CN107342966A - Authority credentials distribution method and device - Google Patents
Authority credentials distribution method and device Download PDFInfo
- Publication number
- CN107342966A CN107342966A CN201610285293.1A CN201610285293A CN107342966A CN 107342966 A CN107342966 A CN 107342966A CN 201610285293 A CN201610285293 A CN 201610285293A CN 107342966 A CN107342966 A CN 107342966A
- Authority
- CN
- China
- Prior art keywords
- user
- mark
- authority credentials
- request
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Abstract
This application discloses authority credentials distribution method and device.One embodiment of methods described includes:User's mark is generated according to the User Page access request of reception, wherein, the accessing page request is that the user is received and sent by clicking on default hyperlink in third-party application;Show that authority credentials provides the page according to the accessing page request, and the authority credentials acquisition request of the page reception user is provided by the authority credentials;Encryption user's mark is obtained from the third-party application, wherein, the encryption user mark generates and sends after user mark is encrypted and stored to the third-party application by the third-party application;Processing is decrypted to the encryption user mark of acquisition, and asked according to decrypted result and authority credentials acquisition after determining that there is the user authority credentials to obtain qualification, to user's sending permission voucher.The embodiment realizes securely delivering for authority credentials.
Description
Technical field
The application is related to field of computer technology, and in particular to Internet technical field, especially relates to
And authority credentials distribution method and device.
Background technology
The fast development of Internet technology and becoming increasingly popular for terminal device are brought to the life of people
Great convenience, for example, user can be stayed indoors by shopping website buy needed for
Commodity.During using internet, if user wants to obtain some special authorities,
Generally require with the electronics authority credentials for the authority.For example, user is in certain shopping website
Competitively priced authority is gone for when buying commodity, then needs what is provided with the shopping website
Reward voucher.
In the prior art, authority credentials issuer (such as shopping website) can be directly to user
Issued rights voucher, can also be by third-party application to user's issued rights voucher.Passing through
During third-party application issued rights voucher, larger potential safety hazard often be present, easily occur illegal
Apprentice maliciously get event (such as hacker simulate normal users largely get authority credentials).
The content of the invention
The purpose of the application is to propose a kind of improved authority credentials distribution method and device, come
Solves the technical problem that background section above is mentioned.
In a first aspect, this application provides a kind of authority credentials distribution method, methods described includes:
User's mark is generated according to the User Page access request of reception, wherein, the page access please
What user described in Seeking Truth was received and sent by clicking on default hyperlink in third-party application;According to described
Accessing page request shows that authority credentials provides the page, and provides the page by the authority credentials
The authority credentials for receiving the user obtains request;Encryption user is obtained from the third-party application
Mark, wherein, the encryption user mark is generated simultaneously after user mark is encrypted
It is sent to what the third-party application was stored by the third-party application;Encryption to acquisition
Processing is decrypted in user's mark, and obtains request really according to decrypted result and the authority credentials
After there is the fixed user authority credentials to obtain qualification, to user's sending permission voucher.
In certain embodiments, methods described also includes:Receive the user the page share please
Ask, wherein, the page shares the information that request includes targeted customer;According to the page point
Enjoy request and the encryption user identifies point that generation is used to make targeted customer obtain authority credentials
Enjoy link;And share link by described and be sent to targeted customer.
In certain embodiments, methods described also includes:Count the user share number,
Share time of the link by the number of targeted customer's opening and to targeted customer's sending permission voucher
Number.
In certain embodiments, the encryption user mark is generated by following steps:Using logical
Place is encrypted to user mark in the public key for crossing the encryption centering that RSA cryptographic algorithms obtain
Reason, generation encryption user's mark.
In certain embodiments, processing is decrypted in the encryption user mark of described pair of acquisition, wraps
Include:Processing is decrypted to the encryption user mark of acquisition using the private key of the encryption centering,
User's mark after being decrypted.
In certain embodiments, the authority credentials, which obtains request, includes the IP of the user
Location;And described obtained according to decrypted result and the authority credentials asks to determine that the user has
Acquisition of credentials qualification is had permission, including:Determine that the IP address of the user is not included in set in advance
In fixed IP address gray list;It is determined that the use obtained after decryption processing is identified to the encryption user
Family mark is not included in user set in advance and identified in gray list;It is determined that to the encryption user
The number of getting of the user's mark obtained after mark decryption processing is not above user set in advance
Mark gets frequency threshold value;The user obtained after decryption processing is identified to the encryption user to identify
Format check is carried out, if verification passes through, it is determined that there is the user authority credentials to obtain money
Lattice.
In certain embodiments, the IP address gray list is configured in the following manner:Root
Judge that the user provides the authority credentials access of the page according to the IP address of the user
Whether number exceedes IP address access times threshold value set in advance;If it does, then by described in
The IP address of user writes the IP address gray list, wherein, in the IP address gray list
IP address setting duration in be prohibited be used for obtain authority credentials.
In certain embodiments, the user identifies gray list and is configured in the following manner:
Count the user click on the hyperlink and send the authority credentials obtain between request when
Between interval less than time interval threshold value set in advance number;If count obtained number to surpass
Frequency threshold value set in advance is crossed, then the user obtained after decryption processing is identified and writes the use
Family identifies gray list, wherein, user's mark that the user is identified in gray list is setting duration
Inside it is prohibited to be used to obtain authority credentials.
In certain embodiments, the authority credentials, which obtains request, includes phone number;And
It is described to before user's sending permission voucher, methods described also includes:Determine the user
The checking information of input is correct, wherein, the checking information is the shape by picture or short message
Formula is sent to the user's.
Second aspect, this application provides a kind of authority credentials dispensing apparatus, described device includes:
Generation unit, for generating user's mark according to the User Page access request of reception, wherein,
The accessing page request is the user by clicking on default hyperlink sending and receiving in third-party application
Send;Display and receiving unit, for showing authority credentials hair according to the accessing page request
The page is put, and the authority credentials acquisition of the page reception user is provided by the authority credentials
Request;Acquiring unit, for obtaining encryption user's mark from the third-party application, wherein,
The encryption user mark is to be generated and sent after user mark is encrypted to described the
Tripartite applies what is stored by the third-party application;Issuing unit, for adding to acquisition
Processing is decrypted in close user's mark, and obtains request according to decrypted result and the authority credentials
Determine the user have authority credentials obtain qualification after, to user's sending permission voucher.
In certain embodiments, described device also includes shares unit, and the shares unit is used for:
The page for receiving the user shares request, wherein, the page, which shares request, includes target use
The information at family;Request is shared according to the page and the encryption user identifies generation and is used to make
Targeted customer's acquisition authority credentials shares link;And by it is described share link be sent to target use
Family.
In certain embodiments, described device also includes:Statistic unit, for counting the use
Family share number, share link by targeted customer open number and to targeted customer send out
Send the number of authority credentials.
In certain embodiments, described device also includes:User's identification generation unit is encrypted, is used
In using the public key of encryption centering obtained by RSA cryptographic algorithms the user is identified into
Row encryption, generation encryption user's mark.
In certain embodiments, the issuing unit is further used for:Use the encryption centering
Private key processing is decrypted to the encryption user of acquisition mark, the user after being decrypted identifies.
In certain embodiments, the authority credentials, which obtains request, includes the IP of the user
Location;And the issuing unit is further used for:Determine that the IP address of the user is not included in
In IP address gray list set in advance;It is determined that after decryption processing is identified to the encryption user
To user's mark be not included in user set in advance and identify in gray list;It is determined that add to described
The number of getting that close user identifies the user's mark obtained after decryption processing is not above presetting
User mark get frequency threshold value;The use obtained after decryption processing is identified to the encryption user
Family mark carries out format check, if verification passes through, it is determined that the user has authority credentials
Obtain qualification.
In certain embodiments, described device also includes IP address gray list setting unit, described
IP address gray list setting unit is used for:IP address gray list setting unit, for according to
The IP address of user judges that the access times that the user provides the authority credentials page are
It is no to exceed IP address access times threshold value set in advance;If it does, then by the user's
IP address writes the IP address gray list, wherein, IP in the IP address gray list
Location is prohibited to be used to obtain authority credentials in setting duration.
In certain embodiments, described device also includes user's mark gray list setting unit, institute
User's mark gray list setting unit is stated to be used for:Count the user and click on the hyperlink and hair
The time interval for sending the authority credentials to obtain between request is less than time interval set in advance
The number of threshold value;, will solution if counting obtained number exceedes frequency threshold value set in advance
The user obtained after close processing, which identifies, writes user's mark gray list, wherein, the user
User's mark in mark gray list is prohibited to be used to obtain authority credentials in setting duration.
In certain embodiments, the authority credentials, which obtains request, includes phone number;And institute
Stating device also includes:Determining unit, for determining that the checking information of user's input is correct,
Wherein, the checking information is to be sent to the user by the form of picture or short message.
The authority credentials distribution method and device that the application provides, should by third party according to user
Show that authority credentials provides the page with the accessing page request of input, pass through the authority credentials afterwards
Provide the page and receive the authority credentials acquisition request of user, and obtain and encrypt from the third-party application
User identifies, and is then decrypted processing to encryption user mark, and according to decrypted result with
Authority credentials obtains request and determines that there is the user authority credentials to get after qualification to the user
Sending permission voucher, so as to improve the security of authority credentials granting.
Brief description of the drawings
Retouched by reading with reference to the detailed of being made to non-limiting example of being made of the following drawings
State, other features, objects and advantages will become more apparent upon:
Fig. 1 is that the application can apply to exemplary system architecture figure therein;
Fig. 2 is the flow chart according to one embodiment of the authority credentials distribution method of the application;
Fig. 3 is the signal according to an application scenarios of the authority credentials distribution method of the application
Figure;
Fig. 4 is the structural representation according to one embodiment of the authority credentials dispensing apparatus of the application
Figure;
Fig. 5 is adapted for for realizing the terminal device of the embodiment of the present application or the computer of server
The structural representation of system.
Embodiment
The application is described in further detail with reference to the accompanying drawings and examples.It is appreciated that
, specific embodiment described herein is used only for explaining related invention, rather than to the hair
Bright restriction.It also should be noted that for the ease of description, illustrate only in accompanying drawing with
About the related part of invention.
It should be noted that in the case where not conflicting, embodiment and embodiment in the application
In feature can be mutually combined.Describe this in detail below with reference to the accompanying drawings and in conjunction with the embodiments
Application.
Fig. 1 shows authority credentials distribution method or the authority credentials granting that can apply the application
The exemplary system architecture 100 of the embodiment of device.
As shown in figure 1, system architecture 100 can include terminal device 101,102,103,
Network 104 and server 105.Network 104 is in the and of terminal device 101,102,103
The medium of communication link is provided between server 105.Network 104 can include various connection classes
Type, such as wired, wireless communication link or fiber optic cables etc..
User can pass through network 104 and server 105 with using terminal equipment 101,102,103
Interaction, to receive or send message etc..It can be provided with terminal device 101,102,103
Various telecommunication customer end applications, such as web browser applications, shopping class are applied, searching class is answered
With, JICQ, mailbox client, social platform software etc..
Terminal device 101,102,103 can have display screen and supported web page browses
Various electronic equipments, including but not limited to smart mobile phone, tablet personal computer, E-book reader,
(Moving Picture Experts Group Audio Layer III, dynamic image are special for MP3 player
Family's compression standard audio aspect 3), MP4 (Moving Picture Experts Group Audio
Layer IV, dynamic image expert's compression standard audio aspect 4) player, portable meter on knee
Calculation machine and desktop computer etc..
Server 105 can be to provide the server of various services, for example, to terminal device 101,
102nd, the webpage shown on 103 provides the backstage web page server supported.Backstage web page server
The data such as the accessing page request that receives can be carried out analyzing etc. with processing, and by result
(such as webpage data) feeds back to terminal device.
It should be noted that the authority credentials distribution method that is provided of the embodiment of the present application typically by
Server 105 performs, and correspondingly, authority credentials dispensing apparatus is generally positioned at server 105
In.
It should be understood that the number of the terminal device, network and server in Fig. 1 is only to illustrate
Property.According to needs are realized, can have any number of terminal device, network and server.
With continued reference to Fig. 2, a reality of the authority credentials distribution method according to the application is shown
Apply the flow 200 of example.Described authority credentials distribution method, comprises the following steps:
Step 201, user's mark is generated according to the User Page access request of reception.
In the present embodiment, authority credentials distribution method operation thereon electronic equipment (such as
Server 105 shown in Fig. 1) can by wired connection mode or radio connection from
Used in user terminal receive accessing page request, herein above-mentioned electronic equipment can be for
Authority credentials issuer provides the server of various services, for example, working as above-mentioned authority credentials granting
When person is shopping website, above-mentioned server can be the server that service is provided for the shopping website,
It can refer to a server, can also refer to a server cluster.In the present embodiment, on
It can be user by clicking on hyperlink set in advance in third-party application to state accessing page request
Send, wherein, above-mentioned third-party application refers to the application different from authority credentials issuer,
For example, when above-mentioned authority credentials issuer be shopping website or shopping APP (Application,
Application program) when, above-mentioned third-party application can be different from above-mentioned shopping website or shopping APP
Various applications, such as do shopping class application, chat class application, web browser applications.On
Electronic equipment is stated after above-mentioned accessing page request is received, can be asked according to the page access
Unique user's mark is sought survival into, user mark can be various forms of user's marks,
For example, it may be 16 bit digitals generated at random or the character string of letter.It may be noted that
, above-mentioned radio connection can include but is not limited to 3G/4G connections, WiFi connections,
Bluetooth connection, WiMAX connections, Zigbee connections, UWB (ultra wideband) connections,
And other currently known or exploitation in the future radio connections.
Generally, authority credentials issuer (such as shopping website) is sent out with third-party application cooperation
When putting authority credentials (such as reward voucher), the hyperlink of a page can be provided for third-party application
Connect, user can be by clicking on the hyperlink in third-party application to authority credentials issuer
Server sends accessing page request.
Step 202, show that authority credentials provides the page according to accessing page request, and pass through power
Limit voucher and provide the authority credentials acquisition request that the page receives user.
In the present embodiment, above-mentioned electronic equipment can visit according to the page received in step 201
Ask that request shows that authority credentials provides the page, and the page is provided by the authority credentials and receives user
The authority credentials of input obtains request.Herein, authority credentials can serve to demonstrate how that user has
There is the voucher of certain authority, such as, the reward voucher of shopping website can serve to demonstrate how that user exists
The shopping website has the voucher for the price authority that enjoys privileges.
Step 203, encryption user's mark is obtained from third-party application.
In the present embodiment, above-mentioned electronic equipment can obtain encryption from above-mentioned third-party application
User identifies, wherein, above-mentioned encryption user mark can be above-mentioned electronic equipment by step 201
What user's mark of middle generation was generated after being encrypted using AES, wherein, above-mentioned encryption
Algorithm can be various AESs, such as Advanced Encryption Standard (AES, Advanced
Encryption Standard), DES (calculate by Data Encryption Algorithm, data encryption
Method) etc..The encryption user generated after encryption can be identified and is sent to by above-mentioned electronic equipment
State what third-party application was stored in advance by the third-party application.Herein, above-mentioned third party
It is stored in using above-mentioned encryption user can be identified in the Cookie of embedded browser.
In some optional implementations of the present embodiment, above-mentioned encryption user mark can lead to
Cross following steps generation:Using the public key of the encryption centering obtained by RSA cryptographic algorithms to institute
State user's mark to be encrypted, generation encryption user's mark.RSA cryptographic algorithms are a kind of
Public key encryption algorithm, its usual Mr. RSA key in a pair, one of them be privacy key (i.e.
Private key);Another is public-key cryptography (i.e. public key), can external disclosure.Above-mentioned electronic equipment can
So that above-mentioned user mark to be encrypted using the public key of encryption centering, the encryption generated after encryption
User's mark only can be just decrypted using the private key of above-mentioned encryption centering.
Step 204, processing is decrypted to the encryption user mark of acquisition, and tied according to decryption
After fruit and authority credentials acquisition request determine that there is user authority credentials to obtain qualification, sent out to user
Send authority credentials.
In the present embodiment, the encryption user that above-mentioned electronic equipment will can obtain in step 204
Processing is decrypted in mark, and user's mark, above-mentioned electronic equipment can be obtained after decryption processing
The user's mark that can be obtained to decryption verifies, such as length check, format check etc.,
And judge whether the user is legal according to check results.Above-mentioned electronic equipment can also be according to step
The authority credentials received in 202 obtains request and judges whether above-mentioned user there is authority credentials to obtain
Qualification, if it is determined that the user, which has, obtains qualification, then to user's sending permission voucher.
In some optional implementations of the present embodiment, the above-mentioned encryption user to acquisition marks
Processing is decrypted in knowledge, including:Above-mentioned electronic equipment is using the private key of above-mentioned encryption centering to obtaining
Processing is decrypted in the encryption user mark taken, user's mark after being decrypted.
In some optional implementations of the present embodiment, above-mentioned authority credentials obtains request bag
Include the IP address of above-mentioned user;And above-mentioned obtained according to decrypted result and above-mentioned authority credentials please
Ask and determine that there is the user authority credentials to obtain qualification, including:First, above-mentioned electronic equipment
Above-mentioned authority credentials can be obtained to the IP address for the above-mentioned user that request includes with setting in advance
IP address in fixed IP address gray list is contrasted, and determines the IP address of above-mentioned user not
Included in IP address gray list set in advance;Secondly, above-mentioned electronic equipment can will be to upper
State encryption user and identify the user's mark obtained after decryption processing and user set in advance mark ash
User's mark in list is contrasted, it is determined that after decryption processing is identified to above-mentioned encryption user
To user's mark be not included in user set in advance and identify in gray list;Then, above-mentioned electricity
Sub- equipment can determine to identify above-mentioned encryption user the neck that the user obtained after decryption processing identifies
Take number to be not above user's mark set in advance and get frequency threshold value;Finally, above-mentioned electronics
Equipment can be identified the user obtained after decryption processing is identified to above-mentioned encryption user into row format
Verification, if verification passes through, it is determined that there is the user authority credentials to obtain qualification.
Optionally, above-mentioned IP address gray list is configured in the following manner:Above-mentioned electronics is set
It is standby to judge that above-mentioned user provides page to above-mentioned authority credentials according to the IP address of above-mentioned user
Whether the access times in face exceed IP address access times threshold value set in advance;If it does,
Then the IP address of above-mentioned user is write above-mentioned IP address gray list by above-mentioned electronic equipment, wherein,
IP address in above-mentioned IP address gray list in setting duration (such as in 5 minutes) is banned
Only it is used to obtain authority credentials.
Optionally, above-mentioned user identifies gray list and is configured in the following manner:Above-mentioned electronics
Equipment can count above-mentioned user and click on above-mentioned hyperlink with sending above-mentioned authority credentials acquisition request
Between time interval be less than time interval threshold value set in advance number;If statistics obtains
Number exceed frequency threshold value set in advance, then above-mentioned electronic equipment can be by after decryption processing
Obtained user, which identifies, writes above-mentioned user's mark gray list, wherein, above-mentioned user identifies grey name
User in list identifies in setting duration (such as in 5 minutes) and is prohibited to be used to obtain authority
Voucher.
In some optional implementations of the present embodiment, above-mentioned authority credentials obtains request bag
Include phone number;And to before above-mentioned user's sending permission voucher, the above method can be with
Including:Above-mentioned electronic equipment can receive the checking information of user's input, and determine above-mentioned user
The checking information of input is correct, wherein, above-mentioned checking information is the shape by picture or short message
Formula is sent to above-mentioned user's.For example, received in above-mentioned electronic equipment including phone number
After authority credentials obtains request, above-mentioned electronic equipment can be sent to the phone number to be included testing
Demonstrate,prove information short message, the checking information can be various forms of information, for example, comprising letter with/
Or the character string of numeral, after user receives short message, the checking included in short message can be believed
Breath is input to terminal, so that above-mentioned electronic equipment is received and is verified.
In some optional implementations of the present embodiment, above-mentioned electronic equipment can also receive
The page of above-mentioned user shares request, wherein, the above-mentioned page, which shares request, includes targeted customer's
Information, such as the user name of targeted customer, the pet name, account etc.;Then, above-mentioned electronics is set
It is standby to share request and above-mentioned encryption user mark generation according to the above-mentioned page for making target
User's acquisition authority credentials shares link, for example, above-mentioned electronic equipment can be by above-mentioned user
User mark be encrypted after be spliced in above-mentioned hyperlink, share link so as to generate;Most
Afterwards, above-mentioned electronic equipment can share described link and be sent to targeted customer.Targeted customer is led to
Cross click on it is above-mentioned share link and can access above-mentioned authority credentials provide the page.
Optionally, above-mentioned electronic equipment can also count sharing number, sharing chain for above-mentioned user
Connect the number opened by targeted customer and the number to targeted customer's sending permission voucher.
With continued reference to Fig. 3, Fig. 3 is the application according to the authority credentials distribution method of the present embodiment
One schematic diagram of scene.In Fig. 3 application scenarios, user is first by clicking on class of chatting
Hyperlink set in advance in initiates a page access to the server of shopping website please
Ask;Afterwards, the server is whole according to used in the accessing page request received by user
End equipment shows that reward voucher provides the page to user, and such as the page that Fig. 3 is shown, user can lead to
The input handset number of text box 301 is crossed, and is sent by clicking on button 302 to above-mentioned server
Reward voucher obtains request;Then, above-mentioned server can be applied embedded clear from above-mentioned chat class
Look in device Cookie and obtain encryption user's mark;Finally, encryption of the above-mentioned server to acquisition is used
Processing is decrypted in family mark, and obtains request according to decrypted result and above-mentioned reward voucher and determine to be somebody's turn to do
After there is user reward voucher to obtain qualification, reward voucher is sent to the user.
The method that above-described embodiment of the application provides passes through to encryption user mark and authority credentials
The checking for obtaining the information that request includes judges whether user there is authority credentials to obtain qualification, from
And it ensure that the security of authority credentials granting.
With further reference to Fig. 4, as the realization to method shown in above-mentioned each figure, the application provides
A kind of one embodiment of authority credentials dispensing apparatus, the device embodiment with shown in Fig. 2
Embodiment of the method is corresponding, and the device specifically can apply in various electronic equipments.
As shown in figure 4, the authority credentials dispensing apparatus 400 described in the present embodiment includes:Generation
Unit 401, display and receiving unit 402, acquiring unit 403 and issuing unit 404.Wherein,
Generation unit 401 is used to generate user's mark according to the User Page access request of reception, wherein,
Above-mentioned accessing page request is above-mentioned user by clicking on default hyperlink sending and receiving in third-party application
Send;Display and receiving unit 402 are used to show authority credentials according to above-mentioned accessing page request
The page is provided, and is obtained by the authority credentials of the above-mentioned user of above-mentioned authority credentials granting page reception
Take request;Acquiring unit 403 is used to obtain encryption user's mark from above-mentioned third-party application, its
In, above-mentioned encryption user mark is to be generated and sent after above-mentioned user mark is encrypted to upper
State what third-party application was stored by above-mentioned third-party application;Issuing unit 404 is used for obtaining
Processing is decrypted in the encryption user mark taken, and is obtained according to decrypted result and above-mentioned authority credentials
After taking request to determine that there is above-mentioned user authority credentials to obtain qualification, to above-mentioned user's sending permission
Voucher.
In the present embodiment, generation unit 401, display and receiving unit 402, acquiring unit
403 and issuing unit 404 specific processing may be referred to Fig. 2 correspond to embodiment step 201, step
Rapid 202 and the detailed description of step 203, it will not be repeated here.
In some optional implementations of the present embodiment, said apparatus also includes shares unit
(not shown), above-mentioned shares unit are used for:The page for receiving above-mentioned user shares request, wherein,
The above-mentioned page shares the information that request includes targeted customer;According to the above-mentioned page share request and
Above-mentioned encryption user identifies generation and is used to making what targeted customer obtained authority credentials to share link;And
Share link by above-mentioned and be sent to targeted customer.It is corresponding real that the implementation refers to above-mentioned Fig. 2
The detailed description of corresponding implementation in example is applied, will not be repeated here.
Optionally, said apparatus also includes:Statistic unit (not shown), for counting above-mentioned use
Family share number, share link by targeted customer open number and to targeted customer send out
Send the number of authority credentials.The implementation refers to above-mentioned Fig. 2 and corresponds to corresponding reality in embodiment
The detailed description of existing mode, will not be repeated here.
In some optional implementations of the present embodiment, said apparatus also includes:Encryption is used
Family identification generation unit (not shown), for using the encryption obtained by RSA cryptographic algorithms
Above-mentioned user mark is encrypted the public key of centering, generation encryption user's mark.The reality
Existing mode refers to the detailed description that above-mentioned Fig. 2 corresponds to corresponding implementation in embodiment, herein
Repeat no more.
In some optional implementations of the present embodiment, above-mentioned issuing unit 404 is further
For:Processing is decrypted to the encryption user mark of acquisition using the private key of above-mentioned encryption centering,
User's mark after being decrypted.The implementation refers to above-mentioned Fig. 2 and corresponds to phase in embodiment
The detailed description of implementation is answered, will not be repeated here.
In some optional implementations of the present embodiment, above-mentioned authority credentials obtains request bag
Include the IP address of above-mentioned user;And above-mentioned issuing unit 404 is further used for:Determine above-mentioned
The IP address of user is not included in IP address gray list set in advance;It is determined that add to above-mentioned
Close user identifies the user's mark obtained after decryption processing and is not included in user's mark set in advance
In gray list;It is determined that the neck that the user obtained after decryption processing identifies is identified to above-mentioned encryption user
Take number to be not above user's mark set in advance and get frequency threshold value;To above-mentioned encryption user
The user obtained after mark decryption processing, which identifies, carries out format check, if verification passes through, really
There is fixed above-mentioned user authority credentials to obtain qualification.It is corresponding that the implementation refers to above-mentioned Fig. 2
The detailed description of corresponding implementation, will not be repeated here in embodiment.
In some optional implementations of the present embodiment, said apparatus also includes IP address ash
List setting unit (not shown), above-mentioned IP address gray list setting unit are used for:According to upper
The IP address for stating user judges that above-mentioned user provides above-mentioned authority credentials the access times of the page
Whether IP address access times threshold value set in advance is exceeded;If it does, then by above-mentioned user
IP address write above-mentioned IP address gray list, wherein, the IP in above-mentioned IP address gray list
Address is prohibited to be used to obtain authority credentials in setting duration.The implementation refers to above-mentioned
Fig. 2 corresponds to the detailed description of corresponding implementation in embodiment, will not be repeated here.
In some optional implementations of the present embodiment, said apparatus also includes user and identified
Gray list setting unit (not shown), above-mentioned user identify gray list setting unit and are used for:Statistics
Above-mentioned user was clicked between the time between above-mentioned hyperlink and the above-mentioned authority credentials acquisition request of transmission
Every the number less than time interval threshold value set in advance;If count obtained number to exceed in advance
The frequency threshold value first set, then the user obtained after decryption processing is identified and write above-mentioned user's mark
Know gray list, wherein, user's mark that above-mentioned user is identified in gray list is setting quilt in duration
Forbid being used to obtain authority credentials.The implementation refers to above-mentioned Fig. 2 and corresponds to phase in embodiment
The detailed description of implementation is answered, will not be repeated here.
In some optional implementations of the present embodiment, above-mentioned authority credentials obtains request bag
Include phone number;And said apparatus also includes:Determining unit (not shown), for determination
It is correct to state the checking information of user's input, wherein, above-mentioned checking information is by picture or short
The form of letter is sent to above-mentioned user's.The implementation refers to above-mentioned Fig. 2 and corresponds to embodiment
In corresponding implementation detailed description, will not be repeated here.
Below with reference to Fig. 5, it illustrates suitable for for realizing the terminal device of the embodiment of the present application
Or the structural representation of the computer system 500 of server.
As shown in figure 5, computer system 500 includes CPU (CPU) 501, its
Can according to the program being stored in read-only storage (ROM) 502 or from storage part 508
The program that is loaded into random access storage device (RAM) 503 and perform various appropriate actions
And processing.In RAM 503, also it is stored with system 500 and operates required various program sums
According to.CPU 501, ROM 502 and RAM 503 are connected with each other by bus 504.Input
/ output (I/O) interface 505 is also connected to bus 504.
I/O interfaces 505 are connected to lower component:Importation 506 including keyboard, mouse etc.;
Including cathode-ray tube (CRT), liquid crystal display (LCD) etc. and loudspeaker etc.
Output par, c 507;Storage part 508 including hard disk etc.;And including such as LAN card,
The communications portion 509 of the NIC of modem etc..Communications portion 509 is via such as
The network of internet performs communication process.Driver 510 is also according to needing to be connected to I/O interfaces
505.Detachable media 511, such as disk, CD, magneto-optic disk, semiconductor memory etc.,
Be arranged on as needed on driver 510, in order to the computer program that reads from it according to
Need to be mounted into storage part 508.
Especially, in accordance with an embodiment of the present disclosure, can be with above with reference to the process of flow chart description
It is implemented as computer software programs.For example, embodiment of the disclosure includes a kind of computer journey
Sequence product, it includes being tangibly embodied in the computer program on machine readable media, the meter
Calculation machine program bag contains the program code for being used for the method shown in execution flow chart.In such implementation
In example, the computer program can be downloaded and installed by communications portion 509 from network,
And/or it is mounted from detachable media 511.In the computer program by CPU
(CPU) during 501 execution, the above-mentioned function of being limited in the present processes is performed.
Flow chart and block diagram in accompanying drawing, it is illustrated that according to the system of the various embodiments of the application,
Architectural framework in the cards, function and the operation of method and computer program product.This point
On, each square frame in flow chart or block diagram can represent a module, program segment or code
A part, a part for the module, program segment or code is used for comprising one or more
The executable instruction of logic function as defined in realization.It should also be noted that at some as replacement
In realization, the function of being marked in square frame can also be with different from the order marked in accompanying drawing hair
It is raw.For example, two square frames succeedingly represented can essentially perform substantially in parallel, they
Sometimes can also perform in the opposite order, this is depending on involved function.It is also noted that
It is, each square frame and block diagram in block diagram and/or flow chart and/or the square frame in flow chart
Combination, function or the special hardware based system of operation it can be realized as defined in execution,
Or it can be realized with the combination of specialized hardware and computer instruction.
Being described in unit involved in the embodiment of the present application can be real by way of software
It is existing, it can also be realized by way of hardware.Described unit can also be arranged on processing
In device, for example, can be described as:A kind of processor includes generation unit, display and received single
Member, acquiring unit and issuing unit.Wherein, the title of these units is not under certain conditions
Restriction to the unit in itself is formed, for example, generation unit is also described as " according to connecing
The unit of User Page access request generation user's mark of receipts ".
As on the other hand, present invention also provides a kind of nonvolatile computer storage media,
The nonvolatile computer storage media can be described in above-described embodiment included in device
Nonvolatile computer storage media;Can also be individualism, without non-in supplying terminal
Volatile computer storage medium.Above-mentioned nonvolatile computer storage media be stored with one or
The multiple programs of person, when one or more of programs are performed by an equipment so that described
Equipment:User's mark is generated according to the User Page access request of reception, wherein, the page
Access request is that the user is received and sent by clicking on default hyperlink in third-party application;Root
Show that authority credentials provides the page according to the accessing page request, and sent out by the authority credentials
Put the authority credentials acquisition request that the page receives the user;Obtain and add from the third-party application
Close user's mark, wherein, the encryption user mark is after user mark is encrypted
Generate and send what is stored to the third-party application by the third-party application;To obtaining
Encryption user mark be decrypted processing, and according to decrypted result and authority credentials acquisition
After request determines that there is authority credentials to obtain qualification by the user, to user's sending permission with
Card.
Above description is only the preferred embodiment of the application and saying to institute's application technology principle
It is bright.It will be appreciated by those skilled in the art that invention scope involved in the application, and it is unlimited
In the technical scheme that the particular combination of above-mentioned technical characteristic forms, while it should also cover and not depart from
In the case of the inventive concept, it is combined by above-mentioned technical characteristic or its equivalent feature
And the other technical schemes formed.Such as features described above and (but not limited to) disclosed herein
The technical scheme that technical characteristic with similar functions is replaced mutually and formed.
Claims (12)
1. a kind of authority credentials distribution method, it is characterised in that methods described includes:
User's mark is generated according to the User Page access request of reception, wherein, the page is visited
It is that the user is received and sent by clicking on default hyperlink in third-party application to ask request;
Show that authority credentials provides the page according to the accessing page request, and pass through the authority
Voucher provides the authority credentials acquisition request that the page receives the user;
Encryption user's mark is obtained from the third-party application, wherein, the encryption user mark
It is to be generated and sent after user mark is encrypted to the third-party application by described the
Tripartite's application is stored;
Processing is decrypted to the encryption user mark of acquisition, and according to decrypted result and the power
After limit acquisition of credentials request determines that there is the user authority credentials to obtain qualification, to the user
Sending permission voucher.
2. according to the method for claim 1, it is characterised in that methods described also includes:
The page for receiving the user shares request, wherein, the page, which shares request, includes mesh
Mark the information of user;
Request is shared according to the page and the encryption user identifies generation and is used to use target
Acquisition authority credentials in family shares link;
And share link by described and be sent to targeted customer.
3. according to the method for claim 2, it is characterised in that methods described also includes:
Count the user share number, share link by targeted customer open number, with
And the number to targeted customer's sending permission voucher.
4. according to the method for claim 1, it is characterised in that the encryption user mark
Generated by following steps:
The user is identified using the public key of the encryption centering obtained by RSA cryptographic algorithms
It is encrypted, generation encryption user's mark.
5. according to the method for claim 4, it is characterised in that the encryption of described pair of acquisition
Processing is decrypted in user's mark, including:
Processing is decrypted to the encryption user mark of acquisition using the private key of the encryption centering,
User's mark after being decrypted.
6. according to the method for claim 1, it is characterised in that the authority credentials obtains
Request includes the IP address of the user;And
It is described that the request determination user is obtained with power according to decrypted result and the authority credentials
Acquisition of credentials qualification is limited, including:
Determine that the IP address of the user is not included in IP address gray list set in advance;
It is determined that the user's mark obtained after the encryption user mark decryption processing is not included in pre-
The user first set is identified in gray list;
It is determined that get number to what the user obtained after the encryption user mark decryption processing identified
It is not above user's mark set in advance and gets frequency threshold value;
The user obtained after decryption processing is identified to the encryption user and identifies progress format check,
If verification passes through, it is determined that there is the user authority credentials to obtain qualification.
7. according to the method for claim 6, it is characterised in that the IP address ash name
Single pass-through in the following manner is configured:
Judge that the user provides the page to the authority credentials according to the IP address of the user
Access times whether exceed IP address access times threshold value set in advance;
If it does, the IP address of the user is then write into the IP address gray list, its
In, the IP address in the IP address gray list is prohibited to be used to obtain power in setting duration
Limit voucher.
8. according to the method for claim 6, it is characterised in that the user identifies grey name
Single pass-through in the following manner is configured:
The user is counted to click between the hyperlink and the transmission authority credentials acquisition request
Time interval be less than time interval threshold value set in advance number;
If counting obtained number exceedes frequency threshold value set in advance, after decryption processing
Obtained user, which identifies, writes user's mark gray list, wherein, the user identifies grey name
User's mark in list is prohibited to be used to obtain authority credentials in setting duration.
9. according to the method for claim 1, it is characterised in that the authority credentials obtains
Request includes phone number;And
Described to before user's sending permission voucher, methods described also includes:
Determine that the checking information of user's input is correct, wherein, the checking information is to pass through
The form of picture or short message is sent to the user's.
10. a kind of authority credentials dispensing apparatus, it is characterised in that described device includes:
Generation unit, for generating user's mark according to the User Page access request of reception, its
In, the accessing page request is the user by clicking on default hyperlink in third-party application
Receive and send;
Display and receiving unit, for showing authority credentials granting according to the accessing page request
The page, and please by the authority credentials acquisition of the authority credentials granting page reception user
Ask;
Acquiring unit, for obtaining encryption user's mark from the third-party application, wherein, institute
It is to be generated and sent after user mark is encrypted to the described 3rd to state encryption user's mark
Fang Yingyong is stored by the third-party application;
Issuing unit, for processing to be decrypted to the encryption user mark of acquisition, and according to solution
Close result and the authority credentials obtain request and determine that there is the user authority credentials to obtain qualification
Afterwards, to user's sending permission voucher.
11. device according to claim 10, it is characterised in that described device also includes
Shares unit, the shares unit are used for:
The page for receiving the user shares request, wherein, the page, which shares request, includes mesh
Mark the information of user;
Request is shared according to the page and the encryption user identifies generation and is used to use target
Acquisition authority credentials in family shares link;
And share link by described and be sent to targeted customer.
12. device according to claim 11, it is characterised in that described device also includes:
Statistic unit, for count the user share number, share link by targeted customer
The number of opening and the number to targeted customer's sending permission voucher.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610285293.1A CN107342966B (en) | 2016-04-29 | 2016-04-29 | Authority credentials distribution method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610285293.1A CN107342966B (en) | 2016-04-29 | 2016-04-29 | Authority credentials distribution method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107342966A true CN107342966A (en) | 2017-11-10 |
CN107342966B CN107342966B (en) | 2019-05-03 |
Family
ID=60222430
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610285293.1A Active CN107342966B (en) | 2016-04-29 | 2016-04-29 | Authority credentials distribution method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107342966B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111145033A (en) * | 2019-11-26 | 2020-05-12 | 泰康保险集团股份有限公司 | Service item receiving authority processing method and device and storage medium |
CN111414596A (en) * | 2020-04-07 | 2020-07-14 | 中国建设银行股份有限公司 | Method and device for processing request |
CN111784430A (en) * | 2019-09-24 | 2020-10-16 | 北京京东尚科信息技术有限公司 | Authority certificate generation method and device and authority certificate verification method and device |
CN113141337A (en) * | 2020-01-19 | 2021-07-20 | 上海静客网络科技有限公司 | High-concurrency scene processing method for online emergency purchase system |
CN113205318A (en) * | 2021-05-28 | 2021-08-03 | 金蝶软件(中国)有限公司 | Voucher display method, voucher generation device and computer storage medium |
CN113901524A (en) * | 2021-12-09 | 2022-01-07 | 天津联想协同科技有限公司 | Method, device and storage medium for dynamically adjusting authority through link |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102457505A (en) * | 2010-10-28 | 2012-05-16 | 快乐购物有限责任公司 | Shopping website management method and platform |
EP2518676A1 (en) * | 2011-04-28 | 2012-10-31 | AD-X Limited | Method of tracking software application internet downloads |
CN103379098A (en) * | 2012-04-19 | 2013-10-30 | 华为技术有限公司 | Content sharing method, device and network system thereof |
CN104734849A (en) * | 2013-12-19 | 2015-06-24 | 阿里巴巴集团控股有限公司 | Method and system for conducting authentication on third-party application |
-
2016
- 2016-04-29 CN CN201610285293.1A patent/CN107342966B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102457505A (en) * | 2010-10-28 | 2012-05-16 | 快乐购物有限责任公司 | Shopping website management method and platform |
EP2518676A1 (en) * | 2011-04-28 | 2012-10-31 | AD-X Limited | Method of tracking software application internet downloads |
CN103379098A (en) * | 2012-04-19 | 2013-10-30 | 华为技术有限公司 | Content sharing method, device and network system thereof |
CN104734849A (en) * | 2013-12-19 | 2015-06-24 | 阿里巴巴集团控股有限公司 | Method and system for conducting authentication on third-party application |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111784430A (en) * | 2019-09-24 | 2020-10-16 | 北京京东尚科信息技术有限公司 | Authority certificate generation method and device and authority certificate verification method and device |
CN111145033A (en) * | 2019-11-26 | 2020-05-12 | 泰康保险集团股份有限公司 | Service item receiving authority processing method and device and storage medium |
CN113141337A (en) * | 2020-01-19 | 2021-07-20 | 上海静客网络科技有限公司 | High-concurrency scene processing method for online emergency purchase system |
CN111414596A (en) * | 2020-04-07 | 2020-07-14 | 中国建设银行股份有限公司 | Method and device for processing request |
CN113205318A (en) * | 2021-05-28 | 2021-08-03 | 金蝶软件(中国)有限公司 | Voucher display method, voucher generation device and computer storage medium |
CN113901524A (en) * | 2021-12-09 | 2022-01-07 | 天津联想协同科技有限公司 | Method, device and storage medium for dynamically adjusting authority through link |
CN113901524B (en) * | 2021-12-09 | 2022-03-15 | 天津联想协同科技有限公司 | Method, device and storage medium for dynamically adjusting authority through link |
Also Published As
Publication number | Publication date |
---|---|
CN107342966B (en) | 2019-05-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP7357090B2 (en) | Distributed, decentralized data aggregation | |
US11700257B2 (en) | System and method for storing and distributing consumer information | |
US10956901B2 (en) | Methods, apparatus and computer program products for securely accessing account data | |
US9721256B2 (en) | System and method for providing secure product data collection, monitoring, and tracking | |
CN107342966B (en) | Authority credentials distribution method and device | |
CN104040933B (en) | The difference client-side encryption of the information from client | |
US9626696B2 (en) | Techniques to verify location for location based services | |
JP6837066B2 (en) | Information processing method and server, computer storage medium | |
CN102215225B (en) | Technology for the context of monetizing anonymized | |
CN110417750A (en) | File based on block chain technology is read and method, terminal device and the storage medium of storage | |
CN110020526A (en) | The measures and procedures for the examination and approval, device and storage medium based on block chain authentication | |
CN107918731A (en) | Method and apparatus for controlling the authority to access to open interface | |
CN105740670B (en) | Using encryption, starting method and apparatus | |
CN107508839A (en) | A kind of method and apparatus for controlling web system unauthorized access | |
CN107809436A (en) | Authority discrimination method, encryption method, the apparatus and system of Internet video access | |
CN112287372A (en) | Method and apparatus for protecting clipboard privacy | |
CN107154916A (en) | A kind of authentication information acquisition methods, offer method and device | |
CN102047239A (en) | Defining, distributing and presenting device experiences | |
US9454677B1 (en) | Secure communication architecture including video sniffer | |
US20170200020A1 (en) | Data management system, program recording medium, communication terminal, and data management server | |
CA3050487A1 (en) | System and method for storing and distributing consumer information | |
US20200266991A1 (en) | Cryptography method and system for securing data via electronic transmission | |
CN107920060A (en) | Data access method and device based on account | |
KR101980432B1 (en) | Apparatus and method for managing personal information | |
CN112434327A (en) | Information protection method and device and electronic equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |