-09-26 | 西安电子科技大学 | Field based digital copyright protecting family network system |
| CN103109510A (en) * | 2012-10-16 | 2013-05-15 | 华为技术有限公司 | Resource safety access method and device |
| CN103685267A (en) * | 2013-12-10 | 2014-03-26 | 小米科技有限责任公司 | Data access method and device |
| CN106487765A (en) * | 2015-08-31 | 2017-03-08 | 索尼公司 | Authorize access method and the equipment using the method |
| CN105208042A (en) * | 2015-10-15 | 2015-12-30 | 黄云鸿 | Resource safety access method and system |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018228199A1 (en) * | 2017-06-14 | 2018-12-20 | 腾讯科技(深圳)有限公司 | Authorization method and related device |
| CN110798434A (en) * | 2018-08-03 | 2020-02-14 | Emc Ip控股有限公司 | Access management to instances on a cloud |
| CN110798434B (en) * | 2018-08-03 | 2022-04-08 | Emc Ip控股有限公司 | Computer system, method performed by computing device, and storage medium |
| CN110839005A (en) * | 2018-08-17 | 2020-02-25 | 恩智浦美国有限公司 | Secure enrollment of devices using cloud platform |
| CN110839005B (en) * | 2018-08-17 | 2023-08-01 | 恩智浦美国有限公司 | Secure registration of devices with cloud platform |
| CN109450984B (en) * | 2018-10-16 | 2021-12-21 | 深信服科技股份有限公司 | Cloud architecture management method and device and computer readable storage medium |
| CN109450984A (en) * | 2018-10-16 | 2019-03-08 | 深信服科技股份有限公司 | A kind of management method of cloud framework, equipment and computer readable storage medium |
| CN112956170A (en) * | 2018-11-06 | 2021-06-11 | 维萨国际服务协会 | System and method for managing transaction state objects |
| CN109547444A (en) * | 2018-11-28 | 2019-03-29 | 腾讯科技(深圳)有限公司 | Virtual objects acquisition methods, device and electronic equipment |
| CN111275605A (en) * | 2018-12-04 | 2020-06-12 | 畅想科技有限公司 | Buffer checker |
| CN111275605B (en) * | 2018-12-04 | 2023-11-07 | 畅想科技有限公司 | buffer checker |
| US11782806B2 (en) | 2018-12-04 | 2023-10-10 | Imagination Technologies Limited | Workload repetition redundancy |
| CN111159736A (en) * | 2019-12-25 | 2020-05-15 | 联通(广东)产业互联网有限公司 | Application control method and system of block chain |
| WO2021213061A1 (en) * | 2020-04-23 | 2021-10-28 | 华为技术有限公司 | Resource acquisition method and system, server and storage medium |
| CN113553600A (en) * | 2020-04-23 | 2021-10-26 | 华为技术有限公司 | Resource acquisition method, system, server and storage medium |
| CN112364307A (en) * | 2020-09-30 | 2021-02-12 | 深圳市为汉科技有限公司 | Software authorization method and related equipment |
| CN112364307B (en) * | 2020-09-30 | 2024-03-12 | 深圳市为汉科技有限公司 | Software authorization method and related equipment |
| CN112000942B (en) * | 2020-10-30 | 2021-01-22 | 成都掌控者网络科技有限公司 | Authority list matching method, device, equipment and medium based on authorization behavior |
| WO2022161124A1 (en) * | 2021-01-29 | 2022-08-04 | 北京京东拓先科技有限公司 | Data sharing method and apparatus |
| CN113779516A (en) * | 2021-06-29 | 2021-12-10 | 青岛海尔科技有限公司 | Equipment control method and device, storage medium and electronic device |
| CN113438314A (en) * | 2021-06-29 | 2021-09-24 | 青岛海尔科技有限公司 | Equipment control method and device, storage medium and electronic device |
| CN113779516B (en) * | 2021-06-29 | 2023-08-18 | 青岛海尔科技有限公司 | Equipment control method and device, storage medium and electronic device |
| CN113438314B (en) * | 2021-06-29 | 2023-10-24 | 青岛海尔科技有限公司 | Equipment control method and device, storage medium and electronic device |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2018228199A1 (en) | 2018-12-20 |
| CN107222485B (en) | 2020-08-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107222485A (en) | A kind of authorization method and relevant device | |
| US9703971B2 (en) | Sensitive operation verification method, terminal device, server, and verification system | |
| US20190052465A1 (en) | Method and appratus for authentication and promotion of services | |
| CN111066284B (en) | Service certificate management method, terminal and server | |
| CN103155513B (en) | Accelerate the method and apparatus of certification | |
| CN110826043B (en) | Digital identity application system and method, identity authentication system and method | |
| CN108021805A (en) | Detect method, apparatus, equipment and the storage medium of Android application program running environment | |
| CN104735657B (en) | Security terminal verification method, wireless access point binding method, apparatus and system | |
| KR20170027160A (en) | Electronic device and method for payment transaction | |
| CN107005619A (en) | A kind of method, corresponding intrument and system for registering mobile sale point terminal POS | |
| CN108563942A (en) | Utilize the certification of two level ratifier | |
| CN109416800B (en) | Authentication method of mobile terminal and mobile terminal | |
| CN104915835A (en) | Credit account creating method, system and method | |
| CN104618415A (en) | Method, device and system for creating credit account | |
| CN103634294A (en) | Information verifying method and device | |
| CN108475304B (en) | Method and device for associating application program and biological characteristics and mobile terminal | |
| CN107451813B (en) | Payment method, payment device and payment server | |
| US11316693B2 (en) | Trusted platform module-based prepaid access token for commercial IoT online services | |
| CN106534072A (en) | User information authorization method, apparatus, equipment and system | |
| WO2015135388A1 (en) | Device, system, and method for creating virtual credit card | |
| CN104618416A (en) | Credit account establishing method, device and system | |
| CN106255102A (en) | The authentication method of a kind of terminal unit and relevant device | |
| CN104899488B (en) | Numeric value transfer and device | |
| CN105306202A (en) | Identity verification method and device, server | |
| CN110474864A (en) | A kind of method and electronic equipment registered, log in mobile applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |