CN117494090A - Login method and device of business system, storage medium and electronic equipment - Google Patents
Login method and device of business system, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN117494090A CN117494090A CN202311516229.6A CN202311516229A CN117494090A CN 117494090 A CN117494090 A CN 117494090A CN 202311516229 A CN202311516229 A CN 202311516229A CN 117494090 A CN117494090 A CN 117494090A
- Authority
- CN
- China
- Prior art keywords
- control table
- target
- signature value
- signature
- service system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 81
- 238000012360 testing method Methods 0.000 claims abstract description 16
- 238000012795 verification Methods 0.000 claims description 152
- 238000012545 processing Methods 0.000 claims description 48
- 238000012216 screening Methods 0.000 claims description 7
- 238000005516 engineering process Methods 0.000 abstract description 9
- 230000008569 process Effects 0.000 description 15
- 238000010586 diagram Methods 0.000 description 13
- 238000004590 computer program Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 10
- 230000000694 effects Effects 0.000 description 5
- 238000001514 detection method Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000004422 calculation algorithm Methods 0.000 description 2
- 230000000295 complement effect Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The application discloses a login method and device of a business system, a storage medium and electronic equipment, and relates to the technical field of information security, the field of financial science and technology or other related fields. The method comprises the following steps: when detecting that a target object requests to log in a service system, acquiring N pieces of target information of the target object from an authority control table in a target database; acquiring a first signature value corresponding to a target object from an authority control table; determining a checking result of the authority control table according to the N pieces of target information and the first signature value, wherein the checking result is used for indicating whether the authority control table is tampered; and determining a login result of the target object logging in the service system based on the test result, wherein the login result is used for indicating whether the target object is successfully logged in the service system. By the method and the device, the problem that whether the access authority control table of the service system is tampered or not is difficult to determine in the related technology, so that the security of logging in the service system is low is solved.
Description
Technical Field
The present invention relates to the field of information security technologies, financial science and technology, and in particular, to a method and apparatus for logging in a business system, a storage medium, and an electronic device.
Background
At present, a financial institution side business management system is usually designed based on business access control, and the roles and menu authority of the system are defined according to the requirements of business departments, such as super users, operators, administrators, auditors and the like. For example, the system can add super users through a database script mode by technical means, and the super users can add, modify and delete manager users through service functions. The administrator user has user management authority, and can add, modify and delete user menus of operators and auditors. Moreover, various user roles in the related art may set different menu functions. The user authority field in the authority control table is represented, for example, the user with ID of 000000001, zhang San, the role of operator, the first 3 bits 001 of 0011 in the user authority represent the menu as parameter inquiry, the 4 th bit represents whether the authority exists (1 is yes, 0 is no), the menu structure is generated according to the data in the authority control table when logging in, and the menu of the user displays the parameter setting and the parameter inquiry.
However, in the related art, the user group permission and the user function permission fields in the user permission control table of the service system are stored in the database in the clear, and the table structure has no checking mechanism and is at risk of being tampered. For example, if this field is tampered to "0011|0021|0031|0041|", the user menu column of Zhang three will be displayed as parameter setting, parameter inquiry, user authority setting, log examination, this user will be able to operate unauthorized menu functions, the service system presents access control authority security problem, and the system cannot be identified effectively.
Aiming at the problem that whether an access authority control table of a service system is tampered or not is difficult to determine in the related art, so that the security of logging in the service system is low, no effective solution is proposed at present.
Disclosure of Invention
The main purpose of the present application is to provide a login method and device for a service system, a storage medium and an electronic device, so as to solve the problem that in the related art, whether an access authority control table of the service system is tampered is difficult to determine, resulting in lower security of the login service system.
In order to achieve the above object, according to one aspect of the present application, there is provided a login method of a service system. The method comprises the following steps: when detecting that a target object requests to log in a service system, acquiring N pieces of target information of the target object from an authority control table in a target database, wherein the target database is a database corresponding to the service system, the authority control table is used for storing information for controlling the authority of the target object to log in the service system, the N pieces of target information at least comprise ID information and authority information of the target object, and N is a positive integer greater than 1; acquiring a first signature value corresponding to the target object from the authority control table, wherein the first signature value is obtained by digitally signing the N pieces of target information; determining a checking result of the authority control table according to the N pieces of target information and the first signature value, wherein the checking result is used for indicating whether the authority control table is tampered; and determining a login result of the target object to login the service system based on the test result, wherein the login result is used for indicating whether the target object successfully logins the service system.
Further, determining the verification result of the authority control table according to the N pieces of target information and the first signature value includes: performing signature verification processing on the first signature value according to the N pieces of target information to obtain a signature verification result of the first signature value, wherein the signature verification result is used for indicating whether the signature verification of the first signature value is successful or not; if the signature verification result is that the signature verification of the first signature value fails, determining that the verification result is that the authority control table is tampered; and if the signature verification result is that the signature verification of the first signature value is successful, determining that the verification result is that the authority control table is not tampered.
Further, performing signature verification processing on the first signature value according to the N pieces of target information, where obtaining a signature verification result of the first signature value includes: acquiring a second signature value from the authority control table according to the N pieces of target information; judging whether the first signature value and the second signature value are the same or not; if the first signature value is different from the second signature value, the signature verification result is that the signature verification of the first signature value fails; and if the first signature value is the same as the second signature value, the signature verification result is that the signature verification of the first signature value is successful.
Further, obtaining the second signature value from the authority control table according to the N pieces of target information includes: performing splicing processing on the N pieces of target information to obtain spliced target information; determining the authority control table from the target database corresponding to the service system; and acquiring the second signature value from the authority control table according to the spliced target information.
Further, before obtaining the second signature value from the authority control table according to the N pieces of target information, the method further includes: determining an original authority control table from the target database corresponding to the service system; adding a target field in the original authority control table to obtain the authority control table, wherein the target field is used for storing a result of digital signature on information in the original authority control table; determining the second signature value based on the entitlement control table; storing the second signature value in the target field in the entitlement control table.
Further, determining the second signature value based on the entitlement control table includes: acquiring the N pieces of target information of the target object from the authority control table; performing splicing processing on the N pieces of target information to obtain spliced target information; and carrying out digital signature on the spliced target information to obtain the second signature value.
Further, when it is detected that the target object requests to log in the service system, acquiring N pieces of target information of the target object from the authority control table in the target database includes: when the target object is detected to request to log in the service system, determining the target database corresponding to the service system; determining the authority control table from the target database; obtaining M attribute information of the target object from the authority control table, wherein M is a positive integer greater than 1; and screening the M pieces of attribute information to obtain the N pieces of target information.
Further, determining a login result of the target object to login to the business system based on the test result includes: if the checking result is that the authority control table is tampered, determining that the login result is that the target object fails to login the service system; and if the checking result is that the authority control table is not tampered, determining that the login result is that the target object is successfully logged in the service system.
To achieve the above object, according to another aspect of the present application, there is provided a login device of a service system. The device comprises: the first acquisition unit is used for acquiring N pieces of target information of a target object from an authority control table in a target database when the target object is detected to request to log in a service system, wherein the target database is a database corresponding to the service system, the authority control table is used for storing information for controlling the authority of the target object to log in the service system, the N pieces of target information at least comprise ID information and authority information of the target object, and N is a positive integer greater than 1; the second acquisition unit is used for acquiring a first signature value corresponding to the target object from the authority control table, wherein the first signature value is obtained by carrying out digital signature on the N pieces of target information; a first determining unit, configured to determine a verification result of the authority control table according to the N pieces of target information and the first signature value, where the verification result is used to indicate whether the authority control table is tampered with; and the second determining unit is used for determining a login result of the target object to login the service system based on the test result, wherein the login result is used for indicating whether the target object successfully logins the service system.
Further, the first determination unit includes: the first processing subunit is used for carrying out signature verification processing on the first signature value according to the N pieces of target information to obtain a signature verification result of the first signature value, wherein the signature verification result is used for indicating whether the signature verification of the first signature value is successful or not; the first determining subunit is used for determining that the authority control table is tampered if the signature verification result is that the signature verification of the first signature value fails; and the second determining subunit is used for determining that the permission control table is not tampered if the signature verification result is that the signature verification of the first signature value is successful.
Further, the first processing subunit includes: the first acquisition module is used for acquiring a second signature value from the authority control table according to the N pieces of target information; the first judging module is used for judging whether the first signature value and the second signature value are the same or not; the first determining module is used for determining that the signature verification of the first signature value fails if the first signature value and the second signature value are different; and the second determining module is used for determining that the signature verification of the first signature value is successful if the first signature value is the same as the second signature value.
Further, the first acquisition module includes: the first processing sub-module is used for performing splicing processing on the N pieces of target information to obtain spliced target information; the first determining submodule is used for determining the authority control table from the target database corresponding to the service system; and the first acquisition sub-module is used for acquiring the second signature value from the authority control table according to the spliced target information.
Further, the apparatus further comprises: a third determining unit, configured to determine an original authority control table from the target database corresponding to the service system before obtaining a second signature value from the authority control table according to the N pieces of target information; a first adding unit, configured to add a target field to the original permission control table to obtain the permission control table, where the target field is used to store a result of performing digital signature on information in the original permission control table; a fourth determining unit configured to determine the second signature value based on the authority control table; and the first storage unit is used for storing the second signature value into the target field in the permission control table.
Further, the fourth determination unit includes: a first obtaining subunit, configured to obtain the N pieces of target information of the target object from the permission control table; the second processing subunit is used for performing splicing processing on the N pieces of target information to obtain spliced target information; and the third processing subunit is used for carrying out digital signature on the spliced target information to obtain the second signature value.
Further, the first acquisition unit includes: a third determining subunit, configured to determine, when it is detected that the target object requests to login to the service system, the target database corresponding to the service system; a fourth determining subunit, configured to determine the permission control table from the target database; a second obtaining subunit, configured to obtain M attribute information of the target object from the permission control table, where M is a positive integer greater than 1; and the fourth processing subunit is used for screening the M attribute information to obtain the N target information.
Further, the second determining unit includes: a fifth determining subunit, configured to determine that the login result is that the target object fails to login to the service system if the verification result is that the permission control table is tampered; and the sixth determining subunit is configured to determine that the login result is that the target object is successful in logging in the service system if the verification result is that the permission control table is not tampered.
To achieve the above object, according to another aspect of the present application, there is provided a computer-readable storage medium storing a program, wherein the program performs the login method of the business system of any one of the above.
To achieve the above object, according to another aspect of the present application, there is provided an electronic device including one or more processors and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the login method of the service system of any one of the above.
Through the application, the following steps are adopted: when detecting that a target object requests to log in a service system, N pieces of target information of the target object are obtained from an authority control table in a target database, wherein the target database is a database corresponding to the service system, the authority control table is used for storing information for controlling the authority of the target object to log in the service system, the N pieces of target information at least comprise ID information and authority information of the target object, and N is a positive integer greater than 1; acquiring a first signature value corresponding to the target object from the authority control table, wherein the first signature value is obtained by carrying out digital signature on N pieces of target information; determining a checking result of the authority control table according to the N pieces of target information and the first signature value, wherein the checking result is used for indicating whether the authority control table is tampered; and determining a login result of the target object logging in the service system based on the test result, wherein the login result is used for indicating whether the target object is successfully logged in the service system, and the problem that the security of the login service system is lower because whether an access authority control table of the service system is tampered is difficult to determine in the related art is solved. N pieces of target information of a target object and signature values corresponding to the target object are obtained from an authority control table in a database corresponding to the service system, whether the authority control table is tampered is detected according to the N pieces of target information and the signature values, whether the target object is successfully logged in the service system is determined according to a detection result of whether the authority control table is tampered, and therefore whether the access authority control table of the service system is tampered can be determined, and the effect of improving the safety of the logged-in service system is achieved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application, illustrate and explain the application and are not to be construed as limiting the application. In the drawings:
fig. 1 is a flowchart of a login method of a service system according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a signing process in an embodiment of the present application;
FIG. 3 is a schematic diagram of a verification process in an embodiment of the present application;
fig. 4 is a schematic diagram of a login device of a service system according to an embodiment of the present application;
fig. 5 is a schematic diagram of an electronic device provided according to an embodiment of the present application.
Detailed Description
It should be noted that, in the case of no conflict, the embodiments and features in the embodiments may be combined with each other. The present application will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
In order to make the present application solution better understood by those skilled in the art, the following description will be made in detail and with reference to the accompanying drawings in the embodiments of the present application, it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate in order to describe the embodiments of the present application described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be noted that, related information (including, but not limited to, user equipment information, user personal information, etc.) and data (including, but not limited to, data for presentation, analyzed data, etc.) related to the present disclosure are information and data authorized by a user or sufficiently authorized by each party. For example, an interface is provided between the system and the relevant user or institution, before acquiring the relevant information, the system needs to send an acquisition request to the user or institution through the interface, and acquire the relevant information after receiving the consent information fed back by the user or institution.
For convenience of description, the following will describe some terms or terms related to the embodiments of the present application:
digital signature (digital signature): the public key digital signature is a section of digital string which can not be forged by others only generated by the sender of the information, and is also a valid proof for the authenticity of the information sent by the sender of the information. It is a method for authenticating digital information that resembles a common physical signature written on paper, but is implemented using techniques in the field of public key cryptography. A set of digital signatures typically defines two complementary operations, one for signing and the other for verification.
The present invention will be described with reference to preferred implementation steps, and fig. 1 is a flowchart of a login method of a service system according to an embodiment of the present application, and as shown in fig. 1, the method includes the following steps:
step S101, when detecting that a target object requests to log in a service system, N pieces of target information of the target object are obtained from an authority control table in a target database, wherein the target database is a database corresponding to the service system, the authority control table is used for storing information for controlling the authority of the target object to log in the service system, the N pieces of target information at least comprise ID information and authority information of the target object, and N is a positive integer greater than 1.
For example, a user (the target object mentioned above) initiates a login request for logging in a service system at a browser end, and then a server end may initiate a request, and extract key field information such as a user ID (Identification Card, identity), a user authority, and the like from an authority control table in a database of the service system.
Step S102, a first signature value corresponding to the target object is obtained from the right control table, wherein the first signature value is obtained after digital signature is carried out on N pieces of target information.
For example, after a user (the target object described above) initiates a login request to login to a service system at a browser, a server may initiate a request to fetch a signature value (the first signature value described above) from a permission control table in a database of the service system.
And step S103, determining a checking result of the authority control table according to the N pieces of target information and the first signature value, wherein the checking result is used for indicating whether the authority control table is tampered.
For example, signature verification can be performed on the signature value according to the extracted key field information such as the user ID and the user authority, and whether the authority control table in the database of the service system is tampered or not can be judged.
Step S104, determining a login result of the target object to login the service system based on the test result, wherein the login result is used for indicating whether the target object successfully logs in the service system.
For example, signature verification is performed on the signature value, if the signature verification is successful, the data of the authority control table is proved to be accurate, and if the authority control table is not tampered, the subsequent login flow can be continued; if the signature verification fails, the key fields in the permission control table are changed, the user permission of the system is at risk of being tampered, prompt information is returned, and login fails.
It should be noted that, the login method of the business system provided in the embodiment of the present application may be applied to a financial scenario.
Through the steps S101 to S104, N pieces of target information of the target object and signature values corresponding to the target object are obtained from the authority control tables in the database corresponding to the service system, whether the authority control tables are tampered is detected according to the N pieces of target information and the signature values, and whether the target object is successfully logged in the service system is determined according to the detection result of whether the authority control tables are tampered, so that whether the access authority control tables of the service system are tampered is determined, and the effect of improving the security of the logged-in service system is achieved.
Optionally, in the login method of a service system provided in the embodiment of the present application, when detecting that a target object requests to login to the service system, acquiring N pieces of target information of the target object from a permission control table in a target database includes: when detecting that a target object requests to log in a service system, determining a target database corresponding to the service system; determining an authority control table from a target database; m attribute information of a target object is obtained from the authority control table, wherein M is a positive integer greater than 1; and screening the M pieces of attribute information to obtain N pieces of target information.
For example, the authority control table may include information such as a user ID, a user authority, and an update time. Moreover, the user (the target object) initiates a login request for logging in the service system at the browser end, then the server end can initiate the request, information such as user ID, user authority, update time and the like is taken out from the authority control table of the database of the service system, and then the taken out information can be screened, and key field information such as the user ID, the user authority and the like is obtained.
By the scheme, key field information such as the user ID, the user authority and the like can be obtained rapidly and accurately.
Optionally, in the login method of a service system provided in the embodiment of the present application, determining, based on the authority control table, the second signature value includes: n pieces of target information of the target object are obtained from the authority control table; performing splicing treatment on the N pieces of target information to obtain spliced target information; and carrying out digital signature on the spliced target information to obtain a second signature value.
For example, the authority control table data may be first taken out from the database, then the server may splice the user ID and the user authority field into the data Text to be signed, and send the Text to the signature verification server for digital signature, so as to obtain the second signature value.
Through the scheme, digital signature can be rapidly and accurately performed, and a signature value can be obtained.
Optionally, in the login method of a service system provided in the embodiment of the present application, before the second signature value is obtained from the rights control table according to the N pieces of target information, the method further includes: determining an original authority control table from a target database corresponding to a service system; adding a target field in an original authority control table to obtain the authority control table, wherein the target field is used for storing a result of digital signature on information in the original authority control table; determining a second signature value based on the entitlement control table; the second signature value is stored in a target field in the entitlement control table.
For example, the signature result field may be added to the entitlement control table first, and then the entitlement control table data may be retrieved from the database. And then according to the extracted authority control table data, calling a signature verification server to carry out signature so as to obtain a signature value. And then the signature verification server returns the signature value and stores the signature value into a newly added signature result field in the authority control table.
By the scheme, the signature value can be quickly and accurately stored in the permission control table.
Optionally, in the login method of a service system provided in the embodiment of the present application, determining, according to N target information and the first signature value, a verification result of the authority control table includes: performing signature verification processing on the first signature value according to the N pieces of target information to obtain a signature verification result of the first signature value, wherein the signature verification result is used for indicating whether the signature verification of the first signature value is successful or not; if the signature verification result is that the signature verification of the first signature value fails, determining that the verification result is that the authority control table is tampered; if the signature verification result is that the signature verification of the first signature value is successful, the verification result is that the authority control table is not tampered.
For example, signature verification is carried out on the signature value, and if the signature verification is successful, the data of the authority control table is proved to be accurate and not tampered; if the signature verification fails, the key fields in the permission control table are changed, the user permission of the system is at risk of being tampered, and prompt information is returned.
By the scheme, whether the permission control table is tampered can be judged rapidly and accurately.
Optionally, in the login method of a service system provided in the embodiment of the present application, obtaining the second signature value from the rights control table according to the N pieces of target information includes: performing splicing treatment on the N pieces of target information to obtain spliced target information; determining an authority control table from a target database corresponding to the service system; and acquiring a second signature value from the right control table according to the spliced target information.
For example, when a user initiates a login request at the browser end, the server end initiates a request to take out key fields such as user ID, user authority and the like and signature values from the database. And then the server side splices key fields such as user ID, user authority field and the like from the database into text, and obtains a signature value from the authority control table according to the spliced field text.
Through the scheme, the signature value can be quickly and accurately obtained from the right control table according to the spliced fields.
Optionally, in the login method of the service system provided in the embodiment of the present application, performing signature verification processing on the first signature value according to N pieces of target information, where obtaining a signature verification result on the first signature value includes: acquiring a second signature value from the right control table according to the N pieces of target information; judging whether the first signature value and the second signature value are the same; if the first signature value is different from the second signature value, the signature verification result is that the signature verification of the first signature value fails; if the first signature value is the same as the second signature value, the signature verification result is that the signature verification of the first signature value is successful.
For example, in signing the signature value, it may be determined whether the signature value (the second signature value described above) acquired from the database is the same as the signature value (the first signature value described above) acquired by the user when logging into the service system; if the signature value (the second signature value) obtained from the database is different from the signature value (the first signature value) obtained by the user when logging in the service system, the signature verification fails; if the signature value (the second signature value) obtained from the database is the same as the signature value (the first signature value) obtained by the user when logging in the service system, the signature verification is successful.
Moreover, verification refers to verifying a digital signature to confirm that the signature was generated by a signer, and not tampered with or counterfeited.
For example, the process of verifying the signature may include the steps of:
(1) The public key of the signer is obtained.
(2) And decrypting the signed data by using a corresponding encryption algorithm to obtain the original abstract information.
(3) And carrying out hash calculation on the original data by using the same hash algorithm to obtain new abstract information.
(4) And comparing the decrypted abstract information with the calculated abstract information. If the two are the same, the verification is passed, and the signature is valid; if it is different, the verification fails and the signature is invalid.
The integrity and the authenticity of the data can be ensured through the verification, and the method can be applied to various fields, such as electronic commerce, digital certificates, data transmission and the like.
Through the scheme, the signature verification result can be obtained rapidly and accurately.
Optionally, in the login method of a service system provided in the embodiment of the present application, determining, based on the test result, a login result of the target object to login to the service system includes: if the checking result is that the authority control table is tampered, determining that the login result is that the target object fails to login the service system; if the checking result is that the authority control table is not tampered, the login result is determined to be that the target object is successfully logged in the service system.
For example, if the entitlement control table data is not tampered with, the subsequent login procedure may continue; if the key field in the authority control table is changed, the user authority of the system is tampered, prompt information is returned, and login fails.
By the scheme, whether the user can log in the service system or not can be judged rapidly and accurately.
For example, the purpose of this embodiment is to provide a user right protection verification method based on digital signature, which can operate key data based on a cryptographic technology based on an access control information table of an existing service system, and complement the blank that the service management system temporarily has no integrity protection mechanism based on the cryptographic technology, so as to achieve the purpose of user right security.
For example, fig. 2 is a schematic diagram of a signature process in the embodiment of the present application, as shown in fig. 2, each time a system administrator user modifies an access function of each user through a service system, the signature process of the access control information table is triggered, and the specific signature process is as follows:
(1) The entitlement control table adds a signature result field.
(2) And taking out the authority control table data from the database.
(3) The server side splices the user ID and the user authority field into data Text to be signed, and sends the Text to the signature verification server.
(4) And calling a signature verification server to carry out signature to obtain a signature value.
(5) The signature verification server returns the signature value.
(6) The signature value is stored in the entitlement control table. And table 1 is an authority control table after the signature result field is added.
TABLE 1
| User ID | User rights | Administrator(s) | Update time (time stamp) | Signature value |
| 000000001 | 0011|0020|0030|0041| | 000000002 | X year, X month and X day | XXXXX |
For example, fig. 3 is a schematic diagram of a verification process in the embodiment of the present application, as shown in fig. 3, the user performs integrity check on the access control information table each time when logging in, that is, signature verification is performed on signature values stored in the permission control table stored in the database when logging in, if the signature verification is successful, the subsequent login process is continued, if the signature verification is unsuccessful, the login failure is prompted, and the administrator needs to perform menu maintenance operation again, where the specific verification process is as follows:
(1) The user initiates a login request at the browser end.
(2) The server initiates a request to take out key fields such as user ID, user authority and the like and signature values from the database.
(3) The server side splices key fields such as user ID, user authority field and the like taken out from the database into text, and sends the signature value and the text to the signature verification server.
(4) The signature verification server performs verification and feeds back a verification result to the server.
(5) If the signature verification is successful, the authority control table data is proved to be accurate and not tampered, and the subsequent login flow can be continued; if the signature verification fails, the key fields in the permission control table are changed, the user permission of the system is tampered, prompt information is returned, and login fails.
By the method provided by the embodiment of the application, the signature verification server is used for signing and verifying the user permission, so that the integrity of the user permission information can be effectively ensured.
In addition, the present embodiment has the following advantageous effects:
the method provided by the embodiment of the application realizes the safe storage and verification of the access control information table of the service system based on the cryptographic technology, solves the problem that whether the access control table is illegally tampered or not can not be ensured in the user management system, improves the security of the access control of the service system,
in addition, the embodiment is realized by using a digital signature user authority protection verification method, the user authority field in the authority control table is digitally signed, the signature is digitally stored in the database, the access control information is required to be re-signed when the authority control table information is modified each time, verification is performed when the user logs in, whether the authority control table is tampered can be effectively identified, and the integrity of the access control information is ensured.
In summary, according to the login method of the service system provided by the embodiment of the application, when a target object is detected to request to login to the service system, N pieces of target information of the target object are obtained from an authority control table in a target database, wherein the target database is a database corresponding to the service system, the authority control table is used for storing information for controlling the authority of the target object to login to the service system, the N pieces of target information at least comprise ID information and authority information of the target object, and N is a positive integer greater than 1; acquiring a first signature value corresponding to the target object from the authority control table, wherein the first signature value is obtained by carrying out digital signature on N pieces of target information; determining a checking result of the authority control table according to the N pieces of target information and the first signature value, wherein the checking result is used for indicating whether the authority control table is tampered; and determining a login result of the target object logging in the service system based on the test result, wherein the login result is used for indicating whether the target object is successfully logged in the service system, and the problem that the security of the login service system is lower because whether an access authority control table of the service system is tampered is difficult to determine in the related art is solved. N pieces of target information of a target object and signature values corresponding to the target object are obtained from an authority control table in a database corresponding to the service system, whether the authority control table is tampered is detected according to the N pieces of target information and the signature values, whether the target object is successfully logged in the service system is determined according to a detection result of whether the authority control table is tampered, and therefore whether the access authority control table of the service system is tampered can be determined, and the effect of improving the safety of the logged-in service system is achieved.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer executable instructions, and that although a logical order is illustrated in the flowcharts, in some cases the steps illustrated or described may be performed in an order other than that illustrated herein.
The embodiment of the application also provides a login device of the service system, and it should be noted that the login device of the service system in the embodiment of the application can be used for executing the login method for the service system provided in the embodiment of the application. The following describes a login device of a service system provided in an embodiment of the present application.
Fig. 4 is a schematic diagram of a login device of a service system according to an embodiment of the present application. As shown in fig. 4, the apparatus includes: a first acquisition unit 401, a second acquisition unit 402, a first determination unit 403, and a second determination unit 404.
Specifically, the first obtaining unit 401 is configured to obtain N pieces of target information of a target object from an authority control table in a target database when it is detected that the target object requests to log in to a service system, where the target database is a database corresponding to the service system, the authority control table is configured to store information for controlling authority of the target object to log in to the service system, the N pieces of target information at least include ID information and authority information of the target object, and N is a positive integer greater than 1;
A second obtaining unit 402, configured to obtain a first signature value corresponding to the target object from the authority control table, where the first signature value is a signature value obtained by digitally signing N pieces of target information;
a first determining unit 403, configured to determine a verification result of the authority control table according to the N pieces of target information and the first signature value, where the verification result is used to indicate whether the authority control table is tampered with;
a second determining unit 404, configured to determine a login result of the target object logging into the service system based on the test result, where the login result is used to indicate whether the target object logging into the service system is successful.
In summary, in the login device of the service system provided in the embodiment of the present application, when it is detected that a target object requests to login to the service system, N pieces of target information of the target object are obtained from an authority control table in a target database, where the target database is a database corresponding to the service system, the authority control table is used to store information for controlling authority of the target object to login to the service system, the N pieces of target information at least include ID information and authority information of the target object, and N is a positive integer greater than 1; the second obtaining unit 402 obtains a first signature value corresponding to the target object from the rights control table, where the first signature value is a signature value obtained after digital signature is performed on N pieces of target information; the first determining unit 403 determines a check result of the authority control table according to the N pieces of target information and the first signature value, wherein the check result is used for indicating whether the authority control table is tampered with; the second determining unit 404 determines a login result of the target object logging in the service system based on the test result, where the login result is used to indicate whether the target object logging in the service system is successful, which solves the problem that in the related art, it is difficult to determine whether the access authority control table of the service system is tampered, resulting in lower security of logging in the service system. N pieces of target information of a target object and signature values corresponding to the target object are obtained from an authority control table in a database corresponding to the service system, whether the authority control table is tampered is detected according to the N pieces of target information and the signature values, whether the target object is successfully logged in the service system is determined according to a detection result of whether the authority control table is tampered, and therefore whether the access authority control table of the service system is tampered can be determined, and the effect of improving the safety of the logged-in service system is achieved.
Optionally, in the login device of the service system provided in the embodiment of the present application, the first determining unit 403 includes: the first processing subunit is used for carrying out signature verification processing on the first signature value according to the N pieces of target information to obtain a signature verification result of the first signature value, wherein the signature verification result is used for indicating whether the signature verification of the first signature value is successful or not; the first determining subunit is used for determining that the authority control table is tampered if the signature verification result is that the signature verification of the first signature value fails; and the second determining subunit is used for determining that the permission control table is not tampered if the signature verification result is that the signature verification of the first signature value is successful.
Optionally, in the login device of the service system provided in the embodiment of the present application, the first processing subunit includes: the first acquisition module is used for acquiring a second signature value from the right control table according to the N pieces of target information; the first judging module is used for judging whether the first signature value and the second signature value are the same or not; the first determining module is used for determining that the signature verification of the first signature value fails if the first signature value is different from the second signature value; and the second determining module is used for determining that the signature verification result is successful on the first signature value if the first signature value is the same as the second signature value.
Optionally, in the login device of the service system provided in the embodiment of the present application, the first obtaining module includes: the first processing sub-module is used for performing splicing processing on the N pieces of target information to obtain spliced target information; the first determining submodule is used for determining an authority control table from a target database corresponding to the service system; the first acquisition sub-module is used for acquiring a second signature value from the right control table according to the spliced target information.
Optionally, in the login device of the service system provided in the embodiment of the present application, the device further includes: the third determining unit is used for determining an original authority control table from the target database corresponding to the service system before acquiring the second signature value from the authority control table according to the N pieces of target information; the first adding unit is used for adding a target field in the original authority control table to obtain the authority control table, wherein the target field is used for storing a result of digital signature on information in the original authority control table; a fourth determining unit configured to determine a second signature value based on the authority control table; and the first storage unit is used for storing the second signature value into a target field in the permission control table.
Optionally, in the login device of the service system provided in the embodiment of the present application, the fourth determining unit includes: the first acquisition subunit is used for acquiring N pieces of target information of the target object from the permission control table; the second processing subunit is used for performing splicing processing on the N pieces of target information to obtain spliced target information; and the third processing subunit is used for carrying out digital signature on the spliced target information to obtain a second signature value.
Optionally, in the login device of the service system provided in the embodiment of the present application, the first obtaining unit 401 includes: the third determining subunit is used for determining a target database corresponding to the service system when the target object is detected to request to log in the service system; a fourth determining subunit, configured to determine an authority control table from the target database; a second obtaining subunit, configured to obtain M attribute information of the target object from the permission control table, where M is a positive integer greater than 1; and the fourth processing subunit is used for screening the M attribute information to obtain N pieces of target information.
Optionally, in the login device of the service system provided in the embodiment of the present application, the second determining unit 404 includes: a fifth determining subunit, configured to determine that the login result is that the target object fails to login to the service system if the verification result is that the permission control table is tampered; and the sixth determining subunit is configured to determine that the login result is that the target object is successfully logged into the service system if the verification result is that the permission control table is not tampered.
The login device of the service system includes a processor and a memory, where the first acquiring unit 401, the second acquiring unit 402, the first determining unit 403, the second determining unit 404, and the like are stored as program units, and the processor executes the program units stored in the memory to implement corresponding functions.
The processor includes a kernel, and the kernel fetches the corresponding program unit from the memory. The kernel can be provided with one or more than one, and the security of logging in the service system is improved by adjusting the kernel parameters.
The memory may include volatile memory, random Access Memory (RAM), and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM), among other forms in computer readable media, the memory including at least one memory chip.
The embodiment of the invention provides a computer readable storage medium, on which a program is stored, which when executed by a processor, implements a login method for the business system.
The embodiment of the invention provides a processor which is used for running a program, wherein the program runs to execute a login method of a business system.
As shown in fig. 5, an embodiment of the present invention provides an electronic device, where the device includes a processor, a memory, and a program stored in the memory and executable on the processor, and when the processor executes the program, the following steps are implemented: when detecting that a target object requests to log in a service system, acquiring N pieces of target information of the target object from an authority control table in a target database, wherein the target database is a database corresponding to the service system, the authority control table is used for storing information for controlling the authority of the target object to log in the service system, the N pieces of target information at least comprise ID information and authority information of the target object, and N is a positive integer greater than 1; acquiring a first signature value corresponding to the target object from the authority control table, wherein the first signature value is obtained by digitally signing the N pieces of target information; determining a checking result of the authority control table according to the N pieces of target information and the first signature value, wherein the checking result is used for indicating whether the authority control table is tampered; and determining a login result of the target object to login the service system based on the test result, wherein the login result is used for indicating whether the target object successfully logins the service system.
The processor also realizes the following steps when executing the program: determining the checking result of the authority control table according to the N pieces of target information and the first signature value comprises the following steps: performing signature verification processing on the first signature value according to the N pieces of target information to obtain a signature verification result of the first signature value, wherein the signature verification result is used for indicating whether the signature verification of the first signature value is successful or not; if the signature verification result is that the signature verification of the first signature value fails, determining that the verification result is that the authority control table is tampered; and if the signature verification result is that the signature verification of the first signature value is successful, determining that the verification result is that the authority control table is not tampered.
The processor also realizes the following steps when executing the program: performing signature verification processing on the first signature value according to the N pieces of target information, wherein obtaining a signature verification result of the first signature value comprises the following steps: acquiring a second signature value from the authority control table according to the N pieces of target information; judging whether the first signature value and the second signature value are the same or not; if the first signature value is different from the second signature value, the signature verification result is that the signature verification of the first signature value fails; and if the first signature value is the same as the second signature value, the signature verification result is that the signature verification of the first signature value is successful.
The processor also realizes the following steps when executing the program: obtaining the second signature value from the authority control table according to the N pieces of target information comprises: performing splicing processing on the N pieces of target information to obtain spliced target information; determining the authority control table from the target database corresponding to the service system; and acquiring the second signature value from the authority control table according to the spliced target information.
The processor also realizes the following steps when executing the program: before the second signature value is obtained from the authority control table according to the N pieces of target information, the method further comprises: determining an original authority control table from the target database corresponding to the service system; adding a target field in the original authority control table to obtain the authority control table, wherein the target field is used for storing a result of digital signature on information in the original authority control table; determining the second signature value based on the entitlement control table; storing the second signature value in the target field in the entitlement control table.
The processor also realizes the following steps when executing the program: determining the second signature value based on the entitlement control table includes: acquiring the N pieces of target information of the target object from the authority control table; performing splicing processing on the N pieces of target information to obtain spliced target information; and carrying out digital signature on the spliced target information to obtain the second signature value.
The processor also realizes the following steps when executing the program: when detecting that a target object requests to log in a service system, acquiring N pieces of target information of the target object from an authority control table in a target database comprises: when the target object is detected to request to log in the service system, determining the target database corresponding to the service system; determining the authority control table from the target database; obtaining M attribute information of the target object from the authority control table, wherein M is a positive integer greater than 1; and screening the M pieces of attribute information to obtain the N pieces of target information.
The processor also realizes the following steps when executing the program: determining a login result of the target object to login to the business system based on the test result includes: if the checking result is that the authority control table is tampered, determining that the login result is that the target object fails to login the service system; and if the checking result is that the authority control table is not tampered, determining that the login result is that the target object is successfully logged in the service system.
The device herein may be a server, PC, PAD, cell phone, etc.
The present application also provides a computer program product adapted to perform, when executed on a data processing device, a program initialized with the method steps of: when detecting that a target object requests to log in a service system, acquiring N pieces of target information of the target object from an authority control table in a target database, wherein the target database is a database corresponding to the service system, the authority control table is used for storing information for controlling the authority of the target object to log in the service system, the N pieces of target information at least comprise ID information and authority information of the target object, and N is a positive integer greater than 1; acquiring a first signature value corresponding to the target object from the authority control table, wherein the first signature value is obtained by digitally signing the N pieces of target information; determining a checking result of the authority control table according to the N pieces of target information and the first signature value, wherein the checking result is used for indicating whether the authority control table is tampered; and determining a login result of the target object to login the service system based on the test result, wherein the login result is used for indicating whether the target object successfully logins the service system.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: determining the checking result of the authority control table according to the N pieces of target information and the first signature value comprises the following steps: performing signature verification processing on the first signature value according to the N pieces of target information to obtain a signature verification result of the first signature value, wherein the signature verification result is used for indicating whether the signature verification of the first signature value is successful or not; if the signature verification result is that the signature verification of the first signature value fails, determining that the verification result is that the authority control table is tampered; and if the signature verification result is that the signature verification of the first signature value is successful, determining that the verification result is that the authority control table is not tampered.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: performing signature verification processing on the first signature value according to the N pieces of target information, wherein obtaining a signature verification result of the first signature value comprises the following steps: acquiring a second signature value from the authority control table according to the N pieces of target information; judging whether the first signature value and the second signature value are the same or not; if the first signature value is different from the second signature value, the signature verification result is that the signature verification of the first signature value fails; and if the first signature value is the same as the second signature value, the signature verification result is that the signature verification of the first signature value is successful.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: obtaining the second signature value from the authority control table according to the N pieces of target information comprises: performing splicing processing on the N pieces of target information to obtain spliced target information; determining the authority control table from the target database corresponding to the service system; and acquiring the second signature value from the authority control table according to the spliced target information.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: before the second signature value is obtained from the authority control table according to the N pieces of target information, the method further comprises: determining an original authority control table from the target database corresponding to the service system; adding a target field in the original authority control table to obtain the authority control table, wherein the target field is used for storing a result of digital signature on information in the original authority control table; determining the second signature value based on the entitlement control table; storing the second signature value in the target field in the entitlement control table.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: determining the second signature value based on the entitlement control table includes: acquiring the N pieces of target information of the target object from the authority control table; performing splicing processing on the N pieces of target information to obtain spliced target information; and carrying out digital signature on the spliced target information to obtain the second signature value.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: when detecting that a target object requests to log in a service system, acquiring N pieces of target information of the target object from an authority control table in a target database comprises: when the target object is detected to request to log in the service system, determining the target database corresponding to the service system; determining the authority control table from the target database; obtaining M attribute information of the target object from the authority control table, wherein M is a positive integer greater than 1; and screening the M pieces of attribute information to obtain the N pieces of target information.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: determining a login result of the target object to login to the business system based on the test result includes: if the checking result is that the authority control table is tampered, determining that the login result is that the target object fails to login the service system; and if the checking result is that the authority control table is not tampered, determining that the login result is that the target object is successfully logged in the service system.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, etc., such as Read Only Memory (ROM) or flash RAM. Memory is an example of a computer-readable medium.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises an element.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and changes may be made to the present application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. which are within the spirit and principles of the present application are intended to be included within the scope of the claims of the present application.
Claims (11)
1. A method for logging in a business system, comprising:
when detecting that a target object requests to log in a service system, acquiring N pieces of target information of the target object from an authority control table in a target database, wherein the target database is a database corresponding to the service system, the authority control table is used for storing information for controlling the authority of the target object to log in the service system, the N pieces of target information at least comprise ID information and authority information of the target object, and N is a positive integer greater than 1;
Acquiring a first signature value corresponding to the target object from the authority control table, wherein the first signature value is obtained by digitally signing the N pieces of target information;
determining a checking result of the authority control table according to the N pieces of target information and the first signature value, wherein the checking result is used for indicating whether the authority control table is tampered;
and determining a login result of the target object to login the service system based on the test result, wherein the login result is used for indicating whether the target object successfully logins the service system.
2. The method of claim 1, wherein determining a verification result of the entitlement control table based on the N pieces of target information and the first signature value comprises:
performing signature verification processing on the first signature value according to the N pieces of target information to obtain a signature verification result of the first signature value, wherein the signature verification result is used for indicating whether the signature verification of the first signature value is successful or not;
if the signature verification result is that the signature verification of the first signature value fails, determining that the verification result is that the authority control table is tampered;
And if the signature verification result is that the signature verification of the first signature value is successful, determining that the verification result is that the authority control table is not tampered.
3. The method of claim 2, wherein performing signature verification processing on the first signature value according to the N pieces of target information, and obtaining a signature verification result of the first signature value includes:
acquiring a second signature value from the authority control table according to the N pieces of target information;
judging whether the first signature value and the second signature value are the same or not;
if the first signature value is different from the second signature value, the signature verification result is that the signature verification of the first signature value fails;
and if the first signature value is the same as the second signature value, the signature verification result is that the signature verification of the first signature value is successful.
4. A method according to claim 3, wherein obtaining a second signature value from the entitlement control table in dependence upon the N target information comprises:
performing splicing processing on the N pieces of target information to obtain spliced target information;
determining the authority control table from the target database corresponding to the service system;
and acquiring the second signature value from the authority control table according to the spliced target information.
5. A method according to claim 3, wherein prior to obtaining a second signature value from the entitlement control table in dependence upon the N target information, the method further comprises:
determining an original authority control table from the target database corresponding to the service system;
adding a target field in the original authority control table to obtain the authority control table, wherein the target field is used for storing a result of digital signature on information in the original authority control table;
determining the second signature value based on the entitlement control table;
storing the second signature value in the target field in the entitlement control table.
6. The method of claim 5, wherein determining the second signature value based on the entitlement control table comprises:
acquiring the N pieces of target information of the target object from the authority control table;
performing splicing processing on the N pieces of target information to obtain spliced target information;
and carrying out digital signature on the spliced target information to obtain the second signature value.
7. The method of claim 1, wherein when it is detected that a target object requests to log into a business system, obtaining N pieces of target information of the target object from an authority control table in a target database comprises:
When the target object is detected to request to log in the service system, determining the target database corresponding to the service system;
determining the authority control table from the target database;
obtaining M attribute information of the target object from the authority control table, wherein M is a positive integer greater than 1;
and screening the M pieces of attribute information to obtain the N pieces of target information.
8. The method of claim 1, wherein determining a login result for the target object to login to the business system based on the verification result comprises:
if the checking result is that the authority control table is tampered, determining that the login result is that the target object fails to login the service system;
and if the checking result is that the authority control table is not tampered, determining that the login result is that the target object is successfully logged in the service system.
9. A login device for a business system, comprising:
the first acquisition unit is used for acquiring N pieces of target information of a target object from an authority control table in a target database when the target object is detected to request to log in a service system, wherein the target database is a database corresponding to the service system, the authority control table is used for storing information for controlling the authority of the target object to log in the service system, the N pieces of target information at least comprise ID information and authority information of the target object, and N is a positive integer greater than 1;
The second acquisition unit is used for acquiring a first signature value corresponding to the target object from the authority control table, wherein the first signature value is obtained by carrying out digital signature on the N pieces of target information;
a first determining unit, configured to determine a verification result of the authority control table according to the N pieces of target information and the first signature value, where the verification result is used to indicate whether the authority control table is tampered with;
and the second determining unit is used for determining a login result of the target object to login the service system based on the test result, wherein the login result is used for indicating whether the target object successfully logins the service system.
10. A computer-readable storage medium storing a program, wherein the program performs the login method of the business system according to any one of claims 1 to 8.
11. An electronic device comprising one or more processors and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of logging into the business system of any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311516229.6A CN117494090A (en) | 2023-11-14 | 2023-11-14 | Login method and device of business system, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311516229.6A CN117494090A (en) | 2023-11-14 | 2023-11-14 | Login method and device of business system, storage medium and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117494090A true CN117494090A (en) | 2024-02-02 |
Family
ID=89668766
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311516229.6A Pending CN117494090A (en) | 2023-11-14 | 2023-11-14 | Login method and device of business system, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117494090A (en) |
-
2023
- 2023-11-14 CN CN202311516229.6A patent/CN117494090A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11165579B2 (en) | Decentralized data authentication | |
| US11675880B2 (en) | Securing webpages, webapps and applications | |
| US10659482B2 (en) | Robotic process automation resource insulation system | |
| CN111327564B (en) | Access method and device for alliance chain | |
| US11418499B2 (en) | Password security | |
| KR20170092642A (en) | Data security operations with expectations | |
| EP2803011B1 (en) | Detection of invalid escrow keys | |
| KR101817152B1 (en) | Method for providing trusted right information, method for issuing user credential including trusted right information, and method for obtaining user credential | |
| CN108075888B (en) | Dynamic URL generation method and device, storage medium and electronic equipment | |
| CN113472521A (en) | Block chain-based real-name digital identity management method, signature device and verification device | |
| CN116527330A (en) | System login method and device, storage medium and electronic equipment | |
| Zawoad et al. | A trustworthy cloud forensics environment | |
| CN117494090A (en) | Login method and device of business system, storage medium and electronic equipment | |
| Tiwari et al. | India’s “Aadhaar” Biometric ID: Structure, Security, and Vulnerabilities | |
| US7661111B2 (en) | Method for assuring event record integrity | |
| CN115189937A (en) | Security protection method and device for client data | |
| US11936651B2 (en) | Automated account recovery using trusted devices | |
| Szczepanik et al. | Security of mobile banking applications | |
| CN114978733B (en) | Access processing method based on light application, electronic equipment and storage medium | |
| CN114090974A (en) | Account authority verification method and device | |
| CN105635322A (en) | Authentication system and authentication method for verifying website authenticity based on image signature | |
| CN115664794A (en) | Method, system and device for detecting request information | |
| CN112671780A (en) | Data correctness checking method and device based on block link storage certificate and medium | |
| CN116522396A (en) | Data desensitization method and device, processor and electronic equipment | |
| CN114244583A (en) | Data processing method and device based on mobile client |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |