CN114024755A - Service access control method, device, equipment and computer readable storage medium - Google Patents

Service access control method, device, equipment and computer readable storage medium Download PDF

Info

Publication number
CN114024755A
CN114024755A CN202111318418.3A CN202111318418A CN114024755A CN 114024755 A CN114024755 A CN 114024755A CN 202111318418 A CN202111318418 A CN 202111318418A CN 114024755 A CN114024755 A CN 114024755A
Authority
CN
China
Prior art keywords
user
information
service
request
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111318418.3A
Other languages
Chinese (zh)
Inventor
赵帅鹏
党帆
李朋伟
赵昌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202111318418.3A priority Critical patent/CN114024755A/en
Publication of CN114024755A publication Critical patent/CN114024755A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present disclosure relates to a service access control method, apparatus, device, and computer-readable storage medium, the method comprising: configuring system information; receiving an access request sent by a user terminal, identifying the identity of a user, and updating the system information; and providing corresponding service according to the updated system information. The method and the system for configuring the system information uniformly avoid independent maintenance of the user identity information and the authority information of each proxy gateway, improve the system maintenance efficiency and further improve the usability of the system.

Description

Service access control method, device, equipment and computer readable storage medium
Technical Field
The present disclosure relates to the field of information communication technologies, and in particular, to a method, an apparatus, a device, and a computer-readable storage medium for controlling service access.
Background
With the continuous development of information communication technology, the security of information systems has gradually received attention from people. The authentication of the user identity and the authorization of the access authority are the most important defense line for the information system security.
In general, different users have different access rights to service resources in the internal system, and the service resources of the internal system of each proxy gateway agent in the internal system are different.
However, the existing user access authorization control method needs to manage the user identity information and the service resources of the internal system contained in each proxy gateway respectively, and the system maintenance difficulty is high and the usability is low.
Disclosure of Invention
In order to solve the technical problems or at least partially solve the technical problems, the present disclosure provides a service access control method, apparatus, device and computer-readable storage medium to improve system maintenance efficiency, thereby improving system usability.
In a first aspect, an embodiment of the present disclosure provides a service access control method, including:
configuring system information;
receiving an access request sent by a user terminal, identifying the identity of a user, and updating the system information;
and providing corresponding service according to the updated system information.
In a second aspect, an embodiment of the present disclosure provides a service access control apparatus, including:
the configuration module is used for configuring system information;
the authentication module is used for receiving an access request sent by a user terminal, identifying the identity of a user and updating the system information;
and the service module is used for providing corresponding services according to the updated system information.
In a third aspect, an embodiment of the present disclosure provides a service access control device, including:
a memory;
a processor; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to implement the method of the first aspect.
In a fourth aspect, the present disclosure provides a computer-readable storage medium, on which a computer program is stored, the computer program being executed by a processor to implement the method of the first aspect.
In a fifth aspect, the disclosed embodiments also provide a computer program product comprising a computer program or instructions which, when executed by a processor, implement the service access control method as described above.
The service access control method, the service access control device, the service access control equipment and the computer readable storage medium provided by the embodiment of the disclosure avoid individual maintenance of the user identity information and the authority information of each proxy gateway by uniformly configuring the system information, improve the system maintenance efficiency and further improve the usability of the system.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present disclosure, the drawings used in the description of the embodiments or prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
Fig. 1 is a flowchart of a service access control method provided in an embodiment of the present disclosure;
fig. 2 is a schematic diagram of an application scenario provided by the embodiment of the present disclosure;
fig. 3 is a flowchart of a service access control method according to another embodiment of the disclosure;
fig. 4 is a signaling diagram of a service access control method according to another embodiment of the disclosure;
fig. 5 is a schematic structural diagram of a service access control apparatus according to an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of an embedded device according to an embodiment of the present disclosure;
Detailed Description
In order that the above objects, features and advantages of the present disclosure may be more clearly understood, aspects of the present disclosure will be further described below. It should be noted that the embodiments and features of the embodiments of the present disclosure may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure, but the present disclosure may be practiced in other ways than those described herein; it is to be understood that the embodiments disclosed in the specification are only a few embodiments of the present disclosure, and not all embodiments.
User identity authentication and authentication are the most important defense line in system safety, the legality and uniqueness of the user identity are confirmed, and illegal personnel can be prevented from entering the system, stealing protected information in the system to obtain illegal benefits, or maliciously damaging the integrity of the protected information in the system. Generally, a plurality of proxy gateways exist in a system network, system services proxied by each proxy gateway are different, and access permissions of different users to the system services are also different, and in general, a system administrator individually sets and maintains legal user information and access permission information associated with each gateway, for example, after a legal user or part of system services are added in a system, a new legal user list and permissions of the newly added user need to be set in each proxy gateway respectively, the process is very complicated, the problem of confusion of identity authentication and permission management is easy to occur, so that the system is poor in usability, and users need to log in respectively when accessing different system services proxied by different gateways, the efficiency is low, and the user experience is poor. To solve this problem, embodiments of the present disclosure provide a service access control method, which is described below with reference to specific embodiments.
Fig. 1 is a flowchart of a service access control method provided in an embodiment of the present disclosure. The method can be applied to the application scenario shown in fig. 2, where the application scenario includes a server 21 and a device 22, and the device 22 to be upgraded may specifically be a terminal, for example, a smart phone, a palm computer, a tablet computer, a wearable device with a display screen, a desktop computer, a notebook computer, an all-in-one machine, an intelligent home device, and the like. It is understood that the service access control method provided by the embodiment of the present disclosure may also be applied in other scenarios.
The service access control method shown in fig. 1 is described below with reference to the application scenario shown in fig. 2, and the method includes the following specific steps:
s101, configuring system information.
Optionally, the system information includes legal user identity information, system service information proxied by each proxy gateway, and authority information corresponding to each legal user identity.
The system information is configured in the server 21. The system information comprises legal user identity information used for determining whether the user is a legal user identified in the system. The system information also includes system service information proxied by each proxy gateway in the server 21. In a general system network, there are a plurality of proxy gateways and a plurality of system services, each proxy gateway proxies one or more different system services, and the system services that each proxy gateway proxies are different. Therefore, the system service information proxied by each proxy gateway needs to be configured for each proxy gateway to proxy its respective corresponding system service. The system information also includes authority information corresponding to each legal user identity. The system may have a plurality of legitimate users, and each legitimate user has different access rights to the services in the system, for example, some legitimate users may only access part of the services in the system, and other legitimate users may access all the services in the system. Therefore, the authority information corresponding to each legal user identity needs to be configured, and the system service in the authority range of the legal user is provided for the legal user according to the authority information. After the system information is configured in the server 21, the system information is synchronized to each proxy gateway.
S102, receiving an access request sent by a user terminal, identifying the user identity, and updating the system information.
The device 22 sends an access request carrying user identity information to the server 21, and after receiving the access request, the server 21 compares the user identity information with the legal user identity information configured in S101, identifies the user identity, and updates the system information.
And S103, providing corresponding services according to the updated system information.
The server 21 provides the device 22 with the corresponding system service according to the updated system information acquired in S102.
The embodiment of the disclosure configures system information; receiving an access request sent by a user terminal, identifying the identity of a user, and updating the system information; and providing corresponding services according to the updated system information, and uniformly configuring the system information to avoid independently maintaining the user identity information and the authority information of each proxy gateway, thereby improving the system maintenance efficiency and the system usability.
On the basis of the above embodiment, the receiving an access request sent by a user terminal, identifying a user identity, and updating the system information includes: if the user is a legal user, allowing the user request to generate a unique user identifier, wherein the user identifier comprises a corresponding relation with the identity information of the legal user; or if the user is an illegal user, the access request is refused.
The device 22 sends an access request carrying user identity information to the server 21, where the user identity information may be any information that can prove the user identity, such as an account password, a password, or a certificate, which is not limited in this embodiment. The system information configured in step S101 includes legal user identity information, and the server 21 compares the user identity information carried in the request with the legal user identity information in the configured system information, so as to determine whether the user currently initiating the request is a legal user. If the user is determined to be a valid user through comparison, the server 21 allows the access request, and generates a unique user identifier, where the user identifier includes a corresponding relationship with the identity of the valid user. According to the corresponding relationship, the server 21 may obtain the access right of the current user to the service in the system, and synchronize the user identifier and the accessible system service to the corresponding proxy gateway in the system, and the corresponding proxy gateway stores the user identifier in the legal user list. At the same time, the server 21 synchronizes the user identification, the system service information proxied by each proxy gateway, to the device 22. It will be appreciated that the user identity is absolutely unique, and even for the same legitimate user, the user identity generated after each access request is granted is different. If the user is not a valid user in the system after comparison, the server 21 rejects the access request.
Optionally, the providing the corresponding service according to the updated system information includes: receiving a service request sent by a user terminal, wherein the service request comprises the user identification and target service information; and providing corresponding service based on the user identification and the target service information.
Further, providing the corresponding service based on the user identifier and the target service information includes: if the user identification and the target service information accord with the authority information, providing a service corresponding to the target service information; or if the user identifier and the target service information do not accord with the authority information, rejecting the service request.
After passing the user identity validity check, the terminal 22 initiates a request for obtaining system services to the server 21. Specifically, the terminal 22 sends a user service request to a corresponding proxy gateway in the server 21 according to the system service information proxied by each proxy gateway synchronized in step S103, where the user service request includes a user identifier and target service information representing the system service that the user requests to access. After receiving the user service request, the corresponding proxy gateway determines whether the user has the right to access the system service requested to be accessed according to the legal user list and the right information corresponding to each legal user identity synchronized in S101. If the target service is in the authority range of the legal user, the proxy gateway initiates a request to the corresponding system service, and after receiving a system service response, the proxy gateway forwards the system service data to the device 22 through the data reverse proxy, so that the user can process the data through the device 22; if the target service is not in the authority range of the legal user, the proxy gateway terminates the communication.
The embodiment of the present disclosure identifies the user identity by receiving an access request sent by a user terminal, and updates the system information, including: if the user is a legal user, allowing the user request to generate a unique user identifier, wherein the user identifier comprises a corresponding relation with the identity information of the legal user; or if the user is an illegal user, the access request is refused. Providing corresponding services according to the updated system information, comprising: receiving a service request sent by a user terminal, wherein the service request comprises the user identification and target service information; and providing corresponding service based on the user identification and the target service information. Wherein, based on the user identifier and the target service information, providing the corresponding service comprises: if the user identification and the target service information accord with the authority information, providing a service corresponding to the target service information; or if the user identifier and the target service information do not accord with the authority information, the service request is rejected, after the user passes the identity validity check, the proxy gateway performs a second check on the service request initiated by the user and the user authority, and on the premise of ensuring the system safety, the user can access all system services which accord with the authority without performing identity verification operation again, so that the working efficiency is improved, and the user experience is ensured to be good.
Fig. 3 is a flowchart of a service access control method according to another embodiment of the present disclosure. As shown in fig. 3, the method includes:
s301, configuring system information.
S302, receiving an access request sent by a user terminal, identifying the user identity, and updating the system information.
And S303, providing corresponding service according to the updated system information.
Specifically, the implementation processes and principles of S301 to S303 and S101 to S103 are consistent, and are not described herein again.
S304, receiving a logout request sent by the user terminal, wherein the logout request comprises a user identifier.
After the user completes processing the system service data, the device 22 sends an offline request to the server 21, where the offline request includes the user identifier generated in S302 and synchronized to the device 22. It will be appreciated that a user actively clicking down, directly closing an application or web page or other closing service process will trigger the device 22 to issue a request to the server 21 to be down.
S305, deleting the user identification from the system information.
After receiving the offline request sent by the device 22, the server 21 identifies the user identifier included in the request, and deletes the user identifier from the legitimate user list.
The embodiment of the disclosure configures system information; receiving an access request sent by a user terminal, identifying the identity of a user, and updating the system information; providing corresponding service according to the updated system information; receiving an offline request sent by a user terminal, wherein the offline request comprises a user identifier; the user identification is deleted from the system information, a user can access all system services in the authority of the user only through one-time verification, the server is offline after the service is completed, the user identification used in the access is deleted by the server, due to the uniqueness of the user identification, the server can verify the user identification and the authority information generated in the current access every time the user logs in the system to request the system service, the user operation is not needed, and the safety of the system is further improved on the premise of guaranteeing the user experience and the efficiency.
Fig. 4 is a signaling diagram of a service access control method according to another embodiment of the disclosure. The server 21 includes an authentication gateway, a plurality of proxy gateways, and a system service. It is understood that the proxy gateway 1 and the proxy gateway 2 in fig. 4 represent two proxy gateways that proxy different system services, and are used as examples in this embodiment, and any number of proxy gateways may exist according to system requirements during actual use. As shown in fig. 4, the method includes:
s401, the authentication gateway configures system information.
Specifically, the system information includes legal user identity information for determining whether the user is a legal user identified in the system. The system information also includes system service information proxied by each proxy gateway in the server 21. In a general system network, there are a plurality of proxy gateways and a plurality of system services, each proxy gateway proxies one or more different system services, and the system services that each proxy gateway proxies are different. Therefore, the system service information proxied by each proxy gateway needs to be configured for each proxy gateway to proxy its respective corresponding system service. The system information also includes authority information corresponding to each legal user identity. The system may have a plurality of legitimate users, and each legitimate user has different access rights to the services in the system, for example, some legitimate users may only access part of the services in the system, and other legitimate users may access all the services in the system. Therefore, it is necessary to configure authority information corresponding to each legal user identity, so as to provide system services in the authority for the legal user.
S402, the authentication gateway synchronizes the system information to the proxy gateway 1.
S403, the authentication gateway synchronizes the system information to the proxy gateway 2.
And after the system information is configured, the authentication gateway synchronizes the system information to each proxy gateway. It should be noted that S402 and S403 may be executed simultaneously, or may also be in a sequential order, and this embodiment does not specifically limit the sequential order, and for example, S402 may be executed first, or S403 may be executed first.
S404, the user initiates an access request through the user terminal.
S405, the user side sends an access request to the authentication gateway.
S406, the authentication gateway receives the access request sent by the user terminal, identifies the user identity and updates the system information. Wherein the system information comprises a user identification.
Specifically, if the user is a legal user, allowing the user to request and generating a unique user identifier, wherein the user identifier comprises a corresponding relation with identity information of the legal user; or if the user is an illegal user, the access request is refused.
The user sends an access request to the authentication gateway through the user terminal, and after receiving the access request sent by the user terminal, the authentication gateway compares the user identity information carried in the request with the legal user identity information in the system information configured in S401, so as to judge whether the user who initiates the request is a legal user currently. If the user is determined to be a legal user through comparison, the authentication gateway allows the access request, and generates a unique user identifier, wherein the user identifier comprises a corresponding relation with the identity of the legal user. It will be appreciated that the user identity is absolutely unique, and even for the same legitimate user, the user identity generated after each access request is granted is different. If the user is not a legal user in the system after comparison, the authentication gateway refuses the access request.
S407, the authentication gateway synchronizes the updated system information to the user terminal.
The authentication gateway synchronizes the user identification and the system service information proxied by each proxy gateway to the user terminal.
S408, the authentication gateway synchronizes the user identification to the proxy gateway 1.
Because the user identification contains the corresponding relation with the legal user identity, the authentication gateway can acquire the access authority of the current user to the service in the system and synchronize the user identification to the corresponding proxy gateway 1 in the system.
S409, the proxy gateway 1 stores the user identifier in a valid user list.
After receiving the user identifier, the proxy gateway 1 stores the user identifier in a legal user list.
S410, the authentication gateway synchronizes the user identification to the proxy gateway 2.
Because the user identification contains the corresponding relation with the legal user identity, the authentication gateway can acquire the access authority of the current user to the service in the system and synchronize the user identification to the corresponding proxy gateway 2 in the system.
S411, the proxy gateway 2 stores the user identification to a legal user list.
After receiving the user identifier, the proxy gateway 2 stores the user identifier in a legal user list.
It is understood that S408 and S410 may be executed simultaneously, or may also be in a sequential order, and this embodiment does not specifically limit the sequential order, and for example, S408 may be executed first, or S410 may be executed first.
S412, the user initiates a service request through the user terminal.
And after the identity information is authenticated, the user initiates a system service request through the user terminal.
S413, the user terminal sends the service request to the corresponding proxy gateway.
The user terminal sends the user service request to the corresponding proxy gateway according to the system service information proxied by each proxy gateway synchronized in S407. In this embodiment, the corresponding proxy gateway is a proxy gateway 1. The user service request comprises a user identification and target service information of the system service which represents the user request to access.
S414, the proxy gateway 1 provides the corresponding service based on the user identifier and the target service information in the service request.
After receiving the user service request, the proxy gateway 1 determines whether the user has the right to access the system service requested by the user according to the legal user list and the right information corresponding to each legal user identity synchronized in S402. If the target service is in the authority range of the legal user, the proxy gateway 1 provides corresponding service; if the target service is not in the authority range of the legal user, the proxy gateway 1 terminates the communication.
S415, the proxy gateway 1 sends the service request to the system service.
And S416, responding to the service request by the system service.
And S417, the system service returns the user service request correspondingly.
S418, the proxy gateway 1 performs data reverse proxy on the service request response.
S419, the proxy gateway 1 sends the system service data to the user terminal.
And S420, the user performs data processing through the user terminal.
The proxy gateway 1 initiates a request to a corresponding system service, and after receiving a system service response, forwards the system service data to the user terminal through the data reverse proxy, so that the user can process the data through the user terminal.
S421, the user initiates a request for offline through the user terminal.
And after the user finishes processing the system service data, sending an offline request to the authentication gateway through the user terminal.
S422, the user terminal sends a logoff request to the authentication gateway.
And S423, the authentication gateway receives a logout request sent by the user terminal, wherein the logout request comprises a user identifier.
After receiving the offline request sent by the user terminal, the authentication gateway identifies the user identifier contained in the request and sends the user identifier to corresponding proxy gateways in the system, such as the proxy gateway 1 and the proxy gateway 2.
S424, the authentication gateway sends the user identification in the offline request to the proxy gateway 1.
S425, the proxy gateway 1 deletes the user id from the legitimate users list.
S426, the authentication gateway sends the user identifier in the offline request to the proxy gateway 2.
S427, the proxy gateway 2 deletes the user id from the legitimate users list.
And after receiving the user identification sent by the authentication gateway, the proxy gateway 1 and the proxy gateway 2 delete the user identification from respective legal user lists. It is understood that S424 and S426 may be executed simultaneously, or may also be in a sequential order, and this embodiment does not specifically limit the sequential order, and for example, S424 may be executed first, or S426 may be executed first.
The embodiment of the disclosure configures system information; receiving an access request sent by a user terminal, identifying the identity of a user, and updating the system information, wherein the system information comprises a user identifier; providing corresponding service based on the user identification and the target service information; the method comprises the steps of receiving an offline request sent by a user terminal, wherein the offline request comprises a user identifier, after the user passes identity validity check of an authentication gateway, carrying out secondary check on a service request initiated by the user and the user authority by a proxy gateway, and on the premise of ensuring system safety, accessing all system services conforming to the user authority without carrying out identity verification operation again by the user, so that the working efficiency is improved, and good user experience is ensured. In addition, after the user initiates an offline request, the proxy gateway deletes the user identifier used in the access, and due to the uniqueness of the user identifier, the proxy gateway verifies the user identifier of the current access user and the authority information of the current access user when the user logs in the system to request the system service every time, and the process does not need the user to operate, so that the safety of the system is further improved on the premise of ensuring the user experience and efficiency.
Fig. 5 is a schematic structural diagram of a service access control device according to an embodiment of the present disclosure. The service access control device may execute the processing flow provided by the service access control method embodiment, as shown in fig. 5, the service access control device 500 includes: a configuration module 510, an authentication module 520, a service module 530; the configuration module 510 is configured to configure system information, the authentication module 520 is configured to receive an access request sent by a user terminal, identify a user identity, and update the system information, and the service module 530 is configured to provide a corresponding service according to the updated system information.
Optionally, the configuration module 510 is specifically configured to: and configuring legal user identity information, system service information proxied by each proxy gateway and authority information corresponding to each legal user identity.
Optionally, the authentication module 520 is configured to: if the user is determined to be a legal user, allowing the user to request and generating a unique user identifier, wherein the user identifier comprises a corresponding relation with the identity information of the legal user; or, if the user is determined to be an illegal user, the access request is rejected.
Optionally, the service module 530 further includes: a receiving unit 531, configured to receive a service request sent by a user terminal, where the service request includes the user identifier and target service information; a service unit 532, configured to provide a corresponding service based on the user identifier and the target service information.
Optionally, the service unit 532 is further configured to: confirming that the user identification and the target service information accord with the authority information, and providing a service corresponding to the target service information; or, the service request is rejected after the user identification and the target service information are confirmed to be not in accordance with the authority information.
Optionally, the service access control apparatus further includes a log-out module 540, configured to: receiving an offline request sent by a user terminal, wherein the offline request comprises a user identifier; and deleting the user identification from the system information.
The service access control apparatus in the embodiment shown in fig. 5 may be used to implement the technical solution of the service access control method embodiment, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 6 is a schematic structural diagram of an embedded device according to an embodiment of the present disclosure. The embedded device may execute the processing flow provided by the service access control method embodiment, as shown in fig. 6, the device 60 includes: memory 61, processor 62, computer programs and communication interface 63; wherein the computer program is stored in the memory 61 and is configured to be executed by the processor 62 for performing the service access control method as described above.
In addition, the disclosed embodiments also provide a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the service access control method described in the above embodiments.
Furthermore, the disclosed embodiments also provide a computer program product comprising a computer program or instructions which, when executed by a processor, implement the service access control method as described above.
It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The foregoing are merely exemplary embodiments of the present disclosure, which enable those skilled in the art to understand or practice the present disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (14)

1. A method for service access control, the method comprising:
configuring system information;
receiving an access request sent by a user terminal, identifying the identity of a user, and updating the system information;
and providing corresponding service according to the updated system information.
2. The method of claim 1, wherein the system information comprises legal user identity information and system service information proxied by each proxy gateway, and authority information corresponding to each legal user identity.
3. The method of claim 1, wherein receiving an access request from a user terminal, identifying a user identity, and updating the system information comprises:
if the user is a legal user, allowing the user request to generate a unique user identifier, wherein the user identifier comprises a corresponding relation with the identity information of the legal user;
or if the user is an illegal user, the access request is refused.
4. The method of claim 1, wherein providing the corresponding service according to the updated system information comprises:
receiving a service request sent by a user terminal, wherein the service request comprises the user identification and target service information;
and providing corresponding service based on the user identification and the target service information.
5. The method of claim 4, wherein providing the corresponding service based on the user identification and the target service information comprises:
if the user identification and the target service information accord with the authority information, providing a service corresponding to the target service information;
or if the user identifier and the target service information do not accord with the authority information, rejecting the service request.
6. The method of claim 1, wherein after providing the corresponding service according to the updated system information, the method further comprises:
receiving an offline request sent by a user terminal, wherein the offline request comprises a user identifier;
and deleting the user identification from the system information.
7. A service access control apparatus, characterized in that the apparatus comprises:
the configuration module is used for configuring system information;
the authentication module is used for receiving an access request sent by a user terminal, identifying the identity of a user and updating the system information;
and the service module is used for providing corresponding services according to the updated system information.
8. The apparatus of claim 7, wherein the configuration module is configured to:
and configuring legal user identity information, system service information proxied by each proxy gateway and authority information corresponding to each legal user identity.
9. The apparatus of claim 7, wherein the authentication module is configured to:
if the user is determined to be a legal user, allowing the user to request and generating a unique user identifier, wherein the user identifier comprises a corresponding relation with the identity information of the legal user;
or, if the user is determined to be an illegal user, the access request is rejected.
10. The apparatus of claim 7, wherein the service module further comprises:
a receiving unit, configured to receive a service request sent by a user terminal, where the service request includes the user identifier and target service information;
and the service unit is used for providing corresponding services based on the user identification and the target service information.
11. The apparatus of claim 10, wherein the service unit is further configured to:
confirming that the user identification and the target service information accord with the authority information, and providing a service corresponding to the target service information;
or, the service request is rejected after the user identification and the target service information are confirmed to be not in accordance with the authority information.
12. The apparatus of claim 7, further comprising a log-out module to:
receiving an offline request sent by a user terminal, wherein the offline request comprises a user identifier;
and deleting the user identification from the system information.
13. An embedded device, comprising:
a memory;
a processor; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to implement the method of any one of claims 1-6.
14. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-6.
CN202111318418.3A 2021-11-09 2021-11-09 Service access control method, device, equipment and computer readable storage medium Pending CN114024755A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111318418.3A CN114024755A (en) 2021-11-09 2021-11-09 Service access control method, device, equipment and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111318418.3A CN114024755A (en) 2021-11-09 2021-11-09 Service access control method, device, equipment and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN114024755A true CN114024755A (en) 2022-02-08

Family

ID=80062486

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111318418.3A Pending CN114024755A (en) 2021-11-09 2021-11-09 Service access control method, device, equipment and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN114024755A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109413032A (en) * 2018-09-03 2019-03-01 中国平安人寿保险股份有限公司 A kind of single-point logging method, computer readable storage medium and gateway
CN110311929A (en) * 2019-08-01 2019-10-08 江苏芯盛智能科技有限公司 A kind of access control method, device and electronic equipment and storage medium
CN111400777A (en) * 2019-11-14 2020-07-10 杭州海康威视系统技术有限公司 Network storage system, user authentication method, device and equipment
CN111416826A (en) * 2020-03-24 2020-07-14 江苏易安联网络技术有限公司 System and method for safely releasing and accessing application service
CN113055367A (en) * 2021-03-08 2021-06-29 浪潮云信息技术股份公司 Method and system for realizing micro-service gateway authentication

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109413032A (en) * 2018-09-03 2019-03-01 中国平安人寿保险股份有限公司 A kind of single-point logging method, computer readable storage medium and gateway
CN110311929A (en) * 2019-08-01 2019-10-08 江苏芯盛智能科技有限公司 A kind of access control method, device and electronic equipment and storage medium
CN111400777A (en) * 2019-11-14 2020-07-10 杭州海康威视系统技术有限公司 Network storage system, user authentication method, device and equipment
CN111416826A (en) * 2020-03-24 2020-07-14 江苏易安联网络技术有限公司 System and method for safely releasing and accessing application service
CN113055367A (en) * 2021-03-08 2021-06-29 浪潮云信息技术股份公司 Method and system for realizing micro-service gateway authentication

Similar Documents

Publication Publication Date Title
CN110912938B (en) Access verification method and device for network access terminal, storage medium and electronic equipment
AU2011100168B4 (en) Device-bound certificate authentication
EP2585970B1 (en) Online service access controls using scale out directory features
US8171529B2 (en) Secure subscriber identity module service
CN104717223B (en) Data access method and device
JP6675163B2 (en) Authority transfer system, control method of authorization server, authorization server and program
EP3890266A1 (en) Verification method, apparatus, and system used for network application access
US20160261607A1 (en) Techniques for identity-enabled interface deployment
WO2015101125A1 (en) Network access control method and device
JP6376869B2 (en) Data synchronization system, control method thereof, authorization server, and program thereof
CN110365483B (en) Cloud platform authentication method, client, middleware and system
JP2007219935A (en) Distributed authentication system and distributed authentication method
CN101582769A (en) Authority setting method of user access network and equipment
CA2939169A1 (en) Authentication system and method
CN111125674B (en) Open type data processing system, open type data system and data processing method
CN108259502A (en) For obtaining the identification method of interface access rights, server-side and storage medium
US20190020640A1 (en) Cloud operation interface sharing method, related device, and system
CN108604990A (en) The application method and device of local authorized certificate in terminal
CN107358118B (en) SFS access control method and system, SFS and terminal equipment
CN106330836B (en) Access control method of server to client
JP2020535530A (en) Resource processing methods, equipment, systems and computer readable media
CN108667800B (en) Access authority authentication method and device
CN114024755A (en) Service access control method, device, equipment and computer readable storage medium
US10057252B1 (en) System for secure communications
WO2023273279A1 (en) Network authentication system and method for robot

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination