CN113542214A - Access control method, device, equipment and machine readable storage medium - Google Patents
Access control method, device, equipment and machine readable storage medium Download PDFInfo
- Publication number
- CN113542214A CN113542214A CN202110597975.7A CN202110597975A CN113542214A CN 113542214 A CN113542214 A CN 113542214A CN 202110597975 A CN202110597975 A CN 202110597975A CN 113542214 A CN113542214 A CN 113542214A
- Authority
- CN
- China
- Prior art keywords
- user
- access request
- information
- client
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
Abstract
The present disclosure provides an access control method, apparatus, device and machine-readable storage medium, the method comprising: receiving an access request of a user sent by a client, and authenticating the validity of the user; obtaining the role information and the post information of a legal user, judging whether the user has the function permission associated with the access request according to the role information of the user, and judging whether the user has the permission of the data category associated with the access request according to the post information of the user; and forwarding the access request with the associated user having the corresponding authority to the cloud platform, and forwarding information returned by the cloud platform according to the access request to the client. According to the technical scheme, the access authority of the corresponding user is defined according to the role information corresponding to different function authorities and the post information of different data types, so that the user authority is flexibly configured, the legality and authority of the user access request are centrally verified and forwarded, and the safety of the cloud platform is improved.
Description
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to an access control method, apparatus, device, and machine-readable storage medium.
Background
The cloud platform is supported by powerful parallel computing and distributed storage capacity, and provides various applications and services for users. The cloud platform is oriented to multiple types of users, and the access control system of the platform provides authority control and resource access limitation for the users of different types, so that the users can use the platform more safely. The access control comprises three elements of a subject, an object and a control strategy, wherein the subject refers to a specific request for providing access to resources and is an initiator of a certain operation action, such as a user; the object is an entity that is accessed to a resource, such as a data resource; a control policy is a set of relevant access rules for a subject to an object.
The main purpose of access control is to restrict the access of the subject to the object, and to ensure that data resources are effectively used and managed within a legal scope. The general access control model has a decision function and an execution function, executes decision according to access control policy rules, context information, subject and object information and the like, and executes operations such as releasing and blocking access according to decision results.
An access control policy employs autonomous access. Autonomous access control is based on subject identification to limit access to objects and to determine if a request complies with a control policy, which allows the transfer of access rights, but the rights of the transfer are poorly managed, with uncertain security concerns. Each node in the autonomous access control system can autonomously control access to its own data by others, and each resource data object corresponds to an access control list ACL that includes a list of users and groups to which access is allowed, and an access level for each user or group. However, the method is easy to cause security holes, the maintainability and the expansion performance of the access control list are poor, and the flexibility of the permission granting and the permission recovery is poor.
Disclosure of Invention
In view of the above, the present disclosure provides an access control method, an access control apparatus, an electronic device, and a machine-readable storage medium, so as to improve at least one of the above problems of insufficient security and insufficient flexibility.
The specific technical scheme is as follows:
the present disclosure provides an access control method applied to a security device, the method including: receiving an access request of a user sent by a client, and authenticating the validity of the user; obtaining the role information and the post information of a legal user, judging whether the user has the function permission associated with the access request according to the role information of the user, and judging whether the user has the permission of the data category associated with the access request according to the post information of the user; and forwarding the access request with the associated user having the corresponding authority to the cloud platform, and forwarding information returned by the cloud platform according to the access request to the client.
As a technical solution, the receiving an access request of a user sent by a client, and authenticating the validity of the user includes: and generating a trust value associated with the user according to the recorded action record of the user, wherein the user with the authentication trust value larger than or equal to a first threshold value is a legal user, and the first threshold value is associated with the role information and the post information of the user.
As a technical scheme, the method comprises the following steps: and the user with the authentication trust value larger than or equal to the first threshold and smaller than the second threshold is a secondary approval user, secondary approval is carried out on the secondary approval user according to a preset strategy, and the secondary approval user passing the authentication secondary approval is a legal user.
As a technical solution, the receiving an access request of a user sent by a client includes: receiving an access request of a logged-in user, and authenticating the legality of the user; the logged-in user is a user which is allowed to log in after the security device completes verification according to a login request sent by the user.
The present disclosure also provides an access control device applied to a security device, the device including: the account module is used for receiving an access request of a user sent by a client and authenticating the legality of the user; the authority module is used for acquiring the role information and the post information of a legal user, judging whether the user has the function authority associated with the access request according to the role information of the user, and judging whether the user has the authority of the data category associated with the access request according to the post information of the user; and the forwarding module is used for forwarding the access request with the associated user and corresponding authority to the cloud platform and forwarding the information returned by the cloud platform according to the access request to the client.
As a technical solution, the receiving an access request of a user sent by a client, and authenticating the validity of the user includes: and generating a trust value associated with the user according to the recorded action record of the user, wherein the user with the authentication trust value larger than or equal to a first threshold value is a legal user, and the first threshold value is associated with the role information and the post information of the user.
As a technical scheme, the method comprises the following steps: and the user with the authentication trust value larger than or equal to the first threshold and smaller than the second threshold is a secondary approval user, secondary approval is carried out on the secondary approval user according to a preset strategy, and the secondary approval user passing the authentication secondary approval is a legal user.
As a technical solution, the receiving an access request of a user sent by a client includes: receiving an access request of a logged-in user, and authenticating the legality of the user; the logged-in user is a user which is allowed to log in after the security device completes verification according to a login request sent by the user.
The present disclosure also provides an electronic device including a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor executing the machine-executable instructions to implement the aforementioned access control method.
The present disclosure also provides a machine-readable storage medium having stored thereon machine-executable instructions that, when invoked and executed by a processor, cause the processor to implement the aforementioned access control method.
The technical scheme provided by the disclosure at least brings the following beneficial effects:
and defining the access authority of the corresponding user according to role information corresponding to different function authorities and post information of different data types which are predefined and can be flexibly changed, thereby realizing the flexible configuration of the user authority, centrally verifying and forwarding the legality and authority of the user access request by using the safety equipment as a proxy of the cloud platform, and improving the safety of the cloud platform.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments of the present disclosure or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present disclosure, and other drawings can be obtained by those skilled in the art according to the drawings of the embodiments of the present disclosure.
FIG. 1 is a flow chart of an access control method in one embodiment of the present disclosure;
FIG. 2 is a block diagram of an access control device in one embodiment of the present disclosure;
fig. 3 is a hardware configuration diagram of an electronic device in an embodiment of the present disclosure.
Detailed Description
The terminology used in the embodiments of the present disclosure is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used in this disclosure and the claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein is meant to encompass any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information in the embodiments of the present disclosure, such information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present disclosure. Depending on the context, moreover, the word "if" as used may be interpreted as "at … …" or "when … …" or "in response to a determination".
The present disclosure provides an access control method, an access control apparatus, an electronic device, and a machine-readable storage medium, so as to improve at least one of the above problems of insufficient security and insufficient flexibility.
Specifically, the technical scheme is as follows.
In one embodiment, the present disclosure provides an access control method applied to a security device, the method including: receiving an access request of a user sent by a client, and authenticating the validity of the user; obtaining the role information and the post information of a legal user, judging whether the user has the function permission associated with the access request according to the role information of the user, and judging whether the user has the permission of the data category associated with the access request according to the post information of the user; and forwarding the access request with the associated user having the corresponding authority to the cloud platform, and forwarding information returned by the cloud platform according to the access request to the client.
Specifically, as shown in fig. 1, the method comprises the following steps:
step S11, receiving the access request of the user sent by the client, and authenticating the validity of the user;
step S12, obtaining the role information and the post information of the legal user, judging whether the user has the function permission associated with the access request according to the role information of the user, and judging whether the user has the permission of the data category associated with the access request according to the post information of the user;
and step S13, forwarding the access request with the associated user having the corresponding authority to the cloud platform, and forwarding the information returned by the cloud platform according to the access request to the client.
According to the role information corresponding to different function authorities and the post information of different data types which are predefined and can be flexibly changed and reconfigured, the access authority of the corresponding user is defined, so that the flexible configuration of the user authority is realized, the safety equipment is used as a proxy of the cloud platform to centrally verify and forward the legality and authority of the user access request, and the safety of the cloud platform is improved
In one embodiment, the receiving an access request of a user sent by a client, and authenticating the validity of the user includes: and generating a trust value associated with the user according to the recorded action record of the user, wherein the user with the authentication trust value larger than or equal to a first threshold value is a legal user, and the first threshold value is associated with the role information and the post information of the user.
In one embodiment, the method comprises the following steps: and the user with the authentication trust value larger than or equal to the first threshold and smaller than the second threshold is a secondary approval user, secondary approval is carried out on the secondary approval user according to a preset strategy, and the secondary approval user passing the authentication secondary approval is a legal user.
In one embodiment, the receiving an access request of a user sent by a client includes: receiving an access request of a logged-in user, and authenticating the legality of the user; the logged-in user is a user which is allowed to log in after the security device completes verification according to a login request sent by the user.
In one embodiment, the security device serves as an access control system and comprises a security agent, an authentication management unit, an account management unit, an authority management unit and a cloud monitoring function unit. The security agent unit is an access entrance, the agent forwards login and resource operation requests of users, the adaptation of service rules is realized through an authority section, the access flow direction is controlled in a fine-grained manner, and the single sign-on of legal users is realized; the authentication management unit is matched with the security agent to realize unified identity authentication of user login, register a new account, authenticate the logged-in account and the like; the account management unit stores the user information, maintains basic data parameters, environment parameters, trust value data and the like of the user, and sets actions related to a threshold value according to the trust value and the trust value threshold value; the authority management unit defines the roles of the system, distributes the authority of the role operable functions associated with the users, divides the data types according to the position attributes, realizes different data access authorities of different users, and restricts the data accessible by the users by a rule set; the cloud monitoring unit records information such as user operation and access environment, analyzes and calculates user behavior to update trust value and alarm setting of the user, and realizes log export, push, custom type display and the like.
The access control system can act for a client on an external network to access the cloud platform, so that the original webpage information can be protected from being attacked and damaged to a certain extent, and the safety of the cloud platform can be improved. When the user sends the HTTP login request, the HTTP login request is intercepted by the access control system, the access control system analyzes the login information, judges the legality of the user, and transmits the received return result back to the user to complete single-point login for the legal user. When the user successfully logs in, the access request for the resource is also verified by the access control system and then forwarded to the cloud platform, the access control system analyzes the keywords in the API field or URL in the XML of the request and inquires in the authority database of the authority management module, and performs access control by combining with the access return result, the allowed normal operation request can be directly forwarded to the cloud platform, the forbidden operation can be blocked, the behavior of the user with low trust value can be selectively blocked, warned or secondarily approved and the like according to the strategy, and return results to the user, e.g., user confidence value below a first threshold, authentication of the user is not legitimate, blocking access requests by the user, the trust value being above the first threshold but below the second threshold, and carrying out secondary approval on the user according to a preset strategy, wherein the preset strategy can be cloud platform approval, manual approval or other preset strategies meeting the requirements.
The role information and the post information are distributed to each user, the role information of the user determines the function permission of the user, the post information of the user determines the type of accessible data, and the flexibility and the safety of data access are improved. Service access rules can be customized on two levels of functions and data, fine-grained data access control is carried out based on different service requirements, and the attributes of the rules can include: data table of controlled data service, field name, judging condition, judging object, post, priority, etc.
The method comprises the following steps that a system administrator configures a trust policy of a specified user at a trust management place, wherein the policy comprises trust threshold setting and execution actions after the trust threshold is exceeded, and the execution actions comprise: blocking, alarming, secondary authorization and the like. And when the monitored user access completes the identity verification, initializing a trust value, then monitoring the behavior of the user and analyzing information, updating the trust of suspicious behavior according to the behavior type by combining a behavior library, and executing a specified action when the trust of the user is lower than a threshold value.
The trust value is calculated based on user behavior data, and a behavior database records user behaviors, and data sources of the user behaviors are mined from network traffic, such as: user login abnormal times, user illegal connection times, user important port scanning times and the like. In the interaction process of the user and the platform, a positive increment of the trust value corresponding to the legal and normally finished user behavior is represented, a negative increment of the trust value corresponding to the illegal behavior is represented, the trust value is adjusted based on time, and if the user activity is too low, namely the user does not interact with the cloud platform for a long time, the trust value is reduced. The dynamic user trust value evaluation method updates the trust value of the monitored user according to the action increment of the new behavior, ensures the security of the cloud platform by combining the security strategy according to the dynamic trust value change, and protects the cloud platform resources from being damaged.
And monitoring user behavior, user environment information, user operation information and the like in real time, and considering influence of the user behavior information and the user environment information on the authority information of the user. The categories of the user operation records comprise a user operation category log and a platform management log. The user operation type log records the operation behavior, the operation object, the operation time and the like of the user on the cloud platform resource. The platform management log is used for recording maintenance work of operation and maintenance personnel on the cloud platform. And can configure alarm configuration, monitor the authority, change the trust value of the authority, carry on functions such as the mail pushing alarm and system alarm etc. to visit, etc. with potential danger.
In one embodiment, the present disclosure also provides an access control apparatus, as shown in fig. 2, applied to a security device, the apparatus including: the account module 21 is configured to receive an access request of a user sent by a client, and authenticate the validity of the user; the authority module 22 is configured to obtain role information and post information of a valid user, determine whether the user has the function authority associated with the access request according to the role information of the user, and determine whether the user has the authority of the data category associated with the access request according to the post information of the user; the forwarding module 23 is configured to forward an access request having corresponding rights to an associated user to the cloud platform, and forward information returned by the cloud platform according to the access request to the client.
In one embodiment, the receiving an access request of a user sent by a client, and authenticating the validity of the user includes: and generating a trust value associated with the user according to the recorded action record of the user, wherein the user with the authentication trust value larger than or equal to a first threshold value is a legal user, and the first threshold value is associated with the role information and the post information of the user.
In one embodiment, the method comprises the following steps: and the user with the authentication trust value larger than or equal to the first threshold and smaller than the second threshold is a secondary approval user, secondary approval is carried out on the secondary approval user according to a preset strategy, and the secondary approval user passing the authentication secondary approval is a legal user.
In one embodiment, the receiving an access request of a user sent by a client includes: receiving an access request of a logged-in user, and authenticating the legality of the user; the logged-in user is a user which is allowed to log in after the security device completes verification according to a login request sent by the user.
The device embodiments are the same or similar to the corresponding method embodiments and are not described herein again.
In one embodiment, the present disclosure provides an electronic device, which includes a processor and a machine-readable storage medium, where the machine-readable storage medium stores machine-executable instructions capable of being executed by the processor, and the processor executes the machine-executable instructions to implement the foregoing access control method, and from a hardware level, a schematic diagram of a hardware architecture may be shown in fig. 3.
In one embodiment, the present disclosure provides a machine-readable storage medium having stored thereon machine-executable instructions that, when invoked and executed by a processor, cause the processor to implement the aforementioned access control method.
Here, a machine-readable storage medium may be any electronic, magnetic, optical, or other physical storage device that can contain or store information such as executable instructions, data, and so forth. For example, the machine-readable storage medium may be: a RAM (random Access Memory), a volatile Memory, a non-volatile Memory, a flash Memory, a storage drive (e.g., a hard drive), a solid state drive, any type of storage disk (e.g., an optical disk, a dvd, etc.), or similar storage medium, or a combination thereof.
The systems, devices, modules or units described in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the various elements may be implemented in the same one or more software and/or hardware implementations in practicing the disclosure.
As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Furthermore, these computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (which may include, but is not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above description is only an embodiment of the present disclosure, and is not intended to limit the present disclosure. Various modifications and variations of this disclosure will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present disclosure should be included in the scope of the claims of the present disclosure.
Claims (10)
1. An access control method applied to a security device, the method comprising:
receiving an access request of a user sent by a client, and authenticating the validity of the user;
obtaining the role information and the post information of a legal user, judging whether the user has the function permission associated with the access request according to the role information of the user, and judging whether the user has the permission of the data category associated with the access request according to the post information of the user;
and forwarding the access request with the associated user having the corresponding authority to the cloud platform, and forwarding information returned by the cloud platform according to the access request to the client.
2. The method of claim 1, wherein the receiving an access request of a user sent by a client, and authenticating the validity of the user comprises:
and generating a trust value associated with the user according to the recorded action record of the user, wherein the user with the authentication trust value larger than or equal to a first threshold value is a legal user, and the first threshold value is associated with the role information and the post information of the user.
3. The method of claim 2, comprising:
and the user with the authentication trust value larger than or equal to the first threshold and smaller than the second threshold is a secondary approval user, secondary approval is carried out on the secondary approval user according to a preset strategy, and the secondary approval user passing the authentication secondary approval is a legal user.
4. The method of claim 1, wherein receiving the user's access request sent by the client comprises:
receiving an access request of a logged-in user, and authenticating the legality of the user;
the logged-in user is a user which is allowed to log in after the security device completes verification according to a login request sent by the user.
5. An access control apparatus, applied to a security device, the apparatus comprising:
the account module is used for receiving an access request of a user sent by a client and authenticating the legality of the user;
the authority module is used for acquiring the role information and the post information of a legal user, judging whether the user has the function authority associated with the access request according to the role information of the user, and judging whether the user has the authority of the data category associated with the access request according to the post information of the user;
and the forwarding module is used for forwarding the access request with the associated user and corresponding authority to the cloud platform and forwarding the information returned by the cloud platform according to the access request to the client.
6. The apparatus of claim 5, wherein the receiving of the access request of the user sent by the client, and the authenticating of the validity of the user comprise:
and generating a trust value associated with the user according to the recorded action record of the user, wherein the user with the authentication trust value larger than or equal to a first threshold value is a legal user, and the first threshold value is associated with the role information and the post information of the user.
7. The apparatus of claim 6, comprising:
and the user with the authentication trust value larger than or equal to the first threshold and smaller than the second threshold is a secondary approval user, secondary approval is carried out on the secondary approval user according to a preset strategy, and the secondary approval user passing the authentication secondary approval is a legal user.
8. The apparatus according to claim 5, wherein the receiving of the access request of the user sent by the client comprises:
receiving an access request of a logged-in user, and authenticating the legality of the user;
the logged-in user is a user which is allowed to log in after the security device completes verification according to a login request sent by the user.
9. An electronic device, comprising: a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor to perform the method of any one of claims 1 to 4.
10. A machine-readable storage medium having stored thereon machine-executable instructions which, when invoked and executed by a processor, cause the processor to implement the method of any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110597975.7A CN113542214B (en) | 2021-05-31 | 2021-05-31 | Access control method, device, equipment and machine-readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110597975.7A CN113542214B (en) | 2021-05-31 | 2021-05-31 | Access control method, device, equipment and machine-readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113542214A true CN113542214A (en) | 2021-10-22 |
| CN113542214B CN113542214B (en) | 2023-08-22 |
Family
ID=78095532
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110597975.7A Active CN113542214B (en) | 2021-05-31 | 2021-05-31 | Access control method, device, equipment and machine-readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113542214B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114245400A (en) * | 2021-11-11 | 2022-03-25 | 新华三大数据技术有限公司 | Cloud management platform system and method for dynamically managing users |
| CN115270169A (en) * | 2022-05-18 | 2022-11-01 | 蔓之研(上海)生物科技有限公司 | Gene data decompression method and system |
| CN115314405A (en) * | 2022-05-28 | 2022-11-08 | 江苏安几科技有限公司 | Zero-trust gateway user dynamic scoring method and device |
| CN115529156A (en) * | 2022-08-08 | 2022-12-27 | 北京雪诺科技有限公司 | Access authentication method and device, storage medium and computer equipment |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107342992A (en) * | 2017-06-27 | 2017-11-10 | 努比亚技术有限公司 | A kind of System right management method, apparatus and computer-readable recording medium |
| CN108268780A (en) * | 2016-12-30 | 2018-07-10 | 航天信息股份有限公司 | A kind of method and device for being used to control system access |
| CN109257364A (en) * | 2018-10-12 | 2019-01-22 | 成都信息工程大学 | A kind of multicore net like multistage cross-domain access control method based on cloud platform |
| CN109388921A (en) * | 2017-08-10 | 2019-02-26 | 顺丰科技有限公司 | A kind of unification user rights management platform and operation method |
| US20190075115A1 (en) * | 2017-09-01 | 2019-03-07 | Atlassian Pty Ltd | Systems and methods for accessing cloud resources from a local development environment |
| US20190104129A1 (en) * | 2017-09-29 | 2019-04-04 | Oracle International Corporation | Data driven role permissions |
| CN109670768A (en) * | 2018-09-27 | 2019-04-23 | 深圳壹账通智能科技有限公司 | Right management method, device, platform and the readable storage medium storing program for executing in multi-service domain |
| CN111431843A (en) * | 2019-01-10 | 2020-07-17 | 中国科学院电子学研究所 | Access control method based on trust and attribute in cloud computing environment |
| CN111935073A (en) * | 2020-06-19 | 2020-11-13 | 中国市政工程华北设计研究总院有限公司 | Authority management method and system of cloud platform based on multi-organization architecture |
| CN112055029A (en) * | 2020-09-16 | 2020-12-08 | 全球能源互联网研究院有限公司 | Zero-trust power Internet of things equipment and user real-time trust degree evaluation method |
| CN112182619A (en) * | 2020-09-30 | 2021-01-05 | 澳优乳业(中国)有限公司 | Service processing method and system based on user permission, electronic device and medium |
| CN112632575A (en) * | 2020-12-22 | 2021-04-09 | 平安普惠企业管理有限公司 | Authority management method and device of business system, computer equipment and storage medium |
-
2021
- 2021-05-31 CN CN202110597975.7A patent/CN113542214B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108268780A (en) * | 2016-12-30 | 2018-07-10 | 航天信息股份有限公司 | A kind of method and device for being used to control system access |
| CN107342992A (en) * | 2017-06-27 | 2017-11-10 | 努比亚技术有限公司 | A kind of System right management method, apparatus and computer-readable recording medium |
| CN109388921A (en) * | 2017-08-10 | 2019-02-26 | 顺丰科技有限公司 | A kind of unification user rights management platform and operation method |
| US20190075115A1 (en) * | 2017-09-01 | 2019-03-07 | Atlassian Pty Ltd | Systems and methods for accessing cloud resources from a local development environment |
| US20190104129A1 (en) * | 2017-09-29 | 2019-04-04 | Oracle International Corporation | Data driven role permissions |
| CN109670768A (en) * | 2018-09-27 | 2019-04-23 | 深圳壹账通智能科技有限公司 | Right management method, device, platform and the readable storage medium storing program for executing in multi-service domain |
| CN109257364A (en) * | 2018-10-12 | 2019-01-22 | 成都信息工程大学 | A kind of multicore net like multistage cross-domain access control method based on cloud platform |
| CN111431843A (en) * | 2019-01-10 | 2020-07-17 | 中国科学院电子学研究所 | Access control method based on trust and attribute in cloud computing environment |
| CN111935073A (en) * | 2020-06-19 | 2020-11-13 | 中国市政工程华北设计研究总院有限公司 | Authority management method and system of cloud platform based on multi-organization architecture |
| CN112055029A (en) * | 2020-09-16 | 2020-12-08 | 全球能源互联网研究院有限公司 | Zero-trust power Internet of things equipment and user real-time trust degree evaluation method |
| CN112182619A (en) * | 2020-09-30 | 2021-01-05 | 澳优乳业(中国)有限公司 | Service processing method and system based on user permission, electronic device and medium |
| CN112632575A (en) * | 2020-12-22 | 2021-04-09 | 平安普惠企业管理有限公司 | Authority management method and device of business system, computer equipment and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 沙杰: "基于RBAC模型的云计算平台访问控制***设计研究", 《信息与电脑(理论版)》 * |
| 沙杰: "基于RBAC模型的云计算平台访问控制***设计研究", 《信息与电脑(理论版)》, no. 03, 8 February 2017 (2017-02-08) * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114245400A (en) * | 2021-11-11 | 2022-03-25 | 新华三大数据技术有限公司 | Cloud management platform system and method for dynamically managing users |
| CN114245400B (en) * | 2021-11-11 | 2023-11-03 | 新华三大数据技术有限公司 | Cloud management platform system and method for dynamically managing users thereof |
| CN115270169A (en) * | 2022-05-18 | 2022-11-01 | 蔓之研(上海)生物科技有限公司 | Gene data decompression method and system |
| CN115314405A (en) * | 2022-05-28 | 2022-11-08 | 江苏安几科技有限公司 | Zero-trust gateway user dynamic scoring method and device |
| CN115529156A (en) * | 2022-08-08 | 2022-12-27 | 北京雪诺科技有限公司 | Access authentication method and device, storage medium and computer equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113542214B (en) | 2023-08-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11716326B2 (en) | Protections against security vulnerabilities associated with temporary access tokens | |
| CN113542214B (en) | Access control method, device, equipment and machine-readable storage medium | |
| US20200334095A1 (en) | Entropy-based classification of human and digital entities | |
| CN113010911B (en) | Data access control method, device and computer readable storage medium | |
| US20180054460A1 (en) | Techniques to provide network security through just-in-time provisioned accounts | |
| EP3301865B1 (en) | Supervised online identity | |
| CN107196951A (en) | The implementation method and firewall system of a kind of HDFS systems fire wall | |
| CN114553540B (en) | Zero trust-based Internet of things system, data access method, device and medium | |
| US11580206B2 (en) | Project-based permission system | |
| US20180176206A1 (en) | Dynamic Data Protection System | |
| CN112995236B (en) | Internet of things equipment safety management and control method, device and system | |
| EP3704622B1 (en) | Remote locking a multi-user device to a set of users | |
| CN113039542A (en) | Secure counting in cloud computing networks | |
| CN116760639B (en) | Data security isolation and sharing framework implementation method for multiple tenants | |
| US10339307B2 (en) | Intrusion detection system in a device comprising a first operating system and a second operating system | |
| US11503053B2 (en) | Security management of an autonomous vehicle | |
| CN114138590A (en) | Operation and maintenance processing method and device for Kubernetes cluster and electronic equipment | |
| US9268917B1 (en) | Method and system for managing identity changes to shared accounts | |
| US20180176197A1 (en) | Dynamic Data Protection System | |
| Mishra et al. | Privacy protection framework for android | |
| US20200401679A1 (en) | Method and system for preventing unauthorized computer processing | |
| CN109033882A (en) | A kind of safe dissemination method of retrospective big data and system | |
| US10116438B1 (en) | Managing use of security keys | |
| US9172719B2 (en) | Intermediate trust state | |
| CN106453388B (en) | The method and device of Website login |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |