CN107251506B - Terminal data opening control method and system - Google Patents
Terminal data opening control method and system Download PDFInfo
- Publication number
- CN107251506B CN107251506B CN201680010626.8A CN201680010626A CN107251506B CN 107251506 B CN107251506 B CN 107251506B CN 201680010626 A CN201680010626 A CN 201680010626A CN 107251506 B CN107251506 B CN 107251506B
- Authority
- CN
- China
- Prior art keywords
- terminal
- application server
- party application
- data
- verification information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
技术领域technical field
本发明涉及无线通信领域,尤其涉及一种终端数据开放控制方法及系统。The present invention relates to the field of wireless communication, and in particular, to a method and system for controlling terminal data opening.
背景技术Background technique
随着移动带宽(Mobile Broadband,MBB)网络业务的迅速发展,MBB网络通过开放网络能力,以培养更多的合作伙伴,增加MBB网络业务的运营收入。With the rapid development of mobile broadband (Mobile Broadband, MBB) network services, the MBB network opens up network capabilities to cultivate more partners and increase the operating income of the MBB network service.
MBB网络开放网络能力包括MBB网络为第三方应用服务器(The 3rdparty AppServer)开放终端的隐私数据。其中,终端与MBB网络相连接,终端访问第三方应用服务器时,第三方应用服务器希望获得终端的隐私数据,例如终端的位置信息、终端的标识等等。The open network capability of MBB network includes the private data of MBB network open terminal for a third-party application server (The 3rd party AppServer). The terminal is connected to the MBB network, and when the terminal accesses the third-party application server, the third-party application server expects to obtain the private data of the terminal, such as the location information of the terminal, the identification of the terminal, and so on.
在MBB网络为第三方应用服务器开放终端的隐私数据之前,第三方应用服务器直接与终端进行隐私数据的交互,MBB网络仅作为网络管道,实现在第三方应用服务器与终端之间传输终端的隐私数据。MBB网络为第三方应用服务器开放终端的隐私数据后,MBB网络通过收集终端的隐私数据,可实现为第三方应用服务器开放终端的隐私数据。但考虑到数据的隐私性,MBB网络需要得到终端的允许,才能为第三方应用服务器开放终端的隐私数据。Before the MBB network opens the terminal's private data for the third-party application server, the third-party application server directly interacts with the terminal's private data, and the MBB network only acts as a network conduit to transmit the terminal's private data between the third-party application server and the terminal. . After the MBB network opens the terminal's private data to the third-party application server, the MBB network can open the terminal's private data to the third-party application server by collecting the terminal's private data. However, considering the privacy of data, the MBB network needs the permission of the terminal to open the private data of the terminal to the third-party application server.
综上所述,为满足MBB网络开放网络能力的需求,同时保证终端的隐私数据的安全使用,亟需设计关于终端的隐私数据开放控制方案,以实现MBB网络安全地为第三方应用服务器开放终端的隐私数据。To sum up, in order to meet the needs of the MBB network to open the network capability and ensure the safe use of the terminal's private data, it is urgent to design a control scheme for the openness of the terminal's private data, so that the MBB network can safely open the terminal to the third-party application server. privacy data.
发明内容SUMMARY OF THE INVENTION
本发明实施例提供了一种终端数据开放控制方法及系统、网络设备、第三方应用服务器及终端,用以实现MBB网络安全地为第三方应用服务器开放终端的隐私数据。Embodiments of the present invention provide a terminal data opening control method and system, a network device, a third-party application server, and a terminal, so as to implement the MBB network to securely open the terminal's private data for the third-party application server.
第一方面,本发明实施例提供的一种终端数据开放控制方法,包括:In a first aspect, a terminal data opening control method provided by an embodiment of the present invention includes:
网络设备接收第三方应用服务器发送的第一消息,所述第一消息用于请求终端允许所述第三方应用服务器获取所述终端的数据;The network device receives a first message sent by a third-party application server, where the first message is used to request the terminal to allow the third-party application server to acquire data of the terminal;
所述网络设备确定所述终端允许所述第三方应用服务器获取所述终端的数据;The network device determines that the terminal allows the third-party application server to obtain data of the terminal;
所述网络设备确定用于所述第三方应用服务器获取所述终端的数据的验证信息,并将所述验证信息发送给所述第三方应用服务器。The network device determines verification information for the third-party application server to acquire data of the terminal, and sends the verification information to the third-party application server.
结合第一方面,在第一种可能的实现方式中,所述网络设备确定用于所述第三方应用服务器获取所述终端的数据的验证信息,包括:With reference to the first aspect, in a first possible implementation manner, the network device determines the verification information for the third-party application server to acquire the data of the terminal, including:
所述网络设备配置用于所述第三方应用服务器获取所述终端的数据的验证信息;或者The network device is configured for the third-party application server to obtain the verification information of the data of the terminal; or
所述网络设备接收所述终端发送的用于所述第三方应用服务器获取所述终端的数据的验证信息。The network device receives the verification information sent by the terminal for the third-party application server to acquire the data of the terminal.
结合第一方面或第一方面的第一种可能的实现方式,在第一方面的第二种可能的实现方式中,所述网络设备将所述验证信息发送给所述第三方应用服务器之后,还包括:With reference to the first aspect or the first possible implementation manner of the first aspect, in a second possible implementation manner of the first aspect, after the network device sends the verification information to the third-party application server, Also includes:
所述网络设备接收所述第三方应用服务器发送的第二消息,所述第二消息携带所述验证信息;receiving, by the network device, a second message sent by the third-party application server, where the second message carries the verification information;
所述网络设备向所述第三方应用服务器发送所述终端的数据。The network device sends the data of the terminal to the third-party application server.
结合第一方面、第一方面的第一种至第二种任一可能的实现方式,在第一方面的第三种可能的实现方式中,所述网络设备确定所述终端允许所述第三方应用服务器获取所述终端的数据之后,还包括:With reference to the first aspect and any possible implementation manners of the first to second aspects of the first aspect, in a third possible implementation manner of the first aspect, the network device determines that the terminal allows the third party After the application server acquires the data of the terminal, it further includes:
所述网络设备确定所述终端允许所述第三方应用服务器获取所述终端的数据的时间长度;determining, by the network device, the length of time that the terminal allows the third-party application server to obtain data of the terminal;
以所述网络设备确定所述终端允许所述第三方应用服务器获取所述终端的数据的时刻为起始时刻,当持续时间超过所述时间长度时,所述网络设备确定所述验证信息无效;以及Taking the time when the network device determines that the terminal allows the third-party application server to obtain the data of the terminal as the starting time, when the duration exceeds the time length, the network device determines that the verification information is invalid; as well as
向所述第三方应用服务器发送用于指示所述验证信息无效的通知消息。A notification message indicating that the verification information is invalid is sent to the third-party application server.
结合第一方面、第一方面的第一种至第二种任一可能的实现方式,在第一方面的第四种可能的实现方式中,所述网络设备确定所述终端允许所述第三方应用服务器获取所述终端的数据之后,还包括:With reference to the first aspect and any possible implementation manners of the first to second aspects of the first aspect, in a fourth possible implementation manner of the first aspect, the network device determines that the terminal allows the third party After the application server acquires the data of the terminal, it further includes:
所述网络设备确定所述终端不允许所述第三方应用服务器获取所述终端的数据时,所述网络设备确定所述验证信息无效;以及When the network device determines that the terminal does not allow the third-party application server to obtain the data of the terminal, the network device determines that the verification information is invalid; and
向所述第三方应用服务器发送用于指示所述验证信息无效的通知消息。A notification message indicating that the verification information is invalid is sent to the third-party application server.
结合第一方面、第一方面的第一种至第四种任一可能的实现方式,在第一方面的第五种可能的实现方式中,所述终端的数据包括所述终端的隐私数据。With reference to the first aspect and any of the first to fourth possible implementation manners of the first aspect, in a fifth possible implementation manner of the first aspect, the data of the terminal includes private data of the terminal.
第二方面,本发明实施例提供的一种终端数据开放控制方法,包括:In a second aspect, a terminal data opening control method provided by an embodiment of the present invention includes:
第三方应用服务器向网络设备发送第一消息,所述第一消息用于请求终端允许所述第三方应用服务器获取所述终端的数据;The third-party application server sends a first message to the network device, where the first message is used to request the terminal to allow the third-party application server to acquire data of the terminal;
所述第三方应用服务器接收所述网络设备发送的验证信息,所述验证信息用于所述第三方应用服务器获取所述终端的数据。The third-party application server receives the verification information sent by the network device, and the verification information is used for the third-party application server to acquire data of the terminal.
结合第二方面,在第一种可能的实现方式中,第三方应用服务器向网络设备发送第一消息之前,还包括:With reference to the second aspect, in a first possible implementation manner, before the third-party application server sends the first message to the network device, the method further includes:
所述第三方应用服务器通过所述终端访问所述第三方应用服务器,确定所述第三方应用服务器需要获取所述终端的数据。The third-party application server accesses the third-party application server through the terminal, and determines that the third-party application server needs to acquire data of the terminal.
结合第二方面或第二方面的第一种可能的实现方式,在第二方面的第二种可能的实现方式中,所述第三方应用服务器接收所述网络设备发送的验证信息之后,还包括:With reference to the second aspect or the first possible implementation manner of the second aspect, in a second possible implementation manner of the second aspect, after receiving the verification information sent by the network device, the third-party application server further includes: :
所述第三方应用服务器向所述网络设备发送第二消息,所述第二消息携带所述验证信息;sending, by the third-party application server, a second message to the network device, where the second message carries the verification information;
所述第三方应用服务器接收所述网络设备发送的所述终端的数据。The third-party application server receives the data of the terminal sent by the network device.
结合第二方面、第二方面的第一种至第二种任一可能的实现方式,在第二方面的第三种可能的实现方式中,所述第三方应用服务器接收所述网络设备发送的验证信息之后,还包括:With reference to the second aspect and any possible implementation manners of the first to second aspects of the second aspect, in a third possible implementation manner of the second aspect, the third-party application server receives the data sent by the network device. After verifying the information, it also includes:
所述第三方应用服务器接收所述网络设备发送的用于指示所述验证信息无效的通知消息。The third-party application server receives a notification message sent by the network device and used to indicate that the verification information is invalid.
结合第二方面、第二方面的第一种至第三种任一可能的实现方式,在第二方面的第四种可能的实现方式中,所述终端的数据包括所述终端的隐私数据。With reference to the second aspect and any of the first to third possible implementation manners of the second aspect, in a fourth possible implementation manner of the second aspect, the data of the terminal includes private data of the terminal.
第三方面,本发明实施例提供的一种终端数据开放控制方法,包括:In a third aspect, a method for controlling terminal data opening provided by an embodiment of the present invention includes:
终端确定允许第三方应用服务器获取所述终端的数据;The terminal determines to allow the third-party application server to obtain the data of the terminal;
所述终端向网络设备发送用于指示所述终端允许所述第三方服务器获取所述终端的数据的通知消息。The terminal sends a notification message to the network device for instructing the terminal to allow the third-party server to acquire data of the terminal.
结合第三方面,在第一种可能的实现方式中,终端确定允许第三方应用服务器获取所述终端的数据之后,还包括:With reference to the third aspect, in a first possible implementation manner, after the terminal determines that the third-party application server is allowed to obtain the data of the terminal, the method further includes:
所述终端将用于所述第三方应用服务器获取所述终端的数据的验证信息发送给所述网络设备。The terminal sends, to the network device, verification information for the third-party application server to acquire data of the terminal.
结合第三方面或第三方面的第一种可能的实现方式,在第三方面的第二种可能的实现方式中,终端确定允许第三方应用服务器获取所述终端的数据之后,还包括:With reference to the third aspect or the first possible implementation manner of the third aspect, in a second possible implementation manner of the third aspect, after the terminal determines that the third-party application server is allowed to obtain the data of the terminal, the method further includes:
所述终端将所述终端允许所述第三方应用服务器获取所述终端的数据的时间长度发送给所述网络设备。The terminal sends, to the network device, the length of time during which the terminal allows the third-party application server to acquire data of the terminal.
结合第三方面、第三方面的第一种至第二种任一可能的实现方式,在第三方面的第三种可能的实现方式中,所述终端向网络设备发送用于指示所述终端允许所述第三方服务器获取所述终端的数据的通知消息之后,还包括:With reference to the third aspect and any possible implementation manners of the first to the second aspect of the third aspect, in a third possible implementation manner of the third aspect, the terminal sends a message indicating the terminal to the network device After allowing the third-party server to obtain the notification message of the data of the terminal, it further includes:
所述终端向所述网络设备发送用于指示所述终端不允许所述第三方应用服务器获取所述终端的数据的通知消息。The terminal sends, to the network device, a notification message indicating that the terminal does not allow the third-party application server to acquire data of the terminal.
结合第三方面、第三方面的第一种至第三种任一可能的实现方式,在第三方面的第四种可能的实现方式中,所述终端的数据包括所述终端的隐私数据。With reference to the third aspect and any of the first to third possible implementation manners of the third aspect, in a fourth possible implementation manner of the third aspect, the data of the terminal includes private data of the terminal.
第四方面,本发明实施例提供的一种网络设备,包括:In a fourth aspect, a network device provided by an embodiment of the present invention includes:
接收单元,用于接收第三方应用服务器发送的第一消息,所述第一消息用于请求终端允许所述第三方应用服务器获取所述终端的数据;a receiving unit, configured to receive a first message sent by a third-party application server, where the first message is used to request the terminal to allow the third-party application server to acquire data of the terminal;
处理单元,用于确定所述终端允许所述第三方应用服务器获取所述终端的数据;确定用于所述第三方应用服务器获取所述终端的数据的验证信息;a processing unit, configured to determine that the terminal allows the third-party application server to acquire the data of the terminal; determine the verification information for the third-party application server to acquire the data of the terminal;
发送单元,用于将所述处理单元确定的所述验证信息发送给所述第三方应用服务器。A sending unit, configured to send the verification information determined by the processing unit to the third-party application server.
结合第四方面,在第一种可能的实现方式中,所述处理单元确定用于所述第三方应用服务器获取所述终端的数据的验证信息时,具体用于:With reference to the fourth aspect, in a first possible implementation manner, when the processing unit determines the verification information for the third-party application server to acquire the data of the terminal, it is specifically used for:
配置用于所述第三方应用服务器获取所述终端的数据的验证信息;或者Configure verification information for the third-party application server to obtain the data of the terminal; or
所述接收单元还用于:接收所述终端发送的用于所述第三方应用服务器获取所述终端的数据的验证信息;The receiving unit is further configured to: receive the verification information sent by the terminal for the third-party application server to acquire the data of the terminal;
所述处理单元确定用于所述第三方应用服务器获取所述终端的数据的验证信息时,具体用于:When the processing unit determines the verification information for the third-party application server to obtain the data of the terminal, it is specifically used for:
将所述接收单元接收的所述验证信息确定为用于所述第三方应用服务器获取所述终端的数据的验证信息。The verification information received by the receiving unit is determined as verification information for the third-party application server to acquire data of the terminal.
结合第四方面或第四方面的第一种可能的实现方式,在第四方面的第二种可能的实现方式中,所述接收单元还用于:With reference to the fourth aspect or the first possible implementation manner of the fourth aspect, in a second possible implementation manner of the fourth aspect, the receiving unit is further configured to:
接收所述第三方应用服务器发送的第二消息,所述第二消息携带所述验证信息;receiving a second message sent by the third-party application server, where the second message carries the verification information;
所述发送单元还用于:The sending unit is also used for:
向所述第三方应用服务器发送所述终端的数据。Send the data of the terminal to the third-party application server.
结合第四方面、第四方面的第一种至第二种任一可能的实现方式,在第四方面的第三种可能的实现方式中,所述处理单元确定所述终端允许所述第三方应用服务器获取所述终端的数据之后,还用于:With reference to the fourth aspect and any possible implementation manners of the first to second aspect of the fourth aspect, in a third possible implementation manner of the fourth aspect, the processing unit determines that the terminal allows the third party After the application server obtains the data of the terminal, it is also used for:
确定所述终端允许所述第三方应用服务器获取所述终端的数据的时间长度;determining the length of time that the terminal allows the third-party application server to obtain the data of the terminal;
以所述处理单元确定所述终端允许所述第三方应用服务器获取所述终端的数据的时刻为起始时刻,当持续时间超过所述时间长度时,确定所述验证信息无效;Taking the time when the processing unit determines that the terminal allows the third-party application server to obtain the data of the terminal as the starting time, when the duration exceeds the time length, it is determined that the verification information is invalid;
所述发送单元还用于:The sending unit is also used for:
向所述第三方应用服务器发送用于指示所述验证信息无效的通知消息。A notification message indicating that the verification information is invalid is sent to the third-party application server.
结合第四方面、第四方面的第一种至第二种任一可能的实现方式,在第四方面的第四种可能的实现方式中,所述处理单元确定所述终端允许所述第三方应用服务器获取所述终端的数据之后,还用于:With reference to the fourth aspect and any possible implementation manners of the first to second aspects of the fourth aspect, in a fourth possible implementation manner of the fourth aspect, the processing unit determines that the terminal allows the third party After the application server obtains the data of the terminal, it is also used for:
确定所述终端不允许所述第三方应用服务器获取所述终端的数据时,确定所述验证信息无效;When it is determined that the terminal does not allow the third-party application server to obtain the data of the terminal, determine that the verification information is invalid;
所述发送单元还用于:The sending unit is also used for:
向所述第三方应用服务器发送用于指示所述验证信息无效的通知消息。A notification message indicating that the verification information is invalid is sent to the third-party application server.
结合第四方面、第四方面的第一种至第四种任一可能的实现方式,在第四方面的第五种可能的实现方式中,所述终端的数据包括所述终端的隐私数据。With reference to the fourth aspect and any of the first to fourth possible implementation manners of the fourth aspect, in a fifth possible implementation manner of the fourth aspect, the data of the terminal includes private data of the terminal.
第五方面,本发明实施例提供的一种第三方应用服务器,包括:In a fifth aspect, a third-party application server provided by an embodiment of the present invention includes:
发送单元,用于向网络设备发送第一消息,所述第一消息用于请求终端允许所述第三方应用服务器获取所述终端的数据;a sending unit, configured to send a first message to a network device, where the first message is used to request the terminal to allow the third-party application server to acquire data of the terminal;
接收单元,用于接收所述网络设备发送的验证信息,所述验证信息用于所述第三方应用服务器获取所述终端的数据。A receiving unit, configured to receive verification information sent by the network device, where the verification information is used by the third-party application server to acquire data of the terminal.
结合第五方面,在第一种可能的实现方式中,还包括:With reference to the fifth aspect, in the first possible implementation manner, it also includes:
处理单元,用于在所述发送单元向网络设备发送第一消息之前,通过所述终端访问所述第三方应用服务器,确定所述第三方应用服务器需要获取所述终端的数据。A processing unit, configured to access the third-party application server through the terminal before the sending unit sends the first message to the network device, and determine that the third-party application server needs to acquire the data of the terminal.
结合第五方面或第五方面的第一种可能的实现方式,在第五方面的第二种可能的实现方式中,所述发送单元还用于:With reference to the fifth aspect or the first possible implementation manner of the fifth aspect, in the second possible implementation manner of the fifth aspect, the sending unit is further configured to:
在所述接收单元接收所述网络设备发送的验证信息之后,向所述网络设备发送第二消息,所述第二消息携带所述验证信息;After receiving the verification information sent by the network device, the receiving unit sends a second message to the network device, where the second message carries the verification information;
所述接收单元还用于:The receiving unit is also used for:
接收所述网络设备发送的所述终端的数据。Receive the data of the terminal sent by the network device.
结合第五方面、第五方面的第一种至第二种任一可能的实现方式,在第五方面的第三种可能的实现方式中,所述接收单元还用于:With reference to the fifth aspect and any possible implementation manners of the first to the second aspect of the fifth aspect, in a third possible implementation manner of the fifth aspect, the receiving unit is further configured to:
在接收所述网络设备发送的验证信息之后,接收所述网络设备发送的用于指示所述验证信息无效的通知消息。After receiving the verification information sent by the network device, receive a notification message sent by the network device to indicate that the verification information is invalid.
结合第五方面、第五方面的第一种至第三种任一可能的实现方式,在第五方面的第四种可能的实现方式中,所述终端的数据包括所述终端的隐私数据。With reference to the fifth aspect and any of the first to third possible implementation manners of the fifth aspect, in a fourth possible implementation manner of the fifth aspect, the data of the terminal includes private data of the terminal.
第六方面,本发明实施例提供的一种终端,包括:In a sixth aspect, a terminal provided by an embodiment of the present invention includes:
处理单元,用于确定所述终端允许第三方应用服务器获取所述终端的数据;a processing unit, configured to determine that the terminal allows a third-party application server to obtain data of the terminal;
发送单元,用于向网络设备发送用于指示所述终端允许所述第三方服务器获取所述终端的数据的通知消息。A sending unit, configured to send a notification message for instructing the terminal to allow the third-party server to acquire data of the terminal to a network device.
结合第六方面,在第一种可能的实现方式中,所述发送单元还用于:With reference to the sixth aspect, in a first possible implementation manner, the sending unit is further configured to:
将用于所述第三方应用服务器获取所述终端的数据的验证信息发送给所述网络设备。Sending verification information for the third-party application server to acquire the data of the terminal to the network device.
结合第六方面或第六方面的第一种可能的实现方式,在第六方面的第二种可能的实现方式中,所述发送单元还用于:With reference to the sixth aspect or the first possible implementation manner of the sixth aspect, in the second possible implementation manner of the sixth aspect, the sending unit is further configured to:
将所述终端允许所述第三方应用服务器获取所述终端的数据的时间长度发送给所述网络设备。Sending the time length during which the terminal allows the third-party application server to obtain the data of the terminal to the network device.
结合第六方面、第六方面的第一种至第二种任一可能的实现方式,在第六方面的第三种可能的实现方式中,所述发送单元还用于:With reference to the sixth aspect and any possible implementation manners of the first to second aspects of the sixth aspect, in a third possible implementation manner of the sixth aspect, the sending unit is further configured to:
在向网络设备发送用于指示所述终端允许所述第三方服务器获取所述终端的数据的通知消息之后,向所述网络设备发送用于指示所述终端不允许所述第三方应用服务器获取所述终端的数据的通知消息。After sending a notification message to the network device for instructing the terminal to allow the third-party server to acquire the data of the terminal, sending a notification message to the network device to instruct the terminal to not allow the third-party application server to acquire the data of the terminal The notification message of the data of the terminal.
结合第六方面、第六方面的第一种至第三种任一可能的实现方式,在第六方面的第四种可能的实现方式中,所述终端的数据包括所述终端的隐私数据。With reference to the sixth aspect and any of the first to third possible implementation manners of the sixth aspect, in a fourth possible implementation manner of the sixth aspect, the data of the terminal includes private data of the terminal.
第七方面,本发明实施例提供的一种终端数据开放控制系统,包括网络设备、第三方应用服务器以及终端,其中,In a seventh aspect, a terminal data open control system provided by an embodiment of the present invention includes a network device, a third-party application server, and a terminal, wherein,
所述网络设备包括第四方面、第四方面的第一种至第五种可能的实现方式中任一所述的网络设备;The network device includes the network device described in any one of the fourth aspect and the first to fifth possible implementation manners of the fourth aspect;
所述第三方应用服务器包括第五方面、第五方面的第一种至第四种可能的实现方式中任一所述的第三方应用服务器;The third-party application server includes the third-party application server described in any one of the fifth aspect and the first to fourth possible implementation manners of the fifth aspect;
所述终端包括第六方面、第六方面的第一种至第四种可能的实现方式中任一所述的终端。The terminal includes the terminal described in any one of the sixth aspect and the first to fourth possible implementation manners of the sixth aspect.
本发明实施例中,第三方应用服务器需要获得终端的隐私数据时,网络设备在得到终端允许后为第三方应用服务器提供终端的隐私数据,进而实现MBB网络安全地为第三方应用服务器开放终端的隐私数据。In the embodiment of the present invention, when the third-party application server needs to obtain the private data of the terminal, the network device provides the third-party application server with the private data of the terminal after obtaining the permission of the terminal, thereby realizing that the MBB network can securely open the terminal's private data for the third-party application server. Privacy Data.
附图说明Description of drawings
图1为本发明实施例提供的系统架构示意图;1 is a schematic diagram of a system architecture provided by an embodiment of the present invention;
图2为本发明实施例提供的一种终端数据开放控制方法流程示意图;2 is a schematic flowchart of a method for controlling terminal data opening provided by an embodiment of the present invention;
图3为本发明实施例提供的一种终端数据开放控制方法流程示意图;3 is a schematic flowchart of a method for controlling terminal data opening provided by an embodiment of the present invention;
图4为本发明实施例提供的一种终端数据开放控制方法流程示意图;4 is a schematic flowchart of a method for controlling terminal data opening provided by an embodiment of the present invention;
图5为本发明实施例提供的一种终端数据开放控制方法流程示意图;5 is a schematic flowchart of a method for controlling terminal data opening provided by an embodiment of the present invention;
图6为本发明实施例提供的一种网络设备的结构示意图;FIG. 6 is a schematic structural diagram of a network device according to an embodiment of the present invention;
图7为本发明实施例提供的一种第三方应用服务器的结构示意图;7 is a schematic structural diagram of a third-party application server according to an embodiment of the present invention;
图8为本发明实施例提供的一种终端的结构示意图;FIG. 8 is a schematic structural diagram of a terminal according to an embodiment of the present invention;
图9为本发明实施例提供的一种终端数据开放控制系统的结构示意图;9 is a schematic structural diagram of a terminal data opening control system provided by an embodiment of the present invention;
图10为本发明实施例提供的一种网络设备的结构示意图;FIG. 10 is a schematic structural diagram of a network device according to an embodiment of the present invention;
图11为本发明实施例提供的一种第三方应用服务器的结构示意图;11 is a schematic structural diagram of a third-party application server according to an embodiment of the present invention;
图12为本发明实施例提供的一种终端的结构示意图。FIG. 12 is a schematic structural diagram of a terminal according to an embodiment of the present invention.
具体实施方式Detailed ways
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.
本发明实施例提供一种终端数据开放控制方法及系统、网络设备、第三方应用服务器及终端,用以实现MBB网络安全地为第三方应用服务器开放终端的隐私数据。其中,方法和装置是基于同一发明构思的,由于方法及装置解决问题的原理相似,因此装置与方法的实施可以相互参见,重复之处不再赘述。Embodiments of the present invention provide a terminal data opening control method and system, a network device, a third-party application server, and a terminal, so as to implement the MBB network to securely open the terminal's private data for the third-party application server. Among them, the method and the device are based on the same inventive concept. Since the principles of the method and the device for solving the problem are similar, the implementation of the device and the method can be referred to each other, and the repetition will not be repeated.
本发明实施例提供的技术方案适用于移动带宽(Mobile Broadband,MBB)网络,MBB网络通过开放网络能力,以培养更多的合作伙伴,增加MBB网络业务的运营收入。MBB网络开放网络能力包括MBB网络为第三方应用服务器开放终端的隐私数据。The technical solutions provided by the embodiments of the present invention are applicable to Mobile Broadband (MBB) networks, and the MBB networks open up network capabilities to cultivate more partners and increase the operating income of MBB network services. The MBB network open network capability includes the MBB network to open the private data of the terminal for the third-party application server.
以图1所示的系统架构为例,图1中包括网络设备、第三方应用服务器和终端,终端连接到网络设备后,终端访问第三方应用服务器,第三方应用服务器通过终端的访问确定是否需要获得终端的隐私数据。本发明实施例提供的技术方案涉及第三方应用服务器需要获得终端的隐私数据的情况,网络设备在得到终端允许后为第三方应用服务器提供终端的隐私数据,终端的隐私数据包括终端的位置信息、终端的标识等等。Taking the system architecture shown in Figure 1 as an example, Figure 1 includes a network device, a third-party application server, and a terminal. After the terminal is connected to the network device, the terminal accesses the third-party application server, and the third-party application server determines whether the Obtain the private data of the terminal. The technical solutions provided by the embodiments of the present invention relate to the situation that a third-party application server needs to obtain the private data of the terminal. The network device provides the third-party application server with the private data of the terminal after obtaining the permission of the terminal. The private data of the terminal includes the location information of the terminal, Terminal identification, etc.
网络设备是指MBB网络中的设备,MBB网络包括无线接入网络(Radio AccessNetwork,RAN)和演进分组核心网(Evolved Packet Core,EPC)逻辑单元,或者包括演进无线接入网络(Evolved Radio Access Network,eRAN)和EPC逻辑单元。可选的,为了MBB网络开放网络能力,MBB网络中引入统一能力中心(Unified Capability Center,UCC)设备,该UCC设备可以用于收集MBB网络数据,包括终端的隐私数据,在得到终端允许的情况下,UCC设备通过应用程序编程(Application Programming Interface,API)接口为第三方应用服务器提供终端的隐私数据。需要说明的是,MBB网络中用于收集终端的隐私数据、为第三方应用服务器提供终端的隐私数据的设备,并非仅可以是UCC设备,也可以是其他设备,MBB网络引入UCC设备仅为一个示例。The network equipment refers to the equipment in the MBB network. The MBB network includes the radio access network (Radio Access Network, RAN) and the Evolved Packet Core (Evolved Packet Core, EPC) logical unit, or includes the Evolved Radio Access Network (Evolved Radio Access Network) , eRAN) and EPC logic unit. Optionally, in order to open the network capability of the MBB network, a Unified Capability Center (UCC) device is introduced into the MBB network, and the UCC device can be used to collect MBB network data, including the private data of the terminal, with the permission of the terminal. The UCC device provides the private data of the terminal to the third-party application server through an application programming interface (Application Programming Interface, API). It should be noted that the equipment in the MBB network used to collect the private data of the terminal and provide the private data of the terminal to the third-party application server can be not only the UCC equipment, but also other equipment. The UCC equipment introduced into the MBB network is only one. Example.
需要说明的是,以下实施例提供的内容中,在终端访问第三方应用服务器之前,终端已连接到网络设备所在的MBB网络。It should be noted that, in the content provided in the following embodiments, before the terminal accesses the third-party application server, the terminal has been connected to the MBB network where the network device is located.
下面通过图2所示的流程图,说明本发明实施例提供的一种终端数据开放控制方法。A method for controlling terminal data opening provided by an embodiment of the present invention is described below with reference to the flowchart shown in FIG. 2 .
如图2所示,本发明实施例提供的一种终端数据开放控制方法中,网络设备、第三方应用服务器以及终端中间的交互流程如下:As shown in FIG. 2 , in a terminal data opening control method provided by an embodiment of the present invention, an interaction process among a network device, a third-party application server, and a terminal is as follows:
S201、终端访问第三方应用服务器。S201, the terminal accesses a third-party application server.
可选的,终端通过浏览器访问第三方应用服务器,或者,终端上安装有第三方应用,终端通过安装的第三方应用访问第三方应用服务器。Optionally, the terminal accesses the third-party application server through a browser, or a third-party application is installed on the terminal, and the terminal accesses the third-party application server through the installed third-party application.
S202、第三方应用服务器确定第三方应用服务器需要获取终端的数据。S202. The third-party application server determines that the third-party application server needs to obtain data of the terminal.
S203、第三方应用服务器向网络设备发送第一消息,第一消息用于请求终端允许第三方应用服务器获取终端的数据。S203. The third-party application server sends a first message to the network device, where the first message is used to request the terminal to allow the third-party application server to acquire data of the terminal.
S204、网络设备向终端发送用于请求指示终端是否允许第三方应用服务器获取终端的数据的请求消息。S204: The network device sends a request message to the terminal for requesting to indicate whether the terminal allows a third-party application server to acquire data of the terminal.
S205、终端向网络设备发送用于指示终端允许第三方服务器获取终端的数据的通知消息。S205: The terminal sends a notification message to the network device for instructing the terminal to allow the third-party server to acquire data of the terminal.
可选的,该通知消息还包括终端允许第三方应用服务器获取终端的数据的时间长度。Optionally, the notification message further includes the length of time that the terminal allows the third-party application server to acquire the data of the terminal.
S206、网络设备确定用于第三方应用服务器获取终端的数据的验证信息。S206: The network device determines verification information for the third-party application server to acquire data of the terminal.
例如,验证信息可以采用密钥等形式,本发明实施例中并不限定验证信息的形式。For example, the verification information may be in the form of a key or the like, and the form of the verification information is not limited in this embodiment of the present invention.
可选的,网络设备配置用于第三方应用服务器获取终端的数据的验证信息;或者,网络设备接收终端发送的用于第三方应用服务器获取终端的数据的验证信息。该验证信息可以携带在S205中终端向网络设备发送的通知消息中。例如,当终端上安装有网络设备的软件开发工具包(Software Development Kit,SDK)时,例如终端上安装有UCC的SDK,终端具备生成验证信息的功能,此时可以由终端生成验证信息,并将验证信息发送给网络设备。Optionally, the network device is configured with verification information for a third-party application server to acquire data of the terminal; or, the network device receives verification information sent by the terminal for the third-party application server to acquire data of the terminal. The verification information may be carried in the notification message sent by the terminal to the network device in S205. For example, when a software development kit (Software Development Kit, SDK) of a network device is installed on the terminal, for example, the SDK of UCC is installed on the terminal, the terminal has the function of generating verification information. Send the authentication information to the network device.
网络设备在确定用于第三方应用服务器获取终端的数据的验证信息后,保存终端的标识、第三方应用服务器的标识以及用于第三方应用服务器获取终端的数据的验证信息之间的关联信息,可以将该关联信息称为授权信息,后续网络设备根据保存的授权信息确定终端允许第三方应用服务器获取终端的数据。After determining the verification information used by the third-party application server to obtain the data of the terminal, the network device saves the association information between the identifier of the terminal, the identifier of the third-party application server, and the verification information used by the third-party application server to obtain the data of the terminal, The associated information may be referred to as authorization information, and the subsequent network device determines according to the stored authorization information that the terminal allows the third-party application server to acquire data of the terminal.
S207、网络设备将用于第三方应用服务器获取终端的数据的验证信息发送给第三方应用服务器。S207: The network device sends the verification information used by the third-party application server to obtain the data of the terminal to the third-party application server.
可选的,第三方应用服务器接收到用于第三方应用服务器获取终端的数据的验证信息后,保存终端的标识和该验证信息之间的关联信息,该关联信息也可称为授权信息。后续第三方应用服务器可以利用自身保存的授权信息向网络设备请求获取终端的数据。Optionally, after receiving the verification information for the third-party application server to acquire data of the terminal, the third-party application server saves the association information between the identifier of the terminal and the verification information, and the association information may also be called authorization information. Subsequent third-party application servers may use the authorization information stored by themselves to request the network device to acquire terminal data.
可选的,第三方应用服务器获取用于第三方应用服务器获取终端的数据的验证信息之后,可以利用该验证信息从网络设备处获取终端的数据。具体包括如下S208至S209:Optionally, after the third-party application server acquires the verification information for the third-party application server to acquire the data of the terminal, the verification information may be used to acquire the data of the terminal from the network device. Specifically, it includes the following S208 to S209:
S208、第三方应用服务器向网络设备发送第二消息,第二消息携带用于第三方应用服务器获取终端的数据的验证信息。S208: The third-party application server sends a second message to the network device, where the second message carries verification information for the third-party application server to acquire data of the terminal.
可选的,第二消息包括终端的标识和第三方应用服务器的标识。第二消息用于指示请求网络设备向第三方应用服务器发送终端的数据。Optionally, the second message includes the identifier of the terminal and the identifier of the third-party application server. The second message is used to instruct the requesting network device to send data of the terminal to the third-party application server.
S209、网络设备向第三方应用服务器发送终端的数据。S209, the network device sends data of the terminal to the third-party application server.
网络设备接收到第二消息后,匹配第二消息携带的验证信息与自身保存的授权信息。当匹配成功时,网络设备确定终端允许第三方应用服务器获取终端的数据,然后向第三方应用服务器发送终端的数据。After receiving the second message, the network device matches the authentication information carried in the second message with the authorization information stored by itself. When the matching is successful, the network device determines that the terminal allows the third-party application server to obtain the data of the terminal, and then sends the data of the terminal to the third-party application server.
可选的,图2所示的方法中还包括确定验证信息无效的方法,验证信息是指用于第三方应用服务器获取终端的数据的验证信息。确定验证信息无效后,第三方应用服务器将无法通过无效的验证信息从网络设备出获取终端的数据。本发明实施例中确定验证信息无效的方法包括如下方法一和方法二:Optionally, the method shown in FIG. 2 further includes a method for determining that the verification information is invalid, and the verification information refers to the verification information used by the third-party application server to obtain the data of the terminal. After it is determined that the verification information is invalid, the third-party application server will not be able to obtain the terminal data from the network device through the invalid verification information. The method for determining that the verification information is invalid in the embodiment of the present invention includes the following method 1 and method 2:
方法一:若S205中终端向网络设备发送的通知消息中还包括:终端允许第三方应用服务器获取终端的数据的时间长度,则确定验证信息无效的方法包括如下S210至S211:Method 1: If the notification message sent by the terminal to the network device in S205 further includes: the length of time that the terminal allows the third-party application server to obtain the data of the terminal, the method for determining that the verification information is invalid includes the following S210 to S211:
S210、以网络设备确定终端允许第三方应用服务器获取终端的数据的时刻为起始时刻,当持续时间超过时间长度时,网络设备确定验证信息无效。S210. Take the time when the network device determines that the terminal allows the third-party application server to obtain the data of the terminal as the starting time, and when the duration exceeds the time length, the network device determines that the verification information is invalid.
例如,网络设备通过设置定时器,判断以网络设备确定终端允许第三方应用服务器获取终端的数据的时刻为起始时刻,持续时间是否超过所述时间长度,进而确定所述验证信息是否无效。For example, by setting a timer, the network device determines whether the verification information is invalid based on the time when the network device determines that the terminal allows the third-party application server to obtain the terminal's data as the starting time, and whether the duration exceeds the time length.
可选的,网络设备删除自身保存的、包括该无效的验证信息的授权信息,该授权信息包括终端的标识、第三方应用服务器的标识以及用于第三方应用服务器获取终端的数据的验证信息之间的关联信息。Optionally, the network device deletes the authorization information stored by itself and includes the invalid verification information, and the authorization information includes the identification of the terminal, the identification of the third-party application server, and the verification information used by the third-party application server to obtain the data of the terminal. related information.
S211、网络设备向第三方应用服务器发送用于指示验证信息无效的通知消息。S211. The network device sends a notification message to a third-party application server to indicate that the verification information is invalid.
可选的,第三方应用服务器接收到S211中网络设备发送的通知消息后,第三方应用服务器删除自身保存的、包括该无效的验证信息的授权信息,该授权信息包括终端的标识和用于第三方应用服务器获取终端的数据的验证信息之间的关联信息。Optionally, after the third-party application server receives the notification message sent by the network device in S211, the third-party application server deletes the authorization information stored by itself and includes the invalid verification information, and the authorization information includes the identifier of the terminal and the authorization information used for the third-party application server. The third-party application server obtains the association information between the verification information of the data of the terminal.
方法二:确定验证信息无效的方法包括如下S212至S214:Method 2: The method for determining that the verification information is invalid includes the following S212 to S214:
S212、终端向网络设备发送用于指示终端不允许第三方应用服务器获取终端的数据的通知消息。S212. The terminal sends a notification message to the network device to instruct the terminal not to allow the third-party application server to acquire data of the terminal.
S213、网络设备确定验证信息无效。S213, the network device determines that the verification information is invalid.
网络设备确定验证信息无效后,执行的操作与方法一S210中网络设备确定验证信息无效后的操作相同,即:After the network device determines that the verification information is invalid, the operations performed are the same as the operations performed by the network device after the network device determines that the verification information is invalid in method 1 S210, namely:
可选的,网络设备删除自身保存的、包括该无效的验证信息的授权信息,该授权信息包括终端的标识、第三方应用服务器的标识以及用于第三方应用服务器获取终端的数据的验证信息之间的关联信息。Optionally, the network device deletes the authorization information stored by itself and includes the invalid verification information, and the authorization information includes the identification of the terminal, the identification of the third-party application server, and the verification information used by the third-party application server to obtain the data of the terminal. related information.
S214、网络设备向第三方应用服务器发送用于指示验证信息无效的通知消息。S214: The network device sends a notification message to the third-party application server for indicating that the verification information is invalid.
可选的,第三方应用服务器接收到S211中网络设备发送的通知消息后,第三方应用服务器删除自身保存的、包括该无效的验证信息的授权信息,该授权信息包括终端的标识和用于第三方应用服务器获取终端的数据的验证信息之间的关联信息。Optionally, after the third-party application server receives the notification message sent by the network device in S211, the third-party application server deletes the authorization information stored by itself and includes the invalid verification information, and the authorization information includes the identifier of the terminal and the authorization information used for the third-party application server. The third-party application server obtains the association information between the verification information of the data of the terminal.
下面通过举例说明本发明实施例提供的一种终端数据开放控制方法。The following describes a terminal data opening control method provided by an embodiment of the present invention by using an example.
举例说明一:终端通过浏览器访问第三方应用服务器,第三方应用服务器与网络设备之间的交互需要通过浏览器的重定向机制来实现。如图3所示,本发明实施例提供的一种终端数据开放控制方法如下:Example 1: The terminal accesses the third-party application server through the browser, and the interaction between the third-party application server and the network device needs to be realized through the redirection mechanism of the browser. As shown in FIG. 3 , a terminal data opening control method provided by an embodiment of the present invention is as follows:
S301、终端通过浏览器访问第三方应用服务器。S301. The terminal accesses a third-party application server through a browser.
S302、第三方应用服务器确定第三方应用服务器需要获取终端的数据。S302. The third-party application server determines that the third-party application server needs to obtain data of the terminal.
S303、第三方应用服务器通过浏览器的重定向机制向网络设备发送第一消息,第一消息用于请求终端允许第三方应用服务器获取终端的数据。S303. The third-party application server sends a first message to the network device through the redirection mechanism of the browser, where the first message is used to request the terminal to allow the third-party application server to acquire data of the terminal.
在终端通过浏览器访问第三方应用服务器的应用场景中,浏览器能够与第三方应用服务器直接通信,浏览器也能够与网络设备直接通信,而第三方应用服务器与网络设备之间互相没有保存对端的地址信息,第三方应用服务器与网络设备之间不能够直接通信。浏览器的重定向机制是指,第三方应用服务器与网络设备中任意一端向对端发送消息时,需要通过浏览器转发消息来实现通信。In the application scenario in which the terminal accesses the third-party application server through the browser, the browser can communicate directly with the third-party application server, and the browser can also communicate directly with the network device, while the third-party application server and the network device do not save the relationship between each other. The address information of the terminal cannot be communicated directly between the third-party application server and the network device. The redirection mechanism of the browser means that when any one end of the third-party application server and the network device sends a message to the opposite end, the browser needs to forward the message to realize the communication.
S304、网络设备向终端发送用于请求指示终端是否允许第三方应用服务器获取终端的数据的请求消息。S304: The network device sends a request message to the terminal for requesting to indicate whether the terminal allows a third-party application server to acquire data of the terminal.
S305、终端向网络设备发送用于指示终端允许第三方服务器获取终端的数据的通知消息。S305: The terminal sends a notification message to the network device for instructing the terminal to allow the third-party server to acquire data of the terminal.
可选的,该通知消息还包括终端允许第三方应用服务器获取终端的数据的时间长度。Optionally, the notification message further includes the length of time that the terminal allows the third-party application server to acquire the data of the terminal.
S306、网络设备确定用于第三方应用服务器获取终端的数据的验证信息。S306: The network device determines verification information for the third-party application server to acquire data of the terminal.
在终端通过浏览器访问第三方应用服务器的应用场景中,网络设备配置用于第三方应用服务器获取终端的数据的验证信息。In the application scenario where the terminal accesses the third-party application server through the browser, the network device is configured for the third-party application server to obtain the authentication information of the terminal's data.
S307、网络设备将用于第三方应用服务器获取终端的数据的验证信息,通过浏览器的重定向机制发送给第三方应用服务器。S307 , the network device sends the verification information used by the third-party application server to obtain the data of the terminal to the third-party application server through the redirection mechanism of the browser.
可选的,第三方应用服务器获取用于第三方应用服务器获取终端的数据的验证信息之后,可以利用该验证信息从网络设备处获取终端的数据。具体包括如下S308至S309:Optionally, after the third-party application server acquires the verification information for the third-party application server to acquire the data of the terminal, the verification information may be used to acquire the data of the terminal from the network device. Specifically, it includes the following S308 to S309:
S308、第三方应用服务器通过浏览器的重定向机制向网络设备发送第二消息,第二消息携带用于第三方应用服务器获取终端的数据的验证信息。S308: The third-party application server sends a second message to the network device through the redirection mechanism of the browser, where the second message carries verification information for the third-party application server to acquire data of the terminal.
S309、网络设备通过浏览器的重定向机制向第三方应用服务器发送终端的数据。S309, the network device sends the data of the terminal to the third-party application server through the redirection mechanism of the browser.
可选的,图3所示的方法中还包括确定验证信息无效的方法,验证信息是指用于第三方应用服务器获取终端的数据的验证信息。确定验证信息无效后,第三方应用服务器将无法通过无效的验证信息从网络设备出获取终端的数据。图3中确定验证信息无效的方法与图2中确定验证信息无效的方法类似,区别在于,图3中第三方应用服务器与网络侧设备之间的通信需要通过浏览器重定向机制来实现。图3中不再赘述。Optionally, the method shown in FIG. 3 further includes a method for determining that the verification information is invalid, and the verification information refers to the verification information used by the third-party application server to obtain the data of the terminal. After it is determined that the verification information is invalid, the third-party application server will not be able to obtain the terminal data from the network device through the invalid verification information. The method for determining that the authentication information is invalid in FIG. 3 is similar to the method for determining that the authentication information is invalid in FIG. 2 , except that the communication between the third-party application server and the network-side device in FIG. 3 needs to be implemented through a browser redirection mechanism. No further description is given in FIG. 3 .
举例说明一中确定验证信息无效的方法包括如下方法一和方法二:For example, the methods for determining that the verification information is invalid in the first example include the following methods 1 and 2:
方法一:若S305中终端向网络设备发送的通知消息中还包括:终端允许第三方应用服务器获取终端的数据的时间长度,则确定验证信息无效的方法包括如下:Method 1: If the notification message sent by the terminal to the network device in S305 further includes: the length of time that the terminal allows the third-party application server to obtain the data of the terminal, the method for determining that the verification information is invalid includes the following:
以网络设备确定终端允许第三方应用服务器获取终端的数据的时刻为起始时刻,当持续时间超过时间长度时,网络设备确定验证信息无效。Taking the time when the network device determines that the terminal allows the third-party application server to obtain the data of the terminal as the starting time, when the duration exceeds the time length, the network device determines that the verification information is invalid.
可选的,网络设备删除自身保存的、包括该无效的验证信息的授权信息,该授权信息包括终端的标识、第三方应用服务器的标识以及用于第三方应用服务器获取终端的数据的验证信息之间的关联信息。Optionally, the network device deletes the authorization information stored by itself and includes the invalid verification information, and the authorization information includes the identification of the terminal, the identification of the third-party application server, and the verification information used by the third-party application server to obtain the data of the terminal. related information.
网络设备通过浏览器的重定向机制向第三方应用服务器发送用于指示验证信息无效的通知消息。The network device sends a notification message indicating that the authentication information is invalid to the third-party application server through the redirection mechanism of the browser.
可选的,第三方应用服务器接收到网络设备发送的指示验证信息无效的通知消息后,第三方应用服务器删除自身保存的、包括该无效的验证信息的授权信息,该授权信息包括终端的标识和用于第三方应用服务器获取终端的数据的验证信息之间的关联信息。Optionally, after the third-party application server receives a notification message sent by the network device indicating that the verification information is invalid, the third-party application server deletes the authorization information stored by itself and includes the invalid verification information, and the authorization information includes the identification of the terminal and the authorization information. Correlation information between verification information used by the third-party application server to obtain data of the terminal.
方法二:终端向网络设备发送用于指示终端不允许第三方应用服务器获取终端的数据的通知消息。Method 2: The terminal sends a notification message to the network device for instructing the terminal not to allow the third-party application server to acquire data of the terminal.
可选的,网络设备确定验证信息无效后,删除自身保存的、包括该无效的验证信息的授权信息,该授权信息包括终端的标识、第三方应用服务器的标识以及用于第三方应用服务器获取终端的数据的验证信息之间的关联信息。Optionally, after the network device determines that the verification information is invalid, it deletes the authorization information stored by itself and includes the invalid verification information, and the authorization information includes the identifier of the terminal, the identifier of the third-party application server, and the identifier used by the third-party application server to obtain the terminal. The association information between the verification information of the data.
网络设备确定验证信息无效后,网络设备通过浏览器的重定向机制向第三方应用服务器发送用于指示验证信息无效的通知消息。After the network device determines that the verification information is invalid, the network device sends a notification message for indicating that the verification information is invalid to the third-party application server through the redirection mechanism of the browser.
可选的,第三方应用服务器接收到网络设备发送的用于指示验证信息无效的通知消息后,第三方应用服务器删除自身保存的、包括该无效的验证信息的授权信息,该授权信息包括终端的标识和用于第三方应用服务器获取终端的数据的验证信息之间的关联信息。Optionally, after the third-party application server receives the notification message sent by the network device to indicate that the verification information is invalid, the third-party application server deletes the authorization information stored by itself and includes the invalid verification information, and the authorization information includes the terminal's authorization information. The association information between the identifier and the verification information used by the third-party application server to obtain the terminal's data.
举例说明二:终端上安装有第三方应用,终端通过安装的第三方应用访问第三方应用服务器,并且终端上安装有网络设备的SDK。在此应用场景中,终端生成用于第三方应用服务器获取终端的数据的验证信息,终端将该验证信息发送给网络设备。如图4所示,本发明实施例提供的一种终端数据开放控制方法如下:Example 2: A third-party application is installed on the terminal, the terminal accesses the third-party application server through the installed third-party application, and the SDK of the network device is installed on the terminal. In this application scenario, the terminal generates verification information for a third-party application server to acquire data of the terminal, and the terminal sends the verification information to the network device. As shown in FIG. 4 , a terminal data opening control method provided by an embodiment of the present invention is as follows:
S401、终端通过安装的第三方应用访问第三方应用服务器。S401. The terminal accesses a third-party application server through an installed third-party application.
S402、第三方应用服务器确定第三方应用服务器需要获取终端的数据。S402. The third-party application server determines that the third-party application server needs to obtain data of the terminal.
S403、第三方应用服务器向网络设备发送第一消息,第一消息用于请求终端允许第三方应用服务器获取终端的数据。S403. The third-party application server sends a first message to the network device, where the first message is used to request the terminal to allow the third-party application server to acquire data of the terminal.
S404、网络设备向终端发送用于请求指示终端是否允许第三方应用服务器获取终端的数据的请求消息。S404: The network device sends a request message to the terminal for requesting to indicate whether the terminal allows a third-party application server to acquire data of the terminal.
S405、终端向网络设备发送用于指示终端允许第三方服务器获取终端的数据的通知消息,该通知消息携带用于第三方应用服务器获取终端的数据的验证信息。S405: The terminal sends a notification message to the network device for instructing the terminal to allow the third-party server to acquire data of the terminal, where the notification message carries verification information for the third-party application server to acquire the data of the terminal.
可选的,该通知消息还包括终端允许第三方应用服务器获取终端的数据的时间长度。Optionally, the notification message further includes the length of time that the terminal allows the third-party application server to acquire the data of the terminal.
S406、网络设备保存用于第三方应用服务器获取终端的数据的验证信息。S406, the network device saves the verification information for the third-party application server to obtain the data of the terminal.
S407、网络设备将用于第三方应用服务器获取终端的数据的验证信息发送给第三方应用服务器。S407: The network device sends the verification information used by the third-party application server to obtain the data of the terminal to the third-party application server.
可选的,第三方应用服务器获取用于第三方应用服务器获取终端的数据的验证信息之后,可以利用该验证信息从网络设备处获取终端的数据。具体包括如下S408至S409:Optionally, after the third-party application server acquires the verification information for the third-party application server to acquire the data of the terminal, the verification information may be used to acquire the data of the terminal from the network device. Specifically, it includes the following S408 to S409:
S408、第三方应用服务器向网络设备发送第二消息,第二消息携带用于第三方应用服务器获取终端的数据的验证信息。S408: The third-party application server sends a second message to the network device, where the second message carries verification information for the third-party application server to acquire data of the terminal.
S409、网络设备向第三方应用服务器发送终端的数据。S409, the network device sends data of the terminal to the third-party application server.
可选的,图4所示的方法中还包括确定验证信息无效的方法,图4中确定验证信息无效的方法与图2中确定验证信息无效的方法相同,此处不再赘述。Optionally, the method shown in FIG. 4 further includes a method for determining that the verification information is invalid. The method for determining that the verification information is invalid in FIG. 4 is the same as the method for determining that the verification information is invalid in FIG. 2 , and details are not repeated here.
举例说明三:终端上安装有第三方应用,终端通过安装的第三方应用访问第三方应用服务器,但终端上没有安装网络设备的SDK。在此应用场景中,由网络设备生成用于第三方应用服务器获取终端的数据的验证信息。如图5所示,本发明实施例提供的一种终端数据开放控制方法如下:Example 3: A third-party application is installed on the terminal, and the terminal accesses the third-party application server through the installed third-party application, but the SDK of the network device is not installed on the terminal. In this application scenario, the verification information for the third-party application server to obtain the terminal data is generated by the network device. As shown in FIG. 5 , a terminal data opening control method provided by an embodiment of the present invention is as follows:
S501、终端通过安装的第三方应用访问第三方应用服务器。S501. The terminal accesses a third-party application server through an installed third-party application.
S502、第三方应用服务器确定第三方应用服务器需要获取终端的数据。S502. The third-party application server determines that the third-party application server needs to obtain data of the terminal.
S503、第三方应用服务器向网络设备发送第一消息,第一消息用于请求终端允许第三方应用服务器获取终端的数据。S503. The third-party application server sends a first message to the network device, where the first message is used to request the terminal to allow the third-party application server to acquire data of the terminal.
S504、网络设备向终端发送用于请求指示终端是否允许第三方应用服务器获取终端的数据的请求消息。S504: The network device sends a request message to the terminal for requesting to indicate whether the terminal allows a third-party application server to acquire data of the terminal.
S505、终端向网络设备发送用于指示终端允许第三方服务器获取终端的数据的通知消息。S505. The terminal sends a notification message to the network device for instructing the terminal to allow the third-party server to acquire data of the terminal.
可选的,该通知消息还包括终端允许第三方应用服务器获取终端的数据的时间长度。Optionally, the notification message further includes the length of time that the terminal allows the third-party application server to acquire the data of the terminal.
S506、网络设备生成用于第三方应用服务器获取终端的数据的验证信息。S506. The network device generates verification information for the third-party application server to acquire data of the terminal.
S507、网络设备将用于第三方应用服务器获取终端的数据的验证信息发送给第三方应用服务器。S507: The network device sends the verification information used by the third-party application server to obtain the terminal data to the third-party application server.
可选的,第三方应用服务器获取用于第三方应用服务器获取终端的数据的验证信息之后,可以利用该验证信息从网络设备处获取终端的数据。具体包括如下S508至S509:Optionally, after the third-party application server acquires the verification information for the third-party application server to acquire the data of the terminal, the verification information may be used to acquire the data of the terminal from the network device. Specifically, it includes the following S508 to S509:
S508、第三方应用服务器向网络设备发送第二消息,第二消息携带用于第三方应用服务器获取终端的数据的验证信息。S508: The third-party application server sends a second message to the network device, where the second message carries verification information for the third-party application server to acquire data of the terminal.
S509、网络设备向第三方应用服务器发送终端的数据。S509, the network device sends data of the terminal to the third-party application server.
可选的,图5所示的方法中还包括确定验证信息无效的方法,图5中确定验证信息无效的方法与图2中确定验证信息无效的方法相同,此处不再赘述。Optionally, the method shown in FIG. 5 further includes a method for determining that the verification information is invalid. The method for determining that the verification information is invalid in FIG. 5 is the same as the method for determining that the verification information is invalid in FIG. 2 , and details are not repeated here.
本发明实施例中提供的技术方案中,第三方应用服务器需要获得终端的隐私数据时,网络设备在得到终端允许后为第三方应用服务器提供终端的隐私数据,进而实现MBB网络安全地为第三方应用服务器开放终端的隐私数据。同时,避免第三方应用服务器需要获得终端的隐私数据时,第三方应用服务器需要分别得到网络设备的允许和终端的允许,通过本发明实施例中提供的技术方案能降低网络设备为第三方应用服务器提供终端的隐私数据时过程的复杂度。In the technical solution provided in the embodiment of the present invention, when the third-party application server needs to obtain the private data of the terminal, the network device provides the private data of the terminal for the third-party application server after obtaining the permission of the terminal, thereby realizing the MBB network security for the third-party application server. The application server opens the private data of the terminal. At the same time, when the third-party application server needs to obtain the private data of the terminal, the third-party application server needs to obtain the permission of the network device and the permission of the terminal respectively. The technical solution provided in the embodiment of the present invention can reduce the network device being the third-party application server. The complexity of the process when providing the terminal's private data.
基于以上实施例,本发明实施例还提供了一种网络设备,该网络设备可以采用图2对应的实施例提供中网络设备对应的方法,参阅图6所示,该网络设备600包括:接收单元601、处理单元602和发送单元603。Based on the above embodiments, an embodiment of the present invention further provides a network device, which can adopt the method corresponding to the network device provided in the embodiment corresponding to FIG. 2 . Referring to FIG. 6 , the
接收单元601,用于接收第三方应用服务器发送的第一消息,第一消息用于请求终端允许第三方应用服务器获取终端的数据;A receiving
处理单元602,用于确定终端允许第三方应用服务器获取终端的数据;确定用于第三方应用服务器获取终端的数据的验证信息;A
发送单元603,用于将处理单元602确定的验证信息发送给第三方应用服务器。The sending
可选的,处理单元602确定用于第三方应用服务器获取终端的数据的验证信息时,具体用于:Optionally, when the
配置用于第三方应用服务器获取终端的数据的验证信息;或者Configure the authentication information used by the third-party application server to obtain the terminal's data; or
接收单元601还用于:接收终端发送的用于第三方应用服务器获取终端的数据的验证信息;The receiving
处理单元602确定用于第三方应用服务器获取终端的数据的验证信息时,具体用于:When the
将接收单元601接收的验证信息确定为用于第三方应用服务器获取终端的数据的验证信息。The verification information received by the receiving
可选的,接收单元601还用于:Optionally, the receiving
接收第三方应用服务器发送的第二消息,第二消息携带验证信息;receiving a second message sent by a third-party application server, where the second message carries verification information;
发送单元603还用于:The sending
向第三方应用服务器发送终端的数据。Send terminal data to a third-party application server.
可选的,处理单元602确定终端允许第三方应用服务器获取终端的数据之后,还用于:Optionally, after the
确定终端允许第三方应用服务器获取终端的数据的时间长度;Determine the length of time that the terminal allows the third-party application server to obtain the data of the terminal;
以处理单元602确定终端允许第三方应用服务器获取终端的数据的时刻为起始时刻,当持续时间超过时间长度时,确定验证信息无效;Taking the time when the
发送单元603还用于:The sending
向第三方应用服务器发送用于指示验证信息无效的通知消息。Send a notification message to the third-party application server to indicate that the authentication information is invalid.
可选的,处理单元602确定终端允许第三方应用服务器获取终端的数据之后,还用于:Optionally, after the
确定终端不允许第三方应用服务器获取终端的数据时,确定验证信息无效;When it is determined that the terminal does not allow the third-party application server to obtain the data of the terminal, it is determined that the verification information is invalid;
发送单元603还用于:The sending
向第三方应用服务器发送用于指示验证信息无效的通知消息。Send a notification message to the third-party application server to indicate that the authentication information is invalid.
可选的,终端的数据包括终端的隐私数据。Optionally, the data of the terminal includes private data of the terminal.
基于以上实施例,本发明实施例还提供了一种第三方应用服务器,该第三方应用服务器可以采用图2对应的实施例提供中第三方应用服务器对应的方法,参阅图7所示,该第三方应用服务器700包括:发送单元701、接收单元702和处理单元703。Based on the above embodiments, an embodiment of the present invention further provides a third-party application server, which may adopt the method corresponding to the third-party application server provided in the embodiment corresponding to FIG. 2 . Referring to FIG. 7 , the third-party application server The third-
发送单元701,用于向网络设备发送第一消息,第一消息用于请求终端允许第三方应用服务器获取终端的数据;A sending
接收单元702,用于接收网络设备发送的验证信息,验证信息用于第三方应用服务器获取终端的数据。The receiving
可选的,还包括:Optionally, also include:
处理单元703,用于在发送单元701向网络设备发送第一消息之前,通过终端访问第三方应用服务器,确定第三方应用服务器需要获取终端的数据。The
可选的,发送单元701还用于:Optionally, the sending
在接收单元702接收网络设备发送的验证信息之后,向网络设备发送第二消息,第二消息携带验证信息;After receiving the verification information sent by the network device, the receiving
接收单元702还用于:The receiving
接收网络设备发送的终端的数据。Receive terminal data sent by network equipment.
可选的,接收单元702还用于:Optionally, the receiving
在接收网络设备发送的验证信息之后,接收网络设备发送的用于指示验证信息无效的通知消息。After receiving the verification information sent by the network device, receive a notification message sent by the network device to indicate that the verification information is invalid.
可选的,终端的数据包括终端的隐私数据。Optionally, the data of the terminal includes private data of the terminal.
基于以上实施例,本发明实施例还提供了一种终端,该终端可以采用图2对应的实施例提供中终端对应的方法,参阅图8所示,该终端800包括:处理单元801和发送单元802。Based on the above embodiments, an embodiment of the present invention further provides a terminal, which can adopt the method corresponding to the terminal provided in the embodiment corresponding to FIG. 2 . Referring to FIG. 8 , the terminal 800 includes: a
处理单元801,用于确定终端允许第三方应用服务器获取终端的数据;A
发送单元802,用于向网络设备发送用于指示终端允许第三方服务器获取终端的数据的通知消息。The sending
可选的,发送单元802还用于:Optionally, the sending
将用于第三方应用服务器获取终端的数据的验证信息发送给网络设备。Send the verification information for the third-party application server to obtain the terminal's data to the network device.
可选的,发送单元802还用于:Optionally, the sending
将终端允许第三方应用服务器获取终端的数据的时间长度发送给网络设备。Send the length of time that the terminal allows the third-party application server to obtain the data of the terminal to the network device.
可选的,发送单元802还用于:Optionally, the sending
在向网络设备发送用于指示终端允许第三方服务器获取终端的数据的通知消息之后,向网络设备发送用于指示终端不允许第三方应用服务器获取终端的数据的通知消息。After sending a notification message for instructing the terminal to allow the third-party server to acquire data of the terminal to the network device, a notification message for instructing the terminal to not allow the third-party application server to acquire the data of the terminal is sent to the network device.
可选的,终端的数据包括终端的隐私数据。Optionally, the data of the terminal includes private data of the terminal.
基于以上实施例,本发明实施例还提供了一种终端数据开放控制系统,参阅图9所示,该终端数据开放控制系统900包括:网络设备901、第三方应用服务器902以及终端903。其中,网络设备901可以是与图6所示的网络设备相同的设备,第三方应用服务器902可以是与图7所示的第三方应用服务器相同的设备,终端903可以是与图8所示的终端相同的设备。Based on the above embodiments, an embodiment of the present invention further provides a terminal data opening control system. Referring to FIG. 9 , the terminal data opening
需要说明的是,本发明实施例中对单元的划分是示意性的,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式。另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。It should be noted that, the division of units in the embodiment of the present invention is schematic, and is only a logical function division, and there may be other division manners in actual implementation. In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit. The above-mentioned integrated units may be implemented in the form of hardware, or may be implemented in the form of software functional units.
集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)或处理器(processor)执行本申请各个实施例方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。The integrated unit, if implemented as a software functional unit and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solutions of the present application can be embodied in the form of software products in essence, or the parts that contribute to the prior art, or all or part of the technical solutions, and the computer software products are stored in a storage medium , including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (processor) to execute all or part of the steps of the methods in the various embodiments of the present application. The aforementioned storage medium includes: U disk, mobile hard disk, Read-Only Memory (ROM, Read-Only Memory), Random Access Memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program codes .
基于以上实施例,本发明实施例还提供了一种网络设备,该网络设备可采用图2对应的实施例中网络设备对应的方法,可以是与图6所示的网络设备相同的设备。参阅图10所示,该网络设备1000包括:接收器1001、处理器1002、发射器1003、总线1004以及存储器1005,其中:Based on the above embodiments, an embodiment of the present invention further provides a network device, which may adopt the method corresponding to the network device in the embodiment corresponding to FIG. 2 , and may be the same device as the network device shown in FIG. 6 . Referring to FIG. 10, the
接收器1001对应图6中的接收单元601,处理器1002对应图6中的处理单元602,发射器1003对应图6中的发送单元603。该网络设备1000还包括存储器1005,用于存放程序等。具体地,程序可以包括程序代码,该程序代码包括计算机操作指令。存储器1005可能包含随机存取存储器(random access memory,RAM),也可能还包括非易失性存储器(non-volatile memory),例如至少一个磁盘存储器。处理器1002执行存储器1005所存放的应用程序,实现如上终端数据开放控制方法。The
接收器1001、处理器1002、发射器1003以及存储器1005通过总线1004相互连接;总线1004可以是外设部件互连标准(peripheral component interconnect,简称PCI)总线或扩展工业标准结构(extended industry standard architecture,简称EISA)总线等。总线可以分为地址总线、数据总线、控制总线等。为便于表示,图10中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。The
基于以上实施例,本发明实施例还提供了一种第三方应用服务器,该第三方应用服务器可采用图2对应的实施例中第三方应用服务器对应的方法,可以是与图7所示的第三方应用服务器相同的设备。参阅图11所示,该第三方应用服务器1100包括:发射器1101、接收器1102、处理器1103、总线1104以及存储器1105,其中:Based on the above embodiments, an embodiment of the present invention further provides a third-party application server, and the third-party application server may adopt the method corresponding to the third-party application server in the embodiment corresponding to FIG. The same device as the third-party application server. 11, the third-
发射器1101对应图7中的发送单元701,接收器1102对应图7中的接收单元702,处理器1103对应图7中的处理单元703。该第三方应用服务器1100还包括存储器1105,用于存放程序等。具体地,程序可以包括程序代码,该程序代码包括计算机操作指令。存储器1105可能包含RAM,也可能还包括非易失性存储器,例如至少一个磁盘存储器。处理器1103执行存储器1105所存放的应用程序,实现如上终端数据开放控制方法。The
发射器1101、接收器1102、处理器1103以及存储器1105通过总线1104相互连接;总线1104可以是PCI总线或EISA总线等。总线可以分为地址总线、数据总线、控制总线等。为便于表示,图11中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。The
基于以上实施例,本发明实施例还提供了一种终端,该终端可采用图2对应的实施例中终端对应的方法,可以是与图8所示的终端相同的设备。参阅图12所示,该终端1200包括:处理器1201、发射器1202、接收器1203、总线1204以及存储器1205,其中:Based on the above embodiments, an embodiment of the present invention further provides a terminal, which may adopt the method corresponding to the terminal in the embodiment corresponding to FIG. 2 , and may be the same device as the terminal shown in FIG. 8 . Referring to FIG. 12, the terminal 1200 includes: a
处理器1201对应图8中的处理单元801,发射器1202对应图8中的发送单元802。该终端1200还包括接收器1203,用于接收其他设备发送给终端1200的消息。该终端1200还包括存储器1205,用于存放程序等。具体地,程序可以包括程序代码,该程序代码包括计算机操作指令。存储器1205可能包含RAM,也可能还包括非易失性存储器,例如至少一个磁盘存储器。处理器1201执行存储器1205所存放的应用程序,实现如上终端数据开放控制方法。The
处理器1201、发射器1202、接收器1203以及存储器1205通过总线1204相互连接;总线1204可以是PCI总线或EISA总线等。总线可以分为地址总线、数据总线、控制总线等。为便于表示,图12中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。The
尽管已描述了本发明的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本发明范围的所有变更和修改。Although preferred embodiments of the present invention have been described, additional changes and modifications to these embodiments may occur to those skilled in the art once the basic inventive concepts are known. Therefore, the appended claims are intended to be construed to include the preferred embodiment and all changes and modifications that fall within the scope of the present invention.
显然,本领域的技术人员可以对本发明实施例进行各种改动和变型而不脱离本发明实施例的精神和范围。这样,倘若本发明实施例的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the embodiments of the present invention without departing from the spirit and scope of the embodiments of the present invention. Thus, provided that these modifications and variations of the embodiments of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (29)
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2016/072780 WO2017128293A1 (en) | 2016-01-29 | 2016-01-29 | Method and system for controlling terminal data opening |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107251506A CN107251506A (en) | 2017-10-13 |
| CN107251506B true CN107251506B (en) | 2020-08-25 |
Family
ID=59397223
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201680010626.8A Active CN107251506B (en) | 2016-01-29 | 2016-01-29 | Terminal data opening control method and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN107251506B (en) |
| WO (1) | WO2017128293A1 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US12078509B1 (en) | 2023-04-25 | 2024-09-03 | T-Mobile Usa, Inc. | Location clustering and routing for 5G drive testing |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7956735B2 (en) * | 2006-05-15 | 2011-06-07 | Cernium Corporation | Automated, remotely-verified alarm system with intrusion and video surveillance and digital video recording |
| CN101309439B (en) * | 2007-05-16 | 2012-06-20 | 华为技术有限公司 | Transmission method of fusion message capability center and fusion message service |
| US8474017B2 (en) * | 2010-07-23 | 2013-06-25 | Verizon Patent And Licensing Inc. | Identity management and single sign-on in a heterogeneous composite service scenario |
| US8544068B2 (en) * | 2010-11-10 | 2013-09-24 | International Business Machines Corporation | Business pre-permissioning in delegated third party authorization |
| CN102946396B (en) * | 2012-11-26 | 2015-09-16 | 北京奇虎科技有限公司 | User agent's device, host web server and user authen method |
| CN103347002B (en) * | 2013-06-13 | 2016-10-26 | 百度在线网络技术(北京)有限公司 | Socialization's login method, system and device |
| CN103401686B (en) * | 2013-07-31 | 2016-08-10 | 陕西海基业高科技实业有限公司 | A kind of user's OTP WEB Authentication System and application process thereof |
| CN104038541A (en) * | 2014-06-03 | 2014-09-10 | 北京天泰北斗科技有限公司 | Personal data information sharing system and personal data information sharing method capable of limiting time length |
| CN104486726B (en) * | 2014-12-18 | 2015-09-16 | 东南大学 | A kind of user of protection looks forward to the prospect the extensive method in road network environment position of location privacy |
-
2016
- 2016-01-29 CN CN201680010626.8A patent/CN107251506B/en active Active
- 2016-01-29 WO PCT/CN2016/072780 patent/WO2017128293A1/en not_active Ceased
Also Published As
| Publication number | Publication date |
|---|---|
| CN107251506A (en) | 2017-10-13 |
| WO2017128293A1 (en) | 2017-08-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10356588B2 (en) | Network access method, device, and system | |
| CN111949974B (en) | Authentication method, device, computer equipment and storage medium | |
| JP6687636B2 (en) | Services-Efficient policy enforcement using network tokens for user plane approaches | |
| CN110611723B (en) | Scheduling method and device of service resources | |
| US9843575B2 (en) | Wireless network authentication method and wireless network authentication apparatus | |
| CN108293223B (en) | Data transmission method, user equipment and network side equipment | |
| KR102219061B1 (en) | Method and device and communication system for obtaining a key | |
| KR20210134816A (en) | Processing electronic tokens | |
| CN106790267A (en) | A kind of method and apparatus of access server operating system | |
| WO2015007231A1 (en) | Method and device for identification of malicious url | |
| CN103581201A (en) | Authentication and authorization method and device | |
| CN105162802B (en) | Portal authentication method and certificate server | |
| CN108400953A (en) | Control terminal is surfed the Internet and the method for terminal online, router device and terminal | |
| CN111355575A (en) | Communication encryption method, electronic device and readable storage medium | |
| CN105165035B (en) | Multimedia Messaging with Text Messaging | |
| US9686239B2 (en) | Secure data transmission | |
| CN107872445B (en) | Access authentication method, device and authentication system | |
| CN109729000B (en) | Instant messaging method and device | |
| CN107251506B (en) | Terminal data opening control method and system | |
| CN106912049B (en) | Method for improving user authentication experience | |
| CN105577609B (en) | Method and apparatus for controlling accessed content | |
| CN110418343B (en) | Paging method, network equipment and terminal | |
| KR102344352B1 (en) | Access Denial Method, Apparatus, and System, and Storage Media and Processor | |
| CN111866835A (en) | A kind of network configuration sharing method, device and computer readable storage medium | |
| CN106851639B (en) | Methods and Access Points for Accessing WiFi |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |