CN101562621A - User authorization method and system and device thereof - Google Patents
User authorization method and system and device thereof Download PDFInfo
- Publication number
- CN101562621A CN101562621A CN 200910143737 CN200910143737A CN101562621A CN 101562621 A CN101562621 A CN 101562621A CN 200910143737 CN200910143737 CN 200910143737 CN 200910143737 A CN200910143737 A CN 200910143737A CN 101562621 A CN101562621 A CN 101562621A
- Authority
- CN
- China
- Prior art keywords
- token
- subscriber authorisation
- user
- isp
- sip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a user authorization method and a system and a device thereof, which are applied to a network consisting of a service integration platform (SIP), an Internet service provider (ISP) and an independent software vendor (ISV) application. The ISP provides different open application programming interfaces (Open API); the method comprises the following steps: the SIP creates a user authorization token according to the registration information of the Open API called by the ISV application when the ISP authorizes user identity; the SIP processes a call request for the Open API by the ISV application according to the user authorization token. The invention refines the application range, the use type and the use right of the user authorization token, supports the mode of asynchronous user authorization, improves the safety of the system and solves the problem of low service efficiency due to data relay during service request of large data.
Description
Technical field
The application relates to networking technology area, particularly relates to a kind of mthods, systems and devices of subscriber authorisation.
Background technology
Along with SOA (Service-Oriented Architecture, service-oriented architecture) continuous maturation, REST (Representational State Transfer, the transfer of statement sexual state) style is rooted in the hearts of the people, make the Internet open service become the emerging resource of the Internet gradually, open after promptly the service encapsulates of website being become series of computation machine data-interface easy to identify, use for third party developer, the API that is opened (Application Programming Interface, API) just is known as Open API (open application programming interface).Simultaneously, abundantization along with Web 2.0 application, ISV (Independent Software Vendor, the independent software vendor) utilizes network effective service resource, demand at the client, design rich and varied interactive application, the service groups that different service providers are provided lumps together, the innovation effect after the generation polymerization.
In the prior art, SIP (Service Integration Platform, service integration platform) with a plurality of ISP (Internet Service Provider, ISP) service is integrated on the uniform platform, unified safety is provided simultaneously, charge, non-professional sexual functions such as monitoring, allow ISP is more concentrated to be absorbed in business development and to need not to be concerned about non-business Frame Design, simultaneously also for the ISV exploitation provides unified flow process, the easier integrated service that provides in many ways of ISV is provided, adopts unified flow processs such as safe charging, shorten the development time, be absorbed in more efficiently and utilize the integrated novelty that realizes of service to use.Facebook has been arranged abroad, Amazon, big website such as Google successful story, ISV developer makes up the characteristic application at the website of these Open API, attracts the user.
OpenAPI comprises the step of subscriber authorisation in the prior art:
1.ISV being provided, the Open API that provides to ISP initiates call request;
2.ISP return to user's login and the authorization page of using ISV to use;
3. the user logins and licenses to ISV application access and operation user profile;
4.ISV use and call Open API, visit and operation user profile according to the subscriber authorisation token.
The inventor is in the process that realizes the application, and there are the following problems at least to find prior art:
In the prior art, the subscriber authorisation that relates in the authorization token is ageing and scope is indeterminate, makes user's data under unwitting situation be modified or visit easily.Simultaneously the term of validity of subscriber authorisation authorization token indeterminate and that will comprise user profile transmits as parameter, can reduce the fail safe of system like this, and user profile is threatened.In addition, authorization flow and service browsing process are in conjunction with closely in the prior art, and when having the big data quantity service request, meeting is because data forwarding causes efficiency of service low.
Summary of the invention
The application provides a kind of mthods, systems and devices of subscriber authorisation; be applied to comprise in the network of service integration platform SIP, the ISP of ISP, independent software vendor ISV application; described ISP provides different open application programming interface Open API; be used to protect user profile, improve the fail safe of system.
The application provides a kind of method of subscriber authorisation, is applied to comprise that described ISP provides different open application programming interface Open API in the network of service integration platform SIP, the ISP of ISP, independent software vendor ISV application; Described method comprises:
Described SIP described ISP to the authentication of user identity by the time, according to the log-on message of the OpenAPI of described ISV application call, create the subscriber authorisation token;
Described SIP handles the call request of described ISV application to described Open API according to described subscriber authorisation token.
Under the synchronous licensing mode of user, described SIP receives before ISP passes through the authentication of user identity, also comprises:
Described SIP receives the call request of described ISV application to Open API;
When described SIP receives described ISV and uses call request to Open API and need described subscriber authorisation, described SIP uses the transmission user to described ISV and logins the authorization page address, triggers described ISV application and described user and carries out the authentication of user identity to described ISP.
Described ISV uses and described user comprises to the authentication that described ISP carries out user identity:
Described ISV uses the user who receives described SIP transmission and logins the authorization page address;
Described ISV uses described user is logined the authorization page address and authorizes back page address, back and session id to send to described user;
Described user sends login and authorization requests according to described login authorization page address to described ISP, and described mandate back page address, back and session id, asks described ISP to carry out the authentication of user identity.
The described subscriber authorisation token of described establishment comprises:
SIP judges the attribute of described subscriber authorisation token according to the log-on message of Open API on SIP, and the attribute of described subscriber authorisation token comprises the scope of application of subscriber authorisation token, the rights of using of subscriber authorisation token and the type of service of subscriber authorisation token;
SIP creates described subscriber authorisation token according to the attribute of described subscriber authorisation token, and described subscriber authorisation token is related with user login name;
SIP is with described subscriber authorisation token and session id binding.
Before the described subscriber authorisation token of described establishment, also comprise:
Described SIP receive ISP to the authentication of user identity by the time establishment subscriber authorisation token that sends request and session id and user login name.
Described SIP is according to described subscriber authorisation token, handles the call request that described ISV uses the Open API that described ISP is provided and comprises:
Described SIP receives the call request that ISV uses the Open API that described ISP is provided, and carries session id in the described request;
When described session id user bound authorization token, described SIP obtains described subscriber authorisation token and user login name according to described session id, and described subscriber authorisation token and user login name and call request are transmitted to the Open API that described ISP provides;
The result that the Open API that described SIP receives described ISP to be provided sends is transmitted to described user with described result by described ISV application.
Under the asynchronous licensing mode of user, described SIP receives before ISP passes through the authentication of user identity, also comprises:
Described SIP receives described ISV and uses the authenticating user identification request of Open API and the identify label of carrying;
Described SIP transmits the described ISV that is received to ISP and uses the authenticating user identification request of Open API and the identify label of carrying.
Described identify label of carrying is specially: user's Open Id, exempt to step on Cookie or transfer to the user cipher of user in ISP of ISV keeping.
The described subscriber authorisation token of described establishment comprises:
SIP judges the attribute of described subscriber authorisation token according to the log-on message of Open API on SIP, and the attribute of described subscriber authorisation token comprises the scope of application of subscriber authorisation token, the rights of using of subscriber authorisation token and the type of service of subscriber authorisation token;
SIP creates described subscriber authorisation token and token stub according to the attribute of described subscriber authorisation token, and described subscriber authorisation token is related with user login name.
Before the described subscriber authorisation token of described establishment, also comprise:
Described SIP receive ISP to the authentication of user identity by the time establishment subscriber authorisation token that sends request and user login name.
Described SIP is according to described subscriber authorisation token, handles the call request that described ISV uses the Open API that described ISP is provided and comprises:
Described SIP receives the request of the checking authorization token stub of ISP transmission, the token stub is verified and returned to ISP the result of checking token stub.
The application provides a kind of system of subscriber authorisation, is applied to comprise that described ISP provides different open application programming interface Open API in the network of service integration platform, ISP, ISV application; Described system comprises:
Service integration platform, be used for to the authentication of client by the time, according to the log-on message of the Open API of described ISV application call, create the subscriber authorisation token, handle ISV and use call request ISP;
ISV uses, the request that is used to call ISP;
ISP is used for the identity of checking client and carries out call request.
The application provides a kind of service integration platform of subscriber authorisation, is applied to comprise that described ISP provides different open application programming interface Open API in the network of service integration platform, ISP, ISV application; Described service integration platform comprises:
The request receiver module is used to receive the authentication result of ISP to user identity;
The token creation module when ISP that is used for receiving when the request receiver module passes through for authentication the authentication result of user identity, is created the subscriber authorisation token;
Processing module is used for handling the call request that ISV uses the open application programming interface Open API that described ISP is provided according to described subscriber authorisation token.
Described token creation module specifically comprises:
Request receives submodule, be used to receive ISP to the authentication of user identity by the time establishment subscriber authorisation token that sends request and user login name;
Token determined property submodule is used for judging according to the log-on message of Open API on SIP the attribute of described subscriber authorisation token;
The token creation submodule, the attribute that is used for the subscriber authorisation token judged according to described token determined property submodule is created described subscriber authorisation token.
Under the synchronous licensing mode of user, also comprise:
The subscriber authorisation judge module is used for judging according to the call request of the described ISV application of asking receiver module to receive to OpenAPI whether described request needs subscriber authorisation;
Information is returned module, when described subscriber authorisation judge module judges that described request needs subscriber authorisation, returns the user to the ISV application and logins the authorization page address.
Described token creation submodule also is used for:
With described subscriber authorisation token and session id binding, and related with user name.
Described processing module specifically is used for:
When described establishment token submodule had been bound described session id and subscriber authorisation token, described processing module was transmitted described subscriber authorisation token and user login name and call request to the OpenAPI that described ISP provides.
Under the asynchronous licensing mode of user,
The described request receiver module also is used for: receive described ISV and use the authenticating user identification request of Open API and the identify label of carrying;
Described processing module also is used for: transmit the described ISV that is received to ISP and use the authenticating user identification request of Open API and the identify label of carrying;
Described token creation submodule also is used for: the attribute of the subscriber authorisation token of judging according to described token determined property submodule is created the token stub of described subscriber authorisation token, and the subscriber authorisation token is related with user name;
Described processing module specifically is used for: receive the request of the checking authorization token stub of ISP transmission, the token stub is verified and returned to ISP the result of checking token stub.
In the application's the technical scheme, the scope of application, type of service and rights of using to the subscriber authorisation token have been carried out refinement, the application supports the pattern of the asynchronous mandate of user simultaneously, the fail safe of raising system, and solved in the process of big data service request because data relay causes the low problem of efficiency of service.
Description of drawings
In order to be illustrated more clearly in the application or technical scheme of the prior art, to do simple the introduction to the accompanying drawing of required use in the application or the description of the Prior Art below, apparently, accompanying drawing in describing below only is some embodiment of the application, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the flow chart of a kind of subscriber entitlement method in the embodiment of the present application;
Fig. 2 is the flow chart of the subscriber entitlement method under the synchronous licensing mode of a kind of user in the embodiment of the present application;
Fig. 3 is the flow chart that the synchronous licensing mode of a kind of user in the embodiment of the present application is created subscriber authorisation token method down;
Fig. 4 is the flow chart of the subscriber entitlement method under the asynchronous licensing mode of a kind of user in the embodiment of the present application;
Fig. 5 is the flow chart that the asynchronous licensing mode of a kind of user in the embodiment of the present application is created subscriber authorisation token method down;
Fig. 6 is the flow chart of a kind of client plug-in updating method in the embodiment of the present application;
Fig. 7 is the flow chart of the subscriber entitlement method under the asynchronous licensing mode of a kind of user in the embodiment of the present application;
Fig. 8 is the flow chart of the subscriber entitlement method under the asynchronous licensing mode of a kind of user in the embodiment of the present application;
Fig. 9 is the structural representation of a kind of SAS Subscriber Authorization System in the embodiment of the present application;
Figure 10 is the structural representation of a kind of service integration platform in the embodiment of the present application;
Figure 11 is the structural representation of the service integration platform under the synchronous licensing mode of a kind of user in the embodiment of the present application;
Figure 12 is the structural representation of the service integration platform under the asynchronous licensing mode of a kind of user in the embodiment of the present application;
Embodiment
The application's main thought is, service integration platform SIP the ISP of ISP to the authentication of user identity by the time, according to the log-on message of the Open API of described ISV application call, create the subscriber authorisation token; SIP handles the call request that ISV uses the OpenAPI that described ISP is provided according to the subscriber authorisation token.
Below in conjunction with the accompanying drawing among the application, the technical scheme among the application is carried out clear, complete description, obviously, described embodiment is a part of embodiment of the application, rather than whole embodiment.Based on the embodiment among the application, the every other embodiment that those of ordinary skills are obtained under the prerequisite of not making creative work belongs to the scope that the application protects.
ISV is applied as its user various softwares is provided, electronic fax for example, online recruitment instrument, e-magazine and online transaction etc.Service integration platform SIP uses the various softwares that provide with ISV and is integrated in identical platform, use the user of ISV software only need land SIP and username and password is provided, just can use the software that ISV uses to be provided, and need not in order to use different software to land different websites.And the Open API that provides for ISP, when the user used ISV to use on SIP, ISV used by calling corresponding Open API, for the user provides required various data or network service.
Among the application's the embodiment, the subscriber entitlement method that the application provides comprises in the applied internet: the Open API that user, ISV application, SIP and ISP provide.Wherein, ISV uses, and is used to the user that various application software are provided.SIP is used for being integrated in identical platform with the software that provides is provided by ISV, makes the user can use different software on this platform.The Open API that ISP provides is used for providing various data or network service to the user who uses ISV to use on SIP.The flow chart of this subscriber entitlement method as shown in Figure 1, concrete steps are:
Concrete, the user lands SIP, uses SIP to go up the software that ISV uses to be provided.When SIP ISP to the authentication of user identity by the time, SIP creates with ISV and uses the subscriber authorisation token that the log-on message of the Open API that will call is complementary.
When ISV is applied in when providing software on the SIP, ISV uses the various Open API that will call and can register on SIP, and its log-on message comprises:
(1) the professional classified information of OpenAPI.
For example,, Open API is carried out the business classification, determine the business classification under the Open API according to different business such as electronic fax business that Open API provided, online transaction business.
(2) the authorization attribute information of Open API.
For example, according to the authorization attribute of Open API, different Open API are divided into following 0~3 four type: wherein type 0 is meant without any need for the Open API that authorizes or verify, is used to provide the operating function to the user profile that need not subscriber authorisation; Class1 is meant the Open API that need verify the identity that ISV uses, and is used for verifying that this ISV uses the validated user that whether belongs to SIP; Type 2 is meant on the basis that the ISV identity is verified, need carry out subscriber authorisation to this Open API, is used to provide user profile is conducted interviews or the function of operation such as modification; When definite Open API was the type, the type of service of confirming the subscriber authorisation token of this Open API correspondence simultaneously was disposable token or muptiple-use token; Type 3 refers on the basis that the ISV identity is verified, optionally this OpenAPI is carried out subscriber authorisation, when this Open API not being carried out subscriber authorisation, this Open API only provides the operating function to the user profile that need not subscriber authorisation, when this Open API was carried out subscriber authorisation, this Open API can operate the user profile that needs subscriber authorisation.
The attribute of subscriber authorisation token comprises: the scope of application of subscriber authorisation token, rights of using and type of service.Wherein, the scope of application of subscriber authorisation token is divided into single Open API, a plurality of Open API etc.The rights of using of subscriber authorisation token are divided into read right, access limit etc.The type of service of subscriber authorisation token can be divided into disposable token and muptiple-use token etc. by access times.SIP can control the number of ISV application call Open API by the scope of application of subscriber authorisation token, control the operating right of ISV application by the rights of using of subscriber authorisation token, control the number of times of ISV application call Open API by the type of service of subscriber authorisation token user profile.
In addition, disposable token, expression the type subscriber authorisation token is merely able to be used once, is applicable to the Open API high to security requirement.When the success of the subscriber authorisation token creation of the type, ISV uses and can only call the Open API that is integrated on the SIP once.Muptiple-use token, the subscriber authorisation token of expression the type can be used repeatedly, is not applicable to security requirement high but to the demanding Open API of user experience.The subscriber authorisation token of the type just has been set the token term of validity when creating, SIP controls the service time of this token by the term of validity of control the type subscriber authorisation token.Muptiple-use token term of validity type is divided into fixedly duration inefficacy class and idle fixedly duration inefficacy class.
For example, as the seller of user for online transaction, in the time of need making amendment to the commodity in the shop by the OpenAPI that ISV application call ISP provides, SIP is according to professional classified information and the authorization attribute information of Open API, set up the subscriber authorisation token that is complementary with this OpenAPI log-on message, rights of using as the subscriber authorisation token created are access limit, and the scope of application of subscriber authorisation token is a plurality of OpenAPI, and the type of service of subscriber authorisation token is muptiple-use token by access times.
In the technical scheme of the embodiment of the present application, the scope of application, type of service and the rights of using of subscriber authorisation token have been carried out refinement, and, handled the call request that ISV uses the OpenAPI that ISP is provided according to the subscriber authorisation token.In addition, the application supports the pattern of the asynchronous mandate of user simultaneously, improves the fail safe of system, and has solved in the process of big data service request because data relay causes the low problem of efficiency of service.
Among the application's the embodiment, the embodiment when the method among the application at first described adopts the synchronous licensing mode of user to be applied to the internet.Comprise in this network: the Open API that user, ISV application, SIP and ISP provide.Wherein, ISV uses, and is used to the user that various application software are provided.SIP is used for being integrated in identical platform with the software that provides is provided by ISV, makes the user can use different software on this platform.The Open API that ISP provides is used for providing various data or network service to the user who uses ISV that the software that provides is provided on SIP.
In the embodiment of the present application, when the user used ISV to use, the user used ISV and authorizes, confirming that ISV uses can conduct interviews or operation such as modification to user profile, and by SIP establishment subscriber authorisation token, the ISV application call is integrated in the Open API on the SIP, for the user provides required service.
Concrete, as shown in Figure 2, the method flow diagram when adopting the synchronous licensing mode of user for the application may further comprise the steps:
Step 201, the user uses ISV to use.
For example, in the process of online transaction, make amendment by the merchandise news that need provide oneself as seller's identity for the user, then uses the ISV that the merchandise news modify feature is provided to use.
Step 202, ISV uses to the Open API that is integrated on the SIP and sends call request.
Concrete, ISV uses according to user's use content and selects corresponding Open API and send call request to it in numerous Open API.For example, ISV is applied in to be provided among the Open of the difference in functionality API, and selection can provide the OpenAPI of merchandise news modify feature and send call request to it.
Step 203, SIP receives ISV and uses the call request that sends, and judges whether this call request needs subscriber authorisation.
Concrete, when registering, Open API can register log-on message relevant for this OpenAPI on SIP, comprise professional classified information and the authorization attribute information of this Open API in the log-on message.When the ISV application call was integrated in OpenAPI on the SIP, SIP judged according to this log-on message and calls whether needs subscriber authorisation of this OpenAPI, and this subscriber authorisation is meant whether the user allows Open API that user profile is conducted interviews or operate.For the Open API that does not need subscriber authorisation, can under situation about allowing, directly conduct interviews, as provide the merchandise news that the seller is provided to carry out the Open API of function of browse user profile without the user; For the Open API that needs subscriber authorisation, must under situation about allowing, user profile be conducted interviews or operate through the user, as the OpenAPI that provides the merchandise news that the seller is provided to make amendment function.
Do not need subscriber authorisation if this calls, then forward step 216 to.
Need subscriber authorisation if this calls, then forward step 204 to.
Step 204, SIP uses the transmission user to ISV and logins the authorization page address.
Wherein, the user logins the authorization page address, is used for user login and ISV used authorizing; For example, when the Open API of ISV application call made amendment the Open API of function for the merchandise news that the seller is provided, SIP logined the authorization page address with the user and sends to ISV and use.
Step 205 after the user that ISV application reception SIP sends logins the authorization page address, is transmitted the user to the user and is logined the authorization page address, and the session id of authorizing back page address, back and ISV application to provide is provided simultaneously.
Authorize back page address, back, be used to be illustrated in the page address that message that ISP receives the token creation success needs to return to the user later on; For example, when the Open API of ISV application call makes amendment the Open API of function for the merchandise news that the seller is provided, receive the message of token creation success at ISP after, need return the page address that merchandise news is made amendment to the user, need to return to user's the page after this back page address, mandate back corresponding page is promptly authorized.
ISV is provided by the session id that provides, by ISV application carrying out the at random distribution of session id, be used for the sign of unique definite user identity, when SIP creates token, ISV is provided by the session id and the subscriber authorisation token that provide binds, set up the corresponding relation of session id and subscriber authorisation token, substitute and transmit token, improved fail safe, reduced the maintenance cost of ISV application the subscriber authorisation token.
Step 206, the user opens this page and submits login and authorization requests by this page to ISP after the reception user logins the authorization page address, carries mandate back page address, back and ISV simultaneously the session id that provides is provided.
Step 207, ISP receives login and the authorization requests that the user submits to, and authorizes back page address, back and ISV that the session id that provides is provided, and user identity is authenticated.
Step 208, when by authentication, ISP sends to SIP and creates the subscriber authorisation token request, carries the session id that user login name and ISV use to be provided.
Step 209, SIP receives the establishment subscriber authorisation token request that ISP sends, be registered in log-on message on the SIP according to Open API, determine the scope of application, rights of using and the type of service of subscriber authorisation token, create the subscriber authorisation token, the subscriber authorisation token store of creating is bound at SIP and with session id, and concrete binding form is to set up the corresponding relation of subscriber authorisation token and session id.Carry out related with the user login name that receives the subscriber authorisation token simultaneously.This subscriber authorisation token is specifically as follows binary file.
Step 210, when creating the success of subscriber authorisation token, SIP returns the message of subscriber authorisation token creation success to ISP.
Step 211, ISP receives the message of token creation success, and according to back page address after the mandate that receives in step 207, back page sends to the user after the mandate that will be corresponding with this back page address, mandate back.
Step 212, user's back page after mandate uses ISV to use.For example, when authorizing the back back page for the page that merchandise news is made amendment, the user makes amendment to merchandise news in this page.
Step 213, the OpenAPI behind the ISV application call subscriber authorisation sends call request to SIP, carries the session id that ISV uses to be provided in call request.For example, the user is in the process that the merchandise news that oneself is provided is made amendment, use provides the ISV of merchandise news modify feature to use, then ISV uses and still need call the make amendment Open API of function of the merchandise news that the seller is provided, pass through subscriber authorisation before this Open API, be the Open API behind the subscriber authorisation.
Step 214, SIP receives ISV and uses the call request that sends, and judges that ISV the session id that provides is provided whether has been bound the subscriber authorisation token.Concrete, SIP can judge whether to exist the subscriber authorisation token of binding with session id according to the subscriber authorisation token of having set up and the corresponding relation of session id.
Step 215 has been bound the subscriber authorisation token if ISV is provided by the session id that provides, and SIP is transmitted to ISP with the ISV call request that receives, and carries the user login name that obtains according to the subscriber authorisation token,
Need to prove, in step 215, user login name does not adopt the ISV parameter to transmit the mode of user login name when ISV application call Open API, and obtain according to the subscriber authorisation token by SIP, and pass to ISP, thereby guarantee the authenticity of user login name, prevent that ISV from using the user profile that deception ISP obtains unbundling.
Step 216, ISP receives the ISV call request that SIP transmits, and carries out this call request.For example, the ISV call request is when revising the request of merchandise news, to make amendment according to the merchandise news that the content of carrying in the request is revised needs.
Step 217 after ISP carries out this call request, will be returned and call execution result to SIP.For example, the ISV call request is that the result after ISP will make amendment to merchandise news returns to SIP when revising the request of merchandise news.
Step 218, SIP is transmitted to the ISV application with the execution result that calls that ISP returns.
Step 219, ISV uses the execution result that calls that will receive and represents to the user.So far, the modification result after the user browses to merchandise news made amendment.
Wherein, as shown in Figure 3, step 209 specifically may further comprise the steps:
Need to prove that the application's embodiment can adjust each sequence of steps according to actual needs.SIP in the above-mentioned steps 301 is registered in log-on message on the SIP according to Open API, the scope of application, the SIP in the step 302 of determining the subscriber authorisation token is registered in log-on message on the SIP according to Open API, determine that the rights of using of subscriber authorisation token and the SIP in the step 303 are registered in log-on message on the SIP according to Open API, determining does not have inevitable sequencing between three steps of type of service of subscriber authorisation token, can adjust.
The embodiment of the present application has been carried out refinement by the scope of application, type of service and rights of using to the subscriber authorisation token, clear and definite ISV uses user profile operation permission, scope and timeliness, the fail safe of raising system is for the user provides the favorable service integrated platform.
Among another embodiment of the application,, the method among the application is applied in the internet for adopting the asynchronous licensing mode of user.Comprise in this network: the Open API that user, ISV application, SIP and ISP provide.Wherein, ISV uses, and is used to the user that various application software are provided.SIP is used for being integrated in identical platform with the software that provides is provided by ISV, makes the user can use different software on this platform.The Open API that ISP provides is used for providing various data or network service to the user.
In the embodiment of the present application, when the user used ISV to use, the user used mandate and creates the subscriber authorisation token by SIP ISV, and the ISV application call is integrated in the Open API on the SIP.Wherein ISV uses and adopts the mode of Open Id to send call request to SIP.
Concrete, as shown in Figure 4, adopt this method flow diagram of the asynchronous licensing mode of user, may further comprise the steps:
Step 401, the user uses ISV to use.
Concrete, the user logins SIP, uses ISV to use, and authorizes ISV application access and operation user profile.For example, the user logins SIP, uses the online transaction business that ISV uses to be provided, and directly authorizes this ISV application access and operation user profile simultaneously.
Step 402, ISV uses to SIP and sends the authenticating user identification request, carries the title that identify label and ISV use the Open API that will call in this request.This identify label is user's Open Id, or exempts to step on Cookie, or transfers to the user cipher among the ISV application ISP certainly.For example, the user is as the seller, and the merchandise news that provide oneself is made amendment, and the ISV application call provides the Open API of merchandise news modify feature, ISV uses to SIP and sends authenticating user identification request, the title and the identify label of carrying OpenAPI in this request.
Wherein, when the title of the Open API that the ISV application will be called was used for SIP establishment subscriber authorisation token, SIP determined the attribute of subscriber authorisation token according to the log-on message of this Open API of name query of this Open API.
For Open Id, Open Id is the distributing authentication system of a customer-centric, the user only need select an Open Id service providers registration to obtain Open Id, can rely on this Open Id number of the account between the caller of a plurality of support Open Id service, freely to login use just, and do not need each login all to need register account number, the more important thing is that the user only needs user cipher is informed Open Id service providers, avoid user cipher is revealed.In the application's embodiment, ISV is applied as the caller of supporting the OpenId service, and ISP is an Open Id service providers.The user freely uses in the ISV application by the OpenId in the ISP registration, uses and need not login repeatedly or user cipher is offered ISV.
For Cookie, but storage user's identifying information among the Cookie, and when the user visits same website once more, but the identifying information of the user among the Cookie can be read in this website, judges that whether this user is validated user and whether needs to login again etc.
For the user cipher among the ISP that transfers to ISV application keeping, be the password of user in ISP to be transferred to ISV use keeping, when ISV uses when SIP sends the authenticating user identification request, need not the user password among the ISP is provided, and directly when SIP sends the authenticating user identification request, carrying by ISV.
Step 403, SIP receives the authenticating user identification request that ISV uses, and transmits the authenticating user identification request to ISP, carries identify label in this request.
Step 404, ISP receives the authenticating user identification request of the ISV application of SIP forwarding, authenticated user identity.
Step 405, when by authentication, ISP sends to SIP and creates the subscriber authorisation token request, carries user login name.
Step 406, SIP receives the establishment subscriber authorisation token request that ISP sends, and creates subscriber authorisation token and token stub.
Concrete, SIP is registered in log-on message on the SIP according to Open API, determine the scope of application, rights of using and the type of service of subscriber authorisation token, create this subscriber authorisation token and token stub, with the subscriber authorisation token store created at SIP and user login name that the related ISP of this subscriber authorisation token is provided.The token stub is then used the checking foundation have the right to call the Open API that ISP provides as ISV.For example, the user determines the attribute of this subscriber authorisation token according to the title of the Open API that the merchandise news modify feature is provided and the log-on message of this Open API, and wherein the scope of application is a plurality of API, rights of using are access limit, and type of service is muptiple-use token.
Step 407, SIP sends the token stub and the actual call address of OpenAPI is used to ISV.
Wherein, the actual call address of Open API is used for when ISV application call Open API, by the SIP transfer, but directly and ISP connect.
Step 408, ISV uses the request that sends the request of connecting and call Open API to ISP, carries the token stub of SIP to should OpenAPI creating.
Need to prove, before the step 408, ISV uses and has passed through subscriber authorisation and obtained the token stub, so request of calling OpenAPI in step 408, be to use by ISV directly to send to the ISP that OpenAPI is provided, and need not be given to SIP in the request of OpenAPI and judge whether to have bound the subscriber authorisation token calling, thereby the security mechanism of call request and subscriber authorisation is separated, reduced the processing pressure that causes owing to the transfer call request when mass data is mutual, the fail safe of also serving for ISP simultaneously provides guarantee.
Step 409, ISP receives ISV and uses request of calling Open API that sends and the request that sends checking token stub to SIP, carries the token stub in this request.
Step 410, SIP receives the request of the checking token stub of ISP transmission, checking token stub.
Step 411, SIP returns checking result to the token stub to ISP, carries user login name among this result.
Step 412, ISP receives the checking result of SIP to the token stub, and when this authentication result was passed through checking for the token stub, ISP carried out call request.For example, when the user need revise merchandise news as the seller, the ISV application call provided the Open API of this function, and when this authentication result is passed through checking for the token stub, ISP will revise user's merchandise news by this Open API.
Step 413, ISP returns and calls the OpenAPI execution result and use to ISV.
Step 414, ISV uses to represent and calls the OpenAPI execution result to the user.
Wherein, SIP creates subscriber authorisation token and token stub in the step 406, and is concrete, as shown in Figure 5, may further comprise the steps:
Need to prove that the embodiment of the present application can be adjusted each sequence of steps according to actual needs.SIP in the above-mentioned steps 501 is registered in log-on message on the SIP according to Open API, the scope of application, the SIP in the step 502 of determining the subscriber authorisation token is registered in log-on message on the SIP according to Open API, determine that the rights of using of subscriber authorisation token and the SIP in the step 503 are registered in log-on message on the SIP according to OpenAPI, determining does not have inevitable sequencing between three steps of type of service of subscriber authorisation token, can adjust.
In the application's the technical scheme, the scope of application, type of service and rights of using to the subscriber authorisation token have been carried out refinement, the application supports the pattern of the asynchronous mandate of user simultaneously, the fail safe of raising system, and solved in the process of big data service request because data relay causes the low problem of efficiency of service.
In addition, when the subscriber authorisation token of SIP establishment was muptiple-use token, concrete, the control method of the muptiple-use token term of validity was as described below:
Fixing duration inefficacy class, the subscriber authorisation token of the type just has been set the subscriber authorisation token term of validity after establishment, when arriving the term of validity of subscriber authorisation token, this token lost efficacy, and ISV uses the Open API that can not utilize this subscriber authorisation token grant to call again.
Idle fixedly duration inefficacy class after the subscriber authorisation token token creation of the type, when this subscriber authorisation token of each use, will be upgraded the time started of using this subscriber authorisation token to use, thus the term of validity that prolongs this subscriber authorisation token.The type subscriber authorisation token adopts call request updating method and client plug-in updating method dual mode to upgrade the subscriber authorisation token term of validity.
Concrete, update method is as described below:
The call request updating method, when the ISV application call was integrated in Open API on the SIP, SIP upgraded the term of validity of subscriber authorisation token.
Client plug-in updating method, SIP offer ISV and use unified client plug-in, upgrade the term of validity by client plug-in, prevent that ISV from adopting backstage implicit expression to operate and continuing subscriber authorisation.
Concrete, as shown in Figure 6, the client plug-in updating method may further comprise the steps:
Step 601, SIP plug-in unit are obtained the Cookie that ISV uses, and whether check has session id or token stub.
Step 602 has session id or token stub in checking the Cookie that ISV uses, the SIP plug-in unit sends the request of upgrading the subscriber authorisation token term of validity to SIP.
Step 603, SIP receives the request of SIP plug-in unit, judges whether user bound authorization token of session id or token stub.
Concrete, judge session id or token stub whether the result of user bound authorization token comprise in following three kinds any:
(a) session id or token stub user bound authorization token not;
(b) session id or token stub user bound authorization token and this subscriber authorisation token have surpassed the term of validity;
(c) session id or token stub user bound authorization token and this subscriber authorisation token do not surpass the term of validity.
Step 604, SIP handles according to judged result, comprises in following three kinds any:
(a) when session id or token stub not during the user bound authorization token, SIP does not upgrade the term of validity of subscriber authorisation token.
(b) when session id or token stub user bound authorization token and this subscriber authorisation token had surpassed the term of validity, SIP did not upgrade the term of validity of subscriber authorisation token.
(c) surpass the term of validity when session id or token stub user bound authorization token and this subscriber authorisation token, SIP upgrades the term of validity of subscriber authorisation token.
Step 605, SIP returns result and gives the SIP plug-in unit.
Step 606, the SIP plug-in unit judges whether that according to result needs remove session id or the token stub among the Cookie, comprises in following three kinds any:
(a) when session id or token stub user bound authorization token not, when SIP did not upgrade the term of validity of subscriber authorisation token, the SIP plug-in unit removed session id or the token stub among the Cookie.
(b) surpassed the term of validity when session id or token stub user bound authorization token and this subscriber authorisation token, when SIP did not upgrade the term of validity of subscriber authorisation token, the SIP plug-in unit removed session id or the token stub among the Cookie.
(c) surpass the term of validity when session id or token stub user bound authorization token and this subscriber authorisation token, when SIP upgraded the term of validity of subscriber authorisation token, the SIP plug-in unit was preserved session id or the token stub among the Cookie.
The subscriber authorisation for the different Open API that require of level of security is at first satisfied in above-mentioned subscriber authorisation token design; secondly done more many-sided protection for safety of user data; prevent that ISV applications exploiting subscriber authorisation token information lacks, and steals and abuses user profile.
Among another embodiment of the application,, the method among the application is applied to another embodiment in the internet for adopting the asynchronous licensing mode of user.Comprise in this network: the Open API that user, ISV application, SIP and ISP provide.Wherein, ISV uses, and is used to the user that various application software are provided.SIP is used for being integrated in identical platform with the software that provides is provided by ISV, makes the user can use different software on this platform.The Open API that ISP provides is used for providing various data or network service to the user.
In the embodiment of the present application, when the user used ISV to use, the user used mandate and creates the subscriber authorisation token by SIP ISV, and the ISV application call is integrated in the Open API on the SIP, finishes the use that the user uses ISV.Wherein ISV uses and adopts the mode of Open Id to send call request to SIP, and the type of service of the subscriber authorisation token that SIP creates adopts disposable token.
Concrete, as shown in Figure 7, adopt this method flow diagram of the asynchronous licensing mode of user, may further comprise the steps:
Step 701, the user uses ISV to use.
Concrete, the user logins SIP, uses ISV to use, and authorizes ISV application access and operation user profile.For example, the user is as the buyer, and login SIP uses the online transaction business that ISV uses to be provided, and carries out the commodity payment.
Step 702, ISV uses to SIP and sends the authenticating user identification request, carries user's Open Id and the title that ISV uses the Open API that will call in this request.
Concrete, when the title that ISV uses the Open API that will call is used to create the subscriber authorisation token,, be used for the attribute of definite subscriber authorisation token according to the log-on message of this Open API of name query of this Open API.
Open Id is the distributing authentication system of a customer-centric, the user only need select an Open Id service providers registration to obtain Open Id, can rely on this Open Id number of the account between the caller of a plurality of support Open Id service, freely to login use just, and do not need each login all to need register account number, the more important thing is that the user only needs user cipher is informed Open Id service providers, avoid user cipher is revealed.In the application's embodiment, ISV uses and is the caller of supporting Open Id service, and ISP is an Open Id service providers.The user freely uses in the ISV application by the Open Id in the ISP registration, and need not login repeatedly and user cipher be revealed ISV use.
For example, ISV uses according to user's use content and selects to provide the Open API of commodity payment function and send the authenticating user identification request to SIP in numerous Open API, carries ISV in this request and uses submission user's Open Id and the title that ISV uses the Open API that will call.
Step 703, SIP receives the authenticating user identification request that ISV uses, and transmits the authenticating user identification request to ISP, carries identify label in this request.
Step 704, ISP receives the authenticating user identification request of the ISV application of SIP forwarding, authenticated user identity.
Step 705, when by authentication, ISP sends to SIP and creates the subscriber authorisation token request, carries user login name.
Step 706, SIP receives the establishment subscriber authorisation token request that ISP sends, and creates subscriber authorisation token and token stub.
Concrete, SIP is registered in log-on message on the SIP according to Open API, determine the scope of application, rights of using and the type of service of subscriber authorisation token, create this subscriber authorisation token and token stub, with the subscriber authorisation token store created at SIP and user login name that the related ISP of this subscriber authorisation token is provided; The token stub is then used the checking foundation have the right to call the Open API that ISP provides as ISV.For example, the user determines the attribute of this subscriber authorisation token according to the title of the Open API that the merchandise news modify feature is provided and the log-on message of this Open API, and wherein the scope of application is single API, rights of using are access limit, and type of service is disposable token.
Step 707, SIP will send the token stub and the actual call address of Open API is used to ISV.
Wherein, the actual call address of Open API is used for when ISV application call Open API, by the SIP transfer, but directly and ISP connect.
Step 708, ISV uses the request that sends the request of connecting and call Open API to ISP, carries the token stub of SIP to should Open API creating.
Need to prove, before the step 708, ISV uses and has passed through subscriber authorisation and obtained the token stub, so request of calling Open API in step 708, be to use by ISV directly to send to the ISP that Open API is provided, and need not be given to SIP in the request of Open API and judge whether to have bound the subscriber authorisation token calling, thereby the security mechanism of call request and subscriber authorisation is separated, reduced the processing pressure that causes owing to the transfer call request when mass data is mutual, the fail safe of also serving for ISP simultaneously provides guarantee.
Step 709, ISP receives ISV and uses request of calling Open API that sends and the request that sends checking token stub to SIP, carries the token stub in this request.
Step 710, SIP receives the request of the checking token stub of ISP transmission, checking token stub.
Step 711, SIP returns checking result to the token stub to ISP, carries user login name among this result.
Step 712, ISP receives the checking result of SIP to the token stub, and when this authentication result was passed through checking for the token stub, ISP carried out call request.
For example, when the user need carry out the commodity payment as the buyer, the ISV application call provided the Open API of this function, and when this authentication result is passed through checking for the token stub, ISP will carry out the commodity payment by this Open API.
Step 713, ISP returns and calls Open API execution result and use to ISV.For example, the information paid of these commodity of ISP sends to ISV and uses.
Step 714, ISV uses to represent and calls the OpenAPI execution result to the user.
Step 715, ISV uses the request that sends the request of connecting and call this Open API to ISP once more, carries the token stub in this request.
Step 716, ISP receives ISV and uses request of calling Open API that sends and the request that sends checking token stub to SIP.
Step 717, SIP receives the request of the checking token stub of ISP transmission, checking token stub.
Step 718, SIP returns checking result to the token stub to ISP, carries user login name among this result.
Step 719, ISP handles according to the checking result of token stub.
SIP is by verifying the token stub as can be known, and this subscriber authorisation is disposable token, has called ISP, so SIP will refuse the request of this time calling ISP of ISV.For example; when this Open API that the commodity payment function is provided was called, when being called once more, because the type of service of this Open API is disposable token; then refusal is paid to commodity once more, has protected the safety as buyer user's user profile.
Step 720, ISP returns and calls Open API failed message and use to ISV.
Step 721, ISV uses to return and calls Open API failed message to the user.
Wherein, SIP creates subscriber authorisation token and token stub in the step 706, and is concrete, as shown in Figure 5.
Need to prove that the embodiment of the present application can be adjusted each sequence of steps according to actual needs.SIP in the above-mentioned steps 501 is registered in log-on message on the SIP according to Open API, the scope of application, the SIP in the step 502 of determining the subscriber authorisation token is registered in log-on message on the SIP according to Open API, determine that the rights of using of subscriber authorisation token and the SIP in the step 503 are registered in log-on message on the SIP according to Open API, determining does not have inevitable sequencing between three steps of type of service of subscriber authorisation token, can adjust.
In the application's the technical scheme, the scope of application, type of service and rights of using to the subscriber authorisation token have been carried out refinement, by the type of service of subscriber authorisation token, avoided under the problem that user profile is made amendment under unauthorized situation to the security requirement condition with higher.The application supports the pattern of the asynchronous mandate of user simultaneously, has solved in the process of big data service request because data relay causes the low problem of efficiency of service.
Among another embodiment of the application,, the method among the application is applied to another embodiment in the internet for adopting the asynchronous licensing mode of user.Comprise in this network: the Open API that user, ISV application, SIP and ISP provide.Wherein, ISV uses, and is used to the user that various application software are provided.SIP is used for being integrated in identical platform with the software that provides is provided by ISV, makes the user can use different software on this platform.The Open API that ISP provides is used for providing various data or network service to the user.
In the embodiment of the present application, when the user used ISV to use, the user used mandate and creates the subscriber authorisation token by SIP ISV, and the ISV application call is integrated in the Open API on the SIP, finishes the use that the user uses ISV.Wherein ISV uses and adopts the mode of Open Id to send call request to SIP, and the type of service of the subscriber authorisation token that SIP creates adopts the fixedly duration inefficacy class in the muptiple-use token.
Concrete, as shown in Figure 8, adopt this method flow diagram of the asynchronous licensing mode of user, may further comprise the steps:
Step 801, the user uses ISV to use.
Concrete, the user logins SIP, uses ISV to use, and authorizes ISV application access and operation user profile.For example, the user logins SIP, uses the online transaction business that ISV uses to be provided, and directly authorizes this ISV application access and operation user profile simultaneously.
Step 802, ISV uses to SIP and sends the authenticating user identification request, carries user's Open Id in this request, and ISV uses the title of the Open API that will call.
Wherein, when the title that ISV uses the Open API that will call is used to create the subscriber authorisation token,, be used for the attribute of definite subscriber authorisation token according to the log-on message of this Open API of name query of this Open API.
Open Id is the distributing authentication system of a customer-centric, the user only need select an Open Id service providers registration to obtain Open Id, can rely on this Open Id number of the account between the caller of a plurality of support Open Id service, freely to login use just, and do not need each login all to need register account number, the more important thing is that the user only needs user cipher is informed Open Id service providers, avoid user cipher is revealed.In the application's embodiment, ISV uses and is the caller of supporting Open Id service, and ISP is an Open Id service providers.The user freely uses in the ISV application by the Open Id in the ISP registration, and need not login repeatedly and user cipher be revealed ISV use.
For example, the user is as the seller, and the merchandise news that provide oneself is made amendment, and the ISV application call provides the Open API of merchandise news modify feature, ISV uses to SIP and sends authenticating user identification request, the title and the identify label of carrying OpenAPI in this request.
Step 803, SIP receives the authenticating user identification request that ISV uses, and transmits the authenticating user identification request to ISP, carries identify label in this request.
Step 804, ISP receives the authenticating user identification request of the ISV application of SIP forwarding, authenticated user identity.
Step 805, when by authentication, ISP sends to SIP and creates the subscriber authorisation token request, carries user login name.
Step 806, SIP receives the establishment subscriber authorisation token request that ISP sends, and creates subscriber authorisation token and token stub.
Concrete, SIP is registered in log-on message on the SIP according to Open API, determine the scope of application, rights of using and the type of service of subscriber authorisation token, create this subscriber authorisation token and token stub, with the subscriber authorisation token store created at SIP and user login name that the related ISP of this subscriber authorisation token is provided; The token stub is then used the checking foundation have the right to call the Open API that ISP provides as ISV.For example, the user determines the attribute of this subscriber authorisation token according to the title of the Open API that the merchandise news modify feature is provided and the log-on message of this Open API, and wherein the scope of application is a plurality of API, rights of using are access limit, and type of service is muptiple-use token.
Step 807, SIP will send the token stub and the actual call address of OpenAPI is used to ISV.
Wherein, the actual call address of Open API is used for when ISV application call Open API, by the SIP transfer, but directly and ISP connect.
Step 808, ISV uses the request that sends the request of connecting and call Open API to ISP, carries the token stub of SIP to should Open API creating.
Need to prove, before the step 808, ISV uses and has passed through subscriber authorisation and obtained the token stub, so request of calling Open API in step 808, be to use by ISV directly to send to the ISP that OpenAPI is provided, and need not be given to SIP in the request of OpenAPI and judge whether to have bound the subscriber authorisation token calling, thereby the security mechanism of call request and subscriber authorisation is separated, reduced the processing pressure that causes owing to the transfer call request when mass data is mutual, the fail safe of also serving for ISP simultaneously provides guarantee.
Step 809, ISP receives ISV and uses request of calling Open API that sends and the request that sends checking token stub to SIP, carries the token stub in this request.
Step 810, SIP receives the request of the checking token stub of ISP transmission, checking token stub.
Step 811, SIP returns checking result to the token stub to ISP, carries user login name among this result.
Step 812, ISP receives the checking result of SIP to the token stub, and when this authentication result was passed through checking for the token stub, ISP carried out call request.
For example, when the user need revise merchandise news as the seller, the ISV application call provided the Open API of this function, and when this authentication result is passed through checking for the token stub, ISP will revise user's merchandise news by this Open API.
Step 813, ISP returns and calls Open API execution result and use to ISV.
Step 814, ISV uses to represent and calls Open API execution result to the user.
Step 815, ISV uses the request that sends the request of connecting and call Open API to ISP once more, carries the token stub.
Step 816, ISP receives ISV and uses request of calling Open API that sends and the request that sends checking token stub to SIP.
Step 817, SIP receives the request of the checking token stub of ISP transmission, checking token stub.SIP is by verifying the token stub as can be known, and this subscriber authorisation is the fixedly duration inefficacy class of muptiple-use token, judges whether also before the deadline this subscriber authorisation token.
Step 818, SIP returns checking result to the token stub to ISP, carries user login name.
Step 819, ISP handles according to the checking result of token stub.
If this subscriber authorisation token is not before the deadline, the request that ISP will refuse that ISV uses this time calls the Open API that ISP provides;
If this subscriber authorisation token also before the deadline, ISP carries out call request once more.
For example, when this subscriber authorisation token also before the deadline, then ISV uses the Open API called merchandise news is made amendment.
Also be that example describes before the deadline with the subscriber authorisation token in the present embodiment.
Step 820, ISP returns and carries out the call request result once more and use to ISV.
Step 821, ISV uses to represent and carries out the call request result once more to the user.
Wherein, SIP creates subscriber authorisation token and token stub in the step 806, and is concrete, as shown in Figure 5.
Need to prove that the embodiment of the present application can be adjusted each sequence of steps according to actual needs.SIP in the above-mentioned steps 501 is registered in log-on message on the SIP according to Open API, the scope of application, the SIP in the step 502 of determining the subscriber authorisation token is registered in log-on message on the SIP according to Open API, determine that the rights of using of subscriber authorisation token and the SIP in the step 503 are registered in log-on message on the SIP according to Open API, determining does not have inevitable sequencing between three steps of type of service of subscriber authorisation token, can adjust.
In the application's the technical scheme, the scope of application, type of service and rights of using to the subscriber authorisation token have been carried out refinement, by the type of service of subscriber authorisation token, have avoided not high to security requirement, under the frequent situation of read-write operation, repeat login.The application supports the pattern of the asynchronous mandate of user simultaneously, has solved in the process of big data service request because data relay causes the low problem of efficiency of service.
Among the application's the embodiment, also provide a kind of SAS Subscriber Authorization System, its structural representation comprises as shown in Figure 9:
ISV uses 92, is used for sending call request to ISP 93;
A kind of structural representation of service integration platform 100 among the application's the embodiment as shown in figure 10, comprising:
Wherein, token creation module 102 specifically comprises:
Request receives submodule 1021, be used to receive ISP to the authentication of user identity by the time establishment subscriber authorisation token that sends request and user login name;
Token determined property submodule 1022 is used for judging according to the log-on message of OpenAPI on SIP the attribute of described subscriber authorisation token;
Under the synchronous licensing mode of user, a kind of structural representation of service integration platform 110 as shown in figure 11, comprising among the application's the embodiment:
Concrete, when described establishment token submodule had been bound described session id and subscriber authorisation token, described processing module was transmitted described subscriber authorisation token and user login name and call request to the OpenAPI that described ISP provides.
Wherein, token creation module 112 specifically comprises:
Request receives submodule 1121, be used to receive ISP to the authentication of user identity by the time establishment subscriber authorisation token that sends request and user login name;
Token determined property submodule 1122 is used for judging according to the log-on message of OpenAPI on SIP the attribute of described subscriber authorisation token;
Subscriber authorisation judge module 114 is used for judging according to the call request of the described ISV application of asking receiver module to receive to Open API whether described request needs subscriber authorisation.
Information is returned module 115, when described subscriber authorisation judge module is declared 114 disconnected described requests and needed subscriber authorisation, uses to ISV and to return the user and login the authorization page address.
。
Under the asynchronous licensing mode of user, a kind of structural representation of subscriber authorisation service integration platform 120 as shown in figure 12, comprising among the application's the embodiment:
Concrete, receive the request of the checking authorization token stub of ISP transmission, the token stub is verified and is returned to ISP the result of checking token stub.
Wherein, token creation module 122 specifically comprises:
Request receives submodule 1221, be used to receive ISP to the authentication of user identity by the time establishment subscriber authorisation token that sends request and user login name;
Token determined property submodule 1222 is used for judging according to the log-on message of OpenAPI on SIP the attribute of described subscriber authorisation token;
For the convenience of describing, the each several part of the described integrated service platform in the foregoing description is divided into various modules with function to be described respectively.Certainly, when implementing the application, can in same or a plurality of softwares or hardware, realize the function of each module.
The application comprises following advantage, and the attribute of refinement subscriber authorisation token, and the pattern of the asynchronous mandate of support user improve the fail safe of system, and has solved in the process of big data service request because data relay causes the low problem of efficiency of service.Certainly, arbitrary product of enforcement the application might not need to reach simultaneously above-described all advantages.
Through the above description of the embodiments, those skilled in the art can be well understood to the application and can realize by the mode that software adds essential general hardware platform, can certainly pass through hardware, but the former is better execution mode under a lot of situation.Based on such understanding, the part that the application's technical scheme contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium, comprise that some instructions are with so that a station terminal equipment (can be mobile phone, personal computer, server, the perhaps network equipment etc.) carry out the described method of each embodiment of the application.
The above only is the application's a preferred implementation; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the application's principle; can also make some improvements and modifications, these improvements and modifications also should be looked the application's protection range.
Claims (18)
1, a kind of method of subscriber authorisation is applied to comprise that described ISP provides different open application programming interface Open API in the network of service integration platform SIP, the ISP of ISP, independent software vendor ISV application; It is characterized in that described method comprises:
Described SIP described ISP to the authentication of user identity by the time, according to the log-on message of the OpenAPI of described ISV application call, create the subscriber authorisation token;
Described SIP handles the call request of described ISV application to described OpenAPI according to described subscriber authorisation token.
2, the method for claim 1 is characterized in that, under the synchronous licensing mode of user, described SIP receives before ISP passes through the authentication of user identity, also comprises:
Described SIP receives the call request of described ISV application to Open API;
When described SIP receives described ISV and uses call request to Open API and need described subscriber authorisation, described SIP uses the transmission user to described ISV and logins the authorization page address, triggers described ISV application and described user and carries out the authentication of user identity to described ISP.
3, method as claimed in claim 2 is characterized in that, described ISV uses and described user comprises to the authentication that described ISP carries out user identity:
Described ISV uses the user who receives described SIP transmission and logins the authorization page address;
Described ISV uses described user is logined the authorization page address and authorizes back page address, back and session id to send to described user;
Described user sends login and authorization requests according to described login authorization page address to described ISP, and described mandate back page address, back and session id, asks described ISP to carry out the authentication of user identity.
4, method as claimed in claim 2 is characterized in that, the described subscriber authorisation token of described establishment comprises:
SIP judges the attribute of described subscriber authorisation token according to the log-on message of Open API on SIP, and the attribute of described subscriber authorisation token comprises the scope of application of subscriber authorisation token, the rights of using of subscriber authorisation token and the type of service of subscriber authorisation token;
SIP creates described subscriber authorisation token according to the attribute of described subscriber authorisation token, and described subscriber authorisation token is related with user login name;
SIP is with described subscriber authorisation token and session id binding.
5, method as claimed in claim 2 is characterized in that, before the described subscriber authorisation token of described establishment, also comprises:
Described SIP receive ISP to the authentication of user identity by the time establishment subscriber authorisation token that sends request and session id and user login name.
6, method as claimed in claim 2 is characterized in that, described SIP is according to described subscriber authorisation token, handles the call request that described ISV uses the Open API that described ISP is provided and comprises:
Described SIP receives the call request that ISV uses the Open API that described ISP is provided, and carries session id in the described request;
When described session id user bound authorization token, described SIP obtains described subscriber authorisation token and user login name according to described session id, and described subscriber authorisation token and user login name and call request are transmitted to the Open API that described ISP provides;
The result that the Open API that described SIP receives described ISP to be provided sends is transmitted to described user with described result by described ISV application.
7, the method for claim 1 is characterized in that, under the asynchronous licensing mode of user, described SIP receives before ISP passes through the authentication of user identity, also comprises:
Described SIP receives described ISV and uses the authenticating user identification request of OpenAPI and the identify label of carrying;
Described SIP transmits the described ISV that is received to ISP and uses the authenticating user identification request of OpenAPI and the identify label of carrying.
8, method as claimed in claim 7 is characterized in that, described identify label of carrying is specially: user's Open Id, exempt to step on Cookie or transfer to the user cipher of user in ISP of ISV keeping.
9, method as claimed in claim 7 is characterized in that, the described subscriber authorisation token of described establishment comprises:
SIP judges the attribute of described subscriber authorisation token according to the log-on message of Open API on SIP, and the attribute of described subscriber authorisation token comprises the scope of application of subscriber authorisation token, the rights of using of subscriber authorisation token and the type of service of subscriber authorisation token;
SIP creates described subscriber authorisation token and token stub according to the attribute of described subscriber authorisation token, and described subscriber authorisation token is related with user login name.
10, method as claimed in claim 7 is characterized in that, before the described subscriber authorisation token of described establishment, also comprises:
Described SIP receive ISP to the authentication of user identity by the time establishment subscriber authorisation token that sends request and user login name.
11, method as claimed in claim 7 is characterized in that, described SIP is according to described subscriber authorisation token, handles the call request that described ISV uses the Open API that described ISP is provided and comprises:
Described SIP receives the request of the checking authorization token stub of ISP transmission, the token stub is verified and returned to ISP the result of checking token stub.
12, a kind of system of subscriber authorisation is applied to comprise that described ISP provides different open application programming interface Open API in the network of service integration platform, ISP, ISV application; It is characterized in that described system comprises:
Service integration platform, be used for to the authentication of client by the time, according to the log-on message of the Open API of described ISV application call, create the subscriber authorisation token, handle ISV and use call request ISP;
ISV uses, the request that is used to call ISP;
ISP is used for the identity of checking client and carries out call request.
13, a kind of service integration platform of subscriber authorisation is applied to comprise that described ISP provides different open application programming interface Open API in the network of service integration platform, ISP, ISV application; It is characterized in that described service integration platform comprises:
The request receiver module is used to receive the authentication result of ISP to user identity;
The token creation module when ISP that is used for receiving when the request receiver module passes through for authentication the authentication result of user identity, is created the subscriber authorisation token;
Processing module is used for handling the call request that ISV uses the open application programming interface Open API that described ISP is provided according to described subscriber authorisation token.
14, service integration platform as claimed in claim 13 is characterized in that, described token creation module specifically comprises:
Request receives submodule, be used to receive ISP to the authentication of user identity by the time establishment subscriber authorisation token that sends request and user login name;
Token determined property submodule is used for judging according to the log-on message of Open API on SIP the attribute of described subscriber authorisation token;
The token creation submodule, the attribute that is used for the subscriber authorisation token judged according to described token determined property submodule is created described subscriber authorisation token.
15, service integration platform as claimed in claim 13 is characterized in that, under the synchronous licensing mode of user, also comprises:
The subscriber authorisation judge module is used for judging according to the call request of the described ISV application of asking receiver module to receive to OpenAPI whether described request needs subscriber authorisation;
Information is returned module, when described subscriber authorisation judge module judges that described request needs subscriber authorisation, returns the user to the ISV application and logins the authorization page address.
16, service integration platform as claimed in claim 15 is characterized in that, described token creation submodule also is used for:
With described subscriber authorisation token and session id binding, and related with user name.
17, service integration platform as claimed in claim 15 is characterized in that, described processing module specifically is used for:
When described establishment token submodule had been bound described session id and subscriber authorisation token, described processing module was transmitted described subscriber authorisation token and user login name and call request to the OpenAPI that described ISP provides.
18, service integration platform as claimed in claim 13 is characterized in that, under the asynchronous licensing mode of user,
The described request receiver module also is used for: receive described ISV and use the authenticating user identification request of Open API and the identify label of carrying;
Described processing module also is used for: transmit the described ISV that is received to ISP and use the authenticating user identification request of Open API and the identify label of carrying;
Described token creation submodule also is used for: the attribute of the subscriber authorisation token of judging according to described token determined property submodule is created the token stub of described subscriber authorisation token, and the subscriber authorisation token is related with user name;
Described processing module specifically is used for: receive the request of the checking authorization token stub of ISP transmission, the token stub is verified and returned to ISP the result of checking token stub.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200910143737 CN101562621B (en) | 2009-05-25 | 2009-05-25 | User authorization method and system and device thereof |
| HK10103892.1A HK1135815A1 (en) | 2009-05-25 | 2010-04-21 | User authorization method, system and device thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200910143737 CN101562621B (en) | 2009-05-25 | 2009-05-25 | User authorization method and system and device thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101562621A true CN101562621A (en) | 2009-10-21 |
| CN101562621B CN101562621B (en) | 2013-05-22 |
Family
ID=41221239
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200910143737 Active CN101562621B (en) | 2009-05-25 | 2009-05-25 | User authorization method and system and device thereof |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101562621B (en) |
| HK (1) | HK1135815A1 (en) |
Cited By (50)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102193798A (en) * | 2011-03-22 | 2011-09-21 | 天津大学 | Method for automatically acquiring Open application programming interface (API) based on Internet |
| WO2011137803A1 (en) * | 2011-05-20 | 2011-11-10 | 华为技术有限公司 | Method and device for selecting open application programming interface |
| CN102281311A (en) * | 2010-06-10 | 2011-12-14 | 阿里巴巴集团控股有限公司 | Method, system and device for implementing network service based on open application programming interface |
| CN102546532A (en) * | 2010-12-07 | 2012-07-04 | ***通信集团公司 | Capacity calling method, capacity calling request device, capacity calling platform and capacity calling system |
| CN102638473A (en) * | 2012-05-04 | 2012-08-15 | 盛趣信息技术(上海)有限公司 | User data authorization method, device and system |
| CN102648603A (en) * | 2009-12-08 | 2012-08-22 | 三星电子株式会社 | Method and apparatus for using service of plurality of internet service providers |
| CN102664933A (en) * | 2012-04-06 | 2012-09-12 | 中国联合网络通信集团有限公司 | User authorization method, application terminal, open platform and system |
| CN102694847A (en) * | 2012-05-03 | 2012-09-26 | 北京新媒传信科技有限公司 | Method and device for capturing user dynamic state in third-party open platform |
| CN102710640A (en) * | 2012-05-31 | 2012-10-03 | 中国联合网络通信集团有限公司 | Authorization requesting method, device and system |
| CN102768721A (en) * | 2012-06-25 | 2012-11-07 | 奇智软件(北京)有限公司 | Method and device for controlling white list |
| CN102833328A (en) * | 2012-08-17 | 2012-12-19 | 中国联合网络通信集团有限公司 | Unified application calling method and unified calling client |
| CN103001936A (en) * | 2011-09-16 | 2013-03-27 | 北京新媒传信科技有限公司 | Method and system for third party application interface authorization |
| CN103078827A (en) * | 2011-10-25 | 2013-05-01 | 腾讯数码(天津)有限公司 | Open platform system called by third-party applications and implementation method for open platform system |
| CN103095666A (en) * | 2011-11-07 | 2013-05-08 | 阿里巴巴集团控股有限公司 | Third-party application processing method and device |
| CN103220259A (en) * | 2012-01-20 | 2013-07-24 | 华为技术有限公司 | Using method, call method, device and system of Oauth application programming interface (API) |
| CN103490898A (en) * | 2013-09-22 | 2014-01-01 | 新浪网技术(中国)有限公司 | E-mail collection authorization method, device and system |
| CN103533053A (en) * | 2013-10-15 | 2014-01-22 | 中国联合网络通信集团有限公司 | Approving method, server and system for open application programming interface |
| CN103577731A (en) * | 2012-07-18 | 2014-02-12 | ***通信集团公司 | Software processing method and device |
| CN103618790A (en) * | 2013-11-28 | 2014-03-05 | 深圳先进技术研究院 | Method and system for obtaining API service |
| CN103942093A (en) * | 2013-01-23 | 2014-07-23 | 阿里巴巴集团控股有限公司 | Service processing method and system |
| CN103959249A (en) * | 2011-10-04 | 2014-07-30 | 诺基亚公司 | Method and apparatus for providing an application marketplace |
| CN104113552A (en) * | 2014-07-28 | 2014-10-22 | 百度在线网络技术(北京)有限公司 | Platform authorization method, platform server side, application client side and system |
| CN104113549A (en) * | 2014-07-28 | 2014-10-22 | 百度在线网络技术(北京)有限公司 | Platform authorization method, platform server side, application client side and system |
| CN104239028A (en) * | 2013-06-14 | 2014-12-24 | 索尼公司 | Information processing device, information processing method and program |
| TWI476621B (en) * | 2010-08-27 | 2015-03-11 | Alibaba Group Holding Ltd | Method, system and device for realizing network service based on open application programming interface |
| CN104823408A (en) * | 2012-12-06 | 2015-08-05 | 高通股份有限公司 | Management of network devices utilizing authorization token |
| CN104850776A (en) * | 2014-02-18 | 2015-08-19 | 中国电信股份有限公司 | Method and device for controlling API (Application Program Interface) call, and mobile terminal |
| CN105531710A (en) * | 2013-09-12 | 2016-04-27 | 波音公司 | Method of authorizing an operation to be performed on a targeted computing device |
| CN105580038A (en) * | 2013-07-24 | 2016-05-11 | 维萨国际服务协会 | Systems and methods for interoperable network token processing |
| CN105704154A (en) * | 2016-04-01 | 2016-06-22 | 金蝶软件(中国)有限公司 | RESTful-based service processing method, device and system |
| CN105847226A (en) * | 2015-01-30 | 2016-08-10 | 株式会社Pfu | Server, system and access token management method |
| CN106059994A (en) * | 2016-04-29 | 2016-10-26 | 华为技术有限公司 | Data transmission method and network equipment |
| CN106464735A (en) * | 2014-11-10 | 2017-02-22 | 谷歌公司 | Implementation of third party services in a digital service platform |
| CN103795712B (en) * | 2014-01-17 | 2017-05-17 | 歌尔股份有限公司 | Method and device for authentication during Web Service calling |
| CN106709288A (en) * | 2016-12-22 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Application program review operating authorization processing method and application program review operating authorization processing device |
| CN106897153A (en) * | 2015-12-18 | 2017-06-27 | 阿里巴巴集团控股有限公司 | Call the method and system of API |
| CN106961392A (en) * | 2016-01-12 | 2017-07-18 | 阿里巴巴集团控股有限公司 | A kind of flow control methods and device |
| CN107026825A (en) * | 2016-02-02 | 2017-08-08 | ***通信集团陕西有限公司 | A kind of method and system for accessing big data system |
| CN107133779A (en) * | 2017-05-02 | 2017-09-05 | 山东浪潮通软信息科技有限公司 | A kind of active method, system and the browser plug-in for collecting resume of multi-domain communication |
| CN107231335A (en) * | 2016-03-24 | 2017-10-03 | 阿里巴巴集团控股有限公司 | A kind of method for processing business and device |
| CN108471409A (en) * | 2018-03-15 | 2018-08-31 | 苏州思必驰信息科技有限公司 | The application programming interfaces authentication configuration method and system of voice dialogue platform |
| CN109150805A (en) * | 2017-06-19 | 2019-01-04 | 亿阳安全技术有限公司 | The method for managing security and system of application programming interface |
| CN109471870A (en) * | 2018-11-16 | 2019-03-15 | 北京金山云网络技术有限公司 | Method, apparatus, electronic equipment and the computer-readable medium that resource data is read |
| CN109802941A (en) * | 2018-12-14 | 2019-05-24 | 平安科技(深圳)有限公司 | A kind of login validation method, device, storage medium and server |
| CN110505198A (en) * | 2019-07-05 | 2019-11-26 | 中国平安财产保险股份有限公司 | A kind of checking request method, apparatus, computer equipment and storage medium |
| CN111010396A (en) * | 2019-12-17 | 2020-04-14 | 紫光云(南京)数字技术有限公司 | Internet identity authentication management method |
| CN111355743A (en) * | 2020-03-11 | 2020-06-30 | 成都卓杭网络科技股份有限公司 | Management method and system based on API gateway |
| CN112785298A (en) * | 2020-12-31 | 2021-05-11 | 山东数字能源交易中心有限公司 | Mutual trust payment system |
| US11710119B2 (en) | 2013-10-11 | 2023-07-25 | Visa International Service Association | Network token system |
| US12015607B2 (en) | 2021-08-13 | 2024-06-18 | The Toronto-Dominion Bank | System and method for authenticating client devices communicating with an enterprise system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101296243B (en) * | 2008-06-26 | 2013-02-20 | 阿里巴巴集团控股有限公司 | Service integration platform system and method for providing internet service |
| CN101404575B (en) * | 2008-11-06 | 2011-09-28 | 阿里巴巴集团控股有限公司 | Method and system for updating indorsement algorithm |
-
2009
- 2009-05-25 CN CN 200910143737 patent/CN101562621B/en active Active
-
2010
- 2010-04-21 HK HK10103892.1A patent/HK1135815A1/en unknown
Cited By (88)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102648603A (en) * | 2009-12-08 | 2012-08-22 | 三星电子株式会社 | Method and apparatus for using service of plurality of internet service providers |
| CN102648603B (en) * | 2009-12-08 | 2016-01-20 | 三星电子株式会社 | Use the method and apparatus of the service of multiple ISP |
| CN102281311B (en) * | 2010-06-10 | 2014-06-04 | 阿里巴巴集团控股有限公司 | Method, system and device for implementing network service based on open application programming interface |
| CN102281311A (en) * | 2010-06-10 | 2011-12-14 | 阿里巴巴集团控股有限公司 | Method, system and device for implementing network service based on open application programming interface |
| US9699257B2 (en) | 2010-06-10 | 2017-07-04 | Alibaba Group Holding Limited | Online business method, system and apparatus based on open application programming interface |
| US9146786B2 (en) | 2010-06-10 | 2015-09-29 | Alibaba Group Holding Limited | Online business method, system and apparatus based on open application programming interface |
| TWI476621B (en) * | 2010-08-27 | 2015-03-11 | Alibaba Group Holding Ltd | Method, system and device for realizing network service based on open application programming interface |
| CN102546532B (en) * | 2010-12-07 | 2016-03-30 | ***通信集团公司 | Capacity calling method, request unit, platform and system |
| CN102546532A (en) * | 2010-12-07 | 2012-07-04 | ***通信集团公司 | Capacity calling method, capacity calling request device, capacity calling platform and capacity calling system |
| CN102193798A (en) * | 2011-03-22 | 2011-09-21 | 天津大学 | Method for automatically acquiring Open application programming interface (API) based on Internet |
| CN102193798B (en) * | 2011-03-22 | 2013-08-21 | 天津大学 | Method for automatically acquiring Open application programming interface (API) based on Internet |
| US8839276B2 (en) | 2011-05-20 | 2014-09-16 | Huawei Technologies Co., Ltd. | Open application programming interface selection method and device |
| WO2011137803A1 (en) * | 2011-05-20 | 2011-11-10 | 华为技术有限公司 | Method and device for selecting open application programming interface |
| CN103001936B (en) * | 2011-09-16 | 2016-05-25 | 北京新媒传信科技有限公司 | A kind of third party's application interface authorization method and system |
| CN103001936A (en) * | 2011-09-16 | 2013-03-27 | 北京新媒传信科技有限公司 | Method and system for third party application interface authorization |
| CN103959249A (en) * | 2011-10-04 | 2014-07-30 | 诺基亚公司 | Method and apparatus for providing an application marketplace |
| CN103078827A (en) * | 2011-10-25 | 2013-05-01 | 腾讯数码(天津)有限公司 | Open platform system called by third-party applications and implementation method for open platform system |
| CN103078827B (en) * | 2011-10-25 | 2017-05-31 | 腾讯数码(天津)有限公司 | Open platform system and implementation method that third-party application is called |
| CN103095666B (en) * | 2011-11-07 | 2016-03-23 | 阿里巴巴集团控股有限公司 | Third-party application processing method and device |
| CN103095666A (en) * | 2011-11-07 | 2013-05-08 | 阿里巴巴集团控股有限公司 | Third-party application processing method and device |
| WO2013107403A1 (en) * | 2012-01-20 | 2013-07-25 | 华为技术有限公司 | Method, device and system for using and invoking oauth api |
| CN103220259A (en) * | 2012-01-20 | 2013-07-24 | 华为技术有限公司 | Using method, call method, device and system of Oauth application programming interface (API) |
| CN103220259B (en) * | 2012-01-20 | 2016-06-08 | 华为技术有限公司 | The use of Oauth API, call method, equipment and system |
| US9430302B2 (en) | 2012-01-20 | 2016-08-30 | Huawei Technologies Co., Ltd. | Method, device and system for using and invoking Oauth API |
| CN102664933B (en) * | 2012-04-06 | 2015-03-18 | 中国联合网络通信集团有限公司 | User authorization method, application terminal, open platform and system |
| CN102664933A (en) * | 2012-04-06 | 2012-09-12 | 中国联合网络通信集团有限公司 | User authorization method, application terminal, open platform and system |
| CN102694847B (en) * | 2012-05-03 | 2014-10-22 | 北京新媒传信科技有限公司 | Method and device for capturing user dynamic state in third-party open platform |
| CN102694847A (en) * | 2012-05-03 | 2012-09-26 | 北京新媒传信科技有限公司 | Method and device for capturing user dynamic state in third-party open platform |
| CN102638473B (en) * | 2012-05-04 | 2014-12-10 | 盛趣信息技术(上海)有限公司 | User data authorization method, device and system |
| CN102638473A (en) * | 2012-05-04 | 2012-08-15 | 盛趣信息技术(上海)有限公司 | User data authorization method, device and system |
| CN102710640A (en) * | 2012-05-31 | 2012-10-03 | 中国联合网络通信集团有限公司 | Authorization requesting method, device and system |
| CN102710640B (en) * | 2012-05-31 | 2015-03-18 | 中国联合网络通信集团有限公司 | Authorization requesting method, device and system |
| CN102768721A (en) * | 2012-06-25 | 2012-11-07 | 奇智软件(北京)有限公司 | Method and device for controlling white list |
| CN102768721B (en) * | 2012-06-25 | 2016-06-01 | 北京奇虎科技有限公司 | The method of control White List and device |
| CN103577731B (en) * | 2012-07-18 | 2016-10-05 | ***通信集团公司 | A kind of software processing method and device |
| CN103577731A (en) * | 2012-07-18 | 2014-02-12 | ***通信集团公司 | Software processing method and device |
| CN102833328A (en) * | 2012-08-17 | 2012-12-19 | 中国联合网络通信集团有限公司 | Unified application calling method and unified calling client |
| CN104823408A (en) * | 2012-12-06 | 2015-08-05 | 高通股份有限公司 | Management of network devices utilizing authorization token |
| CN103942093B (en) * | 2013-01-23 | 2018-02-13 | 阿里巴巴集团控股有限公司 | Method for processing business and system |
| CN103942093A (en) * | 2013-01-23 | 2014-07-23 | 阿里巴巴集团控股有限公司 | Service processing method and system |
| CN104239028A (en) * | 2013-06-14 | 2014-12-24 | 索尼公司 | Information processing device, information processing method and program |
| CN104239028B (en) * | 2013-06-14 | 2019-01-22 | 索尼公司 | Information processing equipment, information processing method and program |
| CN105874495A (en) * | 2013-07-24 | 2016-08-17 | 维萨国际服务协会 | Systems and methods for communicating risk using token assurance data |
| CN105580038A (en) * | 2013-07-24 | 2016-05-11 | 维萨国际服务协会 | Systems and methods for interoperable network token processing |
| US11915235B2 (en) | 2013-07-24 | 2024-02-27 | Visa International Service Association | Systems and methods for communicating token attributes associated with a token vault |
| US11093936B2 (en) | 2013-07-24 | 2021-08-17 | Visa International Service Association | Systems and methods for communicating token attributes associated with a token vault |
| CN105531710A (en) * | 2013-09-12 | 2016-04-27 | 波音公司 | Method of authorizing an operation to be performed on a targeted computing device |
| CN103490898A (en) * | 2013-09-22 | 2014-01-01 | 新浪网技术(中国)有限公司 | E-mail collection authorization method, device and system |
| CN103490898B (en) * | 2013-09-22 | 2017-01-18 | 新浪网技术(中国)有限公司 | E-mail collection authorization method, device and system |
| US11710119B2 (en) | 2013-10-11 | 2023-07-25 | Visa International Service Association | Network token system |
| CN103533053B (en) * | 2013-10-15 | 2016-08-17 | 中国联合网络通信集团有限公司 | The measures and procedures for the examination and approval, server and the system of a kind of open applications Program Interfaces |
| CN103533053A (en) * | 2013-10-15 | 2014-01-22 | 中国联合网络通信集团有限公司 | Approving method, server and system for open application programming interface |
| CN103618790A (en) * | 2013-11-28 | 2014-03-05 | 深圳先进技术研究院 | Method and system for obtaining API service |
| CN103795712B (en) * | 2014-01-17 | 2017-05-17 | 歌尔股份有限公司 | Method and device for authentication during Web Service calling |
| CN104850776A (en) * | 2014-02-18 | 2015-08-19 | 中国电信股份有限公司 | Method and device for controlling API (Application Program Interface) call, and mobile terminal |
| CN104113552B (en) * | 2014-07-28 | 2017-06-16 | 百度在线网络技术(北京)有限公司 | A kind of platform authorization method, platform service end and applications client and system |
| CN104113552A (en) * | 2014-07-28 | 2014-10-22 | 百度在线网络技术(北京)有限公司 | Platform authorization method, platform server side, application client side and system |
| CN104113549B (en) * | 2014-07-28 | 2017-07-18 | 百度在线网络技术(北京)有限公司 | A kind of platform authorization method, platform service end and applications client and system |
| CN104113549A (en) * | 2014-07-28 | 2014-10-22 | 百度在线网络技术(北京)有限公司 | Platform authorization method, platform server side, application client side and system |
| CN106464735A (en) * | 2014-11-10 | 2017-02-22 | 谷歌公司 | Implementation of third party services in a digital service platform |
| US10567301B2 (en) | 2014-11-10 | 2020-02-18 | Google Llc | Implementation of third party services in a digital service platform |
| CN105847226A (en) * | 2015-01-30 | 2016-08-10 | 株式会社Pfu | Server, system and access token management method |
| CN105847226B (en) * | 2015-01-30 | 2019-07-16 | 株式会社Pfu | Access token management system |
| CN106897153B (en) * | 2015-12-18 | 2021-07-30 | 阿里巴巴集团控股有限公司 | Method and system for calling application programming interface |
| CN106897153A (en) * | 2015-12-18 | 2017-06-27 | 阿里巴巴集团控股有限公司 | Call the method and system of API |
| CN106961392A (en) * | 2016-01-12 | 2017-07-18 | 阿里巴巴集团控股有限公司 | A kind of flow control methods and device |
| CN106961392B (en) * | 2016-01-12 | 2020-04-24 | 阿里巴巴集团控股有限公司 | Flow control method and device |
| CN107026825A (en) * | 2016-02-02 | 2017-08-08 | ***通信集团陕西有限公司 | A kind of method and system for accessing big data system |
| CN107231335B (en) * | 2016-03-24 | 2021-05-25 | 创新先进技术有限公司 | Service processing method and device |
| CN107231335A (en) * | 2016-03-24 | 2017-10-03 | 阿里巴巴集团控股有限公司 | A kind of method for processing business and device |
| CN105704154A (en) * | 2016-04-01 | 2016-06-22 | 金蝶软件(中国)有限公司 | RESTful-based service processing method, device and system |
| CN105704154B (en) * | 2016-04-01 | 2019-11-05 | 金蝶软件(中国)有限公司 | A kind of service processing method based on RESTful, apparatus and system |
| CN106059994A (en) * | 2016-04-29 | 2016-10-26 | 华为技术有限公司 | Data transmission method and network equipment |
| CN106059994B (en) * | 2016-04-29 | 2020-02-14 | 华为技术有限公司 | Data transmission method and network equipment |
| CN106709288B (en) * | 2016-12-22 | 2018-07-24 | 腾讯科技(深圳)有限公司 | Application program review operations permission treating method and apparatus |
| CN106709288A (en) * | 2016-12-22 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Application program review operating authorization processing method and application program review operating authorization processing device |
| CN107133779A (en) * | 2017-05-02 | 2017-09-05 | 山东浪潮通软信息科技有限公司 | A kind of active method, system and the browser plug-in for collecting resume of multi-domain communication |
| CN109150805A (en) * | 2017-06-19 | 2019-01-04 | 亿阳安全技术有限公司 | The method for managing security and system of application programming interface |
| CN109150805B (en) * | 2017-06-19 | 2021-07-09 | 亿阳安全技术有限公司 | Security management method and system for application programming interface |
| CN108471409B (en) * | 2018-03-15 | 2019-09-03 | 苏州思必驰信息科技有限公司 | The application programming interfaces authentication configuration method and system of voice dialogue platform |
| CN108471409A (en) * | 2018-03-15 | 2018-08-31 | 苏州思必驰信息科技有限公司 | The application programming interfaces authentication configuration method and system of voice dialogue platform |
| CN109471870A (en) * | 2018-11-16 | 2019-03-15 | 北京金山云网络技术有限公司 | Method, apparatus, electronic equipment and the computer-readable medium that resource data is read |
| CN109802941A (en) * | 2018-12-14 | 2019-05-24 | 平安科技(深圳)有限公司 | A kind of login validation method, device, storage medium and server |
| CN110505198A (en) * | 2019-07-05 | 2019-11-26 | 中国平安财产保险股份有限公司 | A kind of checking request method, apparatus, computer equipment and storage medium |
| CN111010396A (en) * | 2019-12-17 | 2020-04-14 | 紫光云(南京)数字技术有限公司 | Internet identity authentication management method |
| CN111355743A (en) * | 2020-03-11 | 2020-06-30 | 成都卓杭网络科技股份有限公司 | Management method and system based on API gateway |
| CN112785298A (en) * | 2020-12-31 | 2021-05-11 | 山东数字能源交易中心有限公司 | Mutual trust payment system |
| US12015607B2 (en) | 2021-08-13 | 2024-06-18 | The Toronto-Dominion Bank | System and method for authenticating client devices communicating with an enterprise system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101562621B (en) | 2013-05-22 |
| HK1135815A1 (en) | 2010-06-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101562621B (en) | User authorization method and system and device thereof | |
| US11637820B2 (en) | Customizable sign-on service | |
| US9992206B2 (en) | Enhanced security for electronic communications | |
| CN106716918B (en) | User authentication method and system | |
| CN113396569A (en) | System and method for second factor authentication of customer support calls | |
| CN103685139B (en) | Certificate Authority processing method and processing device | |
| CN109309666A (en) | Interface security control method and terminal device in a kind of network security | |
| CN102457509B (en) | Cloud computing resources safety access method, Apparatus and system | |
| CN102724647A (en) | Method and system for access capability authorization | |
| RU2008141288A (en) | AUTHENTICATION FOR COMMERCIAL TRANSACTION WITH THE MOBILE MODULE | |
| JP5838218B2 (en) | Application store system and application development method using the application store system | |
| EP2894891A2 (en) | Mobile token | |
| US9210155B2 (en) | System and method of extending a host website | |
| CN113661699A (en) | System and method for pre-authentication of customer support calls | |
| KR102116587B1 (en) | Method and system using a cyber id to provide secure transactions | |
| CN110198540A (en) | Authentication method and device | |
| CN115412294A (en) | Platform service-based access method and device, storage medium and electronic equipment | |
| TW201030637A (en) | A method providing internet service and service integration platform system | |
| CN103841103B (en) | A kind of apparatus and method for obtaining public authorization service | |
| JP5632429B2 (en) | Service authentication method and system for building a closed communication environment in an open communication environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1135815 Country of ref document: HK |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: GR Ref document number: 1135815 Country of ref document: HK |