CN110287660A - Access right control method, device, equipment and storage medium - Google Patents
Access right control method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN110287660A CN110287660A CN201910432960.8A CN201910432960A CN110287660A CN 110287660 A CN110287660 A CN 110287660A CN 201910432960 A CN201910432960 A CN 201910432960A CN 110287660 A CN110287660 A CN 110287660A
- Authority
- CN
- China
- Prior art keywords
- access
- resource
- user
- request
- login user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 238000013475 authorization Methods 0.000 claims abstract description 103
- 238000012544 monitoring process Methods 0.000 claims abstract description 41
- 238000001514 detection method Methods 0.000 claims abstract description 27
- 230000006399 behavior Effects 0.000 claims description 68
- 230000015654 memory Effects 0.000 claims description 14
- 238000013507 mapping Methods 0.000 claims description 11
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 abstract description 10
- 230000000694 effects Effects 0.000 abstract description 5
- 230000000875 corresponding effect Effects 0.000 description 67
- 238000013523 data management Methods 0.000 description 29
- 238000007726 management method Methods 0.000 description 13
- 238000010586 diagram Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000008439 repair process Effects 0.000 description 4
- 239000000284 extract Substances 0.000 description 3
- 235000019580 granularity Nutrition 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003542 behavioural effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000001276 controlling effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 238000005303 weighing Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to information security fields, a kind of access right control method, device, equipment and storage medium are disclosed, this method is included in when receiving resource access request, according to the access authority for carrying user information detection login user in request and whether having resource to be visited;Resource access request is responded if having, and access session is established according to user information;User behavior monitoring is carried out to access session, there are when unauthorized access behavior monitoring, the corresponding access authorization code of login user is deleted from preset configuration file, and forbid the current accessed behavior of login user, by then passing through access authority detection, access session is established when detection passes through, access session is monitored, monitor there are when unauthorized access behavior immediately by access authorization code delete to forbid user access activity, permission control mode of the invention has preferable scalability compared to the prior art, the unauthorized access behavior of user can be avoided in time, it guarantees data security.
Description
Technical field
The present invention relates to field of information security technology more particularly to a kind of access right control method, device, equipment and deposit
Storage media.
Background technique
With the fast development of computer technology, the platform of existing network service platform, especially financial nature is to flat
The security requirement of data, resource on platform is relatively high, and unauthorized user is not allow unauthorized access data and resource.It is existing
Small-sized loan platform generally in the form of oneself writes blocker come control authority, this form scalability is poor, with being
It unites many and diverse growth, needs to find new authority control system again, and large scale system authority configuration is often inflexible, every time
It has been repaired after outburst loophole and has required publication new version.Therefore, how in the simple and effective control of access authority progress to user
While, user's unauthorized access is avoided the occurrence of in time, just becomes a urgent problem to be solved.
Above content is only used to facilitate the understanding of the technical scheme, and is not represented and is recognized that above content is existing skill
Art.
Summary of the invention
The main purpose of the present invention is to provide a kind of access right control method, device, equipment and storage medium, purports
Solve existing permission control mode scalability is poor, avoid user's unauthorized access not in time the technical issues of.
To achieve the above object, it the present invention provides a kind of access right control method, the described method comprises the following steps:
When receiving resource access request, is logged in and used according to the user information detection carried in the resource access request
Whether family has the access authority of resource to be visited;
If having, the resource access request is responded, and access session is established according to the user information;
User behavior monitoring is carried out to the access session, there are unauthorized access behaviors monitoring the login user
When, the corresponding access authorization code of the login user is deleted from preset configuration file, and forbid working as the login user
Preceding access behavior.
Preferably, described when receiving resource access request, believed according to the user carried in the resource access request
Whether breath detection login user has the step of access authority of resource to be visited, comprising:
When receiving resource access request, the user information for including in the resource access request is read, and according to institute
It states user information and authentication is carried out to login user;
When the authentication passes through, the corresponding access mandate of the login user is read from the user information
Code, and the access authority whether login user has resource to be visited is detected according to the access authorization code.
Preferably, described when receiving resource access request, read the user's letter for including in the resource access request
Breath, and the step of authentication is carried out to login user according to the user information, comprising:
When receiving resource access request, the corresponding request URL of the resource access request is extracted, and ask described in detection
Ask whether URL belongs to preset URL to be intercepted;
If it is not, then read the user information for including in the resource access request, extracts and carried in the user information
Request Internet protocol address;
It reads the default blacklist that is locally stored, and according to the request Internet protocol address and described presets black name
Single pair login user carries out authentication.
Preferably, described after the step of whether the detection request URL belongs to preset URL to be intercepted
Method further include:
If so, in mapping table between the request URL constructed in advance and blocker calling interface described in inquiry
The corresponding target interception device calling interface of request URL;
The resource access request is intercepted according to the target interception device calling interface invocation target blocker;
The corresponding request Internet protocol address of the resource access request is obtained, and by the request Internet protocol
Location is added to default blacklist.
Preferably, described when the authentication passes through, it is corresponding that the login user is read from the user information
Access authorization code, and the access authority whether login user has resource to be visited is detected according to the access authorization code
The step of, comprising:
When the authentication passes through, the corresponding access mandate of the login user is read from the user information
Code;
Obtain that the resource access request is corresponding to request access to type, the type that requests access to includes that page resource is visited
It asks or interface resource accesses;
The dynamic mapping between type and resource authorization code collection that requests access to pre-established is traversed, to obtain
It states and requests access to the corresponding resource authorization code collection of type, and detect whether the access authorization code belongs to the resource authorization code
Collection;
If belonging to, determine that the login user has the access authority of the resource to be visited;If being not belonging to, determine
The login user does not have the access authority of the resource to be visited.
Preferably, if described have, the resource access request is responded, and is established according to the user information
The step of access session, comprising:
When detecting that the login user has the access authority of the resource to be visited, the resource to be visited is added
It is loaded onto the requesting client of the resource access request;
It detects and whether carries the corresponding client identification of the requesting client in the user information;
It is identified if it is not, then generating the corresponding queued session of the resource access request according to Generating Random Number, and root
Access session is established according to queued session mark;
If so, obtaining the client identification from the user information, and is established and visited according to the client identification
Ask session.
Preferably, described that user behavior monitoring is carried out to the access session, it is got over monitoring the login user presence
When weighing access behavior, the corresponding access authorization code of the login user is deleted from preset configuration file, and forbids described step on
The step of employing the current accessed behavior at family, comprising:
User behavior monitoring is carried out to the access session, to obtain the resource text of the login user current accessed in real time
Destination Resource Type belonging to part and the resource file;
The corresponding preset configuration file of the Destination Resource Type is searched in the database, from the preset configuration file
Corresponding permission code collection is read, and detects whether the access authorization code belongs to the permission code collection;
If being not belonging to, the login user is determined there are unauthorized access behavior, by the access authorization code from pre- establishing
It sets in file and deletes, and forbid the current accessed behavior of the login user.
In addition, to achieve the above object, the present invention also proposes a kind of address control set, described device includes:
Permission detection module, for when receiving resource access request, according to what is carried in the resource access request
Whether user information detection login user has the access authority of resource to be visited;
Session establishment module, for detect the login user have the resource to be visited access authority when,
Then the resource access request is responded, and access session is established according to the user information;
Behavior monitoring module is monitoring the login user for carrying out user behavior monitoring to the access session
There are when unauthorized access behavior, the corresponding access authorization code of the login user is deleted from preset configuration file, and forbids
The current accessed behavior of the login user.
In addition, to achieve the above object, the present invention also proposes that a kind of access privilege control equipment, the equipment include: to deposit
Reservoir, processor and it is stored in the access privilege control program that can be run on the memory and on the processor, it is described
Access privilege control program is arranged for carrying out the step of access right control method as described above.
In addition, to achieve the above object, the present invention also proposes a kind of storage medium, access is stored on the storage medium
Permission controls program, and the access privilege control program realizes access privilege control side as described above when being executed by processor
The step of method.
The present invention according to the user information carried in resource access request by detecting when receiving resource access request
Whether login user has the access authority of resource to be visited;If have if resource access request is responded, and according to
Family information establishes access session;Then user behavior monitoring is carried out to access session, there is visit of going beyond one's commission monitoring login user
When asking behavior, the corresponding access authorization code of login user is deleted from preset configuration file, and forbid the current of login user
Access behavior.The present invention is detected by access authority, establishes access session when detection passes through for login user;Then to access
Session carries out behavior monitoring, and monitoring login user, there are immediately delete the access authorization code of user when unauthorized access behavior
It removes, forbids user access activity, so that permission control mode has preferable scalability, can avoid getting over for user in time
Access behavior is weighed, is guaranteed data security.
Detailed description of the invention
Fig. 1 is the structural representation of the access privilege control equipment for the hardware running environment that the embodiment of the present invention is related to
Figure;
Fig. 2 is the flow diagram of access right control method first embodiment of the present invention;
Fig. 3 is the flow diagram of access right control method second embodiment of the present invention;
Fig. 4 is the flow diagram of access right control method 3rd embodiment of the present invention;
Fig. 5 is the structural block diagram of address control set first embodiment of the present invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that described herein, specific examples are only used to explain the present invention, is not intended to limit the present invention.
Referring to Fig.1, Fig. 1 is the access privilege control device structure for the hardware running environment that the embodiment of the present invention is related to
Schematic diagram.
As shown in Figure 1, the access privilege control equipment may include: processor 1001, such as central processing unit
(Central Processing Unit, CPU), communication bus 1002, user interface 1003, network interface 1004, memory
1005.Wherein, communication bus 1002 is for realizing the connection communication between these components.User interface 1003 may include display
Shield (Display), input unit such as keyboard (Keyboard), optional user interface 1003 can also include that the wired of standard connects
Mouth, wireless interface.Network interface 1004 optionally may include standard wireline interface and wireless interface (such as Wireless Fidelity
(WIreless-FIdelity, WI-FI) interface).Memory 1005 can be the random access memory (Random of high speed
Access Memory, RAM) memory, be also possible to stable nonvolatile memory (Non-Volatile Memory,
), such as magnetic disk storage NVM.Memory 1005 optionally can also be the storage device independently of aforementioned processor 1001.
It will be understood by those skilled in the art that structure shown in Fig. 1 does not constitute the limit to access privilege control equipment
It is fixed, it may include perhaps combining certain components or different component layouts than illustrating more or fewer components.
As shown in Figure 1, as may include operating system, data storage mould in a kind of memory 1005 of storage medium
Block, network communication module, Subscriber Interface Module SIM and access privilege control program.
In access privilege control equipment shown in Fig. 1, network interface 1004 is mainly used for being counted with network server
According to communication;User interface 1003 is mainly used for carrying out data interaction with user;Processing in access privilege control equipment of the present invention
Device 1001, memory 1005 can be set in access privilege control equipment, and the access privilege control equipment passes through processor
The access privilege control program stored in 1001 calling memories 1005, and execute access authority control provided in an embodiment of the present invention
Method processed.
The embodiment of the invention provides a kind of access right control methods, are access authority control of the present invention referring to Fig. 2, Fig. 2
The flow diagram of method first embodiment processed.
In the present embodiment, the access right control method the following steps are included:
Step S10: it when receiving resource access request, is examined according to the user information carried in the resource access request
Survey the access authority whether login user has resource to be visited;
It should be noted that the executing subject of this programme method can be based on a kind of shrio frame (Java safe frame
Frame, for executing authentication, authorization, password and session management) building data management platform.The resource access request,
That is login user carries uniform resource locator (Uniform when carrying out resource access, through what browser client was sent
Resource Locator, URL) address and user information request message.Wherein, the user information includes but is not limited to
User name, User Identity (Identification, Id) or the corresponding Internet protocol address (Internet of client
Protocol Address, IP) etc. data informations, the resource file that the resource, that is, data management platform to be visited possesses.
Before executing this step, staff, which can control the corresponding web page permission of above-mentioned data management platform, is
System carries out modular arrangements.For example, being configured to the cache manager of management caches user information and session (session);Match
It sets realms (a kind of to be able to access that the specific secure data of the application program such as component of user, role and permission) and rewrites one
Class is realized to realize login authentication, authorization check and some other miscellaneous functions, such as administrator authentication;The configurating filtered device, mistake
Login page configuration, the URL login successfully rear page configuration, publish, needing to intercept etc. are provided in filter;Configuration menu, authorization
Code, authorization code use dynamic configuration, can distribute to user in the enterprising authorization code of being about to of the page, user is buffered in slow after logging in
It deposits in manager.
In the concrete realization, data management platform receive user by client send receive resource access ask
The request can be parsed when asking, whether institute is then had according to the user information detection login user for including in parsing result
State the access authority of resource to be visited.
Further, in order to guarantee the safety of resource data, data management platform is receiving resource in the present embodiment
When access request, the user information for including in resource access request can be first read, then login is used according to the user information
Family carries out authentication, reads the corresponding access authorization code of login user, and root from user information if authentication passes through
Whether there is the access authority of resource to be visited according to access authorization code detection login user;It is directly anti-if authentication does not pass through
Present the prompt information of the page or resource access errors.
It should be noted that the access authorization code, i.e., for verifying the access whether login user has target resource
The character of permission, and the access authorization code of each login user is relatively-stationary whithin a period of time.
Further, in this embodiment being tested in order to avoid data management platform carries out identity to each login user
Card, increases the operation burden of data management platform.In the present embodiment, data management platform is carrying out authentication to login user
Before, interception certification first can be carried out to the request URL carried in resource access request, executes authentication again when certification passes through
Operation avoid invalid authentication operation to reduce the workload of platform.
Specifically, data management platform it is corresponding can to extract the resource access request when receiving resource access request
Request URL, and detect whether the request URL belongs to preset URL to be intercepted;It is visited if it is not, then reading the resource
It asks the user information for including in request, extracts the request Internet protocol address carried in the user information;Read local deposit
The default blacklist of storage, and body is carried out to login user according to the request Internet protocol address and the default blacklist
Part verifying;If so, being asked described in inquiry in mapping table between the request URL constructed in advance and blocker calling interface
Seek the corresponding target interception device calling interface of URL;According to the target interception device calling interface invocation target blocker to described
Resource access request is intercepted;The corresponding request Internet protocol address of the resource access request is obtained, and is asked by described in
Internet protocol address is asked to be added to default blacklist.
Further, in this embodiment data management platform may be based on when carrying out authentication to login user
The detection that default blacklist to carry out login user IP address is stated, to avoid login user except the local area network of setting
, Account Logon is carried out in the external network that safety is poor, cause platform resource data to there is stolen security risk.
Step S20: if having, responding the resource access request, and is established and visited according to the user information
Ask session;
It should be understood that session refers to the mistake that a terminal user and interactive system are communicated in computerese
Journey, for example entering operating system to operating system is exited from input account password is exactly a conversation procedure.In the present solution, data
Management platform can ring resource access request after authenticating to login user and having to the access authority of resource to be visited
It answers, and access session is established according to the user information.
Further, it is contemplated that the basic agreement of Internate is TCP/IP (transmission control protocol and Internet protocol), and
FTP, HTTP used at present are built upon the application layer protocol on TCP/IP, and different agreements corresponds to different applications,
Http protocol is Web using used main protocol.Due to http protocol be it is stateless, the letter submitted every time cannot be saved
Breath, i.e., after server is returned with corresponding response is requested, all information of current affairs will lose, if together
One user sends a new request, and server can not also know whether it is related with the request of last time.It is above-mentioned to overcome
Problem improves the information security management effect of data management platform.Data management platform is detecting login user in this step
When access authority with resource to be visited, resource to be visited is first loaded onto the requesting client of resource access request;Then
It detects and whether carries the corresponding client identification of the requesting client in the user information;If it is not, then according to random number
Generating algorithm generates the corresponding queued session mark of the resource access request, and is identified according to the queued session and establish access
Session;If so, obtaining the client identification from the user information, and access meeting is established according to the client identification
Words.Wherein, the queued session mark can be the random number generation function in C language according to the Generating Random Number of setting
The character of generation, for example, passing through pseudo random number -- rand generates the pseudo random number between a 0-32767;Again or by with
Machine subfunction -- srand initializes the random seed of randomizer, and the random number after then calling initialization occurs
Device generates the queued session mark, and specific Generating Random Number rule the present embodiment is with no restrictions.
The present embodiment establishes access session by client identification, enables to data management platform can be solicited status
It is stored in some storage region of corresponding server, is only sent back an identifier (the i.e. described client identification), browser visitor
Family end sends over this identifier during in next time, request is submitted;Data management platform can position the service of being stored in this way
Status information on device.Transmit an identifier back and forth between browser client and server, here it is so-called sessions
(session) it tracks, all requests comprising the same identifier from browser client belong to a session.
Step S30: carrying out user behavior monitoring to the access session, there is visit of going beyond one's commission monitoring the login user
When asking behavior, the corresponding access authorization code of the login user is deleted from preset configuration file, and the login is forbidden to use
The current accessed behavior at family.
It should be understood that Session Management (session management) is used in four big cores of shiro frame
The specific session of user is managed, data management platform is after establishing the corresponding session of resource access request in this step
Tracing and monitoring is carried out to the session, to obtain the access behavioral data of login user in real time.
It should be noted that rights management person can distinguish in the web page of authority configuration before executing this step
Corresponding authorization code is configured for the corresponding access resource path of all kinds of resources.All access authorization codes are all in the present embodiment
State control, and the modification or update of access authorization code are with good expansibility, i.e., when data management platform is detecting
When a certain user's malice unauthorized access resource, rights management person can be prompted to log on in system immediately and award the access of these users
Weighted code carried out from configuration file delete erase, or modification user currently need to access resource access authorization code be allowed to and this
The access authorization code that a little users are currently owned by mismatches.Certainly, in order to guarantee the safety of platform data, data management platform is being examined
It can also be about to login user corresponding access authorization code when measuring unauthorized access certainly to delete from preset configuration file, thus in time
These users are prevented to continue unauthorized access.
In the concrete realization, data management platform can call the Session Management in shiro frame to access
Session carries out user behavior monitoring, to monitor login user there are when unauthorized access behavior, by the login user pair
The access authorization code answered is deleted from preset configuration file, and forbids the current accessed behavior of the login user, to guarantee
The safety of platform data.
The present embodiment according to user information is carried in resource access request by detecting when receiving resource access request
Whether login user has the access authority of resource to be visited;If have if resource access request is responded, and according to
Family information establishes access session;Then user behavior monitoring is carried out to access session, there is visit of going beyond one's commission monitoring login user
When asking behavior, the corresponding access authorization code of login user is deleted from preset configuration file, and forbid the current of login user
Access behavior.The present embodiment is detected by access authority, establishes access session when detection passes through for login user;Then to visit
Ask that session carries out behavior monitoring, there are immediately the access authorization code of user is deleted when unauthorized access behavior monitoring login user
It removes, forbids user access activity, so that permission control mode has preferable scalability, can avoid getting over for user in time
Access behavior is weighed, is guaranteed data security.
With reference to Fig. 3, Fig. 3 is the flow diagram of access right control method second embodiment of the present invention.
Based on above-mentioned first embodiment, in the present embodiment, data management platform passes through in authentication, from user information
The corresponding access authorization code of middle reading login user, and detect whether login user has resource to be visited according to access authorization code
Access authority the step of may particularly include:
Step S101: when the authentication passes through, it is corresponding that the login user is read from the user information
Access authorization code;
It should be noted that rights management person can be on access resource path, according to following several before executing this step
A granularity (including page authorization, function authorization, button authorization and interface authorization etc.) configuration access authorization code.Certain this programme
The configuration of other granularities is also supported according to actual business requirement.In addition, the access authorization code in the present embodiment can pass through file
The mode of note goes to be configured, so as to save many configuration works in integrating process.
In the concrete realization, data management platform can read login from user information and use when authentication passes through
The corresponding access authorization code in family, the matching verifying for the authorization code that then accesses.
Step S102: obtaining that the resource access request is corresponding to request access to type, and the type that requests access to includes
Page resource access or interface resource access;
It should be noted that requesting access to the resource of the accessed resource of type i.e. resource access request described in the present embodiment
Type, the resource type mainly include page resource or interface resource, and correspondingly described to request access to type include page resource
Access or interface resource access.
In the present embodiment, rights management person may respectively be page resource and interface resource configures corresponding resource authorization code
Collection, and the dynamic mapping requested access between type and resource authorization code collection is established, so as to subsequent according to the dynamic mapping
Rapidly and accurately obtain the corresponding resource authorization code collection of each resource access request.
Step S103: the dynamic mapping progress time requested access between type and resource authorization code collection to pre-establishing
Go through, to request access to the corresponding resource authorization code collection of type described in obtaining, and detect the access authorization code whether belong to it is described
Resource authorization code collection;
It should be noted that the resource authorization code collection can be this category of resource authorization in the program code of configuration file
The corresponding property annotation of property, rights management person can modify the content of note in such a way that program hot repair is multiple whenever and wherever possible, that is, repair
Change the set element in the resource authorization code collection, to forbid getting over for login user while realizing multiple to program hot repair
Power access, the present embodiment it is this by the hot repair of configuration file program in machine code again come to access authorization code carry out dynamic management side
Formula has wide range of applications compared to corresponding authority managing and controlling mode scalability with higher.
In the concrete realization, data management platform can visit the request constructed in advance according to the type that requests access to got
Ask that the dynamic mapping between type and resource authorization code collection is traversed, to obtain corresponding resource authorization code collection.
Step S104: if belonging to, determine that the login user has the access authority of the resource to be visited;If not belonging to
In, then determine the login user do not have the resource to be visited access authority.
In the concrete realization, data management platform can be detected in user information and wrap after getting resource authorization code collection
Whether the access authorization code contained belongs to any one authorization code in resource authorization code collection, shows that login user is current if belonging to
With the permission to access to resource to be visited;If being not belonging to, show that login user does not have the access of resource to be visited
Permission.
Certainly, it should be noted that login user, which possesses, does not represent login use to the access authority of resource to be visited
Family possesses all same access authority for requesting access to type corresponding resource, therefore rights management person can be difference in the present embodiment
The resource of granularity configures corresponding resource authorization code collection, the set element in these resource authorization code collections can it is different can also
With there are intersection elements.
The present embodiment reads the corresponding access authorization code of login user when authentication passes through from user information;It obtains
Take resource access request is corresponding to request access to type;Corresponding resource authorization code is read according to the type that requests access to got
Collection, and whether test access authorization code belongs to resource authorization code collection;If belonging to, determine that login user has resource to be visited
Access authority;If being not belonging to, determine that login user does not have the access authority of resource to be visited.The present embodiment is asked according to access
That asks requests access to type to carry out the configuration and acquisition of resource authorization code collection, reduces the configuration work amount of authorization code, improves
Authority Verification efficiency.
With reference to Fig. 4, Fig. 4 is the flow diagram of access right control method 3rd embodiment of the present invention.
Based on the various embodiments described above, in the present embodiment, the step S40 be may particularly include:
Step S401: user behavior monitoring is carried out to the access session, is currently visited with obtaining the login user in real time
Destination Resource Type belonging to the resource file and the resource file asked;
It should be understood that being integrated in practical application scene, data management platform is being to log in use according to client identification
After corresponding access session is established at family, user behavior monitoring can be also carried out to access session, it is current to obtain login user in real time
Destination Resource Type belonging to the resource file and resource file of access.
For example, data management platform is asked when login user A sends first resource access request according to what request carried
URL is asked to determine that the resource to be visited of login user A current accessed is a certain page resource, platform has received again after five minutes
Login user A send resource access request, platform can first determine this resource access request access resource whether with it is upper
The resource (file) once accessed is identical, shows that login user A has replaced the resource of access if not identical, just needs weight at this time
Whether new verifying login user A has the access authority to current resource file.
In the concrete realization, data management platform can carry out user behavior monitoring to the access session, to obtain in real time
Destination Resource Type belonging to the resource file and the resource file of the login user current accessed.
Step S402: searching the corresponding preset configuration file of the Destination Resource Type in the database, presets from described
Corresponding permission code collection is read in configuration file, and detects whether the access authorization code belongs to the permission code collection;
It will be appreciated that data management platform needs to detect after the resource file for determining login user current accessed
Whether login user can access to the resource file.Specifically, data management platform can first determine that login user is worked as
Destination Resource Type belonging to the resource file of preceding access (page resource or interface resource), then searches target in the database
The corresponding preset configuration file of resource type, then corresponding permission code collection is read from preset configuration file, and test access is awarded
Whether weighted code belongs to permission code collection (i.e. access mandate code collection).
Step S403: if being not belonging to, determining the login user, there are unauthorized access behaviors, by the access authorization code
It is deleted from preset configuration file, and forbids the current accessed behavior of the login user.
In the concrete realization, when the visit carried in the resource access request that data management platform detects login user transmission
When asking that authorization code is not belonging to permission code collection, that is, can determine that login user, there are unauthorized access behaviors, then by access authorization code from
It is deleted in preset configuration file, and forbids the current accessed behavior of login user, ensure the information security of platform data.
The present embodiment carries out user behavior monitoring to access session, to obtain the resource text of login user current accessed in real time
Destination Resource Type belonging to part and resource file;The corresponding preset configuration text of Destination Resource Type is searched in the database
Part reads corresponding permission code collection from preset configuration file, and whether test access authorization code belongs to permission code collection;If not belonging to
In then determining login user, there are unauthorized access behaviors, access authorization code are deleted from preset configuration file, and forbid logging in
The current accessed behavior of user can avoid the generation of unauthorized access in time, guarantee the safety of platform data.
In addition, the embodiment of the present invention also proposes a kind of storage medium, access privilege control is stored on the storage medium
Program, the access privilege control program realize the step of access right control method as described above when being executed by processor
Suddenly.
It is the structural block diagram of address control set first embodiment of the present invention referring to Fig. 5, Fig. 5.
As shown in figure 5, the address control set that the embodiment of the present invention proposes includes:
Permission detection module 501, for being carried according in the resource access request when receiving resource access request
User information detection login user whether there is the access authority of resource to be visited;
Session establishment module 502, in the access authority for detecting that the login user has the resource to be visited
When, then the resource access request is responded, and access session is established according to the user information;
Behavior monitoring module 503 is used for carrying out user behavior monitoring to the access session monitoring the login
The corresponding access authorization code of the login user is deleted from preset configuration file, and prohibits there are when unauthorized access behavior at family
The only current accessed behavior of the login user.
The present embodiment according to user information is carried in resource access request by detecting when receiving resource access request
Whether login user has the access authority of resource to be visited;If have if resource access request is responded, and according to
Family information establishes access session;Then user behavior monitoring is carried out to access session, there is visit of going beyond one's commission monitoring login user
When asking behavior, the corresponding access authorization code of login user is deleted from preset configuration file, and forbid the current of login user
Access behavior.The present embodiment is detected by access authority, establishes access session when detection passes through for login user;Then to visit
Ask that session carries out behavior monitoring, there are immediately the access authorization code of user is deleted when unauthorized access behavior monitoring login user
It removes, forbids user access activity, so that permission control mode has preferable scalability, can avoid getting over for user in time
Access behavior is weighed, is guaranteed data security.
Based on the above-mentioned address control set first embodiment of the present invention, address control set of the present invention is proposed
Second embodiment.
In the present embodiment, the permission detection module 501, is also used to when receiving resource access request, reads institute
The user information for including in resource access request is stated, and authentication is carried out to login user according to the user information;Institute
When stating authentication and passing through, the corresponding access authorization code of the login user is read from the user information, and according to described
Access authorization code detects the access authority whether login user has resource to be visited.
Further, the permission detection module 501, is also used to when receiving resource access request, extracts the money
The corresponding request URL of source access request, and detect whether the request URL belongs to preset URL to be intercepted;If it is not, then
The user information for including in the resource access request is read, with extracting the request Internet protocol carried in the user information
Location;The default blacklist being locally stored is read, and according to the request Internet protocol address and the default blacklist pair
Login user carries out authentication.
Further, the permission detection module 501 is also used to detecting that it is preset that the request URL belongs to
When intercepting URL, the request is inquired in the mapping table between the request URL constructed in advance and blocker calling interface
The corresponding target interception device calling interface of URL;According to the target interception device calling interface invocation target blocker to the money
Source access request is intercepted;Obtain the corresponding request Internet protocol address of the resource access request, and by the request
Internet protocol address is added to default blacklist.
Further, the permission detection module 501 is also used to when the authentication passes through, and is believed from the user
The corresponding access authorization code of the login user is read in breath;Obtain that the resource access request is corresponding to request access to type,
The type that requests access to includes page resource access or interface resource access;Type and resource are requested access to what is pre-established
Dynamic mapping between authorization code collection is traversed, and to request access to the corresponding resource authorization code collection of type described in acquisition, and is examined
Survey whether the access authorization code belongs to the resource authorization code collection;If belonging to, determine the login user have it is described to
Access the access authority of resource;If being not belonging to, determine that the login user does not have the access authority of the resource to be visited.
Further, the session establishment module 502 is also used to detecting that it is described to be visited that the login user has
When the access authority of resource, the resource to be visited is loaded onto the requesting client of the resource access request;Described in detection
Whether the requesting client corresponding client identification is carried in user information;If it is not, then according to Generating Random Number
The corresponding queued session mark of the resource access request is generated, and access session is established according to queued session mark;If
It is the client identification then to be obtained from the user information, and access session is established according to the client identification.
Further, the behavior monitoring module 503 is also used to carry out user behavior monitoring to the access session, with
Destination Resource Type belonging to the resource file and the resource file of the login user current accessed is obtained in real time;In number
According to the corresponding preset configuration file of the Destination Resource Type is searched in library, corresponding power is read from the preset configuration file
Code collection is limited, and detects whether the access authorization code belongs to the permission code collection;If being not belonging to, determine that the login user is deposited
In unauthorized access behavior, the access authorization code is deleted from preset configuration file, and forbid the current of the login user
Access behavior.
The other embodiments or specific implementation of address control set of the present invention can refer to above-mentioned each method and implement
Example, details are not described herein again.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that the process, method, article or the system that include a series of elements not only include those elements, and
And further include other elements that are not explicitly listed, or further include for this process, method, article or system institute it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do
There is also other identical elements in the process, method of element, article or system.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art
The part contributed out can be embodied in the form of software products, which is stored in a storage medium
In (such as read-only memory/random access memory, magnetic disk, CD), including some instructions are used so that a terminal device (can
To be mobile phone, computer, server, air conditioner or the network equipment etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.
Claims (10)
1. a kind of access right control method, which is characterized in that the described method includes:
When receiving resource access request, it is according to the user information detection login user carried in the resource access request
The no access authority with resource to be visited;
If having, the resource access request is responded, and access session is established according to the user information;
User behavior monitoring is carried out to the access session, the login user is being monitored there are when unauthorized access behavior, is inciting somebody to action
The corresponding access authorization code of the login user is deleted from preset configuration file, and forbids the current accessed of the login user
Behavior.
2. the method as described in claim 1, which is characterized in that it is described when receiving resource access request, according to the money
Whether the user information detection login user carried in the access request of source has the step of access authority of resource to be visited, wraps
It includes:
When receiving resource access request, the user information for including in the resource access request is read, and according to the use
Family information carries out authentication to login user;
When the authentication passes through, the corresponding access authorization code of the login user is read from the user information, and
The access authority whether login user has resource to be visited is detected according to the access authorization code.
3. method according to claim 2, which is characterized in that it is described when receiving resource access request, read the money
The user information for including in the access request of source, and the step of authentication is carried out to login user according to the user information, packet
It includes:
When receiving resource access request, the corresponding request URL of the resource access request is extracted, and detect the request
Whether URL belongs to preset URL to be intercepted;
If it is not, then reading the user information for including in the resource access request, the request carried in the user information is extracted
Internet protocol address;
The default blacklist being locally stored is read, and according to the request Internet protocol address and the default blacklist pair
Login user carries out authentication.
4. method as claimed in claim 3, which is characterized in that it is preset whether the detection request URL belongs to
After the step of URL to be intercepted, the method also includes:
If so, inquiring the request in mapping table between the request URL constructed in advance and blocker calling interface
The corresponding target interception device calling interface of URL;
The resource access request is intercepted according to the target interception device calling interface invocation target blocker;
The corresponding request Internet protocol address of the resource access request is obtained, and the request Internet protocol address is added
Add to default blacklist.
5. such as the described in any item methods of claim 2 to 4, which is characterized in that it is described when the authentication passes through, from institute
It states and reads the corresponding access authorization code of the login user in user information, and the login is detected according to the access authorization code
Whether user has the step of access authority of resource to be visited, comprising:
When the authentication passes through, the corresponding access authorization code of the login user is read from the user information;
Obtain that the resource access request is corresponding to request access to type, it is described request access to type include page resource access or
Interface resource access;
The dynamic mapping between type and resource authorization code collection that requests access to pre-established is traversed, to be asked described in acquisition
The corresponding resource authorization code collection of access type is sought, and detects whether the access authorization code belongs to the resource authorization code collection;
If belonging to, determine that the login user has the access authority of the resource to be visited;If being not belonging to, described in judgement
Login user does not have the access authority of the resource to be visited.
6. method as claimed in claim 5, which is characterized in that if described have, rung to the resource access request
It answers, and the step of access session is established according to the user information, comprising:
When detecting that the login user has the access authority of the resource to be visited, the resource to be visited is loaded onto
The requesting client of the resource access request;
It detects and whether carries the corresponding client identification of the requesting client in the user information;
It is identified if it is not, then generating the corresponding queued session of the resource access request according to Generating Random Number, and according to institute
It states queued session mark and establishes access session;
If so, obtaining the client identification from the user information, and access meeting is established according to the client identification
Words.
7. the method as described in claim 1, which is characterized in that it is described that user behavior monitoring is carried out to the access session,
The login user is monitored there are when unauthorized access behavior, by the corresponding access authorization code of the login user from preset configuration
It is deleted in file, and the step of forbidding the current accessed behavior of the login user, comprising:
To the access session carry out user behavior monitoring, with obtain in real time the resource file of the login user current accessed with
And Destination Resource Type belonging to the resource file;
The corresponding preset configuration file of the Destination Resource Type is searched in the database, is read from the preset configuration file
Corresponding permission code collection, and detect whether the access authorization code belongs to the permission code collection;
If being not belonging to, determining the login user, there are unauthorized access behaviors, and the access authorization code is literary from preset configuration
It is deleted in part, and forbids the current accessed behavior of the login user.
8. a kind of address control set, which is characterized in that described device includes:
Permission detection module, for when receiving resource access request, according to the user carried in the resource access request
Whether infomation detection login user has the access authority of resource to be visited;
Session establishment module, for detect the login user have the resource to be visited access authority when, then it is right
The resource access request is responded, and establishes access session according to the user information;
Behavior monitoring module exists for carrying out user behavior monitoring to the access session monitoring the login user
When unauthorized access behavior, the corresponding access authorization code of the login user is deleted from preset configuration file, and forbidden described
The current accessed behavior of login user.
9. a kind of access privilege control equipment, which is characterized in that the equipment includes: memory, processor and is stored in described
On memory and the access privilege control program that can run on the processor, the access privilege control program are configured to reality
Now the step of access right control method as described in any one of claims 1 to 7.
10. a kind of storage medium, which is characterized in that be stored with access privilege control program, the access on the storage medium
Permission control program realizes the step of access right control method as described in any one of claim 1 to 7 when being executed by processor
Suddenly.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910432960.8A CN110287660A (en) | 2019-05-21 | 2019-05-21 | Access right control method, device, equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910432960.8A CN110287660A (en) | 2019-05-21 | 2019-05-21 | Access right control method, device, equipment and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110287660A true CN110287660A (en) | 2019-09-27 |
Family
ID=68002411
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910432960.8A Pending CN110287660A (en) | 2019-05-21 | 2019-05-21 | Access right control method, device, equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110287660A (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110688643A (en) * | 2019-11-05 | 2020-01-14 | 北京集奥聚合科技有限公司 | Processing method for platform identity identification and authority authentication |
CN110930234A (en) * | 2019-11-18 | 2020-03-27 | 河南城建学院 | Financial management method with remote access function |
CN112181476A (en) * | 2020-08-31 | 2021-01-05 | 北京达佳互联信息技术有限公司 | Application program control method, device, server and storage medium |
CN112597229A (en) * | 2020-12-25 | 2021-04-02 | 沧州华润热电有限公司 | Equipment data access method, device and system and readable storage medium |
CN112817997A (en) * | 2021-02-24 | 2021-05-18 | 广州市品高软件股份有限公司 | Method and device for accessing S3 object storage by using dynamic user through distributed computing engine |
CN112836189A (en) * | 2021-02-26 | 2021-05-25 | 深圳证券交易所 | Third-party application access method, terminal and computer-readable storage medium |
CN113254994A (en) * | 2021-05-27 | 2021-08-13 | 平安普惠企业管理有限公司 | Database access method and device, storage medium and computer equipment |
CN114297618A (en) * | 2021-12-28 | 2022-04-08 | 北京深思数盾科技股份有限公司 | Authorization code generation method, identity authentication method, terminal, server and medium |
CN114629673A (en) * | 2021-08-20 | 2022-06-14 | 重庆数智逻辑科技有限公司 | Page control method and device, electronic equipment and computer readable storage medium |
CN114785720A (en) * | 2022-04-08 | 2022-07-22 | 北京国信网联科技有限公司 | Internet surfing behavior supervision platform for enterprise local area network |
CN115906187A (en) * | 2023-02-22 | 2023-04-04 | 山东经伟晟睿数据技术有限公司 | User authority control method and system combining function authority and interface authority |
CN116933300A (en) * | 2023-09-18 | 2023-10-24 | 云账户技术(天津)有限公司 | Fusing management method and device oriented to user permission and electronic equipment |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070101440A1 (en) * | 2005-10-17 | 2007-05-03 | Oracle International Corporation | Auditing correlated events using a secure web single sign-on login |
CN107147671A (en) * | 2017-06-19 | 2017-09-08 | 上海斐讯数据通信技术有限公司 | One kind is based on website route access right control method, access method and system |
WO2017167019A1 (en) * | 2016-04-01 | 2017-10-05 | 中兴通讯股份有限公司 | Cloud desktop-based processing method and apparatus, and computer storage medium |
WO2018036314A1 (en) * | 2016-08-22 | 2018-03-01 | 中兴通讯股份有限公司 | Single-sign-on authentication method and apparatus, and storage medium |
CN108268780A (en) * | 2016-12-30 | 2018-07-10 | 航天信息股份有限公司 | A kind of method and device for being used to control system access |
CN108334758A (en) * | 2017-01-20 | 2018-07-27 | 中国移动通信集团山西有限公司 | A kind of detection method, device and the equipment of user's ultra vires act |
WO2018188558A1 (en) * | 2017-04-11 | 2018-10-18 | 腾讯科技(深圳)有限公司 | Method and apparatus for identifying account permission |
CN109670768A (en) * | 2018-09-27 | 2019-04-23 | 深圳壹账通智能科技有限公司 | Right management method, device, platform and the readable storage medium storing program for executing in multi-service domain |
-
2019
- 2019-05-21 CN CN201910432960.8A patent/CN110287660A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070101440A1 (en) * | 2005-10-17 | 2007-05-03 | Oracle International Corporation | Auditing correlated events using a secure web single sign-on login |
WO2017167019A1 (en) * | 2016-04-01 | 2017-10-05 | 中兴通讯股份有限公司 | Cloud desktop-based processing method and apparatus, and computer storage medium |
WO2018036314A1 (en) * | 2016-08-22 | 2018-03-01 | 中兴通讯股份有限公司 | Single-sign-on authentication method and apparatus, and storage medium |
CN108268780A (en) * | 2016-12-30 | 2018-07-10 | 航天信息股份有限公司 | A kind of method and device for being used to control system access |
CN108334758A (en) * | 2017-01-20 | 2018-07-27 | 中国移动通信集团山西有限公司 | A kind of detection method, device and the equipment of user's ultra vires act |
WO2018188558A1 (en) * | 2017-04-11 | 2018-10-18 | 腾讯科技(深圳)有限公司 | Method and apparatus for identifying account permission |
CN107147671A (en) * | 2017-06-19 | 2017-09-08 | 上海斐讯数据通信技术有限公司 | One kind is based on website route access right control method, access method and system |
CN109670768A (en) * | 2018-09-27 | 2019-04-23 | 深圳壹账通智能科技有限公司 | Right management method, device, platform and the readable storage medium storing program for executing in multi-service domain |
Non-Patent Citations (2)
Title |
---|
伍孟轩;李伟;易叔海;程蒙;刘川;: "跨域单点登录解决方案研究", 网络安全技术与应用, no. 02 * |
易文康;程骅;程耕国;: "Shiro框架在Web系统安全性上的改进与应用", 计算机工程, no. 11 * |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110688643A (en) * | 2019-11-05 | 2020-01-14 | 北京集奥聚合科技有限公司 | Processing method for platform identity identification and authority authentication |
CN110930234A (en) * | 2019-11-18 | 2020-03-27 | 河南城建学院 | Financial management method with remote access function |
CN110930234B (en) * | 2019-11-18 | 2024-03-12 | 河南城建学院 | Financial management method with remote access function |
CN112181476A (en) * | 2020-08-31 | 2021-01-05 | 北京达佳互联信息技术有限公司 | Application program control method, device, server and storage medium |
CN112597229A (en) * | 2020-12-25 | 2021-04-02 | 沧州华润热电有限公司 | Equipment data access method, device and system and readable storage medium |
CN112817997A (en) * | 2021-02-24 | 2021-05-18 | 广州市品高软件股份有限公司 | Method and device for accessing S3 object storage by using dynamic user through distributed computing engine |
CN112836189B (en) * | 2021-02-26 | 2023-11-14 | 深圳证券交易所 | Third party application access method, terminal and computer readable storage medium |
CN112836189A (en) * | 2021-02-26 | 2021-05-25 | 深圳证券交易所 | Third-party application access method, terminal and computer-readable storage medium |
CN113254994A (en) * | 2021-05-27 | 2021-08-13 | 平安普惠企业管理有限公司 | Database access method and device, storage medium and computer equipment |
CN114629673A (en) * | 2021-08-20 | 2022-06-14 | 重庆数智逻辑科技有限公司 | Page control method and device, electronic equipment and computer readable storage medium |
CN114297618A (en) * | 2021-12-28 | 2022-04-08 | 北京深思数盾科技股份有限公司 | Authorization code generation method, identity authentication method, terminal, server and medium |
CN114785720A (en) * | 2022-04-08 | 2022-07-22 | 北京国信网联科技有限公司 | Internet surfing behavior supervision platform for enterprise local area network |
CN114785720B (en) * | 2022-04-08 | 2023-04-14 | 北京国信网联科技有限公司 | Internet surfing behavior supervision platform for enterprise local area network |
CN115906187A (en) * | 2023-02-22 | 2023-04-04 | 山东经伟晟睿数据技术有限公司 | User authority control method and system combining function authority and interface authority |
CN116933300A (en) * | 2023-09-18 | 2023-10-24 | 云账户技术(天津)有限公司 | Fusing management method and device oriented to user permission and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110287660A (en) | Access right control method, device, equipment and storage medium | |
US10257199B2 (en) | Online privacy management system with enhanced automatic information detection | |
US10764290B2 (en) | Governed access to RPA bots | |
CN106096343B (en) | Message access control method and equipment | |
US8332922B2 (en) | Transferable restricted security tokens | |
CN108234653A (en) | A kind of method and device of processing business request | |
US10560435B2 (en) | Enforcing restrictions on third-party accounts | |
KR19980086696A (en) | Authentication method and system for distributed service for restricting password compromise | |
US20040073668A1 (en) | Policy delegation for access control | |
WO2014004412A1 (en) | Identity risk score generation and implementation | |
CN113536258A (en) | Terminal access control method and device, storage medium and electronic equipment | |
CN106878250B (en) | Cross-application single-state login method and device | |
CN109669718A (en) | System permission configuration method, device, equipment and storage medium | |
CN105022939B (en) | Information Authentication method and device | |
CN114117264A (en) | Illegal website identification method, device, equipment and storage medium based on block chain | |
CN110069911A (en) | Access control method, device, system, electronic equipment and readable storage medium storing program for executing | |
CN107862091A (en) | Realize the control method and device of web page access | |
EP2973192B1 (en) | Online privacy management | |
CN111404937A (en) | Method and device for detecting server vulnerability | |
US9723017B1 (en) | Method, apparatus and computer program product for detecting risky communications | |
CN105681291A (en) | Method and system for realizing unified authentication of multiple clients | |
CN109218329A (en) | A kind of method and system authenticated using NetData-Auth user authentication frame | |
CN111385313B (en) | Method and system for verifying object request validity | |
CN115022008A (en) | Access risk assessment method, device, equipment and medium | |
CN107155185A (en) | A kind of access WLAN authentication method, apparatus and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |