DATA PROCESSING METHOD AND APPARATUS BASED ON MOBILE APPLICATION ENTRANCE AND SYSTEM

US 20170264610A1
Filed: 05/30/2017
Published: 09/14/2017
Est. Priority Date: 06/09/2015
Status: Active Grant

First Claim

Patent Images

1. A data processing method performed at a computer system having one or more processors and memory for storing a plurality of programs managing application programming interfaces (APIs) and mobile application entrances, the method comprising:

receiving an application programming interface invocation request initiated by an application system, the API invocation request carrying an identifier of a mobile application entrance to which the application system belongs, an application system identifier, and first authentication information;

obtaining permission information corresponding to the application system according to the identifier of the mobile application entrance and the application system identifier;

performing authentication on the API invocation request according to the permission information and the first authentication information;

sending an authentication succeeded result to the application system in accordance with a determination that the authentication succeeds, so that the application system invokes one of the APIs for data processing; and

sending an authentication failed result to the application system in accordance with a determination that the authentication fails.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data processing method is performed at a computer system managing application programming interfaces (APIs) and mobile application entrances. An API invocation request initiated by an application system is received by the computer system, permission information corresponding to the application system is obtained according to an identifier of the mobile application entrance and an application system identifier that are carried in the API invocation request, then authentication is performed on the API invocation request according to the permission information and first authentication information carried in the API invocation request, and the application system is allowed to invoke an API for data processing when the authentication succeeds, so that internal data corruption caused due to that each application system at a mobile application entrance randomly invoke the API is avoided, thereby implementing uniform management on the internal data, greatly strengthening data security, and facilitating API interface expansion.

9 Citations

18 Claims

1. A data processing method performed at a computer system having one or more processors and memory for storing a plurality of programs managing application programming interfaces (APIs) and mobile application entrances, the method comprising:
- receiving an application programming interface invocation request initiated by an application system, the API invocation request carrying an identifier of a mobile application entrance to which the application system belongs, an application system identifier, and first authentication information;
  
  obtaining permission information corresponding to the application system according to the identifier of the mobile application entrance and the application system identifier;
  
  performing authentication on the API invocation request according to the permission information and the first authentication information;
  
  sending an authentication succeeded result to the application system in accordance with a determination that the authentication succeeds, so that the application system invokes one of the APIs for data processing; and
  
  sending an authentication failed result to the application system in accordance with a determination that the authentication fails.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, wherein the operation of obtaining permission information corresponding to the application system according to the identifier of the mobile application entrance and the application system identifier comprises:
    - obtaining a corresponding permission information set from a preset database according to the identifier of the mobile application entrance; and
      
      obtaining permission information corresponding to the application system from the permission information set according to the application system identifier.
  - 3. The method according to claim 1, further comprising:
    - receiving an operation message sent by a user, the operation message carrying a user identifier and an operation instruction;
      
      determining a corresponding application system by searching a preset address book according to the user identifier; and
      
      forwarding the operation message to the application system, so that the application system performs data processing according to the operation instruction.
  - 4. The method according to claim 3, wherein the operation message is encrypted, and the method further comprising:
    - before determining a corresponding application system by searching a preset address book according to the user identifier, decrypting the operation message, to extract the user identifier and the operation instruction.
  - 5. The method according to claim 3, the method further comprises:
    - after forwarding the operation message to the application system,receiving an operation response returned by the application system; and
      
      sending the operation response to the user.
  - 6. The method according to claim 1, wherein the computer system stores an address book of an organization associated with the application system, the method further comprising:
    - obtaining an address book synchronization message from the application system, the address book synchronization message carrying second authentication information; and
      
      synchronizing the address book according to the address book synchronization message when it is determined that the authentication succeeds according to the second authentication information.
  - 7. The method according to claim 6, wherein the operation of synchronizing the address book according to the address book synchronization message comprises:
    - obtaining latest organization information from the application system according to the synchronization message, the latest organization information including organization structure information and user information under an organization structure;
      
      synchronizing organization structure information in the address book on the basis of the organization structure information in the organization information; and
      
      synchronizing user information in the address book on the basis of the user information in the organization information.
  - 8. The method according to claim 7, wherein the operation of synchronizing organization structure information in the address book on the basis of the organization structure information in the organization information comprises:
    - obtaining a mapping between a department identifier of each department under the organization structure and a department mobile service identifier; and
      
      performing updating, insertion, and/or deletion on the organization structure information in the address book on the basis of the organization structure information in the organization information and the mapping.
  - 9. The method according to claim 7, wherein the operation of synchronizing user information in the address book on the basis of the user information in the organization information comprises:
    - determining a to-be-processed user queue according to the user information in the organization information and user information in the address book; and
      
      performing updating, insertion, and/or deletion on the user information in the address book according to the to-be-processed user queue.

10. A computer system, comprising:
- one or more processors;
  
  memory;
  
  a plurality of programs stored in the memory and configured to manage application programming interfaces (APIs) and mobile application entrances, wherein the plurality of programs further include;
  
  a receiving unit, configured to receive an application programming interface invocation request initiated by an application system, the API invocation request carrying an identifier of a mobile application entrance to which the application system belongs, an application system identifier, and first authentication information;
  
  an obtaining unit, configured to obtain permission information corresponding to the application system according to the identifier of the mobile application entrance and the application system identifier;
  
  an authentication unit, configured to perform authentication on the API invocation request according to the permission information and the first authentication information; and
  
  a sending unit, configured to;
  
  send an authentication succeeded result to the application system in accordance with a determination that the authentication succeeds, so that the application system invokes one of the APIs for data processing; and
  
  send an authentication failed result to the application system in accordance with a determination that the authentication fails.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The computer system according to claim 10, wherein the obtaining unit is specifically configured to:
    - obtain a corresponding permission information set from a preset database according to the identifier of the mobile application entrance; and
      
      obtain permission information corresponding to the application system from the permission information set according to the application system identifier.
  - 12. The computer system according to claim 10, wherein the plurality of programs further include a determining unit, whereinthe receiving unit is further configured to receive an operation message sent by a user, the operation message carrying a user identifier and an operation instruction;
    - the determining unit is configured to determine a corresponding application system by searching a preset address book according to the user identifier; and
      
      the sending unit is further configured to forward the operation message to the application system, so that the application system performs data processing according to the operation instruction.
  - 13. The computer system according to claim 12, wherein the operation message is encrypted, the plurality of programs further include a decryption unit, whereinthe decryption unit is configured to decrypt the operation message, to extract the user identifier and the operation instruction.
  - 14. The apparatus according to claim 10, wherein the plurality of programs further include a synchronization unit, whereinthe receiving unit is further configured to obtain an address book synchronization message from the application system, the address book synchronization message carrying second authentication information;
    - andthe synchronization unit is configured to synchronize the address book according to the address book synchronization message when it is determined that the authentication succeeds according to the second authentication information.
  - 15. The computer system according to claim 14, wherein the synchronization unit comprises an information obtaining subunit, a first synchronization subunit, and a second synchronization subunit, whereinthe information obtaining subunit is configured to obtain latest organization information from the application system according to the synchronization message, the latest organization information including organization structure information and user information under an organization structure;
    - the first synchronization subunit is configured to synchronize organization structure information in the address book on the basis of the organization structure information in the organization information; and
      
      the second synchronization subunit is configured to synchronize user information in the address book on the basis of the user information in the organization information.
  - 16. The computer system according to claim 15, wherein the first synchronization subunit is specifically configured to:
    - obtain a mapping between a department identifier of each department under the organization structure and a department mobile service identifier; and
      
      perform updating, insertion, and/or deletion on the organization structure information in the address book on the basis of the organization structure information in the organization information and the mapping.
  - 17. The computer system according to claim 15, wherein the second synchronization subunit is specifically configured to:
    - determine a to-be-processed user queue according to the user information in the organization information and user information in the address book; and
      
      perform updating, insertion, and/or deletion on the user information in the address book according to the to-be-processed user queue.

18. A non-transitory computer readable storage medium storing a plurality of programs managing application programming interfaces (APIs) and mobile application entrances, in conjunction with a computer system having one or more processors that execute the programs to perform operations including:
- receiving an application programming interface invocation request initiated by an application system, the API invocation request carrying an identifier of a mobile application entrance to which the application system belongs, an application system identifier, and first authentication information;
  
  obtaining permission information corresponding to the application system according to the identifier of the mobile application entrance and the application system identifier;
  
  performing authentication on the API invocation request according to the permission information and the first authentication information;
  
  sending an authentication succeeded result to the application system in accordance with a determination that the authentication succeeds, so that the application system invokes one of the APIs for data processing; and
  
  sending an authentication failed result to the application system in accordance with a determination that the authentication fails.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tencent Technology Company Limited (Tencent Holdings Limited)
Original Assignee
Tencent Technology Company Limited (Tencent Holdings Limited)
Inventors
XIAO, Heng

Granted Patent

US 11,228,590 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 9/541   via adapters, e.g. between ...

H04L 2463/082   applying multi-factor authe...

H04L 63/0876   based on the identity of th...

H04L 9/40   Network security protocols

DATA PROCESSING METHOD AND APPARATUS BASED ON MOBILE APPLICATION ENTRANCE AND SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

9 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

DATA PROCESSING METHOD AND APPARATUS BASED ON MOBILE APPLICATION ENTRANCE AND SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links