CN106209913A - Data access method and device - Google Patents
Data access method and device Download PDFInfo
- Publication number
- CN106209913A CN106209913A CN201610790320.0A CN201610790320A CN106209913A CN 106209913 A CN106209913 A CN 106209913A CN 201610790320 A CN201610790320 A CN 201610790320A CN 106209913 A CN106209913 A CN 106209913A
- Authority
- CN
- China
- Prior art keywords
- user
- authorization
- data
- authorization data
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Telephonic Communication Services (AREA)
Abstract
Data access method and device, described method includes: when receiving the resource access request of user, it is judged that whether described user is logged-in user;When determining described user for logged-in user, obtain, from corresponding authorization center, the authorization data that described user is corresponding;Based on acquired authorization data, it is judged that described resource access request is the most legal;When determining that described resource access request is legal, corresponding data are returned to described user.Above-mentioned scheme, can improve the motility of the resources accessing control of application system when single-sign-on.
Description
Technical field
The present invention relates to areas of information technology, particularly relate to a kind of data access method and device.
Background technology
Single-sign-on (Single Sign On, SSO) be the solution integrated of the most popular business event it
One, the current log-on message of user can be mapped in other application systems by it so that user has only to log in the most just may be used
Access multiple application systems of all mutual trusts.
Unified authentication center is one of premise of single-sign-on.Authentication is centrally through stepping on of user being inputted
Record information and user information database compare, and user is carried out login authentication.When to user authentication success, authentication center
Generate unified authentication marks (ticket) and return to user.The application system of mutual trust is by extracting and identifying certification mark
Whether will information, just can have logged on automatic decision active user, thus complete the function of single-sign-on.
But, existing single-point logging method, the problem that there is very flexible in terms of resources accessing control.
Summary of the invention
The problem that the embodiment of the present invention solves is how to improve the resources accessing control of application system when single-sign-on
Motility.
For solving the problems referred to above, embodiments provide a kind of data access method, including: when receiving user's
During resource access request, it is judged that whether described user is logged-in user;When determining described user for logged-in user, from right
The authorization center answered obtains the authorization data that described user is corresponding;Based on acquired authorization data, it is judged that described resource accesses
It is the most legal to ask;When determining that described resource access request is legal, corresponding data are returned to described user.
Alternatively, described authorization data includes the information of the role of the user resource corresponding with role.
Alternatively, the described authorization data corresponding from the corresponding authorization center described user of acquisition, including: to authentication
Center sends corresponding authorization data query interface and obtains request, so that described authentication center is based on described authorization data
Query interface obtains request, determines the information of mandates system of correspondence, and based on determined by authorize system, determine corresponding awarding
Weigh the information of data-query interfaces and send;Receive the authorization data query interface of the correspondence that described authentication center sends
Information, and by the authorization data query interface of described correspondence, obtain, from corresponding authorization center, the mandate that described user is corresponding
Data.
Alternatively, described authorization center includes concentrating authorization center and more than one independent authentication centre;Wherein, described
Authorization center is concentrated to include the authorization data using the application system of public mandate system;Described independent authentication centre includes using
The authorization data of the application system of independent authorization system.
Alternatively, the described authorization data query interface by described correspondence, obtain described use from corresponding authorization center
The authorization data that family is corresponding, including: by the corresponding common authentication query interface arranged in cas system service end, from right
The concentration authorization center answered obtains the authorization data that described user is corresponding;Independently recognizing of correspondence is obtained from cas system service end
The information of card query interface, and by acquired independent authentication query interface, obtain described from corresponding independent authentication centre
The authorization data that user is corresponding.
The embodiment of the present invention additionally provides a kind of DAA, including: the first judging unit, be suitable to when receiving use
During the resource access request at family, it is judged that whether described user is logged-in user;Data capture unit, is suitable to when determining described use
When family is logged-in user, obtain, from corresponding authorization center, the authorization data that described user is corresponding;Second judging unit, is suitable to
Based on acquired authorization data, it is judged that described resource access request is the most legal;Data providing unit, is suitable to when determining described
When resource access request is legal, corresponding data are returned to described user.
Alternatively, described authorization data includes the information of the role of the user resource corresponding with role.
Alternatively, described data capture unit, be suitable to send corresponding authorization data query interface to authentication center
Obtain request, so that described authentication center obtains request based on described authorization data query interface, determine awarding of correspondence
The information of power system, and based on determined by authorize system, determine the information of authorization data query interface of correspondence and send;Connect
Receive the information of the corresponding authorization data query interface that described authentication center sends, and by the authorization data of described correspondence
Query interface, obtains, from corresponding authorization center, the authorization data that described user is corresponding.
Alternatively, described authorization center includes concentrating authorization center and more than one independent authentication centre;Wherein, described
Authorization center is concentrated to include the authorization data using the application system of public mandate system;Described independent authentication centre includes using
The authorization data of the application system of independent authorization system.
Alternatively, described authorization data acquiring unit, be suitable to corresponding public by arrange in cas system service end
Authentication challenge interface, obtains, from corresponding concentration authorization center, the authorization data that described user is corresponding;From cas system service end
Obtain the information of corresponding independent authentication query interface, and by acquired independent authentication query interface, from corresponding independence
Authorization center obtains the authorization data that described user is corresponding.
Compared with prior art, technical scheme has the advantage that
Above-mentioned scheme, by increasing in the heart the authorization data of correspondence in authentication for user, can visit user
When asking the resource of application system, according to the mandate system of application system at the resource place that user accesses, obtain user corresponding
Authorization data, the most legal to determine the resource access request of user, by the authorization data different for different user setups,
The resource of the application system that user accesses can be controlled, thus the spirit of the resources accessing control of application system can be improved
Activity, adapts to the requirements for access to different user of different application systems.
Accompanying drawing explanation
Fig. 1 is the flow chart of a kind of data access method in the embodiment of the present invention;
Fig. 2 is the structural representation of a kind of authentication authoring system in the embodiment of the present invention;
Fig. 3 is the interaction flow schematic diagram between authentication authoring system and user in the embodiment of the present invention;
Fig. 4 is the body structure schematic diagram of a kind of DAA in the embodiment of the present invention.
Detailed description of the invention
For solving the above-mentioned problems in the prior art, the technical scheme that the embodiment of the present invention uses is by recognizing in identity
Card increases for user in the heart the authorization data of correspondence, can access according to user when user accesses the resource of application system
The mandate system of application system at resource place, obtain the authorization data that user is corresponding, with determine that the resource of user accesses please
Seeking Truth is no legal, by the authorization data different for different user setups, and can be to the resource of the application system that user accesses
Be controlled, thus the motility of the resources accessing control of application system can be improved, adapt to different application systems to difference
The requirements for access of user.
Understandable, below in conjunction with the accompanying drawings to the present invention for enabling the above-mentioned purpose of the present invention, feature and advantage to become apparent from
Specific embodiment be described in detail.
Fig. 1 shows the flow chart of a kind of data access method in the embodiment of the present invention.Seeing Fig. 1, the present invention implements
Data access method in example can comprise the following steps that
Step S101: when receiving the resource access request of user, it is judged that whether described user is logged-in user;When
When judged result is no, step S102 can be performed;Otherwise, then step S103 can be performed.
In being embodied as, can be by the information extracted with identify corresponding certification mark, it is judged that whether user is
Login user.
Step S102: jump to authentication login interface, guides described user to re-start login.
In being embodied as, when determine user corresponding certification mark do not exist or be incorrect time, determine described user
For being not fully complete authentication.At this point it is possible to transcription interface is stepped in the authentication skipping to authentication center, guide user the most defeated
Enter authentication information, so that authentication center carries out authentication to user.
Step S103: obtain the authorization data that described user is corresponding from corresponding authorization center.
In being embodied as, the mandate system that application system is used can be configured according to the actual needs.At this
Inventing in an embodiment, application system can use concentration mandate system and independent authorization system.Wherein, concentration is used to authorize body
The authorization data that the application system of system is corresponding leaves concentration authorization center in, uses the mandate of the application system of independent authorization system
Data leave the independent authentication centre of correspondence in.The application system that user currently logs in is obtaining the authorization data that user is corresponding
Time, the mandate system difference that can be used according to application system, obtain, from corresponding authorization center, the mandate number that user is corresponding
According to.
Step S104: based on acquired authorization data, it is judged that the resource access request of described user is the most legal;When sentencing
When disconnected result is for being, step S105 can be performed;Otherwise, then step S106 can be performed.
In being embodied as, based on acquired authorization data, it may be determined that whether the resource access request that user sends
Legal, i.e. user's access rights to being asked the data accessed whether to have correspondence.
Step S105: corresponding data are returned to described user.
In being embodied as, when the resource access request determining user's application system to currently logging in is legal, permissible
Corresponding data are returned to user, so that user can get the data of correspondence.
Step S106: return the unallowed information of resource access request to described user.
In being embodied as, when the resource access request determining user is illegal, show that user is to being asked access
Data do not have corresponding access rights.At this point it is possible to return the unallowed information of resource access request to user, so that
Obtain user and know that oneself corresponding resource is not had access rights, thus stop current resource and access behavior.
Below in conjunction with Fig. 2 and Fig. 3, the data access method in the embodiment of the present invention is described in detail.
In order to make it easy to understand, will first the authentication authoring system in the embodiment of the present invention be introduced below.
Seeing Fig. 2, a kind of authentication authoring system in the embodiment of the present invention may include that authentication authorization center
21 and multiple application system, i.e. application system 1~application system M.Authentication authorization center 21 includes authentication center 211
With authorization center 212, authorization center 212 includes that one is concentrated authorization center 2121 and multiple independent authentication centre 2122, the most solely
Vertical authorization center 1~independent authentication centre N.
Wherein, concentrate authorization center 2121 for storing the mandate number of the user using the application system concentrating mandate system
According to;The user that multiple independent authentication centre 2022 are respectively used to the application system using independent authorization system corresponding to storage is corresponding
Authorization data.
The operation principle of the authentication authoring system described in Fig. 2 will be described in detail below.
Seeing Fig. 3, user, when accessing the data in application system, can comprise the following steps that
Step S301: authentication center receives the authentication information of user's input.
In being embodied as, authentication center can provide a user with corresponding authentication login interface, Yong Hutong
Cross authentication login interface fill in and submit authentication information to.
Step S302: the authentication information that user is inputted by authentication center is authenticated;When the authentication fails, may be used
To perform step S303, until the authentication success to user;Otherwise, then step S304 can be performed.
In being embodied as, in the authentication information that user is inputted by authentication center and the authentication database of self
Authentication information compare, to determine whether there is the authentication information matched, may thereby determine that user
Authentication success or not.
Step S303: authentication center jumps to authentication login interface, guides user to re-start login.
In being embodied as, authentication center is in determining the authentication information and authentication database that user submits to
Authentication failure when authentication information is not mated, to user.
Now, authentication center can jump to authentication login interface again, so that user re-enters body
Part authentication information, re-starts certification with the authentication information re-entered based on user to the authentication information of user.
Step S304: authentication center sends the successful information of certification of correspondence to user.
In being embodied as, when authentication center is to authenticating user identification success, can be to the success of user's return authentication
Information so that user can continue follow-up operation.
Step S305: user sends corresponding resource access request.
In being embodied as, when receiving the successful information of certification of correspondence, user can be according to actual need
Want, the resource in the application system of mutual trust is conducted interviews.
Step S306: corresponding application system judges whether described user is logged-in user;When judged result is for being,
Step S307 can be performed;Otherwise, then step S303 can be performed.
In being embodied as, authentication center is when to the authentication of described user and certification success, raw for user
Become corresponding authentication marks, and be associated with user.The application system of mutual trust by extracting and can identify recognizing of user
Card mark, it is judged that whether user is logged-in user.
In being embodied as, when authentication center is to the authentication success of user, user becomes with login user.
Logged-in user can be according to the actual needs by sending resource access request, to obtain to multiple application systems of mutual trust
Take the data of correspondence.The resource of user, when receiving the resource access request of user, can be accessed by corresponding application system
Request intercepts, and by extracting and identifying that the certification of user identifies, it is determined that whether described user is logged-in user.
Step S307: corresponding application system sends corresponding authorization data query interface acquisition to authentication center please
Ask.
In being embodied as, corresponding application system is determining that the user sending resource access request is logged-in user
Time, corresponding authorization data query interface can be sent to authentication center and obtain request, with the authorization data by obtaining
Query interface obtains, from corresponding authorization center inquiry, the authorization data that logged-in user is corresponding.
Step S308: the information of corresponding authorization data query interface is sent to corresponding application system by authentication center
System.
In being embodied as, authentication center obtains at the authorization data query interface receiving application system transmission please
When asking, first can obtain the information of the application system mark that obtain correspondence request from the authorization data that received, and based on
Accessed application system mark determines the information of the mandate system that the application system that user currently logs in used, and according to
The information of the mandate system that the application system that user currently logs in is used, sends out the information of corresponding authorization data query interface
Deliver to application system.
In an embodiment of the present invention, authorization center includes that one is concentrated authorization center and multiple independent authentication centre, collection
Middle authorization center and independent authentication centre can arrange different query interfaces.Correspondingly, application system is in inquiry difference
Authorization center in authorization data time, need by different authentication challenge interface polls obtain correspondence authorization data.
In an embodiment of the present invention, authentication center is condition visitation system (CAS).In cas system service end
It is provided with common authentication query interface and multiple independent authentication query interface.Wherein, common authentication query interface is used for query set
Authorization data in middle authorization center, multiple independent authentication query interfaces are respectively used in the independent authentication centre that inquiry is corresponding
Authorization data.
Authentication center is determining that the mandate system that the application system that user currently logs in is used authorizes body for concentrating
When being, the information of the common authentication query interface arranged in cas system service end can be sent to the application system of correspondence;?
Determine when the mandate system that the application system of correspondence is used is independent authorization system, only by what cas system service end was arranged
The information of vertical authentication challenge interface is sent to the application system of correspondence.
Step S309: corresponding application system inquires about described logged-in user pair by corresponding authorization data query interface
The authorization data answered.
In being embodied as, the application system that user currently logs in is getting the authorization data that authentication center sends
The information of query interface, can be corresponding by the user of corresponding authorization data query interface acquisition transmission resource access request
Authorization data.
In an embodiment of the present invention, the mandate system that the application system that user currently logs in uses is public mandate system
Time, can obtain sending money from concentrating authorization center inquiry by the common authentication query interface arranged in cas system service end
The information of the authorization data that the user of source access request is corresponding;The mandate system that the application system that user currently logs in is used is
During independent authorization system, can be by the corresponding independent authentication query interface arranged in cas system service end, from corresponding only
Vertical authorization center obtains the information sending authorization data corresponding to the user of resource access request.
Step S310: corresponding application system is based on acquired authorization data, it is judged that the resource of described user accesses please
Seeking Truth is no legal;When judged result is for being, step S311 can be performed;Otherwise, then step S312 can be performed.
In being embodied as, the application system that user currently logs in is when inquiry obtains the authorization data of correspondence, the most permissible
Know the information of role that logged-in user the is corresponding resource corresponding with role, and the resource that will send from logged-in user accesses
Request resolves the information of the corresponding data obtained, the resource corresponding with the role in the authorization data that inquiry obtains and role
Mate, the most legal to judge the resource access request of logged-in user.
In an embodiment of the present invention, the role that the authorization data acquired in application system is user that user currently logs in
The information of the resource ID list corresponding with role.The application system that user currently logs in is accessed by the resource sent from user please
The letter of the mark of URL (URL) that the data of asking middle parsing to obtain are corresponding and the application system that user currently logs in
Breath, determines that user is asked the information of the mark (ID) of the data accessed, and user asks ID and the mandate of the data of access
ID in the resource ID list that role in data is corresponding mates, and when determine the resource that the role in authorization data is corresponding
When ID list exists the ID of the data determining that user is asked to be accessed, determine that the resource access request of user is legal;Otherwise, then
Determine that the resource access request of user is illegal.
Step S311: corresponding data are returned to described user by corresponding application system.
In being embodied as, the application system that logged-in user currently logs in is legal in the resource access request determining user
Time, corresponding data can be returned to described user.
Step S312: corresponding application system returns the unallowed information of resource access request to described user.
In being embodied as, the application system that user currently logs in when the resource access request determining user is illegal,
The unallowed information of resource access request can be returned, so that user knows that corresponding resource is not had by oneself to user
There are access rights, thus stop current resource and access behavior.
Above-mentioned method in the embodiment of the present invention is described in detail, below by the dress corresponding to above-mentioned method
Put and be described further.
Fig. 4 shows the structure of a kind of DAA in the embodiment of the present invention.See Fig. 4, the embodiment of the present invention
In a kind of DAA 400, the first judging unit 401, data capture unit the 402, second judging unit can be included
403 and data providing unit 404, wherein:
First judging unit 401, is suitable to when receiving the resource access request of user, it is judged that whether described user is
Login user.
Data capture unit 402, is suitable to, when determining described user for logged-in user, obtain from corresponding authorization center
The authorization data that described user is corresponding.
Second judging unit 403, is suitable to based on acquired authorization data, it is judged that whether described resource access request closes
Method.
Data providing unit 404, is suitable to, when determining that described resource access request is legal, corresponding data be returned to institute
State user.
In an embodiment of the present invention, described authorization data includes the information of the role of the user resource corresponding with role.
In an embodiment of the present invention, described data capture unit 402, be suitable to send corresponding awarding to authentication center
Power data-query interfaces obtains request, asks so that described authentication center obtains based on described authorization data query interface
Ask, determine the information of mandates system of correspondence, and based on determined by authorize system, determine corresponding authorization data query interface
Information and send;Receive the information of the corresponding authorization data query interface that described authentication center sends, and pass through institute
State the authorization data query interface of correspondence, obtain, from corresponding authorization center, the authorization data that described user is corresponding.
In an embodiment of the present invention, described authorization center includes concentrating in authorization center and more than one independent authorization
The heart;Wherein, described concentration authorization center includes the authorization data using the application system of public mandate system;Described independent authorization
Center includes the authorization data using the application system of independent authorization system.
In an embodiment of the present invention, described authorization data acquiring unit 402, be suitable to by cas system service end
The corresponding common authentication query interface arranged, obtains, from corresponding concentration authorization center, the authorization data that described user is corresponding;
From cas system service end, obtain the information of the independent authentication query interface of correspondence, and inquired about by acquired independent authentication
Interface, obtains, from corresponding independent authentication centre, the authorization data that described user is corresponding.
Use the such scheme in the embodiment of the present invention, by increasing in the heart the mandate of correspondence in authentication for user
Data, can obtain, when user accesses the resource of application system, the authorization data that user is corresponding, to determine that the resource of user is visited
The request of asking is the most legal, by the authorization data different for different user setups, and can be to the application system that user accesses
Resource is controlled, thus can improve the motility of the resources accessing control of application system, adapts to the right of different application systems
The requirements for access of different user.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is can
Completing instructing relevant hardware by program, this program can be stored in computer-readable recording medium, and storage is situated between
Matter may include that ROM, RAM, disk or CD etc..
Having been described in detail the method and system of the embodiment of the present invention above, the present invention is not limited to this.Any
Skilled person, without departing from the spirit and scope of the present invention, all can make various changes or modifications, therefore the guarantor of the present invention
The scope of protecting should be as the criterion with claim limited range.
Claims (10)
1. a data access method, it is characterised in that including:
When receiving the resource access request of user, it is judged that whether described user is logged-in user;
When determining described user for logged-in user, obtain, from corresponding authorization center, the authorization data that described user is corresponding;
Based on acquired authorization data, it is judged that described resource access request is the most legal;
When determining that described resource access request is legal, corresponding data are returned to described user.
Data access method the most according to claim 1, it is characterised in that described authorization data include user role and
The information of the resource that role is corresponding.
Data access method the most according to claim 1, it is characterised in that described described from corresponding authorization center acquisition
The authorization data that user is corresponding, including:
Send corresponding authorization data query interface to authentication center and obtain request, so that described authentication center base
Obtain request in described authorization data query interface, determine the information of mandates system of correspondence, and based on determined by mandate body
System, determines the information of the authorization data query interface of correspondence and sends;
Receive the information of the corresponding authorization data query interface that described authentication center sends, and awarding by described correspondence
Power data-query interfaces, obtains, from corresponding authorization center, the authorization data that described user is corresponding.
Data access method the most according to claim 3, it is characterised in that described authorization center includes concentrating authorization center
With more than one independent authentication centre;Wherein, described concentration authorization center includes the application system using public mandate system
Authorization data;Described independent authentication centre includes the authorization data using the application system of independent authorization system.
Data access method the most according to claim 4, it is characterised in that the described authorization data by described correspondence is looked into
Ask interface, obtain, from corresponding authorization center, the authorization data that described user is corresponding, including:
By the corresponding common authentication query interface arranged in cas system service end, obtain from corresponding concentration authorization center
Take the authorization data that described user is corresponding;
The information of the independent authentication query interface of correspondence is obtained from cas system service end, and by acquired independent authentication
Query interface, obtains, from corresponding independent authentication centre, the authorization data that described user is corresponding.
6. a DAA, it is characterised in that including:
First judging unit, is suitable to when receiving the resource access request of user, it is judged that whether described user is to have logged in use
Family;
Data capture unit, is suitable to, when determining described user for logged-in user, obtain described use from corresponding authorization center
The authorization data that family is corresponding;
Second judging unit, is suitable to based on acquired authorization data, it is judged that described resource access request is the most legal;
Data providing unit, is suitable to, when determining that described resource access request is legal, corresponding data be returned to described user.
DAA the most according to claim 6, it is characterised in that described authorization data include user role and
The information of the resource that role is corresponding.
DAA the most according to claim 6, it is characterised in that described data capture unit, is suitable to identity
Authentication center sends corresponding authorization data query interface and obtains request, so that described authentication center is based on described mandate
Data-query interfaces obtains request, determines the information of mandates system of correspondence, and based on determined by mandate system, determine correspondence
The information of authorization data query interface and send;The authorization data inquiry receiving the correspondence that described authentication center sends connects
The information of mouth, and by the authorization data query interface of described correspondence, obtain described user from corresponding authorization center corresponding
Authorization data.
DAA the most according to claim 8, it is characterised in that described authorization center includes concentrating authorization center
With more than one independent authentication centre;Wherein, described concentration authorization center includes the application system using public mandate system
Authorization data;Described independent authentication centre includes the authorization data using the application system of independent authorization system.
DAA the most according to claim 9, it is characterised in that described authorization data acquiring unit, is suitable to lead to
Cross the corresponding common authentication query interface arranged in cas system service end, obtain from corresponding concentration authorization center described
The authorization data that user is corresponding;From cas system service end, obtain the information of the independent authentication query interface of correspondence, and pass through institute
The independent authentication query interface obtained, obtains, from corresponding independent authentication centre, the authorization data that described user is corresponding.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610790320.0A CN106209913B (en) | 2016-08-30 | 2016-08-30 | Data access method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610790320.0A CN106209913B (en) | 2016-08-30 | 2016-08-30 | Data access method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106209913A true CN106209913A (en) | 2016-12-07 |
CN106209913B CN106209913B (en) | 2019-07-23 |
Family
ID=58085815
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610790320.0A Expired - Fee Related CN106209913B (en) | 2016-08-30 | 2016-08-30 | Data access method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106209913B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018126381A1 (en) * | 2017-01-05 | 2018-07-12 | 深圳市前海中康汇融信息技术有限公司 | Database access control method |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1547343A (en) * | 2003-12-17 | 2004-11-17 | 上海市高级人民法院 | A Single Sign On method based on digital certificate |
US20070288634A1 (en) * | 2006-06-12 | 2007-12-13 | Fuji Xerox Co., Ltd. | Computer readable recording medium storing control program, communication system and computer data signal embedded in carrier wave |
CN102262751A (en) * | 2010-05-31 | 2011-11-30 | ***通信集团贵州有限公司 | Method and system for acquiring service application based on SOA (service-oriented architecture) |
CN103701801A (en) * | 2013-12-26 | 2014-04-02 | 四川九洲电器集团有限责任公司 | Resource access control method |
CN105225072A (en) * | 2015-11-05 | 2016-01-06 | 浪潮(北京)电子信息产业有限公司 | A kind of access management method of multi-application system and system |
CN105577665A (en) * | 2015-12-24 | 2016-05-11 | 西安电子科技大学 | Identity and access control and management system and method in cloud environment |
-
2016
- 2016-08-30 CN CN201610790320.0A patent/CN106209913B/en not_active Expired - Fee Related
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1547343A (en) * | 2003-12-17 | 2004-11-17 | 上海市高级人民法院 | A Single Sign On method based on digital certificate |
US20070288634A1 (en) * | 2006-06-12 | 2007-12-13 | Fuji Xerox Co., Ltd. | Computer readable recording medium storing control program, communication system and computer data signal embedded in carrier wave |
CN101090319A (en) * | 2006-06-12 | 2007-12-19 | 富士施乐株式会社 | Computer readable recording medium storing control program, communication system and computer data signal embedded in carrier wave |
CN102262751A (en) * | 2010-05-31 | 2011-11-30 | ***通信集团贵州有限公司 | Method and system for acquiring service application based on SOA (service-oriented architecture) |
CN103701801A (en) * | 2013-12-26 | 2014-04-02 | 四川九洲电器集团有限责任公司 | Resource access control method |
CN105225072A (en) * | 2015-11-05 | 2016-01-06 | 浪潮(北京)电子信息产业有限公司 | A kind of access management method of multi-application system and system |
CN105577665A (en) * | 2015-12-24 | 2016-05-11 | 西安电子科技大学 | Identity and access control and management system and method in cloud environment |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018126381A1 (en) * | 2017-01-05 | 2018-07-12 | 深圳市前海中康汇融信息技术有限公司 | Database access control method |
Also Published As
Publication number | Publication date |
---|---|
CN106209913B (en) | 2019-07-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8584219B1 (en) | Risk adjusted, multifactor authentication | |
EP2913777B1 (en) | Methods of authenticating users to a site | |
US9021570B2 (en) | System, control method therefor, service providing apparatus, relay apparatus and computer-readable medium | |
US7930264B2 (en) | Multi-module authentication platform | |
US20170170963A1 (en) | Step-up authentication for single sign-on | |
CN106302308B (en) | Trust login method and device | |
US8938789B2 (en) | Information processing system, method for controlling information processing system, and storage medium | |
CN110381031A (en) | Single-point logging method, device, equipment and computer readable storage medium | |
CN107172054A (en) | A kind of purview certification method based on CAS, apparatus and system | |
US9787678B2 (en) | Multifactor authentication for mail server access | |
CN107896226B (en) | Network identity authentication system based on iris recognition | |
CN107484152B (en) | Management method and device for terminal application | |
CN106453396A (en) | Double token account login method and login verification device | |
CN105337974A (en) | Account authorization method, account login method, account authorization device and client end | |
CN112800411A (en) | Multi-protocol and multi-mode supporting safe and reliable identity authentication method and device | |
CN106161475A (en) | The implementation method of subscription authentication and device | |
CN109388937A (en) | A kind of single-point logging method and login system of multiple-factor authentication | |
CN106713315A (en) | Login method and device for plug-in application | |
US11816231B2 (en) | Using machine-learning models to determine graduated levels of access to secured data for remote devices | |
CN111010375A (en) | Distributed authentication and authorization method for allowing third-party application to access resources | |
CN110113346A (en) | A kind of network verification method, user terminal and server | |
US20190222582A1 (en) | Decentralized method of tracking user login status | |
CN106209913A (en) | Data access method and device | |
CN105656856A (en) | Resource management method and device | |
US9565183B2 (en) | Location and device based student access control |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20190723 Termination date: 20210830 |