CN116204920A - Access authority control method and device for vehicle sensitive resource data and electronic equipment - Google Patents

Access authority control method and device for vehicle sensitive resource data and electronic equipment Download PDF

Info

Publication number
CN116204920A
CN116204920A CN202310155451.1A CN202310155451A CN116204920A CN 116204920 A CN116204920 A CN 116204920A CN 202310155451 A CN202310155451 A CN 202310155451A CN 116204920 A CN116204920 A CN 116204920A
Authority
CN
China
Prior art keywords
sensitive resource
authority
vault
authorization
sensitive
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310155451.1A
Other languages
Chinese (zh)
Inventor
廖浩蓝
周文靖
瞿航
蓝文良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing Changan Automobile Co Ltd
Original Assignee
Chongqing Changan Automobile Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing Changan Automobile Co Ltd filed Critical Chongqing Changan Automobile Co Ltd
Priority to CN202310155451.1A priority Critical patent/CN116204920A/en
Publication of CN116204920A publication Critical patent/CN116204920A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • G06F21/335User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • G06F21/43User authentication using separate channels for security data wireless channels
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2133Verifying human interaction, e.g., Captcha
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2137Time limited access, e.g. to a computer or data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Automation & Control Theory (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to the technical field of vehicle data security, in particular to a method and a device for controlling access rights of vehicle sensitive resource data and electronic equipment, wherein the method comprises the following steps: receiving a sensitive resource access request of a user; based on the sensitive resource access request, sending the vault authority type to the user, receiving the authorization information sent by the user based on the vault authority type, and generating an access authorization token after the authorization information is checked; and sending the sensitive resource access request and the access authorization token to the vault authority engine, receiving the sensitive resource corresponding to the sensitive resource access request sent by the vault authority engine after the sensitive resource access request and the access authorization token pass, and sending the sensitive resource to the user. Therefore, the problems of information security and the like of vehicle sensitive data access are solved, and the privacy and the security of data are ensured.

Description

Access authority control method and device for vehicle sensitive resource data and electronic equipment
Technical Field
The present invention relates to the field of vehicle data security technologies, and in particular, to a method and an apparatus for controlling access rights of vehicle sensitive resource data, and an electronic device.
Background
In the age of industry and advanced internet technology, automobiles have become an indispensable travel tool for people. Today's automobiles are no longer conventional traffic vehicles, but rather are small computers that can be networked and have high computing power. The automobile uploads data on the automobile end to the cloud end through the internet and big data technology, and the cloud end stores and analyzes the data. Sensitive resource information exists in the vehicle-related data according to the requirements of the national worker information department, and in order to ensure the safety of the data, authority control is needed when a user accesses the vehicle-related sensitive data.
Thus, a method for controlling access rights to sensitive resource data is urgent.
Disclosure of Invention
The application provides a method, a device and electronic equipment for controlling access authority of vehicle sensitive resource data, which solve the problems of information security and the like of vehicle sensitive data access and ensure the privacy and security of data.
An embodiment of a first aspect of the present application provides a method for controlling access rights of vehicle sensitive resource data, including the following steps: receiving a sensitive resource access request of a user; based on the sensitive resource access request, sending a vault authority type to the user, receiving authorization information sent by the user based on the vault authority type, and generating an access authorization token after the authorization information is checked to pass; and sending the sensitive resource access request and the access authorization token to a vault authority engine, receiving the vault authority engine, checking sensitive resources corresponding to the sensitive resource access request sent after the sensitive resource access request and the access authorization token pass, and sending the sensitive resources to the user.
According to the technical means, the problems of information security and the like of vehicle sensitive data access are solved, and the privacy and the security of data are ensured.
Further, before receiving the sensitive resource access request of the user, the method further comprises: determining a plurality of sensitive resources to be accessed, which need to be incorporated into the sensitive resource access authority control; and determining the authority authorization form and the valid time and valid times of authorization of each sensitive resource to be accessed.
According to the technical means, security of sensitive resource access is ensured by defining authority authorization form, effective time and effective times of authorization.
Further, after sending the sensitive resource access request and the access authorization token to the vault rights engine, further includes: receiving non-authority information sent by the vault authority engine after the sensitive resource access request and the access authorization token fail to be checked; and sending the unauthorized information to the user.
According to the technical means, the unauthorized information is sent to the user, so that the user can modify the authorized information again.
Further, the vault authority type comprises at least one of owner authority and professional authority user authority; the authorization information comprises a short message verification code.
According to the technical means, the authorization information is configured, and the privacy and the safety of the data are ensured.
An embodiment of a second aspect of the present application provides an access right control device for vehicle sensitive resource data, including: the receiving module is used for receiving a sensitive resource access request of a user; the generation module is used for sending a vault authority type to the user based on the sensitive resource access request, receiving authorization information sent by the user based on the vault authority type, and generating an access authorization token after the authorization information is checked to pass; the sending module is used for sending the sensitive resource access request and the access authorization token to a vault authority engine, receiving the vault authority engine, checking the sensitive resource corresponding to the sensitive resource access request sent after the sensitive resource access request and the access authorization token pass, and sending the sensitive resource to the user.
Further, before receiving the sensitive resource access request of the user, the receiving module is further configured to: determining a plurality of sensitive resources to be accessed, which need to be incorporated into the sensitive resource access authority control; and determining the authority authorization form and the valid time and valid times of authorization of each sensitive resource to be accessed.
Further, after sending the sensitive resource access request and the access authorization token to the vault rights engine, the sending module is further configured to: receiving non-authority information sent by the vault authority engine after the sensitive resource access request and the access authorization token fail to be checked; and sending the unauthorized information to the user.
Further, the vault authority type comprises at least one of owner authority and professional authority user authority; the authorization information comprises a short message verification code.
An embodiment of a third aspect of the present application provides an electronic device, including: the system comprises a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the processor executes the program to realize the access right control method of the vehicle sensitive resource data according to the embodiment.
An embodiment of a fourth aspect of the present application provides a computer-readable storage medium having stored thereon a computer program that is executed by a processor for implementing the access right control method for vehicle sensitive resource data as described in the above embodiment.
Therefore, the method and the device send the vault authority type to the user based on the sensitive resource access request, receive the authorization information sent by the user based on the vault authority type, generate the access authorization token after the authorization information is checked to pass, send the sensitive resource access request and the access authorization token to the vault authority engine, receive sensitive resources corresponding to the sensitive resource access request sent by the vault authority engine after the sensitive resource access request and the access authorization token are checked to pass, and send the sensitive resources to the user. Therefore, the problems of information security and the like of vehicle sensitive data access are solved, and the privacy and the security of data are ensured.
Additional aspects and advantages of the application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the application.
Drawings
The foregoing and/or additional aspects and advantages of the present application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings, in which:
FIG. 1 is a schematic physical structure diagram of a method for controlling access rights to vehicle sensitive resource data according to one embodiment of the present application;
FIG. 2 is a flowchart of a method for controlling access rights to vehicle sensitive resource data according to an embodiment of the present application;
FIG. 3 is a flow chart of a method of controlling access rights to vehicle sensitive resource data according to one embodiment of the present application;
FIG. 4 is a block diagram of an access rights control device for vehicle sensitive resource data according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Reference numerals illustrate: 10-access right control device of vehicle sensitive resource data, 100-receiving module, 200-generating module, 300-transmitting module, 501-memory, 502-processor and 503-communication interface.
Detailed Description
Embodiments of the present application are described in detail below, examples of which are illustrated in the accompanying drawings, wherein the same or similar reference numerals refer to the same or similar elements or elements having the same or similar functions throughout. The embodiments described below by referring to the drawings are exemplary and intended for the purpose of explaining the present application and are not to be construed as limiting the present application.
The following describes a method, a device and an electronic device for controlling access rights of vehicle sensitive resource data according to embodiments of the present application with reference to the accompanying drawings. In order to solve the problem of information security of vehicle sensitive data access mentioned in the background art, the application provides an access authority control method of vehicle sensitive resource data, in the method, based on a sensitive resource access request, a vault authority type is sent to a user, authorization information sent by the user based on the vault authority type is received, an access authorization token is generated after the authorization information is checked to pass, the sensitive resource access request and the access authorization token are sent to a vault authority engine, sensitive resources corresponding to the sensitive resource access request sent after the vault authority engine checks the sensitive resource access request and the access authorization token pass are received, and the sensitive resources are sent to the user. Therefore, the problems of information security and the like of vehicle sensitive data access are solved, and the privacy and the security of data are ensured.
In this embodiment, as shown in fig. 1, the system involved includes a vault rights engine, an API (Application Programming Interface ) gateway, a sensitive resource system.
Wherein, the vault rights engine: and managing the vault rights, and providing functions of authority of the vault, rights verification and the like. And the authorization mode of the authority and related information can be configured and managed.
API gateway: the gateway is a unified flow inlet accessed by all APIs, the gateway filters and intercepts the access sensitive resource data through a filter, an interceptor and the like, and the gateway ensures the security of the access of the sensitive resource by means of the capability of the vault authority engine.
Sensitive resource system: storing data of sensitive resources of the vehicle, APIs providing access to sensitive resources, etc.
The embodiment of the application is implemented from three aspects of vault authority maintenance, vault authority authorization and vault authority verification.
Specifically, fig. 2 is a flowchart of a method for controlling access rights of vehicle sensitive resource data according to an embodiment of the present application.
As shown in fig. 2, the access right control method of the vehicle sensitive resource data includes the following steps:
in step S201, a sensitive resource access request of a user is received.
Further, in some embodiments, before receiving the sensitive resource access request of the user, further comprising: determining a plurality of sensitive resources to be accessed, which need to be incorporated into the sensitive resource access authority control; and determining the authority authorization form and the valid time and valid times of authorization of each sensitive resource to be accessed.
The user sensitive resource data comprises user driving data, credit information data and user personal information, such as an identity card number, a telephone number and the like.
It should be understood that, in the embodiment of the present application, for the function that needs to incorporate the access rights control of the sensitive resource, maintenance configuration is performed through a rights configuration page built in the vault rights engine, so that each access function of the sensitive resource is abstracted into one right. If the function of "view user path" is to access path data via url (Uniform Resource Locator ) address a, then address a is equivalent to a right when maintaining the right. After defining the rights, the rights authorization form employed by each right to access the sensitive resource may also be defined. Such as a short message verification code mode, a face recognition mode and the like. By taking a short message verification code mode as an example, the effective time of the short message verification code and the authority effective time or the authority use times after each sensitive resource to be accessed is authorized can be defined. If the short message verification code is valid within five minutes, authorization is not allowed to be performed after more than five minutes; if the applied permission limits the use times, the access can not be continued when the times reach the limit. In addition, the system is also subjected to maintenance by authorized persons, and information of sensitive data management personnel is maintained in the system.
In step S202, based on the sensitive resource access request, the vault authority type is sent to the user, and authorization information sent by the user based on the vault authority type is received, and after the authorization information is checked, an access authorization token is generated.
Wherein, in some embodiments, the vault rights type includes at least one of a vehicle owner authorization and a professional authorized user authorization; the authorization information includes a short message authentication code.
Specifically, when a user accesses sensitive data through a mobile phone terminal or a computer-side webpage, firstly, the front end directly accesses an API corresponding to the sensitive resource, and the API firstly reaches a gateway layer. The gateway checks the authority session carried in the access request, if the authority check is not passed, the front end pulls up an authorization page, the user selects a vault authority type, the vault authority type is divided into two types of 'owner authorization' and 'professional authorization user authorization', taking the selection of 'professional authorization user authorization' as an example, the front end carries out the follow-up steps according to the mode defined by the authority of the authority, if the authorization mode defined by the authority is in the form of a short message verification code, the front end loads an interface for sending a short message to the authorized user, after the user clicks a 'send short message' button, the vault authority engine sends the short message verification code to the authorized user, and the user contacts the authorized user in an offline mode to obtain the short message verification code, and then carries out the follow-up steps on the authorization page. The vault authority engine verifies the short message verification code, generates an authorization token for temporary access after confirming that the verification code is effective, returns the token to the front end, and completes the authorization of the vault authority.
In step S203, a sensitive resource access request and an access authorization token are sent to the vault authority engine, and the vault authority engine is received to verify the sensitive resource corresponding to the sensitive resource access request sent after the sensitive resource access request and the access authorization token pass, and send the sensitive resource to the user.
It can be understood that after the user is authorized by the vault, the authorized token is put into the header of the http request through the front end, and the API of the sensitive resource is requested again.
If the vault authority needs to be checked, the sensitive resource access request and the access authorization token are sent to a vault authority engine, the vault authority engine checks the token after receiving the data, and if the check is successful, the sensitive resource is sent to the user.
Further, in some embodiments, after sending the sensitive resource access request and the access authorization token to the vault rights engine, further comprises: receiving the non-authority information sent by the vault authority engine after the verification of the sensitive resource access request and the failure of the access authorization token; and sending the unauthorized information to the user.
It can be appreciated that if the checking of the access authorization token by the vault authorization engine is not passed, the vault authorization engine sends the unauthorized information after the failure of the authorization token to the user.
Specifically, as shown in fig. 3, after receiving the request of the user API, the gateway first determines whether the API needs checking of the vault authority, if so, the filter in the gateway transmits the user information accessing the API, the resource information accessed by the user information, the token and the like to the vault authority engine, the vault authority engine checks the token after receiving the request data, checks whether the token expires, and if the authority information contained in the token matches the authority corresponding to the resource accessed by the user, the authority engine returns the result of the check to the gateway. If the verification fails, the gateway intercepts the access of the gateway and returns no authority and the like to the front end; if the verification is passed, the gateway can route to the sensitive resource system to perform normal service request.
The beneficial effects of the embodiment of the application are as follows: based on the way of the vault mode, authority control is carried out on the access of the sensitive data resources, and the privacy and the safety of the data are ensured; the authority control can be flexibly and conveniently opened or closed by realizing the configurability of the authority function; all requests for accessing resources are filtered and intercepted through an API gateway unified entry and decoupled with authority verification, so that the whole service has better throughput on the premise of ensuring authority control.
According to the access authority control method for the vehicle sensitive resource data, which is provided by the embodiment of the application, based on a sensitive resource access request, a vault authority type is sent to a user, authorization information sent by the user based on the vault authority type is received, an access authorization token is generated after the authorization information is checked to pass, the sensitive resource access request and the access authorization token are sent to a vault authority engine, sensitive resources corresponding to the sensitive resource access request sent after the vault authority engine is checked to pass the sensitive resource access request and the access authorization token are received, and the sensitive resources are sent to the user. Therefore, the problems of information security and the like of vehicle sensitive data access are solved, and the privacy and the security of data are ensured.
Next, an access right control device for vehicle sensitive resource data according to an embodiment of the present application will be described with reference to the accompanying drawings.
Fig. 4 is a block diagram of an access right control device for vehicle sensitive resource data according to an embodiment of the present application.
As shown in fig. 4, the access right control device 10 of the vehicle sensitive resource data includes: a receiving module 100, a generating module 200 and a transmitting module 300.
The receiving module 100 is configured to receive a sensitive resource access request of a user; the generation module 200 is configured to send a vault authority type to a user based on a sensitive resource access request, receive authorization information sent by the user based on the vault authority type, and generate an access authorization token after the authorization information passes verification; the sending module 300 is configured to send a sensitive resource access request and an access authorization token to the vault authority engine, receive a sensitive resource corresponding to the sensitive resource access request sent by the vault authority engine after the sensitive resource access request and the access authorization token pass, and send the sensitive resource to the user.
Further, in some embodiments, before receiving the sensitive resource access request of the user, the receiving module 100 is further configured to: determining a plurality of sensitive resources to be accessed, which need to be incorporated into the sensitive resource access authority control; and determining the authority authorization form and the valid time and valid times of authorization of each sensitive resource to be accessed.
Further, in some embodiments, after sending the sensitive resource access request and the access authorization token to the vault rights engine, the sending module 300 is further configured to: receiving the non-authority information sent by the vault authority engine after the verification of the sensitive resource access request and the failure of the access authorization token; and sending the unauthorized information to the user.
Further, in some embodiments, the vault rights types include at least one of owner authorization and professional authorized user authorization; the authorization information includes a short message authentication code.
It should be noted that, the explanation of the foregoing embodiment of the method for controlling the access right to the vehicle sensitive resource data is also applicable to the device for controlling the access right to the vehicle sensitive resource data of this embodiment, which is not described herein again.
According to the access authority control device for the vehicle sensitive resource data, which is provided by the embodiment of the application, the vault authority type is sent to the user based on the sensitive resource access request, authorization information sent by the user based on the vault authority type is received, an access authorization token is generated after the authorization information is checked to pass, the sensitive resource access request and the access authorization token are sent to the vault authority engine, the sensitive resource corresponding to the sensitive resource access request sent after the vault authority engine is checked to pass the sensitive resource access request and the access authorization token is received, and the sensitive resource is sent to the user. Therefore, the problems of information security and the like of vehicle sensitive data access are solved, and the privacy and the security of data are ensured.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application. The electronic device may include:
memory 501, processor 502, and a computer program stored on memory 501 and executable on processor 502.
The processor 502 implements the access right control method for the vehicle sensitive resource data provided in the above embodiment when executing the program.
Further, the electronic device further includes:
a communication interface 503 for communication between the memory 501 and the processor 502.
Memory 501 for storing a computer program executable on processor 502.
The memory 501 may include high speed RAM (Random Access Memory ) memory, and may also include non-volatile memory, such as at least one disk memory.
If the memory 501, the processor 502, and the communication interface 503 are implemented independently, the communication interface 503, the memory 501, and the processor 502 may be connected to each other via a bus and perform communication with each other. The bus may be an ISA (Industry Standard Architecture ) bus, a PCI (Peripheral Component, external device interconnect) bus, or EISA (Extended Industry Standard Architecture ) bus, among others. The buses may be divided into address buses, data buses, control buses, etc. For ease of illustration, only one thick line is shown in fig. 5, but not only one bus or one type of bus.
Alternatively, in a specific implementation, if the memory 501, the processor 502, and the communication interface 503 are integrated on a chip, the memory 501, the processor 502, and the communication interface 503 may perform communication with each other through internal interfaces.
The processor 502 may be a CPU (Central Processing Unit ) or ASIC (Application Specific Integrated Circuit, application specific integrated circuit) or one or more integrated circuits configured to implement embodiments of the present application.
The embodiment of the application also provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor implements the access right control method for the vehicle sensitive resource data as above.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present application. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or N embodiments or examples. Furthermore, the different embodiments or examples described in this specification and the features of the different embodiments or examples may be combined and combined by those skilled in the art without contradiction.
Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In the description of the present application, the meaning of "N" is at least two, such as two, three, etc., unless explicitly defined otherwise.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more N executable instructions for implementing specific logical functions or steps of the process, and further implementations are included within the scope of the preferred embodiment of the present application in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the embodiments of the present application.
It is to be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the N steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. As with the other embodiments, if implemented in hardware, may be implemented using any one or combination of the following techniques, as is well known in the art: discrete logic circuits having logic gates for implementing logic functions on data signals, application specific integrated circuits having suitable combinational logic gates, programmable gate arrays, field programmable gate arrays, and the like.
Those of ordinary skill in the art will appreciate that all or a portion of the steps carried out in the method of the above-described embodiments may be implemented by a program to instruct related hardware, where the program may be stored in a computer readable storage medium, and where the program, when executed, includes one or a combination of the steps of the method embodiments.
Although embodiments of the present application have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the application, and that variations, modifications, alternatives, and variations may be made to the above embodiments by one of ordinary skill in the art within the scope of the application.

Claims (10)

1. The access authority control method for the vehicle sensitive resource data is characterized by comprising the following steps of:
receiving a sensitive resource access request of a user;
based on the sensitive resource access request, sending a vault authority type to the user, receiving authorization information sent by the user based on the vault authority type, and generating an access authorization token after the authorization information is checked to pass; and
and sending the sensitive resource access request and the access authorization token to a vault authority engine, receiving the vault authority engine, checking sensitive resources corresponding to the sensitive resource access request sent after the sensitive resource access request and the access authorization token pass, and sending the sensitive resources to the user.
2. The method of claim 1, further comprising, prior to receiving the user's sensitive resource access request:
determining a plurality of sensitive resources to be accessed, which need to be incorporated into the sensitive resource access authority control;
and determining the authority authorization form and the valid time and valid times of authorization of each sensitive resource to be accessed.
3. The method of claim 1, further comprising, after sending the sensitive resource access request and the access authorization token to the vault rights engine:
receiving non-authority information sent by the vault authority engine after the sensitive resource access request and the access authorization token fail to be checked;
and sending the unauthorized information to the user.
4. The method of claim 1, wherein the vault rights types include at least one of owner authorization and professional authorized user authorization;
the authorization information comprises a short message verification code.
5. An access rights control device for vehicle sensitive resource data, comprising:
the receiving module is used for receiving a sensitive resource access request of a user;
the generation module is used for sending a vault authority type to the user based on the sensitive resource access request, receiving authorization information sent by the user based on the vault authority type, and generating an access authorization token after the authorization information is checked to pass; and
the sending module is used for sending the sensitive resource access request and the access authorization token to a vault authority engine, receiving the vault authority engine, checking the sensitive resource corresponding to the sensitive resource access request sent after the sensitive resource access request and the access authorization token pass, and sending the sensitive resource to the user.
6. The apparatus of claim 5, wherein prior to receiving the user's sensitive resource access request, the receiving module is further configured to:
determining a plurality of sensitive resources to be accessed, which need to be incorporated into the sensitive resource access authority control;
and determining the authority authorization form and the valid time and valid times of authorization of each sensitive resource to be accessed.
7. The apparatus of claim 5, wherein after sending the sensitive resource access request and the access authorization token to the vault rights engine, the sending module is further to:
receiving non-authority information sent by the vault authority engine after the sensitive resource access request and the access authorization token fail to be checked;
and sending the unauthorized information to the user.
8. The apparatus of claim 5, wherein the vault rights types include at least one of owner authorization and professional authorized user authorization;
the authorization information comprises a short message verification code.
9. An electronic device, comprising: a memory, a processor and a computer program stored on the memory and executable on the processor, the processor executing the program to implement the access rights control method for vehicle sensitive resource data as claimed in any one of claims 1 to 4.
10. A computer-readable storage medium having stored thereon a computer program, characterized in that the program is executed by a processor for realizing the access right control method of the vehicle sensitive resource data according to any one of claims 1 to 4.
CN202310155451.1A 2023-02-22 2023-02-22 Access authority control method and device for vehicle sensitive resource data and electronic equipment Pending CN116204920A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310155451.1A CN116204920A (en) 2023-02-22 2023-02-22 Access authority control method and device for vehicle sensitive resource data and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310155451.1A CN116204920A (en) 2023-02-22 2023-02-22 Access authority control method and device for vehicle sensitive resource data and electronic equipment

Publications (1)

Publication Number Publication Date
CN116204920A true CN116204920A (en) 2023-06-02

Family

ID=86518780

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310155451.1A Pending CN116204920A (en) 2023-02-22 2023-02-22 Access authority control method and device for vehicle sensitive resource data and electronic equipment

Country Status (1)

Country Link
CN (1) CN116204920A (en)

Similar Documents

Publication Publication Date Title
CN109617896B (en) Internet of things access control method and system based on intelligent contract
CN111143816B (en) Verification and authorization method and verification server
CN101090319B (en) Computer readable recording medium storing control program, communication system and computer data signal embedded in carrier wave
CN102498701A (en) Method and apparatus for identity verification
EP3565212B1 (en) Method for providing an authenticated update in a distributed network
CN112131021A (en) Access request processing method and device
CN107770192A (en) Identity authentication method and computer-readable recording medium in multisystem
DE102019127100A1 (en) PROCEDURE AND SYSTEM FOR PROVIDING SECURITY OF AN IN-VEHICLE NETWORK
CN112187465B (en) Non-inductive login method, device, computer equipment and storage medium
CN112950201A (en) Node management method and related device applied to block chain system
CN115982694A (en) Resource access method, device, equipment and medium
CN116192483A (en) Authentication method, device, equipment and medium
CN113901429A (en) Access method and device of multi-tenant system
CN112422516B (en) Trusted connection method and device based on power edge calculation and computer equipment
CN112417407A (en) Data authorization processing method, device, equipment and storage medium
CN116204920A (en) Access authority control method and device for vehicle sensitive resource data and electronic equipment
CN115913679A (en) Access control method and system based on zero-trust gateway
CN114157472B (en) Network access control method, device, equipment and storage medium
CN111355583A (en) Service providing system, method, device, electronic equipment and storage medium
CN112491559B (en) Identity verification method and device
CN113901428A (en) Login method and device of multi-tenant system
CN114024682A (en) Cross-domain single sign-on method, service equipment and authentication equipment
CN116436624A (en) Storage system access method and device, computer readable medium and electronic equipment
CN114363373A (en) Application communication management system, method, device, electronic device and storage medium
CN113411311A (en) ECU (electronic control Unit) diagnosis authorization verification method, storage medium and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination