CN107342966B - Authority credentials distribution method and device - Google Patents

Authority credentials distribution method and device Download PDF

Info

Publication number
CN107342966B
CN107342966B CN201610285293.1A CN201610285293A CN107342966B CN 107342966 B CN107342966 B CN 107342966B CN 201610285293 A CN201610285293 A CN 201610285293A CN 107342966 B CN107342966 B CN 107342966B
Authority
CN
China
Prior art keywords
user
user identifier
authority credentials
encryption
page
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610285293.1A
Other languages
Chinese (zh)
Other versions
CN107342966A (en
Inventor
刘姗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Jingdong Shangke Information Technology Co Ltd filed Critical Beijing Jingdong Century Trading Co Ltd
Priority to CN201610285293.1A priority Critical patent/CN107342966B/en
Publication of CN107342966A publication Critical patent/CN107342966A/en
Application granted granted Critical
Publication of CN107342966B publication Critical patent/CN107342966B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

This application discloses authority credentials distribution method and devices.One specific embodiment of the method include: based on the received User Page access request generate user identifier, wherein the accessing page request is the user to be received and sent by preset hyperlink in click third-party application;It shows that authority credentials provides the page according to the accessing page request, and the authority credentials acquisition request that the page receives the user is provided by the authority credentials;Encryption user identifier is obtained from the third-party application, wherein the encryption user identifier is to generate and send to be stored to the third-party application by the third-party application after being encrypted the user identifier;The encryption user identifier of acquisition is decrypted, and according to decrypted result and the authority credentials acquisition request determine the user have authority credentials obtain qualification after, Xiang Suoshu user's sending permission voucher.The embodiment realizes securely delivering for authority credentials.

Description

Authority credentials distribution method and device
Technical field
This application involves field of computer technology, and in particular to Internet technical field more particularly to authority credentials granting Method and apparatus.
Background technique
The fast development of Internet technology and becoming increasingly popular for terminal device bring great convenience to people's lives, For example, user can be stayed indoors by shopping website buy required commodity.During using internet, if with Family is wanted to obtain certain special permissions, generally requires with the electronics authority credentials for the permission.For example, user is in certain purchase Object website goes for competitively priced permission when buying commodity, then needs the discount coupon provided with the shopping website.
In the prior art, authority credentials issuer (such as shopping website) can directly to user's issued rights voucher, It can be by third-party application to user's issued rights voucher.When passing through third-party application issued rights voucher, often exist Biggish security risk, Yi Fasheng unprincipled fellow malice get event (such as hacker simulate normal users largely get permission with Card).
Summary of the invention
The purpose of the application is to propose a kind of improved authority credentials distribution method and device, to solve background above skill The technical issues of art part is mentioned.
In a first aspect, this application provides a kind of authority credentials distribution methods, which comprises user based on the received Accessing page request generates user identifier, wherein the accessing page request is the user by clicking in third-party application What preset hyperlink received and sent;According to the accessing page request show authority credentials provide the page, and by the permission with Card provides the authority credentials acquisition request that the page receives the user;Encryption user identifier is obtained from the third-party application, In, the encryption user identifier is to generate and send to the third-party application after being encrypted the user identifier by described What third-party application was stored;The encryption user identifier of acquisition is decrypted, and according to decrypted result and the power After the determining user of acquisition of credentials request is limited with authority credentials acquisition qualification, Xiang Suoshu user's sending permission voucher.
In some embodiments, the method also includes: receive the page sharing request of the user, wherein the page Face sharing request includes the information of target user;It is used for according to the page sharing request and encryption user identifier generation Target user is set to obtain the sharing link of authority credentials;And sharing link is sent to target user.
In some embodiments, the method also includes: count the sharing number of the user, share link and used by target The number that family is opened and the number to target user's sending permission voucher.
In some embodiments, the encryption user identifier is generated by following steps: being obtained using by RSA cryptographic algorithms To the public key of encryption centering the user identifier is encrypted, generate encryption user identifier.
In some embodiments, the encryption user identifier of described pair of acquisition is decrypted, comprising: uses the encryption The encryption user identifier of acquisition is decrypted in the private key of centering, the user identifier after being decrypted.
In some embodiments, the authority credentials acquisition request includes the IP address of the user;And the basis Decrypted result and the authority credentials acquisition request determine that there is the user authority credentials to obtain qualification, comprising: described in determining The IP address of user is not included in preset IP address gray list;After determining to the encryption user identifier decryption processing Obtained user identifier is not included in preset user identifier gray list;It determines to the encryption user identifier decryption The number of getting of the user identifier obtained after reason is not above preset user identifier and gets frequency threshold value;To the encryption The user identifier obtained after user identifier decryption processing carries out format check, if verification passes through, it is determined that the user has Authority credentials obtains qualification.
In some embodiments, the IP address gray list is configured in the following manner: according to the IP of the user Whether the access times that address judges that the user provides the page to the authority credentials are more than that preset IP address accesses Frequency threshold value;If it does, the IP address gray list then is written in the IP address of the user, wherein the IP address ash IP address in list is prohibited within the set duration for obtaining authority credentials.
In some embodiments, the user identifier gray list is configured in the following manner: counting user's point The time interval hitting the hyperlink and sending between the authority credentials acquisition request is less than preset time interval threshold The number of value;If counting obtained number is more than preset frequency threshold value, the user obtained after decryption processing is marked Know and the user identifier gray list is written, wherein the user identifier in the user identifier gray list is banned within the set duration Only for obtaining authority credentials.
In some embodiments, the authority credentials acquisition request includes phone number;And described to the user Before sending permission voucher, the method also includes: determine that the verification information of user's input is correct, wherein the verifying Information is that the user is sent to by way of picture or short message.
Second aspect, this application provides a kind of authority credentials dispensing apparatus, described device includes: generation unit, is used for User Page access request generates user identifier based on the received, wherein the accessing page request is that the user passes through a little Hit what preset hyperlink in third-party application received and sent;Display and receiving unit, for being shown according to the accessing page request Authority credentials provides the page, and provides the authority credentials acquisition request that the page receives the user by the authority credentials;It obtains Unit is taken, for obtaining encryption user identifier from the third-party application, wherein the encryption user identifier is by the user Mark generates and sends after being encrypted and is stored by the third-party application to the third-party application;Issuing unit, It is determined for the encryption user identifier of acquisition to be decrypted, and according to decrypted result and the authority credentials acquisition request After there is the user authority credentials to obtain qualification, Xiang Suoshu user's sending permission voucher.
In some embodiments, described device further includes sharing unit, and the sharing unit is used for: receiving the user's Page sharing request, wherein the page sharing request includes the information of target user;According to the page sharing request and The encryption user identifier generates the sharing link for making target user obtain authority credentials;And the sharing chain is received and sent To target user.
In some embodiments, described device further include: statistic unit, for counting the sharing number of the user, dividing Enjoy the number that link is opened by target user and the number to target user's sending permission voucher.
In some embodiments, described device further include: encryption user identifier generation unit is added for using by RSA The user identifier is encrypted in the public key for the encryption centering that close algorithm obtains, and generates encryption user identifier.
In some embodiments, the issuing unit is further used for: using the private key of the encryption centering to acquisition Encryption user identifier is decrypted, the user identifier after being decrypted.
In some embodiments, the authority credentials acquisition request includes the IP address of the user;And the granting Unit is further used for: determining that the IP address of the user is not included in preset IP address gray list;It determines to institute The user identifier obtained after encryption user identifier decryption processing is stated to be not included in preset user identifier gray list;It determines Preset user's mark is not above to the number of getting of the user identifier obtained after the encryption user identifier decryption processing Frequency threshold value is got in knowledge;Format check is carried out to the user identifier obtained after the encryption user identifier decryption processing, if school It tests and passes through, it is determined that there is the user authority credentials to obtain qualification.
In some embodiments, described device further includes IP address gray list setting unit, and the IP address gray list is set Unit is set to be used for: IP address gray list setting unit, for judging the user to the power according to the IP address of the user It limits voucher and provides whether the access times of the page are more than preset IP address access times threshold value;If it does, then by institute The IP address gray list is written in the IP address for stating user, wherein the IP address in the IP address gray list is in setting duration Inside it is prohibited for obtaining authority credentials.
In some embodiments, described device further includes user identifier gray list setting unit, the user identifier ash name Single setting unit is used for: being counted the user and is clicked the hyperlink and send the time between the authority credentials acquisition request Interval is less than the number of preset time interval threshold value;If counting obtained number is more than preset number threshold Then the user identifier gray list is written, wherein the user identifier gray list in the user identifier obtained after decryption processing by value In user identifier be prohibited within the set duration for obtaining authority credentials.
In some embodiments, the authority credentials acquisition request includes phone number;And described device further include: really Order member, the verification information for determining user's input are correct, wherein the verification information is by picture or short message Form be sent to the user's.
Authority credentials distribution method and device provided by the present application are visited according to user by the page that third-party application inputs It asks that request display authority credentials provides the page, is asked later by the authority credentials acquisition that the authority credentials granting page receives user It asks, and obtains encryption user identifier from the third-party application, then the encryption user identifier is decrypted, and according to solution Close result and authority credentials acquisition request determine that there is the user authority credentials to get after qualification to user's sending permission Voucher, to improve the safety of authority credentials granting.
Detailed description of the invention
By reading a detailed description of non-restrictive embodiments in the light of the attached drawings below, the application's is other Feature, objects and advantages will become more apparent upon:
Fig. 1 is that this application can be applied to exemplary system architecture figures therein;
Fig. 2 is the flow chart according to one embodiment of the authority credentials distribution method of the application;
Fig. 3 is the schematic diagram according to an application scenarios of the authority credentials distribution method of the application;
Fig. 4 is the structural schematic diagram according to one embodiment of the authority credentials dispensing apparatus of the application;
Fig. 5 is adapted for the structural representation of the computer system for the terminal device or server of realizing the embodiment of the present application Figure.
Specific embodiment
The application is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched The specific embodiment stated is used only for explaining related invention, rather than the restriction to the invention.It also should be noted that in order to Convenient for description, part relevant to related invention is illustrated only in attached drawing.
It should be noted that in the absence of conflict, the features in the embodiments and the embodiments of the present application can phase Mutually combination.The application is described in detail below with reference to the accompanying drawings and in conjunction with the embodiments.
Fig. 1 is shown can be using the embodiment of the authority credentials distribution method or authority credentials dispensing apparatus of the application Exemplary system architecture 100.
As shown in Figure 1, system architecture 100 may include terminal device 101,102,103, network 104 and server 105. Network 104 between terminal device 101,102,103 and server 105 to provide the medium of communication link.Network 104 can be with Including various connection types, such as wired, wireless communication link or fiber optic cables etc..
User can be used terminal device 101,102,103 and be interacted by network 104 with server 105, to receive or send out Send message etc..Various telecommunication customer end applications can be installed, such as web browser is answered on terminal device 101,102,103 With, shopping class application, searching class application, instant messaging tools, mailbox client, social platform software etc..
Terminal device 101,102,103 can be the various electronic equipments with display screen and supported web page browsing, packet Include but be not limited to smart phone, tablet computer, E-book reader, MP3 player (Moving Picture Experts Group Audio Layer III, dynamic image expert's compression standard audio level 3), MP4 (Moving Picture Experts Group Audio Layer IV, dynamic image expert's compression standard audio level 4) it is player, on knee portable Computer and desktop computer etc..
Server 105 can be to provide the server of various services, such as to showing on terminal device 101,102,103 Webpage provides the backstage web page server supported.Backstage web page server can to the data such as the accessing page request received into The processing such as row analysis, and processing result (such as webpage data) is fed back into terminal device.
It should be noted that authority credentials distribution method provided by the embodiment of the present application is generally executed by server 105, Correspondingly, authority credentials dispensing apparatus is generally positioned in server 105.
It should be understood that the number of terminal device, network and server in Fig. 1 is only schematical.According to realization need It wants, can have any number of terminal device, network and server.
With continued reference to Fig. 2, the process 200 of one embodiment of the authority credentials distribution method according to the application is shown. The authority credentials distribution method, comprising the following steps:
Step 201, User Page access request generates user identifier based on the received.
In the present embodiment, electronic equipment (such as the server shown in FIG. 1 of authority credentials distribution method operation thereon 105) accessing page request can be received from terminal used by a user by wired connection mode or radio connection, Here above-mentioned electronic equipment, which can be, provides the server of various services for authority credentials issuer, for example, when above-mentioned permission with When card issuer is shopping website, above-mentioned server, which can be, provides the server of service for the shopping website, it can refer to one Platform server can also refer to a server cluster.In the present embodiment, above-mentioned accessing page request can be user and pass through a little Hit what preset hyperlink in third-party application received and sent, wherein above-mentioned third-party application refers to and authority credentials granting The different application of person, for example, when above-mentioned authority credentials issuer is shopping website or shopping APP (Application, using journey Sequence) when, above-mentioned third-party application can be different from above-mentioned shopping website or do shopping APP various applications, such as do shopping class application, Class of chatting application, web browser applications etc..Above-mentioned electronic equipment is after receiving above-mentioned accessing page request, Ke Yigen A unique user identifier is generated according to the accessing page request, which can be various forms of user identifiers, example Such as, it can be the character string of 16 bit digitals or letter that one generates at random.It is pointed out that above-mentioned radio connection It can include but is not limited to 3G/4G connection, WiFi connection, bluetooth connection, WiMAX connection, Zigbee connection, UWB (ultra Wideband) connection and other currently known or exploitation in the future radio connections.
In general, authority credentials issuer (such as shopping website) with third-party application cooperation issued rights voucher (such as Discount coupon) when, the hyperlink of a page can be provided for third-party application, user can be by clicking being somebody's turn to do in third-party application Hyperlink sends accessing page request to the server of authority credentials issuer.
Step 202, it shows that authority credentials provides the page according to accessing page request, and the page is provided by authority credentials and is connect Receive the authority credentials acquisition request of user.
In the present embodiment, above-mentioned electronic equipment can show permission according to accessing page request received in step 201 Voucher provides the page, and provides the authority credentials acquisition request that the page receives user's input by the authority credentials.Herein, it weighs Limit voucher can serve to demonstrate how that user has the voucher of certain permission, for example, the discount coupon of shopping website can be for demonstrate,proving Bright user has the voucher for the price permission that enjoys privileges in the shopping website.
Step 203, encryption user identifier is obtained from third-party application.
In the present embodiment, above-mentioned electronic equipment can obtain encryption user identifier from above-mentioned third-party application, wherein Above-mentioned encryption user identifier can be above-mentioned electronic equipment and be added the user identifier generated in step 201 using Encryption Algorithm It is generated after close, wherein above-mentioned Encryption Algorithm can be various Encryption Algorithm, such as Advanced Encryption Standard (AES, Advanced Encryption Standard), DES (Data Encryption Algorithm, data encryption algorithm) etc..Above-mentioned electronics The encryption user identifier generated after encryption can be sent to above-mentioned third-party application and be carried out in advance by the third-party application by equipment Storage.Herein, above-mentioned encryption user identifier can be stored in the Cookie of embedded browser by above-mentioned third-party application.
In some optional implementations of the present embodiment, above-mentioned encryption user identifier can be raw by following steps At: the user identifier is encrypted using the public key of the encryption centering obtained by RSA cryptographic algorithms, generates encryption User identifier.RSA cryptographic algorithms are a kind of public key encryption algorithms, its usual Mr. RSA key in a pair, one of them is secrecy Key (i.e. private key);Another is public-key cryptography (i.e. public key), can external disclosure.Encryption centering can be used in above-mentioned electronic equipment Public key above-mentioned user identifier is encrypted, the encryption user identifier generated after encryption only have using above-mentioned encryption centering private Key can just be decrypted.
Step 204, the encryption user identifier of acquisition is decrypted, and is obtained according to decrypted result and authority credentials It requests after determining that there is user authority credentials to obtain qualification, to user's sending permission voucher.
In the present embodiment, place can be decrypted in the encryption user identifier obtained in step 204 by above-mentioned electronic equipment It manages, available user identifier after decryption processing, the user identifier that above-mentioned electronic equipment can obtain decryption verify, Such as length check, format check etc., and judge whether the user is legal according to check results.Above-mentioned electronic equipment can be with Judge whether above-mentioned user there is authority credentials to obtain qualification according to authority credentials acquisition request received in step 202, if It determines that the user has and obtains qualification, then to user's sending permission voucher.
In some optional implementations of the present embodiment, place is decrypted in the above-mentioned encryption user identifier to acquisition Reason, comprising: above-mentioned electronic equipment is decrypted the encryption user identifier of acquisition using the private key of above-mentioned encryption centering, obtains User identifier after to decryption.
In some optional implementations of the present embodiment, above-mentioned authority credentials acquisition request includes the IP of above-mentioned user Address;And it is above-mentioned according to decrypted result and above-mentioned authority credentials acquisition request determine the user have authority credentials obtain money Lattice, comprising: firstly, above-mentioned electronic equipment can by the IP address for the above-mentioned user for including in above-mentioned authority credentials acquisition request with IP address in preset IP address gray list compares, and determines that the IP address of above-mentioned user is not included in and presets IP address gray list in;Secondly, above-mentioned electronic equipment can will be to the use obtained after above-mentioned encryption user identifier decryption processing Family mark is compared with the user identifier in preset user identifier gray list, is determined to above-mentioned encryption user identifier solution The user identifier obtained after close processing is not included in preset user identifier gray list;Then, above-mentioned electronic equipment can With determine to the user identifier obtained after above-mentioned encryption user identifier decryption processing get number be not above it is preset User identifier gets frequency threshold value;Finally, above-mentioned electronic equipment can will be to obtaining after above-mentioned encryption user identifier decryption processing User identifier carry out format check, if verification pass through, it is determined that the user have authority credentials obtain qualification.
Optionally, above-mentioned IP address gray list is configured in the following manner: above-mentioned electronic equipment can be according to above-mentioned Whether the access times that the IP address of user judges that above-mentioned user provides the page to above-mentioned authority credentials are more than preset IP Address access times threshold value;If it does, then above-mentioned IP address ash name is written in the IP address of above-mentioned user by above-mentioned electronic equipment It is single, wherein the IP address in above-mentioned IP address gray list is prohibited for obtaining permission within the set duration (such as in 5 minutes) Voucher.
Optionally, above-mentioned user identifier gray list is configured in the following manner: above-mentioned electronic equipment can be statistically When stating the time interval that user clicks above-mentioned hyperlink and sends between above-mentioned authority credentials acquisition request and being less than preset Between interval threshold number;If counting obtained number is more than preset frequency threshold value, above-mentioned electronic equipment can be with Above-mentioned user identifier gray list is written into the user identifier obtained after decryption processing, wherein in above-mentioned user identifier gray list User identifier is prohibited for obtaining authority credentials within the set duration (such as in 5 minutes).
In some optional implementations of the present embodiment, above-mentioned authority credentials acquisition request includes phone number;With And to before above-mentioned user's sending permission voucher, the above method can also include: that can receive user defeated for above-mentioned electronic equipment The verification information entered, and determine that the verification information of above-mentioned user input is correct, wherein above-mentioned verification information be by picture or The form of short message is sent to above-mentioned user's.It is obtained for example, receiving the authority credentials including phone number in above-mentioned electronic equipment After taking request, above-mentioned electronic equipment can be sent to the phone number include verification information short message, which can be with Character string for various forms of information, such as comprising letter and/or number can be by short message after user receives short message In include verification information be input to terminal, so that above-mentioned electronic equipment is received and is verified.
In some optional implementations of the present embodiment, above-mentioned electronic equipment can also receive the page of above-mentioned user Sharing request, wherein above-mentioned page sharing request includes the information of target user, such as user name, the pet name, the account of target user Number etc.;Then, above-mentioned electronic equipment can be used for according to above-mentioned page sharing request and the generation of above-mentioned encryption user identifier Make target user obtain authority credentials sharing link, for example, above-mentioned electronic equipment can by the user identifier of above-mentioned user into It is spliced in above-mentioned hyperlink after row encryption, to generate sharing link;Finally, above-mentioned electronic equipment can be by the sharing chain Target user is given in sending and receiving.Target user links the accessible above-mentioned authority credentials granting page by clicking above-mentioned sharing.
Optionally, above-mentioned electronic equipment can also count the sharing number of above-mentioned user, share to link and be beaten by target user The number opened and the number to target user's sending permission voucher.
With continued reference to the signal that Fig. 3, Fig. 3 are according to the application scenarios of the authority credentials distribution method of the present embodiment Figure.In the application scenarios of Fig. 3, user passes through the preset hyperlink in click chat class application to shopping website first Server initiate an accessing page request;Later, which passes through user institute according to the accessing page request received The terminal device used shows that discount coupon provides the page to user, and such as the page that Fig. 3 is shown, user can pass through text box 301 Input handset number, and discount coupon acquisition request is sent to above-mentioned server by clicking button 302;Then, above-mentioned server Encryption user identifier can be obtained from the embedded browser Cookie that above-mentioned chat class is applied;Finally, above-mentioned server is to obtaining The encryption user identifier taken is decrypted, and determines that the user has according to decrypted result and above-mentioned discount coupon acquisition request After discount coupon obtains qualification, discount coupon is sent to the user.
The method provided by the above embodiment of the application by including to encryption user identifier and authority credentials acquisition request Information verifying judge user whether have authority credentials obtain qualification, to ensure that the safety of authority credentials granting.
With further reference to Fig. 4, as the realization to method shown in above-mentioned each figure, this application provides a kind of authority credentials hairs One embodiment of device is put, the Installation practice is corresponding with embodiment of the method shown in Fig. 2, which can specifically apply In various electronic equipments.
As shown in figure 4, authority credentials dispensing apparatus 400 described in the present embodiment includes: generation unit 401, shows and connect Receive unit 402, acquiring unit 403 and issuing unit 404.Wherein, generation unit 401 is accessed for User Page based on the received Request generates user identifier, wherein above-mentioned accessing page request is that above-mentioned user is preset super in third-party application by clicking What chain received and sent;Display and receiving unit 402 are used to show that authority credentials provides the page according to above-mentioned accessing page request, and lead to It crosses above-mentioned authority credentials and provides the authority credentials acquisition request that the page receives above-mentioned user;Acquiring unit 403 is used for from above-mentioned the Tripartite's application obtains encryption user identifier, wherein above-mentioned encryption user identifier is generated after being encrypted above-mentioned user identifier And it is sent to what above-mentioned third-party application was stored by above-mentioned third-party application;Issuing unit 404 is for the encryption to acquisition User identifier is decrypted, and determines that above-mentioned user has permission according to decrypted result and above-mentioned authority credentials acquisition request After acquisition of credentials qualification, Xiang Shangshu user's sending permission voucher.
In the present embodiment, generation unit 401, display and receiving unit 402, acquiring unit 403 and issuing unit 404 Specific processing can refer to Fig. 2 corresponding embodiment step 201, the detailed description of step 202 and step 203, and details are not described herein.
In some optional implementations of the present embodiment, above-mentioned apparatus further includes sharing unit (not shown), above-mentioned Sharing unit is used for: receiving the page sharing request of above-mentioned user, wherein above-mentioned page sharing request includes the letter of target user Breath;Point for making target user obtain authority credentials is generated according to above-mentioned page sharing request and above-mentioned encryption user identifier Enjoy link;And above-mentioned sharing link is sent to target user.The implementation can refer to corresponding in above-mentioned Fig. 2 corresponding embodiment The detailed description of implementation, details are not described herein.
Optionally, above-mentioned apparatus further include: statistic unit (not shown), for counting the sharing number of above-mentioned user, dividing Enjoy the number that link is opened by target user and the number to target user's sending permission voucher.The implementation can refer to The detailed description of corresponding implementation in above-mentioned Fig. 2 corresponding embodiment, details are not described herein.
In some optional implementations of the present embodiment, above-mentioned apparatus further include: encryption user identifier generation unit (not shown), for using the public key of the encryption centering obtained by RSA cryptographic algorithms to carry out at encryption above-mentioned user identifier Reason generates encryption user identifier.The implementation can refer to the detailed of corresponding implementation in above-mentioned Fig. 2 corresponding embodiment and retouch It states, details are not described herein.
In some optional implementations of the present embodiment, above-mentioned issuing unit 404 is further used for: being added using above-mentioned The encryption user identifier of acquisition is decrypted in the private key of close centering, the user identifier after being decrypted.The implementation It can refer to the detailed description of corresponding implementation in above-mentioned Fig. 2 corresponding embodiment, details are not described herein.
In some optional implementations of the present embodiment, above-mentioned authority credentials acquisition request includes the IP of above-mentioned user Address;And above-mentioned issuing unit 404 is further used for: determining the IP address of above-mentioned user with being not included in preset IP In the gray list of location;Determination is not included in preset use to the user identifier obtained after above-mentioned encryption user identifier decryption processing Family identifies in gray list;Determination does not surpass the number of getting of the user identifier obtained after above-mentioned encryption user identifier decryption processing It crosses preset user identifier and gets frequency threshold value;To the user identifier obtained after above-mentioned encryption user identifier decryption processing into Row format verification, if verification passes through, it is determined that there is above-mentioned user authority credentials to obtain qualification.The implementation can refer to The detailed description of corresponding implementation in Fig. 2 corresponding embodiment is stated, details are not described herein.
In some optional implementations of the present embodiment, above-mentioned apparatus further includes IP address gray list setting unit (not shown), above-mentioned IP address gray list setting unit are used for: judging above-mentioned user to above-mentioned according to the IP address of above-mentioned user Whether the access times that authority credentials provides the page are more than preset IP address access times threshold value;If it does, then will Above-mentioned IP address gray list is written in the IP address of above-mentioned user, wherein the IP address in above-mentioned IP address gray list is in setting It is prohibited in length for obtaining authority credentials.The implementation can refer to corresponding implementation in above-mentioned Fig. 2 corresponding embodiment Detailed description, details are not described herein.
In some optional implementations of the present embodiment, above-mentioned apparatus further includes user identifier gray list setting unit (not shown), above-mentioned user identifier gray list setting unit are used for: being counted the above-mentioned hyperlink of above-mentioned user's click and sent above-mentioned Time interval between authority credentials acquisition request is less than the number of preset time interval threshold value;What if statistics obtained Number is more than preset frequency threshold value, then above-mentioned user identifier ash name is written in the user identifier obtained after decryption processing It is single, wherein the user identifier in above-mentioned user identifier gray list is prohibited within the set duration for obtaining authority credentials.The reality Existing mode can refer to the detailed description of corresponding implementation in above-mentioned Fig. 2 corresponding embodiment, and details are not described herein.
In some optional implementations of the present embodiment, above-mentioned authority credentials acquisition request includes phone number;With And above-mentioned apparatus further include: determination unit (not shown), the verification information for determining above-mentioned user's input are correct, wherein on Stating verification information is that above-mentioned user is sent to by way of picture or short message.The implementation can refer to above-mentioned Fig. 2 pairs The detailed description of corresponding implementation in embodiment is answered, details are not described herein.
Below with reference to Fig. 5, it illustrates the calculating of the terminal device or server that are suitable for being used to realize the embodiment of the present application The structural schematic diagram of machine system 500.
As shown in figure 5, computer system 500 includes central processing unit (CPU) 501, it can be read-only according to being stored in Program in memory (ROM) 502 or be loaded into the program in random access storage device (RAM) 503 from storage section 508 and Execute various movements appropriate and processing.In RAM 503, also it is stored with system 500 and operates required various programs and data. CPU 501, ROM 502 and RAM 503 are connected with each other by bus 504.Input/output (I/O) interface 505 is also connected to always Line 504.
I/O interface 505 is connected to lower component: the importation 506 including keyboard, mouse etc.;It is penetrated including such as cathode The output par, c 507 of spool (CRT), liquid crystal display (LCD) etc. and loudspeaker etc.;Storage section 508 including hard disk etc.; And the communications portion 509 of the network interface card including LAN card, modem etc..Communications portion 509 via such as because The network of spy's net executes communication process.Driver 510 is also connected to I/O interface 505 as needed.Detachable media 511, such as Disk, CD, magneto-optic disk, semiconductor memory etc. are mounted on as needed on driver 510, in order to read from thereon Computer program be mounted into storage section 508 as needed.
Particularly, in accordance with an embodiment of the present disclosure, it may be implemented as computer above with reference to the process of flow chart description Software program.For example, embodiment of the disclosure includes a kind of computer program product comprising be tangibly embodied in machine readable Computer program on medium, the computer program include the program code for method shown in execution flow chart.At this In the embodiment of sample, which can be downloaded and installed from network by communications portion 509, and/or from removable Medium 511 is unloaded to be mounted.When the computer program is executed by central processing unit (CPU) 501, execute in the present processes The above-mentioned function of limiting.
Flow chart and block diagram in attached drawing are illustrated according to the system of the various embodiments of the application, method and computer journey The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation A part of one module, program segment or code of table, a part of the module, program segment or code include one or more Executable instruction for implementing the specified logical function.It should also be noted that in some implementations as replacements, institute in box The function of mark can also occur in a different order than that indicated in the drawings.For example, two boxes succeedingly indicated are practical On can be basically executed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.Also it wants It is noted that the combination of each box in block diagram and or flow chart and the box in block diagram and or flow chart, Ke Yiyong The dedicated hardware based system of defined functions or operations is executed to realize, or can be referred to specialized hardware and computer The combination of order is realized.
Being described in unit involved in the embodiment of the present application can be realized by way of software, can also be by hard The mode of part is realized.Described unit also can be set in the processor, for example, can be described as: a kind of processor packet Include generation unit, display and receiving unit, acquiring unit and issuing unit.Wherein, the title of these units is under certain conditions The restriction to the unit itself is not constituted, " User Page accesses based on the received for example, generation unit is also described as Request generates the unit of user identifier ".
As on the other hand, present invention also provides a kind of nonvolatile computer storage media, the non-volatile calculating Machine storage medium can be nonvolatile computer storage media included in device described in above-described embodiment;It is also possible to Individualism, without the nonvolatile computer storage media in supplying terminal.Above-mentioned nonvolatile computer storage media is deposited One or more program is contained, when one or more of programs are executed by an equipment, so that the equipment: according to Received User Page access request generates user identifier, wherein the accessing page request is the user by clicking the Preset hyperlink receives and sends in tripartite's application;It shows that authority credentials provides the page according to the accessing page request, and passes through The authority credentials provides the authority credentials acquisition request that the page receives the user;Encryption is obtained from the third-party application to use Family mark, wherein the encryption user identifier is to generate and send after being encrypted the user identifier to the third party Using what is stored by the third-party application;The encryption user identifier of acquisition is decrypted, and is tied according to decryption After fruit and the authority credentials acquisition request determine that there is the user authority credentials to obtain qualification, Xiang Suoshu user's sending permission Voucher.
Above description is only the preferred embodiment of the application and the explanation to institute's application technology principle.Those skilled in the art Member is it should be appreciated that invention scope involved in the application, however it is not limited to technology made of the specific combination of above-mentioned technical characteristic Scheme, while should also cover in the case where not departing from the inventive concept, it is carried out by above-mentioned technical characteristic or its equivalent feature Any combination and the other technical solutions formed.Such as features described above has similar function with (but being not limited to) disclosed herein Can technical characteristic replaced mutually and the technical solution that is formed.

Claims (14)

1. a kind of authority credentials distribution method, which is characterized in that the described method includes:
The accessing page request of user generates user identifier based on the received, wherein the accessing page request is the user It is received and sent by clicking preset hyperlink in third-party application;
It shows that authority credentials provides the page according to the accessing page request, and the page is provided by the authority credentials and receives institute State the authority credentials acquisition request of user;
From the third-party application obtain encryption user identifier, wherein the encryption user identifier be by the user identifier into It generates and sends after row encryption and is stored by the third-party application to the third-party application;
The encryption user identifier of acquisition is decrypted, and is determined according to decrypted result and the authority credentials acquisition request After there is the user authority credentials to obtain qualification, Xiang Suoshu user's sending permission voucher.
2. the method according to claim 1, wherein the method also includes:
Receive the page sharing request of the user, wherein the page sharing request includes the information of target user;
It is generated according to the page sharing request and the encryption user identifier for making target user obtain authority credentials Share link;
And sharing link is sent to target user.
3. according to the method described in claim 2, it is characterized in that, the method also includes:
It counts the sharing number of the user, share the number opened by target user of link and to target user's transmission route Limit the number of voucher.
4. the method according to claim 1, wherein the encryption user identifier is generated by following steps:
The user identifier is encrypted using the public key of the encryption centering obtained by RSA cryptographic algorithms, generates and adds Close user identifier.
5. according to the method described in claim 4, it is characterized in that, place is decrypted in the encryption user identifier of described pair of acquisition Reason, comprising:
The encryption user identifier of acquisition is decrypted using the private key of the encryption centering, user's mark after being decrypted Know.
6. the method according to claim 1, wherein the authority credentials acquisition request includes the IP of the user Address;And
It is described to determine that there is the user authority credentials to obtain qualification, packet according to decrypted result and the authority credentials acquisition request It includes:
Determine that the IP address of the user is not included in preset IP address gray list;
It determines and preset user identifier is not included in the user identifier obtained after the encryption user identifier decryption processing In gray list;
Determine that the number of getting to the user identifier obtained after the encryption user identifier decryption processing is not above and presets User identifier get frequency threshold value;
Format check is carried out to the user identifier obtained after the encryption user identifier decryption processing, if verification passes through, really There is the fixed user authority credentials to obtain qualification.
7. according to the method described in claim 6, it is characterized in that, the IP address gray list is set in the following manner It sets:
According to the IP address of the user judge the user to the authority credentials provide the page access times whether be more than Preset IP address access times threshold value;
If it does, the IP address gray list then is written in the IP address of the user, wherein in the IP address gray list IP address be prohibited within the set duration for obtaining authority credentials.
8. according to the method described in claim 6, it is characterized in that, the user identifier gray list is set in the following manner It sets:
The time interval that the user clicks the hyperlink and sends between the authority credentials acquisition request is counted to be less than in advance The number of the time interval threshold value first set;
If counting obtained number is more than preset frequency threshold value, the user identifier obtained after decryption processing is written The user identifier gray list, wherein the user identifier in the user identifier gray list is prohibited to be used within the set duration Obtain authority credentials.
9. the method according to claim 1, wherein the authority credentials acquisition request includes phone number;With And
Described to before user's sending permission voucher, the method also includes:
Determine that the verification information of user's input is correct, wherein the verification information is by way of picture or short message It is sent to the user's.
10. a kind of authority credentials dispensing apparatus, which is characterized in that described device includes:
Generation unit generates user identifier for User Page access request based on the received, wherein the accessing page request The user is received and sent by clicking preset hyperlink in third-party application;
Display and receiving unit for showing that authority credentials provides the page according to the accessing page request, and pass through the power Limit voucher provides the authority credentials acquisition request that the page receives the user;
Acquiring unit, for obtaining encryption user identifier from the third-party application, wherein the encryption user identifier is by institute It states to generate and send after user identifier is encrypted and be stored by the third-party application to the third-party application;
Issuing unit, for the encryption user identifier of acquisition to be decrypted, and according to decrypted result and the permission with After card acquisition request determines that there is the user authority credentials to obtain qualification, Xiang Suoshu user's sending permission voucher.
11. device according to claim 10, which is characterized in that described device further includes sharing unit, and the sharing is single Member is used for:
Receive the page sharing request of the user, wherein the page sharing request includes the information of target user;
It is generated according to the page sharing request and the encryption user identifier for making target user obtain authority credentials Share link;
And sharing link is sent to target user.
12. device according to claim 11, which is characterized in that described device further include:
Statistic unit, for counting the sharing number of the user, sharing the number opened by target user of link and to mesh Mark the number of user's sending permission voucher.
13. a kind of equipment, comprising:
Processor;
Storage device, for storing one or more programs,
When one or more of programs are executed by the processor, so that the processor is realized as appointed in claim 1-9 Method described in one.
14. a kind of computer readable storage medium, is stored thereon with computer program, wherein described program is executed by processor Method of the Shi Shixian as described in any in claim 1-9.
CN201610285293.1A 2016-04-29 2016-04-29 Authority credentials distribution method and device Active CN107342966B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610285293.1A CN107342966B (en) 2016-04-29 2016-04-29 Authority credentials distribution method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610285293.1A CN107342966B (en) 2016-04-29 2016-04-29 Authority credentials distribution method and device

Publications (2)

Publication Number Publication Date
CN107342966A CN107342966A (en) 2017-11-10
CN107342966B true CN107342966B (en) 2019-05-03

Family

ID=60222430

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610285293.1A Active CN107342966B (en) 2016-04-29 2016-04-29 Authority credentials distribution method and device

Country Status (1)

Country Link
CN (1) CN107342966B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111784430B (en) * 2019-09-24 2024-06-18 北京京东尚科信息技术有限公司 Authority certificate generation method and device and authority certificate verification method and device
CN111145033A (en) * 2019-11-26 2020-05-12 泰康保险集团股份有限公司 Service item receiving authority processing method and device and storage medium
CN113141337A (en) * 2020-01-19 2021-07-20 上海静客网络科技有限公司 High-concurrency scene processing method for online emergency purchase system
CN111414596A (en) * 2020-04-07 2020-07-14 中国建设银行股份有限公司 Method and device for processing request
CN113205318B (en) * 2021-05-28 2024-07-26 金蝶软件(中国)有限公司 Credential display method, credential generation device and computer storage medium
CN113901524B (en) * 2021-12-09 2022-03-15 天津联想协同科技有限公司 Method, device and storage medium for dynamically adjusting authority through link

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102457505A (en) * 2010-10-28 2012-05-16 快乐购物有限责任公司 Shopping website management method and platform
EP2518676A1 (en) * 2011-04-28 2012-10-31 AD-X Limited Method of tracking software application internet downloads
CN103379098A (en) * 2012-04-19 2013-10-30 华为技术有限公司 Content sharing method, device and network system thereof
CN104734849A (en) * 2013-12-19 2015-06-24 阿里巴巴集团控股有限公司 Method and system for conducting authentication on third-party application

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102457505A (en) * 2010-10-28 2012-05-16 快乐购物有限责任公司 Shopping website management method and platform
EP2518676A1 (en) * 2011-04-28 2012-10-31 AD-X Limited Method of tracking software application internet downloads
CN103379098A (en) * 2012-04-19 2013-10-30 华为技术有限公司 Content sharing method, device and network system thereof
CN104734849A (en) * 2013-12-19 2015-06-24 阿里巴巴集团控股有限公司 Method and system for conducting authentication on third-party application

Also Published As

Publication number Publication date
CN107342966A (en) 2017-11-10

Similar Documents

Publication Publication Date Title
CN107342966B (en) Authority credentials distribution method and device
US20230362166A1 (en) System and method for storing and distributing consumer information
JP7027475B2 (en) Decentralized, decentralized data aggregation
US20210192497A1 (en) Methods, apparatus and computer program products for securely accessing account data
CN101160787B (en) Method, apparatus and data download system for controlling the validity of the download transaction
CN106533665B (en) Mthods, systems and devices for storing website private key plaintext
US8239926B1 (en) Method and system for obtaining identification information on a mobile device
US20170180337A1 (en) Techniques to verify location for location based services
CN112333198A (en) Secure cross-domain login method, system and server
CN103488922B (en) A kind of method and apparatus for providing identifying code
CN103095457A (en) Login and verification method for application program
CN111199037B (en) Login method, system and device
CN105740670B (en) Using encryption, starting method and apparatus
US11870902B2 (en) Authenticating a messaging program session
WO2023005838A1 (en) Data sharing method and electronic device
CN112287372A (en) Method and apparatus for protecting clipboard privacy
CN105119928A (en) Data transmission method, device and system for Android intelligent terminal
CN107920060A (en) Data access method and device based on account
CN107154916A (en) A kind of authentication information acquisition methods, offer method and device
CN110717128B (en) Method, device, terminal and storage medium for processing in-application webpage
US11133926B2 (en) Attribute-based key management system
CN109120576B (en) Data sharing method and device, computer equipment and storage medium
CN113259353A (en) Information processing method and device and electronic equipment
CN110034922A (en) Request processing method, processing device, request verification method and verification device
CN111125734B (en) Data processing method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant