WO2015067163A1 - Method, server and system for controling authority - Google Patents
Method, server and system for controling authority Download PDFInfo
- Publication number
- WO2015067163A1 WO2015067163A1 PCT/CN2014/090216 CN2014090216W WO2015067163A1 WO 2015067163 A1 WO2015067163 A1 WO 2015067163A1 CN 2014090216 W CN2014090216 W CN 2014090216W WO 2015067163 A1 WO2015067163 A1 WO 2015067163A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- service
- request
- authentication
- service operation
- operation request
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Definitions
- the present disclosure relates to communication technologies, more particularly to a method, server and system for controlling an authority.
- An authority refers to the scope of functional power, i.e., limitation on behavior. It includes the scope and degree of making a decision on issues by a worker in order to assure the efficient operation on the obligation.
- an operation type and an operator type are binded, i.e., the relationship between the operation type and the operator type is stored.
- a service processing processor server determines an operation type and an operator type at first, and then determines whether the operation type has a corresponding authority; if yes, performs the operation; otherwise, rejects the operation.
- a super group management there are managers with various authorities in a group. Each manager has different authorities according to its type.
- the super group owner may distribute part of authorities to the managers, which relates to distribution of sensitive authorities.
- the group owner may have all authorities, i.e., the maximum number of authorities.
- the managers with distributed authorities may have more authorities than the group members.
- Examples of the present disclosure provide a method, server and system for controlling an authority. According to the present disclosure, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
- a method for controlling an authority comprising:
- a method for controlling an authority comprising:
- an authority verification server receiving, by an authority verification server, an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type;
- a method for controlling an authority comprising:
- a server comprising:
- a service request receiving module configured to receive a service operation request
- a type determining module configured to determine an operation type of the service operation request received in the service request receiving unit
- an authentication request transmitting module configured to when determining that the operation type belongs to a pre-determined operation type, transmit an authentication request to an authority verification server to make the authority verification server authenticate the sender of the service operation request;
- an indication receiving module configured to receive an indication of executing the service operation request
- a service executing module configured to when the indication of executing the service operation request is received in the indication receiving module, execute the service operation corresponding to the service operation request.
- a server comprising:
- an authentication request receiving module configured to receive an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type;
- an authentication module configured to after receiving the authentication request from the service processing server, authenticate a sender of the service operation request
- an indication transmitting module configured to when determining that the authenticating is passed, transmit an indication of executing the service operation request to the service processing server.
- a server comprising:
- a request receiving module configured to receive an authentication request, and receive authentication information returned by the sender of the service operation request
- a type determining module configured to determine an operation type of the service operation request received in the request receiving module
- an notification transmitting module configured to when determining the operation type belongs to a pre-determined operation type, transmit an authentication notification to the sender of the service operation request;
- an authentication module configured to when the authentication information is matched with the operation type, determine that the authenticating is passed;
- a service executing module configured to when determining the authenticating is passed in the authentication module, execute a service operation corresponding to the service operation request.
- a server comprises a memory, and one or more programs stored in the memory and configured for execution by the one or more processors, the one or more programs including instructions to:
- a server comprises a memory, and one or more programs stored in the memory and configured for execution by the one or more processors, the one or more programs including instructions to:
- the authentication request is transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type;
- a server comprises a memory, and one or more programs stored in the memory and configured for execution by the one or more processors, the one or more programs including instructions to:
- FIG. 1 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure.
- FIG. 2 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure.
- FIG. 3 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure.
- FIG. 4 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure.
- FIG. 5 is a schematic diagram illustrating a structure of a plug-in window according to an example of the present disclosure.
- FIG. 6 is a schematic diagram illustrating a structure of a service processing server according to an example of the present disclosure.
- FIG. 7 is a schematic diagram illustrating a structure of an authority verification server according to an example of the present disclosure.
- FIG. 8 is a schematic diagram illustrating a structure of an authority verification server according to an example of the present disclosure.
- FIG. 9 is a schematic diagram illustrating a structure of a server according to an example of the present disclosure.
- FIG. 10 is a schematic diagram illustrating a structure of a service processing server according to an example of the present disclosure.
- FIG. 11 is a schematic diagram illustrating a structure of an authority verification server according to an example of the present disclosure.
- FIG. 12 is a schematic diagram illustrating a structure of a server according to an example of the present disclosure.
- FIG. 13 is a schematic diagram illustrating a structure of a system according to an example of the present disclosure.
- control of all the operations are performed by a service processing server, and the authority control is performed according to the operator type. Because the service and the operator type (i.e., authority) are binded together, it is not good for customizing the second-level authority configuration, and not good for service updating and application.
- FIG. 1 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure. As shown in FIG. 1, the method may include the following procedures.
- a service processing server receives a service operation request, and determines an operation type of the service operation request.
- a service operation request is a request for executing a specific service operation.
- the requested service operation may have an attribute of operation type.
- the specific operation type may be set by a user.
- operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc.
- Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc.
- Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc.
- the specific operation request may have different sets of service operations.
- the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure.
- the operation types may be divided as a sensitive operation or a non-sensitive operation.
- the sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
- the service processing server when determining the operation type belongs to a pre-determined operation type, transmits an authentication request to an authority verification server to make the authority verification server authenticate the sender of the service operation request.
- the pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure.
- Authentication may be performed by the authority verification server, or by the service processing server. In the following examples, technical solutions of authentication by the service processing server will be described. If using the authority verification server to authenticate, the attribute of operation type is carried in the authentication request. In particular, when the operation type is carried in the authentication request, the authority verification server authenticating the sender of the service operation request includes: the authority verification server authenticating the sender of the service operation request according to the authentication corresponding to the operation type.
- Block 103 when receiving an indication of executing the service operation request, the service processing server executes the service operation corresponding to the service operation request.
- the indication of executing the service operation request may be given by a command or informed by information.
- the command indicates executing the service operation corresponding to the service operation request, or, by informing the authentication result of the service operation request is passing the authentication, the service processing server knows to execute the service operation corresponding to the service operation request.
- the specific indicating ways do not impact the implementation of examples in the present disclosure, which are not defined in detail in the present disclosure.
- the server determines that the operation type of the service operation request belongs to a pre-determined operation type
- an operation of a secondary authentication is initiated.
- the service operation is executed.
- it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
- FIG. 2 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure. As shown in FIG. 2, the method may include the following procedures.
- an authority verification server receives an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type.
- a service operation request is a request for executing a specific service operation.
- the requested service operation may have an attribute of operation type.
- the specific operation type may be set by a user.
- operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc.
- Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc.
- Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc.
- the specific operation request may have different sets of service operations.
- the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure.
- the operation types may be divided as a sensitive operation or a non-sensitive operation.
- the sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
- the authority verification server authenticates the sender of the service operation request.
- the pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure.
- Authentication may be performed by the authority verification server, or by the service processing server. In the following examples, technical solutions of authentication by the service processing server will be described. If using the authority verification server to authenticate, the attribute of operation type is carried in the authentication request.
- authenticating the sender of the service operation request includes: transmitting an authentication notification to the sender of the service operation request, receiving authentication information returned by the sender of the service operation request, if the authentication information is matched with the operation type corresponding to the authentication request, determining the authenticating is passed.
- a certain time effectiveness may be configured to perform authority control for the operator of the service request.
- it further includes: determining whether the sender of the service request passing the previous authentication is within a predetermined duration; if yes, determining the authenticating is passed.
- the authority verification server transmits an indication of executing the service operation request to the service processing server.
- the indication of executing the service operation request may be given by a command or informed by information.
- the command indicates executing the service operation corresponding to the service operation request, or, by informing the authentication result of the service operation request is passing the authentication, the service processing server knows to execute the service operation corresponding to the service operation request.
- the specific indicating ways do not impact the implementation of examples in the present disclosure, which are not defined in detail in the present disclosure.
- the server determines that the operation type of the service operation request belongs to a pre-determined operation type
- an operation of a secondary authentication is initiated.
- the service operation is executed.
- it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
- FIG. 3 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure. As shown in FIG. 3, the method may include the following procedures.
- Block 301 receive an authentication request, and determine an operation type of the service operation request.
- a service operation request is a request for executing a specific service operation.
- the requested service operation may have an attribute of operation type.
- the specific operation type may be set by a user.
- operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc.
- Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc.
- Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc.
- the specific operation request may have different sets of service operations.
- the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure.
- the operation types may be divided as a sensitive operation or a non-sensitive operation.
- the sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
- Block 302 when determining the operation type belongs to a pre-determined operation type, transmit an authentication notification to the sender of the service operation request, and receive authentication information returned by the sender of the service operation request.
- the pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure.
- a certain time effectiveness may be configured to perform authority control for the operator of the service request.
- it further includes: determining whether the sender of the service request passing the previous authentication is within a predetermined duration; if yes, determining the authenticating is passed.
- Block 303 when the authentication information is matched with the operation type, determining the authenticating is passed, and executing the service operation corresponding to the service operation request.
- the server determines that the operation type of the service operation request belongs to a pre-determined operation type
- an operation of a secondary authentication is initiated.
- the service operation is executed.
- it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
- FIG. 3 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure. As shown in FIG. 3, the method may include the following procedures.
- FIG. 4 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure. As shown in FIG. 4, the method may include the following procedures.
- a client sends a service operation request for requesting a service operation to a service processing server.
- the service processing server performs a judgment for sensitive authority, and determines whether the service operation belongs to a sensitive service operation.
- Block 403 if yes in Block 402, i.e., when determining that the service operation belongs to a sensitive service operation, the service processing server transmits an authentication request to an authority verification server to request for authentication of sensitive authority.
- the service processing server may transmit information of sensitive operation to the authority verification server to request authentication of sensitive authority. Ways to transmitting information by the service processing server are not defined in the present disclosure.
- Block 404 the authority verification server verifies whether the authentication for the user is within an effective duration; if yes, perform Block 405; otherwise, perform Block 408.
- the effective duration may be configured according to specific services, which is not defined in the present disclosure.
- the authority verification server transmits a verification command to notify the user for the secondary authentication.
- the client prompts the user for authority authentication, and after the user inputs the authentication information, sends to the authority verification server a request for the secondary authentication for the user, in which the authentication information is carried.
- a room management password authentication interface as shown FIG. 5 is present in the manger interface. Only when the manger inputs a correct room management password, the sensitive operation is allowed to execute. In order to avoid frequent reminders of inputting password for authentication when the manger performs the sensitive operation, it does not need to input the password again for sensitive operation within a duration after the authority authentication is successful.
- FIG. 5 the following are shown: 1, item: “Password Authentication” ; 2, operation reminder: “please input manger password” ; 3, input box, and close (i.e., shown as X), “OK” and “Cancel” .
- the specific interface may be modified and extended based on demands, which is not defined in the present disclosure.
- the authority verification server performs authentication verification; if it is passed, perform 408; otherwise, notify the service processing server that the authentication is not passed.
- the authority verification server transmits a command to the service processing server, and notifies the service processing server for service execution.
- Block 404 if it is assured that within the effective duration, it can be determined that the authenticating is passed, the Block 405 and Block 406 cannot be performed, and the Block 409 can also not be performed.
- FIG. 6 is a schematic diagram illustrating a structure of a service processing server according to an example of the present disclosure. As shown in FIG. 6, the service processing server includes:
- a service request receiving module 601, configured to receive a service operation request
- a type determining module 602 configured to determine an operation type of the service operation request received in the service request receiving unit 601;
- an authentication request transmitting module 603, configured to when determining the operation type belongs to a pre-determined operation type, transmit an authentication request to an authority verification server to make the authority verification server authenticate the sender of the service operation request;
- a service executing module 605 configured to when the indication of executing the service operation request is received in the indication receiving module 604, execute the service operation corresponding to the service operation request.
- a service operation request is a request for executing a specific service operation.
- the requested service operation may have an attribute of operation type.
- the specific operation type may be set by a user.
- operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc.
- Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc.
- Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc.
- the specific operation request may have different sets of service operations.
- the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure.
- the operation types may be divided as a sensitive operation or a non-sensitive operation.
- the sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
- the indication of executing the service operation request may be given by a command or informed by information.
- the command indicates executing the service operation corresponding to the service operation request, or, by informing the authentication result of the service operation request is passing the authentication, the service processing server knows to execute the service operation corresponding to the service operation request.
- the specific indicating ways do not impact the implementation of examples in the present disclosure, which are not defined in detail in the present disclosure.
- the server determines that the operation type of the service operation request belongs to a pre-determined operation type
- an operation of a secondary authentication is initiated.
- the service operation is executed.
- it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
- the pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure.
- Authentication may be performed by the authority verification server, or by the service processing server. In the following examples, technical solutions of authentication by the service processing server will be described. If using the authority verification server to authenticate, the attribute of operation type is carried in the authentication request.
- the authentication request transmitting module 603 is configured to transmit an authentication request, in which the operation type is carried, to make the authority verification server authenticate the sender of the service operation request according to the authentication corresponding to the operation type.
- FIG. 7 is a schematic diagram illustrating a structure of an authority verification server according to an example of the present disclosure. As shown in FIG. 7, the authority verification server includes:
- an authentication request receiving module 701 configured to receive an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type;
- an authentication module 702 configured to after receiving the authentication request from the service processing server, authenticate the sender of the service operation request
- an indication transmitting module 703 configured to when determining the authenticating is passed, transmit an indication of executing the service operation request to the service processing server.
- a service operation request is a request for executing a specific service operation.
- the requested service operation may have an attribute of operation type.
- the specific operation type may be set by a user.
- operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc.
- Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc.
- Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc.
- the specific operation request may have different sets of service operations.
- the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure.
- the operation types may be divided as a sensitive operation or a non-sensitive operation.
- the sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
- the indication of executing the service operation request may be given by a command or informed by information.
- the command indicates executing the service operation corresponding to the service operation request, or, by informing the authentication result of the service operation request is passing the authentication, the service processing server knows to execute the service operation corresponding to the service operation request.
- the specific indicating ways do not impact the implementation of examples in the present disclosure, which are not defined in detail in the present disclosure.
- the server determines that the operation type of the service operation request belongs to a pre-determined operation type
- an operation of a secondary authentication is initiated.
- the service operation is executed.
- it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
- the pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure.
- Authentication may be performed by the authority verification server, or by the service processing server. In the following examples, technical solutions of authentication by the service processing server will be described. If using the authority verification server to authenticate, the attribute of operation type is carried in the authentication request.
- the authentication module 702 includes:
- an authentication notification transmitting module 801, configured to when the authentication request received in the authentication request receiving module 701 includes the operation type, transmit an authentication notification to the sender of the service operation request;
- an authentication sub-module 802 configured to determine whether the authentication information returned by the sender of the service operation request is matched with the operation type of the authentication request; if yes, determine that the authenticating is passed.
- a certain time effectiveness may be configured to perform authority control for the operator of the service request.
- the authentication module 702 is further configured to before authenticating the sender of the service operation request, determine whether the sender of the service request passing the previous authentication is within a predetermined duration; if yes, determine the authenticating is passed.
- FIG. 9 is a schematic diagram illustrating a structure of a server according to an example of the present disclosure. As shown in FIG. 9, the server includes:
- a request receiving module 901 configured to receive an authentication request, and receive the authentication information returned by the sender of the service operation request;
- a type determining module 902 configured to determine an operation type of the service operation request received in the request receiving module 901;
- an notification transmitting module 903 configured to when determining the operation type belongs to a pre-determined operation type, transmit an authentication notification to the sender of the service operation request;
- an authentication module 904 configured to when the authentication information is matched with the operation type, determine that the authenticating is passed;
- a service executing module 905 configured to when determining the authenticating is passed in the authentication module 904, execute the service operation corresponding to the service operation request.
- a service operation request is a request for executing a specific service operation.
- the requested service operation may have an attribute of operation type.
- the specific operation type may be set by a user.
- operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc.
- Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc.
- Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc.
- the specific operation request may have different sets of service operations.
- the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure.
- the operation types may be divided as a sensitive operation or a non-sensitive operation.
- the sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
- the server determines that the operation type of the service operation request belongs to a pre-determined operation type
- an operation of a secondary authentication is initiated.
- the service operation is executed.
- it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
- the pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure.
- a certain time effectiveness may be configured to perform authority control for the operator of the service request.
- the authentication module 904 is further configured to before transmitting an authentication notification to the sender of the service operation request in the notification transmitting module 903, determine whether the sender of the service request passing the previous authentication is within a predetermined duration; if yes, determine the authenticating is passed.
- FIG. 10 is a schematic diagram illustrating a structure of a service processing server according to an example of the present disclosure.
- the service processing server includes a receiver 1001, a transmitter 1002, a processor 1003 and a memory 1004.
- the processor 1003 is configured to receive a service operation request, and determine an operation type of the service operation request; when determining the operation type belongs to a pre-determined operation type, transmit an authentication request to an authority verification server to make the authority verification server authenticate the sender of the service operation request; when receiving an indication of executing the service operation request, execute the service operation corresponding to the service operation request.
- a service operation request is a request for executing a specific service operation.
- the requested service operation may have an attribute of operation type.
- the specific operation type may be set by a user.
- operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc.
- Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc.
- Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc.
- the specific operation request may have different sets of service operations.
- the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure.
- the operation types may be divided as a sensitive operation or a non-sensitive operation.
- the sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
- the indication of executing the service operation request may be given by a command or informed by information.
- the command indicates executing the service operation corresponding to the service operation request, or, by informing the authentication result of the service operation request is passing the authentication, the service processing server knows to execute the service operation corresponding to the service operation request.
- the specific indicating ways do not impact the implementation of examples in the present disclosure, which are not defined in detail in the present disclosure.
- the server determines that the operation type of the service operation request belongs to a pre-determined operation type
- an operation of a secondary authentication is initiated.
- the service operation is executed.
- it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
- the pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure.
- Authentication may be performed by the authority verification server, or by the service processing server. In the following examples, technical solutions of authentication by the service processing server will be described. If using the authority verification server to authenticate, the attribute of operation type is carried in the authentication request.
- the processor 1003 is configured to when the operation type is carried in the authentication request, make the authority verification server authenticate the sender of the service operation request according to the authentication corresponding to the operation type.
- FIG. 11 is a schematic diagram illustrating a structure of an authority verification server according to an example of the present disclosure.
- the authority verification server includes a receiver 1101, a transmitter 1102, a processor 1103 and a memory 1104.
- the processor 1103 is configured to receive an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determine an operation type of the service operation request belongs to a pre-determined operation type; after the authority verification server receives the authentication request from the service processing server, authenticate the sender of the service operation request; when the authority verification server determines the authenticating is passed, transmit an indication of executing the service operation request to the service processing server.
- a service operation request is a request for executing a specific service operation.
- the requested service operation may have an attribute of operation type.
- the specific operation type may be set by a user.
- operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc.
- Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc.
- Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc.
- the specific operation request may have different sets of service operations.
- the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure.
- the operation types may be divided as a sensitive operation or a non-sensitive operation.
- the sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
- the indication of executing the service operation request may be given by a command or informed by information.
- the command indicates executing the service operation corresponding to the service operation request, or, by informing the authentication result of the service operation request is passing the authentication, the service processing server knows to execute the service operation corresponding to the service operation request.
- the specific indicating ways do not impact the implementation of examples in the present disclosure, which are not defined in detail in the present disclosure.
- the server determines that the operation type of the service operation request belongs to a pre-determined operation type
- an operation of a secondary authentication is initiated.
- the service operation is executed.
- it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
- the pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure.
- Authentication may be performed by the authority verification server, or by the service processing server. In the following examples, technical solutions of authentication by the service processing server will be described. If using the authority verification server to authenticate, the attribute of operation type is carried in the authentication request.
- the processor 1103 is configured to when the authentication request includes the operation type, transmit an authentication notification to the sender of the service operation request, receive authentication information returned by the sender of the service operation request; when the authentication information returned by the sender of the service operation request is matched with the operation type of the authentication request, determine that the authenticating is passed.
- a certain time effectiveness may be configured to perform authority control for the operator of the service request.
- the processor 1103 is further configured to before authenticating the sender of the service operation request, determine whether the sender of the service request passing the previous authentication is within a predetermined duration; if yes, determine the authenticating is passed.
- FIG. 12 is a schematic diagram illustrating a structure of a server according to an example of the present disclosure. As shown in FIG. 12, the server includes a receiver 1201, a transmitter 1202, a processor 1203 and a memory 1204.
- the processor 1203 is configured to receive an authentication request, and determine an operation type of the service operation request; when determining the operation type belongs to a pre-determined operation type, transmit an authentication notification to the sender of the service operation request, and receive authentication information returned by the sender of the service operation request; when the authentication information is matched with the operation type, determine that the authenticating is passed, and execute the service operation corresponding to the service operation request.
- a service operation request is a request for executing a specific service operation.
- the requested service operation may have an attribute of operation type.
- the specific operation type may be set by a user.
- operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc.
- Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc.
- Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc.
- the specific operation request may have different sets of service operations.
- the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure.
- the operation types may be divided as a sensitive operation or a non-sensitive operation.
- the sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
- the server determines that the operation type of the service operation request belongs to a pre-determined operation type
- an operation of a secondary authentication is initiated.
- the service operation is executed.
- it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
- the pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure.
- a certain time effectiveness may be configured to perform authority control for the operator of the service request.
- the processor 1203 is further configured to before transmitting an authentication notification to the sender of the service operation request, determine whether the sender of the service request passing the previous authentication is within a predetermined duration; if yes, determine the authenticating is passed.
- FIG. 13 is a schematic diagram illustrating a structure of a system according to an example of the present disclosure. As shown in FIG. 13, the system includes a service processing server 1301 and an authority verification server 1302.
- the service processing server 1301 is the service processing server according to any one of examples provided in the present disclosure.
- the authority verification server 1302 is the authority verification server according to any one of examples provided in the present disclosure.
- the server determines that the operation type of the service operation request belongs to a pre-determined operation type.
- an operation of a secondary authentication is initiated.
- the service operation is executed.
- the operator type and the service corresponding to the service operation it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
- the modules are divided according to functions, but not limited to this kind of division, as long as the corresponding functions can be achieved.
- the specific names of the modules are just used for differentiation, but not used for limiting the protection scope of the present disclosure.
- the corresponding programs can be stored in a computer-readable storage medium.
- the storage medium may be a Read Only Memory (ROM) , a magnetic disk, or a compact disk.
Abstract
Examples of the present disclosure provide a method, server and system. The method includes: receiving, by a service processing server, a service operation request, and determining an operation type of the service operation request; when determining the operation type belongs to a pre-determined operation type, transmitting, by the service processing server, an authentication request to an authority verification server to make the authority verification server authenticate a sender of the service operation request; and when receiving an indication of executing the service operation request, executing, by the service processing server, a service operation corresponding to the service operation request. When the server determines that the operation type of the service operation request belongs to a pre-determined operation type, an operation of a secondary authentication is initiated. After determining the authenticating is passed, the service operation is executed. According to the present disclosure, by separating the operator type and the service corresponding to the service operation, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
Description
PRIORITY STATEMENT
This application claims the benefit of Chinese Patent Application No. 201310542555.4, filed on November 5, 2013, the disclosure of which is incorporated herein in its entirety by reference.
The present disclosure relates to communication technologies, more particularly to a method, server and system for controlling an authority.
An authority refers to the scope of functional power, i.e., limitation on behavior. It includes the scope and degree of making a decision on issues by a worker in order to assure the efficient operation on the obligation.
In the field of communication technologies, it often needs to verify the authority of the users. In a general method, an operation type and an operator type are binded, i.e., the relationship between the operation type and the operator type is stored. In particular, after receiving an operation request, a service processing processor server determines an operation type and an operator type at first, and then determines whether the operation type has a corresponding authority; if yes, performs the operation; otherwise, rejects the operation.
For example, in an application of a super group management, there are managers with various authorities in a group. Each manager has different authorities according to its type. When managing the group, the super group owner may distribute part of authorities to the managers, which relates to distribution of sensitive authorities.
Generally, the group owner may have all authorities, i.e., the maximum number of authorities. The managers with distributed authorities may have more authorities than the group members.
SUMMARY
Examples of the present disclosure provide a method, server and system for controlling an authority. According to the present disclosure, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
A method for controlling an authority, comprising:
receiving, by a service processing server, a service operation request, and determining an operation type of the service operation request;
when determining the operation type belongs to a pre-determined operation type, transmitting, by the service processing server, an authentication request to an authority verification server to make the authority verification server authenticate a sender of the service operation request; and
when receiving an indication of executing the service operation request, executing, by the service processing server, a service operation corresponding to the service operation request.
A method for controlling an authority, comprising:
receiving, by an authority verification server, an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type;
after receiving the authentication request from the service processing server, authenticating, by the authority verification server, a sender of the service operation request; and
when determining that the authenticating is passed, transmitting, by the authority verification server, an indication of executing the service operation request to the service processing server.
A method for controlling an authority, comprising:
receiving a service operation request, and determining an operation type of the service operation request;
when determining the operation type belongs to a pre-determined operation type, transmitting an authentication notification to a sender of the service operation request, and receiving authentication information returned by the sender of the service operation request; and
when the authentication information is matched with the operation type, determining that the authenticating is passed, and executing a service operation corresponding to the service operation request.
A server, comprising:
a service request receiving module, configured to receive a service operation request;
a type determining module, configured to determine an operation type of the service operation request received in the service request receiving unit;
an authentication request transmitting module, configured to when determining that the operation type belongs to a pre-determined operation type, transmit an authentication request to an authority verification server to make the authority verification server authenticate the sender of the service operation request;
an indication receiving module, configured to receive an indication of executing the service operation request; and
a service executing module, configured to when the indication of executing the service operation request is received in the indication receiving module, execute the service operation corresponding to the service operation request.
A server, comprising:
an authentication request receiving module, configured to receive an authentication request from a service processing server; wherein the authentication request is
transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type;
an authentication module, configured to after receiving the authentication request from the service processing server, authenticate a sender of the service operation request;
an indication transmitting module, configured to when determining that the authenticating is passed, transmit an indication of executing the service operation request to the service processing server.
A server, comprising:
a request receiving module, configured to receive an authentication request, and receive authentication information returned by the sender of the service operation request;
a type determining module, configured to determine an operation type of the service operation request received in the request receiving module;
an notification transmitting module, configured to when determining the operation type belongs to a pre-determined operation type, transmit an authentication notification to the sender of the service operation request;
an authentication module, configured to when the authentication information is matched with the operation type, determine that the authenticating is passed; and
a service executing module, configured to when determining the authenticating is passed in the authentication module, execute a service operation corresponding to the service operation request.
A server, comprises a memory, and one or more programs stored in the memory and configured for execution by the one or more processors, the one or more programs including instructions to:
receive a service operation request, and determine an operation type of the service operation request;
when determining the operation type belongs to a pre-determined operation type, transmit an authentication request to an authority verification server to make the authority verification server authenticate a sender of the service operation request; and
when receiving an indication of executing the service operation request, execute a service operation corresponding to the service operation request.
A server, comprises a memory, and one or more programs stored in the memory and configured for execution by the one or more processors, the one or more programs including instructions to:
receive an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type;
after receiving the authentication request from the service processing server, authenticate a sender of the service operation request; and
when determining that the authenticating is passed, transmit an indication of executing the service operation request to the service processing server.
A server, comprises a memory, and one or more programs stored in the memory and configured for execution by the one or more processors, the one or more programs including instructions to:
receive a service operation request, and determine an operation type of the service operation request;
when determining the operation type belongs to a pre-determined operation type, transmit an authentication notification to a sender of the service operation request, and receive authentication information returned by the sender of the service operation request; and
when the authentication information is matched with the operation type, determine that the authenticating is passed, and execute a service operation corresponding to the service operation request.
For a better understanding of the present disclosure, accompanying drawings to be used in description of the examples will be simply introduced hereinafter. Obviously, the accompanying drawings to be described hereinafter are only some examples of the present disclosure. Those skilled in the art may obtain other drawings according to these accompanying drawings without creative labor.
FIG. 1 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure.
FIG. 2 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure.
FIG. 3 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure.
FIG. 4 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure.
FIG. 5 is a schematic diagram illustrating a structure of a plug-in window according to an example of the present disclosure.
FIG. 6 is a schematic diagram illustrating a structure of a service processing server according to an example of the present disclosure.
FIG. 7 is a schematic diagram illustrating a structure of an authority verification server according to an example of the present disclosure.
FIG. 8 is a schematic diagram illustrating a structure of an authority verification server according to an example of the present disclosure.
FIG. 9 is a schematic diagram illustrating a structure of a server according to an example of the present disclosure.
FIG. 10 is a schematic diagram illustrating a structure of a service processing server according to an example of the present disclosure.
FIG. 11 is a schematic diagram illustrating a structure of an authority verification server according to an example of the present disclosure.
FIG. 12 is a schematic diagram illustrating a structure of a server according to an example of the present disclosure.
FIG. 13 is a schematic diagram illustrating a structure of a system according to an example of the present disclosure.
In the method of controlling the authority, control of all the operations are performed by a service processing server, and the authority control is performed according to the operator type. Because the service and the operator type (i.e., authority) are binded together, it is not good for customizing the second-level authority configuration, and not good for service updating and application.
In order to make the object, technical solution, and merits of the present disclosure clearer, the present disclosure will be illustrated in detail hereinafter with reference to the accompanying drawings and specific examples. Obviously, the examples to be described hereinafter are only a part of examples in the present disclosure, but not all the examples. According to these examples, those skilled in the art may obtain other examples without creative labor, which all belong to the scope protected by the present disclosure.
An example of the present disclosure provides a method for controlling an authority. The example is implemented at a service processing server side. FIG. 1 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure. As shown in FIG. 1, the method may include the following procedures.
In Block 101, a service processing server receives a service operation request, and determines an operation type of the service operation request.
A service operation request is a request for executing a specific service operation. The requested service operation may have an attribute of operation type. The specific operation type may be set by a user. For example, operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc. Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc. Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc. With respect to different services, the specific operation request may have different sets of service operations. In the set of service operations, there may be a sensitive problem for different service operations according to the corresponding operation object. For example, in the above-described examples, operations for other group members and operations of delivering some information might be sensitive, so that it needs to control. Hence, different service operations may have an attribute of operation type. Generally, the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure. As one example, the operation types may be divided as a sensitive operation or a non-sensitive operation. The sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
In Block 102, when determining the operation type belongs to a pre-determined operation type, the service processing server transmits an authentication request to an authority verification server to make the authority verification server authenticate the sender of the service operation request.
Because it needs to control the service operations of the user, it is necessary to pre-determine, in particular, which operation types need to be controlled and in which level of control. The pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure. There may be different ways of authentication for different operation types. For example, if the operation types are divided
into levels, only when the operation type belongs to a pre-determined level, the corresponding authentication is used, such as authentication only using an authentication code, authentication using a password. Authentication may be performed by the authority verification server, or by the service processing server. In the following examples, technical solutions of authentication by the service processing server will be described. If using the authority verification server to authenticate, the attribute of operation type is carried in the authentication request. In particular, when the operation type is carried in the authentication request, the authority verification server authenticating the sender of the service operation request includes: the authority verification server authenticating the sender of the service operation request according to the authentication corresponding to the operation type.
In Block 103, when receiving an indication of executing the service operation request, the service processing server executes the service operation corresponding to the service operation request.
The indication of executing the service operation request may be given by a command or informed by information. For example, the command indicates executing the service operation corresponding to the service operation request, or, by informing the authentication result of the service operation request is passing the authentication, the service processing server knows to execute the service operation corresponding to the service operation request. Hence, there are various ways to indicate executing the service operation corresponding to the service operation request. The specific indicating ways do not impact the implementation of examples in the present disclosure, which are not defined in detail in the present disclosure.
In the above-described example, when the server determines that the operation type of the service operation request belongs to a pre-determined operation type, an operation of a secondary authentication is initiated. After determining the authenticating is passed, the service operation is executed. In the example, by separating the operator type and the service corresponding to the service operation, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
Another example of the present disclosure provides a method for controlling an authority. The example is implemented at an authority verification server side. FIG. 2 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure. As shown in FIG. 2, the method may include the following procedures.
In Block 201, an authority verification server receives an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type.
A service operation request is a request for executing a specific service operation. The requested service operation may have an attribute of operation type. The specific operation type may be set by a user. For example, operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc. Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc. Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc. With respect to different services, the specific operation request may have different sets of service operations. In the set of service operations, there may be a sensitive problem for different service operations according to the corresponding operation object. For example, in the above-described examples, operations for other group members and operations of delivering some information might be sensitive, so that it needs to control. Hence, different service operations may have an attribute of operation type. Generally, the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure. As one example, the operation types may be divided as a sensitive operation or a non-sensitive operation. The sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
In Block 202, after receiving the authentication request from the service processing server, the authority verification server authenticates the sender of the service operation request.
Because it needs to control the service operations of the user, it is necessary to pre-determine, in particular, which operation types need to be controlled and in which level of control. The pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure. There may be different ways of authentication for different operation types. For example, if the operation types are divided into levels, only when the operation type belongs to a pre-determined level, the corresponding authentication is used, such as authentication only using an authentication code, authentication using a password. Authentication may be performed by the authority verification server, or by the service processing server. In the following examples, technical solutions of authentication by the service processing server will be described. If using the authority verification server to authenticate, the attribute of operation type is carried in the authentication request. In particular, when the operation type is carried in the authentication request, authenticating the sender of the service operation request includes: transmitting an authentication notification to the sender of the service operation request, receiving authentication information returned by the sender of the service operation request, if the authentication information is matched with the operation type corresponding to the authentication request, determining the authenticating is passed.
With respect to the sender of the operation request, if it is ever performed by executing a certain type of service operation, it is much possible to always have such authority. In order to avoid increased complexity of user operations caused by several authentications, and reduce the signaling overhead, in the examples of the present disclosure, a certain time effectiveness may be configured to perform authority control for the operator of the service request. Preferably, before authenticating the sender of the service operation request, it further includes: determining whether the sender of the service request passing the previous authentication is within a predetermined duration; if yes, determining the authenticating is passed.
In Block 203, when determining the authenticating is passed, the authority verification server transmits an indication of executing the service operation request to the service processing server.
The indication of executing the service operation request may be given by a command or informed by information. For example, the command indicates executing the
service operation corresponding to the service operation request, or, by informing the authentication result of the service operation request is passing the authentication, the service processing server knows to execute the service operation corresponding to the service operation request. Hence, there are various ways to indicate executing the service operation corresponding to the service operation request. The specific indicating ways do not impact the implementation of examples in the present disclosure, which are not defined in detail in the present disclosure.
In the above-described examples, when the server determines that the operation type of the service operation request belongs to a pre-determined operation type, an operation of a secondary authentication is initiated. After determining the authenticating is passed, the service operation is executed. In the example, by separating the operator type and the service corresponding to the service operation, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
Yet another example of the present disclosure provides a method for controlling an authority. This example is implemented at a server side. Compared with previous two examples, this example has a merit of intensification, while previous two examples may be better combined with the current server architecture. Those skilled in the art may select one of them based on the needs of practical applications. FIG. 3 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure. As shown in FIG. 3, the method may include the following procedures.
In Block 301, receive an authentication request, and determine an operation type of the service operation request.
A service operation request is a request for executing a specific service operation. The requested service operation may have an attribute of operation type. The specific operation type may be set by a user. For example, operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc. Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc. Operations for other group members
may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc. With respect to different services, the specific operation request may have different sets of service operations. In the set of service operations, there may be a sensitive problem for different service operations according to the corresponding operation object. For example, in the above-described examples, operations for other group members and operations of delivering some information might be sensitive, so that it needs to control. Hence, different service operations may have an attribute of operation type. Generally, the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure. As one example, the operation types may be divided as a sensitive operation or a non-sensitive operation. The sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
In Block 302, when determining the operation type belongs to a pre-determined operation type, transmit an authentication notification to the sender of the service operation request, and receive authentication information returned by the sender of the service operation request.
Because it needs to control the service operations of the user, it is necessary to pre-determine, in particular, which operation types need to be controlled and in which level of control. The pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure. There may be different ways of authentication for different operation types. For example, if the operation types are divided into levels, only when the operation type belongs to a pre-determined level, the corresponding authentication is used, such as authentication only using an authentication code, authentication using a password.
With respect to the sender of the operation request, if it is ever performed by executing a certain type of service operation, it is much possible to always have such authority. In order to avoid increased complexity of user operations caused by several authentications, and reduce the signaling overhead, in the examples of the present disclosure, a certain time effectiveness may be configured to perform authority control for the operator of the service request. Preferably, before authenticating the sender of the service operation
request, it further includes: determining whether the sender of the service request passing the previous authentication is within a predetermined duration; if yes, determining the authenticating is passed.
In Block 303, when the authentication information is matched with the operation type, determining the authenticating is passed, and executing the service operation corresponding to the service operation request.
In the above-described examples, when the server determines that the operation type of the service operation request belongs to a pre-determined operation type, an operation of a secondary authentication is initiated. After determining the authenticating is passed, the service operation is executed. In the example, by separating the operator type and the service corresponding to the service operation, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
Yet another example of the present disclosure provides a method for controlling an authority. The example is implemented in a server side. Compared with previous two examples, the example has a merit of intensification, while previous two examples may be better combined with the current server architecture. Those skilled in the art may select one of them based on the needs of practical applications. FIG. 3 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure. As shown in FIG. 3, the method may include the following procedures.
In the following example, the present disclosure will be illustrated in detail hereinafter with reference to the group management. In this example, the authority verification server is used for authentication operation. The example as described above in FIG. 3 is implemented at a server side, and has a merit of intensification, while the following example may be better combined with the current server architecture. Those skilled in the art may select one of them based on the needs of practical applications. Hence, the system architecture of the example cannot be understood as the unique architecture for applications of the present disclosure. In order to solve the problem of simple authority control and stealing of sensitive authorities, in the examples of the present disclosure, on the basis of using authority control of the user type, a strategy of second authority verification is added.
FIG. 4 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure. As shown in FIG. 4, the method may include the following procedures.
In Block 401, a client sends a service operation request for requesting a service operation to a service processing server.
In Block 402, the service processing server performs a judgment for sensitive authority, and determines whether the service operation belongs to a sensitive service operation.
In Block 403, if yes in Block 402, i.e., when determining that the service operation belongs to a sensitive service operation, the service processing server transmits an authentication request to an authority verification server to request for authentication of sensitive authority.
The service processing server may transmit information of sensitive operation to the authority verification server to request authentication of sensitive authority. Ways to transmitting information by the service processing server are not defined in the present disclosure.
In Block 404, the authority verification server verifies whether the authentication for the user is within an effective duration; if yes, perform Block 405; otherwise, perform Block 408.
The effective duration may be configured according to specific services, which is not defined in the present disclosure.
In Block 405, when verifying that the authentication for the user exceeds the effective duration, the authority verification server transmits a verification command to notify the user for the secondary authentication.
In Block 406, after receiving the verification command, the client prompts the user for authority authentication, and after the user inputs the authentication information, sends to the authority verification server a request for the secondary authentication for the user, in which the authentication information is carried.
When a common manager changes a room card, if a secondary authority authentication is configured for the room owner, a room management password authentication interface as shown FIG. 5 is present in the manger interface. Only when the manger inputs a correct room management password, the sensitive operation is allowed to execute. In order to avoid frequent reminders of inputting password for authentication when the manger performs the sensitive operation, it does not need to input the password again for sensitive operation within a duration after the authority authentication is successful.
In FIG. 5, the following are shown: 1, item: “Password Authentication” ; 2, operation reminder: “please input manger password” ; 3, input box, and close (i.e., shown as X), “OK” and “Cancel” . The specific interface may be modified and extended based on demands, which is not defined in the present disclosure.
In Block 407, the authority verification server performs authentication verification; if it is passed, perform 408; otherwise, notify the service processing server that the authentication is not passed.
In Block 408, the authority verification server transmits a command to the service processing server, and notifies the service processing server for service execution.
In Block 409, after finishing the service processing, the service processing server returns to the client the result of service operation.
In the above-described example, in Block 404, if it is assured that within the effective duration, it can be determined that the authenticating is passed, the Block 405 and Block 406 cannot be performed, and the Block 409 can also not be performed.
In the above example, a simple and reliable strategy of secondary authentication is used to authenticate the sensitive operation, and the plug-in authentication mechanism by popping up an authentication password window is considered. This example can support various services and improve user experience.
An example of the present disclosure also provides a service processing server. FIG. 6 is a schematic diagram illustrating a structure of a service processing server according
to an example of the present disclosure. As shown in FIG. 6, the service processing server includes:
a service request receiving module 601, configured to receive a service operation request;
a type determining module 602, configured to determine an operation type of the service operation request received in the service request receiving unit 601;
an authentication request transmitting module 603, configured to when determining the operation type belongs to a pre-determined operation type, transmit an authentication request to an authority verification server to make the authority verification server authenticate the sender of the service operation request;
an indication receiving module 604, configured to receive an indication of executing the service operation request;
a service executing module 605, configured to when the indication of executing the service operation request is received in the indication receiving module 604, execute the service operation corresponding to the service operation request.
In the example, a service operation request is a request for executing a specific service operation. The requested service operation may have an attribute of operation type. The specific operation type may be set by a user. For example, operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc. Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc. Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc. With respect to different services, the specific operation request may have different sets of service operations. In the set of service operations, there may be a sensitive problem for different service operations according to the corresponding operation object. For example, in the above-described examples, operations for other group members and operations of delivering some information might be sensitive, so that it needs to control. Hence, different
service operations may have an attribute of operation type. Generally, the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure. As one example, the operation types may be divided as a sensitive operation or a non-sensitive operation. The sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
The indication of executing the service operation request may be given by a command or informed by information. For example, the command indicates executing the service operation corresponding to the service operation request, or, by informing the authentication result of the service operation request is passing the authentication, the service processing server knows to execute the service operation corresponding to the service operation request. Hence, there are various ways to indicate executing the service operation corresponding to the service operation request. The specific indicating ways do not impact the implementation of examples in the present disclosure, which are not defined in detail in the present disclosure.
In the above-described examples, when the server determines that the operation type of the service operation request belongs to a pre-determined operation type, an operation of a secondary authentication is initiated. After determining the authenticating is passed, the service operation is executed. In the example, by separating the operator type and the service corresponding to the service operation, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
Because it needs to control the service operations of the user, it is necessary to pre-determine, in particular, which operation types need to be controlled and in which level of control. The pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure. There may be different ways of authentication for different operation types. For example, if the operation types are divided into levels, only when the operation type belongs to a pre-determined level, the corresponding authentication is used, such as authentication only using an authentication code, authentication using a password. Authentication may be performed by the authority
verification server, or by the service processing server. In the following examples, technical solutions of authentication by the service processing server will be described. If using the authority verification server to authenticate, the attribute of operation type is carried in the authentication request. In particular, optionally, the authentication request transmitting module 603 is configured to transmit an authentication request, in which the operation type is carried, to make the authority verification server authenticate the sender of the service operation request according to the authentication corresponding to the operation type.
An example of the present disclosure also provides an authority verification server. FIG. 7 is a schematic diagram illustrating a structure of an authority verification server according to an example of the present disclosure. As shown in FIG. 7, the authority verification server includes:
an authentication request receiving module 701, configured to receive an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type;
an authentication module 702, configured to after receiving the authentication request from the service processing server, authenticate the sender of the service operation request;
an indication transmitting module 703, configured to when determining the authenticating is passed, transmit an indication of executing the service operation request to the service processing server.
A service operation request is a request for executing a specific service operation. The requested service operation may have an attribute of operation type. The specific operation type may be set by a user. For example, operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc. Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc. Operations for other group members
may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc. With respect to different services, the specific operation request may have different sets of service operations. In the set of service operations, there may be a sensitive problem for different service operations according to the corresponding operation object. For example, in the above-described examples, operations for other group members and operations of delivering some information might be sensitive, so that it needs to control. Hence, different service operations may have an attribute of operation type. Generally, the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure. As one example, the operation types may be divided as a sensitive operation or a non-sensitive operation. The sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
The indication of executing the service operation request may be given by a command or informed by information. For example, the command indicates executing the service operation corresponding to the service operation request, or, by informing the authentication result of the service operation request is passing the authentication, the service processing server knows to execute the service operation corresponding to the service operation request. Hence, there are various ways to indicate executing the service operation corresponding to the service operation request. The specific indicating ways do not impact the implementation of examples in the present disclosure, which are not defined in detail in the present disclosure.
In the above-described example, when the server determines that the operation type of the service operation request belongs to a pre-determined operation type, an operation of a secondary authentication is initiated. After determining the authenticating is passed, the service operation is executed. In the example, by separating the operator type and the service corresponding to the service operation, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
Because it needs to control the service operations of the user, it is necessary to pre-determine, in particular, which operation types need to be controlled and in which level
of control. The pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure. There may be different ways of authentication for different operation types. For example, if the operation types are divided into levels, only when the operation type belongs to a pre-determined level, the corresponding authentication is used, such as authentication only using an authentication code, authentication using a password. Authentication may be performed by the authority verification server, or by the service processing server. In the following examples, technical solutions of authentication by the service processing server will be described. If using the authority verification server to authenticate, the attribute of operation type is carried in the authentication request. In particular, optionally, as shown in FIG. 8, the authentication module 702 includes:
an authentication notification transmitting module 801, configured to when the authentication request received in the authentication request receiving module 701 includes the operation type, transmit an authentication notification to the sender of the service operation request;
an authentication sub-module 802, configured to determine whether the authentication information returned by the sender of the service operation request is matched with the operation type of the authentication request; if yes, determine that the authenticating is passed.
With respect to the sender of the operation request, if it is ever performed by executing a certain type of service operation, it is much possible to always have such authority. In order to avoid increased complexity of user operations caused by several authentications, and reduce the signaling overhead, in the examples of the present disclosure, a certain time effectiveness may be configured to perform authority control for the operator of the service request. Preferably, the authentication module 702 is further configured to before authenticating the sender of the service operation request, determine whether the sender of the service request passing the previous authentication is within a predetermined duration; if yes, determine the authenticating is passed.
An example of the present disclosure also provides a server. FIG. 9 is a schematic diagram illustrating a structure of a server according to an example of the present disclosure. As shown in FIG. 9, the server includes:
a request receiving module 901, configured to receive an authentication request, and receive the authentication information returned by the sender of the service operation request;
a type determining module 902, configured to determine an operation type of the service operation request received in the request receiving module 901;
an notification transmitting module 903, configured to when determining the operation type belongs to a pre-determined operation type, transmit an authentication notification to the sender of the service operation request;
an authentication module 904, configured to when the authentication information is matched with the operation type, determine that the authenticating is passed;
a service executing module 905, configured to when determining the authenticating is passed in the authentication module 904, execute the service operation corresponding to the service operation request.
In the example of the present disclosure, a service operation request is a request for executing a specific service operation. The requested service operation may have an attribute of operation type. The specific operation type may be set by a user. For example, operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc. Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc. Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc. With respect to different services, the specific operation request may have different sets of service operations. In the set of service operations, there may be a sensitive problem for different service operations according to the corresponding operation object. For example, in the above-described examples, operations for other group members
and operations of delivering some information might be sensitive, so that it needs to control. Hence, different service operations may have an attribute of operation type. Generally, the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure. As one example, the operation types may be divided as a sensitive operation or a non-sensitive operation. The sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
In the above-described example, when the server determines that the operation type of the service operation request belongs to a pre-determined operation type, an operation of a secondary authentication is initiated. After determining the authenticating is passed, the service operation is executed. In the example, by separating the operator type and the service corresponding to the service operation, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
Because it needs to control the service operations of the user, it is necessary to pre-determine, in particular, which operation types need to be controlled and in which level of control. The pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure. There may be different ways of authentication for different operation types. For example, if the operation types are divided into levels, only when the operation type belongs to a pre-determined level, the corresponding authentication is used, such as authentication only using an authentication code, authentication using a password.
With respect to the sender of the operation request, if it is ever performed by executing a certain type of service operation, it is much possible to always have such authority. In order to avoid increased complexity of user operations caused by several authentications, and reduce the signaling overhead, in the examples of the present disclosure, a certain time effectiveness may be configured to perform authority control for the operator of the service request. In particular, optionally, the authentication module 904 is further configured to before transmitting an authentication notification to the sender of the service operation request in the notification transmitting module 903, determine whether the sender
of the service request passing the previous authentication is within a predetermined duration; if yes, determine the authenticating is passed.
An example of the present disclosure also provides another service processing server. FIG. 10 is a schematic diagram illustrating a structure of a service processing server according to an example of the present disclosure. As shown in FIG. 10, the service processing server includes a receiver 1001, a transmitter 1002, a processor 1003 and a memory 1004.
The processor 1003 is configured to receive a service operation request, and determine an operation type of the service operation request; when determining the operation type belongs to a pre-determined operation type, transmit an authentication request to an authority verification server to make the authority verification server authenticate the sender of the service operation request; when receiving an indication of executing the service operation request, execute the service operation corresponding to the service operation request.
In the example of the present disclosure, a service operation request is a request for executing a specific service operation. The requested service operation may have an attribute of operation type. The specific operation type may be set by a user. For example, operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc. Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc. Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc. With respect to different services, the specific operation request may have different sets of service operations. In the set of service operations, there may be a sensitive problem for different service operations according to the corresponding operation object. For example, in the above-described examples, operations for other group members and operations of delivering some information might be sensitive, so that it needs to control. Hence, different service operations may have an attribute of operation type. Generally, the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present
disclosure. As one example, the operation types may be divided as a sensitive operation or a non-sensitive operation. The sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
The indication of executing the service operation request may be given by a command or informed by information. For example, the command indicates executing the service operation corresponding to the service operation request, or, by informing the authentication result of the service operation request is passing the authentication, the service processing server knows to execute the service operation corresponding to the service operation request. Hence, there are various ways to indicate executing the service operation corresponding to the service operation request. The specific indicating ways do not impact the implementation of examples in the present disclosure, which are not defined in detail in the present disclosure.
In the above-described example, when the server determines that the operation type of the service operation request belongs to a pre-determined operation type, an operation of a secondary authentication is initiated. After determining the authenticating is passed, the service operation is executed. In the example, by separating the operator type and the service corresponding to the service operation, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
Because it needs to control the service operations of the user, it is necessary to pre-determine, in particular, which operation types need to be controlled and in which level of control. The pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure. There may be different ways of authentication for different operation types. For example, if the operation types are divided into levels, only when the operation type belongs to a pre-determined level, the corresponding authentication is used, such as authentication only using an authentication code, authentication using a password. Authentication may be performed by the authority verification server, or by the service processing server. In the following examples, technical solutions of authentication by the service processing server will be described. If using the authority verification server to authenticate, the attribute of operation type is carried in the
authentication request. In particular, optionally, the processor 1003 is configured to when the operation type is carried in the authentication request, make the authority verification server authenticate the sender of the service operation request according to the authentication corresponding to the operation type.
An example of the present disclosure also provides another authority verification server. FIG. 11 is a schematic diagram illustrating a structure of an authority verification server according to an example of the present disclosure. As shown in FIG. 11, the authority verification server includes a receiver 1101, a transmitter 1102, a processor 1103 and a memory 1104.
The processor 1103 is configured to receive an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determine an operation type of the service operation request belongs to a pre-determined operation type; after the authority verification server receives the authentication request from the service processing server, authenticate the sender of the service operation request; when the authority verification server determines the authenticating is passed, transmit an indication of executing the service operation request to the service processing server.
A service operation request is a request for executing a specific service operation. The requested service operation may have an attribute of operation type. The specific operation type may be set by a user. For example, operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc. Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc. Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc. With respect to different services, the specific operation request may have different sets of service operations. In the set of service operations, there may be a sensitive problem for different service operations according to the corresponding operation object. For example, in the above-described examples, operations for other group members and operations of delivering some information might be sensitive, so that it needs to control. Hence, different service operations
may have an attribute of operation type. Generally, the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure. As one example, the operation types may be divided as a sensitive operation or a non-sensitive operation. The sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
The indication of executing the service operation request may be given by a command or informed by information. For example, the command indicates executing the service operation corresponding to the service operation request, or, by informing the authentication result of the service operation request is passing the authentication, the service processing server knows to execute the service operation corresponding to the service operation request. Hence, there are various ways to indicate executing the service operation corresponding to the service operation request. The specific indicating ways do not impact the implementation of examples in the present disclosure, which are not defined in detail in the present disclosure.
In the above-described example, when the server determines that the operation type of the service operation request belongs to a pre-determined operation type, an operation of a secondary authentication is initiated. After determining the authenticating is passed, the service operation is executed. In the example, by separating the operator type and the service corresponding to the service operation, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
Because it needs to control the service operations of the user, it is necessary to pre-determine, in particular, which operation types need to be controlled and in which level of control. The pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure. There may be different ways of authentication for different operation types. For example, if the operation types are divided into levels, only when the operation type belongs to a pre-determined level, the corresponding authentication is used, such as authentication only using an authentication code, authentication using a password. Authentication may be performed by the authority verification server, or by the service processing server. In the following examples, technical
solutions of authentication by the service processing server will be described. If using the authority verification server to authenticate, the attribute of operation type is carried in the authentication request. In particular, the processor 1103 is configured to when the authentication request includes the operation type, transmit an authentication notification to the sender of the service operation request, receive authentication information returned by the sender of the service operation request; when the authentication information returned by the sender of the service operation request is matched with the operation type of the authentication request, determine that the authenticating is passed.
With respect to the sender of the operation request, if it is ever performed by executing a certain type of service operation, it is much possible to always have such authority. In order to avoid increased complexity of user operations caused by several authentications, and reduce the signaling overhead, in the examples of the present disclosure, a certain time effectiveness may be configured to perform authority control for the operator of the service request. In particular, preferably, the processor 1103 is further configured to before authenticating the sender of the service operation request, determine whether the sender of the service request passing the previous authentication is within a predetermined duration; if yes, determine the authenticating is passed.
An example of the present disclosure also provides another server. FIG. 12 is a schematic diagram illustrating a structure of a server according to an example of the present disclosure. As shown in FIG. 12, the server includes a receiver 1201, a transmitter 1202, a processor 1203 and a memory 1204.
The processor 1203 is configured to receive an authentication request, and determine an operation type of the service operation request; when determining the operation type belongs to a pre-determined operation type, transmit an authentication notification to the sender of the service operation request, and receive authentication information returned by the sender of the service operation request; when the authentication information is matched with the operation type, determine that the authenticating is passed, and execute the service operation corresponding to the service operation request.
In the example of the present disclosure, a service operation request is a request for executing a specific service operation. The requested service operation may have an
attribute of operation type. The specific operation type may be set by a user. For example, operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc. Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc. Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc. With respect to different services, the specific operation request may have different sets of service operations. In the set of service operations, there may be a sensitive problem for different service operations according to the corresponding operation object. For example, in the above-described examples, operations for other group members and operations of delivering some information might be sensitive, so that it needs to control. Hence, different service operations may have an attribute of operation type. Generally, the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure. As one example, the operation types may be divided as a sensitive operation or a non-sensitive operation. The sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
In the above-described example, when the server determines that the operation type of the service operation request belongs to a pre-determined operation type, an operation of a secondary authentication is initiated. After determining the authenticating is passed, the service operation is executed. In the example, by separating the operator type and the service corresponding to the service operation, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
Because it needs to control the service operations of the user, it is necessary to pre-determine, in particular, which operation types need to be controlled and in which level of control. The pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure. There may be different ways of authentication for different operation types. For example, if the operation types are divided
into levels, only when the operation type belongs to a pre-determined level, the corresponding authentication is used, such as authentication only using an authentication code, authentication using a password.
With respect to the sender of the operation request, if it is ever performed by executing a certain type of service operation, it is much possible to always have such authority. In order to avoid increased complexity of user operations caused by several authentications, and reduce the signaling overhead, in the examples of the present disclosure, a certain time effectiveness may be configured to perform authority control for the operator of the service request. In particular, the processor 1203 is further configured to before transmitting an authentication notification to the sender of the service operation request, determine whether the sender of the service request passing the previous authentication is within a predetermined duration; if yes, determine the authenticating is passed.
An example of the present disclosure also provides a system for controlling an authority. FIG. 13 is a schematic diagram illustrating a structure of a system according to an example of the present disclosure. As shown in FIG. 13, the system includes a service processing server 1301 and an authority verification server 1302.
The service processing server 1301 is the service processing server according to any one of examples provided in the present disclosure;
The authority verification server 1302 is the authority verification server according to any one of examples provided in the present disclosure.
When the server determines that the operation type of the service operation request belongs to a pre-determined operation type, an operation of a secondary authentication is initiated. After determining the authenticating is passed, the service operation is executed. In the example, by separating the operator type and the service corresponding to the service operation, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
It should be noted that, in the examples of the server, the service processing server and the authority verification server, the modules are divided according to functions, but not
limited to this kind of division, as long as the corresponding functions can be achieved. In addition, the specific names of the modules are just used for differentiation, but not used for limiting the protection scope of the present disclosure.
In addition, it can be understood by those skilled in the art that all or part of steps in the above-described examples of the present disclosure can be implemented by instruct related hardwares by programs. The corresponding programs can be stored in a computer-readable storage medium. The storage medium may be a Read Only Memory (ROM) , a magnetic disk, or a compact disk.
The foregoing is preferred examples of the present disclosure, which is not used for limiting the protection scope of the present disclosure. Any modifications and equivalent substitutions made by those skilled in the art within the spirit and principle of the present disclosure, should be covered by the protection scope of the present disclosure. Hence, the protection scope of the present disclosure should be determined by the protection scope of claims.
Claims (17)
- A method for controlling an authority, comprising:receiving, by a service processing server, a service operation request, and determining an operation type of the service operation request;when determining the operation type belongs to a pre-determined operation type, transmitting, by the service processing server, an authentication request to an authority verification server to make the authority verification server authenticate a sender of the service operation request; andwhen receiving an indication of executing the service operation request, executing, by the service processing server, a service operation corresponding to the service operation request.
- The method according to claim 1, wherein when the operation type is carried in the authentication request, making the authority verification server authenticate the sender of the service operation request comprises:making the authority verification server authenticate the sender of the service operation request according to an authentication corresponding to the operation type.
- A method for controlling an authority, comprising:receiving, by an authority verification server, an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type;after receiving the authentication request from the service processing server, authenticating, by the authority verification server, a sender of the service operation request; andwhen determining that the authenticating is passed, transmitting, by the authority verification server, an indication of executing the service operation request to the service processing server.
- The method according to claim 3, wherein when the operation type is carried in the authentication request, authenticating the sender of the service operation request comprises:transmitting an authentication notification to the sender of the service operation request; receiving authentication information returned by the sender of the service operation request; when the authentication information is matched with the operation type corresponding to the authentication request, determining that the authenticating is passed.
- The method according to claim 3 or 4, further comprising:determining whether the sender of the service request passing a previous authentication is within a predetermined duration; if yes, determining that the authenticating is passed.
- A method for controlling an authority, comprising:receiving a service operation request, and determining an operation type of the service operation request;when determining the operation type belongs to a pre-determined operation type, transmitting an authentication notification to a sender of the service operation request, and receiving authentication information returned by the sender of the service operation request; andwhen the authentication information is matched with the operation type, determining that the authenticating is passed, and executing a service operation corresponding to the service operation request.
- The method according to claim 6, further comprising:determining whether the sender of the service request passing a previous authentication is within a predetermined duration; if yes, determining that the authenticating is passed.
- A server, comprising:a service request receiving module, configured to receive a service operation request;a type determining module, configured to determine an operation type of the service operation request received in the service request receiving unit;an authentication request transmitting module, configured to when determining that the operation type belongs to a pre-determined operation type, transmit an authentication request to an authority verification server to make the authority verification server authenticate the sender of the service operation request;an indication receiving module, configured to receive an indication of executing the service operation request; anda service executing module, configured to when the indication of executing the service operation request is received in the indication receiving module, execute the service operation corresponding to the service operation request.
- The server according to claim 8, wherein the authentication request transmitting module is configured to transmit an authentication request, in which the operation type is carried, to make the authority verification server authenticate the sender of the service operation request according to the authentication corresponding to the operation type.
- A server, comprising:an authentication request receiving module, configured to receive an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type;an authentication module, configured to after receiving the authentication request from the service processing server, authenticate a sender of the service operation request;an indication transmitting module, configured to when determining that the authenticating is passed, transmit an indication of executing the service operation request to the service processing server.
- The server according to claim 10, wherein the authentication module comprises:an authentication notification transmitting module, configured to when the authentication request received in the authentication request receiving module includes the operation type, transmit an authentication notification to the sender of the service operation request; andan authentication sub-module, configured to determine whether authentication information returned by the sender of the service operation request is matched with the operation type of the authentication request; if yes, determine that the authenticating is passed.
- The server according to claim 10 or 11, wherein the authentication module is further configured to before authenticating the sender of the service operation request, determine whether the sender of the service request passing a previous authentication is within a predetermined duration; if yes, determining that the authenticating is passed.
- A server, comprising:a request receiving module, configured to receive an authentication request, and receive authentication information returned by the sender of the service operation request;a type determining module, configured to determine an operation type of the service operation request received in the request receiving module;an notification transmitting module, configured to when determining the operation type belongs to a pre-determined operation type, transmit an authentication notification to the sender of the service operation request;an authentication module, configured to when the authentication information is matched with the operation type, determine that the authenticating is passed; anda service executing module, configured to when determining the authenticating is passed in the authentication module, execute a service operation corresponding to the service operation request.
- The server according to claim 13, wherein the authentication module is further configured to before transmitting the authentication notification to the sender of the service operation request in the notification transmitting module, determine whether the sender of the service request passing a previous authentication is within a predetermined duration; if yes, determine that the authenticating is passed.
- A server, comprises a memory, and one or more programs stored in the memory and configured for execution by the one or more processors, the one or more programs including instructions to:receive a service operation request, and determine an operation type of the service operation request;when determining the operation type belongs to a pre-determined operation type, transmit an authentication request to an authority verification server to make the authority verification server authenticate a sender of the service operation request; andwhen receiving an indication of executing the service operation request, execute a service operation corresponding to the service operation request.
- A server, comprises a memory, and one or more programs stored in the memory and configured for execution by the one or more processors, the one or more programs including instructions to:receive an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type;after receiving the authentication request from the service processing server, authenticate a sender of the service operation request; andwhen determining that the authenticating is passed, transmit an indication of executing the service operation request to the service processing server.
- A server, comprises a memory, and one or more programs stored in the memory and configured for execution by the one or more processors, the one or more programs including instructions to:receive a service operation request, and determine an operation type of the service operation request;when determining the operation type belongs to a pre-determined operation type, transmit an authentication notification to a sender of the service operation request, and receive authentication information returned by the sender of the service operation request; andwhen the authentication information is matched with the operation type, determine that the authenticating is passed, and execute a service operation corresponding to the service operation request.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310542555.4A CN103546489B (en) | 2013-11-05 | 2013-11-05 | Method, server and system for authority control |
CN201310542555.4 | 2013-11-05 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015067163A1 true WO2015067163A1 (en) | 2015-05-14 |
Family
ID=49969536
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2014/090216 WO2015067163A1 (en) | 2013-11-05 | 2014-11-04 | Method, server and system for controling authority |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN103546489B (en) |
WO (1) | WO2015067163A1 (en) |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105205388B (en) * | 2014-06-05 | 2019-03-15 | 腾讯科技(深圳)有限公司 | A kind of right management method and system of application program |
CN104270526A (en) * | 2014-09-29 | 2015-01-07 | 广东欧珀移动通信有限公司 | Data traffic control method and system for mobile terminal |
CN104301328A (en) * | 2014-10-29 | 2015-01-21 | 北京思特奇信息技术股份有限公司 | Resource operation safety authentication method and system under cloud calculation environment |
CN106982187B (en) * | 2016-01-15 | 2020-12-01 | 中兴通讯股份有限公司 | Resource authorization method and device |
CN108268798B (en) * | 2017-06-30 | 2023-09-05 | 勤智数码科技股份有限公司 | Data item authority allocation method and system |
CN108566327B (en) * | 2018-01-09 | 2021-11-30 | 徐玉强 | Data processing method and device for chat application |
CN109740328B (en) * | 2019-01-08 | 2021-07-02 | 广州虎牙信息科技有限公司 | Authority identification method and device, computer equipment and storage medium |
CN110795709B (en) * | 2019-10-31 | 2022-08-12 | 北京达佳互联信息技术有限公司 | Method and device for performing business operation, electronic equipment and storage medium |
CN113938879A (en) * | 2020-06-29 | 2022-01-14 | 华为技术有限公司 | Communication method and communication device |
CN112085326A (en) * | 2020-07-31 | 2020-12-15 | 廊坊市科维配电技术开发有限公司 | Energy consumption management method and equipment |
CN113364765A (en) * | 2021-06-03 | 2021-09-07 | 北京天融信网络安全技术有限公司 | Cloud operation and maintenance auditing method and device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101262590A (en) * | 2007-12-21 | 2008-09-10 | 深圳市同洲电子股份有限公司 | Multi-service integration system, device and method |
CN101431659A (en) * | 2008-12-08 | 2009-05-13 | 中兴通讯股份有限公司 | Interactive Web TV system and its processing method |
CN101834834A (en) * | 2009-03-09 | 2010-09-15 | 华为软件技术有限公司 | Authentication method, device and system |
CN103546189A (en) * | 2013-11-13 | 2014-01-29 | 苏州华士无线科技有限公司 | Radio-frequency front end circuit and system |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100393166C (en) * | 2004-11-19 | 2008-06-04 | 中兴通讯股份有限公司 | Method and device for realizing PHS wireless network positioning service hierarchical authentication |
CN101772020B (en) * | 2009-01-05 | 2011-12-28 | 华为技术有限公司 | Method and system for authentication processing, 3GPP authentication authorization accounting server and user device |
US8887264B2 (en) * | 2009-09-21 | 2014-11-11 | Ram International Corporation | Multi-identity access control tunnel relay object |
CN103107888B (en) * | 2013-01-24 | 2015-11-18 | 贵州大学 | The identity identifying method that the dynamic multi-attribute of facing moving terminal is multi-level |
-
2013
- 2013-11-05 CN CN201310542555.4A patent/CN103546489B/en active Active
-
2014
- 2014-11-04 WO PCT/CN2014/090216 patent/WO2015067163A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101262590A (en) * | 2007-12-21 | 2008-09-10 | 深圳市同洲电子股份有限公司 | Multi-service integration system, device and method |
CN101431659A (en) * | 2008-12-08 | 2009-05-13 | 中兴通讯股份有限公司 | Interactive Web TV system and its processing method |
CN101834834A (en) * | 2009-03-09 | 2010-09-15 | 华为软件技术有限公司 | Authentication method, device and system |
CN103546189A (en) * | 2013-11-13 | 2014-01-29 | 苏州华士无线科技有限公司 | Radio-frequency front end circuit and system |
Also Published As
Publication number | Publication date |
---|---|
CN103546489A (en) | 2014-01-29 |
CN103546489B (en) | 2017-05-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2015067163A1 (en) | Method, server and system for controling authority | |
US9596232B2 (en) | Managing sharing of wireless network login passwords | |
KR102459199B1 (en) | Security and permission architecture in a multi-tenant computing system | |
CN114826577A (en) | Secure provisioning and management of devices | |
US20150154389A1 (en) | System and method for managing application program access to a protected resource residing on a mobile device | |
CN109150804B (en) | Delegated login method, related device and computer-readable storage medium | |
CN110365684B (en) | Access control method and device for application cluster and electronic equipment | |
RU2010110613A (en) | SYSTEM AND METHOD FOR IMPLEMENTING NETWORK DEVICE POLICY | |
US20180307858A1 (en) | Multi-party authentication and authorization | |
CN105099986A (en) | Network game data sharing method and server | |
WO2017088548A1 (en) | Communication method based on social identity, and server | |
US9898600B2 (en) | Method and apparatus for managing application data of portable terminal | |
CN111047740A (en) | Digital key sharing method | |
CN105488875A (en) | Access control verification method and device | |
AU2016256803B2 (en) | Automatically determining restored availability of multi-channel media distributors for authentication or authorization | |
CN107710673A (en) | The method and apparatus of authenticating user identification | |
KR20140011031A (en) | Service system and operation method for single-sign on based on a web browser | |
KR102537712B1 (en) | Systems, methods and devices for provisioning and processing location information for computerized devices | |
CN112953986A (en) | Management method and device for edge application | |
CN114363373B (en) | Application communication management system, method, device, electronic equipment and storage medium | |
KR102400471B1 (en) | Apparatus and method for controlling access based on software defined perimeter | |
WO2018019047A1 (en) | Set-top box operation method and device | |
US20210014059A1 (en) | Control method, apparatus and system | |
CN111147256B (en) | Authentication method and device | |
KR20060067114A (en) | Security apparatus for distributing client module and method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14860313 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 21.09.2016) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 14860313 Country of ref document: EP Kind code of ref document: A1 |