Authorization authentication method and authorization authentication device for application program

[0083] In order to make the purpose, technical solutions and advantages of the embodiments of this application clearer, the technical solutions in the embodiments of this application will be described clearly and completely in conjunction with the accompanying drawings in the embodiments of this application. Obviously, the described embodiments are only It is a part of the embodiments of this application, but not all the embodiments. The components of the embodiments of the present application generally described and shown in the drawings herein may be arranged and designed in various different configurations. Therefore, the following detailed description of the embodiments of the present application provided in the accompanying drawings is not intended to limit the scope of the claimed application, but merely represents selected embodiments of the present application. Based on the embodiments of this application, every other embodiment obtained by those skilled in the art without creative work falls within the protection scope of this application.

[0084] First, introduce the applicable application scenarios of this application. This application can be applied to the field of communication technology. See figure 1 , figure 1 It is a system composition in this application scenario. Such as figure 1 As shown in, the system includes a server and an application side. The server includes multiple application side information. Each of the application ends can be authenticated for application usage rights. The server acts as a user on the application side. When logging in to an application, receive the user's identity authentication information sent by the application, perform identity authentication on the user, generate authentication token information when the identity authentication is successful, and send the authentication token information to the application Receiving the authority authentication information including the authentication token information sent by the application terminal again, and the server re-authenticates the authority authentication information to determine whether the user has the authority to use the application.

[0085] After research, it is found that each application is currently bound to the corresponding application. For a collective organization, a large number of bindings are a waste of resources when there is no need to use a large number of applications. In order to avoid resource waste, when only a few applications are bound, congestion will be caused when a large number of applications are used, and users also need to go to a specific application to use it.

[0086] Based on this, the purpose of this application is to provide an application authorization authentication method and authorization authentication device. By receiving the user identity authentication information sent by the application, the server first authenticates the user’s identity information. When the user’s identity authentication is successful When the server generates authentication token information, and sends the authentication token information to the application side; then it receives the authorization authentication request including the authentication token information again, and obtains the authorization information according to the identification information in the authorization authentication information. The collective organization to which the user belongs, and the order information of the collective organization's use authority for the application, confirm that the user has the authority to use the application, even if the user changes the application that was previously bound to the application , And still be able to use the app.

[0087] See figure 2 , figure 2 This is a flowchart of an application authorization authentication method provided in this embodiment of the application. As figure 2 As shown in the embodiment of the present application, the application authorization authentication method, applied to the server, includes:

[0088] Step 201: When the user logs in to the application on the application side, receive the user's identity authentication information sent by the application side.

[0089] In this step, when the user wants to use the application, he will enter the login information on the application side. The application side will encrypt the login information entered by the user to form identity authentication information and send it to the server. The server receives the information sent by the application side. The identity authentication information is used to subsequently authenticate the identity of the user.

[0090] Wherein, the identity authentication information includes unique information that can prove the identity of the user, such as a user name, a password, and an application-side identification code.

[0091] Step 202: Perform identity authentication on the user based on the identity authentication information.

[0092] In this step, based on the received identity authentication information, the identity authentication information is decrypted, and the user is authenticated by the decrypted result information.

[0093] Step 203: When the user identity authentication is successful, generate authentication token information, and send the authentication passed information to the application terminal, where the authentication token information includes identification information of the user.

[0094] In this step, when the user identity authentication information is recorded in the server or there is authority, the user identity authentication is successful, and when the user identity authentication is successful, the server will generate authentication token information and generate The authentication token information is sent to the application terminal, wherein the authentication token information includes user identification information.

[0095] Wherein, the identification information may be an individual's identification information or an organization's identification information. Specifically, when the user is in the form of an individual, that is, when the user can only use the application by himself, the The server will return an individual's identification information; if the user is in the form of an organization, that is, when the user refers to an organization, the server will return an identification information that can represent the organization.

[0096] Step 204: Receive a permission authentication request sent by the application terminal after receiving the authentication token information, where the permission authentication request includes the authentication token information.

[0097] In this step, the authority authentication information sent again by the application terminal after receiving the authentication token information is received, wherein the authority authentication information center includes the authentication token information returned by the server for the first time.

[0098] Step 205: Obtain the collective organization to which the user belongs according to the identification information in the authority authentication information, and determine the order information of the collective organization's use authority for the application and the orders of each sub-organization in the collective organization information.

[0099] In this step, the authority authentication information is decrypted, the identification information in the authority authentication information is obtained, and based on the obtained identification information, the collective organization to which the user belongs is obtained, and at the same time, the collective organization to which the user belongs is obtained. The order information of the usage authority of the application program and the order information of each sub-organization in the collective organization.

[0100] Step 206: If the order information indicates that the collective organization has subscribed to the application, it is determined that the user has the use authority of the application, and the authority authentication information allowing the use of the application is sent to the user.

[0101] In this step, based on the obtained order information of the collective organization to which the user belongs to the use authority of the application, it is determined whether the collective organization has subscribed to the application, and if the order information indicates that the collective organization has subscribed The application program determines that the user has the permission to use the application program, and sends to the user permission authentication information that allows the use of the application program; if the order information indicates that the collective organization has not ordered all the If the application program is described, then information that the user has not subscribed to the application program use permission is generated to the user.

[0102] Further, after step 206, the authorization authentication method further includes: based on the order information, determining the target usage quantity of the application program allowed to be used simultaneously in the collective organization; and obtaining the authorized usage quantity of the application program online Based on the target usage quantity and the authorized usage quantity, determine the usage channel occupation information of the application program; if the usage channel occupation information indicates that the number of users of the application program does not reach the upper limit, send the user The usage information of the application program, where the usage information includes at least permission information indicating the user to use the application program, application terminal information for using the application program, and network channel information.

[0103] In this step, based on the acquired order information, determine the target usage quantity of the application program allowed to be used simultaneously in the collective organization, and obtain the authorized usage quantity of the application program online at the current moment; based on the The target usage quantity and the authorized usage quantity determine the usage channel occupancy information of the application program at the current moment. If the target usage quantity is greater than the authorized usage quantity, the usage channel occupancy information indicates the number of users of the application program If the upper limit is not reached, send the usage information of the application to the user; if the target usage quantity is equal to the authorized usage quantity, the usage channel occupation information indicates that the number of users of the application reaches the upper limit, and the The user sends a notification of the upper limit of the use of the application, wherein the use information includes at least permission information indicating that the user uses the application, application information for using the application, and network channel information, wherein the upper limit of use The notification includes at least prohibition information instructing the user to use the application, application information for using the application, and network channel information.

[0104] Further, before step 204, the authorization authentication method further includes: receiving an order number query request sent by the application terminal; based on the order number query request, querying all order numbers of the collective organization to which the user belongs, And send all the query order numbers to the application terminal.

[0105] In this step, the authentication information is sent to the application terminal, and the order number query request sent by the application terminal will be received. According to the order number query request, the order number of all the orders of the collective institution to which the user belongs is issued in the server. And send all the order numbers found to the application terminal.

[0106] Further, step 205 also includes: decrypting the authority authentication information to obtain the identification information in the authority authentication information; based on the identification information, obtaining an order for the use authority of the collective agency for the application program Information and at least one order number of the collective organization; and based on the at least one order number, obtain order information of each sub-organization in the collective organization.

[0107] In this step, the received authority authentication information is decrypted, and the identification information in the authority authentication information is obtained from the decryption result; based on the identification information, the collective organization's Order information of the usage rights of the application program and at least one order number of the collective organization; based on the at least one order number, obtain order information of each sub-organization in the collective organization.

[0108] Among them, because in some cases, the collective organization may order the application multiple times at different times or in each sub-organization of a collective organization, but because the order time and the sub-organization to which the order belongs are different , Will generate multiple order numbers separately, and store multiple order numbers in the server, and can call multiple order numbers at the same time during authorization authentication.

[0109] In this way, if the use authority of one of the sub-organizations reaches the upper limit during use, the use authority that can be used can be retrieved from the use authority of the collective organization to which the sub-organization belongs.

[0110] Further, before step 206, the authorization authentication method further includes: obtaining the order identification code in the order information; based on the authentication token information and the order identification code, determining that the collective institution is The online usage status of the usage channel of the application; the usage channel occupancy information is updated according to the online usage status of the usage channel at the current moment.

[0111] In this step, the order identification code is obtained from the order information, and based on the authentication token information and the order identification code, real-time monitoring of the online usage status of the use channel of the application by the collective institution is determined, The collective organization at the current moment has an online use status of the use channel of the application, and updates the channel occupation information according to the current use channel online use status.

[0112] Specifically, during the monitoring process, if it is found that the online use status of one of the used channels has not been updated within the preset time range, then it is considered that the used channel is no longer in use, and this will be deleted from the channel occupation information Channel information.

[0113] The application authorization authentication method provided by the embodiment of the application receives the user's identity authentication information sent by the application when the user logs into the application; based on the identity authentication information, the user is authenticated; When the user identity authentication is successful, the authentication token information is generated, and the authentication passed information is sent to the application end, where the authentication token information includes the user's identification information; The authority authentication request sent after the authentication token information, wherein the authority authentication request includes the authentication token information; according to the identification information in the authority authentication information, the collective organization to which the user belongs, and the Order information of the collective agency’s use authority for the application; if the order information indicates that the collective agency has subscribed to the application, it is determined that the user has the authority to use the application, and the user Send permission authentication information that allows the use of the application program.

[0114] In this way, when the user logs in to the application on the application side, the user’s identity authentication information is authenticated. When the identity authentication is successful, authentication token information is generated and sent to the application side, and the application side receives the authentication token information After that, it sends a permission authentication request to the server again, and the server obtains the order information of the collective organization’s use permission for the application according to the identification information in the permission authentication information, and determines that the user has the permission to use the application. , And send permission authentication information that allows the use of the application to the user. Even if the user changes the application that was previously bound to the application, the application can still be used.

[0115] See image 3 , image 3 This is a flowchart of another application authorization authentication method provided in this embodiment of the application. Such as image 3 As shown in the embodiment of the present application, another application authorization authentication method, applied to the application side, includes:

[0116] Step 301: When the user logs into the application on the application side, the user's identity authentication information is sent to the server.

[0117] In this step, when the user logs in to the application on the application side, he will enter some unique user information such as user name and password, and combine these unique user information into the user’s identity authentication information, and the identity authentication The information is sent to the server.

[0118] Step 302: After receiving the authentication pass information fed back by the server, send a permission authentication request to the server, where the permission authentication request includes authentication token information.

[0119] In this step, if the identity authentication information sent by the application to the server passes the identity authentication of the server, the application will send a permission authentication request to the server. The permission authentication request sent again includes that the server has passed the authentication Then, the authentication token information sent to the application side.

[0120] Step 303: Receive authority authentication information fed back by the server.

[0121] In this step, after the application terminal sends a permission authentication request to the server again, it will receive the permission authentication information fed back by the server, and determine whether the application terminal has use permission based on the content of the permission authentication information.

[0122] Step 304: If the authority authentication information indicates that the application is allowed to be used, it is determined that the authorization authentication of the user to use the application is successful.

[0123] In this step, after the application terminal receives the authority authentication information fed back by the server, if the authority authentication information indicates that the application is allowed to be used, it is determined that the user's authorization to use the application is successful, and the user The application can be used; if the authority authentication information indicates that the application is not allowed to be used, it is determined that the authorization authentication of the user to use the application fails, and the user cannot use the application.

[0124] Further, after receiving the authentication passing information fed back by the server and before sending the authorization authentication request to the server, the authorization authentication method further includes: sending an order number query request to the server; querying based on the sent order number Request, obtain at least one order number of the collective organization; generate authority authentication information based on the authentication token information, user information, and at least one order number, and send the authority authentication information to the server.

[0125] In this step, after the application side receives the authentication pass information fed back by the server, before sending the authorization authentication request to the server, the application side also sends an order number query request to the server to query at least one of the same collective organization Order number, and encrypt the acquired at least one order number with authentication token information, user information, and other information that can represent the user’s identity, to generate authority authentication information, and the authority will be authenticated in the subsequent processing The information is sent to the server.

[0126] In the application authorization authentication method provided by the embodiment of the application, when the user logs in to the application on the application side, the user’s identity authentication information is sent to the server; after receiving the authentication pass information fed back by the server, the authorization authentication is sent to the server Request, wherein the permission authentication request includes the authentication token information; receiving permission authentication information fed back by the server; if the permission authentication information indicates that the application is allowed to be used, it is determined that the user uses the application The authorization authentication succeeded.

[0127] In this way, when the user logs in to the application on the application side, the identity authentication is performed by sending identity authentication information to the server, and after the authentication is passed, the permission authentication request is sent to the server again to verify whether the application side used by the user has permission to use, and pass twice Authentication ensures the accuracy of the authentication process, and even if the user changes the application that was previously bound to the application, the application can still be used.

[0128] See Figure 4 to Figure 6 , Figure 4 It is one of the structural schematic diagrams of an application authorization authentication device provided in an embodiment of this application, Figure 5 The second structural diagram of an application authorization authentication device provided in this embodiment of the application, Image 6 for Figure 4 The structure diagram of the first acquisition module shown in. Such as Figure 4 As shown in the application program authorization authentication device 400 includes:

[0129] The first receiving module 401 is configured to receive the user's identity authentication information sent by the application side when the user logs into the application program on the application side;

[0130] The first authentication module 402 is configured to perform identity authentication on the user based on the identity authentication information received by the first receiving module 401;

[0131] The generating module 403 is configured to generate authentication token information when the first authentication module 402 authenticates the user identity authentication successfully, and send the authentication passed information to the application terminal, where the authentication token information includes Identification information of the user;

[0132] The second receiving module 404 is configured to receive a permission authentication request sent by the application terminal after receiving the authentication token information, where the permission authentication request includes the authentication token information;

[0133] The first obtaining module 405 is configured to obtain the collective organization to which the user belongs according to the identification information in the authority authentication information received by the second receiving module 404, and determine the authority to use the application by the collective organization Order information of and the order information of each sub-institution in the collective organization;

[0134] The first determining module 406 is configured to, if the order information indicates that the collective agency has subscribed to the application, determine that the user has the right to use the application, and send the user permission to use the application Permission authentication information.

[0135] Further, such as Figure 5 As shown, the authorization authentication device 400 further includes:

[0136] The second determining module 407 is configured to determine, based on the order information, the target number of applications allowed to be used simultaneously in the collective organization;

[0137] The second obtaining module 408 is configured to obtain the authorized use quantity for online use of the application program;

[0138] The third determining module 409 is configured to determine the usage channel occupancy information of the application program based on the target usage quantity determined by the second determination module 407 and the authorized usage quantity acquired by the second acquisition module 408;

[0139] The first sending module 410 is configured to send usage information of the application to the user if the usage channel occupancy information determined by the third determining module indicates that the number of users of the application has not reached the upper limit, wherein the usage information The information includes at least permission information that instructs the user to use the application program, application terminal information for using the application program, and network channel information.

[0140] Further, the authorization authentication device 400 is also used for:

[0141] Receiving an order number query request sent by the application terminal;

[0142] Based on the order number query request, query all the order numbers of the collective organization to which the user belongs, and feed back all the query order numbers to the application terminal.

[0143] Further, such as Image 6 As shown, the first obtaining module 405 includes:

[0144] The first obtaining unit 4051 is configured to decrypt the authority authentication information and obtain the identification information in the authority authentication information;

[0145] The second acquiring unit 4052 is configured to acquire, based on the identification information acquired by the first acquiring unit 4051, the order information of the collective organization's use authority for the application and at least one order number of the collective organization;

[0146] The third obtaining unit 4053 is configured to obtain order information of each sub-institution in the collective institution based on the at least one order number obtained by the second obtaining unit 4052.

[0147] Further, the authorization authentication device 400 is also used for:

[0148] Acquiring the order identification code in the order information;

[0149] Based on the authentication token information and the order identification code, determining the online use status of the use channel of the application by the collective institution at the current moment;

[0150] Update the usage channel occupation information according to the online usage status of the usage channel at the current moment.

[0151] The application authorization authentication device provided in the embodiment of the present application receives the identity authentication information of the user sent by the application when the user logs in to the application; performs identity authentication on the user based on the identity authentication information; When the user identity authentication is successful, the authentication token information is generated, and the authentication passed information is sent to the application end, where the authentication token information includes the user's identification information; The authority authentication request sent after the authentication token information, wherein the authority authentication request includes the authentication token information; according to the identification information in the authority authentication information, the collective organization to which the user belongs, and the Order information of the collective agency’s use authority for the application; if the order information indicates that the collective agency has subscribed to the application, it is determined that the user has the authority to use the application, and the user Send permission authentication information that allows the use of the application program.

[0152] In this way, when the user logs in to the application on the application side, the user’s identity authentication information is authenticated. When the identity authentication is successful, authentication token information is generated and sent to the application side, and the application side receives the authentication token information After that, it sends a permission authentication request to the server again, and the server obtains the order information of the collective organization’s use permission for the application according to the identification information in the permission authentication information, and determines that the user has the permission to use the application. , And send permission authentication information that allows the use of the application to the user. Even if the user changes the application that was previously bound to the application, the application can still be used.

[0153] See Figure 7 , Figure 7 A schematic structural diagram of another application authorization authentication device provided by an embodiment of the present application. Such as Figure 7 As shown in the application program authorization authentication device 700 includes:

[0154] The second sending module 701 is configured to send the user's identity authentication information to the server when the user logs in to the application on the application side;

[0155] The third sending module 702 is configured to send a permission authentication request to the server after receiving the authentication passing information fed back by the server, where the permission authentication request includes the authentication token information;

[0156] The second receiving module 703 is configured to receive authority authentication information fed back by the server;

[0157] The fifth determining module 704 is configured to determine that if the authority authentication information received by the second receiving module indicates that the application is allowed to be used, determine that the user is authorized to use the application successfully.

[0158] Further, the authorization authentication device 700 is also used for:

[0159] Send an order number query request to the server;

[0160] Obtaining at least one order number of the collective institution based on the sent order number query request;

[0161] Generate authority authentication information based on the authentication token information, user information, and at least one order number, and send the authority authentication information to the server.

[0162] The application authorization authentication device provided by the embodiment of the present application sends the user's identity authentication information to the server when the user logs into the application on the application side; after receiving the authentication pass information fed back by the server, the authorization authentication is sent to the server Request, wherein the permission authentication request includes the authentication token information; receiving permission authentication information fed back by the server; if the permission authentication information indicates that the application is allowed to be used, it is determined that the user uses the application The authorization authentication succeeded.

[0163] In this way, when the user logs in to the application on the application side, the identity authentication is performed by sending identity authentication information to the server, and after the authentication is passed, the permission authentication request is sent to the server again to verify whether the application side used by the user has permission to use, and pass twice Authentication ensures the accuracy of the authentication process. Even if the user changes the application that was previously bound to the application, the application can still be used.

[0164] See Figure 8 Figure 8 This is a schematic structural diagram of an electronic device provided in an embodiment of this application. Such as Figure 8 As shown in, the electronic device 800 includes a processor 810, a memory 820, and a bus 830.

[0165] The memory 820 stores machine-readable instructions executable by the processor 810. When the electronic device 800 is running, the processor 810 communicates with the memory 820 through a bus 830, and the machine-readable instructions are When the processor 810 executes, it can execute as described above figure 2 as well as image 3 For the steps of the authorization authentication method of the application program in the method embodiment shown, the specific implementation manner can refer to the method embodiment, which will not be repeated here.

[0166] The embodiment of the present application also provides a computer-readable storage medium, the computer-readable storage medium stores a computer program, and the computer program can be executed when run by a processor. figure 2 as well as image 3 For the steps of the authorization authentication method of the application program in the method embodiment shown, the specific implementation manner can refer to the method embodiment, which will not be repeated here.

[0167] Those skilled in the art can clearly understand that, for the convenience and conciseness of description, the specific working process of the above-described system, device, and unit can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.

[0168] In the several embodiments provided in this application, it should be understood that the disclosed system, device, and method may be implemented in other ways. The device embodiments described above are merely illustrative. For example, the division of the units is only a logical function division, and there may be other divisions in actual implementation. For example, multiple units or components may be combined or It can be integrated into another system, or some features can be ignored or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be through some communication interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms.

[0169] The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.

[0170] In addition, the functional units in each embodiment of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.

[0171] If the function is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a nonvolatile computer readable storage medium executable by a processor. Based on this understanding, the technical solution of this application essentially or the part that contributes to the existing technology or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the method described in each embodiment of the present application. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk and other media that can store program codes.

[0172] Finally, it should be noted that the above-mentioned embodiments are only specific implementations of the application, which are used to illustrate the technical solutions of the application, rather than limit it. The scope of protection of the application is not limited thereto, although referring to the foregoing The examples describe the application in detail, and those of ordinary skill in the art should understand that any person skilled in the art can still modify the technical solutions described in the foregoing examples within the technical scope disclosed in this application. Or it is easy to think of changes, or equivalent replacements of some of the technical features; and these modifications, changes or replacements do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of the application, and should be covered in this application Within the scope of protection. Therefore, the protection scope of this application shall be subject to the protection scope of the claims.