CN108632253A - Client data secure access method based on mobile terminal and device - Google Patents

Client data secure access method based on mobile terminal and device Download PDF

Info

Publication number
CN108632253A
CN108632253A CN201810294695.7A CN201810294695A CN108632253A CN 108632253 A CN108632253 A CN 108632253A CN 201810294695 A CN201810294695 A CN 201810294695A CN 108632253 A CN108632253 A CN 108632253A
Authority
CN
China
Prior art keywords
access
customer data
mobile terminal
accessing
identity information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810294695.7A
Other languages
Chinese (zh)
Other versions
CN108632253B (en
Inventor
刘俊廷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201810294695.7A priority Critical patent/CN108632253B/en
Priority to PCT/CN2018/101558 priority patent/WO2019192129A1/en
Publication of CN108632253A publication Critical patent/CN108632253A/en
Application granted granted Critical
Publication of CN108632253B publication Critical patent/CN108632253B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a kind of client data secure access method and device based on mobile terminal, the client data secure access method based on mobile terminal include:In running of mobile terminal customer account management in application, the authentication for the object that accesses, the access object requests carry out customer data access;When the access object is by authentication, the access rights for accessing object are fed back according to the identity information request server-side for accessing object;Customer data is provided according to the access rights for accessing object for the access object to access.Solve the problems, such as that the safety of extranet access customer data in the prior art is poor using the client data secure access method provided by the present invention based on mobile terminal.

Description

Client data secure access method based on mobile terminal and device
Technical field
The present invention relates to field of computer technology more particularly to a kind of client data secure access sides based on mobile terminal Method and device.
Background technology
Currently, in order to ensure that the safety of customer data access, customer data are usually deployed in Intranet, accesses object and be only capable of It is terminated by PC and accesses customer data into Intranet, this results in section on one's own time, because that can not access Intranet, accesses object Customer data access can not be carried out, and then the client that cannot follow up, can not safeguard customer relationship.
In other words, accessing object there is no method safely to carry out customer data access by outer net, for this purpose, the prior art carries A kind of method of the extranet access customer data based on mobile terminal is gone out, outer net is ensured by the identity of authentication-access object Access the safety of customer data.However, the identity for accessing object is easy to be attacked by virus in outer net, still it is unable to fully Ground ensures that outer net carries out the safety of customer data access.
From the foregoing, it will be observed that it is still urgently to be resolved hurrily how safely to carry out customer data access by outer net.
Invention content
In order to solve the above-mentioned technical problem, it is an object of the present invention to provide a kind of client's number based on mobile terminal According to safety access method and device.
Wherein, the technical solution adopted in the present invention is:
On the one hand, a kind of client data secure access method based on mobile terminal, including:In running of mobile terminal client The authentication in application, object that accesses is managed, the access object requests carry out customer data access;When the access Object feeds back the access right for accessing object by authentication, according to the identity information request server-side for accessing object Limit;Customer data is provided according to the access rights for accessing object for the access object to access.
On the other hand, a kind of client data secure access mechanism based on mobile terminal, including:Authentication module is used In in running of mobile terminal customer account management, in application, the authentication for the object that accesses, the access object requests carry out visitor User data accesses;Authority acquiring module, for working as the access object by authentication, according to the identity for accessing object Feed back the access rights for accessing object in information request service end;Data access module, for according to the access object Access rights provide customer data for the access object and access.
In one exemplary embodiment, the authentication module includes:Information acquisition unit, for described mobile whole In the customer account management application of end operation, the identity for accessing object is obtained according to the operation of the access objects trigger progress and is believed Breath;As a result acquiring unit, for carrying out identity information matching search according to the identity information request server-side for accessing object, Obtain matching search result;It is verified unit, if indicating that the server-side exists and institute for the matching search result It states and accesses the consistent identity information of object identity information, then judge that the identity information for accessing object passes through authentication.
In one exemplary embodiment, described device further includes:Permission receiving module, for passing through in the access object The ends PC carry out in customer data access process, and it is the access right that the access object reports that the server-side, which receives the ends PC, Limit;Relationship establishes module, for establishing the incidence relation between the access rights and identity information for accessing object, passes through institute The foundation for stating incidence relation provides access rights back services.
In one exemplary embodiment, described device further includes:Log recording generation module, for the ends PC described It accesses object to carry out in customer data access process, generates and be used to indicate the log recording for accessing object accesses behavior;Power Configuration module is limited, the access behavior for being indicated according to the log recording configures the access rights for accessing object, and will The access rights for accessing object report to the server-side.
In one exemplary embodiment, the web page resources of the customer data are stored in isolated area, the data access mould Block includes:Request initiating cell, for initiating customer data according to the stored webpage link address of customer account management application Access request;Resource request unit, for asking client's number to the isolated area by the customer data access request According to web page resources;Data display unit is used for the web page resources according to the customer data in customer account management application Customer data is carried out to show;Access unit is controlled, for controlling client number of the access object according to access rights to display According to accessing.
On the other hand, a kind of client data secure access mechanism based on mobile terminal, including processor and memory, institute It states and is stored with computer-readable instruction on memory, the computer-readable instruction realizes institute as above when being executed by the processor The client data secure access method based on mobile terminal stated.
On the other hand, a kind of computer readable storage medium is stored thereon with computer program, the computer program quilt The client data secure access method based on mobile terminal as described above is realized when processor executes.
In the above-mentioned technical solutions, customer account management application is run in the terminal, to access customer data to request It accesses object and carries out authentication, and when access object passes through authentication, taken according to the identity information request for accessing object End feedback of being engaged in accesses the access rights of object, and then initiates customer data access request according to the access rights for accessing object, leads to The object that is initiated as accessing for crossing customer data access request provides customer data access.
That is, providing extranet access client's number using to access object by the customer account management for running on mobile terminal According to, and the authentication based on access object and access rights have fully ensured the safety of extranet access customer data, into And solve the problems, such as that the safety of extranet access customer data in the prior art is poor.
It should be understood that above general description and following detailed description is only exemplary and explanatory, not It can the limitation present invention.
Description of the drawings
The drawings herein are incorporated into the specification and forms part of this specification, and shows the implementation for meeting the present invention Example, and in specification together principle for explaining the present invention.
Fig. 1 is the schematic diagram according to implementation environment according to the present invention.
Fig. 2 is a kind of hardware block diagram of mobile terminal shown according to an exemplary embodiment.
Fig. 3 is a kind of client data secure access method based on mobile terminal shown according to an exemplary embodiment Flow chart.
Fig. 4 is according to another client data secure access method based on mobile terminal shown in an exemplary embodiment Flow chart.
Fig. 5 be in Fig. 3 corresponding embodiments step 310 in the flow chart of one embodiment.
Fig. 6 is according to another client data secure access method based on mobile terminal shown in an exemplary embodiment Flow chart.
Fig. 7 be in Fig. 3 corresponding embodiments step 350 in the flow chart of one embodiment.
Fig. 8 is a kind of client data secure access mechanism based on mobile terminal shown according to an exemplary embodiment Block diagram.
Through the above attached drawings, it has been shown that the specific embodiment of the present invention will be hereinafter described in more detail, these attached drawings It is not intended to limit the scope of the inventive concept in any manner with verbal description, but is by referring to specific embodiments Those skilled in the art illustrate idea of the invention.
Specific implementation mode
Here will explanation be executed to exemplary embodiment in detail, the example is illustrated in the accompanying drawings.Following description is related to When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment Described in embodiment do not represent and the consistent all embodiments of the present invention.On the contrary, they be only with it is such as appended The example of the consistent device and method of some aspects being described in detail in claims, of the invention.
Fig. 1 is a kind of schematic diagram of the implementation environment involved by client data secure access method based on mobile terminal. The implementation environment includes mobile terminal 100, server-side 200 and the ends PC 300.
Wherein, mobile terminal 100 can be laptop, tablet computer, smart mobile phone or other for client manage The portable electronic device of application operation is managed, herein without limiting.
The ends PC 300 are different from mobile terminal 100, refer to the desktop computer without portability.
Communication connection is established at mobile terminal 100, the ends PC 300 between server-side 200 respectively, which includes but not It is limited to wireless network connection, cable network connection etc., and then the communication connection by being established carries out client data transfers.
Specifically, for mobile terminal 100, using the customer account management application of operation, outer net is provided to access object Customer data accesses, and for the ends PC 300, the access of Intranet customer data is provided to access object, improves client's number as a result, According to the versatility of access.
Referring to Fig. 2, Fig. 2 is a kind of block diagram of mobile terminal shown according to an exemplary embodiment.
It should be noted that the mobile terminal 100 be one adapt to the present invention example, must not believe that there is provided To any restrictions of the use scope of the present invention.The mobile terminal 100 can not be construed to need to rely on or must have One or more component in illustrative mobile terminal 100 shown in Figure 2.
As shown in Fig. 2, mobile terminal 100 (only shows including memory 101, storage control 103, one or more in Fig. 2 Go out one) processor 105, Peripheral Interface 107, radio-frequency module 109, locating module 111, photographing module 113, audio-frequency module 115, Touch Screen 117 and key-press module 119.These components are mutually communicated by one or more communication bus/signal wire 121.
Wherein, memory 101 can be used for storing computer program and module, such as the base in exemplary embodiment of the present In the client data secure access method and the corresponding computer-readable instruction of device and module of mobile mobile terminal, processor 105 are stored in computer-readable instruction in memory 101 by operation, to perform various functions and data processing, i.e., Complete the client data secure access method based on mobile mobile terminal.
The carrier that memory 101 is stored as resource, can be random access memory, for example high speed random access memory, it is non-easily The property lost memory, such as one or more magnetic storage devices, flash memory or other solid-state memories.Storage mode can be short Temporary storage permanently stores.
Peripheral Interface 107 may include an at least wired or wireless network interface, an at least connection in series-parallel translation interface, at least One input/output interface and at least USB interface etc., for coupleeing external various input/output devices to memory 101 And processor 105, to realize the communication with external various input/output devices.
Radio-frequency module 109 is used for transceiving electromagnetic wave, the mutual conversion of electromagnetic wave and electric signal is realized, to pass through communication network Network is communicated with other equipment.Communication network includes cellular telephone networks, WLAN or Metropolitan Area Network (MAN), above-mentioned communication network Network can use various communication standards, agreement and technology.
Locating module 111 is used to obtain the geographical location of mobile terminal 100 being currently located.The example of locating module 111 Including but not limited to GPS (GPS), the location technology based on WLAN or mobile radio communication.
Photographing module 113 is under the jurisdiction of camera, for shooting picture or video.The picture or video of shooting can be deposited In storage to memory 101, host computer can also be sent to by radio-frequency module 109.
Audio-frequency module 115 provides a user audio interface, may include one or more microphone interfaces, one or more Speaker interface and one or more earphone interfaces.The interaction of audio data is carried out by audio interface and miscellaneous equipment.Sound Frequency can also be sent according to that can store to memory 101 by radio-frequency module 109.
Touch Screen 117 provides an I/O Interface between mobile terminal 100 and user.Specifically, Yong Huke The gesture operations such as input operation, such as click, touch, sliding are carried out by Touch Screen 117, so that mobile terminal 100 is to this Input operation is responded.Then by word, picture, either any one form of video or combination are formed by mobile terminal 100 It exports content and output is shown to user by Touch Screen 117.
Key-press module 119 includes at least one button, to provide user's interface inputted to mobile terminal 100, User can make mobile terminal 100 execute different functions by pressing different buttons.For example, sound regulating key for Realize the adjusting of the wave volume played to mobile terminal 100 in family.
It is appreciated that structure shown in Fig. 2 is only to illustrate, mobile terminal 100 may also include than shown in Fig. 2 more or more Few component, or with the component different from shown in Fig. 2.Each component shown in Fig. 2 may be used hardware, software or its It combines to realize.
Referring to Fig. 3, in one exemplary embodiment, a kind of client data secure access side based on mobile mobile terminal Method is suitable for the mobile terminal of implementation environment shown in Fig. 1, and the structure of the mobile terminal can be as shown in Figure 2.
Client data secure access method of this kind based on mobile mobile terminal can may include by mobile terminal execution Following steps:
Step 310, in running of mobile terminal customer account management in application, the authentication for the object that accesses.
Illustrate first, customer account management application, by advance installation and deployment in mobile terminal, for being provided to access object Outer net customer data accesses.That is, as customer account management application installation and deployment are in mobile terminal, accessing object can lead to It crosses customer account management application accessing external network and accesses customer data, and then implement customer account management, that is, follow up client, safeguards customer relationship Etc..
Secondly, in order to ensure the safety of customer data access, authentication will be carried out to accessing object, only in access pair When as passing through authentication, subsequent customer data access can be carried out by customer account management application accessing external network.
Further, the authentication for accessing object refers to carrying out legitimacy verifies to accessing the identity information of object.It closes Method verification is that the identity information for accessing object is accessed the identity information progress of object one by one with the magnanimity that server-side is stored It compares, compares the consistent access object that is considered as and pass through authentication.
Wherein, the identity information for accessing object is to have carried out unique mark to accessing object, accesses the identity letter of object Breath includes but not limited to:Access the account of object, password, ID card No., contact method etc..That is, accessing object Identity information realize the accurate description to accessing object identity, i.e., it is different if accessing object, identity by different from, And then the identity information for accessing object is also different.
In an embodiment in the specific implementation, it is that declaration form marketing is attended a banquet to access object, what customer data and client were bought Declaration form is related, including but not limited to:Customer name, customer's identity card number, trade connection mode, number of policy, declaration form payment the time limit, Declaration form payment amount of money etc..
The process for the identity information for accessing object to server-side storage magnanimity below is illustrated.
Specifically, object is accessed in order to carry out customer data access, and customer data is initiated to server-side by the ends PC first Access request, when server-side receives the customer data access request, from the access object of customer data access request carrying ID card No. is extracted in identity information, and with the authentication of this object that accesses.
Authentication herein is completed by third party's authentication mechanism, for example, passing through third party's authentication The ID card No. stored in mechanism carries out, i.e., if being stored with consistent ID card No. in Third Party Authentication mechanism, It accesses object and passes through authentication.
When accessing object by authentication, then server-side is stored object is accessed by the identity information of certification, For subsequently realizing that the access object identity that mobile terminal is initiated is verified, and then ensure the client data secure based on mobile terminal Access is carried out.
It is only carried out in customer data access process by the ends PC that is, accessing object, has passed through third party's identity After the authentication of certification authority, mobile terminal can be based on and realize that customer data accesses, to be extranet access client The safety of data, which provides, adequately to be ensured.
Step 330, it when accessing object by authentication, is fed back and is visited according to the identity information request server-side for accessing object Ask the access rights of object.
Access object access rights, reflect access object pass through the ends PC carry out customer data access process in access Behavior.Access rights include but not limited to:Newly-built permission, newly-increased permission, modification authority, deletion permission etc..
For example, object is accessed in carrying out customer data access process by the ends PC, and customer data is repaiied Change, correspondingly, by the access behavior of above-mentioned modification data, the access rights for accessing object are modification authority.
Further, accessing the access rights of object will be reported in server-side by the ends PC and store.
In an embodiment in the specific implementation, as shown in figure 4, before step 330, method as described above can also include Following steps:
Step 410, in accessing object and carrying out customer data access process by the ends PC, it is to access that server-side, which receives the ends PC, The access rights that object reports.
Step 430, the incidence relation between the access rights and identity information that access object is established, incidence relation is passed through It establishes and access rights back services is provided.
Specifically, as previously mentioned, in order to the object that accesses authentication, magnanimity is stored in server-side and is accessed pair The identity information of elephant.At this point, the access rights reported by the ends PC, the access right for accessing object is had also obtained in server-side Limit so that server-side can store the access rights for accessing object, and establish the identity information for accessing object and access Incidence relation between permission, and then realize the associated storage of the identity information and access rights that access object, it is convenient to provide Access rights back services.
It follows that service just can be passed through according to the identity information for accessing object by authentication when accessing object End gets the access rights for accessing object.
In above process, for mobile terminal, the access rights for accessing object are and access object visit in the ends PC Ask that the access behavior of customer data is closely related, it is understood that be that no matter to access object be the client carried out based on the ends PC Data access, or the customer data carried out based on mobile terminal are accessed, and access object to the access rights of customer data always It is consistent, sufficient guarantee is provided with the secure access for subsequent clients data.
Step 350, according to the access rights for accessing object customer data access is provided to access object.
After obtaining the access rights for accessing object, it just can be based on the access privilege control and access object progress client Data access.
That is, customer data based on mobile terminal accesses, will be limited by the access rights for accessing object, with this into The safety that customer data accesses is ensured to one step.
It is logical to realize access object by the customer account management application for running on mobile terminal by process as described above It crosses outer net and accesses carried out customer data access, that is to say, that utilize the portability of mobile terminal, accessing object can be at any time Accessing external network accesses customer data, and then the client that follows up in real time, safeguards customer relationship, fully ensure that it is viscous with client Degree.
In an application scenarios, in order to be based on mobile terminal accessing customer data, first have to ask third party by the ends PC Authentication mechanism carries out first time authentication to accessing object, then again by mobile terminal request server-side to access pair As carrying out second of authentication, finally, the access privilege control that can be just fed back according to server-side accesses object and carries out client The secure access of data, the secure access as customer data provides multiple guarantee, and then has fully ensured client's number According to the safety of access.
Referring to Fig. 5, in one exemplary embodiment, step 310 may comprise steps of:
Step 311, it in the customer account management of running of mobile terminal application, is obtained according to the operation that objects trigger carries out is accessed Access the identity information of object.
Wherein, in order to carry out authentication to accessing object, customer account management application will obtain for the identity information for accessing object Offer entrance is provided.When access object, which is desired with customer data, to be accessed, corresponding operation will be triggered in the entrance, so that objective Family management application obtains the identity information for accessing object, and then the authentication for the object that accessed according to the identity information.
For example, customer account management is applied shows an input dialogue frame in showing the page, accessing object can be in the input Identity information is inputted in dialog box, wherein the input dialogue frame is entrance, and input operation is to access object to carry out visitor User data accesses and in the operation of entrance triggering progress.
Step 313, identity information matching search is carried out according to the identity information request server-side for accessing object, is matched Search result.
As previously mentioned, the identity information that magnanimity accesses object is stored in server-side, identity information matching search as a result, Refer to that the magnanimity for accessing the identity information of object with server-side is stored is accessed to the identity information of object to be compared one by one.
Therefore, it is matched and is searched for by identity information, if existed in server-side consistent with the identity information of object is accessed Identity information, then go to step 315, and judgement accesses object and passes through authentication.
, whereas if then judging to access there is no the identity information consistent with the identity information of object is accessed in server-side For object not by authentication, that is, it is unauthorized access person to access object, and then haves no right to carry out customer data visit by mobile terminal It asks.
Step 315, if matching search result instruction server-side has the identity consistent with object identity information is accessed and believes Breath then judges that the identity information for accessing object passes through authentication.
In an embodiment in the specific implementation, for mobile terminal, when accessing object by authentication, just allow It accesses object and logs in customer account management application, in turn, log in customer account management application with object is accessed, just enable and access object Customer data access is carried out by customer account management application accessing external network.
Under the action of above-described embodiment, only visitor is accessed when the access object by authentication mays be eligible to accessing external network User data, ensures the safety of outer net access with this, and then is conducive to improve the safety that customer data accesses.
Referring to Fig. 6, in one exemplary embodiment, before step 410, method as described above can also include following Step:
Step 510, in accessing object and carrying out customer data access process, generation is used to indicate access object accesses at the ends PC The log recording of behavior.
In accessing object and carrying out customer data access process, a series of access behavior can be carried out, for example, to client's number According to modify, it is newly-increased etc., for this purpose, the ends PC will generate log recording according to those access behaviors, in order to follow-up system therefore The access behavior for accessing object can be traced when barrier.
From the foregoing, it will be observed that log recording is to indicate the access behavior for accessing object, it is understood that be that log recording is real The accurate description of the access behavior to accessing object is showed.
For example, object is accessed in carrying out customer data access process, deletes customer data, then the ends PC are by basis The access behavior for deleting data generates corresponding log recording.Wherein, log recording carries behavior id, behavior id, that is, unique Ground identifies the access behavior of the deletion data.
Step 530, according to the access rights of the access behavior configuration access object of log recording instruction, and object will be accessed Access rights report to server-side.
After obtaining the log recording for indicating access object accesses behavior, the access right for the object that just can access Limit configuration.For example, the behavior of access is to delete customer data, then the access rights to access object configuration are to delete permission.
For server-side, after the configuration that access rights are completed at the ends PC, you can it is to access object to receive the ends PC The access rights of configuration.
Further, access rights can also be reported according to accessing object and trigger the selection operation of progress in the ends PC. That is the access rights for being allowed to report to server-side are to carry out selection according to the actual needs for accessing object.
More preferably, the access rights for being allowed to report to server-side are newly-built permission, newly-increased permission, and do not include the power of amendment Limit deletes permission, avoids customer data because being misused when outer net is accessed by rogue attacks, further ensure that visitor with this The safety that user data accesses.
By the cooperation of above-described embodiment, the access rights configuration for accessing object is realized so that server-side provides access Permission back services are carried out, and the secure access as guarantee customer data provides reliable basis.
In addition, being configured by the access rights that log recording is carried out so that the access rights for accessing object being capable of dynamic Update, that is, accessing the access rights of object will change with the variation of the access behavior indicated by log recording, even if as a result, During the extranet access customer data that this is carried out, the access rights for accessing object leak due to by virus attack, During the extranet access customer data subsequently carried out, as long as the access behavior for accessing object is changed, access pair The access rights of elephant will correspondingly change therewith, in turn result in the access rights failure of the access object to leak before, be dropped with this The risk of low outer net susceptible viral attack, to fully ensure that outer net carries out the safety of customer data access.
Referring to Fig. 7, in one exemplary embodiment, the web page resources of customer data are stored in isolated area (demilitarized zone, DMZ).
It is appreciated that being accessed by the customer data that mobile terminal accessing external network carries out, it is more likely that there are dangerous hidden Suffer from, and cause customer data impaired, for example, being attacked by hacker.
For this purpose, in the present embodiment, the web page resources of customer data are stored in isolated area, the isolated area be outer net and Intranet it Between network area, with this realize between outer net and Intranet can not direct communication purpose, and then ensure the safety of Intranet.
Further, isolated area can be deployed in separate server, to be different from external network server or Intranet service Device, the virtual machine that can also be deployed in server, for example, the void in virtual machine or intranet server in external network server Quasi- machine enhances the flexibility of isolated area deployment with this, also helps the complexity for reducing isolated area deployment, the present embodiment to this simultaneously It is not limited.
It should be noted that is stored in isolated area is the web page resources of customer data, it is in being applied for customer account management The convenient display that customer data is carried out by way of showing webpage.
Correspondingly, step 350 may comprise steps of:
Step 351, customer data access request is initiated according to the stored webpage link address of customer account management application.
Webpage link address, corresponds to the web page resources of customer data, and the web page resources for having recorded customer data are being isolated Storage location in area.
Customer data is different as a result, then the corresponding web page resource different from stored in isolated area, so that webpage chain It is also different to be grounded location.As a result, just can by different webpage link address initiate customer data access request, with to every The customer data of storage locations different from area accesses.
Step 353, the web page resources of customer data are asked to isolated area by customer data access request.
For isolated area, by extracting webpage link address in customer data access request, isolated area just can be obtained The web page resources of the customer data of middle respective memory locations, and then feed back institute to the mobile terminal for initiating customer data access request The web page resources of acquisition.
That is, isolated area be customer account management application memory customer data web page resources, as long as mobile terminal with every It is interacted from area, just can initiate customer data access to isolated area by customer account management the stored webpage link address of application asks It asks, and then obtains the web page resources of customer data by isolated area.
Step 355, customer data is carried out in customer account management application according to the web page resources of customer data to show.
Step 357, control accesses object and accesses to the customer data of display according to access rights.
In above process, the customer account management application based on advance installation and deployment in mobile terminal, realizes access object Access by outer net to customer data in isolated area, the customer data that avoiding can only be terminated by PC and be carried out into Intranet are visited It asks, not only ensure that the safety that customer data accesses, but also enhance the versatility of customer data access.
Following is apparatus of the present invention embodiment, can be used for executing the visitor according to the present invention based on mobile mobile terminal User data safety access method.For undisclosed details in apparatus of the present invention embodiment, base according to the present invention is please referred to In the embodiment of the method for the client data secure access method of mobile mobile terminal.
Referring to Fig. 8, in one exemplary embodiment, a kind of client data secure access dress based on mobile mobile terminal Setting 900 includes but not limited to:Authentication module 910, authority acquiring module 930 and Data access module 950.
Wherein, authentication module 910 is used in running of mobile terminal customer account management in application, the body for the object that accesses Part verification accesses object requests and carries out customer data access.
Authority acquiring module 930, which is used to work as, accesses object by authentication, according to the identity information request for accessing object Server-side feedback accesses the access rights of object.
Data access module 950 is used to provide customer data access according to the access rights for accessing object to access object.
It should be noted that the client data secure access mechanism based on mobile mobile terminal that above-described embodiment is provided When carrying out the client data secure access process based on mobile mobile terminal, only lifted with the division of above-mentioned each function module Example illustrates, in practical application, can be completed as needed and by above-mentioned function distribution by different function modules, that is, be based on movement The internal structure of the client data secure access mechanism of mobile terminal will be divided into different function modules, to complete above description All or part of function.
In addition, the client data secure access mechanism based on mobile mobile terminal that is provided of above-described embodiment with based on moving The embodiment of the client data secure access method of dynamic mobile terminal belongs to same design, and wherein modules execute the tool of operation Body mode is described in detail in embodiment of the method, and details are not described herein again.
In one exemplary embodiment, a kind of client data secure access mechanism based on mobile mobile terminal, including place Manage device and memory.
Wherein, it is stored with computer-readable instruction on memory, which realizes when being executed by processor The client data secure access method based on mobile mobile terminal in the various embodiments described above.
In one exemplary embodiment, a kind of computer readable storage medium, is stored thereon with computer program, the calculating The client data secure access side based on mobile mobile terminal in the various embodiments described above is realized when machine program is executed by processor Method.
The above, only preferable examples embodiment of the invention, are not intended to limit embodiment of the present invention, this Field those of ordinary skill central scope according to the present invention and spirit can be carried out very easily corresponding flexible or repaiied Change, therefore protection scope of the present invention should be subject to the protection domain required by claims.

Claims (10)

1. a kind of client data secure access method based on mobile terminal, which is characterized in that including:
In running of mobile terminal customer account management in application, the authentication for the object that accesses, the access object requests carry out Customer data accesses;
When the access object is by authentication, the visit is fed back according to the identity information request server-side for accessing object Ask the access rights of object;
Customer data is provided according to the access rights for accessing object for the access object to access.
2. the method as described in claim 1, which is characterized in that it is described in running of mobile terminal customer account management in application, carry out The authentication of object is accessed, including:
In the customer account management application of the running of mobile terminal, according to the operation acquisition of the access objects trigger progress Access the identity information of object;
Identity information matching search is carried out according to the identity information request server-side for accessing object, obtains matching search knot Fruit;
If the matching search result indicates that the server-side has the identity consistent with the access object identity information and believes Breath then judges that the identity information for accessing object passes through authentication.
3. the method as described in claim 1, which is characterized in that described according to the identity information request service for accessing object Before the end feedback access rights for accessing object, the method further includes:
In the access object carries out customer data access process by the ends PC, it is described that the server-side, which receives the ends PC, Access the access rights that object reports;
The incidence relation between the access rights and identity information for accessing object is established, the foundation of the incidence relation is passed through Access rights back services are provided.
4. method as claimed in claim 3, which is characterized in that described to carry out customer data by the ends PC in the access object In access process, before the server-side receives the access rights that the ends PC report for the access object, the method is also Including:
In the access object carries out customer data access process, generation is used to indicate the access object accesses at the ends PC The log recording of behavior;
The access behavior indicated according to the log recording configures the access rights for accessing object, and by the access object Access rights report to the server-side.
5. the method as described in claim 1, which is characterized in that the web page resources of the customer data are stored in isolated area, institute It states that customer data is provided and is accessed for the access object according to the access rights for accessing object and includes:
According to customer account management application, stored webpage link address initiates customer data access request;
The web page resources of the customer data are asked to the isolated area by the customer data access request;
Customer data is carried out according to the web page resources of the customer data in customer account management application to show;
The access object is controlled to access to the customer data of display according to access rights.
6. a kind of client data secure access mechanism based on mobile terminal, which is characterized in that including:
Authentication module, in running of mobile terminal customer account management in application, the authentication for the object that accesses, described It accesses object requests and carries out customer data access;
Authority acquiring module is asked for working as the access object by authentication according to the identity information for accessing object Server-side is asked to feed back the access rights for accessing object;
Data access module is visited for providing customer data according to the access rights for accessing object for the access object It asks.
7. device as claimed in claim 6, which is characterized in that the authentication module includes:
Information acquisition unit, used in being applied in the customer account management of the running of mobile terminal, according to the access objects trigger The operation of progress obtains the identity information for accessing object;
As a result acquiring unit is searched for carrying out identity information matching according to the identity information request server-side for accessing object Rope obtains matching search result;
It is verified unit, if indicating that the server-side exists and the access object identity for the matching search result The consistent identity information of information then judges that the identity information for accessing object passes through authentication.
8. device as claimed in claim 6, which is characterized in that the web page resources of the customer data are stored in isolated area, institute Stating Data access module includes:
Request initiating cell is accessed for initiating customer data according to the stored webpage link address of customer account management application Request;
Resource request unit, the net for asking the customer data to the isolated area by the customer data access request Page resource;
Data display unit, for carrying out client's number in customer account management application according to the web page resources of the customer data According to display;
Access unit is controlled, is accessed to the customer data of display according to access rights for controlling the access object.
9. a kind of client data secure access mechanism based on mobile terminal, which is characterized in that including:
Processor;And
Memory is stored with computer-readable instruction on the memory, and the computer-readable instruction is held by the processor The client data secure access method based on mobile terminal as described in any one of claim 1 to 5 is realized when row.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program Realize that the client data secure based on mobile terminal as described in any one of claim 1 to 5 accesses when being executed by processor Method.
CN201810294695.7A 2018-04-04 2018-04-04 Client data security access method and device based on mobile terminal Active CN108632253B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201810294695.7A CN108632253B (en) 2018-04-04 2018-04-04 Client data security access method and device based on mobile terminal
PCT/CN2018/101558 WO2019192129A1 (en) 2018-04-04 2018-08-21 Customer data security access method and device based on mobile terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810294695.7A CN108632253B (en) 2018-04-04 2018-04-04 Client data security access method and device based on mobile terminal

Publications (2)

Publication Number Publication Date
CN108632253A true CN108632253A (en) 2018-10-09
CN108632253B CN108632253B (en) 2021-09-10

Family

ID=63704824

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810294695.7A Active CN108632253B (en) 2018-04-04 2018-04-04 Client data security access method and device based on mobile terminal

Country Status (2)

Country Link
CN (1) CN108632253B (en)
WO (1) WO2019192129A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109543463A (en) * 2018-10-11 2019-03-29 平安科技(深圳)有限公司 Data Access Security method, apparatus, computer equipment and storage medium
CN110351719A (en) * 2019-07-16 2019-10-18 深圳市信锐网科技术有限公司 A kind of wireless network management method, system and electronic equipment and storage medium
CN111079182A (en) * 2019-12-18 2020-04-28 北京百度网讯科技有限公司 Data processing method, device, equipment and storage medium
CN113180729A (en) * 2021-03-31 2021-07-30 上海深至信息科技有限公司 Ultrasonic data transmission method and system
CN113506054A (en) * 2021-06-10 2021-10-15 傲网信息科技(厦门)有限公司 Data processing system for pesticide production
CN114244598A (en) * 2021-12-14 2022-03-25 浙江太美医疗科技股份有限公司 Intranet data access control method, device, equipment and storage medium
CN114553540A (en) * 2022-02-22 2022-05-27 平安科技(深圳)有限公司 Zero-trust-based Internet of things system, data access method, device and medium
CN116708580A (en) * 2023-08-08 2023-09-05 武汉华瑞测智能技术有限公司 Power plant intranet access method, equipment and medium based on network isolation device

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111159673B (en) * 2019-12-31 2022-09-02 海南老白健康科技有限公司 Identity information verification method, device and equipment
CN112073504B (en) * 2020-09-03 2023-07-25 中国平安财产保险股份有限公司 Request forwarding method, device, equipment and storage medium
CN113381915B (en) * 2021-04-27 2022-08-09 福建依时利软件股份有限公司 Method, device, equipment and medium for interconnection of internal and external networks of campus
CN113163401B (en) * 2021-04-30 2022-08-19 中国银行股份有限公司 Bank business handling method and device, electronic equipment and computer storage medium
CN114050903A (en) * 2021-11-23 2022-02-15 广东电网有限责任公司 Traffic management method, device, system, server and medium

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102970276A (en) * 2012-09-28 2013-03-13 中国电力科学研究院 Method for achieving safe operation of power special mobile terminal on basis of isolation technique
CN102984159A (en) * 2012-12-05 2013-03-20 浙江省电力公司 Secure access logic control method based on terminal access behavior and platform server
CN103441991A (en) * 2013-08-12 2013-12-11 江苏华大天益电力科技有限公司 Mobile terminal security access platform
CN103581184A (en) * 2013-10-31 2014-02-12 中国电子科技集团公司第十五研究所 Method and system for mobile terminal to get access to intranet server
CN103646306A (en) * 2013-11-27 2014-03-19 大连创达技术交易市场有限公司 Inner-enterprise mobile phone information platform
CN104202338A (en) * 2014-09-23 2014-12-10 中国南方电网有限责任公司 Secure access method applicable to enterprise-level mobile applications
CN105701389A (en) * 2016-03-02 2016-06-22 深圳市智汇十方科技有限公司 Management method and system of mobile terminal
CN105871862A (en) * 2016-04-19 2016-08-17 杭州华三通信技术有限公司 Network resource accessing method and device
CN106059802A (en) * 2016-05-25 2016-10-26 杭州华三通信技术有限公司 Terminal access authentication method and device
CN107257344A (en) * 2017-07-05 2017-10-17 福建网龙计算机网络信息技术有限公司 The access method and its system of server
US20180032750A1 (en) * 2016-07-29 2018-02-01 Morphotrust Usa, Llc Integrated credential data management techniques

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103841130A (en) * 2012-11-21 2014-06-04 深圳市腾讯计算机***有限公司 Verification information pushing method and device, and identity authentication method and device
EP3244588B1 (en) * 2016-05-10 2021-06-23 Nokia Solutions and Networks Oy Support of dedicated core networks for wlan access
ES2960631T3 (en) * 2016-06-21 2024-03-05 Nokia Solutions & Networks Oy Access to local services by unauthenticated users

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102970276A (en) * 2012-09-28 2013-03-13 中国电力科学研究院 Method for achieving safe operation of power special mobile terminal on basis of isolation technique
CN102984159A (en) * 2012-12-05 2013-03-20 浙江省电力公司 Secure access logic control method based on terminal access behavior and platform server
CN103441991A (en) * 2013-08-12 2013-12-11 江苏华大天益电力科技有限公司 Mobile terminal security access platform
CN103581184A (en) * 2013-10-31 2014-02-12 中国电子科技集团公司第十五研究所 Method and system for mobile terminal to get access to intranet server
CN103646306A (en) * 2013-11-27 2014-03-19 大连创达技术交易市场有限公司 Inner-enterprise mobile phone information platform
CN104202338A (en) * 2014-09-23 2014-12-10 中国南方电网有限责任公司 Secure access method applicable to enterprise-level mobile applications
CN105701389A (en) * 2016-03-02 2016-06-22 深圳市智汇十方科技有限公司 Management method and system of mobile terminal
CN105871862A (en) * 2016-04-19 2016-08-17 杭州华三通信技术有限公司 Network resource accessing method and device
CN106059802A (en) * 2016-05-25 2016-10-26 杭州华三通信技术有限公司 Terminal access authentication method and device
US20180032750A1 (en) * 2016-07-29 2018-02-01 Morphotrust Usa, Llc Integrated credential data management techniques
CN107257344A (en) * 2017-07-05 2017-10-17 福建网龙计算机网络信息技术有限公司 The access method and its system of server

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109543463B (en) * 2018-10-11 2023-12-22 平安科技(深圳)有限公司 Data security access method, device, computer equipment and storage medium
CN109543463A (en) * 2018-10-11 2019-03-29 平安科技(深圳)有限公司 Data Access Security method, apparatus, computer equipment and storage medium
CN110351719A (en) * 2019-07-16 2019-10-18 深圳市信锐网科技术有限公司 A kind of wireless network management method, system and electronic equipment and storage medium
CN111079182A (en) * 2019-12-18 2020-04-28 北京百度网讯科技有限公司 Data processing method, device, equipment and storage medium
CN113180729A (en) * 2021-03-31 2021-07-30 上海深至信息科技有限公司 Ultrasonic data transmission method and system
CN113180729B (en) * 2021-03-31 2023-07-14 上海深至信息科技有限公司 Ultrasonic data transmission method and system
CN113506054A (en) * 2021-06-10 2021-10-15 傲网信息科技(厦门)有限公司 Data processing system for pesticide production
CN113506054B (en) * 2021-06-10 2023-12-29 傲网信息科技(厦门)有限公司 Data processing system for pesticide production
CN114244598A (en) * 2021-12-14 2022-03-25 浙江太美医疗科技股份有限公司 Intranet data access control method, device, equipment and storage medium
CN114244598B (en) * 2021-12-14 2024-01-19 浙江太美医疗科技股份有限公司 Intranet data access control method, device, equipment and storage medium
CN114553540A (en) * 2022-02-22 2022-05-27 平安科技(深圳)有限公司 Zero-trust-based Internet of things system, data access method, device and medium
CN114553540B (en) * 2022-02-22 2024-03-08 平安科技(深圳)有限公司 Zero trust-based Internet of things system, data access method, device and medium
CN116708580B (en) * 2023-08-08 2023-10-13 武汉华瑞测智能技术有限公司 Power plant intranet access method, equipment and medium based on network isolation device
CN116708580A (en) * 2023-08-08 2023-09-05 武汉华瑞测智能技术有限公司 Power plant intranet access method, equipment and medium based on network isolation device

Also Published As

Publication number Publication date
WO2019192129A1 (en) 2019-10-10
CN108632253B (en) 2021-09-10

Similar Documents

Publication Publication Date Title
CN108632253A (en) Client data secure access method based on mobile terminal and device
KR102396739B1 (en) Asset management method and apparatus, and electronic device
JP2021512380A (en) Asset management methods and equipment, as well as electronic devices
CN106710017B (en) Identity verification method, device and system for logistics signing
CN104144163B (en) Auth method, apparatus and system
CN112559993B (en) Identity authentication method, device and system and electronic equipment
CN108200089A (en) Implementation method, device, system and the storage medium of information security
US9332433B1 (en) Distributing access and identification tokens in a mobile environment
CN104572263A (en) Page data interaction method, related device and system
CN104717648B (en) A kind of uniform authentication method and equipment based on SIM card
EP3061025B1 (en) Method and system for authenticating service
CN105306208A (en) Identity verification method and identity verification device
CN107872447A (en) Electronic device, server, communication system and communication method
CN113542201B (en) Access control method and equipment for Internet service
CN106936772A (en) A kind of access method, the apparatus and system of cloud platform resource
CN109451496B (en) Connection authentication method and authentication system thereof
CN107862091A (en) Realize the control method and device of web page access
CN110247758A (en) The method, apparatus and code management device of Password Management
CN105306202B (en) Auth method, device and server
CN108123961A (en) Information processing method, apparatus and system
Young et al. BadVoice: Soundless voice-control replay attack on modern smartphones
CN109976787A (en) Application program updating method, apparatus, terminal and computer readable storage medium
CN105592005A (en) Safety verification method, apparatus, and system
CN107948970A (en) System of real name method of network entry, system and the mobile terminal of subordinate terminal
CN107580000A (en) Digital certificate authentication method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant