CN102063431A - Information database system and access control method thereof - Google Patents
Information database system and access control method thereof Download PDFInfo
- Publication number
- CN102063431A CN102063431A CN2009102109703A CN200910210970A CN102063431A CN 102063431 A CN102063431 A CN 102063431A CN 2009102109703 A CN2009102109703 A CN 2009102109703A CN 200910210970 A CN200910210970 A CN 200910210970A CN 102063431 A CN102063431 A CN 102063431A
- Authority
- CN
- China
- Prior art keywords
- registry object
- label
- database
- authority
- storage space
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses an information database system and an access control method thereof. The access control method of the information database system comprises the following steps: allotting one first-order label and at least one second-order label to each registered object, and checking the labels of for an access command; opening the spacial read and write authority of the currently registered object space in a database to public use under the condition that the access command passes the check of the first-order label of the currently registered object; and opening the spacial read-only authority of the currently registered object space in the database to public use under the condition that the access command passes the check of the second-order label of the currently registered object. Due to the adoption of the invention, the information database information can be kept secret, exchanged and shared flexibly and safely.
Description
Technical field
The present invention relates to database technical field, relate in particular to a kind of information database system, and the method for a kind of control information data storehouse system visit.
Background technology
Along with the develop rapidly of modern network technology, interpersonal, tissue is more and more general with information interaction and shared phenomenon between organizing.Though the carrier that carries out information interaction and share has diversified selection, such as transmitting with form of firmware by CD or portable hard drive etc., also can be by the database technique information sharing on backstage.
But the database in existing stage is because ossifing with single of its access control form caused the problems in the information sharing process:
For instance, corporate users generally all has own independent database, for the consideration of database security angle, certainly will be difficult to authorize other people to have the operation power of database; In this case, want sharing of fulfillment database information, often take modes such as coping database, waste time and energy;
Again for instance, personal account information in the present sincere system database is protected according to law by credit information service, when a certain third party (as employer, bank) needs sincere record, must obtain litigant's written authorization, go to corresponding credit department to obtain then, the loaded down with trivial details and inefficiency of whole process;
In addition, the problem that existing network information database often exists personal user information to leak is in personal space and blog that each website provided, everyone is visible often for the information that is write by other people, delete untimelyly, be easy to cause leaking of privacy, or the like.
Summary of the invention
Embodiments of the invention aim to provide a kind of Database Systems, by label is that access of database is distinguished level of security, and give corresponding processing authority, thereby when guaranteeing database security, overcome the database information that exists in the prior art and share the problems such as loaded down with trivial details that realize.
For achieving the above object, embodiments of the invention provide a kind of information database system, comprising:
Database, it is the initialization distribution that unit carries out storage space with the registry object;
Registering unit is used to be provided to the registration interface of described database and registry object is carried out authentication, triggers described database for the registry object by authentication and carries out memory allocation;
The label distribution unit is connected with described database with described registering unit, and for each registry object distributes an one-level label and at least one secondary label, described one-level label and described secondary label are only corresponding to described registry object;
Database access interface is used for receiving the access instruction to a certain registry object of described database;
The access monitoring processing unit is connected with database access interface with described label distribution unit, is used for described access instruction is carried out the label verification;
The first matching treatment unit is used under the situation of described access instruction by the one-level label verification of current registry object the reading and writing authority in current registry object space in the open database;
The second matching treatment unit is used under the situation of described access instruction by the secondary label verification of current registry object the read-only authority in current registry object space in the open database.
Preferable, in order further to improve the security of database information, system also comprises label aging update unit, is used for periodically and/or based on the instruction of registry object carrying out the aging operation of label, and triggers described label distribution unit and carry out label distribution again.
Preferable, described label distribution unit comprises that key is provided with module, is used for according to the systemic presupposition rule and/or according to the input of registry object, for described registry object distributes as the key of described one-level label with as the key of described secondary label.
Preferable, system can also comprise the 3rd matching treatment unit, be used at described access instruction the not label verification by current registry object but under the situation of one-level label verification by another registry object of database, in database in the current registry object space, the open read-only authority that indicates the data that described another registry object one-level label is arranged, and, for the data that described another registry object writes are labelled with its one-level label; Be another registry object energy and only can see the own data that write for current registry object.
Preferable, for the interactive function of current registry object and another registry object is provided, the first matching treatment unit further comprises the first authority permissions module, be used for automatically being provided with or the instruction of current registry object input, but be one or more other registry object setting read rights at the data that current registry object writes according to system.
Preferable, this information database system is supported the classification for the secondary label, the described second matching treatment unit comprises the second authority permissions module, is used for the read-only authority of the designated space of open current registry object.
Preferable, be convenient to registry object and carry out database setting or information acquisition, system can also comprise basic common template initialization unit, is connected with described registering unit with described database, is used to each registry object by authentication that initialized basic common template is provided; Wherein, the registry object of a storage space has selected, reading and writing authority to the basic common template of this storage space, and the registry object of other storage space and/or non-registered object have read-only authority to the selected basic common template of this storage space.
Preferable, system can also comprise the storage space regulon, is connected with described database, is used for carrying out the dilatation of its storage space when the storage space surplus of a certain registry object reaches predetermined threshold value.
The present invention also provides the method for a kind of control information data storehouse system visit, comprise the step of accepting registration and registry object being carried out authentication, for arbitrary registry object allocation database storage space by authentication, and, distribute an one-level label and at least one secondary label, described one-level label and described secondary label are only corresponding to described registry object;
Further comprising the steps of:
In receiving, during the access instruction of a certain registry object, described access instruction is carried out the label verification to described database:
If described access instruction is by the one-level label verification of current registry object, the reading and writing authority in current registry object space in the open database then;
If described access instruction is by the secondary label verification of current registry object, the read-only authority in current registry object space in the open database then.
Preferable, carry out the aging operation of label in order further to improve the security of database information, can also to comprise periodically and/or, and trigger the step that described label distribution unit carries out label distribution again based on the instruction of registry object.
Preferable, the step of carrying out label distribution is specifically as follows: according to the systemic presupposition rule and/or according to the input of registry object, for described registry object distributes as the key of described one-level label with as the key of described secondary label.
Preferable, for the interactive function of current registry object and another registry object is provided, when the one-level label verification of described access instruction by current registry object, can also comprise according to system automatically being provided with or the instruction of current registry object input, but be the step of one or more other registry object setting read rights at the data that the visitor writes.
Preferable, in order to support classification, when the secondary label verification of described access instruction by current registry object, can also comprise, to the read-only authority of the designated space of the open current registry object of visitor according to described secondary label for the secondary label.
Preferable, when the not label verification by current registry object but the one-level label verification by another registry object in the database of described access instruction, then can be in database in the current registry object space, the open read-only authority that indicates the data that described another registry object one-level label is arranged, and, for the data that described another registry object writes are labelled with described another registry object one-level label.
Preferable, carrying out database setting or information acquisition for the ease of registry object, can also comprise for the step that initialized basic common template is provided by the described registry object of authentication; Wherein, the registry object of a storage space has selected, reading and writing authority to the basic common template of this storage space, and the registry object of other storage space and/or non-registered object have read-only authority to the selected basic common template of this storage space.
Preferable, when the storage space surplus of a certain registry object reaches predetermined threshold value, can also comprise the step of the dilatation of carrying out its storage space.
As shown from the above technical solution, embodiments of the invention have the beneficial effect of flexible, safe fulfillment database information sharing by for each registered user of database is provided with the secondary label.
With reference to the accompanying drawing description of a preferred embodiment, above-mentioned and other purpose of the present invention, feature and advantage will be more obvious by following.
Description of drawings
Fig. 1 is the block diagram of information database system one preferred embodiment provided by the invention;
Fig. 2 is the process flow diagram of method one preferred embodiment of control information data provided by the invention storehouse system visit.
Embodiment
To describe specific embodiments of the invention in detail below.Should be noted that the embodiments described herein only is used to illustrate, be not limited to the present invention.
Main design of the present invention is to adopt label to the in addition classification of data library storage space, solves existing database information and shares existing safety and complex operation problem.To introduce the method for information database system provided by the present invention and control information data storehouse system visit below in detail.
Fig. 1 shows information database system 100 1 preferred embodiments provided by the invention, below in conjunction with Fig. 1 information database system provided by the invention is described in detail.
Information database system 100 provided by the invention comprises:
Database 110, it is the initialization distribution that unit carries out storage space with the registry object; Wherein, this registry object can be the terminal user, comprises personal user and corporate users;
That is to say that above-mentioned database 110 is a unit with the registry object, is divided into subspace one by one, each subspace can be endowed certain storage space when initialization; The concrete distribution amount of storage space is unqualified, can be provided with according to actual needs;
Registering unit 120 is used to be provided to the registration interface of database 110 and registry object is carried out authentication, triggers described database 110 for the registry object by authentication and carries out memory allocation;
Wherein, registration interface can comprise dissimilar interfaces such as network, phone, and compatible for wired/wave point according to actual needs;
For the registry object by authentication, database 110 can equality carry out the distribution of storage space; For the consideration of actual needs, also can on the authentication condition, be distinguished, the registry object by the different identity verification condition is distributed the storage space of different amounts;
Label distribution unit 130, be connected with described database 110 with described registering unit 120, for each registry object distributes an one-level label and at least one secondary label, described one-level label and described secondary label are only corresponding to described registry object, and promptly the label of different registry objects is inequality;
As a specific embodiment, label can be realized by the form of key; Such as, label distribution unit 130 can comprise that key is provided with the module (not shown), be used for according to systemic presupposition rule and/or according to the input of registry object, for described registry object distributes as the key of described one-level label with as the key of described secondary label;
For example, each label can be by system according to default regular allocation, and is identical mutually to guarantee; But be convenient to the angle of operating and remembering from registry object, also can determine by the registry object input; But might there be identical phenomenon in registered user's input, and therefore better scheme is the information that system's backstage mark part is distributed according to preset rules, in conjunction with the input of registry object, forms label jointly;
Database access interface 140 is used for receiving the access instruction to described database 110 a certain registry objects; This database access interface 140 has diversity equally, such as supporting wired, wave point, network enabled, telephony interface etc.;
Access monitoring processing unit 150 is connected with database access interface 140 with described label distribution unit 130, is used for described access instruction is carried out the label verification;
The first matching treatment unit 160 is used under the situation of described access instruction by the one-level label verification of current registry object the reading and writing authority in current registry object space in the open database 110; Promptly when access instruction carry or the subsequent authentication process in input when the one-level label of current registry object is arranged, think that the visitor is the registry object of institute's addressing space itself, therefore allow this visitor that this space is read and write, comprise and make amendment, freeze, thaw or the like;
The second matching treatment unit 170 is used under the situation of described access instruction by the secondary label verification of current registry object the read-only authority in current registry object space in the open database 110; Promptly when access instruction carry or the subsequent authentication process in input when the secondary label of current registry object is arranged, think that the visitor is the main body that the registry object of institute's addressing space is authorized, therefore allow it to carry out browsing of space content and shared, carry out write operation but refuse it, thereby guarantee the database space safety of data;
Certainly, can continue classification to the secondary label, promptly the second matching treatment unit 170 comprises the second authority permissions module (not shown), is used for the read-only authority of the designated space of open current registry object; For instance, the secondary label that user's second and user third hold user's first respectively visits the database space of first, the secondary label that the second authority permissions module is held according to second and third, the read-only authority of the designated space of this secondary label correspondence of corresponding opening.
The above-mentioned information database system that provides 100 can be taken into account the dirigibility and the security of database 110 visits.
But in above-mentioned information database system 100,, therefore immobilize and to bring the risk of information leakage because the secondary label can be used for permitting other people to work as browsing of front space; Even for the one-level label, often changing also helps to improve space safety;
Therefore, preferable technical scheme is that information database system 100 also comprises label aging update unit 180, is used for periodically and/or based on the instruction of registry object carrying out the aging operation of label, and triggers described label distribution unit 130 and carry out label distribution again;
Obviously, registry object can permit certain third party to browse the information of its storage space, but generally speaking, does not need long grant; After adopting above-mentioned improved technical scheme, can carry out the secondary label that the aging mode of label more renews by instruction, thereby effectively improve security of system and spatial information security.
Further, information database system 100 provided by the invention also can be had ready conditions and be decontroled unauthorized user to the write permission when front space, and scheme is as follows:
Information database system 100 also comprises the 3rd matching treatment unit 190, be used at described access instruction the not label verification by current registry object but under the situation of one-level label verification by database 110 another registry objects, just think when the visitor is the registry object in database 110 other spaces, carry out following the processing:
In the current registry object space, open sign has the read-only authority of the data of described another registry object one-level label in database 110, and, for the data that described another registry object writes are labelled with its one-level label;
Thereby, this information database system 100 can be supported the comment of a registry object for other registry object, and the comment that each registry object is delivered only can accessed space registry object (one-level label/secondary label all can) and the reviewer as seen, thereby avoid information owing to public opening leaks;
Further, this information database system 100 can support other registry objects for browsing when front space, specific implementation is for being provided with the first authority permissions module (not shown) in the first matching treatment unit 160, that this first authority permissions module is used for automatically being provided with according to system or when the instruction of front space registry object input, but be one or more other space registry object setting read rights at the data that write;
Present embodiment both can also can combine with the preferred embodiment of foregoing description to obtain better technique effect independently as the improvement of technical solution of the present invention; That is, in conjunction with this first authority permissions module and the 3rd matching treatment unit 190, mutual between just can 110 times different registry objects of supporting database; For instance, when the space of user's second calling party first and after making comments, first can be replied at the comment of second, at this moment system can be provided with the read-only authority that second has this answer by the first authority permissions module automatically, also can by the first authority permissions module read-only authority that second has this answer be set by first, thereby second can be carried out alternately with first, but this mutual third party is invisible;
When the registry object in other spaces visit during, can either see the own information that is write like this, can see that also the registry object of working as front space permits the information that it is seen when front space.
In addition, as a preferred embodiment, this information database system 100 is for the ease of the initialization setting of registry object, can also comprise basic common template initialization unit 1A0, be connected with described registering unit 120 with described database 110, be used to each registry object that initialized basic common template is provided by authentication; Wherein, the registry object of a storage space has selected, reading and writing authority to the basic common template of this storage space, and the registry object of other storage space and/or non-registered object have read-only authority to the selected basic common template of this storage space;
Thereby, registry object only needs to get final product by selecting and import finite information, it is open to make some need disclosed information to realize towards registry object even non-registered object by database platform, when the registry object of front space also can be realized inquiry for visitor's essential information.
And, those skilled in the art can understand, database is the distribution that unit carries out storage unit with the registry object, its initial capacity is very limited, therefore as a preferred embodiment, this information database system 100 can also comprise storage space regulon 1B0, is connected with described database 110, be used for when the storage space surplus of a certain registry object reaches predetermined threshold value, carrying out the dilatation of its storage space;
Through such processing, this information database system 100 can provide the support to Large Volume Data, such as picture, photo, recording, video recording or the like, and is according to actual needs elasticity support, avoids the waste of storage space as far as possible.
The improvement that it is pointed out that above-mentioned each preferred embodiment can combine, to obtain better technique effect.
Below, the method for control information data provided by the invention storehouse system visit is described please in conjunction with the accompanying drawings 2.
The method of this control information data storehouse system visit comprises the step of two aspects;
On the one hand, it is the initialization step of database space, comprise the step of accepting registration and registry object being carried out authentication, for arbitrary registry object allocation database storage space by authentication, and, distribute an one-level label and at least one secondary label, described one-level label and described secondary label are only corresponding to described registry object;
As a specific embodiment, the step of carrying out label distribution can be specially: according to systemic presupposition rule and/or according to the input of registry object, for described registry object distributes as the key of described one-level label with as the key of described secondary label;
On the other hand, then be the accessing step of database space, comprising:
In receiving, during the access instruction of a certain registry object, described access instruction is carried out the label verification to described database:
(1) if the one-level label verification of described access instruction by current registry object, then the reading and writing authority in current registry object space in the open database;
Preferable, for the support to user interactions is provided, when the one-level label verification of described access instruction by current registry object, also comprise according to system automatically being provided with or, but be the step of one or more other registry object setting read rights at the data that write when the instruction of front space registry object input;
(2) if the secondary label verification of described access instruction by current registry object, the then read-only authority in current registry object space in the open database;
Preferable, when the secondary label verification of described access instruction by current registry object, also comprise, to the read-only authority of the designated space of the open current registry object of visitor according to different secondary labels;
Generally speaking, the technical scheme that the foregoing description provided, can both carry out the separation of database access authority by label, when the registry object (holding the one-level label) of front space has the various authorities in whole space, and its authorization object (holding the secondary label) but only have the read right of whole or local space, thereby taken into account safeness of Data Bank and dirigibility.
Carry out the aging operation of label in order further to improve safeness of Data Bank, also to comprise periodically and/or, and trigger the step that described label distribution unit carries out label distribution again based on the instruction of registry object.
Collect for support information, can also allow the part operation authority of other registry objects; Such as at access instruction not under the situation of the label verification by current registry object but one-level label verification by another registry object in the database, also be included in the database in the current registry object space, the open read-only authority that indicates the data that described another registry object one-level label is arranged, and, the step that the data that write for described another registry object are labelled with described another registry object one-level label;
The setting of above-mentioned part operation authority and (1) but in the combination that is provided with of read right, can effectively support mutual between the registry object on the database platform, and it is invisible for third party's (except that authorizing the user) alternately, has good privacy.
In addition,, can also comprise for setting for the ease of registry object for the step that initialized basic common template is provided by the described registry object of authentication when front space; Wherein, the registry object of a storage space has selected, reading and writing authority to the basic common template of this storage space, and the registry object of other storage space and/or non-registered object have read-only authority to the selected basic common template of this storage space.
And, in order effectively to utilize database space, can also comprise when the storage space surplus of a certain registry object reaches predetermined threshold value the step of carrying out the dilatation of its storage space.
The above-mentioned embodiment that respectively improves can be bonded to each other, to realize better technique effect.
Above-mentionedly be described with the method for specific embodiment in conjunction with the accompanying drawings the visit of information database system provided by the invention and control information data storehouse system.Technique scheme has very wide application prospect in social application, for this point of illustration and outstanding beneficial effect of the present invention, below with technical scheme of the present invention is applied to information mutually the rule system be that example is described, as follows:
Information rule system mutually provides registration support to nature person and legal person user, they is placed under the same system allocation database storage space; Certainly, its registration condition can be distinct, and the initialization storage space of distribution is also inequality;
System is provided with performance-based objective by basic common template respectively to all types of user, and the registered user can carry out sincere reference index setting by selecting or adjusting performance-based objective;
The registered user can be provided with or directly from obtaining one-level label and secondary label;
With one-level tag access database, the registered user can exercise read/write authority to the storage space of oneself, therefore can import individual basic condition and delta data, self-praise, self-criticism, search one's heart and the data of defence of self;
When sincerity record being offered mechanism such as employer or bank when needs, authorize this secondary label, make other people can consult the sincere record of self, revise arbitrarily, add but have no right method; Particularly,, can effectively control grantee's the timeliness of browsing, with the protection account safety by changing the secondary label voluntarily;
The method when the visit of information database system provided by the invention and control information data storehouse system of it may be noted that is applied to information when restraining system mutually, must the limited open read/write authority, promptly allow between the user writing information mutually; Such as, when the registered user has selected the sincere target of bank in the basic common template, may need record data in its space regularly as registered user's bank; For another example, allow other people to write data as sincere reference;
Particularly, use the information of technical solution of the present invention and restrain system mutually,, therefore write equal between writing with quilt because the space writes behavior and occur between the registered user, can supervise mutually, learn mutually, mutually promote, can also the irresponsible malice evaluation of effective restraint;
And as seen bipartite interaction data only both sides maintains secrecy for the third party is natural, has well taken the security of privacy into account.
Use the information of technical solution of the present invention and restrain many improvements that system can use technical solution of the present invention equally mutually: but such as by being one or more other registry object setting read rights at the data that write, can allowing space user and information to write the people and just relate to incident and defend oneself alternately; By the storage space dilatation, can allow other people to write and reply the propping material of submission as evidence with the user; Or the like;
As can be seen, the information of using technical solution of the present invention restrain mutually its information of system more comprehensively, describe more reasonable, more science, secret protection are more reliable to pin down mechanism; Certainly, information rule system is mutually just used an instantiation of technical solution of the present invention, the method of information database system provided by the present invention and the visit of control information data storehouse system can be applied to the information sharing occasion that various existence separate browse right and editing authority, does not repeat them here.
Though described the present invention with reference to several exemplary embodiments, should be appreciated that used term is explanation and exemplary and nonrestrictive term.The spirit or the essence that do not break away from invention because the present invention can specifically implement in a variety of forms, so be to be understood that, the foregoing description is not limited to any aforesaid details, and should be in the spirit and scope that claim limited of enclosing explain widely, therefore fall into whole variations in claim or its equivalent scope and remodeling and all should be the claim of enclosing and contain.
Claims (10)
1. an information database system is characterized in that, comprising:
Database, it is the initialization distribution that unit carries out storage space with the registry object;
Registering unit is used to be provided to the registration interface of described database and registry object is carried out authentication, triggers described database for the registry object by authentication and carries out memory allocation;
The label distribution unit is connected with described database with described registering unit, and for each registry object distributes an one-level label and at least one secondary label, described one-level label and described secondary label are only corresponding to described registry object;
Database access interface is used for receiving the access instruction to a certain registry object of described database;
The access monitoring processing unit is connected with database access interface with described label distribution unit, is used for described access instruction is carried out the label verification;
The first matching treatment unit is used under the situation of described access instruction by the one-level label verification of current registry object the reading and writing authority in current registry object space in the open database;
The second matching treatment unit is used under the situation of described access instruction by the secondary label verification of current registry object the read-only authority in current registry object space in the open database.
2. information database system according to claim 1, it is characterized in that, also comprise label aging update unit, be used for periodically and/or based on the instruction of registry object carrying out the aging operation of label, and trigger described label distribution unit and carry out label distribution again.
3. information database system according to claim 1 and 2, it is characterized in that, described label distribution unit comprises that key is provided with module, be used for according to systemic presupposition rule and/or according to the input of registry object, for described registry object distributes as the key of described one-level label with as the key of described secondary label.
4. information database system according to claim 1, it is characterized in that, also comprise the 3rd matching treatment unit, be used at described access instruction the not label verification by current registry object but under the situation of one-level label verification by another registry object of database, in database in the current registry object space, the open read-only authority that indicates the data that described another registry object one-level label is arranged, and, for the data that described another registry object writes are labelled with its one-level label.
5. according to claim 1 or 4 described information database system, it is characterized in that the described first matching treatment unit comprises the first authority permissions module, be used for, but be one or more other registry object setting read rights at the data that write according to instruction.
6. according to claim 1 or 4 described information database system, it is characterized in that the described second matching treatment unit comprises the second authority permissions module, be used for the read-only authority of the designated space of open current registry object.
7. information database system according to claim 1, it is characterized in that, also comprise basic common template initialization unit, be connected with described registering unit, be used to each registry object that initialized basic common template is provided by authentication with described database; Wherein, the registry object of a storage space has selected, reading and writing authority to the basic common template of this storage space, and the registry object of other storage space and/or non-registered object have read-only authority to the selected basic common template of this storage space.
8. information database system according to claim 1 is characterized in that, also comprises the storage space regulon, is connected with described database, is used for carrying out the dilatation of its storage space when the storage space surplus of a certain registry object reaches predetermined threshold value.
9. the method for control information data storehouse system visit, it is characterized in that, comprise the step of accepting registration and registry object being carried out authentication, for arbitrary registry object allocation database storage space by authentication, and, distribute an one-level label and at least one secondary label, described one-level label and described secondary label are only corresponding to described registry object;
Further comprising the steps of:
In receiving, during the access instruction of a certain registry object, described access instruction is carried out the label verification to described database:
If described access instruction is by the one-level label verification of current registry object, the reading and writing authority in current registry object space in the open database then;
If described access instruction is by the secondary label verification of current registry object, the read-only authority in current registry object space in the open database then.
10. the method for control information data according to claim 8 storehouse system visit is characterized in that, one of also comprises the steps or its combination in any:
Periodically and/or based on the instruction of registry object carry out the aging operation of label, and trigger the step that described label distribution unit carries out label distribution again;
Wherein, the step of carrying out label distribution is specially: according to systemic presupposition rule and/or according to the input of registry object, for described registry object distributes as the key of described one-level label with as the key of described secondary label;
When the one-level label verification of described access instruction by current registry object, also comprise according to instruction, but be the step of one or more other registry object setting read rights at the data that the visitor writes;
When the secondary label verification of described access instruction by current registry object, also comprise according to described secondary label, the read-only authority of the designated space of the open current registry object of visitor; When the not label verification by current registry object but the one-level label verification by another registry object in the database of described access instruction, then in database in the current registry object space, the open read-only authority that indicates the data that described another registry object one-level label is arranged, and, for the data that described another registry object writes are labelled with described another registry object one-level label;
Provide initialized basic common template for registry object by authentication; Wherein, the registry object of a storage space has selected, reading and writing authority to the basic common template of this storage space, and the registry object of other storage space and/or non-registered object have read-only authority to the selected basic common template of this storage space;
When the storage space surplus of a certain registry object reaches predetermined threshold value, also comprise the step of the dilatation of carrying out its storage space.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102109703A CN102063431B (en) | 2009-11-13 | 2009-11-13 | Information database system and method for controlling systematic access of information database |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102109703A CN102063431B (en) | 2009-11-13 | 2009-11-13 | Information database system and method for controlling systematic access of information database |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102063431A true CN102063431A (en) | 2011-05-18 |
| CN102063431B CN102063431B (en) | 2013-03-20 |
Family
ID=43998712
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009102109703A Expired - Fee Related CN102063431B (en) | 2009-11-13 | 2009-11-13 | Information database system and method for controlling systematic access of information database |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102063431B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102254029A (en) * | 2011-07-29 | 2011-11-23 | 株洲南车时代电气股份有限公司 | View-based data access system and method |
| CN105718817A (en) * | 2016-01-22 | 2016-06-29 | 合肥工业大学 | Data safety exchange system and method based on authority mapping |
| CN106203168A (en) * | 2016-07-06 | 2016-12-07 | 杨炳 | Database security accesses system |
| CN106447187A (en) * | 2016-09-05 | 2017-02-22 | 武汉盛硕电子有限公司 | Intelligent seal management system based on short-distance wireless communication and control method |
| CN107567700A (en) * | 2015-03-10 | 2018-01-09 | 英特尔公司 | Formed using the Internet of Things group of the addition agreement based on key |
| CN111191279A (en) * | 2019-12-21 | 2020-05-22 | 河南中原云信信息技术有限公司 | Big data safe operation space implementation method and system oriented to data sharing service |
| CN112766843A (en) * | 2020-12-31 | 2021-05-07 | 车主邦(北京)科技有限公司 | Carrier information registration method and device |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1567300A (en) * | 2003-06-19 | 2005-01-19 | 鸿富锦精密工业(深圳)有限公司 | Database using right inquiry system and method |
| CN101286203A (en) * | 2008-03-24 | 2008-10-15 | 陆航程 | Chip-free quasi RFID multiple verification low cost encrypted EPC composite label and system |
| CN101387963A (en) * | 2008-10-31 | 2009-03-18 | 金蝶软件(中国)有限公司 | Method and system for optimizing system integration |
| CN101387962A (en) * | 2008-10-31 | 2009-03-18 | 金蝶软件(中国)有限公司 | Method and system for establishing mapping relationship in system integration |
-
2009
- 2009-11-13 CN CN2009102109703A patent/CN102063431B/en not_active Expired - Fee Related
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102254029A (en) * | 2011-07-29 | 2011-11-23 | 株洲南车时代电气股份有限公司 | View-based data access system and method |
| CN107567700A (en) * | 2015-03-10 | 2018-01-09 | 英特尔公司 | Formed using the Internet of Things group of the addition agreement based on key |
| CN107567700B (en) * | 2015-03-10 | 2021-07-09 | 英特尔公司 | Internet of things group formation using key-based joining protocol |
| CN105718817A (en) * | 2016-01-22 | 2016-06-29 | 合肥工业大学 | Data safety exchange system and method based on authority mapping |
| CN105718817B (en) * | 2016-01-22 | 2018-05-18 | 合肥工业大学 | A kind of data safety exchange system and method based on permissions mapping |
| CN106203168A (en) * | 2016-07-06 | 2016-12-07 | 杨炳 | Database security accesses system |
| CN106203168B (en) * | 2016-07-06 | 2019-01-25 | 广东盈迅信息技术有限公司 | Database security accesses system |
| CN106447187A (en) * | 2016-09-05 | 2017-02-22 | 武汉盛硕电子有限公司 | Intelligent seal management system based on short-distance wireless communication and control method |
| CN111191279A (en) * | 2019-12-21 | 2020-05-22 | 河南中原云信信息技术有限公司 | Big data safe operation space implementation method and system oriented to data sharing service |
| CN112766843A (en) * | 2020-12-31 | 2021-05-07 | 车主邦(北京)科技有限公司 | Carrier information registration method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102063431B (en) | 2013-03-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210409945A1 (en) | Quorum-based secure authentication | |
| CN102063431B (en) | Information database system and method for controlling systematic access of information database | |
| US8811971B2 (en) | Mobile communication device and method for disabling applications | |
| CN100590590C (en) | Data exchange system containing portable data processing unit | |
| CN101809579B (en) | Method, system, trusted service manager, service provider and memory element for managing access rights for trusted applications | |
| CN101755291B (en) | Method, system and trusted service manager for securely transmitting an application to a mobile phone | |
| US8224852B2 (en) | Method for protecting product data from unauthorized access | |
| CN103400068B (en) | Multi-level verification is used to control user to the system and method for the access of locked resource | |
| US20150061826A1 (en) | Apparatus and methods for identity verification | |
| CN102955746A (en) | Read-only mode mobile storage device and data access method thereof | |
| CN102883047A (en) | Method and system for realizing data security of intelligent mobile terminals | |
| US20090141896A1 (en) | Processing module operating methods, processing modules, and communications systems | |
| KR100818244B1 (en) | System for protecting tag-related information and method thereof | |
| KR20120112598A (en) | Implementing method, system of universal card system and smart card | |
| JP7105495B2 (en) | Segmented key authenticator | |
| Khabarlak et al. | Mobile access control system based on RFID tags and facial information | |
| CN109151151A (en) | Realize the method and device of the user mode switching of terminal | |
| CN102354353A (en) | Method for acquiring data and terminal | |
| US8320570B2 (en) | Apparatus and method for generating secret key | |
| US8880859B2 (en) | Method and arrangement for configuring electronic devices | |
| CN104951823A (en) | Composite card management method and system | |
| US20220358299A1 (en) | Systems, methods, and computer-accessible mediums for repressing or turning off the read of a digital tag | |
| CN115571533A (en) | Confidential archive storage management method, device, equipment and readable storage medium | |
| Chin et al. | NFC-enabled android smartphone application development to hide 4 digits passcode for access control system | |
| Kose et al. | A SECURE DESIGN ON MIFARE CLASSIC CARDS FOR ENSURING CONTACTLESS PAYMENT AND CONTROL SERVICES |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130320 Termination date: 20171113 |