CN111783075A - Authority management method, device and medium based on secret key and electronic equipment - Google Patents

Authority management method, device and medium based on secret key and electronic equipment Download PDF

Info

Publication number
CN111783075A
CN111783075A CN202010600636.5A CN202010600636A CN111783075A CN 111783075 A CN111783075 A CN 111783075A CN 202010600636 A CN202010600636 A CN 202010600636A CN 111783075 A CN111783075 A CN 111783075A
Authority
CN
China
Prior art keywords
key
access terminal
account
user
login request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010600636.5A
Other languages
Chinese (zh)
Other versions
CN111783075B (en
Inventor
张月涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Puhui Enterprise Management Co Ltd
Original Assignee
Ping An Puhui Enterprise Management Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Puhui Enterprise Management Co Ltd filed Critical Ping An Puhui Enterprise Management Co Ltd
Priority to CN202010600636.5A priority Critical patent/CN111783075B/en
Publication of CN111783075A publication Critical patent/CN111783075A/en
Application granted granted Critical
Publication of CN111783075B publication Critical patent/CN111783075B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/107License processing; Key processing
    • G06F21/1078Logging; Metering
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2117User registration

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

The disclosure relates to the field of identity authentication, and discloses a method, a device, a medium and an electronic device for managing authority. The method comprises the following steps: receiving a registration request; establishing an account and granting authority; generating a key for an account, randomly acquiring an encryption strategy, and correspondingly storing the key, the authority and a corresponding decryption strategy; encrypting the key by using an encryption strategy, and sending the encrypted key to an access terminal; judging whether the received login request comprises an encrypted key; if not, sending an identity authentication request to the access terminal to authenticate the identity of the user at the access terminal; if the verification is passed, the login request is passed and the step of sending a new key is transferred, otherwise, the step of reminding is transferred; if the login request comprises the encrypted key, verifying the key; and if the verification is passed, passing the login request and transferring to the step of sending the new key, otherwise, transferring to the reminding step. In addition, the disclosure also relates to a block chain technology, and information in the registration request can be stored in the block chain. This approach increases the security of rights management.

Description

Authority management method, device and medium based on secret key and electronic equipment
Technical Field
The present disclosure relates to the field of identity verification technologies for blockchains, and in particular, to a method, an apparatus, a medium, and an electronic device for rights management based on a key.
Background
With the development of network technologies such as blockchains, the problems of user privacy and network security become more important.
Currently, a system authority management scheme commonly used in the industry is a Role-Based Access Control (RBAC) authority design model, under which a many-to-many relationship is generally established between users and roles and between roles and authorities, and authority Control is usually realized by designing a user table, a Role table and an authority table. However, the rights managed by the existing rights management schemes are usually directly associated with the user, and once the account password of the user is stolen, the access right of the user can be acquired, so that the existing rights management schemes have the problem of insufficient security.
Disclosure of Invention
In the field of identity verification technologies for blockchains, to solve the above technical problems, an object of the present disclosure is to provide a method, an apparatus, a medium, and an electronic device for rights management based on a key.
According to an aspect of the present disclosure, there is provided a key-based rights management method, the method being performed by a target system, the method including:
receiving a registration request submitted by a user when the user accesses a target system for the first time through an access terminal, wherein the registration request comprises user information and identity authentication information;
establishing an account of the user according to the user information in the registration request, and granting a basic permission to the account as the permission of the account, wherein the account comprises an account identifier;
generating a first key for the account, randomly acquiring a first encryption strategy, determining a first decryption strategy corresponding to the first encryption strategy, and correspondingly storing the user information, the identity authentication information, the account identifier, the first key, the authority and the first decryption strategy;
encrypting the first key according to the first encryption strategy, and sending the encrypted first key to the access terminal;
when a login request from an access terminal is received, judging whether the login request comprises an encrypted key or not, wherein the login request comprises an account identifier corresponding to the account;
under the condition that the login request does not include the encrypted key, acquiring authentication information corresponding to an account identifier in the login request, and sending an authentication request to the access terminal according to the authentication information so as to authenticate the identity of the user of the access terminal;
if the verification is passed, the login request is passed and the step of sending a new key is transferred, wherein the step of sending the new key comprises the following steps: generating an un-generated second key for the account, randomly obtaining a second encryption strategy which is not used for the account, determining a second decryption strategy corresponding to the second encryption strategy, encrypting the second key according to the second encryption strategy, sending the encrypted second key to the access terminal, and respectively replacing the stored first key and the stored first decryption strategy correspondingly with the second key and the second decryption strategy;
if the verification fails, switching to a login failure reminding step, wherein the login failure reminding step comprises the following steps: refusing the login request and returning the reminding information of login failure to the access terminal;
under the condition that the login request comprises an encrypted key, acquiring a first decryption strategy and a first key corresponding to an account identifier in the login request, and decrypting the encrypted key by using the first decryption strategy to judge whether a decryption result is consistent with the first key;
and if the decryption result is consistent with the first key, passing the login request and transferring to the step of sending the new key, otherwise, transferring to the step of reminding login failure.
According to another aspect of the present disclosure, there is provided a key-based rights management apparatus, the apparatus running a target system, the apparatus including:
the system comprises a receiving module, a registration module and a processing module, wherein the receiving module is configured to receive a registration request submitted by a user when the user accesses a target system for the first time through an access terminal, and the registration request comprises user information and identity authentication information;
the establishing and granting module is configured to establish an account of the user according to the user information in the registration request, and grant basic permission to the account as permission of the account, wherein the account comprises an account identifier;
the storage module is configured to generate a first key for the account, randomly acquire a first encryption strategy, determine a first decryption strategy corresponding to the first encryption strategy, and correspondingly store the user information, the identity authentication information, the account identifier, the first key, the authority and the first decryption strategy;
the encryption module is configured to encrypt the first key according to the first encryption strategy and send the encrypted first key to the access terminal;
the first judgment module is configured to judge whether a login request from an access terminal is received, wherein the login request comprises an encrypted key or not, and the login request comprises an account identifier corresponding to the account;
the authentication module is configured to acquire authentication information corresponding to an account identifier in the login request under the condition that the login request does not include the encrypted key, and send an authentication request to the access terminal according to the authentication information so as to authenticate the identity of the user of the access terminal;
a sending module configured to pass the login request and transfer to a step of sending a new key if the authentication passes, wherein the step of sending the new key includes: generating an un-generated second key for the account, randomly obtaining a second encryption strategy which is not used for the account, determining a second decryption strategy corresponding to the second encryption strategy, encrypting the second key according to the second encryption strategy, sending the encrypted second key to the access terminal, and respectively replacing the stored first key and the stored first decryption strategy correspondingly with the second key and the second decryption strategy;
a reminding module configured to go to a login failure reminding step if the verification fails, wherein the login failure reminding step comprises: refusing the login request and returning the reminding information of login failure to the access terminal;
the second judgment module is configured to acquire a first decryption policy and a first key corresponding to an account identifier in the login request under the condition that the login request includes the encrypted key, and decrypt the encrypted key by using the first decryption policy to judge whether a decryption result is consistent with the first key; and
and if the decryption result is consistent with the first key, passing the login request and transferring to the step of sending the new key, otherwise, transferring to the step of reminding login failure.
According to another aspect of the present disclosure, there is provided a computer readable program medium storing computer program instructions which, when executed by a computer, cause the computer to perform the method as previously described.
According to another aspect of the present disclosure, there is provided an electronic apparatus including:
a processor;
a memory having computer readable instructions stored thereon which, when executed by the processor, implement the method as previously described.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects:
the authority management method based on the key provided by the disclosure is executed by a target system and comprises the following steps: receiving a registration request submitted by a user when the user accesses a target system for the first time through an access terminal, wherein the registration request comprises user information and identity authentication information; establishing an account of the user according to the user information in the registration request, and granting a basic permission to the account as the permission of the account, wherein the account comprises an account identifier; generating a first key for the account, randomly acquiring a first encryption strategy, determining a first decryption strategy corresponding to the first encryption strategy, and correspondingly storing the user information, the identity authentication information, the account identifier, the first key, the authority and the first decryption strategy; encrypting the first key according to the first encryption strategy, and sending the encrypted first key to the access terminal; when a login request from an access terminal is received, judging whether the login request comprises an encrypted key or not, wherein the login request comprises an account identifier corresponding to the account; under the condition that the login request does not include the encrypted key, acquiring authentication information corresponding to an account identifier in the login request, and sending an authentication request to the access terminal according to the authentication information so as to authenticate the identity of the user of the access terminal; if the verification is passed, the login request is passed and the step of sending a new key is transferred, wherein the step of sending the new key comprises the following steps: generating an un-generated second key for the account, randomly obtaining a second encryption strategy which is not used for the account, determining a second decryption strategy corresponding to the second encryption strategy, encrypting the second key according to the second encryption strategy, sending the encrypted second key to the access terminal, and respectively replacing the stored first key and the stored first decryption strategy correspondingly with the second key and the second decryption strategy; if the verification fails, switching to a login failure reminding step, wherein the login failure reminding step comprises the following steps: refusing the login request and returning the reminding information of login failure to the access terminal; under the condition that the login request comprises an encrypted key, acquiring a first decryption strategy and a first key corresponding to an account identifier in the login request, and decrypting the encrypted key by using the first decryption strategy to judge whether a decryption result is consistent with the first key; and if the decryption result is consistent with the first key, passing the login request and transferring to the step of sending the new key, otherwise, transferring to the step of reminding login failure.
Under the method, when the key of the access terminal is lost, the identity authentication needs to be carried out again, the random encryption strategy is used for encryption, the encryption strategy is stored in the service terminal, and the encryption strategy of the key and the key is updated every time the access terminal requests the authority of the service terminal, so that the safety of authority management is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
FIG. 1 is a system architecture diagram illustrating a method of key-based rights management in accordance with an exemplary embodiment;
FIG. 2 is a flow diagram illustrating a method of key-based rights management in accordance with an exemplary embodiment;
FIG. 3 is a flowchart illustrating details of step 220 according to one embodiment illustrated in a corresponding embodiment of FIG. 2;
FIG. 4 is a block diagram illustrating a key-based rights management apparatus in accordance with an exemplary embodiment;
FIG. 5 is a block diagram illustrating an example of an electronic device implementing the key-based rights management method described above, according to one example embodiment;
fig. 6 is a diagram illustrating a computer-readable storage medium implementing the above-described key-based rights management method according to an example embodiment.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the invention, as detailed in the appended claims.
Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus their repetitive description will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities.
The present disclosure first provides a method for rights management based on a secret key. The authority management is that a set of security rules is set in a software system, and each user can access and only access authorized resources or objects under the security rules. In a system, what resources or objects a user can access and how to access these resources or objects is the user's rights in the system, which are usually set by the system or by an administrator, and cannot generally be changed at will by ordinary users. The security of protecting the system authority is to protect the resources or objects in the system and to make the resources or objects in the system be accessed by the legal person in a proper way, so that the authority management is to protect the data and information security, which is an important task in the present society. The authority management method based on the key provided by the disclosure can ensure that the authority management is safer.
The implementation terminal of the present disclosure may be any device having computing, processing, and communication functions, which may be connected to an external device for receiving or sending data, and specifically may be a portable mobile device, such as a smart phone, a tablet computer, a notebook computer, a pda (personal Digital assistant), or the like, or may be a fixed device, such as a computer device, a field terminal, a desktop computer, a server, a workstation, or the like, or may be a set of multiple devices, such as a physical infrastructure of cloud computing or a server cluster.
Optionally, the implementation terminal of the present disclosure may be a server or a physical infrastructure of cloud computing.
Fig. 1 is a system architecture diagram illustrating a method for key-based rights management in accordance with an exemplary embodiment. As shown in fig. 1, the system architecture includes a server 110, a first user terminal 121, a second user terminal 122, and a database 130. The first user terminal 121, the second user terminal 122 and the database 130 are all connected to the server 110 through communication links, so that data can be received and transmitted. A target system, that is, a system requiring rights management, is operated on the server 110, and both the first user terminal 121 and the second user terminal 122 have access terminals capable of accessing the target system on the server 110. When the method for rights management based on a key provided by the embodiment of the present disclosure is applied to the system architecture shown in fig. 1, a specific process may be as follows: firstly, a user firstly accesses a target system for registration through a first user terminal 121, and submits user information and identity authentication information; the target system acquires user information and identity authentication information, then establishes an account for the user according to the user information, and sets basic permission for the account; then, the target system locally obtains a first encryption policy from the server 110, obtains a first decryption policy corresponding to the first encryption policy, generates a first key at the same time, and then correspondingly stores the user information, the identity authentication information, the account identifier, the first key, the authority and the first decryption policy in the database 130; and then, the target system encrypts the first key according to the first encryption strategy and sends the encrypted first key to the access terminal. The access terminal corresponding to the target system automatically carries the obtained encrypted key in the login request when accessing the target system. Therefore, the target system will finally determine whether the key in the login request exists and whether the key is legal based on the information stored in the database 130, and control whether the login request passes according to the determination result, thereby implementing the authority management.
It is worth mentioning that fig. 1 is only one embodiment of the present disclosure. Although the implementation terminal in this embodiment is a server, in other embodiments, the implementation terminal may be various terminals or devices as described above; although in this embodiment, the target system correspondingly stores the user information, the authentication information, the account identifier, the first key, the right and the first decryption policy in one database, in other embodiments or specific applications, these information may be stored in a plurality of databases, respectively, or may be stored locally at the terminal where the target system is located.
Fig. 2 is a flow diagram illustrating a method of key-based rights management in accordance with an exemplary embodiment. In a physical layer, the rights management method based on the key provided by the embodiment can be executed by a server; in a logic level, the rights management method based on the key provided by this embodiment is executed by the target system, as shown in fig. 2, and includes the following steps:
step 210, receiving a registration request submitted by a user when the user accesses a target system for the first time through an access terminal, wherein the registration request includes user information and identity authentication information.
It is emphasized that, in order to further ensure the privacy and security of the user information and the authentication information, the user information and the authentication information may also be stored in a node of a block chain.
The access terminal may be various clients, such as an Application program (APP) on a mobile terminal (e.g., a smart phone) or a browser-based Web terminal, and may also be a client on a computer or a browser-based Web terminal. Therefore, the access terminal and the target system may be in a B/S (Browser/Server) architecture or a C/S (Client/Server) architecture.
The registration request may be a request based on various network protocols, such as a request under the HTTP Protocol (hypertext transfer Protocol).
The registration request includes user information and authentication information, i.e. the message of the registration request carries the user information and the authentication information.
The user information may be various information related to the user, typically characteristics or attributes of the user, and may include information such as the user's name, profession, age, academic calendar, and the like. The authentication information is information for confirming whether a user matches the authentication information, thereby verifying the validity of the user's identity.
Step 220, establishing an account of the user according to the user information in the registration request, and granting a basic permission to the account as the permission of the account, wherein the account includes an account identifier.
The account of the user is an independent object in the target system, and the target system can be accessed or a series of operations can be carried out on the target system by using the account. An account is usually recorded as a set of data under the target system, and the account includes an account identifier, i.e., an identifier that is unique to identify the account.
The basic rights are the rights initially given to the account at the beginning of the account establishment, and the rights can be preset or dynamically set according to user information. Permissions control the extent to which a user has access to resources on the target system and may include, for example, controls on the visibility of page elements of the target system, controls on the modification of files or data on the target system, controls on the access to menus of the target system, and the like.
Fig. 3 is a flowchart illustrating details of step 220 according to one embodiment illustrated in a corresponding embodiment of fig. 2. As shown in fig. 3, in this embodiment, the user information and the authentication information are pre-stored in a block chain, and step 220 specifically includes:
step 221, establishing an account of the user according to the user information in the registration request, and granting a basic permission corresponding to the user information to the account based on the user information as a permission of the account.
For example, if the user information includes the gender information of the user, when an account is established for the user, a basic right corresponding to the gender information of the user is granted to the account. For another example, if the user information includes job level information of the user, when an account is established for the user, a basic right corresponding to the job level information of the user is granted to the account, so that information of different job levels can be different basic rights for the user, and specifically, more basic rights can be granted to an account of a user of a higher job level.
In the embodiment, by determining what basic permission to grant to the corresponding account based on the user information, more effective management of the basic permission is realized.
Step 230, generating a first key for the account and randomly obtaining a first encryption policy, determining a first decryption policy corresponding to the first encryption policy, and correspondingly storing the user information, the authentication information, the account identifier, the first key, the authority and the first decryption policy.
The first key is typically a randomly generated string of characters.
The encryption strategy may be various encryption algorithms or encryption manners, such as a symmetric encryption algorithm, an asymmetric encryption algorithm, or an encryption manner based on rules, and the decryption strategy corresponding to the encryption strategy is a strategy that can restore a ciphertext obtained by encrypting with the encryption strategy to a corresponding plaintext.
In one embodiment, the correspondingly storing the user information, the authentication information, the account identifier, the first key, the right, and the first decryption policy includes:
correspondingly storing the user information, the identity authentication information, the account identification and the first secret key into a relational database;
and correspondingly storing the first key, the authority and the first decryption strategy into a non-relational database by taking the first key and the authority and the first key and the first decryption strategy as key value pairs respectively.
Taking the first key and the authority as a key value pair, namely taking the first key-authority as the key value pair; and taking the first key and the first decryption strategy as key-value pairs, namely taking the first key-the first decryption strategy as the key-value pairs.
The non-relational database does not take a table as a data structure, has the advantages of high query speed and high performance, for example, the Redis database can be used as a non-relational database for storing key value pairs.
In this embodiment, by storing the data related to the rights management, such as the key, the rights, the decryption policy, and the like, in the non-relational database, the step of parsing the relational database sql can be omitted during the rights management due to the characteristics of the non-relational database, so that the query efficiency is improved.
Step 240, encrypting the first key according to the first encryption policy, and sending the encrypted first key to the access terminal.
And after the encrypted first key is sent to the access terminal, the encrypted first key is stored at the access terminal. When the access terminal initiates a login request to the target system again, the encrypted first key is carried in the login request.
In one embodiment, after encrypting the first key according to the first encryption policy and sending the encrypted first key to the access terminal, the method further includes:
receiving a permission modification request from an administrator terminal, wherein the permission modification request comprises an account identifier, a permission to be modified and a modified permission;
acquiring a key corresponding to the account identifier in the permission modification request from a relational database;
inquiring the authority corresponding to the key from a non-relational database by using the key to serve as a target authority;
and replacing the authority to be modified in the target authority with the modified authority.
The administrator side is a client different from the access side. The administrator terminal may be the same terminal as the implementing terminal of the present disclosure, or may be a different terminal.
In this embodiment, by allowing an administrator to modify permissions in a non-relational database, efficient management of permissions may be achieved.
And adding or deleting the account authority through the administrator terminal.
Step 250, when a login request from an access terminal is received, judging whether the login request includes an encrypted key, wherein the login request includes an account identifier corresponding to the account.
The access terminal may be the same access terminal as that when the user accesses the target system for the first time, or may be a different access terminal than that when the user accesses the target system for the first time.
For example, the message content of the login request may be arranged in a specific field, the encrypted key is a field at a certain position in the message content of the login request, and when the field is not included at the position in the message content of the login request, it is determined that the encrypted key is not included in the login request.
Step 260, under the condition that the login request does not include the encrypted key, obtaining authentication information corresponding to the account identifier in the login request, and sending an authentication request to the access terminal according to the authentication information to authenticate the identity of the user of the access terminal.
In one embodiment, the registering request further includes a first access terminal identifier, the login request includes a second access terminal identifier, and the correspondingly storing the user information, the authentication information, the account identifier, the first key, the right, and the first decryption policy includes:
correspondingly storing the user information, the identity authentication information, the account identification, the first access terminal identification, the first key, the authority and the first decryption strategy;
before obtaining the authentication information corresponding to the account identifier in the login request and sending an authentication request to the access terminal according to the authentication information to authenticate the identity of the user at the access terminal, the method further comprises:
judging whether a first access terminal identifier corresponding to the account identifier in the login request is consistent with a second access terminal identifier in the login request;
the acquiring, when the login request does not include the encrypted key, authentication information corresponding to an account identifier in the login request, and sending an authentication request to the access terminal according to the authentication information to authenticate the identity of the user at the access terminal, includes:
and under the condition that the login request does not comprise the encrypted key or the first access terminal identification is not consistent with the second access terminal identification, acquiring authentication information corresponding to the account identification in the login request, and sending an authentication request to the access terminal according to the authentication information so as to authenticate the identity of the user of the access terminal.
The access terminal identifier is an identifier that uniquely identifies the identity of the access terminal, and may be, for example, a client terminal identifier, which is an identifier distributed by the home terminal at the beginning of client installation.
In this embodiment, the condition for verifying the identity of the user at the access terminal includes that the login request does not include the encrypted key, and that the first access terminal identifier is not consistent with the second access terminal identifier, so that the user needs to perform identity verification when logging in using a new access terminal, and the security of rights management is further improved.
In one embodiment, the sending the authentication request to the access terminal according to the authentication information to authenticate the identity of the user at the access terminal includes:
sending a first short message verification code randomly generated by the target system to the mobile phone number;
sending a page to the access terminal to prompt a user to receive a first short message verification code;
and receiving a second short message verification code submitted through the page, and comparing the first short message verification code with the second short message verification code to verify the identity of the user of the access terminal.
For example, when the first short message verification code is consistent with the second short message verification code in comparison, the verification can be confirmed to pass, otherwise, the verification is confirmed to fail.
In the embodiment, the user identity is verified in a short message verification code mode.
In one embodiment, the sending an authentication request to the access terminal according to the authentication information to authenticate the identity of the user at the access terminal includes:
sending a page recorded with the problem information to the access terminal;
receiving second answer information submitted through the page from the access terminal;
and comparing the first answer information with the second answer information to verify the identity of the user at the access terminal.
For example, when the first answer information and the second answer information are compared and consistent, the verification can be confirmed to pass, otherwise, the verification is confirmed to fail.
In the embodiment, the user identity is verified in a question answering mode, illegal authority acquisition can be effectively prevented, and safety is improved.
Step 270, if the verification is passed, passing the login request and transferring to a step of sending a new key, where the step of sending a new key includes: generating an un-generated second key for the account, randomly obtaining a second encryption strategy which is not used for the account, determining a second decryption strategy corresponding to the second encryption strategy, encrypting the second key according to the second encryption strategy, sending the encrypted second key to the access terminal, and respectively replacing the stored first key and the stored first decryption strategy with the second key and the second decryption strategy.
The second encryption policy is an encryption policy different from the first encryption policy, and similarly, the second decryption policy is a decryption policy different from the first decryption policy, and the second key is also a key different from the first key.
In the case that the verification is passed, the updating of the key and the decryption strategy is also realized in the step.
In one embodiment, the correspondingly storing the user information, the authentication information, the account identifier, the first key, the right, and the first decryption policy includes:
correspondingly storing the user information, the identity authentication information, the account identification, the first key, the authority, the first encryption strategy and the first decryption strategy;
the step of sending the new key comprises the following steps:
generating an un-generated second key for the account, randomly obtaining a second encryption strategy which is not used for the account, determining a second decryption strategy corresponding to the second encryption strategy, encrypting the second key according to the second encryption strategy, sending the encrypted second key to the access terminal, and respectively replacing the stored first key, the stored first encryption strategy and the stored first decryption strategy with the second key, the stored second encryption strategy and the stored second decryption strategy.
The embodiment simultaneously realizes the updating of the key, the encryption strategy and the decryption strategy.
Step 280, if the verification fails, the step of prompting login failure is carried out, wherein the step of prompting login failure comprises the following steps: and refusing the login request and returning the reminding information of login failure to the access terminal.
The mode of returning the reminding information to the access terminal can be a page mode, a popup window mode and the like, and information indicating login failure can be recorded in the page mode and the popup window mode.
Step 290, in a case that the login request includes the encrypted key, obtaining a first decryption policy and a first key corresponding to the account identifier in the login request, and decrypting the encrypted key by using the first decryption policy to determine whether a decryption result is consistent with the first key.
And if the access terminal sending the registration request and the access terminal initiating the login request are the same account identifier and use the same access terminal, the decryption result is consistent with the first key, otherwise, the decryption result is inconsistent.
Step 2100, if the decryption result is consistent with the first key, the step of sending new key is passed through the login request, otherwise, the step of reminding login failure is passed through.
The login request can be passed only when the decryption result is consistent with the first key, so that the user can obtain corresponding authority, otherwise, the login request is refused, and the prompting information of login failure is returned to the access terminal.
In summary, according to the method for rights management based on a key provided in the embodiment of fig. 2, when the key of the access terminal is lost, the authentication needs to be performed again, the random encryption policy is used for encryption, the encryption policy is stored in the server, and the encryption policy of the key and the key is updated each time the access terminal requests the rights of the server, which increases the security of rights management.
The disclosure also provides a device for rights management based on the key, and the following device embodiments are disclosed.
Fig. 4 is a block diagram illustrating a key-based rights management device running a target system according to an example embodiment. As shown in fig. 4, the apparatus 400 includes:
a receiving module 410 configured to receive a registration request submitted when a user accesses a target system through an access terminal for the first time, where the registration request includes user information and authentication information;
the establishing and granting module 420 is configured to establish an account of the user according to the user information in the registration request, and grant basic rights to the account as the rights of the account, where the account includes an account identifier;
the storage module 430 is configured to generate a first key for the account, randomly acquire a first encryption policy, determine a first decryption policy corresponding to the first encryption policy, and correspondingly store the user information, the authentication information, the account identifier, the first key, the authority, and the first decryption policy;
the encryption module 440 is configured to encrypt the first key according to the first encryption policy, and send the encrypted first key to the access terminal;
a first determining module 450, configured to determine, when a login request from an access terminal is received, whether the login request includes an encrypted key, where the login request includes an account identifier corresponding to the account;
the verification module 460 is configured to, when the login request does not include the encrypted key, obtain authentication information corresponding to an account identifier in the login request, and send an authentication request to the access terminal according to the authentication information, so as to verify the identity of the user at the access terminal;
a sending module 470, configured to pass the login request and transfer to a new key sending step if the authentication passes, where the new key sending step includes: generating an un-generated second key for the account, randomly obtaining a second encryption strategy which is not used for the account, determining a second decryption strategy corresponding to the second encryption strategy, encrypting the second key according to the second encryption strategy, sending the encrypted second key to the access terminal, and respectively replacing the stored first key and the stored first decryption strategy correspondingly with the second key and the second decryption strategy;
a reminding module 480 configured to go to a login failure reminding step if the verification fails, where the login failure reminding step includes: refusing the login request and returning the reminding information of login failure to the access terminal;
a second determining module 490, configured to, when the login request includes an encrypted key, obtain a first decryption policy and a first key corresponding to an account identifier in the login request, and decrypt the encrypted key using the first decryption policy to determine whether a decryption result is consistent with the first key; and
and if the decryption result is consistent with the first key, passing the login request and transferring to the step of sending the new key, otherwise, transferring to the step of reminding login failure.
According to a third aspect of the present disclosure, there is also provided an electronic device capable of implementing the above method.
As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or program product. Thus, various aspects of the invention may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
An electronic device 500 according to this embodiment of the invention is described below with reference to fig. 5. The electronic device 500 shown in fig. 5 is only an example and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 5, the electronic device 500 is embodied in the form of a general purpose computing device. The components of the electronic device 500 may include, but are not limited to: the at least one processing unit 510, the at least one memory unit 520, and a bus 530 that couples various system components including the memory unit 520 and the processing unit 510.
Wherein the storage unit stores program code that is executable by the processing unit 510 to cause the processing unit 510 to perform steps according to various exemplary embodiments of the present invention as described in the section "example methods" above in this specification.
The storage unit 520 may include readable media in the form of volatile storage units, such as a random access memory unit (RAM)521 and/or a cache memory unit 522, and may further include a read only memory unit (ROM) 523.
The storage unit 520 may also include a program/utility 524 having a set (at least one) of program modules 525, such program modules 525 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
Bus 530 may be one or more of any of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 500 may also communicate with one or more external devices 700 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 500, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 500 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interfaces 550. Also, the electronic device 500 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) via the network adapter 560. As shown, the network adapter 560 communicates with the other modules of the electronic device 500 over the bus 530. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 500, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a terminal device, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
According to a fourth aspect of the present disclosure, there is also provided a computer-readable storage medium having stored thereon a program product capable of implementing the above-mentioned method of the present specification. In some possible embodiments, aspects of the invention may also be implemented in the form of a program product comprising program code means for causing a terminal device to carry out the steps according to various exemplary embodiments of the invention described in the above section "exemplary methods" of the present description, when said program product is run on the terminal device.
Referring to fig. 6, a program product 600 for implementing the above method according to an embodiment of the present invention is described, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
Furthermore, the above-described figures are merely schematic illustrations of processes involved in methods according to exemplary embodiments of the invention, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.

Claims (10)

1. A method for key-based rights management, the method performed by a target system, the method comprising:
receiving a registration request submitted by a user when the user accesses a target system for the first time through an access terminal, wherein the registration request comprises user information and identity authentication information;
establishing an account of the user according to the user information in the registration request, and granting a basic permission to the account as the permission of the account, wherein the account comprises an account identifier;
generating a first key for the account, randomly acquiring a first encryption strategy, determining a first decryption strategy corresponding to the first encryption strategy, and correspondingly storing the user information, the identity authentication information, the account identifier, the first key, the authority and the first decryption strategy;
encrypting the first key according to the first encryption strategy, and sending the encrypted first key to the access terminal;
when a login request from an access terminal is received, judging whether the login request comprises an encrypted key or not, wherein the login request comprises an account identifier corresponding to the account;
under the condition that the login request does not include the encrypted key, acquiring authentication information corresponding to an account identifier in the login request, and sending an authentication request to the access terminal according to the authentication information so as to authenticate the identity of the user of the access terminal;
if the verification is passed, the login request is passed and the step of sending a new key is transferred, wherein the step of sending the new key comprises the following steps: generating an un-generated second key for the account, randomly obtaining a second encryption strategy which is not used for the account, determining a second decryption strategy corresponding to the second encryption strategy, encrypting the second key according to the second encryption strategy, sending the encrypted second key to the access terminal, and respectively replacing the stored first key and the stored first decryption strategy correspondingly with the second key and the second decryption strategy;
if the verification fails, switching to a login failure reminding step, wherein the login failure reminding step comprises the following steps: refusing the login request and returning the reminding information of login failure to the access terminal;
under the condition that the login request comprises an encrypted key, acquiring a first decryption strategy and a first key corresponding to an account identifier in the login request, and decrypting the encrypted key by using the first decryption strategy to judge whether a decryption result is consistent with the first key;
and if the decryption result is consistent with the first key, passing the login request and transferring to the step of sending the new key, otherwise, transferring to the step of reminding login failure.
2. The method according to claim 1, wherein the user information and the authentication information are pre-stored in a blockchain, and the establishing an account of the user according to the user information in the registration request and granting a basic right to the account as the right of the account comprises:
and establishing an account of the user according to the user information in the registration request, and granting a basic permission corresponding to the user information to the account based on the user information to serve as the permission of the account.
3. The method according to claim 1, wherein correspondingly storing the user information, the authentication information, the account identifier, the first key, the right, and the first decryption policy comprises:
correspondingly storing the user information, the identity authentication information, the account identification and the first secret key into a relational database;
and correspondingly storing the first key, the authority and the first decryption strategy into a non-relational database by taking the first key and the authority and the first key and the first decryption strategy as key value pairs respectively.
4. The method of claim 3, wherein after encrypting the first key according to the first encryption policy and sending the encrypted first key to the access terminal, the method further comprises:
receiving a permission modification request from an administrator terminal, wherein the permission modification request comprises an account identifier, a permission to be modified and a modified permission;
acquiring a key corresponding to the account identifier in the permission modification request from a relational database;
inquiring the authority corresponding to the key from a non-relational database by using the key to serve as a target authority;
and replacing the authority to be modified in the target authority with the modified authority.
5. The method according to claim 1, wherein the registration request further includes a first access terminal identifier, the login request includes a second access terminal identifier, and the correspondingly storing the user information, the authentication information, the account identifier, the first key, the right, and the first decryption policy includes:
correspondingly storing the user information, the identity authentication information, the account identification, the first access terminal identification, the first key, the authority and the first decryption strategy;
before obtaining the authentication information corresponding to the account identifier in the login request and sending an authentication request to the access terminal according to the authentication information to authenticate the identity of the user at the access terminal, the method further comprises:
judging whether a first access terminal identifier corresponding to the account identifier in the login request is consistent with a second access terminal identifier in the login request;
the acquiring, when the login request does not include the encrypted key, authentication information corresponding to an account identifier in the login request, and sending an authentication request to the access terminal according to the authentication information to authenticate the identity of the user at the access terminal, includes:
and under the condition that the login request does not comprise the encrypted key or the first access terminal identification is not consistent with the second access terminal identification, acquiring authentication information corresponding to the account identification in the login request, and sending an authentication request to the access terminal according to the authentication information so as to authenticate the identity of the user of the access terminal.
6. The method of claim 1, wherein the authentication information is a mobile phone number, and the sending an authentication request to the access terminal according to the authentication information to authenticate the identity of the user of the access terminal comprises:
sending a first short message verification code randomly generated by the target system to the mobile phone number;
sending a page to the access terminal to prompt a user to receive a first short message verification code;
and receiving a second short message verification code submitted through the page, and comparing the first short message verification code with the second short message verification code to verify the identity of the user of the access terminal.
7. The method according to claim 1, wherein the authentication information is question information and corresponding first answer information, and the sending an authentication request to the access terminal according to the authentication information to authenticate the identity of the user at the access terminal comprises:
sending a page recorded with the problem information to the access terminal;
receiving second answer information submitted through the page from the access terminal;
and comparing the first answer information with the second answer information to verify the identity of the user at the access terminal.
8. A key-based rights management apparatus, the apparatus running a target system, the apparatus comprising:
the system comprises a receiving module, a registration module and a processing module, wherein the receiving module is configured to receive a registration request submitted by a user when the user accesses a target system for the first time through an access terminal, and the registration request comprises user information and identity authentication information;
the establishing and granting module is configured to establish an account of the user according to the user information in the registration request, and grant basic permission to the account as permission of the account, wherein the account comprises an account identifier;
the storage module is configured to generate a first key for the account, randomly acquire a first encryption strategy, determine a first decryption strategy corresponding to the first encryption strategy, and correspondingly store the user information, the identity authentication information, the account identifier, the first key, the authority and the first decryption strategy;
the encryption module is configured to encrypt the first key according to the first encryption strategy and send the encrypted first key to the access terminal;
the first judgment module is configured to judge whether a login request from an access terminal is received, wherein the login request comprises an encrypted key or not, and the login request comprises an account identifier corresponding to the account;
the authentication module is configured to acquire authentication information corresponding to an account identifier in the login request under the condition that the login request does not include the encrypted key, and send an authentication request to the access terminal according to the authentication information so as to authenticate the identity of the user of the access terminal;
a sending module configured to pass the login request and transfer to a step of sending a new key if the authentication passes, wherein the step of sending the new key includes: generating an un-generated second key for the account, randomly obtaining a second encryption strategy which is not used for the account, determining a second decryption strategy corresponding to the second encryption strategy, encrypting the second key according to the second encryption strategy, sending the encrypted second key to the access terminal, and respectively replacing the stored first key and the stored first decryption strategy correspondingly with the second key and the second decryption strategy;
a reminding module configured to go to a login failure reminding step if the verification fails, wherein the login failure reminding step comprises: refusing the login request and returning the reminding information of login failure to the access terminal;
the second judgment module is configured to acquire a first decryption policy and a first key corresponding to an account identifier in the login request under the condition that the login request includes the encrypted key, and decrypt the encrypted key by using the first decryption policy to judge whether a decryption result is consistent with the first key; and
and if the decryption result is consistent with the first key, passing the login request and transferring to the step of sending the new key, otherwise, transferring to the step of reminding login failure.
9. A computer-readable program medium, characterized in that it stores computer program instructions which, when executed by a computer, cause the computer to perform the method according to any one of claims 1 to 7.
10. An electronic device, characterized in that the electronic device comprises:
a processor;
a memory having stored thereon computer readable instructions which, when executed by the processor, implement the method of any of claims 1 to 7.
CN202010600636.5A 2020-06-28 2020-06-28 Authority management method, device and medium based on secret key and electronic equipment Active CN111783075B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010600636.5A CN111783075B (en) 2020-06-28 2020-06-28 Authority management method, device and medium based on secret key and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010600636.5A CN111783075B (en) 2020-06-28 2020-06-28 Authority management method, device and medium based on secret key and electronic equipment

Publications (2)

Publication Number Publication Date
CN111783075A true CN111783075A (en) 2020-10-16
CN111783075B CN111783075B (en) 2022-09-09

Family

ID=72761561

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010600636.5A Active CN111783075B (en) 2020-06-28 2020-06-28 Authority management method, device and medium based on secret key and electronic equipment

Country Status (1)

Country Link
CN (1) CN111783075B (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112383556A (en) * 2020-11-17 2021-02-19 珠海大横琴科技发展有限公司 Data processing method and device
CN112417391A (en) * 2020-10-28 2021-02-26 深圳市橡树黑卡网络科技有限公司 Information data security processing method, device, equipment and storage medium
CN112887273A (en) * 2021-01-11 2021-06-01 苏州浪潮智能科技有限公司 Key management method and related equipment
CN112911002A (en) * 2021-02-02 2021-06-04 上海华盖科技发展股份有限公司 Block chain data sharing encryption method
CN112926082A (en) * 2021-02-08 2021-06-08 联想(北京)有限公司 Information processing method and device based on block chain
CN113688365A (en) * 2021-08-26 2021-11-23 广东电力信息科技有限公司 Data access method and system based on identity authentication applied to database operation and maintenance
CN114124496A (en) * 2021-11-12 2022-03-01 福州汇思博信息技术有限公司 SSH remote login method based on server issued key and server
CN115189945A (en) * 2022-07-07 2022-10-14 中国工商银行股份有限公司 Transaction request verification method and device, electronic equipment and readable storage medium
CN116112167A (en) * 2023-04-13 2023-05-12 恒生电子股份有限公司 Key management system, method and device
CN116455603A (en) * 2023-03-13 2023-07-18 安庆吕阁妮网络科技有限公司 Database access method and system based on isolated encryption
CN116484352A (en) * 2023-04-21 2023-07-25 贵州电网有限责任公司 Management method of power grid equipment information model library and design access network platform
CN116911988A (en) * 2023-04-04 2023-10-20 深圳市奥盛通科技有限公司 Transaction data processing method, system, computer equipment and storage medium
CN116938594A (en) * 2023-09-08 2023-10-24 北京数盾信息科技有限公司 Multi-level identity verification system based on high-speed encryption technology
CN117668920A (en) * 2024-02-02 2024-03-08 杭州高特电子设备股份有限公司 Secure access method, system, equipment and medium based on internal energy storage system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103916372A (en) * 2013-01-07 2014-07-09 ***股份有限公司 Third-party login information hosting method and system
US20150121491A1 (en) * 2013-10-31 2015-04-30 Tencent Technology (Shenzhen) Company Limited System and method of authenticating user account login request messages
CN107733852A (en) * 2017-08-24 2018-02-23 北京三快在线科技有限公司 A kind of auth method and device, electronic equipment
US20180232406A1 (en) * 2017-02-13 2018-08-16 Syscom Computer Engineering Co. Big data database system
US20190325642A1 (en) * 2018-04-19 2019-10-24 Soletanche Freyssinet Computer platform for pooling and viewing digital data

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103916372A (en) * 2013-01-07 2014-07-09 ***股份有限公司 Third-party login information hosting method and system
US20150121491A1 (en) * 2013-10-31 2015-04-30 Tencent Technology (Shenzhen) Company Limited System and method of authenticating user account login request messages
US20180232406A1 (en) * 2017-02-13 2018-08-16 Syscom Computer Engineering Co. Big data database system
CN107733852A (en) * 2017-08-24 2018-02-23 北京三快在线科技有限公司 A kind of auth method and device, electronic equipment
US20190325642A1 (en) * 2018-04-19 2019-10-24 Soletanche Freyssinet Computer platform for pooling and viewing digital data

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112417391A (en) * 2020-10-28 2021-02-26 深圳市橡树黑卡网络科技有限公司 Information data security processing method, device, equipment and storage medium
CN112417391B (en) * 2020-10-28 2023-12-19 深圳市橡树黑卡网络科技有限公司 Information data security processing method, device, equipment and storage medium
CN112383556A (en) * 2020-11-17 2021-02-19 珠海大横琴科技发展有限公司 Data processing method and device
CN112887273A (en) * 2021-01-11 2021-06-01 苏州浪潮智能科技有限公司 Key management method and related equipment
US11943345B2 (en) 2021-01-11 2024-03-26 Inspur Suzhou Intelligent Technology Co., Ltd. Key management method and related device
CN112887273B (en) * 2021-01-11 2022-05-20 苏州浪潮智能科技有限公司 Key management method and related equipment
CN112911002B (en) * 2021-02-02 2022-11-25 上海华盖科技发展股份有限公司 Block chain data sharing encryption method
CN112911002A (en) * 2021-02-02 2021-06-04 上海华盖科技发展股份有限公司 Block chain data sharing encryption method
CN112926082A (en) * 2021-02-08 2021-06-08 联想(北京)有限公司 Information processing method and device based on block chain
CN113688365A (en) * 2021-08-26 2021-11-23 广东电力信息科技有限公司 Data access method and system based on identity authentication applied to database operation and maintenance
CN114124496A (en) * 2021-11-12 2022-03-01 福州汇思博信息技术有限公司 SSH remote login method based on server issued key and server
CN114124496B (en) * 2021-11-12 2023-11-24 福建汇思博数字科技有限公司 SSH remote login method based on server issued key and server
CN115189945A (en) * 2022-07-07 2022-10-14 中国工商银行股份有限公司 Transaction request verification method and device, electronic equipment and readable storage medium
CN115189945B (en) * 2022-07-07 2024-05-17 中国工商银行股份有限公司 Transaction request verification method and device, electronic equipment and readable storage medium
CN116455603A (en) * 2023-03-13 2023-07-18 安庆吕阁妮网络科技有限公司 Database access method and system based on isolated encryption
CN116911988A (en) * 2023-04-04 2023-10-20 深圳市奥盛通科技有限公司 Transaction data processing method, system, computer equipment and storage medium
CN116911988B (en) * 2023-04-04 2024-04-05 深圳市奥盛通科技有限公司 Transaction data processing method, system, computer equipment and storage medium
CN116112167A (en) * 2023-04-13 2023-05-12 恒生电子股份有限公司 Key management system, method and device
CN116484352A (en) * 2023-04-21 2023-07-25 贵州电网有限责任公司 Management method of power grid equipment information model library and design access network platform
CN116484352B (en) * 2023-04-21 2024-03-15 贵州电网有限责任公司 Management method of power grid equipment information model library and design access network system
CN116938594B (en) * 2023-09-08 2024-03-22 数盾信息科技股份有限公司 Multi-level identity verification system based on high-speed encryption technology
CN116938594A (en) * 2023-09-08 2023-10-24 北京数盾信息科技有限公司 Multi-level identity verification system based on high-speed encryption technology
CN117668920A (en) * 2024-02-02 2024-03-08 杭州高特电子设备股份有限公司 Secure access method, system, equipment and medium based on internal energy storage system
CN117668920B (en) * 2024-02-02 2024-05-03 杭州高特电子设备股份有限公司 Secure access method, system, equipment and medium based on internal energy storage system

Also Published As

Publication number Publication date
CN111783075B (en) 2022-09-09

Similar Documents

Publication Publication Date Title
CN111783075B (en) Authority management method, device and medium based on secret key and electronic equipment
US11475137B2 (en) Distributed data storage by means of authorisation token
US11128471B2 (en) Accessibility controls in distributed data systems
CN109274652B (en) Identity information verification system, method and device and computer storage medium
EP3585032B1 (en) Data security service
US8856530B2 (en) Data storage incorporating cryptographically enhanced data protection
US11290446B2 (en) Access to data stored in a cloud
CN111316278A (en) Secure identity and archive management system
JP2006500657A (en) Server, computer memory, and method for supporting security policy maintenance and distribution
JP2011222010A (en) Method and system for securely and remotely startup, boot, and login from mobile device to computer
CN101297534A (en) Method and apparatus for secure network authentication
US20150143107A1 (en) Data security tools for shared data
US11757877B1 (en) Decentralized application authentication
JP5992535B2 (en) Apparatus and method for performing wireless ID provisioning
US8301900B1 (en) Secure transformable password generation
CN111563279A (en) Cloud data privacy protection system based on block chain
CN114448648A (en) Sensitive credential management method and system based on RPA
WO2021170049A1 (en) Method and apparatus for recording access behavior
US20220417020A1 (en) Information processing device, information processing method, and non-transitory computer readable storage medium
US11502840B2 (en) Password management system and method
WO2022212396A1 (en) Systems and methods of protecting secrets in use with containerized applications
CN114253660A (en) System and method for authorizing a user data processor to access a container of user data
WO2018034192A1 (en) Information processing device, information processing method, and storage medium
US11804969B2 (en) Establishing trust between two devices for secure peer-to-peer communication
CN114697111B (en) Method and system for cross-cloud access to public cloud and public cloud

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant