CN107517103A - The verification method of authority, device and system - Google Patents
The verification method of authority, device and system Download PDFInfo
- Publication number
- CN107517103A CN107517103A CN201710732342.6A CN201710732342A CN107517103A CN 107517103 A CN107517103 A CN 107517103A CN 201710732342 A CN201710732342 A CN 201710732342A CN 107517103 A CN107517103 A CN 107517103A
- Authority
- CN
- China
- Prior art keywords
- token
- authority
- effective
- server
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a kind of verification method of authority, device and system.Wherein, this method includes:Whether when the use for receiving object is asked, detecting in target device includes effective token, wherein, when object logs in target device, the effective token of the reception server generation, token includes:Second token of the first token of the hardware authority including object and the application permission comprising object;In the case where target device includes effective token, the authority according to corresponding to effective token authentication using request.The present invention solves the technical problem of the right management method in the absence of cloud terminal system in the prior art.
Description
Technical field
The present invention relates to data processing field, in particular to a kind of verification method of authority, device and system.
Background technology
With development communication technologies, cloud service turns into new trend, and the various cloud service systems based on network are continuous
Occur, cloud terminal system is exactly one of which, and in this system, terminal device is all without actual data processing
Application program is integrated in the server, and data are carried out to application program according to the instruction that terminal device is transmitted by server
Reason, and data processed result is transmitted to the GPU having to terminal device, terminal device by itself in the way of image is transmitted
The information that (image processor) transmits to processor is decoded and rendered, and obtains final runnable interface.
Such scheme not only reduces the operating cost of equipment in terminal, also achieves the shared of terminal device, has very
High practical value, but because this terminal device can realize users to share, therefore protect the privacy of each user then very
It is important, but in the prior art, and in the absence of the digital right management scheme applied to this cloud terminal system.
The problem of right management method for cloud terminal system is not present in the prior art, not yet propose at present effective
Solution.
The content of the invention
The embodiments of the invention provide a kind of verification method of authority, device and system, at least to solve in the prior art
In the absence of the technical problem of the right management method of cloud terminal system.
One side according to embodiments of the present invention, there is provided a kind of verification method of authority, including:When receiving object
Use request when, detect target device in whether include effective token, wherein, when object log in target device when, reception
The effective token of server generation, token include:First token of the hardware authority comprising object and the application comprising object
Second token of authority;In the case where target device includes effective token, request pair is used according to effective token authentication
The authority answered.
Further, to the log-on message of server sending object;The authority information for the object that the reception server returns, its
In, authority information includes:Hardware authority and application permission.
Further, whether detect includes the token of object in target device;Include the token of object in target device
In the case of, judge whether the token of object is effective;In the case of the token for not including object in target device, pass through login
Target device asks the token of generation object to server.
Further, judge whether token is overtime;If token is overtime, the token of generation object is asked to server;
If token has not timed out, it is determined that token is effective.
Further, from the overtime token of object extracting object token solicited message, and the token of object is asked
Information is sent to server;In the case where server is proved to be successful to token solicited message, the object of the reception server generation
Token.
Further, authority corresponding to request is used if effectively included in the authority information included by token, really
It is fixed to use Authority Verification success corresponding to request;If do not include in the authority information included by effective token using request pair
The authority answered, it is determined that failed using Authority Verification corresponding to request.
Further, the situation using authority corresponding to request is included in the authority information included by effective token
Under, check code corresponding to token is sent to server, wherein, the authority information in token is compressed to obtain the verification of token
Code;In the case of server is successful to verification code check, determine that object has using authority corresponding to request.
Further, if it is determined that using Authority Verification success corresponding to request, then select authorization object;Request will be used
Corresponding permission grant is to authorization object.
Another aspect according to embodiments of the present invention, a kind of verification method of authority is additionally provided, including:When object logs in
During target device, the effective token of object is generated, wherein, token includes:First token of the hardware authority comprising object and
Second token of the application permission comprising object;The effective token of object is back to object.
Further, when receiving the token solicited message of object, the token solicited message of object is verified, its
In, the token solicited message of target device extracting object from the overtime token of object;In the case where being proved to be successful, generation pair
The effective token of elephant.
Further, the effective token of object is sent to all online equipments of object.
Further, when receiving check code corresponding to effective token, check code is verified, wherein, target is set
It is standby that authority information in token is compressed to obtain the check code of token;In the case where being proved to be successful to check code, it is determined that
Object has using authority corresponding to request.
Further, it is authority information corresponding to object distribution when receiving the log-on message of object, wherein, authority letter
Breath includes:Hardware authority and application permission.
Further, the authorization token of request server generation authorization object, wherein, the authority of authorization token is less than or equal to
The effective token of object, the authorization token that authorization object the reception server returns.
Further, the hardware authority of any one hardware includes carrying out different behaviour to any one hardware in target device
The Multiple stage hardware authority of work, the application permission of any one application include carrying out application the multistage application authority of different operating.
Another aspect according to embodiments of the present invention, a kind of checking device of authority is additionally provided, including:Detection module,
For when the use for receiving object is asked, whether including effective token in detection target device, wherein, when object logs in
During target device, the effective token of the reception server generation, token includes:First token of the hardware authority comprising object and
Second token of the application permission comprising object;Authentication module, in the case of including effective token in target device, root
Authority corresponding to request is used according to effective token authentication.
Another aspect according to embodiments of the present invention, a kind of checking device of authority is additionally provided, including:Generation module,
For when object log in target device when, effective token of the object of generation, wherein, token includes:Hardware power comprising object
Second token of the first token of limit and the application permission comprising object;Module is returned to, for the effective token of object to be returned
It is back to object.
Another aspect according to embodiments of the present invention, a kind of checking system of authority is additionally provided, including:Server, use
When object login target device, the effective token of the object of generation, wherein, token includes:Hardware power comprising object
Second token of the first token of limit and the application permission comprising object;Target device, with server communication, received for working as
Whether during the use request of object, detecting in target device includes effective token, includes effective token in target device
In the case of, the authority according to corresponding to effective token authentication using request.
Further, target device is additionally operable to the log-on message to server sending object;Server is additionally operable to generation pair
The authority information of elephant, wherein, authority information includes:Hardware authority information and/or application permission information.
Further, target device is additionally operable to include in the authority information included by effective token and corresponded to using request
Authority in the case of, to server send token corresponding to check code, wherein, the authority information in token is compressed
To the check code of token;Server is additionally operable to verify check code, and in the case where being proved to be successful, is asked it is determined that using
Corresponding Authority Verification success.
Another aspect according to embodiments of the present invention, additionally provides a kind of storage medium, and storage medium includes the journey of storage
Sequence, wherein, equipment performs the verification method of the authority of above-mentioned any one where controlling storage medium when program is run.
Another aspect according to embodiments of the present invention, a kind of processor being additionally provided, processor is used for operation program, its
In, program performs the verification method of the authority of above-mentioned any one when running.
In embodiments of the present invention, whether when the use for receiving object is asked, detecting in target device includes effectively
Token, wherein, target device is the equipment that logins successfully of object, and token includes:For testing the hardware authority of object
The first token and the second token for being verified to the application permission of object of card, include effective token in target device
In the case of, according to authority corresponding to effective token to server request use request.Such scheme provides one kind and is directed to
In the Authority Verification mode of cloud terminal, the Authority Verification of cloud terminal is divided into hardware authority and tested and application permission checking, this side
Formula meets cloud terminal and handled without real data, but with this feature of hardware device, solves and be not present in the prior art
The technical problem of the right management method of cloud terminal system, so that cloud terminal ensures each while realizing that more people are shared
The privacy of user, and authority can be managed and be distributed according to different scenes.
Brief description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, forms the part of the application, this hair
Bright schematic description and description is used to explain the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart according to a kind of verification method of authority of the embodiment of the present application;
Fig. 2 is the flow chart that target device is logged according to a kind of object of the embodiment of the present application;
Fig. 3 is the flow chart that hardware authority is verified according to a kind of target device of the embodiment of the present application;
Fig. 4 is the flow chart that application permission is verified according to a kind of target device of the embodiment of the present application;
Fig. 5 is the flow chart according to a kind of verification method of authority of the embodiment of the present application;
Fig. 6 is the schematic diagram according to a kind of checking system of authority of the embodiment of the present application;
Fig. 7 is the structural representation according to a kind of checking system of authority of the embodiment of the present application;
Fig. 8 is the schematic diagram according to a kind of checking device of authority of the embodiment of the present application;And
Fig. 9 is the schematic diagram according to a kind of checking device of authority of the embodiment of the present application.
Embodiment
In order that those skilled in the art more fully understand the present invention program, below in conjunction with the embodiment of the present invention
Accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is only
The embodiment of a part of the invention, rather than whole embodiments.Based on the embodiment in the present invention, ordinary skill people
The every other embodiment that member is obtained under the premise of creative work is not made, it should all belong to the model that the present invention protects
Enclose.
It should be noted that term " first " in description and claims of this specification and above-mentioned accompanying drawing, "
Two " etc. be for distinguishing similar object, without for describing specific order or precedence.It should be appreciated that so use
Data can exchange in the appropriate case, so as to embodiments of the invention described herein can with except illustrating herein or
Order beyond those of description is implemented.In addition, term " comprising " and " having " and their any deformation, it is intended that cover
Cover it is non-exclusive include, be not necessarily limited to for example, containing the process of series of steps or unit, method, system, product or equipment
Those steps or unit clearly listed, but may include not list clearly or for these processes, method, product
Or the intrinsic other steps of equipment or unit.
Embodiment 1
According to embodiments of the present invention, there is provided a kind of embodiment of the verification method of authority is, it is necessary to illustrate, in accompanying drawing
Flow the step of illustrating can be performed in the computer system of such as one group computer executable instructions, although also,
Show logical order in flow charts, but in some cases, can with different from order herein perform it is shown or
The step of description.
Fig. 1 is according to a kind of flow chart of the verification method of authority of the embodiment of the present application, with reference to shown in Fig. 1, this method
Including:
Step S102, whether when the use for receiving object is asked, detecting in target device includes effective token, its
In, when object logs in target device, the effective token of the reception server generation, token includes:Hardware power comprising object
Second token of the first token of limit and the application permission comprising object.
Specifically, above-mentioned target device can be cloud terminal, cloud terminal is without the data processing of reality, all applications
Program is integrated to carry out data processing according to the instruction that cloud terminal is transmitted by server to application program in the server, and
Data processed result is transmitted to cloud terminal in the way of image is transmitted, the GPU (image procossings that cloud terminal has by itself
Device) to processor transmission information decoded and rendered, show final runnable interface.
Above-mentioned object can be the user of currently used cloud terminal, and the use request of object can be that cloud is moved by user
Operation generation.After user logs in cloud terminal, cloud terminal can be operated, so as to generate using request, to using
The authority that the asked hardware device of request or application program are operated is using the corresponding authority of request.Above-mentioned token
It can be generated in the case of user's login cloud terminal is successful by server.
Above-mentioned hardware authority is used to verify the hardware included by cloud terminal, and the external equipment to communicate with cloud terminal, example
Such as:The equipment such as camera in cloud terminal, the external connection keyboard to be communicated with cloud terminal.Above-mentioned application permission is that active user's request makes
The authority of application program, namely software authority.
In a kind of optional embodiment, user operates to current cloud terminal after cloud terminal is logged in, works as user
Select during this application program of camera, it is necessary to carry out the checking of hardware authority to the camera of cloud terminal, and this is soft to camera
The application permission of part carries out the checking of application permission.
Fig. 2 is the flow chart that target device is logged according to a kind of object of the embodiment of the present application, with reference to shown in Fig. 2
Example logs in target device to object and is described, and in this example, target device is cloud terminal, and object is login cloud terminal
User.
Step S21, the encryption of cloud terminal log-on message.
In above-mentioned steps, cloud terminal receives the log-on message of user's input, and logon information is encrypted.
Step S22, send to service end UM modules and verified.
In above-mentioned steps, service end (and server) UM modules are the user management module in server, are stored with pre-
The user profile first registered, when users log on, service end are verified by the module to the log-on message of user.
Step S23, verify whether to pass through.If the verification passes, then into step S26, otherwise into step S24.
Step S24, cloud terminal notifying login failure.
Step S25, cloud terminal show login interface.
In the case of cloud terminal login failure, login interface is shown again, is entered so that user re-enters log-on message
Row logs in.
Step S26, service end generation picture.
In the case where cloud terminal logins successfully, service end generation logins successfully corresponding picture, and picture is returned
To cloud terminal, the picture can be using cloud terminal main interface or log in successful prompting interface etc..
Step S27, cloud terminal display.
Cloud terminal shows the picture of service end generation, so that user can be worked on to cloud terminal.
Step S104, in the case where target device includes effective token, request is used according to effective token authentication
Corresponding authority.
, can be to using request pair only in the case where target device includes effective token in above-mentioned steps
The authority answered is verified, in the case where being proved to be successful, the current object for logging in target device, which just has permission to use, asks
Ask corresponding hardware or application.
Herein it should be noted that the application such scheme will not use request to send to server, by server pair
Verified using authority corresponding to request, but directly in target device, this side is carried out, so as to avoid excessive data
Interaction.
In a kind of optional embodiment, after user logs in cloud terminal, the use that camera function is initiated to cloud terminal is asked,
In the case that the determination of cloud terminal there are the token of effect, the camera using the first token to server request using cloud terminal
Authority, use the authority of application program of taking pictures to server request using the second token.
From the foregoing, it will be observed that the above embodiments of the present application when receive object use ask when, detect target device in whether
Including effective token, wherein, target device is the equipment that object logins successfully, and token includes:For the hardware power to object
The first token verified and the second token for being verified to the application permission of object are limited, is included in target device
In the case of the token of effect, according to authority corresponding to effective token to server request use request.Such scheme provides
A kind of Authority Verification mode for being directed to cloud terminal, the Authority Verification of cloud terminal is divided into hardware authority tested and tested with application permission
Card, this mode meet cloud terminal and handled without real data, but with this feature of hardware device, solve prior art
In be not present cloud terminal system right management method technical problem so that cloud terminal is while realizing that more people share
Ensure the privacy of each user, and authority can be managed and be distributed according to different scenes.
Optionally, according to the above embodiments of the present application, before receiving using request, the above method also includes:Pass through
Server is registered to object, wherein, object is registered by server, including:
Step S106, to the log-on message of server sending object.
Step S108, the authority information for the object that the reception server returns, wherein, authority information includes:Hardware authority and
Application permission.
In above-mentioned steps, after object registration success, server can be according to the power of the request returning an object value of object
Limit information.
Optionally, whether according to the above embodiments of the present application, detecting in target device includes effective token, including:
Step S1021, detect the token for whether including object in target device.
Step S1023, in the case where target device includes the token of object, judge whether the token of object is effective.
In above-mentioned steps, whether token can effectively determine that overtime token is according to the time that token generates
Invalid token.
Step S1025, in target device not include object token in the case of, by logging in target device to service
The token of device request generation object.
In a kind of optional embodiment, user uses the cloud terminal first, therefore does not include the user in the cloud terminal
Token.When user operates to the cloud terminal, user needs to log in the cloud terminal, so that server generation user is effective
Token.
Optionally, according to the above embodiments of the present application, judge whether the token of object is effective, including:
Step S10231, judge whether token is overtime.
Step S10233, if token is overtime, the token of generation object is asked to server.
Step S10235, if token has not timed out, it is determined that token is effective.
In a kind of optional embodiment, user once used the cloud terminal, and upper when reusing the cloud terminal
The interval time of first use is longer, cause last time using when the token that is generated have timed, out, now the user needs again
Generation token is asked to server.
In an alternative embodiment, the currently used cloud terminal of user is shorter apart from the time that last time uses, therefore
The token that is retained in cloud terminal simultaneously has not timed out, therefore user can use what this have not timed out, i.e., effective token carries out authority
Checking.
Optionally, according to the above embodiments of the present application, in the case of effective token of object is not present in target device,
The token of generation object can be asked to server as follows, including:
Step S10251, the token solicited message of extracting object from the overtime token of object, and please by the token of object
Information is asked to send to server.
In above-mentioned steps, object sends the token solicited message extracted in overtime token to server, server root
Determine which target device the request comes from according to token solicited message, you can generation logs in the order of the object of the target device
Board, logged in again without object.
Step S10253, in the case where server is proved to be successful to token solicited message, pair of the reception server generation
The token of elephant.
As in a kind of optional embodiment, the mark of one or more target devices can also be included in token solicited message
Know, server determines the token which being returned to after token is generated according to the mark of target device in token generation request
A little equipment.And when not including target device mark in token solicited message, server can send out the effective token of object
Deliver in all online equipments of object, it is achieved thereby that the token that multiple devices are completed by an equipment is asked, and then
User can use multiple devices simultaneously, and without generating token one by one, cloud terminal so can be achieved under several scenes
Authority distribution.
Optionally, according to the above embodiments of the present application, the authority according to corresponding to effective token authentication using request, bag
Include:
Step S1041, authority corresponding to request is used if effectively included in the authority information included by token, really
It is fixed to use Authority Verification success corresponding to request.
Step S1043, if do not included in the authority information included by token effectively using authority corresponding to request,
It is determined that failed using Authority Verification corresponding to request.
In a kind of optional above-described embodiment, still so that the use request of user is taken pictures for request as an example, if user
The camera authority of terminal is included in first token, and the application power of this application software of camera is included in the second token of user
Limit, it is determined that certification success, user can be taken pictures with using terminal.If taking the photograph not comprising terminal in the first token of user
Application permission as not including this application software of camera in head authority, or the second token of user, it is determined that authentication failed, use
Family can not be taken pictures using the terminal.
Optionally, according to the above embodiments of the present application, it is determined that also being wrapped using Authority Verification success, method corresponding to request
Include:
Step S1041, the situation using authority corresponding to request is included in the authority information included by effective token
Under, check code corresponding to token is sent to server, wherein, the authority information in token is compressed to obtain the verification of token
Code.
Step S1043, in the case of server is successful to verification code check, determine that object has using corresponding to request
Authority.
Specifically, in above-mentioned steps, after the Authority Verification success for the use request that object is sent, it is also necessary to it is determined that
Whether the terminal is in same communication system with server, i.e., whether terminal has permission and communicated with server, only exists
Terminal has permission communicated with server in the case of, using request corresponding authority be just proved to be successful, server can be held
The use request of row object.Therefore above-mentioned steps generate check code verified server, to determine that target device is had the right
Limit interacts with server.
Optionally, according to the above embodiments of the present application, according to effective token authentication using request corresponding to authority it
Afterwards, the above method also includes:
Step S1010, if using Authority Verification success corresponding to request, select authorization object.
Step S1012, permission grant corresponding to request will be used to authorization object.
In above-mentioned steps, the step of permission grant corresponding to request is to authorization object will be used to include:Request clothes
The authorization token of business device generation authorization object, wherein, the authority of authorization token is less than or equal to the effective token of object, mandate pair
The authorization token returned as the reception server.
Optionally, in the above embodiments of the present application, the hardware authority of any one hardware is included to appointing in target device
One hardware of meaning carries out the Multiple stage hardware authority of different operating, and the application permission of any one application is included to different using carrying out
The multistage application authority of operation.
Specifically, each target device feature according to possessed by itself can take out different equipment authorities (i.e. firmly
Part authority).Such as:Equipment addition, delete, function modification.Application permission then needs specific abstract.With the handheld device of PAD classes
Exemplified by, except the authority that operates with of basic display screen, the also built-in device such as various kinds of sensors or bluetooth so that equipment has
A variety of different use functions, these functions can all generate corresponding authority.Such scheme can according to distinct device feature come
Difference in functionality authority is deleted in dynamic addition, very flexibly.Application permission is similar with hardware authority, and every kind of different application is soft
Part can take out different authorities according to different characteristic.
Such scheme can be implemented in multiple scenes, carry out example below with two scenes:
1st, the more equipment seamless switchings of picture and duplication
A equipment pictures are now switched to B device by user when using A equipment.It can just be completed directly in A equipment
Control the Authority Verification of B device.A equipment retransmits token check code, and after server verification passes through, A equipment is replicated on B device
The picture of display, then, as long as the first token and the second token are distributed to B device by server, user just can be directly in B device
On be worked on.
2nd, more equipment quick starts.
User needs to carry out other operations on B device when using device A, similar with the process in scene 1,
The Authority Verification of control B device can be just completed directly in A equipment, A retransmits token check code, after server verification passes through,
Designated software is opened on B device and performs required movement, new picture is generated and is sent to B, server is again by the first token and second
Token is distributed to B device, it becomes possible to while use two equipment of A and B.
3rd, multi-user's picture is shared
User A selects other n user B cloud terminal device (various ways such as Bluetooth pairing, barcode scanning) to be authorized, clothes
N user B of device generation be engaged in the read-only authority of user A picture, updates and distributes these user B token (token), then
A picture is sent to each user B cloud terminal, now user B cans check user A terminal picture, but can not be to it
Operated.
Herein it should be noted that above-described embodiment is given for example only, such scheme can also use the power of other scenes
Limit distribution, so as to realize that the multistage management and control of authority, such as parent use to the remote monitoring of children's terminal device, common equipment
Family distribution etc..
Fig. 3 is the flow chart that hardware authority is verified according to a kind of target device of the embodiment of the present application, with reference to Fig. 3,
The scheme of target device checking application permission is further described in detail, in this example, target device is cloud terminal,
Object is the user of operation cloud terminal.
Step S31, user operate cloud terminal.Specifically, user uses request by operating the generation of cloud terminal.
Step S32, cloud terminal C-TM inquire about Dtoken.Specifically, C-TM is the token management module of cloud terminal, Dtoken
For the first token, in above-mentioned steps, cloud terminal searches the first token.
Step S33, Dtoken whether there is.Enter step S34 in the presence of Dtoken, when cloud terminal is not present
During Dtoken, illustrate the step of user is also not logged in the cloud terminal, therefore entrance step S319, and user logs in cloud terminal.
Whether step S34, Dtoken be overtime.In the case of Dtoken time-out, into step S312, otherwise into step
S35。
Step S35, if pass through checking.In above-mentioned steps, checking is being verified using the corresponding authority of request
In the case of enter step S36, otherwise into step S311.Wherein, if including the use of request in the first token of cloud terminal
Corresponding authority, then be verified.
Step S36, cloud terminal C-TM generate Dtoken check codes.
Step S37, service end S-TM verify check code.In above-mentioned steps, service end S-TM is the token pipe of server
Module is managed, service end S-TM verifies to Dtoken check codes.
Whether step S38, verification pass through.Enter step S39 in the case where verification passes through, otherwise into step S311.
Step S39, server implementing result.In the case where verification passes through, server is performed using request.
Step S310, as a result return to cloud terminal.
Step S311, cloud terminal notifying lack of competence.
Step S312, cloud terminal packing user, equipment, operation metamessage.
Above-mentioned steps ask Dtoken to server again in the case of Dtoken time-out.Cloud terminal is overtime from user
Dtoken in extract user, equipment, operation metamessage packed, the Dtoken for being sent to server that please look for novelty.
Step S313, server are verified in PM UDPM/UDAI.Above-mentioned PM is the rights management mould of server
Block, UDPM/ are user/user's group equipment authority submodule, and UDAI is that the device authorization of user/user's group verifies interface.
Step S314, if pass through checking.Enter step S315 in the case of by checking, otherwise into step
S320。
Step S315, server implementing result.
Step S316, as a result return to cloud terminal.
Step S317, server S-TM generate Dtoken.
Step S318, distribution Dtoken give the online cloud terminal device of all users.Dtoken is distributed to by above-mentioned steps
All online equipments of the user, so that all online equipments of the user all there is this to use authority corresponding to request,
Without being verified one by one.
Step S319, user log in cloud terminal.
Step S320, cloud terminal notifying lack of competence.
In the above-described embodiments, user may possess multiple cloud terminal devices, and each equipment has different authorities, and more
Individual user may have the different access rights of some equipment.Therefore, user when operating cloud terminal, it is necessary to verify user's pin
To the operating right of current device.Whether first judge in current cloud terminal C-TM in Dtoken, if Dtoken is not found, or
Dtoken time-out is, it is necessary to which the encryption of user, equipment and operation information is transmitted to server, UDPM of the server in PM modules
Or verified under UDAI submodules, it is verified and performs equipment operation and returning result, while is generated newly by server S-TM
Dtoken, and Dtoken is returned into cloud terminal, while be distributed to all online equipments of the user.Wherein, wrapped in Dtoken
All operating rights of all devices containing user.
If finding Dtoken in cloud terminal C-TM, judge to have not timed out in cloud terminal C-TM, and be verified, then by
Cloud terminal C-TM asks equipment operation (Dtoken data are larger, therefore only send Dtoken check code), service to server
Device S-TM verifies Dtoken check codes, then performs equipment operation and returning result.For the operation that can be carried out in cloud terminal, if
It is standby directly to be operated in cloud terminal, perform action without waiting for server.
Fig. 4 is the flow chart that application permission is verified according to a kind of target device of the embodiment of the present application, with reference to Fig. 4,
The scheme of target device checking hardware authority is further described in detail, in this example, target device is cloud terminal,
Object is the user of operation cloud terminal.
Step S41, user operate cloud terminal.Specifically, user uses request by operating the generation of cloud terminal.
Step S42, cloud terminal C-TM inquire about Stoken.Specifically, C-TM is the token management module of cloud terminal, Stoken
For the second token, in above-mentioned steps, cloud terminal searches the second token.
Step S43, Stoken whether there is.Enter step S44 in the presence of Stoken, when cloud terminal is not present
During Stoken, illustrate the step of user is also not logged in the cloud terminal, therefore entrance step S419, and user logs in cloud terminal.
Whether step S44, Stoken be overtime.In the case of Stoken time-out, into step S412, otherwise into step
S45。
Step S45, if pass through checking.In above-mentioned steps, checking is being verified using the corresponding authority of request
In the case of enter step S46, otherwise into step S411.Wherein, if including the use of request in the first token of cloud terminal
Corresponding authority, then be verified.
Step S46, cloud terminal C-TM generate Stoken check codes.
Step S47, service end S-TM verify check code.In above-mentioned steps, service end S-TM is the token pipe of server
Module is managed, service end S-TM verifies to Stoken check codes.
Whether step S48, verification pass through.Enter step S49 in the case where verification passes through, otherwise into step S411.
Step S49, server implementing result.In the case where verification passes through, server is performed using request.
Step S410, as a result return to cloud terminal.
Step S411, cloud terminal notifying lack of competence.
Step S412, cloud terminal packing user, equipment, operation metamessage.
Above-mentioned steps ask Stoken to server again in the case of Stoken time-out.Cloud terminal is overtime from user
Stoken in extract user, equipment, operation metamessage packed, the Stoken for being sent to server that please look for novelty.
Step S413, server are verified in PM USPM/USAI.Above-mentioned PM is the rights management mould of server
Block, USPM/ are user/user's group software authority submodule, and USAI is that user/user's group soft ware authorization verifies interface.
Step S414, if pass through checking.Enter step S415 in the case of by checking, otherwise into step
S420。
Step S415, server perform operation generation picture.
Step S416, cloud terminal display.
Step S417, server S-TM generate Stoken.
Step S418, distribution Stoken give the online cloud terminal device of all users.Stoken is distributed to by above-mentioned steps
All online equipments of the user, so that all online equipments of the user all there is this to use authority corresponding to request,
Without being verified one by one.
Step S419, user log in cloud terminal.
Step S420, cloud terminal notifying lack of competence.
In such scheme, all cloud terminal device upper stratas are all to provide the user application software service.User exists
A certain operation is performed, such as opens navigation map, now needs to verify the software license limit whether user has navigation map.First exist
Cloud terminal C-TM searches Stoken, if Stoken is not found, or Stoken time-out, directly by user, software and associative operation
Information encryption packing, sends to service end, is then verified in USPM the or USAI submodules under service end PM modules, such as
Fruit is verified, and service end opens related software, and picture returns to cloud terminal.And Stoken is generated, Stoken is passed back into cloud
Terminal, while it is distributed to all online equipments of the user.Wherein, the current possessed all softwares power of user are included in Stoken
Limit data (i.e. application permission information).
If Stoken is found in cloud terminal C-TM, and the Stoken has not timed out, then directly in C-TM checking software operations
Authority Verification, Stoken check codes are generated by C-TM after being verified, sent to server, server S-TM checking Stoken schools
Code is tested, if the verification passes, then server software operation, generation picture are exported to cloud terminal.Otherwise, by not finding
Stoken processing.
Embodiment 2
According to embodiments of the present invention, there is provided the embodiment of the verification method of another authority, this method can be with implementations
The verification method of authority in example 1 is associated, and performs the action of server in the verification process of authority, and Fig. 5 is according to the application
A kind of flow chart of the verification method of authority of embodiment, with reference to Fig. 5, this method includes:
Step S501, when object logs in target device, the effective token of object is generated, wherein, token includes:Comprising
Second token of the first token of the hardware authority of object and the application permission comprising object.
Step S503, the effective token of object is back to object.
Specifically, above-mentioned object can be the user of currently used cloud terminal, the use request of object can be by user couple
The operation generation of cloud mobile device.After user logs in cloud terminal, cloud terminal can be operated, be asked so as to generate to use
Ask, be using the corresponding power of request to the authority operated using the asked hardware device of request or application program
Limit.Above-mentioned token can be generated in the case of user's login cloud terminal is successful by server.
Above-mentioned hardware authority is used to verify the hardware included by cloud terminal, and the external equipment with communication of mobile terminal,
Such as:The equipment such as camera in cloud terminal, the external connection keyboard to be communicated with cloud terminal.Above-mentioned application permission is asked for active user
The authority of the application program used, namely software authority.
Optionally, according to the above embodiments of the present application, after the effective token of object is back into object, above-mentioned side
Method also includes:
Step S505, when receiving the token solicited message of object, the token solicited message of object is verified, its
In, the token solicited message of target device extracting object from the overtime token of object,.
In above-mentioned steps, object sends the token solicited message extracted in overtime token to server, server root
Determine which object the request comes from according to token solicited message, you can the new token of the object is generated, without object weight
New login.
Step S507, in the case where being proved to be successful, generate the effective token of object.
As in a kind of optional embodiment, the mark of one or more target devices can also be included in token solicited message
Know, server determines the token which being returned to after token is generated according to the mark of target device in token generation request
A little equipment.And when not including target device mark in token solicited message, server can send out the effective token of object
Deliver in all online equipments of object, it is achieved thereby that the token that multiple devices are completed by an equipment is asked, and then
User can apply multiple devices simultaneously, and without generating token one by one, the several scenes such as authority distribution so can be achieved.
Optionally, according to the above embodiments of the present application, after the effective token of object is back into object, above-mentioned side
Method also includes:
Step S509, when receiving check code corresponding to effective token, check code is verified, wherein, target is set
It is standby that authority information in token is compressed to obtain the check code of token.
Step S5011, in the case where being proved to be successful to check code, determine that object has using authority corresponding to request.
Specifically, in above-mentioned steps, after the Authority Verification success for the use request that object is sent, it is also necessary to it is determined that
Whether the terminal is in same communication system with server, i.e., whether terminal has permission and communicated with server, only exists
Terminal has permission communicated with server in the case of, using request corresponding authority be just proved to be successful, server can be held
The use request of row object.Therefore above-mentioned steps generate check code verified server, to determine that target device is had the right
Limit interacts with server.
Optionally, also included according to the above embodiments of the present application, the above method:
Step S5013, it is authority information corresponding to object distribution when receiving the log-on message of object, wherein, authority letter
Breath includes:Hardware authority and application permission.
Embodiment 3
According to embodiments of the present invention, there is provided a kind of checking system of authority, Fig. 6 are one kind according to the embodiment of the present application
The schematic diagram of the checking system of authority, the checking system of the authority can be used for implementing embodiment 1 or the authority in embodiment 2
Verification method, target device can be the target devices in embodiment 1 or embodiment 2, and server can be embodiment 1 or implement
Server in example 2, with reference to shown in Fig. 6, the system includes:
Server 60, for when object log in target device when, the effective token of the object of generation, wherein, token packet
Include:Second token of the first token of the hardware authority comprising object and the application permission comprising object.
Target device 62, and server communication, for when the use for receiving object is asked, detecting in target device to be
It is no including effective token, in the case where target device includes effective token, according to effective token authentication using asking
Corresponding authority.
Optionally, according to the above embodiments of the present application, target device is additionally operable to the log-on message to server sending object;
The authority information that server is additionally operable to generate object is stated, wherein, authority information includes:Hardware authority information and/or application permission
Information.
Optionally, according to the above embodiments of the present application, target device is additionally operable in the authority letter included by effective token
Included in breath in the case of using authority corresponding to request, check code corresponding to token is sent to server, wherein, in token
Authority information be compressed to obtain the check code of token;Server is additionally operable to verify check code, and is being proved to be successful
In the case of, it is determined that using Authority Verification success corresponding to request.
Fig. 7 be according to a kind of structural representation of the checking system of authority of the embodiment of the present application, with reference to shown in Fig. 7,
In the system, cloud terminal system is made up of following several parts:Terminal device Device, server S erver, application software (should
With) App, user User.The function that user can use and the authority with application are required for the checking system of authority to carry out
Checking.Whole system has following several modules, user management module (UM), device management module (DM), application software management
Module (SM), authority management module (PM), entitlement management module (AM), token management module (TM).One one it is carried out below
Description.
User management module (UM):Major maintenance individual subscriber essential information, user login information (User Token, when
It is long), user's group management.User's group is the set for the user for possessing certain class common trait, than if desired for by some application software
Access right gives the user of same company, all users of this company can be now set to a user's group, by application permission
Give the group.
Device management module (DM):Equipment in system includes terminal device Device, server S erver and other set
It is standby.These equipment essential informations need to carry out registration maintenance in system.In addition, each equipment is special according to possessed by itself
Sign can take out different equipment authorities.Basic system administration authority has:Equipment addition, delete, function modification.Application permission
Then need specifically to be abstracted, e.g., for the handheld device of PAD classes, authority is operated with except basic display screen, also have each
The built-in device such as class sensor or bluetooth so that equipment has a variety of different use functions, and these functions can all generate accordingly
Authority.The equipment authority of design is the module of a dynamic management in of the invention, can be by system manager according to distinct device
Difference in functionality authority is added or deleted to feature dynamically, very flexibly.
Application software management module (SM):Application software essential information firstly the need of being safeguarded and registered in system,
Application software authority is similar with equipment authority, and every kind of different application software can take out different authorities according to different characteristic,
But, because software is more versatile and flexible, the authority of application software can be more complicated, and species is more various.
Authority management module (PM):Mainly manage each user/user's group has which authority of which equipment, there is which
Which authority of a little application software.Form user/user's group equipment authority submodule (UDPM) and user/user's group application software
Authority submodule (USPM).Two authority checking interfaces, device authorization checking interface (UDAI) and software are also included in PM modules
Authority checking interface (USAI), two submodules of entitlement management module (AM) are corresponded to respectively.
Entitlement management module (AM):Including device authorization management (DAM) and application software empowerment management (SAM), authority institute
The person of having can face the other users of distributing to of its own right limited period, other users with regard to interim these authorities that possess
When use.
Token management module (TM):Token (Token) generates when accessing first time, and all tokens are settable effective
Phase, the request after time-out are regarded as new access, it is necessary to verify raw information again, then generate token.Subsequent access system
System is verified without raw information, only connects the checking token true and false, can effectively be reduced excessive background information and be accessed, improve verification efficiency.
It is related to the distributed fast verification method of this two-stage token of software application token and device token in the scheme of the application:TM points
Cloth is in service end and cloud terminal, TM (C-TM) storage, checking and the destructions for carrying out Token in cloud terminal, in service end
The logical generations for carrying out Token of TM (S-TM), storage, checking, distribution and destroy.
The method verified using the checking system of above-mentioned authority to the authority of cloud terminal can be such as embodiment 1 and implementation
Shown in example 2, here is omitted.
Embodiment 4
According to the embodiment of the present invention, there is provided a kind of checking device of authority, Fig. 8 are weighed according to one kind of the embodiment of the present application
The schematic diagram of the checking device of limit, with reference to shown in Fig. 8, the device includes:
Detection module 80, for whether when the use for receiving object is asked, detecting in target device to include object
Effective token, wherein, when object logs in target device, the effective token of the reception server generation, token includes:Comprising
Second token of the first token of the hardware authority of object and the application permission comprising object.
Authentication module 82, in the case of including effective token in target device, made according to effective token authentication
The authority corresponding to request.
Embodiment 5
According to the embodiment of the present invention, there is provided the checking device of another authority, Fig. 9 are one kind according to the embodiment of the present application
The schematic diagram of the checking device of authority, with reference to shown in Fig. 9, the device includes:
Generation module 90, for when object log in target device when, effective token of the object of generation, wherein, token packet
Include:Second token of the first token of the hardware authority comprising object and the application permission comprising object.
Module 92 is returned to, for the effective token of object to be back into object.
Embodiment 6
According to the embodiment of the present invention, there is provided a kind of storage medium, storage medium include the program of storage, wherein, in program
Equipment performs the verification method of any one authority in embodiment 1 or embodiment 2 where controlling storage medium during operation.
Embodiment 7
According to the embodiment of the present invention, there is provided a kind of processor, processor are used for operation program, wherein, program is held when running
The verification method of any one authority in row embodiment 1 or embodiment 2.
The embodiments of the present invention are for illustration only, do not represent the quality of embodiment.
In the above embodiment of the present invention, the description to each embodiment all emphasizes particularly on different fields, and does not have in some embodiment
The part of detailed description, it may refer to the associated description of other embodiment.
In several embodiments provided herein, it should be understood that disclosed technology contents, others can be passed through
Mode is realized.Wherein, device embodiment described above is only schematical, such as the division of the unit, Ke Yiwei
A kind of division of logic function, can there is an other dividing mode when actually realizing, for example, multiple units or component can combine or
Person is desirably integrated into another system, or some features can be ignored, or does not perform.Another, shown or discussed is mutual
Between coupling or direct-coupling or communication connection can be INDIRECT COUPLING or communication link by some interfaces, unit or module
Connect, can be electrical or other forms.
The unit illustrated as separating component can be or may not be physically separate, show as unit
The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
On unit.Some or all of unit therein can be selected to realize the purpose of this embodiment scheme according to the actual needs.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can also
That unit is individually physically present, can also two or more units it is integrated in a unit.Above-mentioned integrated list
Member can both be realized in the form of hardware, can also be realized in the form of SFU software functional unit.
If the integrated unit is realized in the form of SFU software functional unit and is used as independent production marketing or use
When, it can be stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially
The part to be contributed in other words to prior art or all or part of the technical scheme can be in the form of software products
Embody, the computer software product is stored in a storage medium, including some instructions are causing a computer
Equipment (can be personal computer, server or network equipment etc.) perform each embodiment methods described of the present invention whole or
Part steps.And foregoing storage medium includes:USB flash disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited
Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic disc or CD etc. are various can be with store program codes
Medium.
Described above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should
It is considered as protection scope of the present invention.
Claims (19)
- A kind of 1. verification method of authority, it is characterised in that including:Whether when the use for receiving object is asked, detecting in target device includes effective token, wherein, when the object When logging in the target device, the effective token of the reception server generation, the token includes:Include the object Second token of the first token of hardware authority and the application permission comprising the object;In the case where the target device includes effective token, request pair is used according to the effective token authentication The authority answered.
- 2. according to the method for claim 1, it is characterised in that before receiving using request, methods described also includes: The object is registered by the server, wherein, the object is registered by the server, including:The log-on message of the object is sent to the server;The authority information for the object that the server returns is received, wherein, the authority information includes:Hardware authority and should Use authority.
- 3. according to the method for claim 1, it is characterised in that whether include effective token in detection target device, wrap Include:Whether the token of the object is included in detection target device;In the case where the target device includes the token of the object, judge whether the token of the object is effective;In the case of the token for not including the object in the target device, by logging in the target device to the clothes Business device request generates the token of the object.
- 4. according to the method for claim 3, it is characterised in that judge whether the token of the object is effective, including:Judge whether the token is overtime;If the token time-out, the token of the object is generated to server request;If the token has not timed out, it is determined that the token is effective.
- 5. according to the method for claim 4, it is characterised in that the token of the object is generated to server request, Including:The token solicited message of the object is extracted from the overtime token of the object, and the token of the object is asked into letter Breath is sent to the server;In the case where the server is proved to be successful to the token solicited message, the described right of the server generation is received The token of elephant.
- 6. method as claimed in any of claims 1 to 5, it is characterised in that according to the effective token authentication Authority corresponding to the use request, including:If use authority corresponding to request comprising described in the authority information included by the effective token, it is determined that described Use Authority Verification success corresponding to request;If do not include in the authority information included by the effective token described using authority corresponding to request, it is determined that institute State and failed using Authority Verification corresponding to request.
- 7. according to the method for claim 6, it is characterised in that Authority Verification success corresponding to the use request is determined, Including:In the case of authority corresponding to the use request is included in the authority information included by the effective token, to institute State server and send check code corresponding to the token, wherein, the authority information in the token is compressed to obtain described The check code of token;In the case of the server is successful to the verification code check, it is described corresponding using request to determine that the object has Authority.
- 8. according to the method for claim 1, it is characterised in that using request according to the effective token authentication After corresponding authority, methods described also includes:If it is determined that it is described using Authority Verification success corresponding to request, then select authorization object;By described the authorization object is given using permission grant corresponding to request.
- A kind of 9. verification method of authority, it is characterised in that including:When object logs in target device, the effective token of the object is generated, wherein, the token includes:Comprising described Second token of the first token of the hardware authority of object and the application permission comprising the object;The effective token of the object is back to the object.
- 10. according to the method for claim 9, it is characterised in that described the effective token of the object is back to After object, methods described also includes:When receiving the token solicited message of the object, the token solicited message of the object is verified, wherein, institute State the token solicited message that target device extracts the object from the overtime token of the object;In the case where being proved to be successful, the effective token of the object is generated.
- 11. according to the method for claim 9, it is characterised in that described the effective token of the object is back to After object, methods described also includes:When receiving check code corresponding to the effective token, the check code is verified, wherein, the target device Authority information in the token is compressed to obtain the check code of the token;In the case where being proved to be successful to the check code, determine that the object has using authority corresponding to request.
- 12. according to the method for claim 9, it is characterised in that methods described also includes:It is authority information corresponding to object distribution when receiving the log-on message of the object, wherein, the authority information Including:Hardware authority and application permission.
- A kind of 13. checking device of authority, it is characterised in that including:Detection module, for when the use for receiving object is asked, whether including effective token in detection target device, its In, when the object logs in the target device, the effective token of the reception server generation, the token includes: Second token of the first token of the hardware authority comprising the object and the application permission comprising the object;Authentication module, in the case of including effective token in the target device, according to the effective token authentication It is described to use authority corresponding to request.
- A kind of 14. checking device of authority, it is characterised in that including:Generation module, for when object log in target device when, effective token of the object of generation, wherein, the token Including:Second token of the first token of the hardware authority comprising the object and the application permission comprising the object;Module is returned to, for the effective token of the object to be back into the object.
- A kind of 15. checking system of authority, it is characterised in that including:Server, for when object log in target device when, the effective token of the object of generation, wherein, the token Including:Second token of the first token of the hardware authority comprising the object and the application permission comprising the object;Target device, and the server communication, for when the use for receiving the object is asked, detecting the target and setting Whether include effective token in standby, in the case where the target device includes effective token, according to the effective order Board checking is described to use authority corresponding to request.
- 16. system according to claim 15, it is characterised in thatThe target device is additionally operable to send the log-on message of the object to the server;The server is additionally operable to generate the authority information of the object, wherein, the authority information includes:Hardware authority information And/or application permission information.
- 17. system according to claim 15, it is characterised in thatThe target device is additionally operable in the authority information included by the effective token comprising described corresponding using request Authority in the case of, send check code corresponding to the token to the server, wherein, the authority in the token is believed Breath is compressed to obtain the check code of the token;The server is additionally operable to verify the check code, and in the case where being proved to be successful, determines that described use please Authority Verification success corresponding to asking.
- A kind of 18. storage medium, it is characterised in that the storage medium includes the program of storage, wherein, run in described program When control the storage medium where authority in equipment perform claim requirement 1 to 8 or 9 to 12 described in any one authentication Method.
- A kind of 19. processor, it is characterised in that the processor is used for operation program, wherein, right of execution when described program is run Profit requires the verification method of the authority described in any one in 1 to 8 or 9 to 12.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710732342.6A CN107517103B (en) | 2017-08-23 | 2017-08-23 | Authority verification method, device and system |
| CN202110548487.7A CN113328861B (en) | 2017-08-23 | 2017-08-23 | Authority verification method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710732342.6A CN107517103B (en) | 2017-08-23 | 2017-08-23 | Authority verification method, device and system |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110548487.7A Division CN113328861B (en) | 2017-08-23 | 2017-08-23 | Authority verification method, device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107517103A true CN107517103A (en) | 2017-12-26 |
| CN107517103B CN107517103B (en) | 2021-06-01 |
Family
ID=60723553
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710732342.6A Active CN107517103B (en) | 2017-08-23 | 2017-08-23 | Authority verification method, device and system |
| CN202110548487.7A Active CN113328861B (en) | 2017-08-23 | 2017-08-23 | Authority verification method, device and system |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110548487.7A Active CN113328861B (en) | 2017-08-23 | 2017-08-23 | Authority verification method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN107517103B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109413053A (en) * | 2018-10-09 | 2019-03-01 | 四川长虹电器股份有限公司 | A kind of method of User Status verifying in service grid environment |
| CN109873803A (en) * | 2018-05-04 | 2019-06-11 | 360企业安全技术(珠海)有限公司 | The authority control method and device of application program, storage medium, computer equipment |
| CN111159693A (en) * | 2019-12-28 | 2020-05-15 | 西安精雕软件科技有限公司 | Electronic equipment permission verification method, device and system and readable medium |
| CN111581612A (en) * | 2020-04-26 | 2020-08-25 | 支付宝(杭州)信息技术有限公司 | Login state data processing method, device, equipment and system of applet application |
| CN113300852A (en) * | 2021-05-19 | 2021-08-24 | 建信金融科技有限责任公司 | Service management method and platform, computer device and computer readable storage medium |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116720172B (en) * | 2023-08-07 | 2024-01-30 | 四川神州行网约车服务有限公司 | Verification method and device for system permission, computer equipment and readable storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110283347A1 (en) * | 2009-11-11 | 2011-11-17 | Mahesh Babubhai Bhuta | Using a trusted token and push for validating the request for single sign on |
| CN102428456A (en) * | 2009-03-16 | 2012-04-25 | 苹果公司 | Accessory identification for mobile computing devices |
| CN102984252A (en) * | 2012-11-26 | 2013-03-20 | 中国科学院信息工程研究所 | Cloud resource access control method based on dynamic cross-domain security token |
| CN103930897A (en) * | 2011-09-29 | 2014-07-16 | 甲骨文国际公司 | Mobile application, single sign-on management |
| CN105359491A (en) * | 2013-06-14 | 2016-02-24 | 微软技术许可有限责任公司 | User authentication in a cloud environment |
| CN106209749A (en) * | 2015-05-08 | 2016-12-07 | 阿里巴巴集团控股有限公司 | Single-point logging method and the processing method and processing device of device, relevant device and application |
| CN106936772A (en) * | 2015-12-29 | 2017-07-07 | 中国移动通信集团湖南有限公司 | A kind of access method, the apparatus and system of cloud platform resource |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104580496B (en) * | 2015-01-22 | 2018-04-13 | 深圳先进技术研究院 | A kind of virtual machine based on locum accesses system and server |
| US20180324172A1 (en) * | 2015-02-01 | 2018-11-08 | Mahesh Unnikrishnan | Single sign-on for remote applications |
| CN105162775A (en) * | 2015-08-05 | 2015-12-16 | 深圳市方迪科技股份有限公司 | Logging method and device of virtual machine |
-
2017
- 2017-08-23 CN CN201710732342.6A patent/CN107517103B/en active Active
- 2017-08-23 CN CN202110548487.7A patent/CN113328861B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102428456A (en) * | 2009-03-16 | 2012-04-25 | 苹果公司 | Accessory identification for mobile computing devices |
| US20110283347A1 (en) * | 2009-11-11 | 2011-11-17 | Mahesh Babubhai Bhuta | Using a trusted token and push for validating the request for single sign on |
| CN103930897A (en) * | 2011-09-29 | 2014-07-16 | 甲骨文国际公司 | Mobile application, single sign-on management |
| CN102984252A (en) * | 2012-11-26 | 2013-03-20 | 中国科学院信息工程研究所 | Cloud resource access control method based on dynamic cross-domain security token |
| CN105359491A (en) * | 2013-06-14 | 2016-02-24 | 微软技术许可有限责任公司 | User authentication in a cloud environment |
| CN106209749A (en) * | 2015-05-08 | 2016-12-07 | 阿里巴巴集团控股有限公司 | Single-point logging method and the processing method and processing device of device, relevant device and application |
| CN106936772A (en) * | 2015-12-29 | 2017-07-07 | 中国移动通信集团湖南有限公司 | A kind of access method, the apparatus and system of cloud platform resource |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109873803A (en) * | 2018-05-04 | 2019-06-11 | 360企业安全技术(珠海)有限公司 | The authority control method and device of application program, storage medium, computer equipment |
| CN109873803B (en) * | 2018-05-04 | 2021-07-20 | 360企业安全技术(珠海)有限公司 | Permission control method and device of application program, storage medium and computer equipment |
| CN109714350B (en) * | 2018-05-04 | 2021-11-23 | 360企业安全技术(珠海)有限公司 | Permission control method and device of application program, storage medium and computer equipment |
| CN109413053A (en) * | 2018-10-09 | 2019-03-01 | 四川长虹电器股份有限公司 | A kind of method of User Status verifying in service grid environment |
| CN109413053B (en) * | 2018-10-09 | 2021-10-29 | 四川长虹电器股份有限公司 | Method for user state verification in service grid |
| CN111159693A (en) * | 2019-12-28 | 2020-05-15 | 西安精雕软件科技有限公司 | Electronic equipment permission verification method, device and system and readable medium |
| CN111581612A (en) * | 2020-04-26 | 2020-08-25 | 支付宝(杭州)信息技术有限公司 | Login state data processing method, device, equipment and system of applet application |
| CN113300852A (en) * | 2021-05-19 | 2021-08-24 | 建信金融科技有限责任公司 | Service management method and platform, computer device and computer readable storage medium |
| CN113300852B (en) * | 2021-05-19 | 2023-04-18 | 中国建设银行股份有限公司 | Service management method and platform, computer device and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107517103B (en) | 2021-06-01 |
| CN113328861B (en) | 2022-11-01 |
| CN113328861A (en) | 2021-08-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107517103A (en) | The verification method of authority, device and system | |
| CN107612695A (en) | Knowledge management method, terminal and server based on block chain | |
| CN109076072A (en) | Web service picture password | |
| CN110730153A (en) | Account configuration method, device and system of cloud equipment and data processing method | |
| CN103312796A (en) | Logon interface selection for calculating environment user login | |
| CN105471924B (en) | Electronics bluetooth wireless identity identifying system | |
| CN105378768A (en) | Proximity and context aware mobile workspaces in enterprise systems | |
| CN101551840A (en) | Camera module and authentication system | |
| CN108154365A (en) | A kind of safety equipment for generating dynamic two-dimension code, method and system | |
| CN107086984A (en) | A kind of method, terminal and server for obtaining and generating identifying code | |
| CN113128636A (en) | Offline storage and taking method and device for intelligent cabinet | |
| CN105337974A (en) | Account authorization method, account login method, account authorization device and client end | |
| CN102496112B (en) | Three-screen payment system based on intelligent SD card and realization method thereof | |
| CN103401771A (en) | Network isolation method and network isolation system | |
| CN106959754A (en) | Control the method and mobile terminal of mobile terminal | |
| WO2018059127A1 (en) | Security verification method and apparatus | |
| CN109754329A (en) | Processing method, terminal, server and the storage medium of e-sourcing | |
| CN108777615A (en) | Dynamic password authentication method and device | |
| CN108920919A (en) | Control method, the device and system of interactive intelligence equipment | |
| CN109684802A (en) | A kind of method and system providing a user artificial intelligence platform | |
| CN108616543A (en) | A kind of short haul connection based on Quick Response Code, transmission method, apparatus | |
| CN110601850B (en) | Scenic spot information recording method, related equipment and storage medium | |
| CN105141624A (en) | Login method, account management server and client system | |
| KR102162102B1 (en) | Video call mediating apparatus, method and computer readable recording medium thereof | |
| CN104243597A (en) | Business card dispensing and collecting system and business card dispensing and collecting method based on WLAN (wireless local area network) environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220411 Address after: 710010 No. d187, 26th floor, building 5, digital China Science Park, No. 20, zhangbasi Road, high tech Zone, Xi'an, Shaanxi Province Patentee after: Xi'an temi Electronic Technology Co.,Ltd. Address before: Room d102, building 4, Fengye Xindu District, hi tech Zone, Xi'an City, Shaanxi Province Patentee before: XI'AN VANXVM ELECTRONICS TECHNOLOGY Co.,Ltd. |