CN110401674A - Data access method, device, system, electronic equipment and computer-readable medium - Google Patents

Data access method, device, system, electronic equipment and computer-readable medium Download PDF

Info

Publication number
CN110401674A
CN110401674A CN201910765096.3A CN201910765096A CN110401674A CN 110401674 A CN110401674 A CN 110401674A CN 201910765096 A CN201910765096 A CN 201910765096A CN 110401674 A CN110401674 A CN 110401674A
Authority
CN
China
Prior art keywords
data
user
platform
password
verifying
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910765096.3A
Other languages
Chinese (zh)
Other versions
CN110401674B (en
Inventor
孟淑玲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Taikang Insurance Group Co Ltd
Original Assignee
Taikang Insurance Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Taikang Insurance Group Co Ltd filed Critical Taikang Insurance Group Co Ltd
Priority to CN201910765096.3A priority Critical patent/CN110401674B/en
Publication of CN110401674A publication Critical patent/CN110401674A/en
Application granted granted Critical
Publication of CN110401674B publication Critical patent/CN110401674B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

This disclosure relates to a kind of data access method, device, system, electronic equipment and computer-readable medium.This method comprises: carrying out the first verifying on enterprise platform by the first user name and first password, first verification data is obtained;The second verifying is carried out on assistant authentification platform by second user name, the second password and the first verification data, obtains the second verify data;Data access request is generated by the mark of second verify data and target data;And it is returned the result based on access request acquisition.This disclosure relates to data access method, device, system, electronic equipment and computer-readable medium, the access security of the data in guarantee system can either be reached.

Description

Data access method, device, system, electronic equipment and computer-readable medium
Technical field
This disclosure relates to computer information processing field, in particular to a kind of data access method, device, system, Electronic equipment and computer-readable medium.
Background technique
In order to guarantee the safety of system, when user will use the data in system, user is verified, is to protect Demonstrate,prove an important measure of security of system.Most system can visit user's turn-on data after user's checking passes through Ask permission.And for the system more than agency's quantity, unsafe problem often derives from letting out for username and password Dew.Moreover, different users may be required to upload respective data into system, how to make the number between different users According to not revealing mutually, guarantee respective privacy and an important problem.
Especially in insurance field, for each user by outer net to insurance company's system typing policy information, user is resonable It needs to obtain declaration form image from insurance company's system by outer net when compensation, save to local.And the image data of declaration form is stored in It is mutually indepedent to solve access data between the safety issue and different users of image data access for insurance company's Intranet Problem is all urgently to be resolved.
In the prior art, the image data that user is stored by user name, cryptographic acess insurance company Intranet, once user Name, password leakage, then can generate the security risk of information leakage.In addition, being able to access that Intranet storage between each user Image data leads to each data that can check other users per family, cannot ensure the privacy of data in this way.
Therefore, it is necessary to a kind of new data access method, device, system, electronic equipment and computer-readable mediums.
Above- mentioned information are only used for reinforcing the understanding to the background of the disclosure, therefore it disclosed in the background technology part It may include the information not constituted to the prior art known to persons of ordinary skill in the art.
Summary of the invention
In view of this, the disclosure provides a kind of data access method, device, system, electronic equipment and computer-readable Jie Matter can either reach the access security of the data in guarantee system, additionally it is possible to which the data in guarantee system are used in different access Mutual independence between family.
Other characteristics and advantages of the disclosure will be apparent from by the following detailed description, or partially by the disclosure Practice and acquistion.
According to the one side of the disclosure, a kind of data access method is proposed, this method comprises: passing through the first user name and the One password carries out the first verifying on enterprise platform, obtains first verification data;Pass through second user name, the second password and described First verification data carries out the second verifying on assistant authentification platform, obtains the second verify data;Pass through the second verifying number Data access request is generated according to the mark of target data;And it is returned the result based on access request acquisition.
In a kind of exemplary embodiment of the disclosure, further includes: updated first user name of timing acquisition, first close Code and second user name, the second password.
In a kind of exemplary embodiment of the disclosure, based on the access request acquisition return the result include: will be described Access request is sent to the enterprise platform;And receive as the enterprise platform generate described in return the result.
According to the one side of the disclosure, it proposes a kind of data access method, is used this method comprises: obtaining first by user Name in an account book and first password;First verifying is carried out to first user name and first password;It is raw after described first is verified At first verification data;And the first verification data is sent to the user and assistant authentification platform.
In a kind of exemplary embodiment of the disclosure, further includes: obtain the second verify data by assistant authentification platform;By Data access request is obtained at the user;Based on second verify data, third is carried out to the data access request and is tested Card;And after third is verified, generates and return the result for the user.
In a kind of exemplary embodiment of the disclosure, it is based on second verify data, to the data access request Carrying out third verifying includes: the second verify data by obtaining in assistant authentification platform, to second in the access request Verify data is verified;And/or Authority Verification is carried out to the permission of the target data mark in the access request.
It include timestamp in second verify data in a kind of exemplary embodiment of the disclosure;Based on described Two verify datas carry out third verifying to the data access request further include: based on the timestamp to the data access Request carries out third verifying.
In a kind of exemplary embodiment of the disclosure, further includes: periodically by first user name, first password and Two user names, the second password are associated update.
According to the one side of the disclosure, it proposes a kind of data access method, is used this method comprises: obtaining second by user Name in an account book, the second password and first verification data;The is carried out to the second user name, the second password and the first verification data Two verifyings;After second is verified, the second verify data is generated;And second verify data is sent to the user And enterprise platform.
In a kind of exemplary embodiment of the disclosure, further includes: second user name after timing acquisition updates, second close Code.
According to the one side of the disclosure, a kind of data access device is proposed, which includes: the first data module, is used for The first verifying is carried out on enterprise platform by the first user name and first password, obtains first verification data;Second data mould Block is obtained for carrying out the second verifying on assistant authentification platform by second user name, the second password and first identifying code Take the second verify data;Access request module, for generating data by the mark of second verify data and target data Access request;And module is returned the result, for being returned the result based on access request acquisition.
According to the one side of the disclosure, a kind of data access device is proposed, which includes: the first receiving module, is used for First user name and first password are obtained by user;First authentication module, for first user name and first password Carry out the first verifying;After described first is verified, first verification data is generated;And first sending module, for by institute It states first verification data and is sent to the user and assistant authentification platform.
According to the one side of the disclosure, a kind of data access device is proposed, which includes: the second receiving module, is used for Second user name, the second password and first verification data are obtained by user;Second authentication module, for the second user Name, the second password and first identifying code carry out the second verifying;After second is verified, the second verify data is generated;With And second sending module, for second verify data to be sent to the user and enterprise platform.
According to the one side of the disclosure, a kind of data access system is proposed, which includes: user terminal, for passing through the One user name and first password carry out the first verifying on enterprise platform, obtain first verification data;Pass through second user name, Two passwords and first identifying code carry out the second verifying on assistant authentification platform, obtain the second verify data;By described The mark of second verify data and target data generates data access request;And it is obtained based on the access request and returns to knot Fruit;Enterprise platform, for obtaining the first user name and first password by user;To first user name and first password into Row first is verified;After described first is verified, first verification data is generated;And the first verification data is sent to The user and assistant authentification platform;And assistant authentification platform, for by user acquisition second user name, the second password and First identifying code;Second verifying is carried out to the second user name, the second password and first identifying code;It is tested second After card passes through, the second verify data is generated;And second verify data is sent to the user and enterprise platform.
According to the one side of the disclosure, a kind of electronic equipment is proposed, which includes: one or more processors; Storage device, for storing one or more programs;When one or more programs are executed by one or more processors, so that one A or multiple processors realize such as methodology above.
According to the one side of the disclosure, it proposes a kind of computer-readable medium, is stored thereon with computer program, the program Method as mentioned in the above is realized when being executed by processor.
According to the data access method of the disclosure, device, system, electronic equipment and computer-readable medium, pass through auxiliary The mode of authentication platform auxiliary verifying, can either data in guarantee system access security, additionally it is possible in guarantee system Data mutual independence between different access users.
It should be understood that the above general description and the following detailed description are merely exemplary, this can not be limited It is open.
Detailed description of the invention
Its example embodiment is described in detail by referring to accompanying drawing, above and other target, feature and the advantage of the disclosure will It becomes more fully apparent.Drawings discussed below is only some embodiments of the present disclosure, for the ordinary skill of this field For personnel, without creative efforts, it is also possible to obtain other drawings based on these drawings.
Fig. 1 is the system scenarios block diagram of a kind of data access method and device shown according to an exemplary embodiment.
Fig. 2 is a kind of flow chart of the data access system shown according to another exemplary embodiment.
Fig. 3 is a kind of flow chart of data access method shown according to an exemplary embodiment.
Fig. 4 is a kind of flow chart of the data access method shown according to another exemplary embodiment.
Fig. 5 is a kind of flow chart of the data access method shown according to another exemplary embodiment.
Fig. 6 is a kind of flow chart of data access method shown according to an exemplary embodiment.
Fig. 7 is a kind of system block diagram of data access method shown according to an exemplary embodiment.
Fig. 8 is a kind of block diagram of data access device shown according to an exemplary embodiment.
Fig. 9 is a kind of block diagram of the data access device shown according to another exemplary embodiment.
Figure 10 is a kind of block diagram of the data access device shown according to another exemplary embodiment.
Figure 11 is the block diagram of a kind of electronic equipment shown according to an exemplary embodiment.
Figure 12 is that a kind of computer readable storage medium schematic diagram is shown according to an exemplary embodiment.
Specific embodiment
Example embodiment is described more fully with reference to the drawings.However, example embodiment can be real in a variety of forms It applies, and is not understood as limited to embodiment set forth herein;On the contrary, thesing embodiments are provided so that the disclosure will be comprehensively and complete It is whole, and the design of example embodiment is comprehensively communicated to those skilled in the art.Identical appended drawing reference indicates in figure Same or similar part, thus repetition thereof will be omitted.
In addition, described feature, structure or characteristic can be incorporated in one or more implementations in any suitable manner In example.In the following description, many details are provided to provide and fully understand to embodiment of the disclosure.However, It will be appreciated by persons skilled in the art that can with technical solution of the disclosure without one or more in specific detail, Or it can be using other methods, constituent element, device, step etc..In other cases, it is not shown in detail or describes known side Method, device, realization or operation are to avoid fuzzy all aspects of this disclosure.
Block diagram shown in the drawings is only functional entity, not necessarily must be corresponding with physically separate entity. I.e., it is possible to realize these functional entitys using software form, or realized in one or more hardware modules or integrated circuit These functional entitys, or these functional entitys are realized in heterogeneous networks and/or processor device and/or microcontroller device.
Flow chart shown in the drawings is merely illustrative, it is not necessary to including all content and operation/step, It is not required to execute by described sequence.For example, some operation/steps can also decompose, and some operation/steps can close And or part merge, therefore the sequence actually executed is possible to change according to the actual situation.
It should be understood that although herein various assemblies may be described using term first, second, third, etc., these groups Part should not be limited by these terms.These terms are to distinguish a component and another component.Therefore, first group be discussed herein below Part can be described as the second component without departing from the teaching of disclosure concept.As used herein, term " and/or " include associated All combinations for listing any of project and one or more.
It will be understood by those skilled in the art that attached drawing is the schematic diagram of example embodiment, module or process in attached drawing Necessary to not necessarily implementing the disclosure, therefore it cannot be used for the protection scope of the limitation disclosure.
Fig. 1 is the system scenarios block diagram of a kind of data access method and device shown according to an exemplary embodiment.
As shown in Figure 1, system architecture 100 may include user terminal 101, enterprise platform 102, assistant authentification platform 103 With network 104;System architecture 100 can also include inquiry system 105, data system 106.Wherein.Network 104 is in user Terminal 101, provides the medium of communication link between assistant authentification platform 103 at enterprise platform 102;Network 104 is also flat to enterprise Platform 102 and inquiry system 105 provide the medium of communication link between data system 106.It may include various companies in network 104 Connect type, such as wired, wireless communication link or fiber optic cables etc..
Agency can be interacted by network 104 with enterprise platform 102, assistant authentification platform 103 with user terminal 101, To receive or send message etc..User terminal 101, enterprise platform 102, assistant authentification platform 103, inquiry system 105, data system Various telecommunication customer end applications, such as the application of web browser applications, searching class, instant messaging work can be installed on system 106 Tool, mailbox client, social platform software etc..
User terminal 101, enterprise platform 102, assistant authentification platform 103, inquiry system 105, data system 106 can be It is with display screen and various electronic equipments that supported web page browses, including but not limited to smart phone, tablet computer, on knee Portable computer and desktop computer etc..
Enterprise platform 102, assistant authentification platform 103 can be to provide the server of various services, such as pass through to user The server that the data access request that user terminal 101 is proposed is supported.Enterprise platform 102, assistant authentification platform 103 can To carry out the processing such as analyzing to the data received, and processing result is fed back into user terminal 101.
User terminal 101 can for example carry out the first verifying by the first user name and first password on enterprise platform, use Family terminal 101 can for example obtain first verification data;User terminal 101 can for example pass through second user name, the second password and institute It states the first identifying code and carries out the second verifying on assistant authentification platform, obtain the second verify data;User terminal 101 can for example lead to The mark for crossing second verify data and target data generates data access request;And user terminal 101 can for example based on The access request acquisition returns the result.Wherein, the access request can be visit of the user to the image data on enterprise platform Ask request.
Enterprise platform 102 for example can obtain the first user name and first password by user;Enterprise platform 102 can be for example right First user name and first password carry out the first verifying;Enterprise platform 102 can be raw for example after described first is verified At first verification data;And enterprise platform 102 first verification data for example can be sent to the user and auxiliary is recognized Demonstrate,prove platform.Second verify data is obtained by assistant authentification platform;Enterprise platform 102 for example can obtain data by the user and visit Ask request;Enterprise platform 102 can carry out third verifying to the data access request for example based on second verify data; And enterprise platform 102 can be generated for the user and be returned the result for example after third is verified.
Wherein, enterprise platform 102 can be for example by with inquiry system 105, data interaction between data system 106, into The verifying of row first and generation return the result.
Assistant authentification platform 103 for example can obtain second user name, the second password and first identifying code by user; Assistant authentification platform 103 for example can carry out the second verifying to the second user name, the second password and first identifying code;It is auxiliary Help authentication platform 103 that can generate the second verify data for example after second is verified;And assistant authentification platform 103 can example The second verify data is sent to the user and enterprise platform as will be described.
Enterprise platform 102 and assistant authentification platform 103 can be the server of an entity, also may be, for example, multiple services Device composition, it should be noted that data access method provided by the embodiment of the present disclosure can be put down by user terminal 101, enterprise Platform 102, assistant authentification platform 103 execute, and correspondingly, data access device can be set in user terminal 101, enterprise platform 102, in assistant authentification platform 103.
It avoids user by way of the auxiliary verifying of assistant authentification platform according to the data access method of the disclosure and lets out Reveal enterprise platform user password after safety issue, data access request carry out data permission inquiry, it is ensured that user it Between to image data access independence.Can either data in guarantee system access security, additionally it is possible in guarantee system Data between different access users mutual independence.
According to the data access method of the disclosure, for user by user name, cryptographic acess insurance company (enterprise platform) is interior The image data for netting storage, even if the user name of enterprise platform, password leakage is used in other users by the enterprise platform of leakage When name in an account book and cryptographic acess enterprise platform, the auxiliary since assistant authentification platform being still required when accessing enterprise platform is verified, So that the password of leakage can not directly access the data of enterprise platform, it ensure that the safety of data, also ensure data in difference Access the mutual independence between user.
Fig. 2 is a kind of flow chart of the data access system shown according to another exemplary embodiment.Process in Fig. 2 is To the detailed description of system treatment process, data access method 20 includes at least step S201 to S209.
In one embodiment, initial stage, enterprise platform distribute independent username and password, assistant authentification to user Platform also distributes independent username and password, the username and password of enterprise platform and the user of assistant authentification platform to user Name and password be not identical.
In one embodiment, can also be for example in the initial stage, enterprise platform distributes first set user name and close to user Second set of user name password is distributed to assistant authentification platform so that user makes by code and second set of user name password, enterprise platform With the username and password of enterprise platform is not identical as the username and password of assistant authentification platform.The application is not limited.
As shown in Fig. 2, the first user name and first password are sent enterprise platform by user in S201.
In S202, enterprise platform verifies login user, and whether verification user is legal, if legal, returns to user First verification data, first verification data can be a string of random sequence numbers, and the random sequence number is transmitted to assistant authentification and is put down Platform.If illegal, directly refusal request.
In S203, after enterprise platform verification is legal, first verification data is returned to user.
In S204, user sends certification request to assistant authentification platform, carries user in the certification request and is assisting First verification data (the random sequence that the second user name of authentication platform, the second password and user receive from enterprise platform Number).
In S205, assistant authentification platform is to the second user name of the user received, the second password and random sequence It number is verified.
In S206, after being proved to be successful, user authentication success response is sent to user and enterprise platform, is carried in the response Have the second verify data, the second verify data may include authenticate successful user ID and assistant authentification platform generate it is new Random sequence number and timestamp.
In S207, user generates the mark of the second verify data and target data to be downloaded by assistant authentification platform Data access request is sent to enterprise platform again.
In S208, enterprise platform receives the data access request, carries out third verifying, determine receive it is new random Whether sequence number, timestamp are legal and effective.
In one embodiment, third verifying is legal, and enterprise platform can enter ginseng with target data serial number and look into data The system queries target data information is ask, the inquiry request of user is otherwise refused.Wherein, new random sequence is received from user It is number consistent with the new random sequence number received from third party, and the receiving time of the two is within a specified time, then it is assumed that it should Random sequence number is legal, otherwise it is assumed that illegal.
In one embodiment, data query system returns to the enterprise platform target data information.Enterprise platform according to The target data information, judges whether the mechanism has the permission for accessing this target data, if so, then obtaining shadow to data system Picture, then target data is returned into user;If not checking the permission of the target data, refusal directly is returned to user and is rung It answers.Wherein, judge whether the mechanism has the permission for accessing this target data concretely: detecting the use in the target data information Whether family information is the user or the mechanism for licensing to the user, if it is, there is the permission for accessing this image in the mechanism, it is no Do not have then.
In S209, after third verification passes through, returned data is generated.
In one embodiment, the enterprise platform period updates the username and password that this system distributes to user, and will become Synchronizing information after more is to user and assistant authentification platform.
In one embodiment, assistant authentification platform receives the change message of enterprise platform, and record enterprise platform is sent User name password, while changing the user name password that this system distributes to user, modification information be then synchronized to user.
In one embodiment, user receives modification information, and local is recorded.Next time request with new user name password into Row certification.
Fig. 3 is a kind of flow chart of data access method shown according to an exemplary embodiment.Process in Fig. 3 is pair The detailed description of user terminal treatment process, data access method 30 include at least step S302 to S308.
As shown in figure 3, the first verifying is carried out on enterprise platform by the first user name and first password in S302, Obtain first verification data.
It is enterprising in assistant authentification platform by second user name, the second password and the first verification data in S304 Row second is verified, and the second verify data is obtained.
In S306, data access request is generated by the mark of second verify data and target data.
In S308, returned the result based on access request acquisition.
In one embodiment, further includes: updated first user name of timing acquisition, first password and second user Name, the second password.
Fig. 4 is a kind of flow chart of data access method shown according to an exemplary embodiment.Process in Fig. 4 is pair The detailed description of enterprise platform treatment process, data access method 40 include at least step S402 to S408.
As shown in figure 4, obtaining the first user name and first password by user in S402.
In S404, the first verifying is carried out to first user name and first password.
In S406, after described first is verified, first verification data is generated.
In S408, the first verification data is sent to the user and assistant authentification platform.
In one embodiment, further includes: the second verify data is obtained by assistant authentification platform;It is obtained by the user Data access request;Based on second verify data, third verifying is carried out to the data access request;And it is tested in third After card passes through, generates and return the result for the user.
In one embodiment, further includes: periodically by first user name, first password and second user name, second Password is associated update.
Fig. 5 is a kind of flow chart of data access method shown according to an exemplary embodiment.Process in Fig. 5 is pair The detailed description of assistant authentification platform processes process, data access method 50 include at least step S502 to S508.
As shown in figure 5, obtaining second user name, the second password and first verification data by user in S502.
In S504, the second verifying is carried out to the second user name, the second password and the first verification data.
In S506, after second is verified, the second verify data is generated.
In S508, second verify data is sent to the user and enterprise platform.
In one embodiment, further includes: second user name, the second password after timing acquisition updates.
It, can either data in guarantee system by way of multiple authentication according to the data access method of the disclosure Access security, additionally it is possible to data in the guarantee system mutual independence between different access users.
Fig. 6 is a kind of flow chart of data access method shown according to an exemplary embodiment.Fig. 7 is that a data are visited Ask that the system block diagram of method, Fig. 6 and Fig. 7 include agency (user terminal), enterprise platform, data query system and shadow to one As system, the content in the disclosure is described in detail in the concrete application scene of third party's assistance platform, and detailed process is as follows:
In S1, initial stage, enterprise platform distributes independent username and password to agency, and Third Party Authentication is flat Platform also distributes independent username and password to agency, and each mechanism is different.
In S2, agency sends user's request to enterprise platform using the user name and password of distributing to oneself and recognizes Card.
In S3, enterprise platform verifies login user, and whether verification user is legal, if legal, returns to agency A random sequence number is returned, and the random sequence number is transmitted to Third Party Authentication platform.If illegal, directly refusal is asked It asks.
In S4, agency sends certification request to Third Party Authentication platform, carries proxy machine in the certification request User name of the structure in third-party platform, the random sequence number that password and agency receive from enterprise platform.
In S5, user name of the Third Party Authentication platform to the agency received, password, random sequence number tested Card after being proved to be successful, sends agency to agency and enterprise platform and authenticates success response, carry certification in the response The new random sequence number and timestamp that the ID and Third Party Authentication platform of successful agency are generated.
In S6, agency carries new random sequence number, timestamp and the image sequence that Third Party Authentication platform generates Image downloading request is sent to enterprise platform number again
In S7, enterprise platform receives downloading request, verifies the new random sequence number received, whether timestamp closes Method and effectively, legal, enterprise platform enters the data information that ginseng inquires to data query system the image with image serial number, no Then refuse the inquiry request of agency.Wherein, new random sequence number is received from agency to receive with from third party New random sequence number it is consistent, and the receiving time of the two is within a specified time, then it is assumed that the random sequence number is legal, otherwise Think illegal.
In S8, data query system returns to the data information of the enterprise platform image.
In S9, enterprise platform judges whether the mechanism has the permission for accessing this image according to the data information of the image, If so, then obtaining image to image system, then image data is returned into agency;If not checking the power of the image Limit is then directly returned to agency and is refused to respond.Wherein, judge whether the mechanism has the permission for accessing this image specifically: inspection Whether the agency's information surveyed in the data information of the image is the agency or the mechanism for licensing to the agency, If it is, there is the permission for accessing this image in the mechanism, otherwise do not have.
In S10, the enterprise platform period updates the username and password that this system distributes to agency, and will be after change Synchronizing information to agency and third-party platform.
In S11, third-party platform receives the change message of enterprise platform, and the user name that record enterprise platform is sent is close Code, while the user name password that this system distributes to agency is changed, modification information is then synchronized to agency.
In S12, agency receives modification information, and local is recorded.Next time, request was carried out with new user name password Certification.
It will be clearly understood that the present disclosure describes how to form and use particular example, but the principle of the disclosure is not limited to These exemplary any details.On the contrary, the introduction based on disclosure disclosure, these principles can be applied to many other Embodiment.
It will be appreciated by those skilled in the art that realizing that all or part of the steps of above-described embodiment is implemented as being executed by CPU Computer program.When the computer program is executed by CPU, above-mentioned function defined by the above method that the disclosure provides is executed Energy.The program can store in a kind of computer readable storage medium, which can be read-only memory, magnetic Disk or CD etc..
Further, it should be noted that above-mentioned attached drawing is only the place according to included by the method for disclosure exemplary embodiment Reason schematically illustrates, rather than limits purpose.It can be readily appreciated that above-mentioned processing shown in the drawings is not indicated or is limited at these The time sequencing of reason.In addition, be also easy to understand, these processing, which can be, for example either synchronously or asynchronously to be executed in multiple modules.
Following is embodiment of the present disclosure, can be used for executing embodiments of the present disclosure.It is real for disclosure device Undisclosed details in example is applied, embodiments of the present disclosure is please referred to.
Fig. 8 is a kind of block diagram of data access device shown according to an exemplary embodiment.Data access device 80 can It is arranged in user terminal, data access device 80 includes: the first data module 802, the second data module 804, access request module 806, return the result module 808.
First data module 802 is used to carry out the first verifying on enterprise platform by the first user name and first password, Obtain first verification data;
Second data module 804 is used for through second user name, the second password and first identifying code in assistant authentification The second verifying is carried out on platform, obtains the second verify data;
Access request module 806 is used to generate data access by the mark of second verify data and target data and ask It asks;And
Return the result module 808 for based on the access request obtain return the result.
Fig. 9 is a kind of block diagram of the data access device shown according to another exemplary embodiment.Data access device 90 It may be provided at enterprise platform, data access device 90 includes: the first receiving module 902, and the first authentication module 904, first sends Module 906, the second authentication module 908, the first request module 910, third authentication module 912 and result return module 914.
First receiving module 902 is used to obtain the first user name and first password by user;
First authentication module 904 is used to carry out the first verifying to first user name and first password;Described first After being verified, first verification data is generated;And
First sending module 906 is used to the first verification data being sent to the user and assistant authentification platform.
Second authentication module 908 is used to obtain the second verify data by assistant authentification platform;
First request module 910 is used to obtain data access request by the user;
Third authentication module 912 is used to be based on second verify data, carries out third to the data access request and tests Card;And
Result return module 914 is used for after third is verified, and is generated and is returned the result for the user.
Figure 10 is a kind of block diagram of the data access device shown according to another exemplary embodiment.Data access device 100 may be provided at assistant authentification platform, and data access device 100 includes: the second receiving module 1002, the second authentication module 1004, the second sending module 1006.
Second receiving module 1002 is used to obtain second user name, the second password and first verification data by user;
Second authentication module 1004 is used to carry out second to the second user name, the second password and first identifying code Verifying;After second is verified, the second verify data is generated;And
Second sending module 1006 is used to second verify data being sent to the user and enterprise platform.
According to the data access device of the disclosure, it is close that user leakage enterprise platform user is avoided using assistant authentification platform Safety issue after code, data access request carry out data permission inquiry, it is ensured that access between user image data Independence.Can either data in guarantee system access security, additionally it is possible to the data in guarantee system are in different visits Ask mutual independence between user.
Figure 11 is the block diagram of a kind of electronic equipment shown according to an exemplary embodiment.
The electronic equipment 200 of this embodiment according to the disclosure is described referring to Figure 11.The electricity that Figure 11 is shown Sub- equipment 200 is only an example, should not function to the embodiment of the present disclosure and use scope bring any restrictions.
As shown in figure 11, electronic equipment 200 is showed in the form of universal computing device.The component of electronic equipment 200 can be with Including but not limited to: at least one processing unit 210, at least one storage unit 220, the different system components of connection (including are deposited Storage unit 220 and processing unit 210) bus 230, display unit 240 etc..
Wherein, the storage unit is stored with program code, and said program code can be held by the processing unit 210 Row, so that the processing unit 210 executes described in this specification above-mentioned electronic prescription circulation processing method part according to this The step of disclosing various illustrative embodiments.For example, the processing unit 210 can be executed such as Fig. 2, Fig. 3, Fig. 4, Fig. 5, figure Step shown in 6.
The storage unit 220 may include the readable medium of volatile memory cell form, such as random access memory Unit (RAM) 2201 and/or cache memory unit 2202 can further include read-only memory unit (ROM) 2203.
The storage unit 220 can also include program/practical work with one group of (at least one) program module 2205 Tool 2204, such program module 2205 includes but is not limited to: operating system, one or more application program, other programs It may include the realization of network environment in module and program data, each of these examples or certain combination.
Bus 230 can be to indicate one of a few class bus structures or a variety of, including storage unit bus or storage Cell controller, peripheral bus, graphics acceleration port, processing unit use any bus structures in a variety of bus structures Local bus.
Electronic equipment 200 can also be with one or more external equipments 300 (such as keyboard, sensing equipment, bluetooth equipment Deng) communication, can also be enabled a user to one or more equipment interact with the electronic equipment 200 communicate, and/or with make Any equipment (such as the router, modulation /demodulation that the electronic equipment 200 can be communicated with one or more of the other calculating equipment Device etc.) communication.This communication can be carried out by input/output (I/O) interface 250.Also, electronic equipment 200 can be with By network adapter 260 and one or more network (such as local area network (LAN), wide area network (WAN) and/or public network, Such as internet) communication.Network adapter 260 can be communicated by bus 230 with other modules of electronic equipment 200.It should Understand, although not shown in the drawings, other hardware and/or software module can be used in conjunction with electronic equipment 200, including but unlimited In: microcode, device driver, redundant processing unit, external disk drive array, RAID system, tape drive and number According to backup storage system etc..
Through the above description of the embodiments, those skilled in the art is it can be readily appreciated that example described herein is implemented Mode can also be realized by software realization in such a way that software is in conjunction with necessary hardware.Therefore, according to the disclosure The technical solution of embodiment can be embodied in the form of software products, which can store non-volatile at one Property storage medium (can be CD-ROM, USB flash disk, mobile hard disk etc.) in or network on, including some instructions are so that a calculating Equipment (can be personal computer, server or network equipment etc.) executes the above method according to disclosure embodiment.
Figure 12 schematically shows a kind of computer readable storage medium schematic diagram in disclosure exemplary embodiment.
With reference to shown in Figure 12, the program product for realizing the above method according to embodiment of the present disclosure is described 400, can using portable compact disc read only memory (CD-ROM) and including program code, and can in terminal device, Such as it is run on PC.However, the program product of the disclosure is without being limited thereto, in this document, readable storage medium storing program for executing can be with To be any include or the tangible medium of storage program, the program can be commanded execution system, device or device use or It is in connection.
Described program product can be using any combination of one or more readable mediums.Readable medium can be readable letter Number medium or readable storage medium storing program for executing.Readable storage medium storing program for executing for example can be but be not limited to electricity, magnetic, optical, electromagnetic, infrared ray or System, device or the device of semiconductor, or any above combination.The more specific example of readable storage medium storing program for executing is (non exhaustive List) include: electrical connection with one or more conducting wires, portable disc, hard disk, random access memory (RAM), read-only Memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc read only memory (CD-ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.
The computer readable storage medium may include in a base band or the data as the propagation of carrier wave a part are believed Number, wherein carrying readable program code.The data-signal of this propagation can take various forms, including but not limited to electromagnetism Signal, optical signal or above-mentioned any appropriate combination.Readable storage medium storing program for executing can also be any other than readable storage medium storing program for executing Readable medium, the readable medium can send, propagate or transmit for by instruction execution system, device or device use or Person's program in connection.The program code for including on readable storage medium storing program for executing can transmit with any suitable medium, packet Include but be not limited to wireless, wired, optical cable, RF etc. or above-mentioned any appropriate combination.
Can with any combination of one or more programming languages come write for execute the disclosure operation program Code, described program design language include object oriented program language-Java, C++ etc., further include conventional Procedural programming language-such as " C " language or similar programming language.Program code can be fully in user It calculates and executes in equipment, partly executes on a user device, being executed as an independent software package, partially in user's calculating Upper side point is executed on a remote computing or is executed in remote computing device or server completely.It is being related to far Journey calculates in the situation of equipment, and remote computing device can pass through the network of any kind, including local area network (LAN) or wide area network (WAN), it is connected to user calculating equipment, or, it may be connected to external computing device (such as utilize ISP To be connected by internet).
Above-mentioned computer-readable medium carries one or more program, when said one or multiple programs are by one When the equipment executes, so that the computer-readable medium implements function such as:
The first verifying is carried out on enterprise platform by the first user name and first password, obtains first verification data;It is logical It crosses second user name, the second password and the first verification data and carries out the second verifying on assistant authentification platform, obtain second Verify data;Data access request is generated by the mark of second verify data and target data;And it is based on the visit Ask that request returns the result.
First user name and first password are obtained by user;First is carried out to first user name and first password to test Card;After described first is verified, first verification data is generated;And the first verification data is sent to the user And assistant authentification platform.
Second user name, the second password and first verification data are obtained by user;To the second user name, second close Code and the first verification data carry out the second verifying;After second is verified, the second verify data is generated;And it will be described Second verify data is sent to the user and enterprise platform.
It will be appreciated by those skilled in the art that above-mentioned each module can be distributed in device according to the description of embodiment, it can also Uniquely it is different from one or more devices of the present embodiment with carrying out corresponding change.The module of above-described embodiment can be merged into One module, can also be further split into multiple submodule.
By the description of above embodiment, those skilled in the art is it can be readily appreciated that example embodiment described herein It can also be realized in such a way that software is in conjunction with necessary hardware by software realization.Therefore, implemented according to the disclosure The technical solution of example can be embodied in the form of software products, which can store in a non-volatile memories In medium (can be CD-ROM, USB flash disk, mobile hard disk etc.) or on network, including some instructions are so that a calculating equipment (can To be personal computer, server, mobile terminal or network equipment etc.) it executes according to the method for the embodiment of the present disclosure.
In addition, structure shown by this specification Figure of description, ratio, size etc., only to cooperate specification institute Disclosure, for skilled in the art realises that be not limited to the enforceable qualifications of the disclosure with reading, therefore Do not have technical essential meaning, the modification of any structure, the change of proportionate relationship or the adjustment of size are not influencing the disclosure Under the technical effect and achieved purpose that can be generated, it should all still fall in technology contents disclosed in the disclosure and obtain and can cover In the range of.Meanwhile cited such as "upper" in this specification, " first ", " second " and " one " term, be also only and be convenient for Narration is illustrated, rather than to limit the enforceable range of the disclosure, relativeness is altered or modified, without substantive change Under technology contents, when being also considered as the enforceable scope of the disclosure.

Claims (11)

1. a kind of data access method, can be applicable to user terminal characterized by comprising
The first verifying is carried out on enterprise platform by the first user name and first password, obtains first verification data;
The second verifying is carried out on assistant authentification platform by second user name, the second password and the first verification data, is obtained Take the second verify data;
Data access request is generated by the mark of second verify data and target data;And
It is returned the result based on access request acquisition.
2. a kind of data access method can be applicable to enterprise platform end characterized by comprising
First user name and first password are obtained by user;
First verifying is carried out to first user name and first password;
After described first is verified, first verification data is generated;By the first verification data be sent to the user and Assistant authentification platform;
Second verify data is obtained by assistant authentification platform;
Data access request is obtained by the user;
Based on second verify data, third verifying is carried out to the data access request;And
After third is verified, generates and return the result for the user.
3. method according to claim 2, which is characterized in that be based on second verify data, asked to the data access Ask carry out third verifying include:
By the second verify data obtained in assistant authentification platform, the second verify data in the access request is tested Card;And/or
Authority Verification is carried out to the permission of the target data mark in the access request.
4. method as claimed in claim 3, which is characterized in that include timestamp in second verify data;
Based on second verify data, third verifying is carried out to the data access request further include:
Third verifying is carried out to the data access request based on the timestamp.
5. a kind of data access method can be applicable to assistant authentification platform end characterized by comprising
Second user name, the second password and first verification data are obtained by user;
Second verifying is carried out to the second user name, the second password and the first verification data;
After second is verified, the second verify data is generated;And
Second verify data is sent to the user and enterprise platform.
6. a kind of data access device, can be applicable to user terminal characterized by comprising
First data module, for carrying out the first verifying on enterprise platform by the first user name and first password, acquisition the One verify data;
Second data module, for passing through second user name, the second password and first identifying code in assistant authentification platform The second verifying is carried out, the second verify data is obtained;
Access request module, for generating data access request by the mark of second verify data and target data;With And
Module is returned the result, for returning the result based on access request acquisition.
7. a kind of data access device can be applicable to enterprise platform end characterized by comprising
First receiving module, for obtaining the first user name and first password by user;
First authentication module, for carrying out the first verifying to first user name and first password;It is logical in first verifying Later, first verification data is generated;And
First sending module, for the first verification data to be sent to the user and assistant authentification platform;
Second authentication module, for obtaining the second verify data by assistant authentification platform;
First request module, for obtaining data access request by the user;
Third authentication module carries out third verifying to the data access request for being based on second verify data;And
Result return module, for generating and returning the result for the user after third is verified.
8. a kind of data access device can be applicable to assistant authentification platform end characterized by comprising
Second receiving module, for obtaining second user name, the second password and first verification data by user;
Second authentication module, for carrying out the second verifying to the second user name, the second password and first identifying code;In After second is verified, the second verify data is generated;And
Second sending module, for second verify data to be sent to the user and enterprise platform.
9. a kind of data access system characterized by comprising
User terminal obtains the first verifying for carrying out the first verifying on enterprise platform by the first user name and first password Data;The second verifying is carried out on assistant authentification platform by second user name, the second password and first identifying code, is obtained Second verify data;Data access request is generated by the mark of second verify data and target data;And based on institute Access request acquisition is stated to return the result;And
Enterprise platform, for obtaining the first user name and first password by user;To first user name and first password Carry out the first verifying;After described first is verified, first verification data is generated;And the first verification data is sent To the user and assistant authentification platform;Second verify data is obtained by assistant authentification platform;Data are obtained by the user Access request;Based on second verify data, third verifying is carried out to the data access request;And it is logical in third verifying Later, it generates and returns the result for the user;And
Assistant authentification platform, for obtaining second user name, the second password and first identifying code by user;To described Two user names, the second password and first identifying code carry out the second verifying;After second is verified, the second verifying number is generated According to;And second verify data is sent to the user and enterprise platform.
10. a kind of electronic equipment characterized by comprising
One or more processors;
Storage device, for storing one or more programs;
When one or more of programs are executed by one or more of processors, so that one or more of processors are real The now method as described in any in claims 1 or 2-4 or 5.
11. a kind of computer-readable medium, is stored thereon with computer program, which is characterized in that described program is held by processor The method as described in any in claims 1 or 2-4 or 5 is realized when row.
CN201910765096.3A 2019-08-19 2019-08-19 Data access method, device, system, electronic equipment and computer readable medium Active CN110401674B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910765096.3A CN110401674B (en) 2019-08-19 2019-08-19 Data access method, device, system, electronic equipment and computer readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910765096.3A CN110401674B (en) 2019-08-19 2019-08-19 Data access method, device, system, electronic equipment and computer readable medium

Publications (2)

Publication Number Publication Date
CN110401674A true CN110401674A (en) 2019-11-01
CN110401674B CN110401674B (en) 2022-05-17

Family

ID=68328756

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910765096.3A Active CN110401674B (en) 2019-08-19 2019-08-19 Data access method, device, system, electronic equipment and computer readable medium

Country Status (1)

Country Link
CN (1) CN110401674B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113098975A (en) * 2021-04-16 2021-07-09 北京沃东天骏信息技术有限公司 Cross-platform application publishing method and device

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102025506A (en) * 2010-12-20 2011-04-20 中国联合网络通信集团有限公司 User authentication method and device
CN102651739A (en) * 2011-02-28 2012-08-29 阿里巴巴集团控股有限公司 Login verification method, system and instant messaging (IM) server
CN105282125A (en) * 2014-07-25 2016-01-27 中国电信股份有限公司 Access control method and device in Web real-time communication
CN106790267A (en) * 2017-02-13 2017-05-31 郑州云海信息技术有限公司 A kind of method and apparatus of access server operating system
US20170171199A1 (en) * 2015-12-15 2017-06-15 Verizon Patent And Licensing Inc. Network-based frictionless two-factor authentication service
CN107018153A (en) * 2017-05-27 2017-08-04 上海爱优威软件开发有限公司 A kind of safe login method
CN107665293A (en) * 2016-07-28 2018-02-06 中兴通讯股份有限公司 A kind of switching method and mobile terminal of multi-user's account
CN109492374A (en) * 2018-09-26 2019-03-19 平安医疗健康管理股份有限公司 System login method, device, server and the storage medium of identity-based verifying
CN109873805A (en) * 2019-01-02 2019-06-11 平安科技(深圳)有限公司 Cloud desktop login method, device, equipment and storage medium based on cloud security

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102025506A (en) * 2010-12-20 2011-04-20 中国联合网络通信集团有限公司 User authentication method and device
CN102651739A (en) * 2011-02-28 2012-08-29 阿里巴巴集团控股有限公司 Login verification method, system and instant messaging (IM) server
CN105282125A (en) * 2014-07-25 2016-01-27 中国电信股份有限公司 Access control method and device in Web real-time communication
US20170171199A1 (en) * 2015-12-15 2017-06-15 Verizon Patent And Licensing Inc. Network-based frictionless two-factor authentication service
CN107665293A (en) * 2016-07-28 2018-02-06 中兴通讯股份有限公司 A kind of switching method and mobile terminal of multi-user's account
CN106790267A (en) * 2017-02-13 2017-05-31 郑州云海信息技术有限公司 A kind of method and apparatus of access server operating system
CN107018153A (en) * 2017-05-27 2017-08-04 上海爱优威软件开发有限公司 A kind of safe login method
CN109492374A (en) * 2018-09-26 2019-03-19 平安医疗健康管理股份有限公司 System login method, device, server and the storage medium of identity-based verifying
CN109873805A (en) * 2019-01-02 2019-06-11 平安科技(深圳)有限公司 Cloud desktop login method, device, equipment and storage medium based on cloud security

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113098975A (en) * 2021-04-16 2021-07-09 北京沃东天骏信息技术有限公司 Cross-platform application publishing method and device
CN113098975B (en) * 2021-04-16 2023-01-10 北京沃东天骏信息技术有限公司 Cross-platform application publishing method and device

Also Published As

Publication number Publication date
CN110401674B (en) 2022-05-17

Similar Documents

Publication Publication Date Title
CN105378744B (en) User and device authentication in business system
CN104798076B (en) Privacy using polymerization security engine for Internet Service Provider strengthens key management
US20180336554A1 (en) Secure electronic transaction authentication
CN102598577B (en) Cloud certification is used to carry out device and the system of certification
CN104253812B (en) Entrust the certification for WEB service
CN109347855A (en) Data access method, device, system, Electronic Design and computer-readable medium
CN111314340B (en) Authentication method and authentication platform
CN108011862A (en) The mandate of mirror image warehouse, access, management method and server and client side
CN104718526A (en) Secure mobile framework
CN104113552A (en) Platform authorization method, platform server side, application client side and system
CN102414690A (en) Method and apparatus to create a secure web browsing environment with privilege signing
WO2023241060A1 (en) Data access method and apparatus
US9407654B2 (en) Providing multi-level password and phishing protection
CN110647736A (en) Plug-in agent system login method and device, computer equipment and storage medium
CN110401674A (en) Data access method, device, system, electronic equipment and computer-readable medium
CN112541828A (en) System, method, device, processor and storage medium for realizing open securities management and open securities API access control
Gao et al. An OAuth2. 0-based unified authentication system for secure services in the smart campus environment
WO2023132049A1 (en) Personal information control method, information processing device, and personal information control program
CN112543194B (en) Mobile terminal login method and device, computer equipment and storage medium
Balilo Jr et al. Authentication key-exchange using SMS for web-based platforms
KR101384973B1 (en) Method and server for batch conversion service of user authentication information
CN112989297A (en) Electronic social security card code scanning login application method and system
KR102498688B1 (en) Method and system for providing authentication service
CN114666299B (en) Mail receiving and sending method, device, equipment and medium for satellite measurement, operation and control system
CN115242486B (en) Data processing method, device and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant