CN112597471A - Device authorization control method and device, storage medium and electronic device - Google Patents
Device authorization control method and device, storage medium and electronic device Download PDFInfo
- Publication number
- CN112597471A CN112597471A CN202011507921.9A CN202011507921A CN112597471A CN 112597471 A CN112597471 A CN 112597471A CN 202011507921 A CN202011507921 A CN 202011507921A CN 112597471 A CN112597471 A CN 112597471A
- Authority
- CN
- China
- Prior art keywords
- account
- information
- application
- authorization
- identifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 110
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000013507 mapping Methods 0.000 claims abstract description 20
- 230000015654 memory Effects 0.000 claims description 21
- 238000004590 computer program Methods 0.000 claims description 12
- 238000012545 processing Methods 0.000 description 15
- 238000010586 diagram Methods 0.000 description 7
- 238000004891 communication Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 5
- 230000003993 interaction Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000005034 decoration Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a device authorization control method and device, a storage medium and an electronic device. Wherein, the method comprises the following steps: receiving a first authorization certificate of a second application in a client of a first application logged in with an intermediate account; the account information of the intermediate account stores a first account identifier of a first application and operation authority information corresponding to the first account identifier; the account number identification of the intermediate account number has a mapping relation with the first account number identification; acquiring second account information of a second application based on the first authorization certificate; and storing the second account information into the account information of the intermediate account to obtain the updated intermediate account. And controlling the first electronic equipment identified by the second account in the first application based on the updated intermediate account. The invention solves the technical problem of poor safety caused by direct correlation between the user account information of the own platform and the user account information of the third-party platform in the related technology.
Description
Technical Field
The invention relates to the field of computers, in particular to a device authorization control method and device, a storage medium and an electronic device.
Background
At present, as each internet of things company provides its own client and dedicated service, and uses different account systems, users tend to control other brands of intelligent home appliances by using one client. In order to enable a user to obtain better experience, each manufacturer acquires authorization certificates, account numbers, equipment information and equipment control capacity of other platforms of the user in a third party authorization mode in a following manner.
The platform establishes the association relationship between the platform and the third-party platform account number, but only by establishing the association relationship, the third-party user identifier and the third-party user authorization certificate can be accurately searched according to the own-party user identifier, and the equipment control capability of the third-party platform is further obtained. However, the user account information of the own platform and the user account information of the third-party platform have a direct association relationship, and once the database is attacked, the user privacy data can be leaked.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the invention provides a device authorization control method and device, a storage medium and an electronic device, and at least solves the technical problem of poor safety caused by direct association of user account information of a self-party platform and user account information of a third-party platform.
According to an aspect of an embodiment of the present invention, there is provided a device authorization control method, including: receiving a first authorization certificate of a second application in a client of a first application logged in with an intermediate account; the account information of the intermediate account stores a first account identifier of the first application and operation authority information corresponding to the first account identifier; the account number identification of the intermediate account number and the first account number identification have a mapping relation; acquiring second account information of the second application based on the first authorization certificate; the second account information stores a second account identifier of the second application and operation authority information corresponding to the second account identifier; storing the second account information into the account information of the intermediate account to obtain an updated intermediate account; and controlling the first electronic equipment using the second account identification in the first application based on the updated intermediate account.
According to another aspect of the embodiments of the present invention, there is also provided an apparatus for controlling authorization of a device, including: the receiving unit is used for receiving a first authorization certificate of a second application in a client of a first application logged in with an intermediate account; the account information of the intermediate account stores a first account identifier of the first application and operation authority information corresponding to the first account identifier; the account number identification of the intermediate account number and the first account number identification have a mapping relation; an obtaining unit, configured to obtain second account information of the second application based on the first authorization credential; the second account information stores a second account identifier of the second application and operation authority information corresponding to the second account identifier; a storage unit, configured to store the second account information into the account information of the intermediate account, so as to obtain an updated intermediate account; and a control unit, configured to control, in the first application, a first electronic device using the second account identifier based on the updated intermediate account.
According to still another aspect of the embodiments of the present invention, there is also provided a computer-readable storage medium, in which a computer program is stored, wherein the computer program is configured to execute the above-mentioned device authorization control method when running.
According to another aspect of the embodiments of the present invention, there is also provided an electronic device, including a memory and a processor, where the memory stores a computer program, and the processor is configured to execute the device authorization control method through the computer program.
In the embodiment of the invention, a first authorization certificate of a second application is received in a client of a first application logged in with an intermediate account; the account information of the intermediate account stores a first account identifier of the first application and operation authority information corresponding to the first account identifier; the account number identification of the intermediate account number and the first account number identification have a mapping relation; acquiring second account information of the second application based on the first authorization certificate; the second account information stores a second account identifier of the second application and operation authority information corresponding to the second account identifier; storing the second account information into the account information of the intermediate account to obtain an updated intermediate account; based on the updated intermediate account, the mode of using the first electronic equipment identified by the second account in the first application is controlled, the intermediate account is used for replacing the first account of the own party to control the third party equipment, and the intermediate account is associated with the second account of the third party, so that the aim of effectively isolating the account information of the own party and the account information of the third party is fulfilled, the technical effect of improving the safety of the user account information of the own party platform and the user account information of the third party platform is achieved, and the technical problem of poor safety caused by direct association of the user account information of the own party platform and the user account information of the third party platform is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
fig. 1 is a schematic diagram of an application environment of an alternative device authorization control method according to an embodiment of the invention;
FIG. 2 is a schematic diagram of an application environment of an alternative device authorization control method according to an embodiment of the invention;
fig. 3 is a flow chart illustrating an alternative method for device authorization control according to an embodiment of the present invention;
FIG. 4 is a flow chart diagram of an alternative method of device authorization control according to an embodiment of the invention;
fig. 5 is a schematic diagram of account association of an optional device authorization control method according to an embodiment of the present invention;
FIG. 6 is a schematic structural diagram of an alternative apparatus authorization control device according to an embodiment of the invention;
fig. 7 is a schematic structural diagram of an alternative electronic device according to an embodiment of the invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
According to an aspect of the embodiments of the present invention, a device authorization control method is provided, and optionally, as an optional implementation manner, the device authorization control method may be applied, but not limited, to a hardware environment as shown in fig. 1. The hardware environment comprises: a terminal device 104 for man-machine interaction with a user, a network 112 and a server 114. The user 102 and the terminal device 104 can perform human-computer interaction, and a device authorization control application client runs in the terminal device 104. The terminal device 104 includes a display 110, a processor 108 and a memory 106. The display 110 is used for presenting control information of a third party device to be currently controlled, such as the first electronic device 120 and/or the second electronic device 122; the processor 108 is configured to obtain second account information of a second application. The memory 106 is used for storing first account information, second account information and intermediate accounts.
In addition, the server 114 includes a database 116 and a processing engine 118, and the database 116 is used for storing and acquiring second account information of the second application. The processing engine 118 is configured to control, in the first application, the first electronic device identified using the second account based on the updated intermediate account.
As another alternative, the device authorization control method described above in this application may be applied to fig. 2. As shown in fig. 2, a user 202 and a terminal device 204 can interact with each other. The user equipment 204 includes a memory 206 and a processor 208. The terminal device 204 in this embodiment may refer to, but is not limited to, performing the above-mentioned operation performed by the terminal device 102 to obtain the estimated cost result of the designed furniture design information.
Alternatively, the terminal device 102 and the terminal device 204 may be, but not limited to, a mobile phone, a tablet computer, a notebook computer, a PC, and the like, and the network 104 may include, but is not limited to, a wireless network or a wired network. Wherein, this wireless network includes: WIFI and other networks that enable wireless communication. Such wired networks may include, but are not limited to: wide area networks, metropolitan area networks, and local area networks. The server 114 may include, but is not limited to, any hardware device capable of performing computations.
Optionally, as an optional implementation manner, as shown in fig. 3, the device authorization control method includes:
s302, receiving a first authorization certificate of a second application in a client of a first application logged in with an intermediate account; the account information of the intermediate account stores a first account identifier of a first application and operation authority information corresponding to the first account identifier; the account number identification of the intermediate account number has a mapping relation with the first account number identification;
s304, acquiring second account information of a second application based on the first authorization certificate; the second account information stores a second account identifier of a second application and operation authority information corresponding to the second account identifier;
s306, storing the second account information into the account information of the intermediate account to obtain an updated intermediate account;
and S308, controlling the first electronic equipment identified by the second account in the first application based on the updated intermediate account.
In the embodiment of the invention, the first authorization credential received from the second application may be from an instruction triggered by the user operating a control key of the third-party electronic device in the terminal device human-computer interaction interface. The first authorization credential for the second application may also be received over a wired or wireless network. Wherein, this wireless network includes: WIFI and other networks that enable wireless communication. Such wired networks may include, but are not limited to: wide area networks, metropolitan area networks, and local area networks.
In step S302, in the actual application, the client of the first application may be, but is not limited to, a platform client of one of the electronic devices used by the current user, which is not limited herein. The intermediate account is a replacement account which replaces the login account in the current client. Here, the identifier of the first account may be an account name and/or a password of the first account, or an encrypted account name and/or password, or a name and a power device identifier of a corresponding manufacturer, and the operation authority information corresponding to the first account identifier may be a control operation performed on electronic equipment of the manufacturer corresponding to the first account, for example, for an air conditioner, the control operation may be power on, power off, temperature adjustment, timing, and the like. In this embodiment, when the electronic device of the third party vendor needs to be controlled, the authorization credential applied by the third party vendor needs to be received. Therefore, when the electronic device corresponding to the second application needs to be controlled at the client of the first application, the first authorization credential of the second application needs to be received at the client of the first application logged in with the intermediate account; the corresponding authorization can be obtained.
In step S304, in actual application, account information corresponding to the second application is obtained through an authorization credential of the second application, and the second account information may include electronic devices corresponding to a plurality of second applications under a plurality of second accounts. The second account information stores a second account identifier of the second application and operation permission information corresponding to the second account identifier. That is to say, the second account stores a second account identifier, which is not limited to a manufacturer identifier, an account name or a password, and the operation permission information is a control permission of the electronic device corresponding to the current second account.
In step S306, in practical application, the second account information is stored in the account information of the intermediate account to obtain an updated intermediate account, that is, the account id of the second account information and the control authority information of the corresponding electronic device may be both put into the intermediate account, and the intermediate account is equivalent to have the same control authority as the second account, so as to further control the electronic device corresponding to the second account. In this embodiment, the intermediate account may store account ids of a plurality of third party accounts and electronic devices of manufacturers corresponding to the third party accounts, which is not limited herein.
In step S308, during actual application, the updated intermediate account may replace the first account in the current first application to control the first electronic device corresponding to the second account identifier. That is to say, account information of the first account and the second account can be used as a bridge through the intermediate account, so that the second account and the second account information can be prevented from being exposed too much, the intermediate account is stored separately, and the security of user privacy data is improved.
In the embodiment of the invention, a first authorization certificate of a second application is received in a client of a first application logged in with an intermediate account; the account information of the intermediate account stores a first account identifier of the first application and operation authority information corresponding to the first account identifier; the account number identification of the intermediate account number and the first account number identification have a mapping relation; acquiring second account information of the second application based on the first authorization certificate; the second account information stores a second account identifier of the second application and operation authority information corresponding to the second account identifier; storing the second account information into the account information of the intermediate account to obtain an updated intermediate account; based on the updated intermediate account, the mode of using the first electronic equipment identified by the second account in the first application is controlled, the intermediate account is used for replacing the first account of the own party to control the third party equipment, and the intermediate account is associated with the second account of the third party, so that the aim of effectively isolating the account information of the own party and the account information of the third party is fulfilled, the technical effect of improving the safety of the user account information of the own party platform and the user account information of the third party platform is achieved, and the technical problem of poor safety caused by direct association of the user account information of the own party platform and the user account information of the third party platform is solved.
In one embodiment, step S304 includes: associating an authorization interface of the second application based on the first authorization credential; and acquiring second account information of the second application by using the authorization interface. That is to say, the authorization credential may interface with an authorization interface of the second application to acquire the information of the second account, and by using the above technical means, the security of the application client and the information of the account may be enhanced.
In one embodiment, step S302 is preceded by: receiving a second authorization certificate of a third application in a client of a first application logged in with a first account; acquiring third account information of a third application based on the second authorization certificate; the third account information stores a third account identifier of a third application and operation authority information corresponding to the third account identifier; creating an intermediate account number associated with both the account number information of the first account number and the third account number information; and controlling the second electronic equipment identified by the third account in the first application based on the intermediate account. In this embodiment, when a first account is logged in a client of a current first application, and when an authorization credential of a third-party application is received for the first time, an account of the third-party application and a right corresponding to the account are acquired, and an intermediate account is established; the first account and the third party account are related through the intermediate account, that is, the intermediate account has account permissions of the first account and the third account at the same time. And replacing the current first account with the intermediate account in the first application to control the electronic equipment of the third party manufacturer.
In one embodiment, creating an intermediate account associated with both the account information of the first account and the third account information comprises: establishing an incidence relation between the third account information and the account information of the first account; and generating an intermediate account according to the association relationship. Here, the third account id is associated with the first account id through an intermediate account, that is, the first account id can control the electronic device of the manufacturer identified by the third account id, and the third account id is implemented through the intermediate account.
In an embodiment, storing the second account information into the account information of the intermediate account to obtain an updated intermediate account includes: and establishing a mapping relation between the first account and the second account according to the account information of the intermediate account so as to obtain an updated intermediate account. Here, the intermediate account may store, but is not limited to, an association relationship between the first account and the second account, and also store a relationship between the first account and the third account; that is, the intermediate account may store a relationship between the first account and a plurality of third party accounts, and may control electronic devices of a plurality of third party vendors in the client of the first application through the intermediate account.
In an embodiment, according to the updated account information of the intermediate account, a mapping relationship between the intermediate account and the second account is established, and a mapping relationship between the intermediate account and the third account is established, so as to obtain the associated intermediate account. Here, the relationship between the intermediate account and the plurality of third party accounts may be stored by associating the intermediate account. As shown in fig. 5, the information of the a-type account is equivalent to a first account of a first application in the present invention, one dark account (i.e., an intermediate account) may correspond to a plurality of dark account _ B-type accounts (i.e., associated intermediate accounts), and each dark account _ B-type account corresponds to one B-type account. By the technical means, the safety of the user account in the control platform can be further enhanced.
In the embodiment of the invention, a first authorization certificate of a second application is received in a client of a first application logged in with an intermediate account; the account information of the intermediate account stores a first account identifier of the first application and operation authority information corresponding to the first account identifier; the account number identification of the intermediate account number and the first account number identification have a mapping relation; acquiring second account information of the second application based on the first authorization certificate; the second account information stores a second account identifier of the second application and operation authority information corresponding to the second account identifier; storing the second account information into the account information of the intermediate account to obtain an updated intermediate account; based on the updated intermediate account, the mode of using the first electronic equipment identified by the second account in the first application is controlled, the intermediate account is used for replacing the first account of the own party to control the third party equipment, and the intermediate account is associated with the second account of the third party, so that the aim of effectively isolating the account information of the own party and the account information of the third party is fulfilled, the technical effect of improving the safety of the user account information of the own party platform and the user account information of the third party platform is achieved, and the technical problem of poor safety caused by direct association of the user account information of the own party platform and the user account information of the third party platform is solved.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the invention. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required by the invention.
Based on the foregoing embodiments, in an application embodiment, as shown in fig. 4, a method for controlling authorization based on a device includes: step S402, a user initiates a third party authorization (controlling the electronic equipment of a third party manufacturer) to an authorization service at a client;
step S404, the authorization service obtains the authorization certificate of the B-type account (third-party user account) from the third-party authorization service;
step S406, the third party authorization service feeds back the authorization certificate and the user information of the (third party) to the authorization service;
and step S408, the third party authorization service sends the A-type account identification, the B-type account information, the B-type account authorization certificate and the manufacturer identification to the data processing service.
Step S410, the data processing service generates and stores a dark account (intermediate account) according to a preset rule;
and step S412, the data processing service updates the binding relationship between the class A account and the hidden account.
At step S414, the data processing service stores the class B account information.
In step S416, the data processing service generates and stores the relationship of the B-type account.
Step S418, the data processing service updates the hidden account number authority range to enable the hidden account number authority range to have the capability of the A-type account and the capability of the B-type account;
step S420, the data processing service synchronizes the A-type account identification and the hidden account identification to the authorization service.
Step S422, the authorization service redirects to the authorization success interface and returns the authorization certificate to the client.
Step S424, the authorization service replaces the A-type account identifier as a hidden account identifier;
and step S426, replacing the A-type account with the hidden account of the other server.
When a user corresponding to the A-type account successfully completes third-party authorization operation for the first time, the data processing server generates a hidden account (intermediate account) associated with the A-type account based on the A-type account according to a certain rule; meanwhile, the acquired B-type account information is stored in a database, a relationship with a corresponding manufacturer is established, an association relationship is established according to the generated hidden account identifier and the B-type account identifier, and the storage process completed at one time is completed. After the storage is finished, the data processing server side pushes the relation between the hidden account identification and the A-type account identification to the authorization server side, the authorization server side forwards the relation to other server sides, and the original A-type account is replaced by the hidden account for use. One A-type account has only one dark account, so that when the A-type account user is associated with the third-party platform account again, the data processing server establishes the relationship between the dark account and a new B-type account, the relationship between the B-type account and a manufacturer, and the corresponding related information for storing the B-type account. And then, correspondingly modifying the authority range of the dark account according to the authority range of the B-type account so as to endow the dark account with the capability of accessing the Nth third-party platform resource.
In the embodiment of the present invention, the association relationship between the hidden account and each account is as shown in fig. 5,
1) the type A account information stores user information of the platform of the client, such as encrypted user identification, user authorization credentials, user refreshing credentials, associated hidden account identification and the like, and the type A account corresponds to the hidden account one by one.
2) The dark account information stores information related to the dark account, such as a dark account identifier, a permission range of the dark account, and the like.
3) The B-type account information stores all third-party user information, including encrypted third-party user identification, authorization certificate, authority range, and associated hidden account identification. Each type B account has an association relation with a dark account, and each type B account stores a third party manufacturer identifier.
4) The dark account _ B-type account (associated intermediate account) stores an association relationship between the dark account and the B-type account, such as a dark account identifier, a B-type account identifier, and the like. One hidden account number may be associated with multiple class B accounts.
5) The manufacturer information stores basic information of third-party platform manufacturers, such as third-party manufacturer identification, encrypted third-party manufacturers and key pairs agreed by the third-party manufacturers and the third-party manufacturers in advance, manufacturer names and the like.
According to the embodiment of the invention, the incidence relation between the account information of one party and the account information of a third party is weakened by creating the hidden account, and meanwhile, more capabilities are given to the hidden account to enable the hidden account to become a common account; meanwhile, the hidden account is used for processing logic in the platform, so that the platform can simultaneously exert the capabilities of the third party account and the account of the my party.
In addition, the data security is improved by establishing the hidden account, the user identification of the user and the user identification of the third party have an association relation with the hidden account respectively, and the hidden account is stored separately, so that a physical isolation condition is created, and the security of the user privacy data is improved.
In the embodiment of the invention, a first authorization certificate of a second application is received in a client of a first application logged in with an intermediate account; the account information of the intermediate account stores a first account identifier of the first application and operation authority information corresponding to the first account identifier; the account number identification of the intermediate account number and the first account number identification have a mapping relation; acquiring second account information of the second application based on the first authorization certificate; the second account information stores a second account identifier of the second application and operation authority information corresponding to the second account identifier; storing the second account information into the account information of the intermediate account to obtain an updated intermediate account; based on the updated intermediate account, the mode of using the first electronic equipment identified by the second account in the first application is controlled, the intermediate account is used for replacing the first account of the own party to control the third party equipment, and the intermediate account is associated with the second account of the third party, so that the aim of effectively isolating the account information of the own party and the account information of the third party is fulfilled, the technical effect of improving the safety of the user account information of the own party platform and the user account information of the third party platform is achieved, and the technical problem of poor safety caused by direct association of the user account information of the own party platform and the user account information of the third party platform is solved.
According to another aspect of the embodiment of the present invention, there is also provided an apparatus authorization control device for implementing the apparatus authorization control. As shown in fig. 6, the apparatus includes:
a receiving unit 602, configured to receive, in a client of a first application logged in with an intermediate account, a first authorization credential of a second application; the account information of the intermediate account stores a first account identifier of a first application and operation authority information corresponding to the first account identifier; the account number identification of the intermediate account number has a mapping relation with the first account number identification;
an obtaining unit 604, configured to obtain second account information of a second application based on the first authorization credential; the second account information stores a second account identifier of a second application and operation authority information corresponding to the second account identifier;
a storage unit 606, configured to store the second account information into account information of the intermediate account, so as to obtain an updated intermediate account;
a control unit 608, configured to control, in the first application, the first electronic device identified by the second account based on the updated intermediate account.
In the embodiment of the invention, the first authorization credential received from the second application may be from an instruction triggered by the user operating a control key of the third-party electronic device in the terminal device human-computer interaction interface. The first authorization credential for the second application may also be received over a wired or wireless network. Wherein, this wireless network includes: WIFI and other networks that enable wireless communication. Such wired networks may include, but are not limited to: wide area networks, metropolitan area networks, and local area networks.
In the present embodiment, the client of the first application may be, but is not limited to, a platform client of which the current user uses one of the electronic devices, and is not limited herein. The intermediate account is a replacement account which replaces the login account in the current client. Here, the identifier of the first account may be an account name and/or a password of the first account, or an encrypted account name and/or password, or a name and a power device identifier of a corresponding manufacturer, and the operation authority information corresponding to the first account identifier may be a control operation performed on electronic equipment of the manufacturer corresponding to the first account, for example, for an air conditioner, the control operation may be power on, power off, temperature adjustment, timing, and the like. In this embodiment, when the electronic device of the third party vendor needs to be controlled, the authorization credential applied by the third party vendor needs to be received. Therefore, when the electronic device corresponding to the second application needs to be controlled at the client of the first application, the first authorization credential of the second application needs to be received at the client of the first application logged in with the intermediate account; authorization for the response can be obtained.
In the embodiment of the present invention, account information corresponding to the second application is obtained through an authorization credential of the second application, and the second account information may include electronic devices corresponding to a plurality of second applications under a plurality of second accounts. The second account information stores a second account identifier of the second application and operation permission information corresponding to the second account identifier. That is to say, the second account stores a second account identifier, which is not limited to a manufacturer identifier, an account name or a password, and the operation permission information is a control permission of the electronic device corresponding to the current second account.
In the embodiment of the present invention, the second account information is stored in the account information of the intermediate account to obtain the updated intermediate account, that is, the account id of the second account information and the control authority information of the corresponding electronic device may be both put into the intermediate account, and the intermediate account is equivalent to have the same control authority as the second account, so as to further control the electronic device corresponding to the second account. In this embodiment, the intermediate account may store account ids of a plurality of third party accounts and electronic devices of manufacturers corresponding to the third party accounts, which is not limited herein.
In the embodiment of the present invention, the updated intermediate account may replace the first account in the current first application to control the first electronic device corresponding to the second account identifier. That is to say, account information of the first account and the second account can be used as a bridge through the intermediate account, so that the second account and the second account information can be prevented from being exposed too much, the intermediate account is stored separately, and the security of user privacy data is improved.
In the embodiment of the invention, a first authorization certificate of a second application is received in a client of a first application logged in with an intermediate account; the account information of the intermediate account stores a first account identifier of the first application and operation authority information corresponding to the first account identifier; the account number identification of the intermediate account number and the first account number identification have a mapping relation; acquiring second account information of the second application based on the first authorization certificate; the second account information stores a second account identifier of the second application and operation authority information corresponding to the second account identifier; storing the second account information into the account information of the intermediate account to obtain an updated intermediate account; based on the updated intermediate account, the mode of using the first electronic equipment identified by the second account in the first application is controlled, the intermediate account is used for replacing the first account of the own party to control the third party equipment, and the intermediate account is associated with the second account of the third party, so that the aim of effectively isolating the account information of the own party and the account information of the third party is fulfilled, the technical effect of improving the safety of the user account information of the own party platform and the user account information of the third party platform is achieved, and the technical problem of poor safety caused by direct association of the user account information of the own party platform and the user account information of the third party platform is solved.
For other examples of this embodiment, reference may be made to the above embodiments, which are not described herein again.
According to a further aspect of the embodiment of the present invention, there is also provided an electronic device for implementing the device authorization control method, as shown in fig. 7, the electronic device includes a memory 702 and a processor 704, the memory 702 stores a computer program therein, and the processor 704 is configured to execute the steps in any one of the method embodiments through the computer program.
Optionally, in this embodiment, the electronic apparatus may be located in at least one network device of a plurality of network devices of a computer network.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s1, receiving a first authorization certificate of a second application in a client of a first application logged with an intermediate account; the account information of the intermediate account stores a first account identifier of a first application and operation authority information corresponding to the first account identifier; the account number identification of the intermediate account number has a mapping relation with the first account number identification;
s2, acquiring second account information of a second application based on the first authorization certificate; the second account information stores a second account identifier of a second application and operation authority information corresponding to the second account identifier;
s3, storing the second account information into the account information of the intermediate account to obtain an updated intermediate account;
and S4, controlling the first electronic equipment identified by the second account in the first application based on the updated intermediate account.
Alternatively, it can be understood by those skilled in the art that the structure shown in fig. 7 is only an illustration, and the electronic device may also be a terminal device such as a smart phone (e.g., an Android phone, an iOS phone, etc.), a tablet computer, a palmtop computer, and a Mobile Internet Device (MID), a PAD, and the like. Fig. 7 is a diagram illustrating a structure of the electronic device. For example, the electronic device may also include more or fewer components (e.g., network interfaces, etc.) than shown in FIG. 7, or have a different configuration than shown in FIG. 7.
The memory 702 may be used to store software programs and modules, such as program instructions/modules corresponding to the device authorization control method and apparatus in the embodiments of the present invention, and the processor 704 executes various functional applications and data processing by running the software programs and modules stored in the memory 702, so as to implement the device authorization control method described above. The memory 702 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 702 can further include memory located remotely from the processor 704, which can be connected to the terminal over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof. The memory 702 may be, but not limited to, specifically configured to store information such as decoration information of target furniture. As an example, as shown in fig. 7, the memory 702 may include, but is not limited to, a receiving unit 602, an obtaining unit 604, a storing unit 606, and a controlling unit 608 in the device authorization control apparatus. In addition, the device may further include, but is not limited to, other module units in the prop obtaining device, which is not described in detail in this example.
Optionally, the transmitting device 706 is used for receiving or sending data via a network. Examples of the network may include a wired network and a wireless network. In one example, the transmission device 706 includes a Network adapter (NIC) that can be connected to a router via a Network cable and other Network devices to communicate with the internet or a local area Network. In one example, the transmission device 706 is a Radio Frequency (RF) module, which is used to communicate with the internet in a wireless manner.
In addition, the electronic device further includes: a display 708 for displaying second account information of a second application; and a connection bus 710 for connecting the respective module parts in the above-described electronic apparatus.
According to a further aspect of an embodiment of the present invention, there is also provided a computer-readable storage medium, in which a computer program is stored, wherein the computer program is arranged to perform the steps in any of the above-mentioned method embodiments when executed.
Alternatively, in the present embodiment, the storage medium may be configured to store a computer program for executing the steps of:
s1, receiving a first authorization certificate of a second application in a client of a first application logged with an intermediate account; the account information of the intermediate account stores a first account identifier of a first application and operation authority information corresponding to the first account identifier; the account number identification of the intermediate account number has a mapping relation with the first account number identification;
s2, acquiring second account information of a second application based on the first authorization certificate; the second account information stores a second account identifier of a second application and operation authority information corresponding to the second account identifier;
s3, storing the second account information into the account information of the intermediate account to obtain an updated intermediate account;
and S4, controlling the first electronic equipment identified by the second account in the first application based on the updated intermediate account.
Alternatively, in this embodiment, a person skilled in the art may understand that all or part of the steps in the methods of the foregoing embodiments may be implemented by a program instructing hardware associated with the terminal device, where the program may be stored in a computer-readable storage medium, and the storage medium may include: flash disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
The integrated unit in the above embodiments, if implemented in the form of a software functional unit and sold or used as a separate product, may be stored in the above computer-readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing one or more computer devices (which may be personal computers, servers, network devices, etc.) to execute all or part of the steps of the method according to the embodiments of the present invention.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed client may be implemented in other manners. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of division of logical functions, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (10)
1. A device authorization control method, comprising:
receiving a first authorization certificate of a second application in a client of a first application logged in with an intermediate account; the account information of the intermediate account stores a first account identifier of the first application and operation authority information corresponding to the first account identifier; the account number identification of the intermediate account number has a mapping relation with the first account number identification;
acquiring second account information of the second application based on the first authorization certificate; the second account information stores a second account identifier of the second application and operation authority information corresponding to the second account identifier;
storing the second account information into the account information of the intermediate account to obtain an updated intermediate account;
and controlling the first electronic equipment identified by the second account in the first application based on the updated intermediate account.
2. The method of claim 1, wherein obtaining second account information of the second application based on the first authorization credential comprises:
associating an authorization interface of the second application based on the first authorization credential;
and acquiring second account information of the second application by using the authorization interface.
3. The method of claim 1, wherein before receiving, in the client logged in with the first application of the intermediate account, the first authorization credential of the second application, further comprising:
receiving a second authorization certificate of a third application in a client of a first application logged in with a first account;
acquiring third account information of the third application based on the second authorization certificate; the third account information stores a third account identifier of the third application and operation authority information corresponding to the third account identifier;
creating an intermediate account number associated with both the account number information of the first account number and the third account number information;
controlling, in the first application, a second electronic device identified using the third account based on the intermediate account.
4. The method of claim 3, wherein creating the intermediate account number associated with both the account number information of the first account number and the third account number information comprises:
establishing an incidence relation between the third account information and the account information of the first account;
and generating an intermediate account according to the incidence relation.
5. The method according to claim 4, wherein the storing the second account information into the account information of the intermediate account to obtain an updated intermediate account comprises:
and establishing a mapping relation between the first account and the second account according to the account information of the intermediate account so as to obtain an updated intermediate account.
6. The method of claim 5, further comprising:
and establishing a mapping relation between the intermediate account and the second account and a mapping relation between the intermediate account and the third account according to the updated account information of the intermediate account so as to obtain a related intermediate account.
7. An apparatus authorization control device, comprising:
the receiving unit is used for receiving a first authorization certificate of a second application in a client of a first application logged in with an intermediate account; the account information of the intermediate account stores a first account identifier of the first application and operation authority information corresponding to the first account identifier; the account number identification of the intermediate account number has a mapping relation with the first account number identification;
an obtaining unit, configured to obtain second account information of the second application based on the first authorization credential; the second account information stores a second account identifier of the second application and operation authority information corresponding to the second account identifier;
the storage unit is used for storing the second account information into the account information of the intermediate account so as to obtain an updated intermediate account;
and the control unit is used for controlling the first electronic equipment identified by the second account in the first application based on the updated intermediate account.
8. The apparatus of claim 7, wherein the obtaining unit comprises:
an association subunit configured to associate an authorization interface of the second application based on the first authorization credential;
and the obtaining subunit is configured to obtain, by using the authorization interface, second account information of the second application.
9. A computer-readable storage medium, characterized in that the computer-readable storage medium comprises a stored program, wherein the program when executed performs the method of any of claims 1 to 6.
10. An electronic device comprising a memory and a processor, wherein the memory has stored therein a computer program and the processor is arranged to execute the method of any of claims 1 to 6 by means of the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011507921.9A CN112597471B (en) | 2020-12-18 | 2020-12-18 | Device authorization control method and device, storage medium and electronic device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011507921.9A CN112597471B (en) | 2020-12-18 | 2020-12-18 | Device authorization control method and device, storage medium and electronic device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112597471A true CN112597471A (en) | 2021-04-02 |
| CN112597471B CN112597471B (en) | 2023-02-03 |
Family
ID=75199466
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011507921.9A Active CN112597471B (en) | 2020-12-18 | 2020-12-18 | Device authorization control method and device, storage medium and electronic device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112597471B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113742667A (en) * | 2021-08-06 | 2021-12-03 | 杭州群核信息技术有限公司 | Account information processing method and device, storage medium and electronic equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106357653A (en) * | 2016-09-27 | 2017-01-25 | 深圳市欧瑞博电子有限公司 | Control authority sharing method and system |
| CN106878353A (en) * | 2015-12-10 | 2017-06-20 | 腾讯科技(深圳)有限公司 | Smart machine obtains the methods, devices and systems of business datum |
| CN108234475A (en) * | 2017-12-28 | 2018-06-29 | 掌阅科技股份有限公司 | Account management method, electronic equipment and computer storage media |
| CN108737424A (en) * | 2018-05-24 | 2018-11-02 | 深圳市零度智控科技有限公司 | Authority sharing method, server, system and the readable storage medium storing program for executing of smart home |
| CN109359994A (en) * | 2018-10-31 | 2019-02-19 | 巴马平方米区块链有限公司 | Method for processing business, apparatus and system based on block chain |
| CN110661788A (en) * | 2019-09-05 | 2020-01-07 | 深圳龙图腾创新设计有限公司 | Login authentication management system, login method, login device, equipment and storage medium |
| CN112039826A (en) * | 2019-06-03 | 2020-12-04 | 北京京东尚科信息技术有限公司 | Login method and device applied to applet terminal |
-
2020
- 2020-12-18 CN CN202011507921.9A patent/CN112597471B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106878353A (en) * | 2015-12-10 | 2017-06-20 | 腾讯科技(深圳)有限公司 | Smart machine obtains the methods, devices and systems of business datum |
| CN106357653A (en) * | 2016-09-27 | 2017-01-25 | 深圳市欧瑞博电子有限公司 | Control authority sharing method and system |
| CN108234475A (en) * | 2017-12-28 | 2018-06-29 | 掌阅科技股份有限公司 | Account management method, electronic equipment and computer storage media |
| CN108737424A (en) * | 2018-05-24 | 2018-11-02 | 深圳市零度智控科技有限公司 | Authority sharing method, server, system and the readable storage medium storing program for executing of smart home |
| CN109359994A (en) * | 2018-10-31 | 2019-02-19 | 巴马平方米区块链有限公司 | Method for processing business, apparatus and system based on block chain |
| CN112039826A (en) * | 2019-06-03 | 2020-12-04 | 北京京东尚科信息技术有限公司 | Login method and device applied to applet terminal |
| CN110661788A (en) * | 2019-09-05 | 2020-01-07 | 深圳龙图腾创新设计有限公司 | Login authentication management system, login method, login device, equipment and storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113742667A (en) * | 2021-08-06 | 2021-12-03 | 杭州群核信息技术有限公司 | Account information processing method and device, storage medium and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112597471B (en) | 2023-02-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111246539B (en) | Networking binding method of intelligent household appliance, intelligent household appliance and user terminal | |
| CN104023333B (en) | secure subscriber identity module service | |
| CN106851632B (en) | A kind of method and device of smart machine access WLAN | |
| CN108540433B (en) | User identity verification method and device | |
| CN114124930B (en) | Configuration file transmission method, terminal, server and storage medium | |
| CN113055867A (en) | Method and device for auxiliary network distribution of terminal and electronic equipment | |
| EP3386167B1 (en) | Cloud operation interface sharing method, related device and system | |
| CN110399717B (en) | Key acquisition method and device, storage medium and electronic device | |
| CN105308560A (en) | Method and apparatus for setting profile | |
| WO2019041166A1 (en) | Method for updating firmware and related apparatus | |
| JP2020509718A (en) | Credential information processing method, apparatus, and application APP for network connection | |
| CN105635062A (en) | Network access equipment verification method and device | |
| CN105338011A (en) | Cloud-service-based system configuration method and apparatus, and cloud server | |
| CN112689316B (en) | Binding method and device of intelligent equipment, storage medium and electronic device | |
| CN104580235A (en) | Authentication method and authentication system for equipment connection | |
| CN113433831A (en) | Control method and module of intelligent household equipment and storage medium | |
| CN114760112B (en) | Wireless local area network-oriented intelligent home equipment networking method, system, equipment and storage medium | |
| CN105100022A (en) | Cipher processing method, server and system | |
| CN111901304B (en) | Registration method and device of mobile security equipment, storage medium and electronic device | |
| CN106535156B (en) | Virtual subscriber identity module card migration method, terminal, server and system | |
| CN101621527A (en) | Method, system and device for realizing safety certificate based on Portal in VPN | |
| CN105812370A (en) | Smart card processing method, device and system | |
| CN112597471B (en) | Device authorization control method and device, storage medium and electronic device | |
| CN106211203A (en) | Lock network data updating method and device | |
| CN110290097B (en) | Data processing method and device, storage medium and electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |