CN111783075B - Authority management method, device and medium based on secret key and electronic equipment - Google Patents
Authority management method, device and medium based on secret key and electronic equipment Download PDFInfo
- Publication number
- CN111783075B CN111783075B CN202010600636.5A CN202010600636A CN111783075B CN 111783075 B CN111783075 B CN 111783075B CN 202010600636 A CN202010600636 A CN 202010600636A CN 111783075 B CN111783075 B CN 111783075B
- Authority
- CN
- China
- Prior art keywords
- key
- access terminal
- account
- user
- login request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title description 37
- 238000000034 method Methods 0.000 claims abstract description 45
- 238000012795 verification Methods 0.000 claims abstract description 35
- 238000012545 processing Methods 0.000 claims description 9
- 238000012986 modification Methods 0.000 claims description 8
- 230000004048 modification Effects 0.000 claims description 8
- 238000012546 transfer Methods 0.000 claims description 4
- 238000004590 computer program Methods 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 9
- 230000008569 process Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/107—License processing; Key processing
- G06F21/1078—Logging; Metering
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2117—User registration
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
Abstract
The disclosure relates to the field of identity authentication, and discloses a method, a device, a medium and an electronic device for managing authority. The method comprises the following steps: receiving a registration request; establishing an account and granting authority; generating a key for an account, randomly acquiring an encryption strategy, and correspondingly storing the key, the authority and a corresponding decryption strategy; encrypting the key by using an encryption strategy, and sending the encrypted key to an access terminal; judging whether the received login request comprises an encrypted key; if not, sending an identity authentication request to the access terminal to authenticate the identity of the user at the access terminal; if the verification is passed, the login request is passed and the step of sending a new key is transferred, otherwise, the step of reminding is transferred; if the login request comprises the encrypted key, verifying the key; if the verification is passed, the login request is passed and the step of sending a new key is forwarded, otherwise, the step of reminding is forwarded. In addition, the disclosure also relates to a block chain technology, and information in the registration request can be stored in the block chain. This approach increases the security of rights management.
Description
Technical Field
The present disclosure relates to the field of identity verification technologies for blockchains, and in particular, to a method, an apparatus, a medium, and an electronic device for rights management based on a key.
Background
With the development of network technologies such as blockchains, the problems of user privacy and network security become more important.
Currently, a system authority management scheme commonly used in the industry is a Role-Based Access Control (RBAC) authority design model, under which a many-to-many relationship is generally established between users and roles and between roles and authorities, and authority Control is usually realized by designing a user table, a Role table and an authority table. However, the rights managed by the existing rights management schemes are usually directly associated with the user, and once the account password of the user is stolen, the access right of the user can be acquired, so that the existing rights management schemes have the problem of insufficient security.
Disclosure of Invention
In the field of block chain authentication technologies, to solve the foregoing technical problems, an object of the present disclosure is to provide a method, an apparatus, a medium, and an electronic device for rights management based on a key.
According to an aspect of the present disclosure, there is provided a key-based rights management method, the method being performed by a target system, the method including:
receiving a registration request submitted by a user when the user accesses a target system for the first time through an access terminal, wherein the registration request comprises user information and identity authentication information;
establishing an account of the user according to the user information in the registration request, and granting a basic permission to the account as the permission of the account, wherein the account comprises an account identifier;
generating a first key for the account, randomly acquiring a first encryption strategy, determining a first decryption strategy corresponding to the first encryption strategy, and correspondingly storing the user information, the identity authentication information, the account identifier, the first key, the authority and the first decryption strategy;
encrypting the first key according to the first encryption strategy, and sending the encrypted first key to the access terminal;
when a login request from an access terminal is received, judging whether the login request comprises an encrypted key or not, wherein the login request comprises an account identifier corresponding to the account;
under the condition that the login request does not include the encrypted key, acquiring authentication information corresponding to an account identifier in the login request, and sending an authentication request to the access terminal according to the authentication information so as to authenticate the identity of the user of the access terminal;
if the verification is passed, the login request is passed and the step of sending a new key is transferred, wherein the step of sending the new key comprises the following steps: generating an un-generated second key for the account, randomly obtaining a second encryption strategy which is not used for the account, determining a second decryption strategy corresponding to the second encryption strategy, encrypting the second key according to the second encryption strategy, sending the encrypted second key to the access terminal, and respectively replacing the stored first key and the stored first decryption strategy correspondingly with the second key and the second decryption strategy;
if the verification fails, switching to a login failure reminding step, wherein the login failure reminding step comprises the following steps: refusing the login request and returning the reminding information of login failure to the access terminal;
under the condition that the login request comprises an encrypted key, acquiring a first decryption strategy and a first key corresponding to an account identifier in the login request, and decrypting the encrypted key by using the first decryption strategy to judge whether a decryption result is consistent with the first key;
and if the decryption result is consistent with the first key, passing the login request and turning to the step of sending the new key, otherwise, turning to the step of reminding login failure.
According to another aspect of the present disclosure, there is provided a key-based rights management apparatus, the apparatus running a target system, the apparatus including:
the system comprises a receiving module, a registration module and a processing module, wherein the receiving module is configured to receive a registration request submitted by a user when the user accesses a target system for the first time through an access terminal, and the registration request comprises user information and identity authentication information;
the establishing and granting module is configured to establish an account of the user according to the user information in the registration request, and grant basic permission to the account as permission of the account, wherein the account comprises an account identifier;
the storage module is configured to generate a first key for the account, randomly acquire a first encryption strategy, determine a first decryption strategy corresponding to the first encryption strategy, and correspondingly store the user information, the identity authentication information, the account identifier, the first key, the authority and the first decryption strategy;
the encryption module is configured to encrypt the first key according to the first encryption strategy and send the encrypted first key to the access terminal;
the first judgment module is configured to judge whether a login request from an access terminal is received, wherein the login request comprises an encrypted key or not, and the login request comprises an account identifier corresponding to the account;
the authentication module is configured to acquire authentication information corresponding to an account identifier in the login request under the condition that the login request does not include the encrypted key, and send an authentication request to the access terminal according to the authentication information so as to authenticate the identity of the user of the access terminal;
a sending module configured to pass the login request and transfer to a step of sending a new key if the authentication passes, wherein the step of sending the new key includes: generating an un-generated second key for the account, randomly obtaining a second encryption strategy which is not used for the account, determining a second decryption strategy corresponding to the second encryption strategy, encrypting the second key according to the second encryption strategy, sending the encrypted second key to the access terminal, and respectively replacing the stored first key and the stored first decryption strategy correspondingly with the second key and the second decryption strategy;
a reminding module configured to go to a login failure reminding step if the verification fails, wherein the login failure reminding step comprises: refusing the login request and returning the reminding information of login failure to the access terminal;
the second judgment module is configured to acquire a first decryption policy and a first key corresponding to an account identifier in the login request under the condition that the login request includes the encrypted key, and decrypt the encrypted key by using the first decryption policy to judge whether a decryption result is consistent with the first key; and
and if the decryption result is consistent with the first key, passing the login request and turning to the step of sending the new key, otherwise, turning to the step of reminding login failure.
According to another aspect of the present disclosure, there is provided a computer readable program medium storing computer program instructions which, when executed by a computer, cause the computer to perform the method as described above.
According to another aspect of the present disclosure, there is provided an electronic apparatus including:
a processor;
a memory having computer readable instructions stored thereon which, when executed by the processor, implement the method as previously described.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects:
the authority management method based on the key provided by the disclosure is executed by a target system and comprises the following steps: receiving a registration request submitted by a user when the user accesses a target system for the first time through an access terminal, wherein the registration request comprises user information and identity authentication information; establishing an account of the user according to the user information in the registration request, and granting a basic permission to the account as the permission of the account, wherein the account comprises an account identifier; generating a first key for the account, randomly acquiring a first encryption strategy, determining a first decryption strategy corresponding to the first encryption strategy, and correspondingly storing the user information, the identity authentication information, the account identifier, the first key, the authority and the first decryption strategy; encrypting the first key according to the first encryption strategy, and sending the encrypted first key to the access terminal; when a login request from an access terminal is received, judging whether the login request comprises an encrypted key or not, wherein the login request comprises an account identifier corresponding to the account; under the condition that the login request does not include the encrypted key, acquiring authentication information corresponding to an account identifier in the login request, and sending an authentication request to the access terminal according to the authentication information so as to authenticate the identity of the user of the access terminal; if the verification is passed, the login request is passed and the step of sending a new key is transferred, wherein the step of sending the new key comprises the following steps: generating an un-generated second key for the account, randomly obtaining a second encryption strategy which is not used for the account, determining a second decryption strategy corresponding to the second encryption strategy, encrypting the second key according to the second encryption strategy, sending the encrypted second key to the access terminal, and respectively replacing the stored first key and the stored first decryption strategy correspondingly with the second key and the second decryption strategy; if the verification fails, switching to a login failure reminding step, wherein the login failure reminding step comprises the following steps: refusing the login request and returning the reminding information of login failure to the access terminal; under the condition that the login request comprises an encrypted key, acquiring a first decryption strategy and a first key corresponding to an account identifier in the login request, and decrypting the encrypted key by using the first decryption strategy to judge whether a decryption result is consistent with the first key; and if the decryption result is consistent with the first key, passing the login request and transferring to the step of sending the new key, otherwise, transferring to the step of reminding login failure.
Under the method, when the key of the access terminal is lost, the identity authentication needs to be carried out again, the random encryption strategy is used for encryption, the encryption strategy is stored in the service terminal, and the encryption strategy of the key and the key is updated every time the access terminal requests the authority of the service terminal, so that the safety of authority management is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
FIG. 1 is a system architecture diagram illustrating a method of key-based rights management in accordance with an exemplary embodiment;
FIG. 2 is a flow diagram illustrating a method of key-based rights management in accordance with an exemplary embodiment;
FIG. 3 is a flowchart illustrating details of step 220 according to one embodiment illustrated in a corresponding embodiment of FIG. 2;
FIG. 4 is a block diagram illustrating a key-based rights management apparatus in accordance with an exemplary embodiment;
FIG. 5 is a block diagram illustrating an example of an electronic device implementing the key-based rights management method described above, in accordance with one example embodiment;
fig. 6 is a diagram illustrating a computer-readable storage medium implementing the above-described key-based rights management method according to an example embodiment.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the invention, as detailed in the appended claims.
Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and a repetitive description thereof will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities.
The present disclosure first provides a method for rights management based on a secret key. The authority management is that a set of security rules is set in a software system, and each user can access and only access authorized resources or objects under the security rules. In a system, what resources or objects a user can access and how to access these resources or objects is the user's rights in the system, which are usually set by the system or by an administrator, and cannot generally be changed at will by ordinary users. The security of protecting the system authority is to protect resources or objects in the system, so that the resources or objects in the system are accessed by legal persons in a proper manner, and therefore, the authority management is to protect data and information security, which is a very important task in today's society. The authority management method based on the key provided by the disclosure can ensure that the authority management is safer.
The implementation terminal of the present disclosure may be any device having computing, processing, and communication functions, which may be connected to an external device for receiving or sending data, and specifically may be a portable mobile device, such as a smart phone, a tablet computer, a notebook computer, a pda (personal Digital assistant), or the like, or may be a fixed device, such as a computer device, a field terminal, a desktop computer, a server, a workstation, or the like, or may be a set of multiple devices, such as a physical infrastructure of cloud computing or a server cluster.
Optionally, the implementation terminal of the present disclosure may be a server or a physical infrastructure of cloud computing.
Fig. 1 is a system architecture diagram illustrating a method of key-based rights management in accordance with an exemplary embodiment. As shown in fig. 1, the system architecture includes a server 110, a first user terminal 121, a second user terminal 122, and a database 130. The first user terminal 121, the second user terminal 122 and the database 130 are all connected to the server 110 through communication links, so that data can be received and transmitted. A target system, that is, a system that needs to perform rights management, runs on the server 110, and both the first user terminal 121 and the second user terminal 122 have access terminals that can access the target system on the server 110. When the method for rights management based on a key provided by the embodiment of the present disclosure is applied to the system architecture shown in fig. 1, a specific process may be as follows: first, a user first accesses a target system through a first user terminal 121 to register, and submits user information and authentication information; the target system acquires user information and identity authentication information, then establishes an account for the user according to the user information, and sets basic permission for the account; then, the target system locally obtains a first encryption policy from the server 110, obtains a first decryption policy corresponding to the first encryption policy, generates a first key at the same time, and then correspondingly stores the user information, the identity authentication information, the account identifier, the first key, the authority and the first decryption policy in the database 130; and then, the target system encrypts the first key according to the first encryption strategy and sends the encrypted first key to the access terminal. The access terminal corresponding to the target system automatically carries the obtained encrypted key in the login request when accessing the target system. Therefore, the target system will finally determine whether the key in the login request exists and whether the key is legal based on the information stored in the database 130, and control whether the login request passes through according to the determination result, thereby implementing the authority management.
It is worth mentioning that fig. 1 is only one embodiment of the present disclosure. Although the implementation terminal in this embodiment is a server, in other embodiments, the implementation terminal may be various terminals or devices as described above; although in this embodiment, the target system correspondingly stores the user information, the authentication information, the account identifier, the first key, the right and the first decryption policy in one database, in other embodiments or specific applications, these information may be stored in a plurality of databases, respectively, or may be stored locally at the terminal where the target system is located.
Fig. 2 is a flow diagram illustrating a method of key-based rights management in accordance with an exemplary embodiment. In a physical layer, the rights management method based on the key provided by the embodiment can be executed by a server; in a logic level, the rights management method based on the key provided by this embodiment is executed by the target system, as shown in fig. 2, and includes the following steps:
It is emphasized that, in order to further ensure the privacy and security of the user information and the authentication information, the user information and the authentication information may also be stored in a node of a block chain.
The access terminal may be various clients, such as an Application program (APP) on a mobile terminal (e.g., a smart phone) or a browser-based Web terminal, and may also be a client on a computer or a browser-based Web terminal. Therefore, the access terminal and the target system may be in a B/S (Browser/Server) architecture or a C/S (Client/Server) architecture.
The registration request may be a request based on various network protocols, such as a request under the HTTP Protocol (HyperText Transfer Protocol).
The registration request includes user information and authentication information, i.e. the message of the registration request carries the user information and the authentication information.
The user information may be various information related to the user, typically characteristics or attributes of the user, and may include information such as the user's name, profession, age, academic calendar, and the like. The authentication information is information for confirming whether a user matches the authentication information, thereby verifying the validity of the user's identity.
The account of the user is an independent object in the target system, and the target system can be accessed or operated by the account in a series of operations. An account is usually recorded as a set of data under the target system, and the account includes an account identifier, i.e., an identifier that is unique to identify the account.
The basic rights are the rights initially given to the account at the beginning of the account establishment, and the rights can be preset or dynamically set according to user information. Permissions control the extent to which a user has access to resources on the target system and may include, for example, controls on the visibility of page elements of the target system, controls on the modification of files or data on the target system, controls on the access to menus of the target system, and the like.
Fig. 3 is a flowchart illustrating details of step 220 according to one embodiment illustrated in a corresponding embodiment of fig. 2. As shown in fig. 3, in this embodiment, the user information and the authentication information are pre-stored in a block chain, and step 220 specifically includes:
For example, if the user information includes the gender information of the user, when an account is established for the user, a basic right corresponding to the gender information of the user is granted to the account. For another example, if the user information includes job level information of the user, when an account is established for the user, a basic right corresponding to the job level information of the user is granted to the account, so that information of different job levels can be different basic rights for the user, and specifically, more basic rights can be granted to an account of a user of a higher job level.
In the embodiment, by determining what basic permission to grant to the corresponding account based on the user information, more effective management of the basic permission is realized.
The first key is typically a randomly generated string of characters.
The encryption strategy may be various encryption algorithms or encryption manners, such as a symmetric encryption algorithm, an asymmetric encryption algorithm, or an encryption manner based on rules, and the decryption strategy corresponding to the encryption strategy is a strategy that can restore a ciphertext obtained by encrypting with the encryption strategy to a corresponding plaintext.
In one embodiment, the correspondingly storing the user information, the authentication information, the account identifier, the first key, the right, and the first decryption policy includes:
correspondingly storing the user information, the identity authentication information, the account identification and the first secret key into a relational database;
and correspondingly storing the first key, the authority and the first decryption strategy into a non-relational database by taking the first key and the authority and the first key and the first decryption strategy as key value pairs respectively.
Taking the first key and the authority as a key value pair, namely taking the first key-authority as the key value pair; and taking the first key and the first decryption strategy as key-value pairs, namely taking the first key-the first decryption strategy as the key-value pairs.
The non-relational database does not take a table as a data structure, has the advantages of high query speed and high performance, for example, the Redis database can be used as a non-relational database for storing key value pairs.
In this embodiment, by storing the data related to the rights management, such as the key, the rights, the decryption policy, and the like, in the non-relational database, the step of parsing the relational database sql can be omitted during the rights management due to the characteristics of the non-relational database, so that the query efficiency is improved.
And after the encrypted first key is sent to the access terminal, the encrypted first key is stored at the access terminal. When the access terminal initiates a login request to the target system again, the encrypted first key is carried in the login request.
In one embodiment, after encrypting the first key according to the first encryption policy and sending the encrypted first key to the access terminal, the method further includes:
receiving a permission modification request from an administrator terminal, wherein the permission modification request comprises an account identifier, a permission to be modified and a modified permission;
acquiring a key corresponding to the account identifier in the permission modification request from a relational database;
querying out the authority corresponding to the key from a non-relational database by using the key as a target authority;
and replacing the authority to be modified in the target authority with the modified authority.
The administrator side is a client different from the access side. The administrator terminal may be the same terminal as the implementing terminal of the present disclosure, or may be a different terminal.
In this embodiment, by allowing an administrator to modify permissions in a non-relational database, efficient management of permissions may be achieved.
And adding or deleting the account authority through the administrator terminal.
The access terminal may be the same access terminal as that when the user accesses the target system for the first time, or may be a different access terminal than that when the user accesses the target system for the first time.
For example, the message content of the login request may be arranged in a specific field, the encrypted key is a field at a certain position in the message content of the login request, and when the field is not included at the position in the message content of the login request, it is determined that the encrypted key is not included in the login request.
In one embodiment, the registering request further includes a first access terminal identifier, the login request includes a second access terminal identifier, and the correspondingly storing the user information, the authentication information, the account identifier, the first key, the right, and the first decryption policy includes:
correspondingly storing the user information, the identity authentication information, the account identification, the first access terminal identification, the first secret key, the authority and the first decryption strategy;
before obtaining the authentication information corresponding to the account identifier in the login request and sending an authentication request to the access terminal according to the authentication information to authenticate the identity of the user at the access terminal, the method further comprises:
judging whether a first access terminal identifier corresponding to the account identifier in the login request is consistent with a second access terminal identifier in the login request;
the acquiring, when the login request does not include the encrypted key, authentication information corresponding to an account identifier in the login request, and sending an authentication request to the access terminal according to the authentication information to authenticate the identity of the user at the access terminal, includes:
and under the condition that the login request does not comprise the encrypted key or the first access terminal identification is not consistent with the second access terminal identification, acquiring authentication information corresponding to the account identification in the login request, and sending an authentication request to the access terminal according to the authentication information so as to authenticate the identity of the user of the access terminal.
The access terminal identifier is an identifier that uniquely identifies the identity of the access terminal, and may be, for example, a client terminal identifier, which is an identifier distributed by the home terminal at the beginning of client installation.
In this embodiment, the condition for verifying the identity of the user at the access terminal includes that the login request does not include the encrypted key, and that the first access terminal identifier is not consistent with the second access terminal identifier, so that the user needs to perform identity verification when logging in using a new access terminal, and the security of rights management is further improved.
In one embodiment, the sending an authentication request to the access terminal according to the authentication information to authenticate the identity of the user at the access terminal includes:
sending a first short message verification code randomly generated by the target system to the mobile phone number;
sending a page to the access terminal to prompt a user to receive a first short message verification code;
and receiving a second short message verification code submitted through the page, and comparing the first short message verification code with the second short message verification code to verify the identity of the user of the access terminal.
For example, when the first short message verification code is consistent with the second short message verification code, the verification is confirmed to pass, otherwise, the verification is confirmed to fail.
In the embodiment, the user identity is verified in a short message verification code mode.
In one embodiment, the sending an authentication request to the access terminal according to the authentication information to authenticate the identity of the user at the access terminal includes:
sending a page recorded with the problem information to the access terminal;
receiving second answer information submitted through the page from the access terminal;
and comparing the first answer information with the second answer information to verify the identity of the user at the access terminal.
For example, when the first answer information and the second answer information are compared and consistent, the verification can be confirmed to pass, otherwise, the verification is confirmed to fail.
In the embodiment, the user identity is verified in a question answering mode, illegal authority acquisition can be effectively prevented, and safety is improved.
The second encryption policy is an encryption policy different from the first encryption policy, and similarly, the second decryption policy is a decryption policy different from the first decryption policy, and the second key is also a key different from the first key.
In the case that the verification is passed, the updating of the key and the decryption strategy is also realized in the step.
In one embodiment, the correspondingly storing the user information, the authentication information, the account identifier, the first key, the right, and the first decryption policy includes:
correspondingly storing the user information, the identity authentication information, the account identification, the first key, the authority, the first encryption strategy and the first decryption strategy;
the step of sending the new key comprises the following steps:
generating an un-generated second key for the account, randomly obtaining a second encryption strategy which is not used for the account, determining a second decryption strategy corresponding to the second encryption strategy, encrypting the second key according to the second encryption strategy, sending the encrypted second key to the access terminal, and respectively replacing the stored first key, the stored first encryption strategy and the stored first decryption strategy with the second key, the stored second encryption strategy and the stored second decryption strategy.
The embodiment simultaneously realizes the updating of the key, the encryption strategy and the decryption strategy.
The mode of returning the reminding information to the access terminal can be a page mode, a popup window mode and the like, and information indicating login failure can be recorded in the page mode and the popup window mode.
And if the access terminal sending the registration request and the access terminal initiating the login request are the same account identifier and use the same access terminal, the decryption result is consistent with the first key, otherwise, the decryption result is inconsistent.
The login request can be passed only when the decryption result is consistent with the first key, so that the user can obtain corresponding authority, otherwise, the login request is refused, and the prompting information of login failure is returned to the access terminal.
In summary, according to the method for rights management based on a key provided in the embodiment of fig. 2, when the key of the access terminal is lost, the authentication needs to be performed again, the random encryption policy is used for encryption, the encryption policy is stored in the server, and the encryption policy of the key and the key is updated each time the access terminal requests the rights of the server, which increases the security of rights management.
The disclosure also provides a device for rights management based on the key, and the following device embodiments are disclosed.
Fig. 4 is a block diagram illustrating a key-based rights management device running a target system according to an example embodiment. As shown in fig. 4, the apparatus 400 includes:
a receiving module 410 configured to receive a registration request submitted when a user initially accesses a target system through an access terminal, where the registration request includes user information and authentication information;
the establishing and granting module 420 is configured to establish an account of the user according to the user information in the registration request, and grant basic rights to the account as the rights of the account, where the account includes an account identifier;
the storage module 430 is configured to generate a first key for the account, randomly acquire a first encryption policy, determine a first decryption policy corresponding to the first encryption policy, and correspondingly store the user information, the authentication information, the account identifier, the first key, the authority, and the first decryption policy;
the encryption module 440 is configured to encrypt the first key according to the first encryption policy, and send the encrypted first key to the access terminal;
a first determining module 450, configured to determine, when a login request from an access terminal is received, whether the login request includes an encrypted key, where the login request includes an account identifier corresponding to the account;
the verification module 460 is configured to, when the login request does not include the encrypted key, obtain authentication information corresponding to an account identifier in the login request, and send an authentication request to the access terminal according to the authentication information, so as to verify the identity of the user at the access terminal;
a sending module 470, configured to pass the login request and transfer to a step of sending a new key if the verification passes, where the step of sending a new key includes: generating an un-generated second key for the account, randomly obtaining a second encryption strategy which is not used for the account, determining a second decryption strategy corresponding to the second encryption strategy, encrypting the second key according to the second encryption strategy, sending the encrypted second key to the access terminal, and respectively replacing the stored first key and the stored first decryption strategy correspondingly with the second key and the second decryption strategy;
a reminding module 480 configured to, if the verification fails, go to a login failure reminding step, where the login failure reminding step includes: refusing the login request and returning the reminding information of login failure to the access terminal;
a second determining module 490, configured to, when the login request includes an encrypted key, obtain a first decryption policy and a first key corresponding to an account identifier in the login request, and decrypt the encrypted key using the first decryption policy to determine whether a decryption result is consistent with the first key; and
and if the decryption result is consistent with the first key, passing the login request and transferring to the step of sending the new key, otherwise, transferring to the step of reminding login failure.
According to a third aspect of the present disclosure, there is also provided an electronic device capable of implementing the above method.
As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or program product. Thus, various aspects of the invention may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
An electronic device 500 according to this embodiment of the invention is described below with reference to fig. 5. The electronic device 500 shown in fig. 5 is only an example and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 5, the electronic device 500 is embodied in the form of a general purpose computing device. The components of the electronic device 500 may include, but are not limited to: the at least one processing unit 510, the at least one memory unit 520, and a bus 530 that couples various system components including the memory unit 520 and the processing unit 510.
Wherein the storage unit stores program code that is executable by the processing unit 510 to cause the processing unit 510 to perform steps according to various exemplary embodiments of the present invention as described in the section "example methods" above in this specification.
The storage unit 520 may include readable media in the form of volatile storage units, such as a random access memory unit (RAM)521 and/or a cache memory unit 522, and may further include a read only memory unit (ROM) 523.
The storage unit 520 may also include a program/utility 524 having a set (at least one) of program modules 525, such program modules 525 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The electronic device 500 may also communicate with one or more external devices 700 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 500, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 500 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interfaces 550. Also, the electronic device 500 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) via the network adapter 560. As shown, the network adapter 560 communicates with the other modules of the electronic device 500 over the bus 530. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 500, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, and may also be implemented by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a terminal device, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
According to a fourth aspect of the present disclosure, there is also provided a computer-readable storage medium having stored thereon a program product capable of implementing the above-mentioned method of the present specification. In some possible embodiments, aspects of the invention may also be implemented in the form of a program product comprising program code means for causing a terminal device to carry out the steps according to various exemplary embodiments of the invention described in the above section "exemplary methods" of the present description, when said program product is run on the terminal device.
Referring to fig. 6, a program product 600 for implementing the above method according to an embodiment of the present invention is described, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In situations involving remote computing devices, the remote computing devices may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to external computing devices (e.g., through the internet using an internet service provider).
The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
Furthermore, the above-described figures are merely schematic illustrations of processes involved in methods according to exemplary embodiments of the invention, and are not intended to be limiting. It will be readily appreciated that the processes illustrated in the above figures are not intended to indicate or limit the temporal order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.
Claims (9)
1. A method for key-based rights management, the method performed by a target system, the method comprising:
receiving a registration request submitted by a user when the user accesses a target system for the first time through an access terminal, wherein the registration request comprises user information and identity authentication information;
establishing an account of the user according to the user information in the registration request, and granting a basic permission to the account as the permission of the account, wherein the account comprises an account identifier;
generating a first key for the account and randomly acquiring a first encryption strategy, determining a first decryption strategy corresponding to the first encryption strategy, and correspondingly storing the user information, the identity authentication information, the account identifier, the first key, the authority and the first decryption strategy, wherein correspondingly storing the user information, the identity authentication information, the account identifier, the first key, the authority and the first decryption strategy comprises: correspondingly storing the user information, the identity authentication information, the account identification and the first secret key into a relational database; correspondingly storing the first key, the authority and the first decryption strategy into a non-relational database by respectively taking the first key and the authority and the first key and the first decryption strategy as key value pairs;
encrypting the first key according to the first encryption strategy, and sending the encrypted first key to the access terminal;
when a login request from an access terminal is received, judging whether the login request comprises an encrypted key or not, wherein the login request comprises an account identifier corresponding to the account;
under the condition that the login request does not include the encrypted key, acquiring authentication information corresponding to an account identifier in the login request, and sending an authentication request to the access terminal according to the authentication information so as to authenticate the identity of the user of the access terminal;
if the verification is passed, the login request is passed and the step of sending a new key is transferred, wherein the step of sending the new key comprises the following steps: generating an un-generated second key for the account, randomly obtaining a second encryption strategy which is not used for the account, determining a second decryption strategy corresponding to the second encryption strategy, encrypting the second key according to the second encryption strategy, sending the encrypted second key to the access terminal, and respectively replacing the stored first key and the stored first decryption strategy correspondingly with the second key and the second decryption strategy;
if the verification fails, switching to a login failure reminding step, wherein the login failure reminding step comprises the following steps: refusing the login request and returning the reminding information of login failure to the access terminal;
under the condition that the login request comprises the encrypted key, acquiring a first decryption strategy and a first key corresponding to an account identifier in the login request, and decrypting the encrypted key by using the first decryption strategy to judge whether a decryption result is consistent with the first key;
and if the decryption result is consistent with the first key, passing the login request and turning to the step of sending the new key, otherwise, turning to the step of reminding login failure.
2. The method according to claim 1, wherein the user information and the authentication information are pre-stored in a blockchain, and the establishing an account of the user according to the user information in the registration request and granting a basic right to the account as the right of the account comprises:
and establishing an account of the user according to the user information in the registration request, and granting a basic permission corresponding to the user information to the account based on the user information to serve as the permission of the account.
3. The method of claim 1, wherein after encrypting the first key according to the first encryption policy and sending the encrypted first key to the access terminal, the method further comprises:
receiving a permission modification request from an administrator terminal, wherein the permission modification request comprises an account identifier, a permission to be modified and a modified permission;
acquiring a key corresponding to the account identifier in the permission modification request from a relational database;
inquiring the authority corresponding to the key from a non-relational database by using the key to serve as a target authority;
and replacing the authority to be modified in the target authority with the modified authority.
4. The method according to claim 1, wherein the registration request further includes a first access terminal identifier, the login request includes a second access terminal identifier, and the correspondingly storing the user information, the authentication information, the account identifier, the first key, the right, and the first decryption policy includes:
correspondingly storing the user information, the identity authentication information, the account identification, the first access terminal identification, the first key, the authority and the first decryption strategy;
before obtaining the authentication information corresponding to the account identifier in the login request and sending an authentication request to the access terminal according to the authentication information to authenticate the identity of the user at the access terminal, the method further comprises:
judging whether a first access terminal identifier corresponding to the account identifier in the login request is consistent with a second access terminal identifier in the login request or not;
the acquiring, when the login request does not include the encrypted key, authentication information corresponding to an account identifier in the login request, and sending an authentication request to the access terminal according to the authentication information to authenticate the identity of the user at the access terminal, includes:
and under the condition that the login request does not comprise the encrypted key or the first access terminal identification is not consistent with the second access terminal identification, acquiring authentication information corresponding to the account identification in the login request, and sending an authentication request to the access terminal according to the authentication information so as to authenticate the identity of the user of the access terminal.
5. The method of claim 1, wherein the authentication information is a mobile phone number, and the sending an authentication request to the access terminal according to the authentication information to authenticate the identity of the user of the access terminal comprises:
sending a first short message verification code randomly generated by the target system to the mobile phone number;
sending a page to the access terminal to prompt a user to receive a first short message verification code;
and receiving a second short message verification code submitted through the page, and comparing the first short message verification code with the second short message verification code to verify the identity of the user of the access terminal.
6. The method according to claim 1, wherein the authentication information is question information and corresponding first answer information, and the sending an authentication request to the access terminal according to the authentication information to authenticate the identity of the user at the access terminal comprises:
sending a page recorded with the problem information to the access terminal;
receiving second answer information submitted through the page from the access terminal;
and comparing the first answer information with the second answer information to verify the identity of the user at the access terminal.
7. A key-based rights management apparatus, the apparatus running a target system, the apparatus comprising:
the system comprises a receiving module, a registration module and a processing module, wherein the receiving module is configured to receive a registration request submitted by a user when the user accesses a target system for the first time through an access terminal, and the registration request comprises user information and identity authentication information;
the establishing and granting module is configured to establish an account of the user according to the user information in the registration request, and grant basic permission to the account as permission of the account, wherein the account comprises an account identifier;
a storage module, configured to generate a first key for the account and randomly obtain a first encryption policy, determine a first decryption policy corresponding to the first encryption policy, and store the user information, the authentication information, the account identifier, the first key, the authority, and the first decryption policy correspondingly, where the storing the user information, the authentication information, the account identifier, the first key, the authority, and the first decryption policy correspondingly includes: correspondingly storing the user information, the identity authentication information, the account identification and the first secret key into a relational database; correspondingly storing the first key, the authority and the first decryption strategy into a non-relational database by respectively taking the first key and the authority as well as the first key and the first decryption strategy as key value pairs;
the encryption module is configured to encrypt the first key according to the first encryption strategy and send the encrypted first key to the access terminal;
the first judgment module is configured to judge whether a login request from an access terminal is received, wherein the login request comprises an encrypted key or not, and the login request comprises an account identifier corresponding to the account;
the authentication module is configured to acquire authentication information corresponding to an account identifier in the login request under the condition that the login request does not include the encrypted key, and send an authentication request to the access terminal according to the authentication information so as to authenticate the identity of the user of the access terminal;
a sending module configured to pass the login request and transfer to a step of sending a new key if the authentication passes, wherein the step of sending the new key includes: generating an un-generated second key for the account, randomly acquiring a second encryption strategy which is not used for the account, determining a second decryption strategy corresponding to the second encryption strategy, encrypting the second key according to the second encryption strategy, sending the encrypted second key to the access terminal, and respectively replacing the stored first key and the stored first decryption strategy correspondingly with the second key and the second decryption strategy;
a reminding module configured to go to a login failure reminding step if the verification fails, wherein the login failure reminding step comprises: refusing the login request and returning the reminding information of login failure to the access terminal;
the second judgment module is configured to acquire a first decryption policy and a first key corresponding to an account identifier in the login request under the condition that the login request includes the encrypted key, and decrypt the encrypted key by using the first decryption policy to judge whether a decryption result is consistent with the first key; and
and if the decryption result is consistent with the first key, passing the login request and transferring to the step of sending the new key, otherwise, transferring to the step of reminding login failure.
8. A computer-readable program medium, characterized in that it stores computer program instructions which, when executed by a computer, cause the computer to perform the method according to any one of claims 1 to 6.
9. An electronic device, characterized in that the electronic device comprises:
a processor;
a memory having stored thereon computer readable instructions which, when executed by the processor, implement the method of any one of claims 1 to 6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010600636.5A CN111783075B (en) | 2020-06-28 | 2020-06-28 | Authority management method, device and medium based on secret key and electronic equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010600636.5A CN111783075B (en) | 2020-06-28 | 2020-06-28 | Authority management method, device and medium based on secret key and electronic equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111783075A CN111783075A (en) | 2020-10-16 |
CN111783075B true CN111783075B (en) | 2022-09-09 |
Family
ID=72761561
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010600636.5A Active CN111783075B (en) | 2020-06-28 | 2020-06-28 | Authority management method, device and medium based on secret key and electronic equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111783075B (en) |
Families Citing this family (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112417391B (en) * | 2020-10-28 | 2023-12-19 | 深圳市橡树黑卡网络科技有限公司 | Information data security processing method, device, equipment and storage medium |
CN112383556B (en) * | 2020-11-17 | 2023-04-21 | 珠海大横琴科技发展有限公司 | Data processing method and device |
CN112887273B (en) * | 2021-01-11 | 2022-05-20 | 苏州浪潮智能科技有限公司 | Key management method and related equipment |
CN112911002B (en) * | 2021-02-02 | 2022-11-25 | 上海华盖科技发展股份有限公司 | Block chain data sharing encryption method |
CN112926082A (en) * | 2021-02-08 | 2021-06-08 | 联想(北京)有限公司 | Information processing method and device based on block chain |
CN113592497A (en) * | 2021-08-23 | 2021-11-02 | 中国银行股份有限公司 | Financial transaction service security authentication method and device based on block chain |
CN113688365B (en) * | 2021-08-26 | 2022-06-21 | 广东电力信息科技有限公司 | Data access method and system based on identity authentication applied to database operation and maintenance |
CN114124496B (en) * | 2021-11-12 | 2023-11-24 | 福建汇思博数字科技有限公司 | SSH remote login method based on server issued key and server |
CN114493492A (en) * | 2021-12-27 | 2022-05-13 | 北京奇虎科技有限公司 | Travel itinerary authority application method, equipment, storage medium and device |
CN115189945B (en) * | 2022-07-07 | 2024-05-17 | 中国工商银行股份有限公司 | Transaction request verification method and device, electronic equipment and readable storage medium |
CN116455603A (en) * | 2023-03-13 | 2023-07-18 | 安庆吕阁妮网络科技有限公司 | Database access method and system based on isolated encryption |
CN116911988B (en) * | 2023-04-04 | 2024-04-05 | 深圳市奥盛通科技有限公司 | Transaction data processing method, system, computer equipment and storage medium |
CN116112167B (en) * | 2023-04-13 | 2023-06-27 | 恒生电子股份有限公司 | Key management system, method and device |
CN116484352B (en) * | 2023-04-21 | 2024-03-15 | 贵州电网有限责任公司 | Management method of power grid equipment information model library and design access network system |
CN116938594B (en) * | 2023-09-08 | 2024-03-22 | 数盾信息科技股份有限公司 | Multi-level identity verification system based on high-speed encryption technology |
CN117668920B (en) * | 2024-02-02 | 2024-05-03 | 杭州高特电子设备股份有限公司 | Secure access method, system, equipment and medium based on internal energy storage system |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103916372B (en) * | 2013-01-07 | 2017-07-21 | 中国银联股份有限公司 | A kind of third party's log-on message trustship method and system |
US9432358B2 (en) * | 2013-10-31 | 2016-08-30 | Tencent Technology (Shenzhen) Company Limited | System and method of authenticating user account login request messages |
US20180232406A1 (en) * | 2017-02-13 | 2018-08-16 | Syscom Computer Engineering Co. | Big data database system |
CN107733852B (en) * | 2017-08-24 | 2019-06-21 | 北京三快在线科技有限公司 | A kind of auth method and device, electronic equipment |
FR3080471A1 (en) * | 2018-04-19 | 2019-10-25 | Soletanche Freyssinet | COMPUTER PLATFORM FOR AGGREGATION AND VISUALIZATION OF DIGITAL DATA |
-
2020
- 2020-06-28 CN CN202010600636.5A patent/CN111783075B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN111783075A (en) | 2020-10-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111783075B (en) | Authority management method, device and medium based on secret key and electronic equipment | |
US11475137B2 (en) | Distributed data storage by means of authorisation token | |
EP3585032B1 (en) | Data security service | |
US8856530B2 (en) | Data storage incorporating cryptographically enhanced data protection | |
CN109274652B (en) | Identity information verification system, method and device and computer storage medium | |
US11290446B2 (en) | Access to data stored in a cloud | |
EP3959853A1 (en) | Method, system and computer readable storage medium for accessibility controls in distributed data systems | |
CN111316278A (en) | Secure identity and archive management system | |
JP2006500657A (en) | Server, computer memory, and method for supporting security policy maintenance and distribution | |
JP2011222010A (en) | Method and system for securely and remotely startup, boot, and login from mobile device to computer | |
WO2014207554A2 (en) | Method and apparatus for providing database access authorization | |
US11757877B1 (en) | Decentralized application authentication | |
CN101297534A (en) | Method and apparatus for secure network authentication | |
JP5992535B2 (en) | Apparatus and method for performing wireless ID provisioning | |
US8301900B1 (en) | Secure transformable password generation | |
US12107956B2 (en) | Information processing device, information processing method, and non-transitory computer readable storage medium | |
CN114448648B (en) | Sensitive credential management method and system based on RPA | |
CN111563279A (en) | Cloud data privacy protection system based on block chain | |
WO2021170049A1 (en) | Method and apparatus for recording access behavior | |
CN117157623A (en) | System and method for protecting secrets when used in conjunction with containerized applications | |
CN114253660A (en) | System and method for authorizing a user data processor to access a container of user data | |
US11804969B2 (en) | Establishing trust between two devices for secure peer-to-peer communication | |
WO2018034192A1 (en) | Information processing device, information processing method, and storage medium | |
CN114697111B (en) | Method and system for cross-cloud access to public cloud and public cloud | |
KR102542840B1 (en) | Method and system for providing finance authentication service based on open api |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |