CN107342966A - Authority credentials distribution method and device - Google Patents

Authority credentials distribution method and device Download PDF

Info

Publication number
CN107342966A
CN107342966A CN201610285293.1A CN201610285293A CN107342966A CN 107342966 A CN107342966 A CN 107342966A CN 201610285293 A CN201610285293 A CN 201610285293A CN 107342966 A CN107342966 A CN 107342966A
Authority
CN
China
Prior art keywords
user
mark
authority credentials
request
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610285293.1A
Other languages
Chinese (zh)
Other versions
CN107342966B (en
Inventor
刘姗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Jingdong Shangke Information Technology Co Ltd filed Critical Beijing Jingdong Century Trading Co Ltd
Priority to CN201610285293.1A priority Critical patent/CN107342966B/en
Publication of CN107342966A publication Critical patent/CN107342966A/en
Application granted granted Critical
Publication of CN107342966B publication Critical patent/CN107342966B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms

Abstract

This application discloses authority credentials distribution method and device.One embodiment of methods described includes:User's mark is generated according to the User Page access request of reception, wherein, the accessing page request is that the user is received and sent by clicking on default hyperlink in third-party application;Show that authority credentials provides the page according to the accessing page request, and the authority credentials acquisition request of the page reception user is provided by the authority credentials;Encryption user's mark is obtained from the third-party application, wherein, the encryption user mark generates and sends after user mark is encrypted and stored to the third-party application by the third-party application;Processing is decrypted to the encryption user mark of acquisition, and asked according to decrypted result and authority credentials acquisition after determining that there is the user authority credentials to obtain qualification, to user's sending permission voucher.The embodiment realizes securely delivering for authority credentials.

Description

Authority credentials distribution method and device
Technical field
The application is related to field of computer technology, and in particular to Internet technical field, especially relates to And authority credentials distribution method and device.
Background technology
The fast development of Internet technology and becoming increasingly popular for terminal device are brought to the life of people Great convenience, for example, user can be stayed indoors by shopping website buy needed for Commodity.During using internet, if user wants to obtain some special authorities, Generally require with the electronics authority credentials for the authority.For example, user is in certain shopping website Competitively priced authority is gone for when buying commodity, then needs what is provided with the shopping website Reward voucher.
In the prior art, authority credentials issuer (such as shopping website) can be directly to user Issued rights voucher, can also be by third-party application to user's issued rights voucher.Passing through During third-party application issued rights voucher, larger potential safety hazard often be present, easily occur illegal Apprentice maliciously get event (such as hacker simulate normal users largely get authority credentials).
The content of the invention
The purpose of the application is to propose a kind of improved authority credentials distribution method and device, come Solves the technical problem that background section above is mentioned.
In a first aspect, this application provides a kind of authority credentials distribution method, methods described includes: User's mark is generated according to the User Page access request of reception, wherein, the page access please What user described in Seeking Truth was received and sent by clicking on default hyperlink in third-party application;According to described Accessing page request shows that authority credentials provides the page, and provides the page by the authority credentials The authority credentials for receiving the user obtains request;Encryption user is obtained from the third-party application Mark, wherein, the encryption user mark is generated simultaneously after user mark is encrypted It is sent to what the third-party application was stored by the third-party application;Encryption to acquisition Processing is decrypted in user's mark, and obtains request really according to decrypted result and the authority credentials After there is the fixed user authority credentials to obtain qualification, to user's sending permission voucher.
In certain embodiments, methods described also includes:Receive the user the page share please Ask, wherein, the page shares the information that request includes targeted customer;According to the page point Enjoy request and the encryption user identifies point that generation is used to make targeted customer obtain authority credentials Enjoy link;And share link by described and be sent to targeted customer.
In certain embodiments, methods described also includes:Count the user share number, Share time of the link by the number of targeted customer's opening and to targeted customer's sending permission voucher Number.
In certain embodiments, the encryption user mark is generated by following steps:Using logical Place is encrypted to user mark in the public key for crossing the encryption centering that RSA cryptographic algorithms obtain Reason, generation encryption user's mark.
In certain embodiments, processing is decrypted in the encryption user mark of described pair of acquisition, wraps Include:Processing is decrypted to the encryption user mark of acquisition using the private key of the encryption centering, User's mark after being decrypted.
In certain embodiments, the authority credentials, which obtains request, includes the IP of the user Location;And described obtained according to decrypted result and the authority credentials asks to determine that the user has Acquisition of credentials qualification is had permission, including:Determine that the IP address of the user is not included in set in advance In fixed IP address gray list;It is determined that the use obtained after decryption processing is identified to the encryption user Family mark is not included in user set in advance and identified in gray list;It is determined that to the encryption user The number of getting of the user's mark obtained after mark decryption processing is not above user set in advance Mark gets frequency threshold value;The user obtained after decryption processing is identified to the encryption user to identify Format check is carried out, if verification passes through, it is determined that there is the user authority credentials to obtain money Lattice.
In certain embodiments, the IP address gray list is configured in the following manner:Root Judge that the user provides the authority credentials access of the page according to the IP address of the user Whether number exceedes IP address access times threshold value set in advance;If it does, then by described in The IP address of user writes the IP address gray list, wherein, in the IP address gray list IP address setting duration in be prohibited be used for obtain authority credentials.
In certain embodiments, the user identifies gray list and is configured in the following manner: Count the user click on the hyperlink and send the authority credentials obtain between request when Between interval less than time interval threshold value set in advance number;If count obtained number to surpass Frequency threshold value set in advance is crossed, then the user obtained after decryption processing is identified and writes the use Family identifies gray list, wherein, user's mark that the user is identified in gray list is setting duration Inside it is prohibited to be used to obtain authority credentials.
In certain embodiments, the authority credentials, which obtains request, includes phone number;And It is described to before user's sending permission voucher, methods described also includes:Determine the user The checking information of input is correct, wherein, the checking information is the shape by picture or short message Formula is sent to the user's.
Second aspect, this application provides a kind of authority credentials dispensing apparatus, described device includes: Generation unit, for generating user's mark according to the User Page access request of reception, wherein, The accessing page request is the user by clicking on default hyperlink sending and receiving in third-party application Send;Display and receiving unit, for showing authority credentials hair according to the accessing page request The page is put, and the authority credentials acquisition of the page reception user is provided by the authority credentials Request;Acquiring unit, for obtaining encryption user's mark from the third-party application, wherein, The encryption user mark is to be generated and sent after user mark is encrypted to described the Tripartite applies what is stored by the third-party application;Issuing unit, for adding to acquisition Processing is decrypted in close user's mark, and obtains request according to decrypted result and the authority credentials Determine the user have authority credentials obtain qualification after, to user's sending permission voucher.
In certain embodiments, described device also includes shares unit, and the shares unit is used for: The page for receiving the user shares request, wherein, the page, which shares request, includes target use The information at family;Request is shared according to the page and the encryption user identifies generation and is used to make Targeted customer's acquisition authority credentials shares link;And by it is described share link be sent to target use Family.
In certain embodiments, described device also includes:Statistic unit, for counting the use Family share number, share link by targeted customer open number and to targeted customer send out Send the number of authority credentials.
In certain embodiments, described device also includes:User's identification generation unit is encrypted, is used In using the public key of encryption centering obtained by RSA cryptographic algorithms the user is identified into Row encryption, generation encryption user's mark.
In certain embodiments, the issuing unit is further used for:Use the encryption centering Private key processing is decrypted to the encryption user of acquisition mark, the user after being decrypted identifies.
In certain embodiments, the authority credentials, which obtains request, includes the IP of the user Location;And the issuing unit is further used for:Determine that the IP address of the user is not included in In IP address gray list set in advance;It is determined that after decryption processing is identified to the encryption user To user's mark be not included in user set in advance and identify in gray list;It is determined that add to described The number of getting that close user identifies the user's mark obtained after decryption processing is not above presetting User mark get frequency threshold value;The use obtained after decryption processing is identified to the encryption user Family mark carries out format check, if verification passes through, it is determined that the user has authority credentials Obtain qualification.
In certain embodiments, described device also includes IP address gray list setting unit, described IP address gray list setting unit is used for:IP address gray list setting unit, for according to The IP address of user judges that the access times that the user provides the authority credentials page are It is no to exceed IP address access times threshold value set in advance;If it does, then by the user's IP address writes the IP address gray list, wherein, IP in the IP address gray list Location is prohibited to be used to obtain authority credentials in setting duration.
In certain embodiments, described device also includes user's mark gray list setting unit, institute User's mark gray list setting unit is stated to be used for:Count the user and click on the hyperlink and hair The time interval for sending the authority credentials to obtain between request is less than time interval set in advance The number of threshold value;, will solution if counting obtained number exceedes frequency threshold value set in advance The user obtained after close processing, which identifies, writes user's mark gray list, wherein, the user User's mark in mark gray list is prohibited to be used to obtain authority credentials in setting duration.
In certain embodiments, the authority credentials, which obtains request, includes phone number;And institute Stating device also includes:Determining unit, for determining that the checking information of user's input is correct, Wherein, the checking information is to be sent to the user by the form of picture or short message.
The authority credentials distribution method and device that the application provides, should by third party according to user Show that authority credentials provides the page with the accessing page request of input, pass through the authority credentials afterwards Provide the page and receive the authority credentials acquisition request of user, and obtain and encrypt from the third-party application User identifies, and is then decrypted processing to encryption user mark, and according to decrypted result with Authority credentials obtains request and determines that there is the user authority credentials to get after qualification to the user Sending permission voucher, so as to improve the security of authority credentials granting.
Brief description of the drawings
Retouched by reading with reference to the detailed of being made to non-limiting example of being made of the following drawings State, other features, objects and advantages will become more apparent upon:
Fig. 1 is that the application can apply to exemplary system architecture figure therein;
Fig. 2 is the flow chart according to one embodiment of the authority credentials distribution method of the application;
Fig. 3 is the signal according to an application scenarios of the authority credentials distribution method of the application Figure;
Fig. 4 is the structural representation according to one embodiment of the authority credentials dispensing apparatus of the application Figure;
Fig. 5 is adapted for for realizing the terminal device of the embodiment of the present application or the computer of server The structural representation of system.
Embodiment
The application is described in further detail with reference to the accompanying drawings and examples.It is appreciated that , specific embodiment described herein is used only for explaining related invention, rather than to the hair Bright restriction.It also should be noted that for the ease of description, illustrate only in accompanying drawing with About the related part of invention.
It should be noted that in the case where not conflicting, embodiment and embodiment in the application In feature can be mutually combined.Describe this in detail below with reference to the accompanying drawings and in conjunction with the embodiments Application.
Fig. 1 shows authority credentials distribution method or the authority credentials granting that can apply the application The exemplary system architecture 100 of the embodiment of device.
As shown in figure 1, system architecture 100 can include terminal device 101,102,103, Network 104 and server 105.Network 104 is in the and of terminal device 101,102,103 The medium of communication link is provided between server 105.Network 104 can include various connection classes Type, such as wired, wireless communication link or fiber optic cables etc..
User can pass through network 104 and server 105 with using terminal equipment 101,102,103 Interaction, to receive or send message etc..It can be provided with terminal device 101,102,103 Various telecommunication customer end applications, such as web browser applications, shopping class are applied, searching class is answered With, JICQ, mailbox client, social platform software etc..
Terminal device 101,102,103 can have display screen and supported web page browses Various electronic equipments, including but not limited to smart mobile phone, tablet personal computer, E-book reader, (Moving Picture Experts Group Audio Layer III, dynamic image are special for MP3 player Family's compression standard audio aspect 3), MP4 (Moving Picture Experts Group Audio Layer IV, dynamic image expert's compression standard audio aspect 4) player, portable meter on knee Calculation machine and desktop computer etc..
Server 105 can be to provide the server of various services, for example, to terminal device 101, 102nd, the webpage shown on 103 provides the backstage web page server supported.Backstage web page server The data such as the accessing page request that receives can be carried out analyzing etc. with processing, and by result (such as webpage data) feeds back to terminal device.
It should be noted that the authority credentials distribution method that is provided of the embodiment of the present application typically by Server 105 performs, and correspondingly, authority credentials dispensing apparatus is generally positioned at server 105 In.
It should be understood that the number of the terminal device, network and server in Fig. 1 is only to illustrate Property.According to needs are realized, can have any number of terminal device, network and server.
With continued reference to Fig. 2, a reality of the authority credentials distribution method according to the application is shown Apply the flow 200 of example.Described authority credentials distribution method, comprises the following steps:
Step 201, user's mark is generated according to the User Page access request of reception.
In the present embodiment, authority credentials distribution method operation thereon electronic equipment (such as Server 105 shown in Fig. 1) can by wired connection mode or radio connection from Used in user terminal receive accessing page request, herein above-mentioned electronic equipment can be for Authority credentials issuer provides the server of various services, for example, working as above-mentioned authority credentials granting When person is shopping website, above-mentioned server can be the server that service is provided for the shopping website, It can refer to a server, can also refer to a server cluster.In the present embodiment, on It can be user by clicking on hyperlink set in advance in third-party application to state accessing page request Send, wherein, above-mentioned third-party application refers to the application different from authority credentials issuer, For example, when above-mentioned authority credentials issuer be shopping website or shopping APP (Application, Application program) when, above-mentioned third-party application can be different from above-mentioned shopping website or shopping APP Various applications, such as do shopping class application, chat class application, web browser applications.On Electronic equipment is stated after above-mentioned accessing page request is received, can be asked according to the page access Unique user's mark is sought survival into, user mark can be various forms of user's marks, For example, it may be 16 bit digitals generated at random or the character string of letter.It may be noted that , above-mentioned radio connection can include but is not limited to 3G/4G connections, WiFi connections, Bluetooth connection, WiMAX connections, Zigbee connections, UWB (ultra wideband) connections, And other currently known or exploitation in the future radio connections.
Generally, authority credentials issuer (such as shopping website) is sent out with third-party application cooperation When putting authority credentials (such as reward voucher), the hyperlink of a page can be provided for third-party application Connect, user can be by clicking on the hyperlink in third-party application to authority credentials issuer Server sends accessing page request.
Step 202, show that authority credentials provides the page according to accessing page request, and pass through power Limit voucher and provide the authority credentials acquisition request that the page receives user.
In the present embodiment, above-mentioned electronic equipment can visit according to the page received in step 201 Ask that request shows that authority credentials provides the page, and the page is provided by the authority credentials and receives user The authority credentials of input obtains request.Herein, authority credentials can serve to demonstrate how that user has There is the voucher of certain authority, such as, the reward voucher of shopping website can serve to demonstrate how that user exists The shopping website has the voucher for the price authority that enjoys privileges.
Step 203, encryption user's mark is obtained from third-party application.
In the present embodiment, above-mentioned electronic equipment can obtain encryption from above-mentioned third-party application User identifies, wherein, above-mentioned encryption user mark can be above-mentioned electronic equipment by step 201 What user's mark of middle generation was generated after being encrypted using AES, wherein, above-mentioned encryption Algorithm can be various AESs, such as Advanced Encryption Standard (AES, Advanced Encryption Standard), DES (calculate by Data Encryption Algorithm, data encryption Method) etc..The encryption user generated after encryption can be identified and is sent to by above-mentioned electronic equipment State what third-party application was stored in advance by the third-party application.Herein, above-mentioned third party It is stored in using above-mentioned encryption user can be identified in the Cookie of embedded browser.
In some optional implementations of the present embodiment, above-mentioned encryption user mark can lead to Cross following steps generation:Using the public key of the encryption centering obtained by RSA cryptographic algorithms to institute State user's mark to be encrypted, generation encryption user's mark.RSA cryptographic algorithms are a kind of Public key encryption algorithm, its usual Mr. RSA key in a pair, one of them be privacy key (i.e. Private key);Another is public-key cryptography (i.e. public key), can external disclosure.Above-mentioned electronic equipment can So that above-mentioned user mark to be encrypted using the public key of encryption centering, the encryption generated after encryption User's mark only can be just decrypted using the private key of above-mentioned encryption centering.
Step 204, processing is decrypted to the encryption user mark of acquisition, and tied according to decryption After fruit and authority credentials acquisition request determine that there is user authority credentials to obtain qualification, sent out to user Send authority credentials.
In the present embodiment, the encryption user that above-mentioned electronic equipment will can obtain in step 204 Processing is decrypted in mark, and user's mark, above-mentioned electronic equipment can be obtained after decryption processing The user's mark that can be obtained to decryption verifies, such as length check, format check etc., And judge whether the user is legal according to check results.Above-mentioned electronic equipment can also be according to step The authority credentials received in 202 obtains request and judges whether above-mentioned user there is authority credentials to obtain Qualification, if it is determined that the user, which has, obtains qualification, then to user's sending permission voucher.
In some optional implementations of the present embodiment, the above-mentioned encryption user to acquisition marks Processing is decrypted in knowledge, including:Above-mentioned electronic equipment is using the private key of above-mentioned encryption centering to obtaining Processing is decrypted in the encryption user mark taken, user's mark after being decrypted.
In some optional implementations of the present embodiment, above-mentioned authority credentials obtains request bag Include the IP address of above-mentioned user;And above-mentioned obtained according to decrypted result and above-mentioned authority credentials please Ask and determine that there is the user authority credentials to obtain qualification, including:First, above-mentioned electronic equipment Above-mentioned authority credentials can be obtained to the IP address for the above-mentioned user that request includes with setting in advance IP address in fixed IP address gray list is contrasted, and determines the IP address of above-mentioned user not Included in IP address gray list set in advance;Secondly, above-mentioned electronic equipment can will be to upper State encryption user and identify the user's mark obtained after decryption processing and user set in advance mark ash User's mark in list is contrasted, it is determined that after decryption processing is identified to above-mentioned encryption user To user's mark be not included in user set in advance and identify in gray list;Then, above-mentioned electricity Sub- equipment can determine to identify above-mentioned encryption user the neck that the user obtained after decryption processing identifies Take number to be not above user's mark set in advance and get frequency threshold value;Finally, above-mentioned electronics Equipment can be identified the user obtained after decryption processing is identified to above-mentioned encryption user into row format Verification, if verification passes through, it is determined that there is the user authority credentials to obtain qualification.
Optionally, above-mentioned IP address gray list is configured in the following manner:Above-mentioned electronics is set It is standby to judge that above-mentioned user provides page to above-mentioned authority credentials according to the IP address of above-mentioned user Whether the access times in face exceed IP address access times threshold value set in advance;If it does, Then the IP address of above-mentioned user is write above-mentioned IP address gray list by above-mentioned electronic equipment, wherein, IP address in above-mentioned IP address gray list in setting duration (such as in 5 minutes) is banned Only it is used to obtain authority credentials.
Optionally, above-mentioned user identifies gray list and is configured in the following manner:Above-mentioned electronics Equipment can count above-mentioned user and click on above-mentioned hyperlink with sending above-mentioned authority credentials acquisition request Between time interval be less than time interval threshold value set in advance number;If statistics obtains Number exceed frequency threshold value set in advance, then above-mentioned electronic equipment can be by after decryption processing Obtained user, which identifies, writes above-mentioned user's mark gray list, wherein, above-mentioned user identifies grey name User in list identifies in setting duration (such as in 5 minutes) and is prohibited to be used to obtain authority Voucher.
In some optional implementations of the present embodiment, above-mentioned authority credentials obtains request bag Include phone number;And to before above-mentioned user's sending permission voucher, the above method can be with Including:Above-mentioned electronic equipment can receive the checking information of user's input, and determine above-mentioned user The checking information of input is correct, wherein, above-mentioned checking information is the shape by picture or short message Formula is sent to above-mentioned user's.For example, received in above-mentioned electronic equipment including phone number After authority credentials obtains request, above-mentioned electronic equipment can be sent to the phone number to be included testing Demonstrate,prove information short message, the checking information can be various forms of information, for example, comprising letter with/ Or the character string of numeral, after user receives short message, the checking included in short message can be believed Breath is input to terminal, so that above-mentioned electronic equipment is received and is verified.
In some optional implementations of the present embodiment, above-mentioned electronic equipment can also receive The page of above-mentioned user shares request, wherein, the above-mentioned page, which shares request, includes targeted customer's Information, such as the user name of targeted customer, the pet name, account etc.;Then, above-mentioned electronics is set It is standby to share request and above-mentioned encryption user mark generation according to the above-mentioned page for making target User's acquisition authority credentials shares link, for example, above-mentioned electronic equipment can be by above-mentioned user User mark be encrypted after be spliced in above-mentioned hyperlink, share link so as to generate;Most Afterwards, above-mentioned electronic equipment can share described link and be sent to targeted customer.Targeted customer is led to Cross click on it is above-mentioned share link and can access above-mentioned authority credentials provide the page.
Optionally, above-mentioned electronic equipment can also count sharing number, sharing chain for above-mentioned user Connect the number opened by targeted customer and the number to targeted customer's sending permission voucher.
With continued reference to Fig. 3, Fig. 3 is the application according to the authority credentials distribution method of the present embodiment One schematic diagram of scene.In Fig. 3 application scenarios, user is first by clicking on class of chatting Hyperlink set in advance in initiates a page access to the server of shopping website please Ask;Afterwards, the server is whole according to used in the accessing page request received by user End equipment shows that reward voucher provides the page to user, and such as the page that Fig. 3 is shown, user can lead to The input handset number of text box 301 is crossed, and is sent by clicking on button 302 to above-mentioned server Reward voucher obtains request;Then, above-mentioned server can be applied embedded clear from above-mentioned chat class Look in device Cookie and obtain encryption user's mark;Finally, encryption of the above-mentioned server to acquisition is used Processing is decrypted in family mark, and obtains request according to decrypted result and above-mentioned reward voucher and determine to be somebody's turn to do After there is user reward voucher to obtain qualification, reward voucher is sent to the user.
The method that above-described embodiment of the application provides passes through to encryption user mark and authority credentials The checking for obtaining the information that request includes judges whether user there is authority credentials to obtain qualification, from And it ensure that the security of authority credentials granting.
With further reference to Fig. 4, as the realization to method shown in above-mentioned each figure, the application provides A kind of one embodiment of authority credentials dispensing apparatus, the device embodiment with shown in Fig. 2 Embodiment of the method is corresponding, and the device specifically can apply in various electronic equipments.
As shown in figure 4, the authority credentials dispensing apparatus 400 described in the present embodiment includes:Generation Unit 401, display and receiving unit 402, acquiring unit 403 and issuing unit 404.Wherein, Generation unit 401 is used to generate user's mark according to the User Page access request of reception, wherein, Above-mentioned accessing page request is above-mentioned user by clicking on default hyperlink sending and receiving in third-party application Send;Display and receiving unit 402 are used to show authority credentials according to above-mentioned accessing page request The page is provided, and is obtained by the authority credentials of the above-mentioned user of above-mentioned authority credentials granting page reception Take request;Acquiring unit 403 is used to obtain encryption user's mark from above-mentioned third-party application, its In, above-mentioned encryption user mark is to be generated and sent after above-mentioned user mark is encrypted to upper State what third-party application was stored by above-mentioned third-party application;Issuing unit 404 is used for obtaining Processing is decrypted in the encryption user mark taken, and is obtained according to decrypted result and above-mentioned authority credentials After taking request to determine that there is above-mentioned user authority credentials to obtain qualification, to above-mentioned user's sending permission Voucher.
In the present embodiment, generation unit 401, display and receiving unit 402, acquiring unit 403 and issuing unit 404 specific processing may be referred to Fig. 2 correspond to embodiment step 201, step Rapid 202 and the detailed description of step 203, it will not be repeated here.
In some optional implementations of the present embodiment, said apparatus also includes shares unit (not shown), above-mentioned shares unit are used for:The page for receiving above-mentioned user shares request, wherein, The above-mentioned page shares the information that request includes targeted customer;According to the above-mentioned page share request and Above-mentioned encryption user identifies generation and is used to making what targeted customer obtained authority credentials to share link;And Share link by above-mentioned and be sent to targeted customer.It is corresponding real that the implementation refers to above-mentioned Fig. 2 The detailed description of corresponding implementation in example is applied, will not be repeated here.
Optionally, said apparatus also includes:Statistic unit (not shown), for counting above-mentioned use Family share number, share link by targeted customer open number and to targeted customer send out Send the number of authority credentials.The implementation refers to above-mentioned Fig. 2 and corresponds to corresponding reality in embodiment The detailed description of existing mode, will not be repeated here.
In some optional implementations of the present embodiment, said apparatus also includes:Encryption is used Family identification generation unit (not shown), for using the encryption obtained by RSA cryptographic algorithms Above-mentioned user mark is encrypted the public key of centering, generation encryption user's mark.The reality Existing mode refers to the detailed description that above-mentioned Fig. 2 corresponds to corresponding implementation in embodiment, herein Repeat no more.
In some optional implementations of the present embodiment, above-mentioned issuing unit 404 is further For:Processing is decrypted to the encryption user mark of acquisition using the private key of above-mentioned encryption centering, User's mark after being decrypted.The implementation refers to above-mentioned Fig. 2 and corresponds to phase in embodiment The detailed description of implementation is answered, will not be repeated here.
In some optional implementations of the present embodiment, above-mentioned authority credentials obtains request bag Include the IP address of above-mentioned user;And above-mentioned issuing unit 404 is further used for:Determine above-mentioned The IP address of user is not included in IP address gray list set in advance;It is determined that add to above-mentioned Close user identifies the user's mark obtained after decryption processing and is not included in user's mark set in advance In gray list;It is determined that the neck that the user obtained after decryption processing identifies is identified to above-mentioned encryption user Take number to be not above user's mark set in advance and get frequency threshold value;To above-mentioned encryption user The user obtained after mark decryption processing, which identifies, carries out format check, if verification passes through, really There is fixed above-mentioned user authority credentials to obtain qualification.It is corresponding that the implementation refers to above-mentioned Fig. 2 The detailed description of corresponding implementation, will not be repeated here in embodiment.
In some optional implementations of the present embodiment, said apparatus also includes IP address ash List setting unit (not shown), above-mentioned IP address gray list setting unit are used for:According to upper The IP address for stating user judges that above-mentioned user provides above-mentioned authority credentials the access times of the page Whether IP address access times threshold value set in advance is exceeded;If it does, then by above-mentioned user IP address write above-mentioned IP address gray list, wherein, the IP in above-mentioned IP address gray list Address is prohibited to be used to obtain authority credentials in setting duration.The implementation refers to above-mentioned Fig. 2 corresponds to the detailed description of corresponding implementation in embodiment, will not be repeated here.
In some optional implementations of the present embodiment, said apparatus also includes user and identified Gray list setting unit (not shown), above-mentioned user identify gray list setting unit and are used for:Statistics Above-mentioned user was clicked between the time between above-mentioned hyperlink and the above-mentioned authority credentials acquisition request of transmission Every the number less than time interval threshold value set in advance;If count obtained number to exceed in advance The frequency threshold value first set, then the user obtained after decryption processing is identified and write above-mentioned user's mark Know gray list, wherein, user's mark that above-mentioned user is identified in gray list is setting quilt in duration Forbid being used to obtain authority credentials.The implementation refers to above-mentioned Fig. 2 and corresponds to phase in embodiment The detailed description of implementation is answered, will not be repeated here.
In some optional implementations of the present embodiment, above-mentioned authority credentials obtains request bag Include phone number;And said apparatus also includes:Determining unit (not shown), for determination It is correct to state the checking information of user's input, wherein, above-mentioned checking information is by picture or short The form of letter is sent to above-mentioned user's.The implementation refers to above-mentioned Fig. 2 and corresponds to embodiment In corresponding implementation detailed description, will not be repeated here.
Below with reference to Fig. 5, it illustrates suitable for for realizing the terminal device of the embodiment of the present application Or the structural representation of the computer system 500 of server.
As shown in figure 5, computer system 500 includes CPU (CPU) 501, its Can according to the program being stored in read-only storage (ROM) 502 or from storage part 508 The program that is loaded into random access storage device (RAM) 503 and perform various appropriate actions And processing.In RAM 503, also it is stored with system 500 and operates required various program sums According to.CPU 501, ROM 502 and RAM 503 are connected with each other by bus 504.Input / output (I/O) interface 505 is also connected to bus 504.
I/O interfaces 505 are connected to lower component:Importation 506 including keyboard, mouse etc.; Including cathode-ray tube (CRT), liquid crystal display (LCD) etc. and loudspeaker etc. Output par, c 507;Storage part 508 including hard disk etc.;And including such as LAN card, The communications portion 509 of the NIC of modem etc..Communications portion 509 is via such as The network of internet performs communication process.Driver 510 is also according to needing to be connected to I/O interfaces 505.Detachable media 511, such as disk, CD, magneto-optic disk, semiconductor memory etc., Be arranged on as needed on driver 510, in order to the computer program that reads from it according to Need to be mounted into storage part 508.
Especially, in accordance with an embodiment of the present disclosure, can be with above with reference to the process of flow chart description It is implemented as computer software programs.For example, embodiment of the disclosure includes a kind of computer journey Sequence product, it includes being tangibly embodied in the computer program on machine readable media, the meter Calculation machine program bag contains the program code for being used for the method shown in execution flow chart.In such implementation In example, the computer program can be downloaded and installed by communications portion 509 from network, And/or it is mounted from detachable media 511.In the computer program by CPU (CPU) during 501 execution, the above-mentioned function of being limited in the present processes is performed.
Flow chart and block diagram in accompanying drawing, it is illustrated that according to the system of the various embodiments of the application, Architectural framework in the cards, function and the operation of method and computer program product.This point On, each square frame in flow chart or block diagram can represent a module, program segment or code A part, a part for the module, program segment or code is used for comprising one or more The executable instruction of logic function as defined in realization.It should also be noted that at some as replacement In realization, the function of being marked in square frame can also be with different from the order marked in accompanying drawing hair It is raw.For example, two square frames succeedingly represented can essentially perform substantially in parallel, they Sometimes can also perform in the opposite order, this is depending on involved function.It is also noted that It is, each square frame and block diagram in block diagram and/or flow chart and/or the square frame in flow chart Combination, function or the special hardware based system of operation it can be realized as defined in execution, Or it can be realized with the combination of specialized hardware and computer instruction.
Being described in unit involved in the embodiment of the present application can be real by way of software It is existing, it can also be realized by way of hardware.Described unit can also be arranged on processing In device, for example, can be described as:A kind of processor includes generation unit, display and received single Member, acquiring unit and issuing unit.Wherein, the title of these units is not under certain conditions Restriction to the unit in itself is formed, for example, generation unit is also described as " according to connecing The unit of User Page access request generation user's mark of receipts ".
As on the other hand, present invention also provides a kind of nonvolatile computer storage media, The nonvolatile computer storage media can be described in above-described embodiment included in device Nonvolatile computer storage media;Can also be individualism, without non-in supplying terminal Volatile computer storage medium.Above-mentioned nonvolatile computer storage media be stored with one or The multiple programs of person, when one or more of programs are performed by an equipment so that described Equipment:User's mark is generated according to the User Page access request of reception, wherein, the page Access request is that the user is received and sent by clicking on default hyperlink in third-party application;Root Show that authority credentials provides the page according to the accessing page request, and sent out by the authority credentials Put the authority credentials acquisition request that the page receives the user;Obtain and add from the third-party application Close user's mark, wherein, the encryption user mark is after user mark is encrypted Generate and send what is stored to the third-party application by the third-party application;To obtaining Encryption user mark be decrypted processing, and according to decrypted result and authority credentials acquisition After request determines that there is authority credentials to obtain qualification by the user, to user's sending permission with Card.
Above description is only the preferred embodiment of the application and saying to institute's application technology principle It is bright.It will be appreciated by those skilled in the art that invention scope involved in the application, and it is unlimited In the technical scheme that the particular combination of above-mentioned technical characteristic forms, while it should also cover and not depart from In the case of the inventive concept, it is combined by above-mentioned technical characteristic or its equivalent feature And the other technical schemes formed.Such as features described above and (but not limited to) disclosed herein The technical scheme that technical characteristic with similar functions is replaced mutually and formed.

Claims (12)

1. a kind of authority credentials distribution method, it is characterised in that methods described includes:
User's mark is generated according to the User Page access request of reception, wherein, the page is visited It is that the user is received and sent by clicking on default hyperlink in third-party application to ask request;
Show that authority credentials provides the page according to the accessing page request, and pass through the authority Voucher provides the authority credentials acquisition request that the page receives the user;
Encryption user's mark is obtained from the third-party application, wherein, the encryption user mark It is to be generated and sent after user mark is encrypted to the third-party application by described the Tripartite's application is stored;
Processing is decrypted to the encryption user mark of acquisition, and according to decrypted result and the power After limit acquisition of credentials request determines that there is the user authority credentials to obtain qualification, to the user Sending permission voucher.
2. according to the method for claim 1, it is characterised in that methods described also includes:
The page for receiving the user shares request, wherein, the page, which shares request, includes mesh Mark the information of user;
Request is shared according to the page and the encryption user identifies generation and is used to use target Acquisition authority credentials in family shares link;
And share link by described and be sent to targeted customer.
3. according to the method for claim 2, it is characterised in that methods described also includes:
Count the user share number, share link by targeted customer open number, with And the number to targeted customer's sending permission voucher.
4. according to the method for claim 1, it is characterised in that the encryption user mark Generated by following steps:
The user is identified using the public key of the encryption centering obtained by RSA cryptographic algorithms It is encrypted, generation encryption user's mark.
5. according to the method for claim 4, it is characterised in that the encryption of described pair of acquisition Processing is decrypted in user's mark, including:
Processing is decrypted to the encryption user mark of acquisition using the private key of the encryption centering, User's mark after being decrypted.
6. according to the method for claim 1, it is characterised in that the authority credentials obtains Request includes the IP address of the user;And
It is described that the request determination user is obtained with power according to decrypted result and the authority credentials Acquisition of credentials qualification is limited, including:
Determine that the IP address of the user is not included in IP address gray list set in advance;
It is determined that the user's mark obtained after the encryption user mark decryption processing is not included in pre- The user first set is identified in gray list;
It is determined that get number to what the user obtained after the encryption user mark decryption processing identified It is not above user's mark set in advance and gets frequency threshold value;
The user obtained after decryption processing is identified to the encryption user and identifies progress format check, If verification passes through, it is determined that there is the user authority credentials to obtain qualification.
7. according to the method for claim 6, it is characterised in that the IP address ash name Single pass-through in the following manner is configured:
Judge that the user provides the page to the authority credentials according to the IP address of the user Access times whether exceed IP address access times threshold value set in advance;
If it does, the IP address of the user is then write into the IP address gray list, its In, the IP address in the IP address gray list is prohibited to be used to obtain power in setting duration Limit voucher.
8. according to the method for claim 6, it is characterised in that the user identifies grey name Single pass-through in the following manner is configured:
The user is counted to click between the hyperlink and the transmission authority credentials acquisition request Time interval be less than time interval threshold value set in advance number;
If counting obtained number exceedes frequency threshold value set in advance, after decryption processing Obtained user, which identifies, writes user's mark gray list, wherein, the user identifies grey name User's mark in list is prohibited to be used to obtain authority credentials in setting duration.
9. according to the method for claim 1, it is characterised in that the authority credentials obtains Request includes phone number;And
Described to before user's sending permission voucher, methods described also includes:
Determine that the checking information of user's input is correct, wherein, the checking information is to pass through The form of picture or short message is sent to the user's.
10. a kind of authority credentials dispensing apparatus, it is characterised in that described device includes:
Generation unit, for generating user's mark according to the User Page access request of reception, its In, the accessing page request is the user by clicking on default hyperlink in third-party application Receive and send;
Display and receiving unit, for showing authority credentials granting according to the accessing page request The page, and please by the authority credentials acquisition of the authority credentials granting page reception user Ask;
Acquiring unit, for obtaining encryption user's mark from the third-party application, wherein, institute It is to be generated and sent after user mark is encrypted to the described 3rd to state encryption user's mark Fang Yingyong is stored by the third-party application;
Issuing unit, for processing to be decrypted to the encryption user mark of acquisition, and according to solution Close result and the authority credentials obtain request and determine that there is the user authority credentials to obtain qualification Afterwards, to user's sending permission voucher.
11. device according to claim 10, it is characterised in that described device also includes Shares unit, the shares unit are used for:
The page for receiving the user shares request, wherein, the page, which shares request, includes mesh Mark the information of user;
Request is shared according to the page and the encryption user identifies generation and is used to use target Acquisition authority credentials in family shares link;
And share link by described and be sent to targeted customer.
12. device according to claim 11, it is characterised in that described device also includes:
Statistic unit, for count the user share number, share link by targeted customer The number of opening and the number to targeted customer's sending permission voucher.
CN201610285293.1A 2016-04-29 2016-04-29 Authority credentials distribution method and device Active CN107342966B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610285293.1A CN107342966B (en) 2016-04-29 2016-04-29 Authority credentials distribution method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610285293.1A CN107342966B (en) 2016-04-29 2016-04-29 Authority credentials distribution method and device

Publications (2)

Publication Number Publication Date
CN107342966A true CN107342966A (en) 2017-11-10
CN107342966B CN107342966B (en) 2019-05-03

Family

ID=60222430

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610285293.1A Active CN107342966B (en) 2016-04-29 2016-04-29 Authority credentials distribution method and device

Country Status (1)

Country Link
CN (1) CN107342966B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111145033A (en) * 2019-11-26 2020-05-12 泰康保险集团股份有限公司 Service item receiving authority processing method and device and storage medium
CN111414596A (en) * 2020-04-07 2020-07-14 中国建设银行股份有限公司 Method and device for processing request
CN111784430A (en) * 2019-09-24 2020-10-16 北京京东尚科信息技术有限公司 Authority certificate generation method and device and authority certificate verification method and device
CN113141337A (en) * 2020-01-19 2021-07-20 上海静客网络科技有限公司 High-concurrency scene processing method for online emergency purchase system
CN113205318A (en) * 2021-05-28 2021-08-03 金蝶软件(中国)有限公司 Voucher display method, voucher generation device and computer storage medium
CN113901524A (en) * 2021-12-09 2022-01-07 天津联想协同科技有限公司 Method, device and storage medium for dynamically adjusting authority through link

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102457505A (en) * 2010-10-28 2012-05-16 快乐购物有限责任公司 Shopping website management method and platform
EP2518676A1 (en) * 2011-04-28 2012-10-31 AD-X Limited Method of tracking software application internet downloads
CN103379098A (en) * 2012-04-19 2013-10-30 华为技术有限公司 Content sharing method, device and network system thereof
CN104734849A (en) * 2013-12-19 2015-06-24 阿里巴巴集团控股有限公司 Method and system for conducting authentication on third-party application

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102457505A (en) * 2010-10-28 2012-05-16 快乐购物有限责任公司 Shopping website management method and platform
EP2518676A1 (en) * 2011-04-28 2012-10-31 AD-X Limited Method of tracking software application internet downloads
CN103379098A (en) * 2012-04-19 2013-10-30 华为技术有限公司 Content sharing method, device and network system thereof
CN104734849A (en) * 2013-12-19 2015-06-24 阿里巴巴集团控股有限公司 Method and system for conducting authentication on third-party application

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111784430A (en) * 2019-09-24 2020-10-16 北京京东尚科信息技术有限公司 Authority certificate generation method and device and authority certificate verification method and device
CN111145033A (en) * 2019-11-26 2020-05-12 泰康保险集团股份有限公司 Service item receiving authority processing method and device and storage medium
CN113141337A (en) * 2020-01-19 2021-07-20 上海静客网络科技有限公司 High-concurrency scene processing method for online emergency purchase system
CN111414596A (en) * 2020-04-07 2020-07-14 中国建设银行股份有限公司 Method and device for processing request
CN113205318A (en) * 2021-05-28 2021-08-03 金蝶软件(中国)有限公司 Voucher display method, voucher generation device and computer storage medium
CN113901524A (en) * 2021-12-09 2022-01-07 天津联想协同科技有限公司 Method, device and storage medium for dynamically adjusting authority through link
CN113901524B (en) * 2021-12-09 2022-03-15 天津联想协同科技有限公司 Method, device and storage medium for dynamically adjusting authority through link

Also Published As

Publication number Publication date
CN107342966B (en) 2019-05-03

Similar Documents

Publication Publication Date Title
JP7357090B2 (en) Distributed, decentralized data aggregation
US11700257B2 (en) System and method for storing and distributing consumer information
US10956901B2 (en) Methods, apparatus and computer program products for securely accessing account data
US9721256B2 (en) System and method for providing secure product data collection, monitoring, and tracking
CN107342966B (en) Authority credentials distribution method and device
CN104040933B (en) The difference client-side encryption of the information from client
US9626696B2 (en) Techniques to verify location for location based services
JP6837066B2 (en) Information processing method and server, computer storage medium
CN102215225B (en) Technology for the context of monetizing anonymized
CN110417750A (en) File based on block chain technology is read and method, terminal device and the storage medium of storage
CN110020526A (en) The measures and procedures for the examination and approval, device and storage medium based on block chain authentication
CN107918731A (en) Method and apparatus for controlling the authority to access to open interface
CN105740670B (en) Using encryption, starting method and apparatus
CN107508839A (en) A kind of method and apparatus for controlling web system unauthorized access
CN107809436A (en) Authority discrimination method, encryption method, the apparatus and system of Internet video access
CN112287372A (en) Method and apparatus for protecting clipboard privacy
CN107154916A (en) A kind of authentication information acquisition methods, offer method and device
CN102047239A (en) Defining, distributing and presenting device experiences
US9454677B1 (en) Secure communication architecture including video sniffer
US20170200020A1 (en) Data management system, program recording medium, communication terminal, and data management server
CA3050487A1 (en) System and method for storing and distributing consumer information
US20200266991A1 (en) Cryptography method and system for securing data via electronic transmission
CN107920060A (en) Data access method and device based on account
KR101980432B1 (en) Apparatus and method for managing personal information
CN112434327A (en) Information protection method and device and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant