WO2015067163A1 - Method, server and system for controling authority - Google Patents

Method, server and system for controling authority Download PDF

Info

Publication number
WO2015067163A1
WO2015067163A1 PCT/CN2014/090216 CN2014090216W WO2015067163A1 WO 2015067163 A1 WO2015067163 A1 WO 2015067163A1 CN 2014090216 W CN2014090216 W CN 2014090216W WO 2015067163 A1 WO2015067163 A1 WO 2015067163A1
Authority
WO
WIPO (PCT)
Prior art keywords
service
request
authentication
service operation
operation request
Prior art date
Application number
PCT/CN2014/090216
Other languages
French (fr)
Inventor
Xiaomin Xu
Original Assignee
Tencent Technology (Shenzhen) Company Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology (Shenzhen) Company Limited filed Critical Tencent Technology (Shenzhen) Company Limited
Publication of WO2015067163A1 publication Critical patent/WO2015067163A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Definitions

  • the present disclosure relates to communication technologies, more particularly to a method, server and system for controlling an authority.
  • An authority refers to the scope of functional power, i.e., limitation on behavior. It includes the scope and degree of making a decision on issues by a worker in order to assure the efficient operation on the obligation.
  • an operation type and an operator type are binded, i.e., the relationship between the operation type and the operator type is stored.
  • a service processing processor server determines an operation type and an operator type at first, and then determines whether the operation type has a corresponding authority; if yes, performs the operation; otherwise, rejects the operation.
  • a super group management there are managers with various authorities in a group. Each manager has different authorities according to its type.
  • the super group owner may distribute part of authorities to the managers, which relates to distribution of sensitive authorities.
  • the group owner may have all authorities, i.e., the maximum number of authorities.
  • the managers with distributed authorities may have more authorities than the group members.
  • Examples of the present disclosure provide a method, server and system for controlling an authority. According to the present disclosure, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
  • a method for controlling an authority comprising:
  • a method for controlling an authority comprising:
  • an authority verification server receiving, by an authority verification server, an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type;
  • a method for controlling an authority comprising:
  • a server comprising:
  • a service request receiving module configured to receive a service operation request
  • a type determining module configured to determine an operation type of the service operation request received in the service request receiving unit
  • an authentication request transmitting module configured to when determining that the operation type belongs to a pre-determined operation type, transmit an authentication request to an authority verification server to make the authority verification server authenticate the sender of the service operation request;
  • an indication receiving module configured to receive an indication of executing the service operation request
  • a service executing module configured to when the indication of executing the service operation request is received in the indication receiving module, execute the service operation corresponding to the service operation request.
  • a server comprising:
  • an authentication request receiving module configured to receive an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type;
  • an authentication module configured to after receiving the authentication request from the service processing server, authenticate a sender of the service operation request
  • an indication transmitting module configured to when determining that the authenticating is passed, transmit an indication of executing the service operation request to the service processing server.
  • a server comprising:
  • a request receiving module configured to receive an authentication request, and receive authentication information returned by the sender of the service operation request
  • a type determining module configured to determine an operation type of the service operation request received in the request receiving module
  • an notification transmitting module configured to when determining the operation type belongs to a pre-determined operation type, transmit an authentication notification to the sender of the service operation request;
  • an authentication module configured to when the authentication information is matched with the operation type, determine that the authenticating is passed;
  • a service executing module configured to when determining the authenticating is passed in the authentication module, execute a service operation corresponding to the service operation request.
  • a server comprises a memory, and one or more programs stored in the memory and configured for execution by the one or more processors, the one or more programs including instructions to:
  • a server comprises a memory, and one or more programs stored in the memory and configured for execution by the one or more processors, the one or more programs including instructions to:
  • the authentication request is transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type;
  • a server comprises a memory, and one or more programs stored in the memory and configured for execution by the one or more processors, the one or more programs including instructions to:
  • FIG. 1 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure.
  • FIG. 2 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure.
  • FIG. 3 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure.
  • FIG. 4 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure.
  • FIG. 5 is a schematic diagram illustrating a structure of a plug-in window according to an example of the present disclosure.
  • FIG. 6 is a schematic diagram illustrating a structure of a service processing server according to an example of the present disclosure.
  • FIG. 7 is a schematic diagram illustrating a structure of an authority verification server according to an example of the present disclosure.
  • FIG. 8 is a schematic diagram illustrating a structure of an authority verification server according to an example of the present disclosure.
  • FIG. 9 is a schematic diagram illustrating a structure of a server according to an example of the present disclosure.
  • FIG. 10 is a schematic diagram illustrating a structure of a service processing server according to an example of the present disclosure.
  • FIG. 11 is a schematic diagram illustrating a structure of an authority verification server according to an example of the present disclosure.
  • FIG. 12 is a schematic diagram illustrating a structure of a server according to an example of the present disclosure.
  • FIG. 13 is a schematic diagram illustrating a structure of a system according to an example of the present disclosure.
  • control of all the operations are performed by a service processing server, and the authority control is performed according to the operator type. Because the service and the operator type (i.e., authority) are binded together, it is not good for customizing the second-level authority configuration, and not good for service updating and application.
  • FIG. 1 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure. As shown in FIG. 1, the method may include the following procedures.
  • a service processing server receives a service operation request, and determines an operation type of the service operation request.
  • a service operation request is a request for executing a specific service operation.
  • the requested service operation may have an attribute of operation type.
  • the specific operation type may be set by a user.
  • operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc.
  • Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc.
  • Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc.
  • the specific operation request may have different sets of service operations.
  • the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure.
  • the operation types may be divided as a sensitive operation or a non-sensitive operation.
  • the sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
  • the service processing server when determining the operation type belongs to a pre-determined operation type, transmits an authentication request to an authority verification server to make the authority verification server authenticate the sender of the service operation request.
  • the pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure.
  • Authentication may be performed by the authority verification server, or by the service processing server. In the following examples, technical solutions of authentication by the service processing server will be described. If using the authority verification server to authenticate, the attribute of operation type is carried in the authentication request. In particular, when the operation type is carried in the authentication request, the authority verification server authenticating the sender of the service operation request includes: the authority verification server authenticating the sender of the service operation request according to the authentication corresponding to the operation type.
  • Block 103 when receiving an indication of executing the service operation request, the service processing server executes the service operation corresponding to the service operation request.
  • the indication of executing the service operation request may be given by a command or informed by information.
  • the command indicates executing the service operation corresponding to the service operation request, or, by informing the authentication result of the service operation request is passing the authentication, the service processing server knows to execute the service operation corresponding to the service operation request.
  • the specific indicating ways do not impact the implementation of examples in the present disclosure, which are not defined in detail in the present disclosure.
  • the server determines that the operation type of the service operation request belongs to a pre-determined operation type
  • an operation of a secondary authentication is initiated.
  • the service operation is executed.
  • it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
  • FIG. 2 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure. As shown in FIG. 2, the method may include the following procedures.
  • an authority verification server receives an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type.
  • a service operation request is a request for executing a specific service operation.
  • the requested service operation may have an attribute of operation type.
  • the specific operation type may be set by a user.
  • operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc.
  • Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc.
  • Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc.
  • the specific operation request may have different sets of service operations.
  • the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure.
  • the operation types may be divided as a sensitive operation or a non-sensitive operation.
  • the sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
  • the authority verification server authenticates the sender of the service operation request.
  • the pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure.
  • Authentication may be performed by the authority verification server, or by the service processing server. In the following examples, technical solutions of authentication by the service processing server will be described. If using the authority verification server to authenticate, the attribute of operation type is carried in the authentication request.
  • authenticating the sender of the service operation request includes: transmitting an authentication notification to the sender of the service operation request, receiving authentication information returned by the sender of the service operation request, if the authentication information is matched with the operation type corresponding to the authentication request, determining the authenticating is passed.
  • a certain time effectiveness may be configured to perform authority control for the operator of the service request.
  • it further includes: determining whether the sender of the service request passing the previous authentication is within a predetermined duration; if yes, determining the authenticating is passed.
  • the authority verification server transmits an indication of executing the service operation request to the service processing server.
  • the indication of executing the service operation request may be given by a command or informed by information.
  • the command indicates executing the service operation corresponding to the service operation request, or, by informing the authentication result of the service operation request is passing the authentication, the service processing server knows to execute the service operation corresponding to the service operation request.
  • the specific indicating ways do not impact the implementation of examples in the present disclosure, which are not defined in detail in the present disclosure.
  • the server determines that the operation type of the service operation request belongs to a pre-determined operation type
  • an operation of a secondary authentication is initiated.
  • the service operation is executed.
  • it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
  • FIG. 3 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure. As shown in FIG. 3, the method may include the following procedures.
  • Block 301 receive an authentication request, and determine an operation type of the service operation request.
  • a service operation request is a request for executing a specific service operation.
  • the requested service operation may have an attribute of operation type.
  • the specific operation type may be set by a user.
  • operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc.
  • Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc.
  • Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc.
  • the specific operation request may have different sets of service operations.
  • the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure.
  • the operation types may be divided as a sensitive operation or a non-sensitive operation.
  • the sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
  • Block 302 when determining the operation type belongs to a pre-determined operation type, transmit an authentication notification to the sender of the service operation request, and receive authentication information returned by the sender of the service operation request.
  • the pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure.
  • a certain time effectiveness may be configured to perform authority control for the operator of the service request.
  • it further includes: determining whether the sender of the service request passing the previous authentication is within a predetermined duration; if yes, determining the authenticating is passed.
  • Block 303 when the authentication information is matched with the operation type, determining the authenticating is passed, and executing the service operation corresponding to the service operation request.
  • the server determines that the operation type of the service operation request belongs to a pre-determined operation type
  • an operation of a secondary authentication is initiated.
  • the service operation is executed.
  • it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
  • FIG. 3 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure. As shown in FIG. 3, the method may include the following procedures.
  • FIG. 4 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure. As shown in FIG. 4, the method may include the following procedures.
  • a client sends a service operation request for requesting a service operation to a service processing server.
  • the service processing server performs a judgment for sensitive authority, and determines whether the service operation belongs to a sensitive service operation.
  • Block 403 if yes in Block 402, i.e., when determining that the service operation belongs to a sensitive service operation, the service processing server transmits an authentication request to an authority verification server to request for authentication of sensitive authority.
  • the service processing server may transmit information of sensitive operation to the authority verification server to request authentication of sensitive authority. Ways to transmitting information by the service processing server are not defined in the present disclosure.
  • Block 404 the authority verification server verifies whether the authentication for the user is within an effective duration; if yes, perform Block 405; otherwise, perform Block 408.
  • the effective duration may be configured according to specific services, which is not defined in the present disclosure.
  • the authority verification server transmits a verification command to notify the user for the secondary authentication.
  • the client prompts the user for authority authentication, and after the user inputs the authentication information, sends to the authority verification server a request for the secondary authentication for the user, in which the authentication information is carried.
  • a room management password authentication interface as shown FIG. 5 is present in the manger interface. Only when the manger inputs a correct room management password, the sensitive operation is allowed to execute. In order to avoid frequent reminders of inputting password for authentication when the manger performs the sensitive operation, it does not need to input the password again for sensitive operation within a duration after the authority authentication is successful.
  • FIG. 5 the following are shown: 1, item: “Password Authentication” ; 2, operation reminder: “please input manger password” ; 3, input box, and close (i.e., shown as X), “OK” and “Cancel” .
  • the specific interface may be modified and extended based on demands, which is not defined in the present disclosure.
  • the authority verification server performs authentication verification; if it is passed, perform 408; otherwise, notify the service processing server that the authentication is not passed.
  • the authority verification server transmits a command to the service processing server, and notifies the service processing server for service execution.
  • Block 404 if it is assured that within the effective duration, it can be determined that the authenticating is passed, the Block 405 and Block 406 cannot be performed, and the Block 409 can also not be performed.
  • FIG. 6 is a schematic diagram illustrating a structure of a service processing server according to an example of the present disclosure. As shown in FIG. 6, the service processing server includes:
  • a service request receiving module 601, configured to receive a service operation request
  • a type determining module 602 configured to determine an operation type of the service operation request received in the service request receiving unit 601;
  • an authentication request transmitting module 603, configured to when determining the operation type belongs to a pre-determined operation type, transmit an authentication request to an authority verification server to make the authority verification server authenticate the sender of the service operation request;
  • a service executing module 605 configured to when the indication of executing the service operation request is received in the indication receiving module 604, execute the service operation corresponding to the service operation request.
  • a service operation request is a request for executing a specific service operation.
  • the requested service operation may have an attribute of operation type.
  • the specific operation type may be set by a user.
  • operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc.
  • Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc.
  • Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc.
  • the specific operation request may have different sets of service operations.
  • the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure.
  • the operation types may be divided as a sensitive operation or a non-sensitive operation.
  • the sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
  • the indication of executing the service operation request may be given by a command or informed by information.
  • the command indicates executing the service operation corresponding to the service operation request, or, by informing the authentication result of the service operation request is passing the authentication, the service processing server knows to execute the service operation corresponding to the service operation request.
  • the specific indicating ways do not impact the implementation of examples in the present disclosure, which are not defined in detail in the present disclosure.
  • the server determines that the operation type of the service operation request belongs to a pre-determined operation type
  • an operation of a secondary authentication is initiated.
  • the service operation is executed.
  • it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
  • the pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure.
  • Authentication may be performed by the authority verification server, or by the service processing server. In the following examples, technical solutions of authentication by the service processing server will be described. If using the authority verification server to authenticate, the attribute of operation type is carried in the authentication request.
  • the authentication request transmitting module 603 is configured to transmit an authentication request, in which the operation type is carried, to make the authority verification server authenticate the sender of the service operation request according to the authentication corresponding to the operation type.
  • FIG. 7 is a schematic diagram illustrating a structure of an authority verification server according to an example of the present disclosure. As shown in FIG. 7, the authority verification server includes:
  • an authentication request receiving module 701 configured to receive an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type;
  • an authentication module 702 configured to after receiving the authentication request from the service processing server, authenticate the sender of the service operation request
  • an indication transmitting module 703 configured to when determining the authenticating is passed, transmit an indication of executing the service operation request to the service processing server.
  • a service operation request is a request for executing a specific service operation.
  • the requested service operation may have an attribute of operation type.
  • the specific operation type may be set by a user.
  • operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc.
  • Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc.
  • Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc.
  • the specific operation request may have different sets of service operations.
  • the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure.
  • the operation types may be divided as a sensitive operation or a non-sensitive operation.
  • the sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
  • the indication of executing the service operation request may be given by a command or informed by information.
  • the command indicates executing the service operation corresponding to the service operation request, or, by informing the authentication result of the service operation request is passing the authentication, the service processing server knows to execute the service operation corresponding to the service operation request.
  • the specific indicating ways do not impact the implementation of examples in the present disclosure, which are not defined in detail in the present disclosure.
  • the server determines that the operation type of the service operation request belongs to a pre-determined operation type
  • an operation of a secondary authentication is initiated.
  • the service operation is executed.
  • it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
  • the pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure.
  • Authentication may be performed by the authority verification server, or by the service processing server. In the following examples, technical solutions of authentication by the service processing server will be described. If using the authority verification server to authenticate, the attribute of operation type is carried in the authentication request.
  • the authentication module 702 includes:
  • an authentication notification transmitting module 801, configured to when the authentication request received in the authentication request receiving module 701 includes the operation type, transmit an authentication notification to the sender of the service operation request;
  • an authentication sub-module 802 configured to determine whether the authentication information returned by the sender of the service operation request is matched with the operation type of the authentication request; if yes, determine that the authenticating is passed.
  • a certain time effectiveness may be configured to perform authority control for the operator of the service request.
  • the authentication module 702 is further configured to before authenticating the sender of the service operation request, determine whether the sender of the service request passing the previous authentication is within a predetermined duration; if yes, determine the authenticating is passed.
  • FIG. 9 is a schematic diagram illustrating a structure of a server according to an example of the present disclosure. As shown in FIG. 9, the server includes:
  • a request receiving module 901 configured to receive an authentication request, and receive the authentication information returned by the sender of the service operation request;
  • a type determining module 902 configured to determine an operation type of the service operation request received in the request receiving module 901;
  • an notification transmitting module 903 configured to when determining the operation type belongs to a pre-determined operation type, transmit an authentication notification to the sender of the service operation request;
  • an authentication module 904 configured to when the authentication information is matched with the operation type, determine that the authenticating is passed;
  • a service executing module 905 configured to when determining the authenticating is passed in the authentication module 904, execute the service operation corresponding to the service operation request.
  • a service operation request is a request for executing a specific service operation.
  • the requested service operation may have an attribute of operation type.
  • the specific operation type may be set by a user.
  • operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc.
  • Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc.
  • Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc.
  • the specific operation request may have different sets of service operations.
  • the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure.
  • the operation types may be divided as a sensitive operation or a non-sensitive operation.
  • the sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
  • the server determines that the operation type of the service operation request belongs to a pre-determined operation type
  • an operation of a secondary authentication is initiated.
  • the service operation is executed.
  • it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
  • the pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure.
  • a certain time effectiveness may be configured to perform authority control for the operator of the service request.
  • the authentication module 904 is further configured to before transmitting an authentication notification to the sender of the service operation request in the notification transmitting module 903, determine whether the sender of the service request passing the previous authentication is within a predetermined duration; if yes, determine the authenticating is passed.
  • FIG. 10 is a schematic diagram illustrating a structure of a service processing server according to an example of the present disclosure.
  • the service processing server includes a receiver 1001, a transmitter 1002, a processor 1003 and a memory 1004.
  • the processor 1003 is configured to receive a service operation request, and determine an operation type of the service operation request; when determining the operation type belongs to a pre-determined operation type, transmit an authentication request to an authority verification server to make the authority verification server authenticate the sender of the service operation request; when receiving an indication of executing the service operation request, execute the service operation corresponding to the service operation request.
  • a service operation request is a request for executing a specific service operation.
  • the requested service operation may have an attribute of operation type.
  • the specific operation type may be set by a user.
  • operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc.
  • Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc.
  • Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc.
  • the specific operation request may have different sets of service operations.
  • the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure.
  • the operation types may be divided as a sensitive operation or a non-sensitive operation.
  • the sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
  • the indication of executing the service operation request may be given by a command or informed by information.
  • the command indicates executing the service operation corresponding to the service operation request, or, by informing the authentication result of the service operation request is passing the authentication, the service processing server knows to execute the service operation corresponding to the service operation request.
  • the specific indicating ways do not impact the implementation of examples in the present disclosure, which are not defined in detail in the present disclosure.
  • the server determines that the operation type of the service operation request belongs to a pre-determined operation type
  • an operation of a secondary authentication is initiated.
  • the service operation is executed.
  • it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
  • the pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure.
  • Authentication may be performed by the authority verification server, or by the service processing server. In the following examples, technical solutions of authentication by the service processing server will be described. If using the authority verification server to authenticate, the attribute of operation type is carried in the authentication request.
  • the processor 1003 is configured to when the operation type is carried in the authentication request, make the authority verification server authenticate the sender of the service operation request according to the authentication corresponding to the operation type.
  • FIG. 11 is a schematic diagram illustrating a structure of an authority verification server according to an example of the present disclosure.
  • the authority verification server includes a receiver 1101, a transmitter 1102, a processor 1103 and a memory 1104.
  • the processor 1103 is configured to receive an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determine an operation type of the service operation request belongs to a pre-determined operation type; after the authority verification server receives the authentication request from the service processing server, authenticate the sender of the service operation request; when the authority verification server determines the authenticating is passed, transmit an indication of executing the service operation request to the service processing server.
  • a service operation request is a request for executing a specific service operation.
  • the requested service operation may have an attribute of operation type.
  • the specific operation type may be set by a user.
  • operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc.
  • Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc.
  • Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc.
  • the specific operation request may have different sets of service operations.
  • the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure.
  • the operation types may be divided as a sensitive operation or a non-sensitive operation.
  • the sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
  • the indication of executing the service operation request may be given by a command or informed by information.
  • the command indicates executing the service operation corresponding to the service operation request, or, by informing the authentication result of the service operation request is passing the authentication, the service processing server knows to execute the service operation corresponding to the service operation request.
  • the specific indicating ways do not impact the implementation of examples in the present disclosure, which are not defined in detail in the present disclosure.
  • the server determines that the operation type of the service operation request belongs to a pre-determined operation type
  • an operation of a secondary authentication is initiated.
  • the service operation is executed.
  • it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
  • the pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure.
  • Authentication may be performed by the authority verification server, or by the service processing server. In the following examples, technical solutions of authentication by the service processing server will be described. If using the authority verification server to authenticate, the attribute of operation type is carried in the authentication request.
  • the processor 1103 is configured to when the authentication request includes the operation type, transmit an authentication notification to the sender of the service operation request, receive authentication information returned by the sender of the service operation request; when the authentication information returned by the sender of the service operation request is matched with the operation type of the authentication request, determine that the authenticating is passed.
  • a certain time effectiveness may be configured to perform authority control for the operator of the service request.
  • the processor 1103 is further configured to before authenticating the sender of the service operation request, determine whether the sender of the service request passing the previous authentication is within a predetermined duration; if yes, determine the authenticating is passed.
  • FIG. 12 is a schematic diagram illustrating a structure of a server according to an example of the present disclosure. As shown in FIG. 12, the server includes a receiver 1201, a transmitter 1202, a processor 1203 and a memory 1204.
  • the processor 1203 is configured to receive an authentication request, and determine an operation type of the service operation request; when determining the operation type belongs to a pre-determined operation type, transmit an authentication notification to the sender of the service operation request, and receive authentication information returned by the sender of the service operation request; when the authentication information is matched with the operation type, determine that the authenticating is passed, and execute the service operation corresponding to the service operation request.
  • a service operation request is a request for executing a specific service operation.
  • the requested service operation may have an attribute of operation type.
  • the specific operation type may be set by a user.
  • operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc.
  • Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc.
  • Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc.
  • the specific operation request may have different sets of service operations.
  • the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure.
  • the operation types may be divided as a sensitive operation or a non-sensitive operation.
  • the sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
  • the server determines that the operation type of the service operation request belongs to a pre-determined operation type
  • an operation of a secondary authentication is initiated.
  • the service operation is executed.
  • it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
  • the pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure.
  • a certain time effectiveness may be configured to perform authority control for the operator of the service request.
  • the processor 1203 is further configured to before transmitting an authentication notification to the sender of the service operation request, determine whether the sender of the service request passing the previous authentication is within a predetermined duration; if yes, determine the authenticating is passed.
  • FIG. 13 is a schematic diagram illustrating a structure of a system according to an example of the present disclosure. As shown in FIG. 13, the system includes a service processing server 1301 and an authority verification server 1302.
  • the service processing server 1301 is the service processing server according to any one of examples provided in the present disclosure.
  • the authority verification server 1302 is the authority verification server according to any one of examples provided in the present disclosure.
  • the server determines that the operation type of the service operation request belongs to a pre-determined operation type.
  • an operation of a secondary authentication is initiated.
  • the service operation is executed.
  • the operator type and the service corresponding to the service operation it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
  • the modules are divided according to functions, but not limited to this kind of division, as long as the corresponding functions can be achieved.
  • the specific names of the modules are just used for differentiation, but not used for limiting the protection scope of the present disclosure.
  • the corresponding programs can be stored in a computer-readable storage medium.
  • the storage medium may be a Read Only Memory (ROM) , a magnetic disk, or a compact disk.

Abstract

Examples of the present disclosure provide a method, server and system. The method includes: receiving, by a service processing server, a service operation request, and determining an operation type of the service operation request; when determining the operation type belongs to a pre-determined operation type, transmitting, by the service processing server, an authentication request to an authority verification server to make the authority verification server authenticate a sender of the service operation request; and when receiving an indication of executing the service operation request, executing, by the service processing server, a service operation corresponding to the service operation request. When the server determines that the operation type of the service operation request belongs to a pre-determined operation type, an operation of a secondary authentication is initiated. After determining the authenticating is passed, the service operation is executed. According to the present disclosure, by separating the operator type and the service corresponding to the service operation, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.

Description

METHOD, SERVER AND SYSTEM FOR CONTROLING AUTHORITY
PRIORITY STATEMENT
This application claims the benefit of Chinese Patent Application No. 201310542555.4, filed on November 5, 2013, the disclosure of which is incorporated herein in its entirety by reference.
FIELD
The present disclosure relates to communication technologies, more particularly to a method, server and system for controlling an authority.
BACKGROUND
An authority refers to the scope of functional power, i.e., limitation on behavior. It includes the scope and degree of making a decision on issues by a worker in order to assure the efficient operation on the obligation.
In the field of communication technologies, it often needs to verify the authority of the users. In a general method, an operation type and an operator type are binded, i.e., the relationship between the operation type and the operator type is stored. In particular, after receiving an operation request, a service processing processor server determines an operation type and an operator type at first, and then determines whether the operation type has a corresponding authority; if yes, performs the operation; otherwise, rejects the operation.
For example, in an application of a super group management, there are managers with various authorities in a group. Each manager has different authorities according to its type. When managing the group, the super group owner may distribute part of authorities to the managers, which relates to distribution of sensitive authorities.
Generally, the group owner may have all authorities, i.e., the maximum number of authorities. The managers with distributed authorities may have more authorities than the group members.
SUMMARY
Examples of the present disclosure provide a method, server and system for controlling an authority. According to the present disclosure, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
A method for controlling an authority, comprising:
receiving, by a service processing server, a service operation request, and determining an operation type of the service operation request;
when determining the operation type belongs to a pre-determined operation type, transmitting, by the service processing server, an authentication request to an authority verification server to make the authority verification server authenticate a sender of the service operation request; and
when receiving an indication of executing the service operation request, executing, by the service processing server, a service operation corresponding to the service operation request.
A method for controlling an authority, comprising:
receiving, by an authority verification server, an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type;
after receiving the authentication request from the service processing server, authenticating, by the authority verification server, a sender of the service operation request; and
when determining that the authenticating is passed, transmitting, by the authority verification server, an indication of executing the service operation request to the service processing server.
A method for controlling an authority, comprising:
receiving a service operation request, and determining an operation type of the service operation request;
when determining the operation type belongs to a pre-determined operation type, transmitting an authentication notification to a sender of the service operation request, and receiving authentication information returned by the sender of the service operation request; and
when the authentication information is matched with the operation type, determining that the authenticating is passed, and executing a service operation corresponding to the service operation request.
A server, comprising:
a service request receiving module, configured to receive a service operation request;
a type determining module, configured to determine an operation type of the service operation request received in the service request receiving unit;
an authentication request transmitting module, configured to when determining that the operation type belongs to a pre-determined operation type, transmit an authentication request to an authority verification server to make the authority verification server authenticate the sender of the service operation request;
an indication receiving module, configured to receive an indication of executing the service operation request; and
a service executing module, configured to when the indication of executing the service operation request is received in the indication receiving module, execute the service operation corresponding to the service operation request.
A server, comprising:
an authentication request receiving module, configured to receive an authentication request from a service processing server; wherein the authentication request is  transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type;
an authentication module, configured to after receiving the authentication request from the service processing server, authenticate a sender of the service operation request;
an indication transmitting module, configured to when determining that the authenticating is passed, transmit an indication of executing the service operation request to the service processing server.
A server, comprising:
a request receiving module, configured to receive an authentication request, and receive authentication information returned by the sender of the service operation request;
a type determining module, configured to determine an operation type of the service operation request received in the request receiving module;
an notification transmitting module, configured to when determining the operation type belongs to a pre-determined operation type, transmit an authentication notification to the sender of the service operation request;
an authentication module, configured to when the authentication information is matched with the operation type, determine that the authenticating is passed; and
a service executing module, configured to when determining the authenticating is passed in the authentication module, execute a service operation corresponding to the service operation request.
A server, comprises a memory, and one or more programs stored in the memory and configured for execution by the one or more processors, the one or more programs including instructions to:
receive a service operation request, and determine an operation type of the service operation request;
when determining the operation type belongs to a pre-determined operation type, transmit an authentication request to an authority verification server to make the authority verification server authenticate a sender of the service operation request; and
when receiving an indication of executing the service operation request, execute a service operation corresponding to the service operation request.
A server, comprises a memory, and one or more programs stored in the memory and configured for execution by the one or more processors, the one or more programs including instructions to:
receive an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type;
after receiving the authentication request from the service processing server, authenticate a sender of the service operation request; and
when determining that the authenticating is passed, transmit an indication of executing the service operation request to the service processing server.
A server, comprises a memory, and one or more programs stored in the memory and configured for execution by the one or more processors, the one or more programs including instructions to:
receive a service operation request, and determine an operation type of the service operation request;
when determining the operation type belongs to a pre-determined operation type, transmit an authentication notification to a sender of the service operation request, and receive authentication information returned by the sender of the service operation request; and
when the authentication information is matched with the operation type, determine that the authenticating is passed, and execute a service operation corresponding to the service operation request.
BRIEF DESCRIPTION OF THE DRAWINGS
For a better understanding of the present disclosure, accompanying drawings to be used in description of the examples will be simply introduced hereinafter. Obviously, the accompanying drawings to be described hereinafter are only some examples of the present disclosure. Those skilled in the art may obtain other drawings according to these accompanying drawings without creative labor.
FIG. 1 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure.
FIG. 2 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure.
FIG. 3 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure.
FIG. 4 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure.
FIG. 5 is a schematic diagram illustrating a structure of a plug-in window according to an example of the present disclosure.
FIG. 6 is a schematic diagram illustrating a structure of a service processing server according to an example of the present disclosure.
FIG. 7 is a schematic diagram illustrating a structure of an authority verification server according to an example of the present disclosure.
FIG. 8 is a schematic diagram illustrating a structure of an authority verification server according to an example of the present disclosure.
FIG. 9 is a schematic diagram illustrating a structure of a server according to an example of the present disclosure.
FIG. 10 is a schematic diagram illustrating a structure of a service processing server according to an example of the present disclosure.
FIG. 11 is a schematic diagram illustrating a structure of an authority verification server according to an example of the present disclosure.
FIG. 12 is a schematic diagram illustrating a structure of a server according to an example of the present disclosure.
FIG. 13 is a schematic diagram illustrating a structure of a system according to an example of the present disclosure.
DETAILED DESCRIPTION
In the method of controlling the authority, control of all the operations are performed by a service processing server, and the authority control is performed according to the operator type. Because the service and the operator type (i.e., authority) are binded together, it is not good for customizing the second-level authority configuration, and not good for service updating and application.
In order to make the object, technical solution, and merits of the present disclosure clearer, the present disclosure will be illustrated in detail hereinafter with reference to the accompanying drawings and specific examples. Obviously, the examples to be described hereinafter are only a part of examples in the present disclosure, but not all the examples. According to these examples, those skilled in the art may obtain other examples without creative labor, which all belong to the scope protected by the present disclosure.
An example of the present disclosure provides a method for controlling an authority. The example is implemented at a service processing server side. FIG. 1 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure. As shown in FIG. 1, the method may include the following procedures.
In Block 101, a service processing server receives a service operation request, and determines an operation type of the service operation request.
A service operation request is a request for executing a specific service operation. The requested service operation may have an attribute of operation type. The specific operation type may be set by a user. For example, operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc. Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc. Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc. With respect to different services, the specific operation request may have different sets of service operations. In the set of service operations, there may be a sensitive problem for different service operations according to the corresponding operation object. For example, in the above-described examples, operations for other group members and operations of delivering some information might be sensitive, so that it needs to control. Hence, different service operations may have an attribute of operation type. Generally, the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure. As one example, the operation types may be divided as a sensitive operation or a non-sensitive operation. The sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
In Block 102, when determining the operation type belongs to a pre-determined operation type, the service processing server transmits an authentication request to an authority verification server to make the authority verification server authenticate the sender of the service operation request.
Because it needs to control the service operations of the user, it is necessary to pre-determine, in particular, which operation types need to be controlled and in which level of control. The pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure. There may be different ways of authentication for different operation types. For example, if the operation types are divided  into levels, only when the operation type belongs to a pre-determined level, the corresponding authentication is used, such as authentication only using an authentication code, authentication using a password. Authentication may be performed by the authority verification server, or by the service processing server. In the following examples, technical solutions of authentication by the service processing server will be described. If using the authority verification server to authenticate, the attribute of operation type is carried in the authentication request. In particular, when the operation type is carried in the authentication request, the authority verification server authenticating the sender of the service operation request includes: the authority verification server authenticating the sender of the service operation request according to the authentication corresponding to the operation type.
In Block 103, when receiving an indication of executing the service operation request, the service processing server executes the service operation corresponding to the service operation request.
The indication of executing the service operation request may be given by a command or informed by information. For example, the command indicates executing the service operation corresponding to the service operation request, or, by informing the authentication result of the service operation request is passing the authentication, the service processing server knows to execute the service operation corresponding to the service operation request. Hence, there are various ways to indicate executing the service operation corresponding to the service operation request. The specific indicating ways do not impact the implementation of examples in the present disclosure, which are not defined in detail in the present disclosure.
In the above-described example, when the server determines that the operation type of the service operation request belongs to a pre-determined operation type, an operation of a secondary authentication is initiated. After determining the authenticating is passed, the service operation is executed. In the example, by separating the operator type and the service corresponding to the service operation, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
Another example of the present disclosure provides a method for controlling an authority. The example is implemented at an authority verification server side. FIG. 2 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure. As shown in FIG. 2, the method may include the following procedures.
In Block 201, an authority verification server receives an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type.
A service operation request is a request for executing a specific service operation. The requested service operation may have an attribute of operation type. The specific operation type may be set by a user. For example, operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc. Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc. Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc. With respect to different services, the specific operation request may have different sets of service operations. In the set of service operations, there may be a sensitive problem for different service operations according to the corresponding operation object. For example, in the above-described examples, operations for other group members and operations of delivering some information might be sensitive, so that it needs to control. Hence, different service operations may have an attribute of operation type. Generally, the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure. As one example, the operation types may be divided as a sensitive operation or a non-sensitive operation. The sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
In Block 202, after receiving the authentication request from the service processing server, the authority verification server authenticates the sender of the service operation request.
Because it needs to control the service operations of the user, it is necessary to pre-determine, in particular, which operation types need to be controlled and in which level of control. The pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure. There may be different ways of authentication for different operation types. For example, if the operation types are divided into levels, only when the operation type belongs to a pre-determined level, the corresponding authentication is used, such as authentication only using an authentication code, authentication using a password. Authentication may be performed by the authority verification server, or by the service processing server. In the following examples, technical solutions of authentication by the service processing server will be described. If using the authority verification server to authenticate, the attribute of operation type is carried in the authentication request. In particular, when the operation type is carried in the authentication request, authenticating the sender of the service operation request includes: transmitting an authentication notification to the sender of the service operation request, receiving authentication information returned by the sender of the service operation request, if the authentication information is matched with the operation type corresponding to the authentication request, determining the authenticating is passed.
With respect to the sender of the operation request, if it is ever performed by executing a certain type of service operation, it is much possible to always have such authority. In order to avoid increased complexity of user operations caused by several authentications, and reduce the signaling overhead, in the examples of the present disclosure, a certain time effectiveness may be configured to perform authority control for the operator of the service request. Preferably, before authenticating the sender of the service operation request, it further includes: determining whether the sender of the service request passing the previous authentication is within a predetermined duration; if yes, determining the authenticating is passed.
In Block 203, when determining the authenticating is passed, the authority verification server transmits an indication of executing the service operation request to the service processing server.
The indication of executing the service operation request may be given by a command or informed by information. For example, the command indicates executing the  service operation corresponding to the service operation request, or, by informing the authentication result of the service operation request is passing the authentication, the service processing server knows to execute the service operation corresponding to the service operation request. Hence, there are various ways to indicate executing the service operation corresponding to the service operation request. The specific indicating ways do not impact the implementation of examples in the present disclosure, which are not defined in detail in the present disclosure.
In the above-described examples, when the server determines that the operation type of the service operation request belongs to a pre-determined operation type, an operation of a secondary authentication is initiated. After determining the authenticating is passed, the service operation is executed. In the example, by separating the operator type and the service corresponding to the service operation, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
Yet another example of the present disclosure provides a method for controlling an authority. This example is implemented at a server side. Compared with previous two examples, this example has a merit of intensification, while previous two examples may be better combined with the current server architecture. Those skilled in the art may select one of them based on the needs of practical applications. FIG. 3 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure. As shown in FIG. 3, the method may include the following procedures.
In Block 301, receive an authentication request, and determine an operation type of the service operation request.
A service operation request is a request for executing a specific service operation. The requested service operation may have an attribute of operation type. The specific operation type may be set by a user. For example, operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc. Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc. Operations for other group members  may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc. With respect to different services, the specific operation request may have different sets of service operations. In the set of service operations, there may be a sensitive problem for different service operations according to the corresponding operation object. For example, in the above-described examples, operations for other group members and operations of delivering some information might be sensitive, so that it needs to control. Hence, different service operations may have an attribute of operation type. Generally, the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure. As one example, the operation types may be divided as a sensitive operation or a non-sensitive operation. The sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
In Block 302, when determining the operation type belongs to a pre-determined operation type, transmit an authentication notification to the sender of the service operation request, and receive authentication information returned by the sender of the service operation request.
Because it needs to control the service operations of the user, it is necessary to pre-determine, in particular, which operation types need to be controlled and in which level of control. The pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure. There may be different ways of authentication for different operation types. For example, if the operation types are divided into levels, only when the operation type belongs to a pre-determined level, the corresponding authentication is used, such as authentication only using an authentication code, authentication using a password.
With respect to the sender of the operation request, if it is ever performed by executing a certain type of service operation, it is much possible to always have such authority. In order to avoid increased complexity of user operations caused by several authentications, and reduce the signaling overhead, in the examples of the present disclosure, a certain time effectiveness may be configured to perform authority control for the operator of the service request. Preferably, before authenticating the sender of the service operation  request, it further includes: determining whether the sender of the service request passing the previous authentication is within a predetermined duration; if yes, determining the authenticating is passed.
In Block 303, when the authentication information is matched with the operation type, determining the authenticating is passed, and executing the service operation corresponding to the service operation request.
In the above-described examples, when the server determines that the operation type of the service operation request belongs to a pre-determined operation type, an operation of a secondary authentication is initiated. After determining the authenticating is passed, the service operation is executed. In the example, by separating the operator type and the service corresponding to the service operation, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
Yet another example of the present disclosure provides a method for controlling an authority. The example is implemented in a server side. Compared with previous two examples, the example has a merit of intensification, while previous two examples may be better combined with the current server architecture. Those skilled in the art may select one of them based on the needs of practical applications. FIG. 3 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure. As shown in FIG. 3, the method may include the following procedures.
In the following example, the present disclosure will be illustrated in detail hereinafter with reference to the group management. In this example, the authority verification server is used for authentication operation. The example as described above in FIG. 3 is implemented at a server side, and has a merit of intensification, while the following example may be better combined with the current server architecture. Those skilled in the art may select one of them based on the needs of practical applications. Hence, the system architecture of the example cannot be understood as the unique architecture for applications of the present disclosure. In order to solve the problem of simple authority control and stealing of sensitive authorities, in the examples of the present disclosure, on the basis of using authority control of the user type, a strategy of second authority verification is added.  FIG. 4 is a flow diagram illustrating a method for controlling an authority according to an example of the present disclosure. As shown in FIG. 4, the method may include the following procedures.
In Block 401, a client sends a service operation request for requesting a service operation to a service processing server.
In Block 402, the service processing server performs a judgment for sensitive authority, and determines whether the service operation belongs to a sensitive service operation.
In Block 403, if yes in Block 402, i.e., when determining that the service operation belongs to a sensitive service operation, the service processing server transmits an authentication request to an authority verification server to request for authentication of sensitive authority.
The service processing server may transmit information of sensitive operation to the authority verification server to request authentication of sensitive authority. Ways to transmitting information by the service processing server are not defined in the present disclosure.
In Block 404, the authority verification server verifies whether the authentication for the user is within an effective duration; if yes, perform Block 405; otherwise, perform Block 408.
The effective duration may be configured according to specific services, which is not defined in the present disclosure.
In Block 405, when verifying that the authentication for the user exceeds the effective duration, the authority verification server transmits a verification command to notify the user for the secondary authentication.
In Block 406, after receiving the verification command, the client prompts the user for authority authentication, and after the user inputs the authentication information, sends to the authority verification server a request for the secondary authentication for the user, in which the authentication information is carried.
When a common manager changes a room card, if a secondary authority authentication is configured for the room owner, a room management password authentication interface as shown FIG. 5 is present in the manger interface. Only when the manger inputs a correct room management password, the sensitive operation is allowed to execute. In order to avoid frequent reminders of inputting password for authentication when the manger performs the sensitive operation, it does not need to input the password again for sensitive operation within a duration after the authority authentication is successful.
In FIG. 5, the following are shown: 1, item: “Password Authentication” ; 2, operation reminder: “please input manger password” ; 3, input box, and close (i.e., shown as X), “OK” and “Cancel” . The specific interface may be modified and extended based on demands, which is not defined in the present disclosure.
In Block 407, the authority verification server performs authentication verification; if it is passed, perform 408; otherwise, notify the service processing server that the authentication is not passed.
In Block 408, the authority verification server transmits a command to the service processing server, and notifies the service processing server for service execution.
In Block 409, after finishing the service processing, the service processing server returns to the client the result of service operation.
In the above-described example, in Block 404, if it is assured that within the effective duration, it can be determined that the authenticating is passed, the Block 405 and Block 406 cannot be performed, and the Block 409 can also not be performed.
In the above example, a simple and reliable strategy of secondary authentication is used to authenticate the sensitive operation, and the plug-in authentication mechanism by popping up an authentication password window is considered. This example can support various services and improve user experience.
An example of the present disclosure also provides a service processing server. FIG. 6 is a schematic diagram illustrating a structure of a service processing server according  to an example of the present disclosure. As shown in FIG. 6, the service processing server includes:
a service request receiving module 601, configured to receive a service operation request;
type determining module 602, configured to determine an operation type of the service operation request received in the service request receiving unit 601;
an authentication request transmitting module 603, configured to when determining the operation type belongs to a pre-determined operation type, transmit an authentication request to an authority verification server to make the authority verification server authenticate the sender of the service operation request;
an indication receiving module 604, configured to receive an indication of executing the service operation request;
service executing module 605, configured to when the indication of executing the service operation request is received in the indication receiving module 604, execute the service operation corresponding to the service operation request.
In the example, a service operation request is a request for executing a specific service operation. The requested service operation may have an attribute of operation type. The specific operation type may be set by a user. For example, operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc. Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc. Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc. With respect to different services, the specific operation request may have different sets of service operations. In the set of service operations, there may be a sensitive problem for different service operations according to the corresponding operation object. For example, in the above-described examples, operations for other group members and operations of delivering some information might be sensitive, so that it needs to control. Hence, different  service operations may have an attribute of operation type. Generally, the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure. As one example, the operation types may be divided as a sensitive operation or a non-sensitive operation. The sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
The indication of executing the service operation request may be given by a command or informed by information. For example, the command indicates executing the service operation corresponding to the service operation request, or, by informing the authentication result of the service operation request is passing the authentication, the service processing server knows to execute the service operation corresponding to the service operation request. Hence, there are various ways to indicate executing the service operation corresponding to the service operation request. The specific indicating ways do not impact the implementation of examples in the present disclosure, which are not defined in detail in the present disclosure.
In the above-described examples, when the server determines that the operation type of the service operation request belongs to a pre-determined operation type, an operation of a secondary authentication is initiated. After determining the authenticating is passed, the service operation is executed. In the example, by separating the operator type and the service corresponding to the service operation, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
Because it needs to control the service operations of the user, it is necessary to pre-determine, in particular, which operation types need to be controlled and in which level of control. The pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure. There may be different ways of authentication for different operation types. For example, if the operation types are divided into levels, only when the operation type belongs to a pre-determined level, the corresponding authentication is used, such as authentication only using an authentication code, authentication using a password. Authentication may be performed by the authority  verification server, or by the service processing server. In the following examples, technical solutions of authentication by the service processing server will be described. If using the authority verification server to authenticate, the attribute of operation type is carried in the authentication request. In particular, optionally, the authentication request transmitting module 603 is configured to transmit an authentication request, in which the operation type is carried, to make the authority verification server authenticate the sender of the service operation request according to the authentication corresponding to the operation type.
An example of the present disclosure also provides an authority verification server. FIG. 7 is a schematic diagram illustrating a structure of an authority verification server according to an example of the present disclosure. As shown in FIG. 7, the authority verification server includes:
an authentication request receiving module 701, configured to receive an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type;
an authentication module 702, configured to after receiving the authentication request from the service processing server, authenticate the sender of the service operation request;
an indication transmitting module 703, configured to when determining the authenticating is passed, transmit an indication of executing the service operation request to the service processing server.
A service operation request is a request for executing a specific service operation. The requested service operation may have an attribute of operation type. The specific operation type may be set by a user. For example, operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc. Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc. Operations for other group members  may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc. With respect to different services, the specific operation request may have different sets of service operations. In the set of service operations, there may be a sensitive problem for different service operations according to the corresponding operation object. For example, in the above-described examples, operations for other group members and operations of delivering some information might be sensitive, so that it needs to control. Hence, different service operations may have an attribute of operation type. Generally, the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure. As one example, the operation types may be divided as a sensitive operation or a non-sensitive operation. The sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
The indication of executing the service operation request may be given by a command or informed by information. For example, the command indicates executing the service operation corresponding to the service operation request, or, by informing the authentication result of the service operation request is passing the authentication, the service processing server knows to execute the service operation corresponding to the service operation request. Hence, there are various ways to indicate executing the service operation corresponding to the service operation request. The specific indicating ways do not impact the implementation of examples in the present disclosure, which are not defined in detail in the present disclosure.
In the above-described example, when the server determines that the operation type of the service operation request belongs to a pre-determined operation type, an operation of a secondary authentication is initiated. After determining the authenticating is passed, the service operation is executed. In the example, by separating the operator type and the service corresponding to the service operation, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
Because it needs to control the service operations of the user, it is necessary to pre-determine, in particular, which operation types need to be controlled and in which level  of control. The pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure. There may be different ways of authentication for different operation types. For example, if the operation types are divided into levels, only when the operation type belongs to a pre-determined level, the corresponding authentication is used, such as authentication only using an authentication code, authentication using a password. Authentication may be performed by the authority verification server, or by the service processing server. In the following examples, technical solutions of authentication by the service processing server will be described. If using the authority verification server to authenticate, the attribute of operation type is carried in the authentication request. In particular, optionally, as shown in FIG. 8, the authentication module 702 includes:
an authentication notification transmitting module 801, configured to when the authentication request received in the authentication request receiving module 701 includes the operation type, transmit an authentication notification to the sender of the service operation request;
an authentication sub-module 802, configured to determine whether the authentication information returned by the sender of the service operation request is matched with the operation type of the authentication request; if yes, determine that the authenticating is passed.
With respect to the sender of the operation request, if it is ever performed by executing a certain type of service operation, it is much possible to always have such authority. In order to avoid increased complexity of user operations caused by several authentications, and reduce the signaling overhead, in the examples of the present disclosure, a certain time effectiveness may be configured to perform authority control for the operator of the service request. Preferably, the authentication module 702 is further configured to before authenticating the sender of the service operation request, determine whether the sender of the service request passing the previous authentication is within a predetermined duration; if yes, determine the authenticating is passed.
An example of the present disclosure also provides a server. FIG. 9 is a schematic diagram illustrating a structure of a server according to an example of the present disclosure. As shown in FIG. 9, the server includes:
request receiving module 901, configured to receive an authentication request, and receive the authentication information returned by the sender of the service operation request;
type determining module 902, configured to determine an operation type of the service operation request received in the request receiving module 901;
an notification transmitting module 903, configured to when determining the operation type belongs to a pre-determined operation type, transmit an authentication notification to the sender of the service operation request;
an authentication module 904, configured to when the authentication information is matched with the operation type, determine that the authenticating is passed;
service executing module 905, configured to when determining the authenticating is passed in the authentication module 904, execute the service operation corresponding to the service operation request.
In the example of the present disclosure, a service operation request is a request for executing a specific service operation. The requested service operation may have an attribute of operation type. The specific operation type may be set by a user. For example, operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc. Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc. Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc. With respect to different services, the specific operation request may have different sets of service operations. In the set of service operations, there may be a sensitive problem for different service operations according to the corresponding operation object. For example, in the above-described examples, operations for other group members  and operations of delivering some information might be sensitive, so that it needs to control. Hence, different service operations may have an attribute of operation type. Generally, the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure. As one example, the operation types may be divided as a sensitive operation or a non-sensitive operation. The sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
In the above-described example, when the server determines that the operation type of the service operation request belongs to a pre-determined operation type, an operation of a secondary authentication is initiated. After determining the authenticating is passed, the service operation is executed. In the example, by separating the operator type and the service corresponding to the service operation, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
Because it needs to control the service operations of the user, it is necessary to pre-determine, in particular, which operation types need to be controlled and in which level of control. The pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure. There may be different ways of authentication for different operation types. For example, if the operation types are divided into levels, only when the operation type belongs to a pre-determined level, the corresponding authentication is used, such as authentication only using an authentication code, authentication using a password.
With respect to the sender of the operation request, if it is ever performed by executing a certain type of service operation, it is much possible to always have such authority. In order to avoid increased complexity of user operations caused by several authentications, and reduce the signaling overhead, in the examples of the present disclosure, a certain time effectiveness may be configured to perform authority control for the operator of the service request. In particular, optionally, the authentication module 904 is further configured to before transmitting an authentication notification to the sender of the service operation request in the notification transmitting module 903, determine whether the sender  of the service request passing the previous authentication is within a predetermined duration; if yes, determine the authenticating is passed.
An example of the present disclosure also provides another service processing server. FIG. 10 is a schematic diagram illustrating a structure of a service processing server according to an example of the present disclosure. As shown in FIG. 10, the service processing server includes a receiver 1001, a transmitter 1002, a processor 1003 and a memory 1004.
The processor 1003 is configured to receive a service operation request, and determine an operation type of the service operation request; when determining the operation type belongs to a pre-determined operation type, transmit an authentication request to an authority verification server to make the authority verification server authenticate the sender of the service operation request; when receiving an indication of executing the service operation request, execute the service operation corresponding to the service operation request.
In the example of the present disclosure, a service operation request is a request for executing a specific service operation. The requested service operation may have an attribute of operation type. The specific operation type may be set by a user. For example, operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc. Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc. Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc. With respect to different services, the specific operation request may have different sets of service operations. In the set of service operations, there may be a sensitive problem for different service operations according to the corresponding operation object. For example, in the above-described examples, operations for other group members and operations of delivering some information might be sensitive, so that it needs to control. Hence, different service operations may have an attribute of operation type. Generally, the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present  disclosure. As one example, the operation types may be divided as a sensitive operation or a non-sensitive operation. The sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
The indication of executing the service operation request may be given by a command or informed by information. For example, the command indicates executing the service operation corresponding to the service operation request, or, by informing the authentication result of the service operation request is passing the authentication, the service processing server knows to execute the service operation corresponding to the service operation request. Hence, there are various ways to indicate executing the service operation corresponding to the service operation request. The specific indicating ways do not impact the implementation of examples in the present disclosure, which are not defined in detail in the present disclosure.
In the above-described example, when the server determines that the operation type of the service operation request belongs to a pre-determined operation type, an operation of a secondary authentication is initiated. After determining the authenticating is passed, the service operation is executed. In the example, by separating the operator type and the service corresponding to the service operation, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
Because it needs to control the service operations of the user, it is necessary to pre-determine, in particular, which operation types need to be controlled and in which level of control. The pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure. There may be different ways of authentication for different operation types. For example, if the operation types are divided into levels, only when the operation type belongs to a pre-determined level, the corresponding authentication is used, such as authentication only using an authentication code, authentication using a password. Authentication may be performed by the authority verification server, or by the service processing server. In the following examples, technical solutions of authentication by the service processing server will be described. If using the authority verification server to authenticate, the attribute of operation type is carried in the  authentication request. In particular, optionally, the processor 1003 is configured to when the operation type is carried in the authentication request, make the authority verification server authenticate the sender of the service operation request according to the authentication corresponding to the operation type.
An example of the present disclosure also provides another authority verification server. FIG. 11 is a schematic diagram illustrating a structure of an authority verification server according to an example of the present disclosure. As shown in FIG. 11, the authority verification server includes a receiver 1101, a transmitter 1102, a processor 1103 and a memory 1104.
The processor 1103 is configured to receive an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determine an operation type of the service operation request belongs to a pre-determined operation type; after the authority verification server receives the authentication request from the service processing server, authenticate the sender of the service operation request; when the authority verification server determines the authenticating is passed, transmit an indication of executing the service operation request to the service processing server.
A service operation request is a request for executing a specific service operation. The requested service operation may have an attribute of operation type. The specific operation type may be set by a user. For example, operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc. Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc. Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc. With respect to different services, the specific operation request may have different sets of service operations. In the set of service operations, there may be a sensitive problem for different service operations according to the corresponding operation object. For example, in the above-described examples, operations for other group members and operations of delivering some information might be sensitive, so that it needs to control. Hence, different service operations  may have an attribute of operation type. Generally, the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure. As one example, the operation types may be divided as a sensitive operation or a non-sensitive operation. The sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
The indication of executing the service operation request may be given by a command or informed by information. For example, the command indicates executing the service operation corresponding to the service operation request, or, by informing the authentication result of the service operation request is passing the authentication, the service processing server knows to execute the service operation corresponding to the service operation request. Hence, there are various ways to indicate executing the service operation corresponding to the service operation request. The specific indicating ways do not impact the implementation of examples in the present disclosure, which are not defined in detail in the present disclosure.
In the above-described example, when the server determines that the operation type of the service operation request belongs to a pre-determined operation type, an operation of a secondary authentication is initiated. After determining the authenticating is passed, the service operation is executed. In the example, by separating the operator type and the service corresponding to the service operation, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
Because it needs to control the service operations of the user, it is necessary to pre-determine, in particular, which operation types need to be controlled and in which level of control. The pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure. There may be different ways of authentication for different operation types. For example, if the operation types are divided into levels, only when the operation type belongs to a pre-determined level, the corresponding authentication is used, such as authentication only using an authentication code, authentication using a password. Authentication may be performed by the authority verification server, or by the service processing server. In the following examples, technical  solutions of authentication by the service processing server will be described. If using the authority verification server to authenticate, the attribute of operation type is carried in the authentication request. In particular, the processor 1103 is configured to when the authentication request includes the operation type, transmit an authentication notification to the sender of the service operation request, receive authentication information returned by the sender of the service operation request; when the authentication information returned by the sender of the service operation request is matched with the operation type of the authentication request, determine that the authenticating is passed.
With respect to the sender of the operation request, if it is ever performed by executing a certain type of service operation, it is much possible to always have such authority. In order to avoid increased complexity of user operations caused by several authentications, and reduce the signaling overhead, in the examples of the present disclosure, a certain time effectiveness may be configured to perform authority control for the operator of the service request. In particular, preferably, the processor 1103 is further configured to before authenticating the sender of the service operation request, determine whether the sender of the service request passing the previous authentication is within a predetermined duration; if yes, determine the authenticating is passed.
An example of the present disclosure also provides another server. FIG. 12 is a schematic diagram illustrating a structure of a server according to an example of the present disclosure. As shown in FIG. 12, the server includes a receiver 1201, a transmitter 1202, a processor 1203 and a memory 1204.
The processor 1203 is configured to receive an authentication request, and determine an operation type of the service operation request; when determining the operation type belongs to a pre-determined operation type, transmit an authentication notification to the sender of the service operation request, and receive authentication information returned by the sender of the service operation request; when the authentication information is matched with the operation type, determine that the authenticating is passed, and execute the service operation corresponding to the service operation request.
In the example of the present disclosure, a service operation request is a request for executing a specific service operation. The requested service operation may have an  attribute of operation type. The specific operation type may be set by a user. For example, operations of delivering information may include delivering information of common words, delivering information of words with special effects, delivering information of a voice, delivering a default picture, delivering a specific picture, delivering a voice, etc. Operations of initiating a group may include initiating a group voice, initiating a group video conference, etc. Operations for other group members may include deleting common group members, deleting specific group members, change names of group members, setting member types of group members, etc. With respect to different services, the specific operation request may have different sets of service operations. In the set of service operations, there may be a sensitive problem for different service operations according to the corresponding operation object. For example, in the above-described examples, operations for other group members and operations of delivering some information might be sensitive, so that it needs to control. Hence, different service operations may have an attribute of operation type. Generally, the attributes of operation types may be divided in terms of levels, or each service operation has an attribute of operation type, which is not defined in detail in the examples of the present disclosure. As one example, the operation types may be divided as a sensitive operation or a non-sensitive operation. The sensitive operation may be defined as management related to sensitive operations, such as allocation and retrieve by the manager, room architecture, and name adjustment, etc.
In the above-described example, when the server determines that the operation type of the service operation request belongs to a pre-determined operation type, an operation of a secondary authentication is initiated. After determining the authenticating is passed, the service operation is executed. In the example, by separating the operator type and the service corresponding to the service operation, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
Because it needs to control the service operations of the user, it is necessary to pre-determine, in particular, which operation types need to be controlled and in which level of control. The pre-determined operation type may be pre-set based on needs. How to pre-set is not defined in detail in the example of the present disclosure. There may be different ways of authentication for different operation types. For example, if the operation types are divided  into levels, only when the operation type belongs to a pre-determined level, the corresponding authentication is used, such as authentication only using an authentication code, authentication using a password.
With respect to the sender of the operation request, if it is ever performed by executing a certain type of service operation, it is much possible to always have such authority. In order to avoid increased complexity of user operations caused by several authentications, and reduce the signaling overhead, in the examples of the present disclosure, a certain time effectiveness may be configured to perform authority control for the operator of the service request. In particular, the processor 1203 is further configured to before transmitting an authentication notification to the sender of the service operation request, determine whether the sender of the service request passing the previous authentication is within a predetermined duration; if yes, determine the authenticating is passed.
An example of the present disclosure also provides a system for controlling an authority. FIG. 13 is a schematic diagram illustrating a structure of a system according to an example of the present disclosure. As shown in FIG. 13, the system includes a service processing server 1301 and an authority verification server 1302.
The service processing server 1301 is the service processing server according to any one of examples provided in the present disclosure;
The authority verification server 1302 is the authority verification server according to any one of examples provided in the present disclosure.
When the server determines that the operation type of the service operation request belongs to a pre-determined operation type, an operation of a secondary authentication is initiated. After determining the authenticating is passed, the service operation is executed. In the example, by separating the operator type and the service corresponding to the service operation, it is flexible to configure the authority for the user, and the customized second-level authority configuration is achieved, so that the service can be flexibly applied and updated.
It should be noted that, in the examples of the server, the service processing server and the authority verification server, the modules are divided according to functions, but not  limited to this kind of division, as long as the corresponding functions can be achieved. In addition, the specific names of the modules are just used for differentiation, but not used for limiting the protection scope of the present disclosure.
In addition, it can be understood by those skilled in the art that all or part of steps in the above-described examples of the present disclosure can be implemented by instruct related hardwares by programs. The corresponding programs can be stored in a computer-readable storage medium. The storage medium may be a Read Only Memory (ROM) , a magnetic disk, or a compact disk.
The foregoing is preferred examples of the present disclosure, which is not used for limiting the protection scope of the present disclosure. Any modifications and equivalent substitutions made by those skilled in the art within the spirit and principle of the present disclosure, should be covered by the protection scope of the present disclosure. Hence, the protection scope of the present disclosure should be determined by the protection scope of claims.

Claims (17)

  1. A method for controlling an authority, comprising:
    receiving, by a service processing server, a service operation request, and determining an operation type of the service operation request;
    when determining the operation type belongs to a pre-determined operation type, transmitting, by the service processing server, an authentication request to an authority verification server to make the authority verification server authenticate a sender of the service operation request; and
    when receiving an indication of executing the service operation request, executing, by the service processing server, a service operation corresponding to the service operation request.
  2. The method according to claim 1, wherein when the operation type is carried in the authentication request, making the authority verification server authenticate the sender of the service operation request comprises:
    making the authority verification server authenticate the sender of the service operation request according to an authentication corresponding to the operation type.
  3. A method for controlling an authority, comprising:
    receiving, by an authority verification server, an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type;
    after receiving the authentication request from the service processing server, authenticating, by the authority verification server, a sender of the service operation request; and
    when determining that the authenticating is passed, transmitting, by the authority verification server, an indication of executing the service operation request to the service processing server.
  4. The method according to claim 3, wherein when the operation type is carried in the authentication request, authenticating the sender of the service operation request comprises:
    transmitting an authentication notification to the sender of the service operation  request; receiving authentication information returned by the sender of the service operation request; when the authentication information is matched with the operation type corresponding to the authentication request, determining that the authenticating is passed.
  5. The method according to claim 3 or 4, further comprising:
    determining whether the sender of the service request passing a previous authentication is within a predetermined duration; if yes, determining that the authenticating is passed.
  6. A method for controlling an authority, comprising:
    receiving a service operation request, and determining an operation type of the service operation request;
    when determining the operation type belongs to a pre-determined operation type, transmitting an authentication notification to a sender of the service operation request, and receiving authentication information returned by the sender of the service operation request; and
    when the authentication information is matched with the operation type, determining that the authenticating is passed, and executing a service operation corresponding to the service operation request.
  7. The method according to claim 6, further comprising:
    determining whether the sender of the service request passing a previous authentication is within a predetermined duration; if yes, determining that the authenticating is passed.
  8. A server, comprising:
    a service request receiving module, configured to receive a service operation request;
    a type determining module, configured to determine an operation type of the service operation request received in the service request receiving unit;
    an authentication request transmitting module, configured to when determining that the operation type belongs to a pre-determined operation type, transmit an authentication request to an authority verification server to make the authority verification server authenticate the sender of the service operation request;
    an indication receiving module, configured to receive an indication of executing the service operation request; and
    a service executing module, configured to when the indication of executing the  service operation request is received in the indication receiving module, execute the service operation corresponding to the service operation request.
  9. The server according to claim 8, wherein the authentication request transmitting module is configured to transmit an authentication request, in which the operation type is carried, to make the authority verification server authenticate the sender of the service operation request according to the authentication corresponding to the operation type.
  10. A server, comprising:
    an authentication request receiving module, configured to receive an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type;
    an authentication module, configured to after receiving the authentication request from the service processing server, authenticate a sender of the service operation request;
    an indication transmitting module, configured to when determining that the authenticating is passed, transmit an indication of executing the service operation request to the service processing server.
  11. The server according to claim 10, wherein the authentication module comprises:
    an authentication notification transmitting module, configured to when the authentication request received in the authentication request receiving module includes the operation type, transmit an authentication notification to the sender of the service operation request; and
    an authentication sub-module, configured to determine whether authentication information returned by the sender of the service operation request is matched with the operation type of the authentication request; if yes, determine that the authenticating is passed.
  12. The server according to claim 10 or 11, wherein the authentication module is further configured to before authenticating the sender of the service operation request, determine whether the sender of the service request passing a previous authentication is within a predetermined duration; if yes, determining that the authenticating is passed.
  13. A server, comprising:
    a request receiving module, configured to receive an authentication request, and receive authentication information returned by the sender of the service operation request;
    a type determining module, configured to determine an operation type of the service  operation request received in the request receiving module;
    an notification transmitting module, configured to when determining the operation type belongs to a pre-determined operation type, transmit an authentication notification to the sender of the service operation request;
    an authentication module, configured to when the authentication information is matched with the operation type, determine that the authenticating is passed; and
    a service executing module, configured to when determining the authenticating is passed in the authentication module, execute a service operation corresponding to the service operation request.
  14. The server according to claim 13, wherein the authentication module is further configured to before transmitting the authentication notification to the sender of the service operation request in the notification transmitting module, determine whether the sender of the service request passing a previous authentication is within a predetermined duration; if yes, determine that the authenticating is passed.
  15. A server, comprises a memory, and one or more programs stored in the memory and configured for execution by the one or more processors, the one or more programs including instructions to:
    receive a service operation request, and determine an operation type of the service operation request;
    when determining the operation type belongs to a pre-determined operation type, transmit an authentication request to an authority verification server to make the authority verification server authenticate a sender of the service operation request; and
    when receiving an indication of executing the service operation request, execute a service operation corresponding to the service operation request.
  16. A server, comprises a memory, and one or more programs stored in the memory and configured for execution by the one or more processors, the one or more programs including instructions to:
    receive an authentication request from a service processing server; wherein the authentication request is transmitted after the service processing server receives a service operation request and determines an operation type of the service operation request belongs to a pre-determined operation type;
    after receiving the authentication request from the service processing server,  authenticate a sender of the service operation request; and
    when determining that the authenticating is passed, transmit an indication of executing the service operation request to the service processing server.
  17. A server, comprises a memory, and one or more programs stored in the memory and configured for execution by the one or more processors, the one or more programs including instructions to:
    receive a service operation request, and determine an operation type of the service operation request;
    when determining the operation type belongs to a pre-determined operation type, transmit an authentication notification to a sender of the service operation request, and receive authentication information returned by the sender of the service operation request; and
    when the authentication information is matched with the operation type, determine that the authenticating is passed, and execute a service operation corresponding to the service operation request.
PCT/CN2014/090216 2013-11-05 2014-11-04 Method, server and system for controling authority WO2015067163A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310542555.4A CN103546489B (en) 2013-11-05 2013-11-05 Method, server and system for authority control
CN201310542555.4 2013-11-05

Publications (1)

Publication Number Publication Date
WO2015067163A1 true WO2015067163A1 (en) 2015-05-14

Family

ID=49969536

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/090216 WO2015067163A1 (en) 2013-11-05 2014-11-04 Method, server and system for controling authority

Country Status (2)

Country Link
CN (1) CN103546489B (en)
WO (1) WO2015067163A1 (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105205388B (en) * 2014-06-05 2019-03-15 腾讯科技(深圳)有限公司 A kind of right management method and system of application program
CN104270526A (en) * 2014-09-29 2015-01-07 广东欧珀移动通信有限公司 Data traffic control method and system for mobile terminal
CN104301328A (en) * 2014-10-29 2015-01-21 北京思特奇信息技术股份有限公司 Resource operation safety authentication method and system under cloud calculation environment
CN106982187B (en) * 2016-01-15 2020-12-01 中兴通讯股份有限公司 Resource authorization method and device
CN108268798B (en) * 2017-06-30 2023-09-05 勤智数码科技股份有限公司 Data item authority allocation method and system
CN108566327B (en) * 2018-01-09 2021-11-30 徐玉强 Data processing method and device for chat application
CN109740328B (en) * 2019-01-08 2021-07-02 广州虎牙信息科技有限公司 Authority identification method and device, computer equipment and storage medium
CN110795709B (en) * 2019-10-31 2022-08-12 北京达佳互联信息技术有限公司 Method and device for performing business operation, electronic equipment and storage medium
CN113938879A (en) * 2020-06-29 2022-01-14 华为技术有限公司 Communication method and communication device
CN112085326A (en) * 2020-07-31 2020-12-15 廊坊市科维配电技术开发有限公司 Energy consumption management method and equipment
CN113364765A (en) * 2021-06-03 2021-09-07 北京天融信网络安全技术有限公司 Cloud operation and maintenance auditing method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101262590A (en) * 2007-12-21 2008-09-10 深圳市同洲电子股份有限公司 Multi-service integration system, device and method
CN101431659A (en) * 2008-12-08 2009-05-13 中兴通讯股份有限公司 Interactive Web TV system and its processing method
CN101834834A (en) * 2009-03-09 2010-09-15 华为软件技术有限公司 Authentication method, device and system
CN103546189A (en) * 2013-11-13 2014-01-29 苏州华士无线科技有限公司 Radio-frequency front end circuit and system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100393166C (en) * 2004-11-19 2008-06-04 中兴通讯股份有限公司 Method and device for realizing PHS wireless network positioning service hierarchical authentication
CN101772020B (en) * 2009-01-05 2011-12-28 华为技术有限公司 Method and system for authentication processing, 3GPP authentication authorization accounting server and user device
US8887264B2 (en) * 2009-09-21 2014-11-11 Ram International Corporation Multi-identity access control tunnel relay object
CN103107888B (en) * 2013-01-24 2015-11-18 贵州大学 The identity identifying method that the dynamic multi-attribute of facing moving terminal is multi-level

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101262590A (en) * 2007-12-21 2008-09-10 深圳市同洲电子股份有限公司 Multi-service integration system, device and method
CN101431659A (en) * 2008-12-08 2009-05-13 中兴通讯股份有限公司 Interactive Web TV system and its processing method
CN101834834A (en) * 2009-03-09 2010-09-15 华为软件技术有限公司 Authentication method, device and system
CN103546189A (en) * 2013-11-13 2014-01-29 苏州华士无线科技有限公司 Radio-frequency front end circuit and system

Also Published As

Publication number Publication date
CN103546489A (en) 2014-01-29
CN103546489B (en) 2017-05-03

Similar Documents

Publication Publication Date Title
WO2015067163A1 (en) Method, server and system for controling authority
US9596232B2 (en) Managing sharing of wireless network login passwords
KR102459199B1 (en) Security and permission architecture in a multi-tenant computing system
CN114826577A (en) Secure provisioning and management of devices
US20150154389A1 (en) System and method for managing application program access to a protected resource residing on a mobile device
CN109150804B (en) Delegated login method, related device and computer-readable storage medium
CN110365684B (en) Access control method and device for application cluster and electronic equipment
RU2010110613A (en) SYSTEM AND METHOD FOR IMPLEMENTING NETWORK DEVICE POLICY
US20180307858A1 (en) Multi-party authentication and authorization
CN105099986A (en) Network game data sharing method and server
WO2017088548A1 (en) Communication method based on social identity, and server
US9898600B2 (en) Method and apparatus for managing application data of portable terminal
CN111047740A (en) Digital key sharing method
CN105488875A (en) Access control verification method and device
AU2016256803B2 (en) Automatically determining restored availability of multi-channel media distributors for authentication or authorization
CN107710673A (en) The method and apparatus of authenticating user identification
KR20140011031A (en) Service system and operation method for single-sign on based on a web browser
KR102537712B1 (en) Systems, methods and devices for provisioning and processing location information for computerized devices
CN112953986A (en) Management method and device for edge application
CN114363373B (en) Application communication management system, method, device, electronic equipment and storage medium
KR102400471B1 (en) Apparatus and method for controlling access based on software defined perimeter
WO2018019047A1 (en) Set-top box operation method and device
US20210014059A1 (en) Control method, apparatus and system
CN111147256B (en) Authentication method and device
KR20060067114A (en) Security apparatus for distributing client module and method thereof

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14860313

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 21.09.2016)

122 Ep: pct application non-entry in european phase

Ref document number: 14860313

Country of ref document: EP

Kind code of ref document: A1