Specific embodiment
In order that those skilled in the art more fully understand the technical scheme in the application, below in conjunction with this
Accompanying drawing in application embodiment, is clearly and completely described to the technical scheme in the embodiment of the present application,
Obviously, described embodiment is only some embodiments of the present application, rather than the embodiment of whole.Base
Embodiment in the application, those of ordinary skill in the art are obtained under the premise of creative work is not made
The every other embodiment for obtaining, should all belong to the scope of the application protection.
In in order to solve prior art by manual type to realize internet in user right adjustment come
Reply internet in occur risk case during, due to the risk exposure open hour it is longer so that
Carry out the problem of hidden danger to the safety belt of user account.The embodiment of the present application is by control of authority platform come in interconnection
Automatic batch adjusts the authority of related accounts information during occurrence risk event in net.The control of authority platform is matched somebody with somebody
It is equipped with corresponding platform database.
The flow chart of the authority processing method that Fig. 1 is provided for the embodiment of the application one, including:
S110:The type information of risk case that may occur in configuring internet and reflecting for punishment strategy mark
Penetrate relation.
S111:The type information of risk case is written to into database with the mapping relations of punishment strategy mark
In.
In the embodiment of the present application, the method can estimate the risk thing for obtaining may occurring in internet
Part, or in the risk that the new risk case for meeting with is added to possible generation during platform operation
In event sets (the risk case set can be the set of be likely to occur risk case).Wherein,
Define the unique type information of platform for each risk case, the type information can be event title,
Mark of category information, event belonging to event etc..Wherein, the risk case of generation is, for example, in internet:
The mailbox leakage of a state or party secret, the stolen event of bank account etc..The application tackles interconnection by certain punishment strategy
The various risk cases that may occur in net, for this purpose, the risk thing that may occur in internet need to be pre-configured with
The type information of part is with the tactful mapping relations for identifying of punishment and is stored in database.
For example:The type information of the risk case stored in database includes:
{a1、a2、a3};
The punishment strategy mark stored in database includes:
{b1、b2、b3};
The type information of the risk case of storage is with the mapping relations of punishment strategy mark in database:
A1 and b1 maps, and a2 and b3 maps, and a3 and b2 maps;
Wherein, it typically can be that the authority to user account is adjusted to punish strategy, such as:Limit user's account
Some authorities at family.
S112:The mapping of configuration punishment strategy mark and the punishment set of actions comprising at least one punishment action
Relation.
S113:Punishment strategy mark is closed with the mapping of the punishment set of actions comprising at least one punishment action
System is written in database.
Above-mentioned punishment action can be the action limited for a certain authority, and these punishment actions can be
One section of code snippet that authority is limited or one section of script.
For example:
The punishment strategy mark stored in database includes:
{b1、b2、b3};
The punishment strategy mark stored in database and the mapping relations for punishing set of actions are:
It is with the punishment set of actions of b1 maps mutuallies:{Publish(a)、Publish(b)、Publish(c)};
It is with the punishment set of actions of b2 maps mutuallies:{Publish(b)、Publish(d)};
It is with the punishment set of actions of b3 maps mutuallies:{Publish(a)、Publish(c)、Publish(d)}.
Wherein, punishment action is, for example, " forbidding logging in ", " forbidding remaining sum to pay " etc..
S114:In internet during occurrence risk event, the bag associated with the current risk case for occurring is obtained
Accounts information set containing at least one accounts information.Wherein, the accounts information set of acquisition is waited to make limit power
Accounts information set.In the embodiment of the present application, control of authority platform can in internet occurrence risk
During event, the accounts information set for waiting to make to limit power of receiving user's input, or can be by inquiring about database
Obtain the accounts information set associated with the risk case.For example, if the wind occurred in current internet
Dangerous event is E mail safety event, then can be by determining the current E mail safety event for occurring (as mailbox is let out
Dew event) mailbox domain name (such as:163.com), and inquire about successively according to the mailbox domain name and obtain and the postal
The mailbox of case domain name is (such as:Admin@163.com) accounts information that is associated, so as to obtain above-mentioned account
Family information aggregate.Wherein, above-mentioned association can be registered by the mailbox of the mailbox domain name or at this
Individual mailbox of above-mentioned mailbox domain name etc. are reserved in the corresponding personal information of accounts information.
S115:In internet during occurrence risk event, from database inquiry obtain with current internet
The corresponding punishment strategy mark of type information of the risk case of generation.
In the embodiment of the present application, in internet during occurrence risk event, control of authority platform can receive use
Family (platform administrator) is input into type information corresponding with the current risk case for occurring, and according to the type
Information inquiry obtains punishment strategy mark corresponding with the type information.Or, the occurrence risk in internet
During event, control of authority platform can receive to monitor that the server of risk case sends and the risk thing
The corresponding type information of part, further according to the type information inquiry punishment strategy corresponding with the type information is obtained
Mark.For example, it is assumed that there is the security incident of 163 mailboxes in current internet, then can by monitor this 163
The server of the security incident of mailbox sends the above-mentioned type information (such as:E mail safety event) to control of authority
Platform.Wherein, it is described can be to the server monitored 163 mailboxes server or internet in set
Other devices to monitor risk case put.
S116:The inquiry from database obtains the punishment set of actions with punishment strategy mark maps mutually.
For example:The type information of the current risk case for occurring is a2, is obtained and its phase by inquiring about database
The punishment strategy mark of mapping is b3.Then inquiry is obtained and punishment strategy mark b3 mappings from database
Punishing set of actions can be:
{Publish(a)、Publish(c)、Publish(d)}。
S117:Each accounts information to including in the accounts information set is performed and the punishment behavior aggregate
The corresponding authority of punishment action included in conjunction is processed.
Before risk case occurs, control of authority platform has been allocated in advance accordingly for each accounts information
Authority.The authority of each accounts information is processed by punishing set of actions, to tackle current interconnection
The risk case occurred in net.In preferred embodiment, above-mentioned steps S117 can be specifically included:
It is determined that pending authority corresponding with each punishment action included in the punishment set of actions;Inquiry institute
Capability identification of the accounts information in accounts information set with regard to the pending authority is stated, and judges the power
Limit is identified whether to be limited for authority and identified;If it is not, then the capability identification is revised as into the authority limits mark
Know;If so, then do not make an amendment.
Wherein, above-mentioned pending authority can be authority to be construed as limiting corresponding with each punishment action,
That is, after occurrence risk event in internet, can be to each account in specified accounts information set
The above-mentioned pending authority of family information is defined (close these pending authorities).
For example, above-mentioned punishment action can be the code of the binding authority defined by developer
Block, if punishment action is " forbidding logging in ", it may be determined that the pending authority corresponding to the punishment action
It is " login ".During capability identification is pre-configured with, " login " authority can be respectively set
Capability identification includes two kinds:Authority limits mark (such as:" 0 ") and authority opening mark is (such as:" 1 "),
Wherein, when the capability identification of " login " authority is that authority limits mark (such as:" 0 ") when, representing " to step on
Record " authority is prohibited (or restriction);When the capability identification of " login " authority is that authority opens mark (such as:
" 1 ") when, represent that being somebody's turn to do " login " authority is opened (or restriction).Based on this, authority limit is being carried out
Regularly, it can be determined that whether the capability identification of the pending authority specified is that authority limits mark, and be not
Authority is modified when limiting mark.
For example:
The accounts information set being associated with current risk event is:
{ account S1, account S2, account S3 };
The authority that each accounts information is distributed is as follows:
The authority that account S1 is distributed is:{ authority Q1 ∪ authority Q2 ∪ authorities Q3 };
The authority that account S2 is distributed is:{ authority Q3 ∪ authority Q5 ∪ authority Q1 ∪ authorities Q8 };
The authority that account S3 is distributed is:{ authority Q1 ∪ authority Q3 ∪ authority Q6 ∪ authorities Q4
∪ authorities Q8 };
Inquiring about the punishment set of actions for obtaining is:
{Publish(a)、Publish(c)、Publish(d)};
Where it is assumed that Publish (a) forbidding corresponding to authority Q1;Publish (c) is corresponding to authority Q5
Forbid;Publish (d) forbids corresponding to authority Q8.
Then, by inquiring about above account S1, account S2, the authority of account S3, it is possible to determine that account S1
Authority Q1 for being possessed should be prohibited, will the capability identifications of authority Q1 that possess of account S1 repair
It is changed to authority and limits mark (such as:“0”);Can be determined that authority Q5, Q8 that account S2 possesses should
Be prohibited, will the capability identifications of authority Q5, Q8 that possess of account S2 be respectively modified as authority limit
Calibration is known (such as:“0”);Can be determined that authority Q1, Q8 that account S3 possesses should be prohibited, i.e.,
The capability identification of authority Q1, Q8 that account S3 is possessed is respectively modified as authority and limits mark (such as:
“0”)。
It is worth mentioning that in the running of control of authority platform, user can according to service needed,
Adjust the mapping relations of above-mentioned punishment strategy and punishment set of actions.Furthermore it is possible to be set in risk case send out
Raw latter section of duration, the authority of each accounts information is limited and is cancelled.
The flow chart of the authority processing method that Fig. 2 is provided for another embodiment of the application, including:
S210:The mapping of configuration punishment strategy mark and the punishment set of actions comprising at least one punishment action
Relation.
S211:Punishment strategy mark is closed with the mapping of the punishment set of actions comprising at least one punishment action
System is written in database.
Above-mentioned steps S210, S211 are referred to the particular content of above-mentioned steps S112, S113, herein not
Repeat again.
S212:In internet during occurrence risk event, receive and the risk case occurred in current internet
Corresponding punishment strategy mark.
In the embodiment of the present application, can be with the risk case pair with generation in current internet of receiving user's input
The punishment strategy mark answered;Or, receive interconnecting with current for the server transmission to monitor risk case
The corresponding punishment strategy mark of risk case occurred in net.For example, it is assumed that occurring 163 in current internet
The security incident of mailbox, then can send above-mentioned class by the server of the security incident for monitoring 163 mailbox
Penalize strategy mark (such as:B1) to control of authority platform.Wherein, the server to monitor can be
Other devices to monitor risk case arranged in the server or internet of 163 mailboxes.Wherein,
The punishment strategy mark need to be consistent with the punishment strategy mark being prestored in database.
S213:The inquiry from database obtains the punishment set of actions with punishment strategy mark maps mutually.
S214:In internet during occurrence risk event, it is determined that the bag associated with the current risk case for occurring
Accounts information set containing at least one accounts information.
S215:Each accounts information to including in the accounts information set is performed and the punishment behavior aggregate
The corresponding authority of punishment action included in conjunction is processed.
Above-mentioned steps S213, S214, S215 be referred to above-mentioned steps S114, S116, S117 it is concrete
Content, here is omitted.
In the application other embodiment, control of authority platform can be come after occurrence risk event by user
The accounts information set for being currently needed for making limit power is specified, i.e., by receiving user's input comprising at least one account
The accounts information set of family information is waited to make the accounts information that limit is weighed to obtain.
Fig. 3 for the embodiment of the application one provide based on control of authority platform, in internet occur
The flow chart of the authority processing method after risk case.In running, the authority processing method includes:
S101:In internet during occurrence risk event, obtain and the risk case occurred in current internet
Corresponding punishment strategy mark.
Before step S101, methods described also includes:The type of each risk case in internet is believed
Breath is mapped and is stored with corresponding punishment strategy mark.
Correspondingly, above-mentioned steps S101 can be specifically included:
In internet during occurrence risk event, the type information of the risk case is received.
Inquiry is identified with the punishment strategy of the type information maps mutually of the risk case.
In the embodiment of the present application, in internet during occurrence risk event, control of authority platform can receive use
The type information of family input, or, the risk case during control of authority platform is received to monitor internet is sent out
The type information for sending.Certainly, in the application other embodiment, if the risk case in internet is not entered
Row classified types, but each risk case corresponds to respectively an event identifier, then can inquire about and the event
The corresponding punishment strategy mark of mark.
S102:In internet during occurrence risk event, obtain and the risk case occurred in current internet
The accounts information set comprising at least one accounts information of association.
In the embodiment of the present application, step S102 can be specifically included:
In internet during occurrence risk event, receiving user's input it is corresponding with the risk case comprising extremely
The accounts information set of a few accounts information;Or,
In internet during occurrence risk event, inquiry associate with the risk case comprising at least one account
The accounts information set of information.
Wherein, step S102 can be specifically included:
When there is mailbox risk case in internet, the corresponding mailbox domain name of the mailbox risk case is determined;
The accounts information that inquiry is associated with the mailbox of the mailbox domain name, obtains the accounts information set.
S103:Inquire about and moved with the punishment comprising at least one punishment action of the punishment strategy mark maps mutually
Work is gathered.
S104:Each accounts information to including in the accounts information set is performed and the punishment behavior aggregate
The corresponding authority of punishment action included in conjunction is processed.
In the embodiment of the present application, step S104 can be specifically included:
It is determined that pending authority corresponding with each punishment action included in the punishment set of actions;
The accounts information inquired about in the accounts information set with regard to the pending authority capability identification, and
Judge whether the capability identification is that authority limits mark;
If it is not, then the capability identification is revised as into the authority limits mark;If so, then do not make an amendment.
Based on the above, the method for the embodiment of the present application in internet during occurrence risk event, by obtaining
Punishment strategy mark corresponding with the risk case for currently occurring is taken, is set each other off with the punishment strategy mark with inquiring about
The punishment set of actions penetrated;And obtain associate with the current risk case for occurring comprising at least one account
The accounts information set of information;The final each punishment action each accounts information performed in punishment set of actions
Corresponding authority is processed.Because above procedure carries out control of authority not by manual type, relative to people
Work mode, the authority that can efficiently realize batch accounts information is processed, and effectively shortens the opening of risk exposure
Time, so that it is guaranteed that the security of user account.
Corresponding with said method flow process, embodiments herein additionally provides a kind of authority processing meanss.Should
Device can be realized by software, it is also possible to be realized by way of hardware or software and hardware combining.With software
It is central processing unit (the Central Process by server as the device on logical meaning as a example by realization
Unit, CPU) corresponding computer program instructions are read into what operation in internal memory was formed.
The module diagram of the authority processing meanss that Fig. 4 is provided for the embodiment of the present application.Wherein, in the device
The function of each unit is similar with the function of each step in said method, therefore the device is referred to said method reality
The particular content of example is applied, is no longer described in detail herein.Wherein, the authority processing meanss include:
First acquisition unit 110, during occurrence risk event, obtains and the risk case in internet
Corresponding punishment strategy mark.
Second acquisition unit 120, during occurrence risk event, obtains and the risk case in internet
The corresponding accounts information set for including at least one accounts information.
Query unit 130, it is dynamic comprising at least one punishment with the tactful identity map of the punishment for inquiry
The punishment set of actions of work.
Processing unit 140, for each accounts information included in accounts information set execution and institute
State the corresponding authority of punishment action included in punishment set of actions to process.
In the embodiment of the present application, described device also includes:
Memory cell, for the type information of each risk case in internet and corresponding punishment strategy to be identified
Mapped and stored;
Correspondingly, the first acquisition unit 110 is specifically included:
Type reception unit, during occurrence risk event, the type of the risk case is received in internet
Information;
Mark query unit, inquiry is identified with the punishment strategy of the type information maps mutually of the risk case.
In the embodiment of the present application, the first acquisition unit 110 specifically for:
In internet during occurrence risk event, the punishment plan corresponding with the risk case of receiving user's input
Slightly identify;Or,
In internet during occurrence risk event, receive to monitor risk case server send with this
The corresponding punishment strategy mark of risk case.
In the embodiment of the present application, the second acquisition unit 120 specifically for:
In internet during occurrence risk event, receiving user's input it is corresponding with the risk case comprising extremely
The accounts information set of a few accounts information;Or,
In internet during occurrence risk event, inquiry associate with the risk case comprising at least one account
The accounts information set of information.
In the embodiment of the present application, the query unit 130 specifically for:
When there is mailbox risk case in internet, the corresponding mailbox domain name of the mailbox risk case is determined;
The accounts information that inquiry is associated with the mailbox of the mailbox domain name, obtains the accounts information set.
In the embodiment of the present application, the processing unit 140 is specifically included:
Authority determining unit 141, for each punishment action pair for determining with include in the punishment set of actions
The pending authority answered;
Judging unit 142, for inquiring about the accounts information set in accounts information with regard to described pending
The capability identification of authority, and judge whether the capability identification is that authority limits mark;
Modification unit 143, for when the capability identification is not that authority limits mark, by the authority mark
Knowledge is revised as the authority and limits mark;When the capability identification is that authority limits mark, do not make an amendment.
In sum, the above-mentioned authority treating method and apparatus that the embodiment of the present application is provided, by being pre-configured with
Punishment strategy mark and punish set of actions mapping relations, and can constantly update in running be somebody's turn to do
Mapping relations, can cause risk operation personnel to be directed to particular risk scene (for example:Mailbox is revealed) carry out
Specified authority is (for example:Forbid logging in+forbid remaining sum and pay) tactful configuration form experience accumulation, so
The account that risk case is associated is carried out afterwards specify the authority of punishment strategy to process (authority restriction), so as to
Can be compared to artificial treatment mode more efficient quick, the safety of effective guarantee user account.In certain journey
Solve on degree in prior art by artificial treatment or by script to specifying customer group to carry out the control of authority
System, it is impossible to reach the problem that assembling authority forms the effect of empirical punishment strategy, and can also be certain
Avoid in degree in prior art by specialty programmer write limit power script come tackle risk case into
This consumption with the time.
For convenience of description, it is divided into various units with function when describing apparatus above to describe respectively.Certainly,
The function of each unit can be realized in same or multiple softwares and/or hardware when the application is implemented.
Those skilled in the art are it should be appreciated that embodiments of the invention can be provided as method, system or meter
Calculation machine program product.Therefore, the present invention can be using complete hardware embodiment, complete software embodiment or knot
Close the form of the embodiment in terms of software and hardware.And, the present invention can be adopted and wherein wrapped at one or more
Computer-usable storage medium containing computer usable program code (including but not limited to magnetic disc store,
CD-ROM, optical memory etc.) on implement computer program form.
The present invention is produced with reference to method according to embodiments of the present invention, equipment (system) and computer program
The flow chart and/or block diagram of product is describing.It should be understood that can by computer program instructions flowchart and
/ or block diagram in each flow process and/or square frame and flow chart and/or the flow process in block diagram and/
Or the combination of square frame.These computer program instructions can be provided to all-purpose computer, special-purpose computer, embedded
The processor of formula processor or other programmable data processing devices is producing a machine so that by calculating
The instruction of the computing device of machine or other programmable data processing devices is produced for realizing in flow chart one
The device of the function of specifying in individual flow process or one square frame of multiple flow processs and/or block diagram or multiple square frames.
These computer program instructions may be alternatively stored in can guide computer or other programmable datas process to set
In the standby computer-readable memory for working in a specific way so that in being stored in the computer-readable memory
Instruction produce and include the manufacture of command device, command device realization is in one flow process or multiple of flow chart
The function of specifying in one square frame of flow process and/or block diagram or multiple square frames.
These computer program instructions also can be loaded in computer or other programmable data processing devices, made
Obtain and series of operation steps is performed on computer or other programmable devices to produce computer implemented place
Reason, so as to the instruction performed on computer or other programmable devices is provided for realizing in flow chart one
The step of function of specifying in flow process or one square frame of multiple flow processs and/or block diagram or multiple square frames.
Also, it should be noted that term " including ", "comprising" or its any other variant are intended to non-row
His property is included, so that a series of process, method, commodity or equipment including key elements not only includes
Those key elements, but also including other key elements being not expressly set out, or also include for this process,
The intrinsic key element of method, commodity or equipment.In the absence of more restrictions, by sentence " including
One ... " key element that limits, it is not excluded that including the process of the key element, method, commodity or setting
Also there is other identical element in standby.
It will be understood by those skilled in the art that embodiments herein can be provided as method, system or computer journey
Sequence product.Therefore, the application can using complete hardware embodiment, complete software embodiment or with reference to software and
The form of the embodiment of hardware aspect.And, the application can be adopted and wherein include calculating at one or more
Machine usable program code computer-usable storage medium (including but not limited to magnetic disc store, CD-ROM,
Optical memory etc.) on implement computer program form.
The application can be described in the general context of computer executable instructions, example
Such as program module.Usually, program module includes performing particular task or realizes particular abstract data type
Routine, program, object, component, data structure etc..This can also in a distributed computing environment be put into practice
Application, in these DCEs, by the remote processing devices connected by communication network come
Execution task.In a distributed computing environment, program module may be located at including local including storage device
In remote computer storage medium.
Each embodiment in this specification is described by the way of progressive, phase homophase between each embodiment
As part mutually referring to, what each embodiment was stressed be it is different from other embodiment it
Place.For especially for system embodiment, because it is substantially similar to embodiment of the method, so description
Fairly simple, related part is illustrated referring to the part of embodiment of the method.
Embodiments herein is the foregoing is only, the application is not limited to.For this area skill
For art personnel, the application can have various modifications and variations.All institutes within spirit herein and principle
Any modification, equivalent substitution and improvements of work etc., within the scope of should be included in claims hereof.