WO2014201931A1 - Procédé de traitement de ressources et serveur de site - Google Patents

Procédé de traitement de ressources et serveur de site Download PDF

Info

Publication number
WO2014201931A1
WO2014201931A1 PCT/CN2014/077963 CN2014077963W WO2014201931A1 WO 2014201931 A1 WO2014201931 A1 WO 2014201931A1 CN 2014077963 W CN2014077963 W CN 2014077963W WO 2014201931 A1 WO2014201931 A1 WO 2014201931A1
Authority
WO
WIPO (PCT)
Prior art keywords
resource
site server
authorization
request
user
Prior art date
Application number
PCT/CN2014/077963
Other languages
English (en)
Chinese (zh)
Inventor
陆多俊
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2014201931A1 publication Critical patent/WO2014201931A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Definitions

  • the present invention relates to the field of communications and Internet technologies, and in particular, to a resource processing method and a site server. Background technique
  • Resource sharing and sharing are two basic needs of Internet users.
  • the sharing is that the resource owner pushes its own resources to other users. For example, if user A is authorized by B, the content of the network disk can be pushed to the network disk of user B.
  • a share is a user requesting authorization from another user to request the user to access the private resources of the requested user. For example, if user A is authorized by B, he can browse the content of the network disk of B.
  • the core of these two requirements is how to realize resource authorization between users and the process of resource exchange between users.
  • the requesting user and the requested user can be located at different service site servers, and the exchanged resources are located on the two service site servers.
  • For sharing the resources are located on the requesting user's service site server.
  • For sharing the resources are located in the requested user. On the service site server. In particular, the requesting user and the requested user can also be located on the same service site server.
  • OAuth development authorization
  • the resource requester initiates an authorization request to the resource owner
  • the resource requester initiates a resource access authorization request to the authorization server, and submits an authorization result obtained from the resource owner, and the authorization result is generally an authorization code;
  • the resource requester carries the access token to access the resource server.
  • the resource server determines whether the resource requester has access to the restricted resource according to whether the access token is legal.
  • the authorization server and the resource server may be a server;
  • OAuth 2.0 does not support resource owner offline authorization.
  • Oauth 2.0 only defines cross-site resource access authorization between users, and no resource sharing mechanism is defined. Summary of the invention
  • the present invention provides a resource processing method and a site server to solve the existing OAuth 2.0 specification in the prior art, does not support resource owner or manager offline authorization, and Oauth 2.0 only defines a cross between users. Station resource access authorization, there is no problem defining the resource sharing mechanism.
  • the present invention provides a resource processing method, where the method includes: receiving, by a first site server, a resource processing request sent by a requesting user of the first site server, where the resource processing request carries a second An address of the site server and an account of the requested user of the second site server; generating the resource authorization request according to the resource processing request, and sending the resource authorization request to the second site server; After the requested user allows the authorization, the resource authorization response sent by the second site server is received, and resource processing is performed according to the resource authorization response.
  • the resource processing request is a resource sharing request, where the resource authorization request carries an initial serial number, shared resource information, an account of the requested user, a callback uniform resource locator URL, and The identity password of the first site server.
  • the resource authorization response includes an authorization token, a resource sharing URL, an initial serial number, and the receiving the second site server
  • the resource authorization response is sent, and the resource processing is performed according to the resource authorization response.
  • the first site server receives the resource authorization response sent by the second site server by using the callback URL, and responds by using the resource authorization.
  • the resource sharing URL in the requesting, the sharing resource of the requesting user is sent to the second site server, so that the requested user obtains the shared resource from the second site server and shares the shared resource.
  • the resource processing request is a resource sharing request, where the resource sharing request further carries a shared resource name of the requested user, where the resource authorization request carries an initial serial number, The shared resource information, the account number of the requested user, the callback URL, and the identity password of the first site server.
  • the resource authorization response includes an authorization token, a resource sharing URL, an initial serial number, and the receiving the second site server And sending the resource authorization response according to the resource authorization response, where the first site server receives the resource authorization response sent by the second site server by using the callback URL, and receives the request.
  • the user's resource gets the request, it passes The resource sharing URL in the resource authorization response sends a resource acquisition request carrying the authorization token to the second site server; receiving the shared resource of the requested user sent by the second site server, And sending the shared resource to the requesting user, so that the requesting user acquires the shared resource.
  • the present invention provides a resource processing method, where the method includes: receiving, by a second site server, a resource authorization request sent by a first site server, where the resource authorization request is received by the first site server according to After the resource processing request sent by the requesting user by the first site server, the authorization request of the requested user for the second site server generated according to the resource processing request; when the second site server pairs the After the server is authenticated, the resource authorization request is sent to the requested user; the authorization confirmation information sent by the requesting user is received, and the resource authorization for the first site server is generated according to the authorization confirmation information. Responding to, and sending the resource authorization response to the first site server, where the first site server performs resource processing according to the resource authorization response.
  • the resource processing request is a resource sharing request, where the resource authorization request carries a unique transaction ID, shared resource information, an account of the requested user, a callback uniform resource locator URL, and The identity password of the first site server.
  • the authorization confirmation information is that the requesting user allows authorization, and the generating, according to the authorization confirmation information, the first The resource authorization of the site server is generated, and the resource authorization response is sent to the first site server, specifically: after the requested user allows authorization, the second site server generates a checkpoint according to the authorization confirmation information.
  • a resource authorization response Determining, by the first site server, a resource authorization response, where the resource authorization response includes an authorization token, a resource sharing URL, an initial serial number, and sending a resource authorization response to the first site server by using the callback URL;
  • the resource processing request is a resource sharing request, where the resource sharing request further carries a shared resource name of the requested user, where the resource authorization request carries an initial serial number, The shared resource information, the account number of the requested user, the callback URL, and the identity password of the first site server.
  • the authorization confirmation information is an authorization permission for the requesting user, and the generating, by the authorization confirmation information, the first The resource authorization of the site server is generated, and the resource authorization response is sent to the first site server, which is specifically: after the requested user allows authorization, the second site server generates a pair according to the authorization confirmation information.
  • a resource authorization response of the first site server includes an authorization token, a resource sharing URL, an initial serial number, and sending a resource authorization response to the first site server by using the callback URL; Transmitting, by the first site server, a resource acquisition request that carries the authorization token, and after verifying the authorization token, sending the shared resource of the requested user to the first site server, so as to enable the The first site server sends the shared resource to the requesting user.
  • the present invention provides a site server, where the site server includes: a receiving unit, configured to receive a resource processing request sent by a requesting user of a first site server, where the resource processing request carries a second site And the first processing unit is configured to receive the resource processing request from the receiving unit, And generating, by the resource processing request, the resource authorization request, and sending the resource authorization request to the second site server; and the second processing unit is configured to: after the requested user allows authorization, receive the The resource authorization response sent by the second site server, and the resource processing is performed according to the resource authorization response.
  • the resource processing request is a resource sharing request, where the resource authorization request carries an initial serial number, shared resource information, an account of the requested user, a callback uniform resource locator URL, and The identity password of the first site server.
  • the resource authorization response includes an authorization token, a resource sharing URL, and an initial serial number
  • the second processing unit is further configured to: Receiving, by the second site server, a resource authorization response sent by the callback URL, and sending the shared resource of the requesting user to the second site server by using the resource sharing URL in the resource authorization response, to And causing the requested user to acquire the shared resource from the second site server and share the shared resource.
  • the resource processing request is a resource sharing request, where the resource sharing request further carries a shared resource name of the requested user, and the resource authorization request Carrying an initial serial number, the shared resource information, an account of the requested user, a callback URL, and an identity password of the first site server.
  • the resource authorization response includes an authorization token, a resource sharing URL, an initial serial number, and the receiving the second site server Sending a resource authorization response
  • the second processing unit is further configured to receive a resource authorization response sent by the second site server by using the callback URL, and when receiving the resource acquisition request of the requesting user, Sending, by the resource sharing URL in the resource authorization response, a resource acquisition request carrying the authorization token to the second site server, and receiving a resource acquisition response sent by the second site server, and acquiring the resource A response is sent to the requesting user to cause the requesting user to acquire the shared resource of the requested user.
  • the present invention provides a site server, where the site server includes: a receiving unit, configured to receive a resource authorization request sent by a first site server, where the resource authorization request is received by the first site server according to After the resource processing request sent by the requesting user of the first site server, the authorization request of the requested user for the second site server generated according to the resource processing request; the sending unit, configured to use the first After the site server performs the authentication, the resource authorization request is sent to the requested user; the processing unit is configured to receive the authorization confirmation information sent by the requesting user, and generate, according to the authorization confirmation information, the first site. Responding to the resource authorization of the server, and sending the resource authorization response to the first site server, where the first site server performs resource processing according to the resource authorization response.
  • the resource processing request is a resource sharing request, where the resource authorization request carries an initial serial number, shared resource information, an account of the requested user, a callback uniform resource locator URL, and The identity password of the first site server.
  • the authorization confirmation information is authorized for the requesting user
  • the processing unit is further configured to: when the requested user allows After the authorization, the second site server generates a resource authorization response to the first site server according to the authorization confirmation information, where the resource authorization response includes an authorization token, a resource sharing URL, an initial serial number, and Sending a resource authorization response to the first site server; and receiving, by the first site server, the shared resource of the requesting user sent by the resource sharing URL in the resource authorization response, so that the The requested user obtains the shared resource and shares the shared resource.
  • the resource processing request is a resource sharing request, where the resource sharing request further carries a shared resource name of the requested user, where the resource authorization request carries a unique transaction ID and a The shared resource information, the account number of the requested user, the callback URL, and the identity password of the first site server.
  • the authorization confirmation information is authorized for the requesting user
  • the processing unit is further configured to: when the requested user allows After the authorization, the second site server generates a resource authorization response to the first site server according to the authorization confirmation information, where the resource authorization response includes an authorization token, a resource sharing URL, an initial serial number, and Transmitting a URL to the first site server to send a resource authorization response; and, after receiving the resource acquisition request that is sent by the first site server and carrying the authorization token, and verifying the authorization token, The first site server returns a shared resource of the requested user, so that the first site server sends the shared resource to the requesting user.
  • the first site server receives the resource processing request sent by the requesting user, generates a resource authorization request according to the resource processing request, and sends the resource authorization request to the second site server, when After the second site server authenticates the first site server, the resource authorization request is sent to the requested user.
  • the second site server receives the authorization confirmation information sent by the requesting user, and generates the authorization confirmation information according to the authorization. Responding to the resource authorization of the first site server, and sending the resource authorization response to the first site server.
  • the first site server After receiving the resource authorization response sent by the second site server, the first site server performs resource processing according to the resource authorization response, thereby implementing Resource processing between different site servers, and can be widely used for sharing and sharing resources such as cross-site network disks, microblogs, SNS contacts, conferences/schedules, and the like.
  • FIG. 1 is a flowchart of a resource processing method according to Embodiment 1 of the present invention.
  • FIG. 2 is a flowchart of a resource processing method according to Embodiment 2 of the present invention
  • 3 is a schematic diagram of a resource processing method according to Embodiment 3 of the present invention
  • FIG. 4 is a schematic diagram of a resource processing method according to Embodiment 4 of the present invention.
  • FIG. 5 is a schematic diagram of a site server according to Embodiment 5 of the present invention.
  • FIG. 6 is a schematic diagram of a site server according to Embodiment 6 of the present invention.
  • FIG. 7 is a schematic diagram of a site server according to Embodiment 7 of the present invention.
  • FIG. 8 is a schematic diagram of a site server according to Embodiment 8 of the present invention. detailed description
  • the present invention discloses a resource processing method and a site server.
  • the first site server receives a resource processing request sent by a requesting user, the resource processing request includes a resource sharing request and a resource sharing request, and generates a resource authorization request according to the resource processing request, and Sending the resource authorization request to the second site server, and after the second site server authenticates the first site server, sending the resource authorization request to the requested user, and after requesting the user to approve the authorization, the second site server receives the request.
  • the resource processing includes resource sharing and resource sharing, thereby implementing resource processing between different site servers, including but not limited to: sounds that can be stored in the computer: Video, pictures, text and various forms of documents.
  • the method of the embodiment of the present invention can be widely applied to sharing and sharing resources of a cross-site network disk, a microblog, an SNS contact, a conference/schedule, and the like, and an authorization method between the second site server and the requested user,
  • the two-site server can select its authorization mode according to the communication mode between itself and the requested user.
  • the first site server and the second site server in the embodiments of the present invention refer to servers that belong to different owners or are managed by different owners, and the server includes one or more resource servers and/or portal servers.
  • the different site servers typically have different domain names or network identities.
  • FIG. 1 is a flowchart of a resource processing method according to Embodiment 1 of the present invention. As shown in the figure, this is The example specifically includes the following steps:
  • Step 110 The first site server receives a resource processing request of the requesting user of the first site server.
  • the received resource processing request carries the address of the second site server and the account of the requested user of the second site server.
  • the first site server is the site server where the requesting user is located, and the second site server is the site server where the requested user is located.
  • the requesting user A of the first site server logs in to the first site server and initiates a resource processing request to the requested user B of the second site server.
  • the resource processing request includes a resource sharing request or a resource sharing request.
  • the requesting user A of the first site server is simply referred to as user A
  • the requested user B of the second site server is referred to as user B.
  • the other embodiments are the same, and are not described again.
  • User A When the user needs to send a resource sharing request to User B, User A selects its resource on the first site server and shares the resource with User B who has an account on the second site server. At this time, User A only needs to know the account of User B and the address of the second site server where User B is located. For example, the information of the user B that the user A knows is: account_of_b@www.sitey.com, and the first site server determines, according to the information, the object of the resource sharing, that is, the account of the user B is account_of-b, and the user B is located. The address of the second site server is www.sitey.com.
  • user A selects the resource shared by user B on the second site server.
  • the user A in addition to knowing the account of the user B and the address of the second site server where the user B is located, the user A must also know the resource name of the sharable resource, and the user B may disclose the user B to the user A in multiple channels.
  • the name of the sharable resource For example, user B can send the shareable resource path to user A in the email, microblog, and instant chat tool, where the second site server provides the shared resource path mode provided by user B as follows:
  • Step 120 The first site server generates a resource authorization request according to the resource processing request, and sends the resource authorization request to the second site server, where the first site server sends the resource to the second site server according to the address of the second site server.
  • Authorization request Specifically, when the resource processing request of the user A is a resource sharing request, the first site server where the user A is located sends a resource authorization request to the second site server according to the address of the second site server that is carried by the resource sharing request, and the resource is requested.
  • the authorization request carries the initial serial number, shared resource information, user B's account number, callback Uniform Resource Locator (URL), and the identity code of the first site server.
  • the sharing resource information includes one or more of the following information: sharing a resource name, sharing a resource content size, sharing a resource type, and sharing a resource format.
  • the resource sharing request carries the shared resource information of the user B in addition to the address of the second site server and the account of the user B, so the user A
  • the first site server sends a resource authorization request to the second site server according to the address of the second site server that is carried by the resource sharing request, and the resource authorization request carries the initial serial number, the shared resource name of the user B, and the user B. Account number, callback URL, and identity password for the first site server.
  • the shared resource information includes one or more of the following information: a shared resource name, a shared resource content size, a shared resource type, and a shared resource format.
  • the initial serial number is a serial number that uniquely identifies the current resource authorization request, and may also be referred to as a unique transaction ID.
  • Step 130 After the user B permits the authorization, the first site server receives the resource authorization response sent by the second site server, and performs resource processing according to the resource authorization response.
  • the resource authorization response of the second site server returning to the first site server includes an authorization token, a resource sharing URL, and an initial serial number, when the first site server receives the second site server and sends the message through the callback URL.
  • the user A's shared resource is sent to the second site server through the resource sharing URL carried in the resource authorization response, so that the user B obtains the user A's shared resource from the second site server and shares the shared resource.
  • the resource authorization response of the second site server returning to the first site server includes an authorization token, a resource sharing URL, and an initial serial number, when the first site server receives the second site server and sends the message through the callback URL.
  • the resource authorization response is received, and the resource acquisition request sent by the user A is received, the resource sharing request carrying the authorization token is sent to the second site server by using the resource sharing URL carried in the resource authorization response;
  • the first site server receives the resource acquisition response sent by the second site server, and sends the resource acquisition response to the user A, so that the user A obtains the sharing of the user B. Resources.
  • the first site server receives a resource processing request sent by the requesting user, the resource processing request includes a resource sharing request and a resource sharing request, and generates a resource authorization request according to the resource processing request, and The resource authorization request is sent to the second site server.
  • the resource authorization request is sent to the requested user, and when the requested user agrees to authorize, the second site server sends the second site server.
  • the resource processing is performed according to the resource authorization response, and the resource processing includes resource sharing and resource sharing, thereby realizing resource processing between different site servers.
  • FIG. 2 is a flowchart of a resource processing method according to Embodiment 2 of the present invention. As shown in the figure, the embodiment specifically includes the following steps:
  • Step 210 The second site server receives the resource authorization request sent by the first site server.
  • the resource authorization request is an authorization request of the requested user of the second site server generated according to the resource processing request after the first site server receives the resource processing request sent by the user of the first site server.
  • the first site server is the site server where the requesting user is located
  • the second site server is the site server where the requested user is located.
  • Step 220 After the second site server authenticates the first site server, send the received resource authorization request to the requested user.
  • the second site server may authenticate the first site server according to the identity code of the first site server carried in the resource authorization request.
  • the second site server sends the received resource authorization request to the user B according to the registered user account of the requested user, that is, the user B on the own site server.
  • the mouth There are many ways to send it, than the mouth:
  • the resource authorization request is sent by means of email; if the user B is registered with the mobile phone number, the resource authorization request is sent by sending the short message or the multimedia message;
  • the resource authorization request is sent by sending a system message
  • the resource authorization request is sent in the manner of sending the message in the station.
  • Step 230 the second site server receives the authorization confirmation information sent by the requesting user, according to the The authorization confirmation information generates a resource authorization response to the first site server, and sends the resource authorization response to the first site server, where the first site server performs resource processing according to the resource authorization response.
  • the resource processing request sent by the requesting user of the first site server is divided into two types: a resource sharing request and a resource sharing request.
  • the resource processing method provided by the embodiment of the present invention is specifically:
  • the first site server When the resource processing request sent by the requesting user of the first site server is a resource sharing request, the first site server generates a resource authorization request for the requested user of the second site server according to the resource sharing request, which carries the unique Transaction ID, shared resource information, the account of the requested user, the callback URL, and the identity password of the first site server.
  • the second site server After receiving the resource authorization request, the second site server sends the resource authorization request to the requested user after authenticating the first site server according to the identity password of the first site server carried in the resource authorization request;
  • the second site server receives the authorization confirmation information sent by the requesting user, the authorization confirmation information indicating that the requesting user has allowed the authorization, and after the requested user permits the authorization, the second site server generates a resource authorization response to the first site server according to the authorization confirmation information, the resource authorization The response includes an authorization token, a resource sharing URL, an initial serial number, and a resource authorization response is sent to the first site server via a callback URL.
  • the first site server when the resource processing request sent by the requesting user of the first site server is a resource sharing request, the first site server generates a resource authorization request for the requested user of the second site server according to the resource sharing request, which carries the unique a transaction ID, the shared resource information, an account of the requested user, a callback URL, and an identity password of the first site server.
  • the second site server After receiving the resource authorization request, the second site server sends the resource authorization request to the requested user after authenticating the first site server according to the identity password of the first site server carried in the resource authorization request;
  • the second site server receives the authorization confirmation information sent by the requesting user, the authorization confirmation information indicating that the requesting user has allowed the authorization, and after the requested user allows the authorization, the second site server generates a resource authorization response to the first site server according to the authorization confirmation information,
  • the resource authorization response includes an authorization token,
  • the resource share URL, the initial serial number, and the resource 4 authorized response is sent to the first site server through the callback URL.
  • the second site server receives the resource authorization request sent by the first site server, and after the second site server authenticates the first site server, sends the resource authorization request to the requested request. Receiving, by the user, the authorization confirmation information sent by the requested user, and generating a resource authorization response to the first site server according to the authorization confirmation information, and sending the resource authorization response to the first site server, where the first site server is configured according to the The resource authorization response performs resource processing, and the resource processing includes resource sharing or resource sharing, thereby realizing resource processing between different site servers.
  • FIG. 3 is a schematic diagram of a resource processing method according to Embodiment 3 of the present invention.
  • This embodiment is a cross-site resource sharing between users. It is assumed that the requesting user Bob and the requested user Alice have accounts on the network disk server X (ie, the first site server) and the network disk server Y (ie, the second site server), respectively, and the account names are Bob and Alice, respectively. Bob selects some of the contents of his network disk and shares it with Alice. After Alice agrees to authorize, Bob transfers the contents of the network disk to Alice's network disk.
  • the embodiment specifically includes the following steps:
  • Step 310 Request the user Bob to send a resource processing request to the first site server. among them,
  • Step 320 The network disk server X parses the shared object of the Bob, constructs a resource authorization request sent to the network disk server Y, and sends the resource authorization request to the network disk server.
  • the resource authorization request includes: an initial serial number (transld), a shared resource name, a shared user account (alice), a callback URL, and an identity password (password) of the network disk server X.
  • information such as the size, type, format, and the like of the shared resource content may be added.
  • Step 330 the network disk server Y sends Alice a request authorization email to Alice registered mailbox, for example, alice(g).exa. mplemail.com, and sends a consent authorization link in the cow, when Alice clicks the link, then Triggered to the network disk server Y, indicating that Alice agreed to the authorization.
  • the request authorization process is completed in the form of sending an email.
  • the request authorization process is not limited to mail, but can also be completed in the form of short messages, in-site notifications, and the like.
  • Step 340 when Alice logs in to her mailbox, browses the request authorization email, selects consent or does not agree to the authorization; if Alice agrees to authorize, click the consent link to trigger to the network disk server Y;
  • Step 350 The network disk server Y generates a resource authorization response for the network disk server X.
  • the resource authorization response includes an authorization token (Access Token), a resource sharing URL, an initial serial number, and the resource authorization response is returned to the network disk server X.
  • the authorization token also includes its validity period.
  • Step 360 The network disk server X uploads the content shared by the Bob to the network disk server Y, and carries the authorization token in step 350.
  • Step 370 when Alice logs in to the network disk to serve its Y, it can browse and download the content shared by Bob.
  • FIG. 4 is a schematic diagram of a resource processing method according to Embodiment 4 of the present invention.
  • This embodiment is a cross-site resource sharing between users. It is assumed that the requesting user Bob and the requested user Alice have accounts on the network disk server X (ie, the first site server) and the network disk server Y (ie, the second site server), respectively, and the account names are bob and alice, respectively.
  • Bob knows Alice's shareable resource name: alice@www.sitey.com/networkdisk/sharedPhotos.
  • Bob requests Alice to share resources on the network server.
  • the network disk server X requests the network disk server Y to authorize, Y requests the Alice authorization by means of a message, for example, an email (email), a short message, a station notification, a system message, etc., and when Alice agrees to authorize, Alice's network disk
  • a message for example, an email (email), a short message, a station notification, a system message, etc.
  • Alice agrees to authorize, Alice's network disk
  • the resource sharing path, together with the authorization token (Access Token) is called back to the network disk server X.
  • Bob can browse Alice's shared resources through the network disk server X.
  • the embodiment specifically includes the following steps:
  • Step 410 Bob initiates a resource sharing request after logging in to the network disk server X by using the terminal device.
  • the resource authorization request includes: an initial serial number (transld), a shared resource name (/networkdisk/sharedPhotos), a shared user account (alice), a callback URL, and an identity password (password) of the network disk server X.
  • information such as the size, type, format, and the like of the shared resource content may be added;
  • the request authorization process is completed in the form of sending an email.
  • the request authorization process is not limited to mail, but can also be completed in the form of short messages, in-site notifications, and the like.
  • Step 440 after Alice logs in to his mailbox, browses the request authorization email, selects consent or does not agree to the authorization;
  • Step 450 Alice agrees to authorize, clicks the consent link, triggers to the network disk server Y;
  • Step 460 The network disk server Y generates a resource authorization response for the network disk server X.
  • the resource authorization response includes an authorization token (Access Token), a resource sharing URL, an initial serial number, and the resource authorization response is returned to the network disk server X.
  • the authorization token also includes its validity period.
  • step 470 Bob queries the network disk server X for the shared resource, and X lists the shared resource list that has been authorized.
  • Step 480 When Bob browses the authorized shared resource, the network disk server X acquires the shared resource from the resource sharing URL provided by the network disk server Y, and carries an access token (Access Token). The network disk server Y needs to verify the validity of the Access Token carried by the network disk server X. If it passes, it returns the shared resource to the network disk server X.
  • an access token Access Token
  • FIG. 5 is a schematic diagram of a site server according to Embodiment 5 of the present invention.
  • the site server is a site server where the requesting user is located, and is defined as a first site server for performing the resource processing methods provided in Embodiments 1 to 4 of the present invention.
  • the embodiment of the present invention specifically includes: a receiving unit 51, a first processing unit 52, and a second processing unit 53.
  • the receiving unit 51 is configured to receive a resource processing request sent by the requesting user of the first site server, where the resource processing request carries an address of the second site server and an account of the requested user of the second site server, and the The resource processing request is transmitted to the first processing unit 52; the first processing unit 52 is configured to receive the resource processing request from the receiving unit, generate the resource authorization request according to the resource processing request, and authorize the resource Sending a request to the second site server; the second processing unit 53 is configured to: after the requested user allows authorization, receive a resource authorization response sent by the second site server, and perform resource processing according to the resource authorization response. .
  • the resource processing request is a resource sharing request
  • the resource authorization is requested.
  • the request carries a unique transaction ID, shared resource information, an account of the requested user, a callback Uniform Resource Locator URL, and an identity password of the first site server.
  • the resource authorization response includes an authorization token, a resource sharing URL, and an initial serial number.
  • the second processing unit 53 is further configured to receive a resource authorization response sent by the second site server by using the callback URL, and authorize the resource by using the resource. Transmitting, by the resource sharing URL in the response, the shared resource of the requesting user to the second site server, so that the requested user obtains the shared resource from the second site server and shares the shared resource .
  • the resource processing request is a resource sharing request
  • the resource sharing request further carries a shared resource name of the requested user
  • the resource authorization request carries a unique transaction ID and the shared resource information.
  • the resource authorization response includes an authorization token, a resource sharing URL, and an initial serial number, and the receiving the resource authorization response sent by the second site server, where the second processing unit 53 is further configured to receive the second site server.
  • the resource authorization response sent by the callback URL and when the resource acquisition request of the requesting user is received, the resource sharing URL in the resource authorization response is sent to the second site server to carry the authorization order.
  • a resource acquisition request of the card and receiving a resource acquisition response sent by the second site server, and sending the resource acquisition response to the requesting user, so that the requesting user acquires the shared resource of the requested user.
  • the site server receives the resource processing request sent by the requesting user, the resource processing request includes a resource sharing request and a resource sharing request, and generates a resource authorization request according to the resource processing request, and sends the resource authorization request.
  • the resource processing includes resource sharing and resource sharing, thereby realizing resource processing between different site servers, and can be widely applied to cross-site network disks, microblogs, SNS contacts, conferences/ Sharing and sharing of resources such as schedules.
  • FIG. 6 is a schematic diagram of a site server according to Embodiment 6 of the present invention.
  • the site server is a site server where the requested user is located, and is defined as a second site server, and is used to perform the resource processing method provided in Embodiments 1 to 4 of the present invention.
  • the embodiment of the present invention specifically includes: a receiving unit 61, a sending unit 62, and a processing unit 63.
  • the receiving unit 61 is configured to receive a resource authorization request sent by the first site server, where the resource authorization request is after the first site server receives the resource processing request sent by the user of the first site server, according to the The resource processing request generates an authorization request for the requested user of the second site server; the sending unit 62 is configured to send the resource authorization request to the requested user after authenticating the first site server; the processing unit 63 is configured to receive the authorization confirmation information sent by the requesting user, generate a resource authorization response to the first site server according to the authorization confirmation information, and send the resource authorization response to the first site. And a server, configured to perform resource processing according to the resource authorization response by the first site server. The sending unit 62 is further configured to send the resource authorization request to the requested user after performing identity verification on the first site server according to the identity password of the first site server.
  • the resource processing request is a resource sharing request, where the resource authorization request carries a unique transaction ID, shared resource information, an account of the requested user, a callback uniform resource locator URL, and the first The identity password of the site server.
  • the authorization confirmation information is that the requesting user allows the authorization
  • the processing unit 63 is further configured to: after the requested user allows the authorization, the second site server generates, according to the authorization confirmation information, the first site.
  • the resource authorization response including an authorization token, a resource sharing URL, an initial serial number, and sending a resource authorization response to the first site server by using the callback URL; and receiving the first site And the server shares the shared resource of the requesting user sent by the resource sharing URL in the resource authorization response, so that the requested user acquires the shared resource and shares the shared resource.
  • the resource processing request is a resource sharing request
  • the resource sharing request further carries a shared resource name of the requested user
  • the resource authorization request carries a unique transaction ID and the shared resource information.
  • the authorization confirmation information is that the requesting user allows the authorization
  • the processing unit 63 is further configured to: after the requested user allows the authorization, the second site server generates, according to the authorization confirmation information, the first site.
  • the resource authorization response including an authorization token, a resource sharing URL, an initial serial number, and sending a resource authorization response to the first site server by using the callback URL; and, when receiving the first a resource acquisition request sent by the site server carrying the authorization token, and performing the authorization token After the verification, the shared resource of the requested user is sent to the first site server, so that the first site server sends the shared resource to the requesting user.
  • the second site server provided by the embodiment of the present invention receives the resource authorization request sent by the first site server, and sends the resource authorization request to the requested user after the second site server authenticates the first site server. And receiving the authorization confirmation information sent by the requested user, and generating a resource authorization response to the first site server according to the authorization confirmation information, and sending the resource authorization response to the first site server, where the first site server is authorized according to the resource
  • the resource processing includes resource sharing or resource sharing, thereby realizing resource processing between different site servers, and can be widely applied to sharing resources of cross-site network disks, microblogs, SNS contacts, conferences/schedules, and the like. And sharing, while expanding the authorization method between the second site server and the requested user, the second site server can select its authorization mode according to the communication mode between itself and the requested user.
  • FIG. 7 is a schematic diagram of a site server according to Embodiment 7 of the present invention.
  • the site server is a site server where the requesting user is located, and is defined as a first site server for performing the resource processing methods provided in Embodiments 1 to 4 of the present invention.
  • the first site server provided in this embodiment includes: a site server port 71, a processor 72, and a memory 77.
  • the site server bus 74 is used to connect the site server port 71, the processor 72, and the memory 77.
  • the site server port 71 can be connected to the requesting user and the second site server where the requested user is located, respectively.
  • the memory 77 can be a persistent storage such as a hard disk drive and a flash memory having a software module and a device driver.
  • the software modules are capable of executing the various functional modules of the above described method of the present invention; the device drivers can be network and interface drivers.
  • FIG. 8 is a schematic diagram of a site server according to Embodiment 8 of the present invention.
  • the site server is a site server where the requested user is located, and is defined as a second site server for performing the resource processing methods provided by the first to fourth embodiments of the present invention.
  • the first site server provided in this embodiment includes: a site server port 81, a processor 82, and a memory 88.
  • the site server bus 84 is used to connect to the site server port 81, processor 82, and memory 88.
  • the site server port 81 can be respectively associated with the requesting user and the requested user.
  • the site server is connected.
  • Memory 88 can be a persistent storage, such as a hard drive and flash memory, with software modules and device drivers in memory 88.
  • the software modules are capable of executing the various functional modules of the above described method of the present invention; the device drivers can be network and interface drivers.
  • the steps of a method or algorithm described in connection with the embodiments disclosed herein may be implemented in hardware, a software module executed by a processor, or a combination of both.
  • the software module can be placed in random access memory (RAM), memory, read only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or technical field. Any other form of storage medium known.

Abstract

La présente invention porte sur un procédé de traitement de ressources et un serveur de site. Le procédé comprend les étapes suivantes: un premier serveur de site reçoit une requête de traitement de ressources envoyée par un utilisateur demandeur du premier serveur de site, la requête de traitement de ressources véhiculant une adresse d'un second serveur de site et un numéro de compte d'un utilisateur demandé du second serveur de site; génération d'une requête d'octroi de ressources conformément à la requête de traitement de ressources, et envoi de la requête d'octroi de ressources au second serveur de site; et lorsque l'utilisateur demandé autorise un octroi, réception d'une réponse d'octroi de ressources envoyée par le second serveur de site, et réalisation d'un traitement de ressources conformément à la réponse d'octroi de ressources. En conséquence, la présente invention met en œuvre un traitement de ressources entre différents serveurs de site, et peut être largement appliquée à un partage de ressources telles qu'un disque réseau inter-site, un micro-blogue, un contact de site de réseautage social (SNS), une conférence et un agenda.
PCT/CN2014/077963 2013-06-21 2014-05-21 Procédé de traitement de ressources et serveur de site WO2014201931A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310250202.7 2013-06-21
CN201310250202.7A CN103327100B (zh) 2013-06-21 2013-06-21 资源处理方法和站点服务器

Publications (1)

Publication Number Publication Date
WO2014201931A1 true WO2014201931A1 (fr) 2014-12-24

Family

ID=49195621

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/077963 WO2014201931A1 (fr) 2013-06-21 2014-05-21 Procédé de traitement de ressources et serveur de site

Country Status (2)

Country Link
CN (1) CN103327100B (fr)
WO (1) WO2014201931A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017036146A1 (fr) * 2015-08-31 2017-03-09 索尼公司 Procédé pour autoriser un accès et appareil utilisant le procédé
US20210365579A1 (en) * 2016-09-13 2021-11-25 Salesforce.Com, Inc. Providing web application components within remote systems

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103475743B (zh) * 2013-09-30 2018-01-23 广州博冠信息科技有限公司 一种用于云服务的方法、装置及系统
CN104580117B (zh) * 2013-10-28 2018-07-27 深圳市腾讯计算机系统有限公司 身份验证方法、装置及系统
US9525705B2 (en) * 2013-11-15 2016-12-20 Oracle International Corporation System and method for managing tokens authorizing on-device operations
CN104794606A (zh) * 2014-01-20 2015-07-22 琉璃奥图码科技股份有限公司 事件提示系统、事件提示方法以及情境播放单元
CN104954330B (zh) * 2014-03-27 2018-03-16 华为软件技术有限公司 一种对数据资源进行访问的方法、装置和系统
CN104092778A (zh) * 2014-07-28 2014-10-08 北京联时空网络通信设备有限公司 web服务的数据处理方法和装置
CN104125290A (zh) * 2014-08-05 2014-10-29 奥盈琦信信息技术(上海)有限公司 实现个人大数据收集、管理和授权的系统及方法
CN106534280B (zh) * 2016-10-25 2019-12-03 Oppo广东移动通信有限公司 数据分享方法及装置
CN106506521B (zh) 2016-11-28 2020-08-07 腾讯科技(深圳)有限公司 资源访问控制方法和装置
CN108616762B (zh) * 2016-12-12 2019-11-19 视联动力信息技术股份有限公司 一种视联网服务器的共享方法及视联网服务器
CN108494821B (zh) * 2018-02-12 2019-06-11 刘志鹏 网盘集成打开影像的方法
CN109033774B (zh) * 2018-08-31 2020-08-07 阿里巴巴集团控股有限公司 获取、反馈用户资源的方法、装置及电子设备
CN109981685A (zh) * 2019-04-15 2019-07-05 苏州麦迪斯顿医疗科技股份有限公司 数据传输系统和方法
CN111510455B (zh) * 2020-04-16 2022-06-10 神州数码融信软件有限公司 一种请求报文认证及数据传输方法

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102457507A (zh) * 2010-10-29 2012-05-16 中兴通讯股份有限公司 云计算资源安全共享方法、装置及系统
CN102664933A (zh) * 2012-04-06 2012-09-12 中国联合网络通信集团有限公司 用户授权方法、应用终端、开放平台和系统

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7668939B2 (en) * 2003-12-19 2010-02-23 Microsoft Corporation Routing of resource information in a network
CN102195957B (zh) * 2010-03-19 2014-03-05 华为技术有限公司 一种资源共享方法、装置及系统
US8931034B2 (en) * 2010-06-25 2015-01-06 Telefonaktiebolaget L M Ericsson (Publ) System, method, and policy engine for granting temporary access to electronic content

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102457507A (zh) * 2010-10-29 2012-05-16 中兴通讯股份有限公司 云计算资源安全共享方法、装置及系统
CN102664933A (zh) * 2012-04-06 2012-09-12 中国联合网络通信集团有限公司 用户授权方法、应用终端、开放平台和系统

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017036146A1 (fr) * 2015-08-31 2017-03-09 索尼公司 Procédé pour autoriser un accès et appareil utilisant le procédé
US11134069B2 (en) 2015-08-31 2021-09-28 Sony Corporation Method for authorizing access and apparatus using the method
US20210365579A1 (en) * 2016-09-13 2021-11-25 Salesforce.Com, Inc. Providing web application components within remote systems

Also Published As

Publication number Publication date
CN103327100A (zh) 2013-09-25
CN103327100B (zh) 2017-04-19

Similar Documents

Publication Publication Date Title
WO2014201931A1 (fr) Procédé de traitement de ressources et serveur de site
US11218460B2 (en) Secure authentication for accessing remote resources
US10136315B2 (en) Password-less authentication system, method and device
US9866556B2 (en) Common internet file system proxy authentication of multiple servers
CN113347206B (zh) 一种网络访问方法和装置
US9923906B2 (en) System, method and computer program product for access authentication
CN104954330B (zh) 一种对数据资源进行访问的方法、装置和系统
US9584615B2 (en) Redirecting access requests to an authorized server system for a cloud service
US20110225637A1 (en) Authentication and authorization of user and access to network resources using openid
US11658963B2 (en) Cooperative communication validation
WO2015196908A1 (fr) Procédé, terminal, serveur et système de traitement de service
JP2015529905A (ja) 認可方法、装置、及びシステム
EP2518972A1 (fr) Système et procédé d'adressage de dispositif
CN112612985A (zh) 基于WebSocket的多用户和多类型消息的推送系统及方法
US11611551B2 (en) Authenticate a first device based on a push message to a second device
US11849053B2 (en) Automation of user identity using network protocol providing secure granting or revocation of secured access rights
WO2015184410A1 (fr) Réseau vidéo domanial de confiance
WO2008071109A1 (fr) Procédé et système de réalisation de gestion de compte de courrier tiers
JP2017523508A (ja) セキュアな統合型クラウドストレージ
KR101824562B1 (ko) 인증 게이트웨이 및 인증 게이트웨이의 인증 방법
WO2012097728A1 (fr) Procédé et dispositif permettant à un serveur mandataire d'accéder à une plate-forme ouverte
WO2017185934A1 (fr) Dispositif de gestion et procédé de gestion d'un dispositif
US9742776B2 (en) Contact identification validation via social invitation
KR101642665B1 (ko) 다이렉트 전자 메일
WO2015021842A1 (fr) Procédé et appareil d'accès à une application ott et procédé et appareil de poussée de message par serveur

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14814279

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14814279

Country of ref document: EP

Kind code of ref document: A1