CN110401674A - Data access method, device, system, electronic equipment and computer-readable medium - Google Patents
Data access method, device, system, electronic equipment and computer-readable medium Download PDFInfo
- Publication number
- CN110401674A CN110401674A CN201910765096.3A CN201910765096A CN110401674A CN 110401674 A CN110401674 A CN 110401674A CN 201910765096 A CN201910765096 A CN 201910765096A CN 110401674 A CN110401674 A CN 110401674A
- Authority
- CN
- China
- Prior art keywords
- data
- user
- platform
- password
- verifying
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
This disclosure relates to a kind of data access method, device, system, electronic equipment and computer-readable medium.This method comprises: carrying out the first verifying on enterprise platform by the first user name and first password, first verification data is obtained;The second verifying is carried out on assistant authentification platform by second user name, the second password and the first verification data, obtains the second verify data;Data access request is generated by the mark of second verify data and target data;And it is returned the result based on access request acquisition.This disclosure relates to data access method, device, system, electronic equipment and computer-readable medium, the access security of the data in guarantee system can either be reached.
Description
Technical field
This disclosure relates to computer information processing field, in particular to a kind of data access method, device, system,
Electronic equipment and computer-readable medium.
Background technique
In order to guarantee the safety of system, when user will use the data in system, user is verified, is to protect
Demonstrate,prove an important measure of security of system.Most system can visit user's turn-on data after user's checking passes through
Ask permission.And for the system more than agency's quantity, unsafe problem often derives from letting out for username and password
Dew.Moreover, different users may be required to upload respective data into system, how to make the number between different users
According to not revealing mutually, guarantee respective privacy and an important problem.
Especially in insurance field, for each user by outer net to insurance company's system typing policy information, user is resonable
It needs to obtain declaration form image from insurance company's system by outer net when compensation, save to local.And the image data of declaration form is stored in
It is mutually indepedent to solve access data between the safety issue and different users of image data access for insurance company's Intranet
Problem is all urgently to be resolved.
In the prior art, the image data that user is stored by user name, cryptographic acess insurance company Intranet, once user
Name, password leakage, then can generate the security risk of information leakage.In addition, being able to access that Intranet storage between each user
Image data leads to each data that can check other users per family, cannot ensure the privacy of data in this way.
Therefore, it is necessary to a kind of new data access method, device, system, electronic equipment and computer-readable mediums.
Above- mentioned information are only used for reinforcing the understanding to the background of the disclosure, therefore it disclosed in the background technology part
It may include the information not constituted to the prior art known to persons of ordinary skill in the art.
Summary of the invention
In view of this, the disclosure provides a kind of data access method, device, system, electronic equipment and computer-readable Jie
Matter can either reach the access security of the data in guarantee system, additionally it is possible to which the data in guarantee system are used in different access
Mutual independence between family.
Other characteristics and advantages of the disclosure will be apparent from by the following detailed description, or partially by the disclosure
Practice and acquistion.
According to the one side of the disclosure, a kind of data access method is proposed, this method comprises: passing through the first user name and the
One password carries out the first verifying on enterprise platform, obtains first verification data;Pass through second user name, the second password and described
First verification data carries out the second verifying on assistant authentification platform, obtains the second verify data;Pass through the second verifying number
Data access request is generated according to the mark of target data;And it is returned the result based on access request acquisition.
In a kind of exemplary embodiment of the disclosure, further includes: updated first user name of timing acquisition, first close
Code and second user name, the second password.
In a kind of exemplary embodiment of the disclosure, based on the access request acquisition return the result include: will be described
Access request is sent to the enterprise platform;And receive as the enterprise platform generate described in return the result.
According to the one side of the disclosure, it proposes a kind of data access method, is used this method comprises: obtaining first by user
Name in an account book and first password;First verifying is carried out to first user name and first password;It is raw after described first is verified
At first verification data;And the first verification data is sent to the user and assistant authentification platform.
In a kind of exemplary embodiment of the disclosure, further includes: obtain the second verify data by assistant authentification platform;By
Data access request is obtained at the user;Based on second verify data, third is carried out to the data access request and is tested
Card;And after third is verified, generates and return the result for the user.
In a kind of exemplary embodiment of the disclosure, it is based on second verify data, to the data access request
Carrying out third verifying includes: the second verify data by obtaining in assistant authentification platform, to second in the access request
Verify data is verified;And/or Authority Verification is carried out to the permission of the target data mark in the access request.
It include timestamp in second verify data in a kind of exemplary embodiment of the disclosure;Based on described
Two verify datas carry out third verifying to the data access request further include: based on the timestamp to the data access
Request carries out third verifying.
In a kind of exemplary embodiment of the disclosure, further includes: periodically by first user name, first password and
Two user names, the second password are associated update.
According to the one side of the disclosure, it proposes a kind of data access method, is used this method comprises: obtaining second by user
Name in an account book, the second password and first verification data;The is carried out to the second user name, the second password and the first verification data
Two verifyings;After second is verified, the second verify data is generated;And second verify data is sent to the user
And enterprise platform.
In a kind of exemplary embodiment of the disclosure, further includes: second user name after timing acquisition updates, second close
Code.
According to the one side of the disclosure, a kind of data access device is proposed, which includes: the first data module, is used for
The first verifying is carried out on enterprise platform by the first user name and first password, obtains first verification data;Second data mould
Block is obtained for carrying out the second verifying on assistant authentification platform by second user name, the second password and first identifying code
Take the second verify data;Access request module, for generating data by the mark of second verify data and target data
Access request;And module is returned the result, for being returned the result based on access request acquisition.
According to the one side of the disclosure, a kind of data access device is proposed, which includes: the first receiving module, is used for
First user name and first password are obtained by user;First authentication module, for first user name and first password
Carry out the first verifying;After described first is verified, first verification data is generated;And first sending module, for by institute
It states first verification data and is sent to the user and assistant authentification platform.
According to the one side of the disclosure, a kind of data access device is proposed, which includes: the second receiving module, is used for
Second user name, the second password and first verification data are obtained by user;Second authentication module, for the second user
Name, the second password and first identifying code carry out the second verifying;After second is verified, the second verify data is generated;With
And second sending module, for second verify data to be sent to the user and enterprise platform.
According to the one side of the disclosure, a kind of data access system is proposed, which includes: user terminal, for passing through the
One user name and first password carry out the first verifying on enterprise platform, obtain first verification data;Pass through second user name,
Two passwords and first identifying code carry out the second verifying on assistant authentification platform, obtain the second verify data;By described
The mark of second verify data and target data generates data access request;And it is obtained based on the access request and returns to knot
Fruit;Enterprise platform, for obtaining the first user name and first password by user;To first user name and first password into
Row first is verified;After described first is verified, first verification data is generated;And the first verification data is sent to
The user and assistant authentification platform;And assistant authentification platform, for by user acquisition second user name, the second password and
First identifying code;Second verifying is carried out to the second user name, the second password and first identifying code;It is tested second
After card passes through, the second verify data is generated;And second verify data is sent to the user and enterprise platform.
According to the one side of the disclosure, a kind of electronic equipment is proposed, which includes: one or more processors;
Storage device, for storing one or more programs;When one or more programs are executed by one or more processors, so that one
A or multiple processors realize such as methodology above.
According to the one side of the disclosure, it proposes a kind of computer-readable medium, is stored thereon with computer program, the program
Method as mentioned in the above is realized when being executed by processor.
According to the data access method of the disclosure, device, system, electronic equipment and computer-readable medium, pass through auxiliary
The mode of authentication platform auxiliary verifying, can either data in guarantee system access security, additionally it is possible in guarantee system
Data mutual independence between different access users.
It should be understood that the above general description and the following detailed description are merely exemplary, this can not be limited
It is open.
Detailed description of the invention
Its example embodiment is described in detail by referring to accompanying drawing, above and other target, feature and the advantage of the disclosure will
It becomes more fully apparent.Drawings discussed below is only some embodiments of the present disclosure, for the ordinary skill of this field
For personnel, without creative efforts, it is also possible to obtain other drawings based on these drawings.
Fig. 1 is the system scenarios block diagram of a kind of data access method and device shown according to an exemplary embodiment.
Fig. 2 is a kind of flow chart of the data access system shown according to another exemplary embodiment.
Fig. 3 is a kind of flow chart of data access method shown according to an exemplary embodiment.
Fig. 4 is a kind of flow chart of the data access method shown according to another exemplary embodiment.
Fig. 5 is a kind of flow chart of the data access method shown according to another exemplary embodiment.
Fig. 6 is a kind of flow chart of data access method shown according to an exemplary embodiment.
Fig. 7 is a kind of system block diagram of data access method shown according to an exemplary embodiment.
Fig. 8 is a kind of block diagram of data access device shown according to an exemplary embodiment.
Fig. 9 is a kind of block diagram of the data access device shown according to another exemplary embodiment.
Figure 10 is a kind of block diagram of the data access device shown according to another exemplary embodiment.
Figure 11 is the block diagram of a kind of electronic equipment shown according to an exemplary embodiment.
Figure 12 is that a kind of computer readable storage medium schematic diagram is shown according to an exemplary embodiment.
Specific embodiment
Example embodiment is described more fully with reference to the drawings.However, example embodiment can be real in a variety of forms
It applies, and is not understood as limited to embodiment set forth herein;On the contrary, thesing embodiments are provided so that the disclosure will be comprehensively and complete
It is whole, and the design of example embodiment is comprehensively communicated to those skilled in the art.Identical appended drawing reference indicates in figure
Same or similar part, thus repetition thereof will be omitted.
In addition, described feature, structure or characteristic can be incorporated in one or more implementations in any suitable manner
In example.In the following description, many details are provided to provide and fully understand to embodiment of the disclosure.However,
It will be appreciated by persons skilled in the art that can with technical solution of the disclosure without one or more in specific detail,
Or it can be using other methods, constituent element, device, step etc..In other cases, it is not shown in detail or describes known side
Method, device, realization or operation are to avoid fuzzy all aspects of this disclosure.
Block diagram shown in the drawings is only functional entity, not necessarily must be corresponding with physically separate entity.
I.e., it is possible to realize these functional entitys using software form, or realized in one or more hardware modules or integrated circuit
These functional entitys, or these functional entitys are realized in heterogeneous networks and/or processor device and/or microcontroller device.
Flow chart shown in the drawings is merely illustrative, it is not necessary to including all content and operation/step,
It is not required to execute by described sequence.For example, some operation/steps can also decompose, and some operation/steps can close
And or part merge, therefore the sequence actually executed is possible to change according to the actual situation.
It should be understood that although herein various assemblies may be described using term first, second, third, etc., these groups
Part should not be limited by these terms.These terms are to distinguish a component and another component.Therefore, first group be discussed herein below
Part can be described as the second component without departing from the teaching of disclosure concept.As used herein, term " and/or " include associated
All combinations for listing any of project and one or more.
It will be understood by those skilled in the art that attached drawing is the schematic diagram of example embodiment, module or process in attached drawing
Necessary to not necessarily implementing the disclosure, therefore it cannot be used for the protection scope of the limitation disclosure.
Fig. 1 is the system scenarios block diagram of a kind of data access method and device shown according to an exemplary embodiment.
As shown in Figure 1, system architecture 100 may include user terminal 101, enterprise platform 102, assistant authentification platform 103
With network 104;System architecture 100 can also include inquiry system 105, data system 106.Wherein.Network 104 is in user
Terminal 101, provides the medium of communication link between assistant authentification platform 103 at enterprise platform 102;Network 104 is also flat to enterprise
Platform 102 and inquiry system 105 provide the medium of communication link between data system 106.It may include various companies in network 104
Connect type, such as wired, wireless communication link or fiber optic cables etc..
Agency can be interacted by network 104 with enterprise platform 102, assistant authentification platform 103 with user terminal 101,
To receive or send message etc..User terminal 101, enterprise platform 102, assistant authentification platform 103, inquiry system 105, data system
Various telecommunication customer end applications, such as the application of web browser applications, searching class, instant messaging work can be installed on system 106
Tool, mailbox client, social platform software etc..
User terminal 101, enterprise platform 102, assistant authentification platform 103, inquiry system 105, data system 106 can be
It is with display screen and various electronic equipments that supported web page browses, including but not limited to smart phone, tablet computer, on knee
Portable computer and desktop computer etc..
Enterprise platform 102, assistant authentification platform 103 can be to provide the server of various services, such as pass through to user
The server that the data access request that user terminal 101 is proposed is supported.Enterprise platform 102, assistant authentification platform 103 can
To carry out the processing such as analyzing to the data received, and processing result is fed back into user terminal 101.
User terminal 101 can for example carry out the first verifying by the first user name and first password on enterprise platform, use
Family terminal 101 can for example obtain first verification data;User terminal 101 can for example pass through second user name, the second password and institute
It states the first identifying code and carries out the second verifying on assistant authentification platform, obtain the second verify data;User terminal 101 can for example lead to
The mark for crossing second verify data and target data generates data access request;And user terminal 101 can for example based on
The access request acquisition returns the result.Wherein, the access request can be visit of the user to the image data on enterprise platform
Ask request.
Enterprise platform 102 for example can obtain the first user name and first password by user;Enterprise platform 102 can be for example right
First user name and first password carry out the first verifying;Enterprise platform 102 can be raw for example after described first is verified
At first verification data;And enterprise platform 102 first verification data for example can be sent to the user and auxiliary is recognized
Demonstrate,prove platform.Second verify data is obtained by assistant authentification platform;Enterprise platform 102 for example can obtain data by the user and visit
Ask request;Enterprise platform 102 can carry out third verifying to the data access request for example based on second verify data;
And enterprise platform 102 can be generated for the user and be returned the result for example after third is verified.
Wherein, enterprise platform 102 can be for example by with inquiry system 105, data interaction between data system 106, into
The verifying of row first and generation return the result.
Assistant authentification platform 103 for example can obtain second user name, the second password and first identifying code by user;
Assistant authentification platform 103 for example can carry out the second verifying to the second user name, the second password and first identifying code;It is auxiliary
Help authentication platform 103 that can generate the second verify data for example after second is verified;And assistant authentification platform 103 can example
The second verify data is sent to the user and enterprise platform as will be described.
Enterprise platform 102 and assistant authentification platform 103 can be the server of an entity, also may be, for example, multiple services
Device composition, it should be noted that data access method provided by the embodiment of the present disclosure can be put down by user terminal 101, enterprise
Platform 102, assistant authentification platform 103 execute, and correspondingly, data access device can be set in user terminal 101, enterprise platform
102, in assistant authentification platform 103.
It avoids user by way of the auxiliary verifying of assistant authentification platform according to the data access method of the disclosure and lets out
Reveal enterprise platform user password after safety issue, data access request carry out data permission inquiry, it is ensured that user it
Between to image data access independence.Can either data in guarantee system access security, additionally it is possible in guarantee system
Data between different access users mutual independence.
According to the data access method of the disclosure, for user by user name, cryptographic acess insurance company (enterprise platform) is interior
The image data for netting storage, even if the user name of enterprise platform, password leakage is used in other users by the enterprise platform of leakage
When name in an account book and cryptographic acess enterprise platform, the auxiliary since assistant authentification platform being still required when accessing enterprise platform is verified,
So that the password of leakage can not directly access the data of enterprise platform, it ensure that the safety of data, also ensure data in difference
Access the mutual independence between user.
Fig. 2 is a kind of flow chart of the data access system shown according to another exemplary embodiment.Process in Fig. 2 is
To the detailed description of system treatment process, data access method 20 includes at least step S201 to S209.
In one embodiment, initial stage, enterprise platform distribute independent username and password, assistant authentification to user
Platform also distributes independent username and password, the username and password of enterprise platform and the user of assistant authentification platform to user
Name and password be not identical.
In one embodiment, can also be for example in the initial stage, enterprise platform distributes first set user name and close to user
Second set of user name password is distributed to assistant authentification platform so that user makes by code and second set of user name password, enterprise platform
With the username and password of enterprise platform is not identical as the username and password of assistant authentification platform.The application is not limited.
As shown in Fig. 2, the first user name and first password are sent enterprise platform by user in S201.
In S202, enterprise platform verifies login user, and whether verification user is legal, if legal, returns to user
First verification data, first verification data can be a string of random sequence numbers, and the random sequence number is transmitted to assistant authentification and is put down
Platform.If illegal, directly refusal request.
In S203, after enterprise platform verification is legal, first verification data is returned to user.
In S204, user sends certification request to assistant authentification platform, carries user in the certification request and is assisting
First verification data (the random sequence that the second user name of authentication platform, the second password and user receive from enterprise platform
Number).
In S205, assistant authentification platform is to the second user name of the user received, the second password and random sequence
It number is verified.
In S206, after being proved to be successful, user authentication success response is sent to user and enterprise platform, is carried in the response
Have the second verify data, the second verify data may include authenticate successful user ID and assistant authentification platform generate it is new
Random sequence number and timestamp.
In S207, user generates the mark of the second verify data and target data to be downloaded by assistant authentification platform
Data access request is sent to enterprise platform again.
In S208, enterprise platform receives the data access request, carries out third verifying, determine receive it is new random
Whether sequence number, timestamp are legal and effective.
In one embodiment, third verifying is legal, and enterprise platform can enter ginseng with target data serial number and look into data
The system queries target data information is ask, the inquiry request of user is otherwise refused.Wherein, new random sequence is received from user
It is number consistent with the new random sequence number received from third party, and the receiving time of the two is within a specified time, then it is assumed that it should
Random sequence number is legal, otherwise it is assumed that illegal.
In one embodiment, data query system returns to the enterprise platform target data information.Enterprise platform according to
The target data information, judges whether the mechanism has the permission for accessing this target data, if so, then obtaining shadow to data system
Picture, then target data is returned into user;If not checking the permission of the target data, refusal directly is returned to user and is rung
It answers.Wherein, judge whether the mechanism has the permission for accessing this target data concretely: detecting the use in the target data information
Whether family information is the user or the mechanism for licensing to the user, if it is, there is the permission for accessing this image in the mechanism, it is no
Do not have then.
In S209, after third verification passes through, returned data is generated.
In one embodiment, the enterprise platform period updates the username and password that this system distributes to user, and will become
Synchronizing information after more is to user and assistant authentification platform.
In one embodiment, assistant authentification platform receives the change message of enterprise platform, and record enterprise platform is sent
User name password, while changing the user name password that this system distributes to user, modification information be then synchronized to user.
In one embodiment, user receives modification information, and local is recorded.Next time request with new user name password into
Row certification.
Fig. 3 is a kind of flow chart of data access method shown according to an exemplary embodiment.Process in Fig. 3 is pair
The detailed description of user terminal treatment process, data access method 30 include at least step S302 to S308.
As shown in figure 3, the first verifying is carried out on enterprise platform by the first user name and first password in S302,
Obtain first verification data.
It is enterprising in assistant authentification platform by second user name, the second password and the first verification data in S304
Row second is verified, and the second verify data is obtained.
In S306, data access request is generated by the mark of second verify data and target data.
In S308, returned the result based on access request acquisition.
In one embodiment, further includes: updated first user name of timing acquisition, first password and second user
Name, the second password.
Fig. 4 is a kind of flow chart of data access method shown according to an exemplary embodiment.Process in Fig. 4 is pair
The detailed description of enterprise platform treatment process, data access method 40 include at least step S402 to S408.
As shown in figure 4, obtaining the first user name and first password by user in S402.
In S404, the first verifying is carried out to first user name and first password.
In S406, after described first is verified, first verification data is generated.
In S408, the first verification data is sent to the user and assistant authentification platform.
In one embodiment, further includes: the second verify data is obtained by assistant authentification platform;It is obtained by the user
Data access request;Based on second verify data, third verifying is carried out to the data access request;And it is tested in third
After card passes through, generates and return the result for the user.
In one embodiment, further includes: periodically by first user name, first password and second user name, second
Password is associated update.
Fig. 5 is a kind of flow chart of data access method shown according to an exemplary embodiment.Process in Fig. 5 is pair
The detailed description of assistant authentification platform processes process, data access method 50 include at least step S502 to S508.
As shown in figure 5, obtaining second user name, the second password and first verification data by user in S502.
In S504, the second verifying is carried out to the second user name, the second password and the first verification data.
In S506, after second is verified, the second verify data is generated.
In S508, second verify data is sent to the user and enterprise platform.
In one embodiment, further includes: second user name, the second password after timing acquisition updates.
It, can either data in guarantee system by way of multiple authentication according to the data access method of the disclosure
Access security, additionally it is possible to data in the guarantee system mutual independence between different access users.
Fig. 6 is a kind of flow chart of data access method shown according to an exemplary embodiment.Fig. 7 is that a data are visited
Ask that the system block diagram of method, Fig. 6 and Fig. 7 include agency (user terminal), enterprise platform, data query system and shadow to one
As system, the content in the disclosure is described in detail in the concrete application scene of third party's assistance platform, and detailed process is as follows:
In S1, initial stage, enterprise platform distributes independent username and password to agency, and Third Party Authentication is flat
Platform also distributes independent username and password to agency, and each mechanism is different.
In S2, agency sends user's request to enterprise platform using the user name and password of distributing to oneself and recognizes
Card.
In S3, enterprise platform verifies login user, and whether verification user is legal, if legal, returns to agency
A random sequence number is returned, and the random sequence number is transmitted to Third Party Authentication platform.If illegal, directly refusal is asked
It asks.
In S4, agency sends certification request to Third Party Authentication platform, carries proxy machine in the certification request
User name of the structure in third-party platform, the random sequence number that password and agency receive from enterprise platform.
In S5, user name of the Third Party Authentication platform to the agency received, password, random sequence number tested
Card after being proved to be successful, sends agency to agency and enterprise platform and authenticates success response, carry certification in the response
The new random sequence number and timestamp that the ID and Third Party Authentication platform of successful agency are generated.
In S6, agency carries new random sequence number, timestamp and the image sequence that Third Party Authentication platform generates
Image downloading request is sent to enterprise platform number again
In S7, enterprise platform receives downloading request, verifies the new random sequence number received, whether timestamp closes
Method and effectively, legal, enterprise platform enters the data information that ginseng inquires to data query system the image with image serial number, no
Then refuse the inquiry request of agency.Wherein, new random sequence number is received from agency to receive with from third party
New random sequence number it is consistent, and the receiving time of the two is within a specified time, then it is assumed that the random sequence number is legal, otherwise
Think illegal.
In S8, data query system returns to the data information of the enterprise platform image.
In S9, enterprise platform judges whether the mechanism has the permission for accessing this image according to the data information of the image,
If so, then obtaining image to image system, then image data is returned into agency;If not checking the power of the image
Limit is then directly returned to agency and is refused to respond.Wherein, judge whether the mechanism has the permission for accessing this image specifically: inspection
Whether the agency's information surveyed in the data information of the image is the agency or the mechanism for licensing to the agency,
If it is, there is the permission for accessing this image in the mechanism, otherwise do not have.
In S10, the enterprise platform period updates the username and password that this system distributes to agency, and will be after change
Synchronizing information to agency and third-party platform.
In S11, third-party platform receives the change message of enterprise platform, and the user name that record enterprise platform is sent is close
Code, while the user name password that this system distributes to agency is changed, modification information is then synchronized to agency.
In S12, agency receives modification information, and local is recorded.Next time, request was carried out with new user name password
Certification.
It will be clearly understood that the present disclosure describes how to form and use particular example, but the principle of the disclosure is not limited to
These exemplary any details.On the contrary, the introduction based on disclosure disclosure, these principles can be applied to many other
Embodiment.
It will be appreciated by those skilled in the art that realizing that all or part of the steps of above-described embodiment is implemented as being executed by CPU
Computer program.When the computer program is executed by CPU, above-mentioned function defined by the above method that the disclosure provides is executed
Energy.The program can store in a kind of computer readable storage medium, which can be read-only memory, magnetic
Disk or CD etc..
Further, it should be noted that above-mentioned attached drawing is only the place according to included by the method for disclosure exemplary embodiment
Reason schematically illustrates, rather than limits purpose.It can be readily appreciated that above-mentioned processing shown in the drawings is not indicated or is limited at these
The time sequencing of reason.In addition, be also easy to understand, these processing, which can be, for example either synchronously or asynchronously to be executed in multiple modules.
Following is embodiment of the present disclosure, can be used for executing embodiments of the present disclosure.It is real for disclosure device
Undisclosed details in example is applied, embodiments of the present disclosure is please referred to.
Fig. 8 is a kind of block diagram of data access device shown according to an exemplary embodiment.Data access device 80 can
It is arranged in user terminal, data access device 80 includes: the first data module 802, the second data module 804, access request module
806, return the result module 808.
First data module 802 is used to carry out the first verifying on enterprise platform by the first user name and first password,
Obtain first verification data;
Second data module 804 is used for through second user name, the second password and first identifying code in assistant authentification
The second verifying is carried out on platform, obtains the second verify data;
Access request module 806 is used to generate data access by the mark of second verify data and target data and ask
It asks;And
Return the result module 808 for based on the access request obtain return the result.
Fig. 9 is a kind of block diagram of the data access device shown according to another exemplary embodiment.Data access device 90
It may be provided at enterprise platform, data access device 90 includes: the first receiving module 902, and the first authentication module 904, first sends
Module 906, the second authentication module 908, the first request module 910, third authentication module 912 and result return module 914.
First receiving module 902 is used to obtain the first user name and first password by user;
First authentication module 904 is used to carry out the first verifying to first user name and first password;Described first
After being verified, first verification data is generated;And
First sending module 906 is used to the first verification data being sent to the user and assistant authentification platform.
Second authentication module 908 is used to obtain the second verify data by assistant authentification platform;
First request module 910 is used to obtain data access request by the user;
Third authentication module 912 is used to be based on second verify data, carries out third to the data access request and tests
Card;And
Result return module 914 is used for after third is verified, and is generated and is returned the result for the user.
Figure 10 is a kind of block diagram of the data access device shown according to another exemplary embodiment.Data access device
100 may be provided at assistant authentification platform, and data access device 100 includes: the second receiving module 1002, the second authentication module
1004, the second sending module 1006.
Second receiving module 1002 is used to obtain second user name, the second password and first verification data by user;
Second authentication module 1004 is used to carry out second to the second user name, the second password and first identifying code
Verifying;After second is verified, the second verify data is generated;And
Second sending module 1006 is used to second verify data being sent to the user and enterprise platform.
According to the data access device of the disclosure, it is close that user leakage enterprise platform user is avoided using assistant authentification platform
Safety issue after code, data access request carry out data permission inquiry, it is ensured that access between user image data
Independence.Can either data in guarantee system access security, additionally it is possible to the data in guarantee system are in different visits
Ask mutual independence between user.
Figure 11 is the block diagram of a kind of electronic equipment shown according to an exemplary embodiment.
The electronic equipment 200 of this embodiment according to the disclosure is described referring to Figure 11.The electricity that Figure 11 is shown
Sub- equipment 200 is only an example, should not function to the embodiment of the present disclosure and use scope bring any restrictions.
As shown in figure 11, electronic equipment 200 is showed in the form of universal computing device.The component of electronic equipment 200 can be with
Including but not limited to: at least one processing unit 210, at least one storage unit 220, the different system components of connection (including are deposited
Storage unit 220 and processing unit 210) bus 230, display unit 240 etc..
Wherein, the storage unit is stored with program code, and said program code can be held by the processing unit 210
Row, so that the processing unit 210 executes described in this specification above-mentioned electronic prescription circulation processing method part according to this
The step of disclosing various illustrative embodiments.For example, the processing unit 210 can be executed such as Fig. 2, Fig. 3, Fig. 4, Fig. 5, figure
Step shown in 6.
The storage unit 220 may include the readable medium of volatile memory cell form, such as random access memory
Unit (RAM) 2201 and/or cache memory unit 2202 can further include read-only memory unit (ROM) 2203.
The storage unit 220 can also include program/practical work with one group of (at least one) program module 2205
Tool 2204, such program module 2205 includes but is not limited to: operating system, one or more application program, other programs
It may include the realization of network environment in module and program data, each of these examples or certain combination.
Bus 230 can be to indicate one of a few class bus structures or a variety of, including storage unit bus or storage
Cell controller, peripheral bus, graphics acceleration port, processing unit use any bus structures in a variety of bus structures
Local bus.
Electronic equipment 200 can also be with one or more external equipments 300 (such as keyboard, sensing equipment, bluetooth equipment
Deng) communication, can also be enabled a user to one or more equipment interact with the electronic equipment 200 communicate, and/or with make
Any equipment (such as the router, modulation /demodulation that the electronic equipment 200 can be communicated with one or more of the other calculating equipment
Device etc.) communication.This communication can be carried out by input/output (I/O) interface 250.Also, electronic equipment 200 can be with
By network adapter 260 and one or more network (such as local area network (LAN), wide area network (WAN) and/or public network,
Such as internet) communication.Network adapter 260 can be communicated by bus 230 with other modules of electronic equipment 200.It should
Understand, although not shown in the drawings, other hardware and/or software module can be used in conjunction with electronic equipment 200, including but unlimited
In: microcode, device driver, redundant processing unit, external disk drive array, RAID system, tape drive and number
According to backup storage system etc..
Through the above description of the embodiments, those skilled in the art is it can be readily appreciated that example described herein is implemented
Mode can also be realized by software realization in such a way that software is in conjunction with necessary hardware.Therefore, according to the disclosure
The technical solution of embodiment can be embodied in the form of software products, which can store non-volatile at one
Property storage medium (can be CD-ROM, USB flash disk, mobile hard disk etc.) in or network on, including some instructions are so that a calculating
Equipment (can be personal computer, server or network equipment etc.) executes the above method according to disclosure embodiment.
Figure 12 schematically shows a kind of computer readable storage medium schematic diagram in disclosure exemplary embodiment.
With reference to shown in Figure 12, the program product for realizing the above method according to embodiment of the present disclosure is described
400, can using portable compact disc read only memory (CD-ROM) and including program code, and can in terminal device,
Such as it is run on PC.However, the program product of the disclosure is without being limited thereto, in this document, readable storage medium storing program for executing can be with
To be any include or the tangible medium of storage program, the program can be commanded execution system, device or device use or
It is in connection.
Described program product can be using any combination of one or more readable mediums.Readable medium can be readable letter
Number medium or readable storage medium storing program for executing.Readable storage medium storing program for executing for example can be but be not limited to electricity, magnetic, optical, electromagnetic, infrared ray or
System, device or the device of semiconductor, or any above combination.The more specific example of readable storage medium storing program for executing is (non exhaustive
List) include: electrical connection with one or more conducting wires, portable disc, hard disk, random access memory (RAM), read-only
Memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc read only memory
(CD-ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.
The computer readable storage medium may include in a base band or the data as the propagation of carrier wave a part are believed
Number, wherein carrying readable program code.The data-signal of this propagation can take various forms, including but not limited to electromagnetism
Signal, optical signal or above-mentioned any appropriate combination.Readable storage medium storing program for executing can also be any other than readable storage medium storing program for executing
Readable medium, the readable medium can send, propagate or transmit for by instruction execution system, device or device use or
Person's program in connection.The program code for including on readable storage medium storing program for executing can transmit with any suitable medium, packet
Include but be not limited to wireless, wired, optical cable, RF etc. or above-mentioned any appropriate combination.
Can with any combination of one or more programming languages come write for execute the disclosure operation program
Code, described program design language include object oriented program language-Java, C++ etc., further include conventional
Procedural programming language-such as " C " language or similar programming language.Program code can be fully in user
It calculates and executes in equipment, partly executes on a user device, being executed as an independent software package, partially in user's calculating
Upper side point is executed on a remote computing or is executed in remote computing device or server completely.It is being related to far
Journey calculates in the situation of equipment, and remote computing device can pass through the network of any kind, including local area network (LAN) or wide area network
(WAN), it is connected to user calculating equipment, or, it may be connected to external computing device (such as utilize ISP
To be connected by internet).
Above-mentioned computer-readable medium carries one or more program, when said one or multiple programs are by one
When the equipment executes, so that the computer-readable medium implements function such as:
The first verifying is carried out on enterprise platform by the first user name and first password, obtains first verification data;It is logical
It crosses second user name, the second password and the first verification data and carries out the second verifying on assistant authentification platform, obtain second
Verify data;Data access request is generated by the mark of second verify data and target data;And it is based on the visit
Ask that request returns the result.
First user name and first password are obtained by user;First is carried out to first user name and first password to test
Card;After described first is verified, first verification data is generated;And the first verification data is sent to the user
And assistant authentification platform.
Second user name, the second password and first verification data are obtained by user;To the second user name, second close
Code and the first verification data carry out the second verifying;After second is verified, the second verify data is generated;And it will be described
Second verify data is sent to the user and enterprise platform.
It will be appreciated by those skilled in the art that above-mentioned each module can be distributed in device according to the description of embodiment, it can also
Uniquely it is different from one or more devices of the present embodiment with carrying out corresponding change.The module of above-described embodiment can be merged into
One module, can also be further split into multiple submodule.
By the description of above embodiment, those skilled in the art is it can be readily appreciated that example embodiment described herein
It can also be realized in such a way that software is in conjunction with necessary hardware by software realization.Therefore, implemented according to the disclosure
The technical solution of example can be embodied in the form of software products, which can store in a non-volatile memories
In medium (can be CD-ROM, USB flash disk, mobile hard disk etc.) or on network, including some instructions are so that a calculating equipment (can
To be personal computer, server, mobile terminal or network equipment etc.) it executes according to the method for the embodiment of the present disclosure.
In addition, structure shown by this specification Figure of description, ratio, size etc., only to cooperate specification institute
Disclosure, for skilled in the art realises that be not limited to the enforceable qualifications of the disclosure with reading, therefore
Do not have technical essential meaning, the modification of any structure, the change of proportionate relationship or the adjustment of size are not influencing the disclosure
Under the technical effect and achieved purpose that can be generated, it should all still fall in technology contents disclosed in the disclosure and obtain and can cover
In the range of.Meanwhile cited such as "upper" in this specification, " first ", " second " and " one " term, be also only and be convenient for
Narration is illustrated, rather than to limit the enforceable range of the disclosure, relativeness is altered or modified, without substantive change
Under technology contents, when being also considered as the enforceable scope of the disclosure.
Claims (11)
1. a kind of data access method, can be applicable to user terminal characterized by comprising
The first verifying is carried out on enterprise platform by the first user name and first password, obtains first verification data;
The second verifying is carried out on assistant authentification platform by second user name, the second password and the first verification data, is obtained
Take the second verify data;
Data access request is generated by the mark of second verify data and target data;And
It is returned the result based on access request acquisition.
2. a kind of data access method can be applicable to enterprise platform end characterized by comprising
First user name and first password are obtained by user;
First verifying is carried out to first user name and first password;
After described first is verified, first verification data is generated;By the first verification data be sent to the user and
Assistant authentification platform;
Second verify data is obtained by assistant authentification platform;
Data access request is obtained by the user;
Based on second verify data, third verifying is carried out to the data access request;And
After third is verified, generates and return the result for the user.
3. method according to claim 2, which is characterized in that be based on second verify data, asked to the data access
Ask carry out third verifying include:
By the second verify data obtained in assistant authentification platform, the second verify data in the access request is tested
Card;And/or
Authority Verification is carried out to the permission of the target data mark in the access request.
4. method as claimed in claim 3, which is characterized in that include timestamp in second verify data;
Based on second verify data, third verifying is carried out to the data access request further include:
Third verifying is carried out to the data access request based on the timestamp.
5. a kind of data access method can be applicable to assistant authentification platform end characterized by comprising
Second user name, the second password and first verification data are obtained by user;
Second verifying is carried out to the second user name, the second password and the first verification data;
After second is verified, the second verify data is generated;And
Second verify data is sent to the user and enterprise platform.
6. a kind of data access device, can be applicable to user terminal characterized by comprising
First data module, for carrying out the first verifying on enterprise platform by the first user name and first password, acquisition the
One verify data;
Second data module, for passing through second user name, the second password and first identifying code in assistant authentification platform
The second verifying is carried out, the second verify data is obtained;
Access request module, for generating data access request by the mark of second verify data and target data;With
And
Module is returned the result, for returning the result based on access request acquisition.
7. a kind of data access device can be applicable to enterprise platform end characterized by comprising
First receiving module, for obtaining the first user name and first password by user;
First authentication module, for carrying out the first verifying to first user name and first password;It is logical in first verifying
Later, first verification data is generated;And
First sending module, for the first verification data to be sent to the user and assistant authentification platform;
Second authentication module, for obtaining the second verify data by assistant authentification platform;
First request module, for obtaining data access request by the user;
Third authentication module carries out third verifying to the data access request for being based on second verify data;And
Result return module, for generating and returning the result for the user after third is verified.
8. a kind of data access device can be applicable to assistant authentification platform end characterized by comprising
Second receiving module, for obtaining second user name, the second password and first verification data by user;
Second authentication module, for carrying out the second verifying to the second user name, the second password and first identifying code;In
After second is verified, the second verify data is generated;And
Second sending module, for second verify data to be sent to the user and enterprise platform.
9. a kind of data access system characterized by comprising
User terminal obtains the first verifying for carrying out the first verifying on enterprise platform by the first user name and first password
Data;The second verifying is carried out on assistant authentification platform by second user name, the second password and first identifying code, is obtained
Second verify data;Data access request is generated by the mark of second verify data and target data;And based on institute
Access request acquisition is stated to return the result;And
Enterprise platform, for obtaining the first user name and first password by user;To first user name and first password
Carry out the first verifying;After described first is verified, first verification data is generated;And the first verification data is sent
To the user and assistant authentification platform;Second verify data is obtained by assistant authentification platform;Data are obtained by the user
Access request;Based on second verify data, third verifying is carried out to the data access request;And it is logical in third verifying
Later, it generates and returns the result for the user;And
Assistant authentification platform, for obtaining second user name, the second password and first identifying code by user;To described
Two user names, the second password and first identifying code carry out the second verifying;After second is verified, the second verifying number is generated
According to;And second verify data is sent to the user and enterprise platform.
10. a kind of electronic equipment characterized by comprising
One or more processors;
Storage device, for storing one or more programs;
When one or more of programs are executed by one or more of processors, so that one or more of processors are real
The now method as described in any in claims 1 or 2-4 or 5.
11. a kind of computer-readable medium, is stored thereon with computer program, which is characterized in that described program is held by processor
The method as described in any in claims 1 or 2-4 or 5 is realized when row.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910765096.3A CN110401674B (en) | 2019-08-19 | 2019-08-19 | Data access method, device, system, electronic equipment and computer readable medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910765096.3A CN110401674B (en) | 2019-08-19 | 2019-08-19 | Data access method, device, system, electronic equipment and computer readable medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110401674A true CN110401674A (en) | 2019-11-01 |
CN110401674B CN110401674B (en) | 2022-05-17 |
Family
ID=68328756
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910765096.3A Active CN110401674B (en) | 2019-08-19 | 2019-08-19 | Data access method, device, system, electronic equipment and computer readable medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110401674B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113098975A (en) * | 2021-04-16 | 2021-07-09 | 北京沃东天骏信息技术有限公司 | Cross-platform application publishing method and device |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102025506A (en) * | 2010-12-20 | 2011-04-20 | 中国联合网络通信集团有限公司 | User authentication method and device |
CN102651739A (en) * | 2011-02-28 | 2012-08-29 | 阿里巴巴集团控股有限公司 | Login verification method, system and instant messaging (IM) server |
CN105282125A (en) * | 2014-07-25 | 2016-01-27 | 中国电信股份有限公司 | Access control method and device in Web real-time communication |
CN106790267A (en) * | 2017-02-13 | 2017-05-31 | 郑州云海信息技术有限公司 | A kind of method and apparatus of access server operating system |
US20170171199A1 (en) * | 2015-12-15 | 2017-06-15 | Verizon Patent And Licensing Inc. | Network-based frictionless two-factor authentication service |
CN107018153A (en) * | 2017-05-27 | 2017-08-04 | 上海爱优威软件开发有限公司 | A kind of safe login method |
CN107665293A (en) * | 2016-07-28 | 2018-02-06 | 中兴通讯股份有限公司 | A kind of switching method and mobile terminal of multi-user's account |
CN109492374A (en) * | 2018-09-26 | 2019-03-19 | 平安医疗健康管理股份有限公司 | System login method, device, server and the storage medium of identity-based verifying |
CN109873805A (en) * | 2019-01-02 | 2019-06-11 | 平安科技(深圳)有限公司 | Cloud desktop login method, device, equipment and storage medium based on cloud security |
-
2019
- 2019-08-19 CN CN201910765096.3A patent/CN110401674B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102025506A (en) * | 2010-12-20 | 2011-04-20 | 中国联合网络通信集团有限公司 | User authentication method and device |
CN102651739A (en) * | 2011-02-28 | 2012-08-29 | 阿里巴巴集团控股有限公司 | Login verification method, system and instant messaging (IM) server |
CN105282125A (en) * | 2014-07-25 | 2016-01-27 | 中国电信股份有限公司 | Access control method and device in Web real-time communication |
US20170171199A1 (en) * | 2015-12-15 | 2017-06-15 | Verizon Patent And Licensing Inc. | Network-based frictionless two-factor authentication service |
CN107665293A (en) * | 2016-07-28 | 2018-02-06 | 中兴通讯股份有限公司 | A kind of switching method and mobile terminal of multi-user's account |
CN106790267A (en) * | 2017-02-13 | 2017-05-31 | 郑州云海信息技术有限公司 | A kind of method and apparatus of access server operating system |
CN107018153A (en) * | 2017-05-27 | 2017-08-04 | 上海爱优威软件开发有限公司 | A kind of safe login method |
CN109492374A (en) * | 2018-09-26 | 2019-03-19 | 平安医疗健康管理股份有限公司 | System login method, device, server and the storage medium of identity-based verifying |
CN109873805A (en) * | 2019-01-02 | 2019-06-11 | 平安科技(深圳)有限公司 | Cloud desktop login method, device, equipment and storage medium based on cloud security |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113098975A (en) * | 2021-04-16 | 2021-07-09 | 北京沃东天骏信息技术有限公司 | Cross-platform application publishing method and device |
CN113098975B (en) * | 2021-04-16 | 2023-01-10 | 北京沃东天骏信息技术有限公司 | Cross-platform application publishing method and device |
Also Published As
Publication number | Publication date |
---|---|
CN110401674B (en) | 2022-05-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105378744B (en) | User and device authentication in business system | |
US20180336554A1 (en) | Secure electronic transaction authentication | |
CN104798076B (en) | Privacy using polymerization security engine for Internet Service Provider strengthens key management | |
CN108200099B (en) | Mobile application, personal status relationship management | |
CN104253812B (en) | Entrust the certification for WEB service | |
CN109347855A (en) | Data access method, device, system, Electronic Design and computer-readable medium | |
CN111314340B (en) | Authentication method and authentication platform | |
CN108011862A (en) | The mandate of mirror image warehouse, access, management method and server and client side | |
CN107533501A (en) | Use block chain automated validation appliance integrality | |
CN107113302A (en) | Security and licensing architecture in multi-tenant computing system | |
CN107395614A (en) | Single-point logging method and system | |
CN102598577A (en) | Authentication using cloud authentication | |
CN102414690A (en) | Method and apparatus to create a secure web browsing environment with privilege signing | |
CN111177735A (en) | Identity authentication method, device, system and equipment and storage medium | |
WO2023241060A1 (en) | Data access method and apparatus | |
US9407654B2 (en) | Providing multi-level password and phishing protection | |
CN109450890A (en) | The method and apparatus of single-sign-on | |
CN110022207A (en) | Key management and the method and apparatus for handling data | |
Rajput et al. | Patient’s data privacy and security in mHealth applications: a Charles proxy-based recommendation | |
CN109450925A (en) | User right verification method, device and electronic equipment for electric power secondary system O&M | |
CN110401674A (en) | Data access method, device, system, electronic equipment and computer-readable medium | |
CN112541828A (en) | System, method, device, processor and storage medium for realizing open securities management and open securities API access control | |
CN114666299B (en) | Mail receiving and sending method, device, equipment and medium for satellite measurement, operation and control system | |
Gao et al. | An OAuth2. 0-based unified authentication system for secure services in the smart campus environment | |
CN112543194B (en) | Mobile terminal login method and device, computer equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |