CN112115507A - Cloud service interaction method and big data platform based on cloud computing and information digitization - Google Patents
Cloud service interaction method and big data platform based on cloud computing and information digitization Download PDFInfo
- Publication number
- CN112115507A CN112115507A CN202010926546.5A CN202010926546A CN112115507A CN 112115507 A CN112115507 A CN 112115507A CN 202010926546 A CN202010926546 A CN 202010926546A CN 112115507 A CN112115507 A CN 112115507A
- Authority
- CN
- China
- Prior art keywords
- service
- access
- accessed
- authority
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000003993 interaction Effects 0.000 title claims abstract description 50
- 238000000034 method Methods 0.000 title claims abstract description 43
- 230000006399 behavior Effects 0.000 claims description 29
- 238000004088 simulation Methods 0.000 claims description 28
- 238000012163 sequencing technique Methods 0.000 claims description 16
- 238000012545 processing Methods 0.000 claims description 15
- 238000012795 verification Methods 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 12
- 238000012544 monitoring process Methods 0.000 claims description 12
- 238000012937 correction Methods 0.000 claims description 10
- 238000009826 distribution Methods 0.000 claims description 6
- 238000012986 modification Methods 0.000 claims description 6
- 230000004048 modification Effects 0.000 claims description 6
- 238000012216 screening Methods 0.000 claims description 6
- 238000003860 storage Methods 0.000 claims description 6
- 238000013507 mapping Methods 0.000 claims description 5
- 230000001174 ascending effect Effects 0.000 claims description 4
- 239000000284 extract Substances 0.000 abstract description 4
- 230000000875 corresponding effect Effects 0.000 description 88
- 238000011156 evaluation Methods 0.000 description 53
- 238000010586 diagram Methods 0.000 description 4
- 238000012913 prioritisation Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000013468 resource allocation Methods 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 230000002596 correlated effect Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 239000003999 initiator Substances 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000032683 aging Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Automation & Control Theory (AREA)
- Computing Systems (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The cloud service interaction method and the big data platform based on cloud computing and information digitization, which are provided by the embodiment of the application, firstly receive a service access application aiming at an online office cooperation service, which is sent by a service device to be accessed, secondly determine at least one group of authority authentication information aiming at the online office cooperation service and at least one corresponding cooperation access indication based on the service access application, then extract a service cooperation record of the service device to be accessed according to the service access application and check the access security of the service device to be accessed to obtain a check result, and finally issue the cooperation access indication to the service device to be accessed when the service device to be accessed is judged to have no access security risk according to the check result. Therefore, the method and the device can indicate the service equipment to be accessed to access the designated data, avoid the unauthorized behavior of the service equipment to be accessed when accessing the service database, and ensure that important data and privacy data in the service equipment cluster are not accessed by the service equipment to be accessed.
Description
Technical Field
The application relates to the technical field of cloud computing communication, in particular to a cloud service interaction method and a big data platform based on cloud computing and information digitization.
Background
The coming of the information age provides a great deal of convenience for the production and the life of people. Many industries can realize informatization processing and digital processing of services, thereby improving production and living efficiency. Taking online office as an example, the online office is not limited by regions through the informatization business processing technology, the online office efficiency can be improved, and the cost of manpower and material resources is reduced.
Nowadays, with the continuous increase of business processing demands of users, online office needs to perform multi-end collaboration most of the time. However, the multi-terminal cooperation business processing mode has an unauthorized behavior of the business equipment, so that the business equipment which cooperates with each other has exposure of important data and private data.
Disclosure of Invention
The application provides a cloud service interaction method and a big data platform based on cloud computing and information digitization, so as to solve the technical problems in the prior art.
In view of the first aspect of the embodiments of the present application, a cloud service interaction method based on cloud computing and information digitization is provided, which is applied to a big data platform, and the method includes:
receiving a service access application aiming at the online office cooperation service, which is sent by service equipment to be accessed; the service access application is used for requesting the big data platform to access a target service equipment cluster;
determining at least one group of authority authentication information aiming at the online office cooperation service and at least one cooperation access instruction corresponding to the at least one group of authority authentication information based on the service access application; wherein, the authority authentication information is the database access authority corresponding to the target service equipment cluster;
extracting a service cooperation record of the service equipment to be accessed according to the service access application, and verifying the access security of the service equipment to be accessed through the service cooperation record to obtain a verification result;
and when the service equipment to be accessed is judged to have no access security risk according to the check result, issuing the at least one cooperative access instruction to the service equipment to be accessed so that the service equipment to be accessed accesses the specified data in the service database of at least one service equipment to be cooperative in the target service equipment cluster based on the at least one cooperative access instruction.
In a first aspect, the determining, based on the service access application, at least one set of right authentication information for the online office collaboration service and at least one collaboration access indication corresponding to the at least one set of right authentication information includes:
extracting at least one group of authority authentication information from an authority authentication list corresponding to at least one preset group of equipment identification set based on at least one target equipment identification included in the service access application; each group of equipment identification sets is respectively provided with a corresponding authority authentication list, the authority authentication lists comprise a plurality of groups of different authority authentication information, the authority authentication information is used for representing the access authority corresponding to the accessible data in the service database of the corresponding service equipment, and at least one authority authentication list corresponding to the extracted at least one group of authority authentication information corresponds to the at least one target equipment identification;
the access authority priorities in the at least one group of authority authentication information are subjected to priority ordering to obtain a priority ordering sequence corresponding to the access authority priorities in the at least one group of authority authentication information;
determining a sequence position corresponding to a requirement authority level of at least one group of service cooperation requirement information in the service access application in a priority ranking sequence based on the priority ranking sequence corresponding to the access authority priority in the at least one group of authority authentication information; each group of service cooperation requirement information corresponds to the requirement authority levels one by one, and the sequence position of each requirement authority level in the priority sequencing sequence is unique;
aiming at each requirement authority level, judging the size relation between the requirement authority level and the access authority priority at the corresponding sequence position; if the requirement authority level is smaller than the access authority priority level on the corresponding sequence position, determining that the service cooperation requirement information corresponding to the requirement authority level is non-override information, and generating the cooperation access indication according to the requirement authority level; the non-unauthorized information is used for representing that the unauthorized access behavior cannot be generated after the service equipment to be accessed is accessed into the target service equipment cluster.
In the first aspect, prioritizing access rights priorities in the at least one set of rights authentication information to obtain a prioritized sequence corresponding to the access rights priorities in the at least one set of rights authentication information includes:
determining authority heat of access authority priority corresponding to the at least one group of authority authentication information based on a mapping relation between preset business cooperation participation and authority opening proportion; the service cooperation participation degree is used for representing the proportion of the participated service equipment in the target service equipment cluster during service cooperation, the permission opening proportion is used for representing the proportion of the permission opened by the service equipment in the target service equipment cluster to all permissions of the service equipment, and the permission heat degree is used for representing the number of the service equipment accessing the service database corresponding to the access permission priority;
sequencing the access authority priorities according to the ascending sequence of the authority popularity to obtain a first sequencing sequence;
determining the priority confidence of the access authority priority corresponding to the at least one group of authority authentication information based on the authentication logic information corresponding to the at least one group of authority authentication information; the authentication logic information is used for representing an authentication mode of the authority authentication information, the priority confidence is used for representing the confidence of the access authority priority in the current service time period, and the current service time period is set according to the number of the service devices in an effective operation state in the target service cluster;
sequencing the access authority priorities according to the descending order of the priority confidence coefficients to obtain a second sequencing sequence;
for each access permission priority, determining a first ordering position of the access permission priority in the first ordering sequence and a second ordering position of the access permission priority in the second ordering sequence; calculating a difference value between a first sorting position and a second sorting position of the access right priority, determining the access right priority corresponding to the maximum difference value, and adjusting the access right priority corresponding to the maximum difference value at the first sorting position in the first sorting sequence, specifically comprising: adjusting the access authority priority corresponding to the maximum difference value to the last in the first sorting position of the first sorting sequence; and determining the first ordering sequence after finishing the adjustment as the priority ordering sequence.
In a first aspect, extracting a service cooperation record of the service device to be accessed according to the service access application, and verifying access security of the service device to be accessed through the service cooperation record to obtain a verification result, including:
acquiring a historical interaction record of the service equipment to be accessed between the service equipment to be accessed and the target service equipment cluster according to the service access application, and extracting historical service equipment with service interaction behavior with the service equipment to be accessed from the historical interaction record;
establishing a service interaction link among the historical service equipment, the service equipment to be accessed and the service equipment to be coordinated according to the service access application; extracting link parameters of the service interaction link, inputting the service interaction link parameters into a preset service simulation thread, and obtaining a service simulation result output by the service simulation thread and corresponding to the service equipment to be accessed;
inquiring from the service simulation result, and judging whether an access early warning identifier generated by the historical service equipment and/or the service equipment to be coordinated exists in the service simulation result to obtain a judgment result; determining a verification result for verifying the access security of the service equipment to be accessed according to the judgment result; when the access early warning identifier exists in the service simulation result, the check result represents that the service equipment to be accessed has the access security risk, and when the access early warning identifier does not exist in the service simulation result, the check result represents that the service equipment to be accessed does not have the access security risk.
In a first aspect, receiving a service access application for an online office collaboration service, where the service access application is sent by a service device to be accessed, includes:
acquiring a request information set uploaded by the service equipment to be accessed;
screening the request information set to obtain a plurality of request information with different request categories;
judging whether the request information carries a cooperative service identifier or not aiming at each request information;
if the request information carries the collaboration service identifier, acquiring equipment cluster characteristic information corresponding to the collaboration service identifier;
comparing the device cluster feature information with preset target cluster feature information of the target service device cluster, and judging whether the device cluster feature information is consistent with the target cluster feature information; and if so, determining the request information corresponding to the equipment cluster characteristic information as the service access application.
In a first aspect, the method further comprises:
after a first running log of the service equipment to be accessed and a second running log of the service equipment to be coordinated are obtained, a first log event queue of the first running log of the service equipment to be accessed and a second log event queue of the second running log of the service equipment to be coordinated are obtained, wherein the first running log of the service equipment to be accessed comprises a first event generation time set, and the second running log of the service equipment to be coordinated comprises a second event generation time set;
acquiring event behavior parameters in the first log event queue and event behavior parameters in the second log event queue to obtain a behavior parameter set;
determining event synchronism matching values among event behavior parameters in the behavior parameter set to obtain a parameter distribution list;
adjusting the event synchronicity matching value smaller than a set matching value in the parameter distribution list to the set matching value to obtain a parameter correction list;
and processing the parameter correction list to obtain an equipment monitoring result, wherein the equipment monitoring result is used for indicating that the first event generation time set and the second event generation time set are at the same time or different times.
In a first aspect, the processing the parameter modification list to obtain an apparatus monitoring result includes:
converting the parameter modification list into a list dataset;
inputting the parameter correction list, the list data set, the first log event queue and the second log event queue into a preset identification model to obtain a log comparison result of a first running log of the service equipment to be accessed and a second running log of the service equipment to be coordinated;
and identifying the log comparison result according to the preset time sequence characteristics to obtain the equipment monitoring result.
In view of the second aspect of the embodiments of the present application, there is provided a big data platform including a cloud service interaction device based on cloud computing and information digitization, which performs the above method when running.
In view of the third aspect of the embodiments of the present application, there is provided a big data platform, including:
a processor, and
a memory and a network interface connected with the processor;
the network interface is connected with a nonvolatile memory in the big data platform;
when the processor is operated, the computer program is called from the nonvolatile memory through the network interface, and the computer program is operated through the memory so as to execute the method.
In view of the fourth aspect of the embodiments of the present application, a readable storage medium applied to a computer is provided, and a computer program is burned on the readable storage medium, and when the computer program runs in a memory of a big data platform, the method is implemented.
The cloud service interaction method and the big data platform based on cloud computing and information digitization, which are provided by the embodiment of the application, firstly receive a service access application aiming at an online office cooperation service, which is sent by a service device to be accessed, secondly determine at least one group of authority authentication information aiming at the online office cooperation service and at least one cooperation access indication corresponding to the at least one group of authority authentication information based on the service access application, then extract a service cooperation record of the service device to be accessed according to the service access application and check the access security of the service device to be accessed to obtain a check result, and finally issue the at least one cooperation access indication to the service device to be accessed when the service device to be accessed is judged to have no access security risk according to the check result. Therefore, the service equipment to be accessed can be instructed to access the specified data in the service database of at least one service equipment to be coordinated in the target service equipment cluster based on at least one cooperative access instruction, the unauthorized behavior of the service equipment to be accessed when accessing the service database is avoided, and the important data and the privacy data of the service equipment in the service equipment cluster are ensured not to be accessed by the service equipment to be accessed.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic diagram of a cloud service interaction system based on cloud computing and information digitization according to an exemplary embodiment of the present application.
Fig. 2 is a flowchart illustrating a cloud service interaction method based on cloud computing and information digitization according to an exemplary embodiment.
Fig. 3 is a block diagram of an embodiment of a cloud service interaction device based on cloud computing and information digitization according to an exemplary embodiment.
Fig. 4 is a hardware structure diagram of a big data platform where the cloud service interaction device based on cloud computing and information digitization according to the present application is located.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The inventor researches and analyzes behaviors that important data and private data are exposed and lost in service equipment which is cooperated with each other in the prior art, and the prior art generally only carries out information security detection and Trojan detection on the service equipment to be accessed when the service equipment to be accessed is accessed into a service equipment cluster which needs to be cooperated for working so as to ensure that the data of the service equipment in the service equipment cluster is not stolen.
The inventor further finds that, in this way, the information exposure degree of the service devices in the service device cluster and the permission agreement between the service device to be accessed and the service devices in the service device cluster are not considered, which may cause intentional or unintentional unauthorized behavior of the service device to be accessed, and thus cause important data and private data of the service devices in the service device cluster to be accessed by the service device to be accessed.
In order to solve the technical problems, the embodiment of the invention provides a cloud service interaction method and a big data platform based on cloud computing and information digitization. Referring first to fig. 1, a cloud service interaction system 100 based on cloud computing and information digitization is shown, which includes a big data platform 110, a service device 120 to be accessed, and a target service device cluster 130. The big data platform 110 is respectively in communication with the service device 120 to be accessed and the target service device cluster 130, and the target service device cluster 130 includes a plurality of service devices 131 to be coordinated.
The big data platform 110 can be applied to the fields of cloud computing, block chain, edge computing, internet of things, smart medical treatment, block chain payment, digital currency transaction authentication and the like. On the basis of fig. 1, fig. 2 shows a flowchart of a cloud service interaction method based on cloud computing and information digitization applied to a big data platform 110, and the method may include the following contents described in steps S21-S24.
And step S21, receiving a service access application aiming at the online office cooperation service sent by the service equipment to be accessed.
Step S22, determining at least one set of authority authentication information for the online office collaboration service and at least one collaboration access instruction corresponding to the at least one set of authority authentication information based on the service access application.
Step S23, extracting the business cooperation record of the business equipment to be accessed according to the business access application, and verifying the access security of the business equipment to be accessed through the business cooperation record to obtain a verification result.
Step S24, when it is determined that the service device to be accessed does not have the access security risk according to the check result, issuing the at least one cooperative access instruction to the service device to be accessed, so that the service device to be accessed accesses the specified data in the service database of at least one service device to be coordinated in the target service device cluster based on the at least one cooperative access instruction.
In step S21, the service access application is used to request the big data platform to access a target service device cluster.
In step S22, the authority authentication information is a database access authority corresponding to the target service device cluster.
In step S24, the data in the service database other than the specified data is important data or private data, and the service device to be accessed has no right to access.
It can be understood that, based on the contents described in the above steps S21-S24, the service access application for the online office collaboration service sent by the service device to be accessed is received first, then at least one set of authority authentication information for the online office collaboration service and at least one cooperative access instruction corresponding to the at least one set of authority authentication information are determined based on the service access application, then the service collaboration record of the service device to be accessed is extracted according to the service access application and the access security of the service device to be accessed is checked to obtain a check result, and finally the at least one cooperative access instruction is issued to the service device to be accessed when it is determined that there is no access security risk in the service device to be accessed according to the check result.
Therefore, the service equipment to be accessed can be instructed to access the specified data in the service database of at least one service equipment to be coordinated in the target service equipment cluster based on at least one cooperative access instruction, the unauthorized behavior of the service equipment to be accessed when accessing the service database is avoided, and the important data and the privacy data of the service equipment in the service equipment cluster are ensured not to be accessed by the service equipment to be accessed.
In the specific implementation process, the inventor finds that, when determining the cooperative access indication, priority of a service access application and a related data access right need to be considered at the same time, so as to ensure accuracy and integrity of the cooperative access indication, and to achieve this purpose, the determining, based on the service access application, at least one set of right authentication information for the online office cooperative service and at least one cooperative access indication corresponding to the at least one set of right authentication information, which is described in step S22, may further include the following contents described in steps S221 to S224.
Step S221, based on at least one target device identifier included in the service access application, extracting at least one group of right authentication information from a right authentication list corresponding to at least one preset group of device identifier set.
Step S222, performing priority ordering on the access right priorities in the at least one group of right authentication information to obtain a priority ordering sequence corresponding to the access right priorities in the at least one group of right authentication information.
Step S223, determining a sequence position corresponding to a requirement permission level in a priority ranking sequence of at least one group of service cooperation requirement information included in the service access application based on the priority ranking sequence corresponding to the access permission priority in the at least one group of permission authentication information.
Step S224, aiming at each requirement authority level, judging the size relation between the requirement authority level and the access authority priority on the corresponding sequence position; and if the requirement authority level is smaller than the access authority priority level on the corresponding sequence position, determining that the service cooperation requirement information corresponding to the requirement authority level is non-override information, and generating the cooperation access indication according to the requirement authority level.
In step S221, each group of device identifier sets respectively has its corresponding authority authentication list, where the authority authentication list includes multiple groups of different authority authentication information, the authority authentication information is used to represent access authority corresponding to accessible data in a service database of the service device corresponding to the authority authentication information, and at least one authority authentication list corresponding to the extracted at least one group of authority authentication information corresponds to the at least one target device identifier;
in step S223, each group of service cooperation requirement information corresponds to the requirement permission levels one to one, and each requirement permission level has a unique sequence position in the priority ranking sequence.
In step S224, the non-unauthorized information is used to represent that the service device to be accessed does not generate an unauthorized access behavior after accessing the target service device cluster.
In this way, based on the contents described in the above steps S221 to S225, the priority of the service access application and the priority of the related data access right can be considered at the same time, so as to ensure the accuracy and integrity of the cooperative access indication.
In practical applications, the inventor finds that, in order to ensure traceability of the prioritization sequence corresponding to the access right priority on different levels and further ensure reliability of the prioritization sequence, the prioritization of the access right priority in the at least one set of right authentication information described in step S222 is performed to obtain the prioritization sequence corresponding to the access right priority in the at least one set of right authentication information, and further may include the following contents described in steps S2221 to S2225.
Step S2221, based on the mapping relationship between the preset business cooperation participation degree and the permission opening ratio, determining the permission heat degree of the access permission priority corresponding to the at least one group of permission authentication information.
And step S2222, the access authority priorities are sequenced according to the ascending order of the authority popularity to obtain a first sequencing sequence.
Step S2223, based on the authentication logic information corresponding to the at least one group of right authentication information, determines a priority confidence of the access right priority corresponding to the at least one group of right authentication information.
Step S2224, the access authority priorities are sorted according to the descending order of the priority confidence degrees to obtain a second sorting sequence.
Step S2225, aiming at each access authority priority, determining a first sorting position of the access authority priority in the first sorting sequence and a second sorting position of the access authority priority in the second sorting sequence; calculating a difference value between a first sorting position and a second sorting position of the access right priority, determining the access right priority corresponding to the maximum difference value, and adjusting the access right priority corresponding to the maximum difference value at the first sorting position in the first sorting sequence, specifically comprising: adjusting the access authority priority corresponding to the maximum difference value to the last in the first sorting position of the first sorting sequence; and determining the first ordering sequence after finishing the adjustment as the priority ordering sequence.
In step S2221, the service cooperation participation degree is used to represent a proportion of the service devices participating in service cooperation in the target service device cluster, the permission openness ratio is used to represent a proportion of the permissions opened by the service devices in the target service device cluster to all permissions of the service devices, and the permission heat degree is used to represent a number of the service devices accessing the service database corresponding to the access permission priority.
In step S2223, the authentication logic information is used to represent an authentication manner of the authority authentication information, the priority confidence is used to represent a confidence of the access authority priority in a current service period, and the current service period is set according to the number of service devices in an effective operating state in the target service cluster.
When the contents described in steps S2221 to S2225 are applied, the priority ranking sequence can be analyzed and adjusted according to the first ranking sequence and the second ranking sequence, so as to ensure traceability of the priority ranking sequence corresponding to the access right priority on different levels, and further ensure reliability of the priority ranking sequence.
Further, in order to ensure the access security of the service device to be accessed and avoid the influence of the service device to be accessed on the data security of the target service device cluster when accessing the target service device cluster, the method described in step S23 extracts the service cooperation record of the service device to be accessed according to the service access application, and verifies the access security of the service device to be accessed through the service cooperation record to obtain the verification result, which may specifically include the contents described in the following steps S231 to S233.
Step S231, according to the service access application, obtaining a history interaction record of the service device to be accessed between accessing the target service device cluster, and extracting a history service device having a service interaction behavior with the service device to be accessed from the history interaction record.
Step S232, according to the service access application, establishing a service interaction link among the historical service equipment, the service equipment to be accessed and the service equipment to be coordinated; and extracting link parameters of the service interaction link, inputting the service interaction link parameters into a preset service simulation thread, and obtaining a service simulation result output by the service simulation thread and corresponding to the service equipment to be accessed.
Step S233, inquiring from the service simulation result, and judging whether the service simulation result has the access early warning identifier generated by the historical service device and/or the service device to be coordinated, so as to obtain a judgment result; and determining a verification result for verifying the access security of the service equipment to be accessed according to the judgment result.
In step S233, when it is determined that the service simulation result includes the access warning identifier, the check result represents that the service device to be accessed has an access security risk, and when it is determined that the service simulation result does not include the access warning identifier, the check result represents that the service device to be accessed does not have an access security risk.
It can be understood that, by applying the above steps S231 to S233, the service interaction transmission condition of the service device to be accessed can be subjected to full-chain analysis, so that whether the service device to be accessed has an access risk can be accurately determined, the access security of the service device to be accessed is further ensured, and the influence of the service device to be accessed on the data security of the target service device cluster when accessing the target service device cluster is avoided.
In an implementation manner, the receiving of the service access application for the online office collaboration service, sent by the service device to be accessed, described in step S21 includes: acquiring a request information set uploaded by the service equipment to be accessed; screening the request information set to obtain a plurality of request information with different request categories; judging whether the request information carries a cooperative service identifier or not aiming at each request information; if the request information carries the collaboration service identifier, acquiring equipment cluster characteristic information corresponding to the collaboration service identifier; comparing the device cluster feature information with preset target cluster feature information of the target service device cluster, and judging whether the device cluster feature information is consistent with the target cluster feature information; and if so, determining the request information corresponding to the equipment cluster characteristic information as the service access application. Therefore, the service access application matched with the target service equipment cluster can be accurately received.
On the basis of the above steps S21-S24, in order to ensure synchronicity of business collaboration, the method may further include the following steps S251-S255.
Step S251, after acquiring the first running log of the service device to be accessed and the second running log of the service device to be coordinated, acquiring a first log event queue of the first running log of the service device to be accessed and a second log event queue of the second running log of the service device to be coordinated.
Step S252, obtaining event behavior parameters in the first log event queue and event behavior parameters in the second log event queue to obtain a behavior parameter set.
Step S253, determining an event synchronicity matching value between the event behavior parameters in the behavior parameter set, and obtaining a parameter distribution list.
Step S254, adjust the event synchronization matching value smaller than the set matching value in the parameter distribution list to the set matching value, to obtain a parameter correction list.
And step S255, processing the parameter correction list to obtain an equipment monitoring result.
In step S251, the first running log of the service device to be accessed includes a first event generation time set, and the second running log of the service device to be coordinated includes a second event generation time set.
In step S255, the device monitoring result is used to indicate that the first event generation time set and the second event generation time set are at the same time or different times.
When the contents described in the above-described steps S251 to S255 are applied, the synchronicity of business collaboration can be ensured based on the consistency analysis of the event generation time.
Further, the processing on the parameter correction list in step S255 to obtain an apparatus monitoring result specifically includes: converting the parameter modification list into a list dataset; inputting the parameter correction list, the list data set, the first log event queue and the second log event queue into a preset identification model to obtain a log comparison result of a first running log of the service equipment to be accessed and a second running log of the service equipment to be coordinated; and identifying the log comparison result according to the preset time sequence characteristics to obtain the equipment monitoring result. Therefore, whether the business cooperation is synchronous or not can be accurately judged.
In an alternative embodiment, in order to ensure the order of issuing the cooperative access instruction and avoid an error in accessing the service database due to confusion of the service device to be accessed when processing the cooperative access instruction, the issuing the at least one cooperative access instruction to the service device to be accessed described in step S24 may specifically include the contents described in the following steps S241 to S243.
Step S241, obtaining the device thread parameter and the memory resource allocation information of the service device to be accessed; and inquiring the thread list information matched with the memory resource allocation information.
Step S242, extracting the memory resource consumption corresponding to the thread resource occupation ratio in the device thread parameter according to the memory resource allocation information.
Step S243, loading the memory resource consumption to the thread list information, and mapping to obtain the thread consumption time of the corresponding thread resource occupation ratio; the thread consumption time of the thread resource occupation ratio is positively correlated with the thread weight of the thread resource occupation ratio and positively correlated with the resource weight of the thread resource occupation ratio.
Step S244, screening target thread parameters to be screened from the device thread parameters, determining a processing priority of the target thread parameters according to the thread consumed time, searching a corresponding target cooperative access indication from the cooperative access indication based on the processing priority, and screening the thread parameters to be sorted from the target thread parameters to be screened through a cooperative aging weight corresponding to the target cooperative access indication; and issuing the cooperative access indications in sequence based on the thread parameter to be sequenced.
It can be understood that based on the contents described in the above steps S241 to S244, the order of issuing the cooperative access instruction can be ensured, and an error in accessing the service database due to confusion of the service device to be accessed when processing the cooperative access instruction is avoided.
In an alternative embodiment, after the service device to be accessed accesses the specified data in the service database of at least one service device to be coordinated in the target service device cluster based on the at least one coordination access indication, the method further includes the following steps S31-S34.
Step S31, acquiring a service cooperation evaluation set of the service equipment to be accessed; the business cooperation evaluation set comprises first business cooperation evaluation information and second business cooperation evaluation information; the number of the first business cooperation evaluation information and the number of the second business cooperation evaluation information are more than one; the first business cooperation evaluation information is evaluation information generated by a business interaction receiver of the business equipment to be accessed, and the second business cooperation evaluation information is evaluation information generated by a business interaction initiator of the business equipment to be accessed.
Step S32 is to extract evaluation dimension information of each of the first business cooperation evaluation information and evaluation dimension information of each of the second business cooperation evaluation information.
Step S33, determining an evaluation identification degree of each second business cooperation evaluation information according to an overlap ratio of each second business cooperation evaluation information and each first business cooperation evaluation information on evaluation dimension information.
Step S34, determining an evaluation confidence of each piece of second business cooperation evaluation information according to a result of consistency determination on evaluation identification between each piece of second business cooperation evaluation information; and generating the service cooperation contribution degree of the service equipment to be accessed relative to the target service equipment cluster based on the evaluation identification degree and the evaluation confidence degree of the second service cooperation evaluation information.
The various technical features in the above embodiments can be arbitrarily combined, so long as there is no conflict or contradiction between the combinations of the features, but the combination is limited by the space and is not described one by one, and therefore, any combination of the various technical features in the above embodiments also belongs to the scope disclosed in the present specification.
Corresponding to the above method embodiments, a functional module block diagram of a cloud service interaction device 300 based on cloud computing and information digitization is also provided as shown in fig. 3. In detail, a description about the apparatus may be as follows.
A1. A cloud service interaction device 300 based on cloud computing and information digitization is applied to a big data platform and comprises:
an access application receiving module 310, configured to receive a service access application for an online office collaboration service, where the service access application is sent by a service device to be accessed; the service access application is used for requesting the big data platform to access a target service equipment cluster;
an access instruction determining module 320, configured to determine, based on the service access application, at least one set of right authentication information for the online office collaboration service and at least one collaboration access instruction corresponding to the at least one set of right authentication information; wherein, the authority authentication information is the database access authority corresponding to the target service equipment cluster;
the access security verification module 330 is configured to extract a service cooperation record of the service device to be accessed according to the service access application, and verify the access security of the service device to be accessed through the service cooperation record to obtain a verification result;
a service cooperation access module 340, configured to, when it is determined according to the check result that the service device to be accessed does not have the access security risk, send the at least one cooperation access instruction to the service device to be accessed, so that the service device to be accessed accesses, based on the at least one cooperation access instruction, specified data in a service database of at least one service device to be cooperated in the target service device cluster;
a business cooperation evaluation module 350, configured to:
acquiring a service cooperation evaluation set of the service equipment to be accessed; the business cooperation evaluation set comprises first business cooperation evaluation information and second business cooperation evaluation information; the number of the first business cooperation evaluation information and the number of the second business cooperation evaluation information are more than one; the first business cooperation evaluation information is evaluation information generated by a business interaction receiver serving as business equipment to be accessed, and the second business cooperation evaluation information is evaluation information generated by a business interaction initiator serving as business equipment to be accessed;
extracting evaluation dimension information of each first business cooperation evaluation information and evaluation dimension information of each second business cooperation evaluation information;
determining the evaluation identification degree of each second business cooperation evaluation information according to the overlapping rate of each second business cooperation evaluation information and each first business cooperation evaluation information on evaluation dimension information;
determining the evaluation confidence of each second business cooperation evaluation information according to the consistency judgment result of each second business cooperation evaluation information on the evaluation identification degree; and generating the service cooperation contribution degree of the service equipment to be accessed relative to the target service equipment cluster based on the evaluation identification degree and the evaluation confidence degree of the second service cooperation evaluation information.
A2. According to the apparatus of a1, access indication determining module 320 is configured to:
extracting at least one group of authority authentication information from an authority authentication list corresponding to at least one preset group of equipment identification set based on at least one target equipment identification included in the service access application; each group of equipment identification sets is respectively provided with a corresponding authority authentication list, the authority authentication lists comprise a plurality of groups of different authority authentication information, the authority authentication information is used for representing the access authority corresponding to the accessible data in the service database of the corresponding service equipment, and at least one authority authentication list corresponding to the extracted at least one group of authority authentication information corresponds to the at least one target equipment identification;
the access authority priorities in the at least one group of authority authentication information are subjected to priority ordering to obtain a priority ordering sequence corresponding to the access authority priorities in the at least one group of authority authentication information;
determining a sequence position corresponding to a requirement authority level of at least one group of service cooperation requirement information in the service access application in a priority ranking sequence based on the priority ranking sequence corresponding to the access authority priority in the at least one group of authority authentication information; each group of service cooperation requirement information corresponds to the requirement authority levels one by one, and the sequence position of each requirement authority level in the priority sequencing sequence is unique;
aiming at each requirement authority level, judging the size relation between the requirement authority level and the access authority priority at the corresponding sequence position; if the requirement authority level is smaller than the access authority priority level on the corresponding sequence position, determining that the service cooperation requirement information corresponding to the requirement authority level is non-override information, and generating the cooperation access indication according to the requirement authority level; the non-unauthorized information is used for representing that the unauthorized access behavior cannot be generated after the service equipment to be accessed is accessed into the target service equipment cluster.
A3. According to the apparatus of a2, access indication determining module 320 is configured to:
determining authority heat of access authority priority corresponding to the at least one group of authority authentication information based on a mapping relation between preset business cooperation participation and authority opening proportion; the service cooperation participation degree is used for representing the proportion of the participated service equipment in the target service equipment cluster during service cooperation, the permission opening proportion is used for representing the proportion of the permission opened by the service equipment in the target service equipment cluster to all permissions of the service equipment, and the permission heat degree is used for representing the number of the service equipment accessing the service database corresponding to the access permission priority;
sequencing the access authority priorities according to the ascending sequence of the authority popularity to obtain a first sequencing sequence;
determining the priority confidence of the access authority priority corresponding to the at least one group of authority authentication information based on the authentication logic information corresponding to the at least one group of authority authentication information; the authentication logic information is used for representing an authentication mode of the authority authentication information, the priority confidence is used for representing the confidence of the access authority priority in the current service time period, and the current service time period is set according to the number of the service devices in an effective operation state in the target service cluster;
sequencing the access authority priorities according to the descending order of the priority confidence coefficients to obtain a second sequencing sequence;
for each access permission priority, determining a first ordering position of the access permission priority in the first ordering sequence and a second ordering position of the access permission priority in the second ordering sequence; calculating a difference value between a first sorting position and a second sorting position of the access right priority, determining the access right priority corresponding to the maximum difference value, and adjusting the access right priority corresponding to the maximum difference value at the first sorting position in the first sorting sequence, specifically comprising: adjusting the access authority priority corresponding to the maximum difference value to the last in the first sorting position of the first sorting sequence; and determining the first ordering sequence after finishing the adjustment as the priority ordering sequence.
A4. The apparatus of a1, the access security check module 330, configured to:
acquiring a historical interaction record of the service equipment to be accessed between the service equipment to be accessed and the target service equipment cluster according to the service access application, and extracting historical service equipment with service interaction behavior with the service equipment to be accessed from the historical interaction record;
establishing a service interaction link among the historical service equipment, the service equipment to be accessed and the service equipment to be coordinated according to the service access application; extracting link parameters of the service interaction link, inputting the service interaction link parameters into a preset service simulation thread, and obtaining a service simulation result output by the service simulation thread and corresponding to the service equipment to be accessed;
inquiring from the service simulation result, and judging whether an access early warning identifier generated by the historical service equipment and/or the service equipment to be coordinated exists in the service simulation result to obtain a judgment result; determining a verification result for verifying the access security of the service equipment to be accessed according to the judgment result; when the access early warning identifier exists in the service simulation result, the check result represents that the service equipment to be accessed has the access security risk, and when the access early warning identifier does not exist in the service simulation result, the check result represents that the service equipment to be accessed does not have the access security risk.
A5. The apparatus of a1, the access application receiving module 310, configured to:
acquiring a request information set uploaded by the service equipment to be accessed;
screening the request information set to obtain a plurality of request information with different request categories;
judging whether the request information carries a cooperative service identifier or not aiming at each request information;
if the request information carries the collaboration service identifier, acquiring equipment cluster characteristic information corresponding to the collaboration service identifier;
comparing the device cluster feature information with preset target cluster feature information of the target service device cluster, and judging whether the device cluster feature information is consistent with the target cluster feature information; and if so, determining the request information corresponding to the equipment cluster characteristic information as the service access application.
The implementation process of the functions and actions of each module in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, wherein the modules described as separate parts may or may not be physically separate, and the parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
Corresponding to the above method embodiments, corresponding system embodiments are also provided, which are described in detail as follows.
A cloud service interaction system based on cloud computing and information digitization comprises a big data platform, service equipment to be accessed and a target service equipment cluster; the big data platform is respectively in cluster communication with the service equipment to be accessed and the target service equipment;
the service equipment to be accessed is used for:
sending a service access application aiming at the online office cooperation service to a big data platform;
the big data platform is used for:
receiving a service access application aiming at the online office cooperation service, which is sent by service equipment to be accessed; the service access application is used for requesting the big data platform to access a target service equipment cluster;
determining at least one group of authority authentication information aiming at the online office cooperation service and at least one cooperation access instruction corresponding to the at least one group of authority authentication information based on the service access application; wherein, the authority authentication information is the database access authority corresponding to the target service equipment cluster;
extracting a service cooperation record of the service equipment to be accessed according to the service access application, and verifying the access security of the service equipment to be accessed through the service cooperation record to obtain a verification result;
when the service equipment to be accessed is judged to have no access security risk according to the verification result, the at least one cooperative access instruction is issued to the service equipment to be accessed;
the service equipment to be accessed is used for:
and accessing specified data in a service database of at least one service device to be coordinated in the target service device cluster based on the at least one cooperative access instruction.
On the basis of the above, there is also provided a big data platform 110 as shown in fig. 4, including: a processor 111, and a memory 112 and a network interface 113 connected to the processor 111; the network interface 113 is connected with the nonvolatile memory 114 in the big data platform 110; the processor 111, when running, retrieves a computer program from the non-volatile memory 114 via the network interface 113 and runs the computer program via the memory 112 to perform the above-described method.
Further, a readable storage medium applied to a computer is provided, and the readable storage medium is burned with a computer program, and the computer program implements the method when running in the memory 112 of the big data platform 110.
To sum up, the cloud service interaction method and the big data platform based on cloud computing and information digitization provided by the embodiment of the application first receive a service access application for an online office collaboration service sent by a service device to be accessed, then determine at least one set of authority authentication information for the online office collaboration service and at least one corresponding collaboration access indication based on the service access application, then extract a service collaboration record of the service device to be accessed according to the service access application and check the access security of the service device to be accessed to obtain a check result, and finally issue the collaboration access indication to the service device to be accessed when it is judged that the service device to be accessed does not have an access security risk according to the check result. Therefore, the method and the device can indicate the service equipment to be accessed to access the designated data, avoid the unauthorized behavior of the service equipment to be accessed when accessing the service database, and ensure that important data and privacy data in the service equipment cluster are not accessed by the service equipment to be accessed.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains.
It will be understood that the present application is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.
Claims (10)
1. A cloud service interaction method based on cloud computing and information digitization is characterized by being applied to a big data platform and comprising the following steps:
receiving a service access application aiming at the online office cooperation service, which is sent by service equipment to be accessed; the service access application is used for requesting the big data platform to access a target service equipment cluster;
determining at least one group of authority authentication information aiming at the online office cooperation service and at least one cooperation access instruction corresponding to the at least one group of authority authentication information based on the service access application; wherein, the authority authentication information is the database access authority corresponding to the target service equipment cluster;
extracting a service cooperation record of the service equipment to be accessed according to the service access application, and verifying the access security of the service equipment to be accessed through the service cooperation record to obtain a verification result;
and when the service equipment to be accessed is judged to have no access security risk according to the check result, issuing the at least one cooperative access instruction to the service equipment to be accessed so that the service equipment to be accessed accesses the specified data in the service database of at least one service equipment to be cooperative in the target service equipment cluster based on the at least one cooperative access instruction.
2. The method according to claim 1, wherein the determining, based on the service access application, at least one set of right authentication information for the online office collaboration service and at least one collaboration access indication corresponding to the at least one set of right authentication information includes:
extracting at least one group of authority authentication information from an authority authentication list corresponding to at least one preset group of equipment identification set based on at least one target equipment identification included in the service access application; each group of equipment identification sets is respectively provided with a corresponding authority authentication list, the authority authentication lists comprise a plurality of groups of different authority authentication information, the authority authentication information is used for representing the access authority corresponding to the accessible data in the service database of the corresponding service equipment, and at least one authority authentication list corresponding to the extracted at least one group of authority authentication information corresponds to the at least one target equipment identification;
the access authority priorities in the at least one group of authority authentication information are subjected to priority ordering to obtain a priority ordering sequence corresponding to the access authority priorities in the at least one group of authority authentication information;
determining a sequence position corresponding to a requirement authority level of at least one group of service cooperation requirement information in the service access application in a priority ranking sequence based on the priority ranking sequence corresponding to the access authority priority in the at least one group of authority authentication information; each group of service cooperation requirement information corresponds to the requirement authority levels one by one, and the sequence position of each requirement authority level in the priority sequencing sequence is unique;
aiming at each requirement authority level, judging the size relation between the requirement authority level and the access authority priority at the corresponding sequence position; if the requirement authority level is smaller than the access authority priority level on the corresponding sequence position, determining that the service cooperation requirement information corresponding to the requirement authority level is non-override information, and generating the cooperation access indication according to the requirement authority level; the non-unauthorized information is used for representing that the unauthorized access behavior cannot be generated after the service equipment to be accessed is accessed into the target service equipment cluster.
3. The method of claim 2, wherein prioritizing the access privileges in the at least one set of rights authentication information to obtain a prioritized sequence corresponding to the access privileges in the at least one set of rights authentication information comprises:
determining authority heat of access authority priority corresponding to the at least one group of authority authentication information based on a mapping relation between preset business cooperation participation and authority opening proportion; the service cooperation participation degree is used for representing the proportion of the participated service equipment in the target service equipment cluster during service cooperation, the permission opening proportion is used for representing the proportion of the permission opened by the service equipment in the target service equipment cluster to all permissions of the service equipment, and the permission heat degree is used for representing the number of the service equipment accessing the service database corresponding to the access permission priority;
sequencing the access authority priorities according to the ascending sequence of the authority popularity to obtain a first sequencing sequence;
determining the priority confidence of the access authority priority corresponding to the at least one group of authority authentication information based on the authentication logic information corresponding to the at least one group of authority authentication information; the authentication logic information is used for representing an authentication mode of the authority authentication information, the priority confidence is used for representing the confidence of the access authority priority in the current service time period, and the current service time period is set according to the number of the service devices in an effective operation state in the target service cluster;
sequencing the access authority priorities according to the descending order of the priority confidence coefficients to obtain a second sequencing sequence;
for each access permission priority, determining a first ordering position of the access permission priority in the first ordering sequence and a second ordering position of the access permission priority in the second ordering sequence; calculating a difference value between a first sorting position and a second sorting position of the access right priority, determining the access right priority corresponding to the maximum difference value, and adjusting the access right priority corresponding to the maximum difference value at the first sorting position in the first sorting sequence, specifically comprising: adjusting the access authority priority corresponding to the maximum difference value to the last in the first sorting position of the first sorting sequence; and determining the first ordering sequence after finishing the adjustment as the priority ordering sequence.
4. The method according to claim 1, wherein extracting a service cooperation record of the service device to be accessed according to the service access application, and verifying access security of the service device to be accessed through the service cooperation record to obtain a verification result, comprises:
acquiring a historical interaction record of the service equipment to be accessed between the service equipment to be accessed and the target service equipment cluster according to the service access application, and extracting historical service equipment with service interaction behavior with the service equipment to be accessed from the historical interaction record;
establishing a service interaction link among the historical service equipment, the service equipment to be accessed and the service equipment to be coordinated according to the service access application; extracting link parameters of the service interaction link, inputting the service interaction link parameters into a preset service simulation thread, and obtaining a service simulation result output by the service simulation thread and corresponding to the service equipment to be accessed;
inquiring from the service simulation result, and judging whether an access early warning identifier generated by the historical service equipment and/or the service equipment to be coordinated exists in the service simulation result to obtain a judgment result; determining a verification result for verifying the access security of the service equipment to be accessed according to the judgment result; when the access early warning identifier exists in the service simulation result, the check result represents that the service equipment to be accessed has the access security risk, and when the access early warning identifier does not exist in the service simulation result, the check result represents that the service equipment to be accessed does not have the access security risk.
5. The method of claim 1, wherein receiving a service access application for an online office collaboration service, which is sent by a service device to be accessed, comprises:
acquiring a request information set uploaded by the service equipment to be accessed;
screening the request information set to obtain a plurality of request information with different request categories;
judging whether the request information carries a cooperative service identifier or not aiming at each request information;
if the request information carries the collaboration service identifier, acquiring equipment cluster characteristic information corresponding to the collaboration service identifier;
comparing the device cluster feature information with preset target cluster feature information of the target service device cluster, and judging whether the device cluster feature information is consistent with the target cluster feature information; and if so, determining the request information corresponding to the equipment cluster characteristic information as the service access application.
6. The method according to any one of claims 1-5, further comprising:
after a first running log of the service equipment to be accessed and a second running log of the service equipment to be coordinated are obtained, a first log event queue of the first running log of the service equipment to be accessed and a second log event queue of the second running log of the service equipment to be coordinated are obtained, wherein the first running log of the service equipment to be accessed comprises a first event generation time set, and the second running log of the service equipment to be coordinated comprises a second event generation time set;
acquiring event behavior parameters in the first log event queue and event behavior parameters in the second log event queue to obtain a behavior parameter set;
determining event synchronism matching values among event behavior parameters in the behavior parameter set to obtain a parameter distribution list;
adjusting the event synchronicity matching value smaller than a set matching value in the parameter distribution list to the set matching value to obtain a parameter correction list;
and processing the parameter correction list to obtain an equipment monitoring result, wherein the equipment monitoring result is used for indicating that the first event generation time set and the second event generation time set are at the same time or different times.
7. The method of claim 6, wherein said processing said parameter modification list to obtain device monitoring results comprises:
converting the parameter modification list into a list dataset;
inputting the parameter correction list, the list data set, the first log event queue and the second log event queue into a preset identification model to obtain a log comparison result of a first running log of the service equipment to be accessed and a second running log of the service equipment to be coordinated;
and identifying the log comparison result according to the preset time sequence characteristics to obtain the equipment monitoring result.
8. A big data platform comprising a cloud service interaction device based on cloud computing and information digitization, wherein the device executes the method of any one of claims 1 to 7 when running.
9. A big data platform, comprising:
a processor, and
a memory and a network interface connected with the processor;
the network interface is connected with a nonvolatile memory in the big data platform;
the processor, when running, retrieves a computer program from the non-volatile memory via the network interface and runs the computer program via the memory to perform the method of any of claims 1-7.
10. A readable storage medium applied to a computer, wherein the readable storage medium is burned with a computer program, and the computer program realizes the method of any one of the above claims 1 to 7 when running in the memory of a big data platform.
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110241262.7A CN113065152A (en) | 2020-09-07 | 2020-09-07 | Cloud service interaction method and system based on cloud computing and information digitization |
CN202110242243.6A CN113051603A (en) | 2020-09-07 | 2020-09-07 | Cloud service interaction method combining cloud computing and information digitization and big data platform |
CN202010926546.5A CN112115507B (en) | 2020-09-07 | 2020-09-07 | Cloud service interaction method and big data platform based on cloud computing and information digitization |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010926546.5A CN112115507B (en) | 2020-09-07 | 2020-09-07 | Cloud service interaction method and big data platform based on cloud computing and information digitization |
Related Child Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110241262.7A Division CN113065152A (en) | 2020-09-07 | 2020-09-07 | Cloud service interaction method and system based on cloud computing and information digitization |
CN202110242243.6A Division CN113051603A (en) | 2020-09-07 | 2020-09-07 | Cloud service interaction method combining cloud computing and information digitization and big data platform |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112115507A true CN112115507A (en) | 2020-12-22 |
CN112115507B CN112115507B (en) | 2021-05-07 |
Family
ID=73803455
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010926546.5A Active CN112115507B (en) | 2020-09-07 | 2020-09-07 | Cloud service interaction method and big data platform based on cloud computing and information digitization |
CN202110241262.7A Withdrawn CN113065152A (en) | 2020-09-07 | 2020-09-07 | Cloud service interaction method and system based on cloud computing and information digitization |
CN202110242243.6A Withdrawn CN113051603A (en) | 2020-09-07 | 2020-09-07 | Cloud service interaction method combining cloud computing and information digitization and big data platform |
Family Applications After (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110241262.7A Withdrawn CN113065152A (en) | 2020-09-07 | 2020-09-07 | Cloud service interaction method and system based on cloud computing and information digitization |
CN202110242243.6A Withdrawn CN113051603A (en) | 2020-09-07 | 2020-09-07 | Cloud service interaction method combining cloud computing and information digitization and big data platform |
Country Status (1)
Country | Link |
---|---|
CN (3) | CN112115507B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112115468A (en) * | 2020-09-07 | 2020-12-22 | 沈建锋 | Service information detection method based on big data and cloud computing center |
CN113051543A (en) * | 2021-04-01 | 2021-06-29 | 郭洪铜 | Cloud service security verification method and cloud service system in big data environment |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080065899A1 (en) * | 2006-09-08 | 2008-03-13 | Microsoft Corporation | Variable Expressions in Security Assertions |
CN101667918A (en) * | 2009-10-15 | 2010-03-10 | 中国电信股份有限公司 | Method and system for realizing cooperative work |
CN103428189A (en) * | 2012-05-25 | 2013-12-04 | 阿里巴巴集团控股有限公司 | Method, apparatus and system for identifying malicious network equipment |
US20140337965A1 (en) * | 2013-05-08 | 2014-11-13 | Texas Instruments Incorporated | Method and System for Access to Development Environment of Another with Access to Intranet Data |
CN104426874A (en) * | 2013-08-30 | 2015-03-18 | 中兴通讯股份有限公司 | Authentication method and authentication device applied to ubiquitous terminal network |
CN105207780A (en) * | 2015-08-26 | 2015-12-30 | 中国联合网络通信集团有限公司 | User authentication method and device |
US20170147795A1 (en) * | 2015-11-25 | 2017-05-25 | Box, Inc. | Personalized online content access experiences using online session attributes |
CN107111702A (en) * | 2014-10-26 | 2017-08-29 | 微软技术许可有限责任公司 | Access in cooperative surroundings for data loss prevention is prevented |
CN108415864A (en) * | 2018-02-24 | 2018-08-17 | 广东文讯科技有限公司 | A kind of shared software platform realized multisystem and cooperated of data exchange |
CN109886005A (en) * | 2019-01-29 | 2019-06-14 | 南京邮电大学 | A kind of authorized user's methods of risk assessment and system for Web collaboration |
CN111385309A (en) * | 2020-03-21 | 2020-07-07 | 薛爱君 | Security detection method, system and terminal for online office equipment |
CN111586021A (en) * | 2020-04-30 | 2020-08-25 | 河南省云安大数据安全防护产业技术研究院有限公司 | Remote office business authorization method, terminal and system |
-
2020
- 2020-09-07 CN CN202010926546.5A patent/CN112115507B/en active Active
- 2020-09-07 CN CN202110241262.7A patent/CN113065152A/en not_active Withdrawn
- 2020-09-07 CN CN202110242243.6A patent/CN113051603A/en not_active Withdrawn
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080065899A1 (en) * | 2006-09-08 | 2008-03-13 | Microsoft Corporation | Variable Expressions in Security Assertions |
CN101667918A (en) * | 2009-10-15 | 2010-03-10 | 中国电信股份有限公司 | Method and system for realizing cooperative work |
CN103428189A (en) * | 2012-05-25 | 2013-12-04 | 阿里巴巴集团控股有限公司 | Method, apparatus and system for identifying malicious network equipment |
US20140337965A1 (en) * | 2013-05-08 | 2014-11-13 | Texas Instruments Incorporated | Method and System for Access to Development Environment of Another with Access to Intranet Data |
CN104426874A (en) * | 2013-08-30 | 2015-03-18 | 中兴通讯股份有限公司 | Authentication method and authentication device applied to ubiquitous terminal network |
CN107111702A (en) * | 2014-10-26 | 2017-08-29 | 微软技术许可有限责任公司 | Access in cooperative surroundings for data loss prevention is prevented |
CN105207780A (en) * | 2015-08-26 | 2015-12-30 | 中国联合网络通信集团有限公司 | User authentication method and device |
US20170147795A1 (en) * | 2015-11-25 | 2017-05-25 | Box, Inc. | Personalized online content access experiences using online session attributes |
CN108415864A (en) * | 2018-02-24 | 2018-08-17 | 广东文讯科技有限公司 | A kind of shared software platform realized multisystem and cooperated of data exchange |
CN109886005A (en) * | 2019-01-29 | 2019-06-14 | 南京邮电大学 | A kind of authorized user's methods of risk assessment and system for Web collaboration |
CN111385309A (en) * | 2020-03-21 | 2020-07-07 | 薛爱君 | Security detection method, system and terminal for online office equipment |
CN111586021A (en) * | 2020-04-30 | 2020-08-25 | 河南省云安大数据安全防护产业技术研究院有限公司 | Remote office business authorization method, terminal and system |
Non-Patent Citations (1)
Title |
---|
柯昌博等: ""针对Web协同的授权用户风险评估方法"", 《计算机应用与软件》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112115468A (en) * | 2020-09-07 | 2020-12-22 | 沈建锋 | Service information detection method based on big data and cloud computing center |
CN112115468B (en) * | 2020-09-07 | 2021-04-02 | 深圳市瑞冠信息科技有限公司 | Service information detection method based on big data and cloud computing center |
CN113051543A (en) * | 2021-04-01 | 2021-06-29 | 郭洪铜 | Cloud service security verification method and cloud service system in big data environment |
Also Published As
Publication number | Publication date |
---|---|
CN113051603A (en) | 2021-06-29 |
CN113065152A (en) | 2021-07-02 |
CN112115507B (en) | 2021-05-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10594738B2 (en) | Rotation of authorization rules in memory of authorization system | |
KR20200085899A (en) | Identity verification method and apparatus | |
US20140365350A1 (en) | Financial platform that facilitates management of financial services | |
US10609087B2 (en) | Systems and methods for generation and selection of access rules | |
CN110851872B (en) | Risk assessment method and device for private data leakage | |
CN111242230A (en) | Image processing method and image classification model training method based on artificial intelligence | |
CN112115507B (en) | Cloud service interaction method and big data platform based on cloud computing and information digitization | |
CN111861194B (en) | Block chain system, biological product monitoring method and device | |
CN111931047B (en) | Artificial intelligence-based black product account detection method and related device | |
CN109063736B (en) | Data classification method and device, electronic equipment and computer readable storage medium | |
CN110912874B (en) | Method and system for effectively identifying machine access behaviors | |
CN112711757A (en) | Data security centralized management and control method and system based on big data platform | |
EP3764257A1 (en) | Document management system having context-based access control and related methods | |
CN111291357B (en) | Terminal access verification method and device and computer equipment | |
CN115577983B (en) | Enterprise task matching method based on block chain, server and storage medium | |
CN116032652B (en) | Gateway authentication method and system based on intelligent interactive touch panel | |
CN117372742A (en) | Domain generalization method, server and client | |
CN115328786A (en) | Automatic testing method and device based on block chain and storage medium | |
CN110648048A (en) | Applet signing event processing method, device, server and readable storage medium | |
CN115208831B (en) | Request processing method, device, equipment and storage medium | |
CN118250095B (en) | Internet protocol address identification method, device, computer equipment and storage medium | |
CN114548831B (en) | Evaluation report generation method and device, electronic equipment and storage medium | |
CN116980413A (en) | Data processing method, device, equipment and storage medium | |
CN113554502A (en) | Resource transfer result prediction method, device and storage medium | |
CN109726242A (en) | Data processing method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20210402 Address after: Room 1903, building 2, Tian'an headquarters center, 555 Panyu Avenue North, Donghuan street, Panyu District, Guangzhou, Guangdong 510000 Applicant after: GUANGZHOU JINGZHUAN DUOYING INVESTMENT CONSULTATION Co.,Ltd. Address before: 650000 high tech Industrial Development Zone m1-3, Kunming City, Yunnan Province Applicant before: Shen Jianfeng |
|
TA01 | Transfer of patent application right | ||
GR01 | Patent grant | ||
GR01 | Patent grant |