CN106611131A - Authority processing method and device - Google Patents

Authority processing method and device Download PDF

Info

Publication number
CN106611131A
CN106611131A CN201510689470.8A CN201510689470A CN106611131A CN 106611131 A CN106611131 A CN 106611131A CN 201510689470 A CN201510689470 A CN 201510689470A CN 106611131 A CN106611131 A CN 106611131A
Authority
CN
China
Prior art keywords
punishment
authority
internet
accounts information
risk
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510689470.8A
Other languages
Chinese (zh)
Other versions
CN106611131B (en
Inventor
王佳
孙宏发
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Advantageous New Technologies Co Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201510689470.8A priority Critical patent/CN106611131B/en
Publication of CN106611131A publication Critical patent/CN106611131A/en
Application granted granted Critical
Publication of CN106611131B publication Critical patent/CN106611131B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

Embodiments of the invention disclose an authority processing method and device. The authority processing method comprises the following steps of: when a risk event occurs in the Internet of Things, obtaining a punishment strategy identifier corresponding to the risk event; when the risk event occurs in the Internet of Things, obtaining an account information set which corresponds to the risk event and comprises at least one piece of account information; querying a punishment action set which is mapped with the punishment strategy identifier and comprises at least one punishment action; and carrying out authority processing corresponding to the punishment action in the punishment action set on each piece of account information in the account information set. The method and device disclosed by the invention can solve the problems that the risk exposure opening time is relatively long and hidden danger is brought to the security of user accounts as manual ways are used for adjusting the user authorities in the Internet of Things so as to answer the risk event in the Internet of Things in the prior art.

Description

Authority processing method and processing device
Technical field
The application is related to Internet technical field, more particularly to a kind of authority processing method and processing device.
Background technology
In the management of multi-user computer system, authority (privilege) refers to certain specific user's tool There is specific system resource to use power.Usually, the network management by system manager or in a network Member distributes corresponding authority for different users.
In prior art, in the Internet, applications, when occurrence risk event in internet, in order to ensure mutual The security of user account in networking, needs to be adjusted the authority of certain user's account in internet, with The risk case occurred in reply current internet.For example:In internet before occurrence risk event, System manager includes for the authority of certain user's distribution:{ authority a ∪ authority b ∪ authorities c }, in interconnection After there is certain risk case in net, system manager need to be adjusted to the authority of the user:{ authority a ∪ is weighed Limit b }.In prior art it is general by manual type to realize internet in user right adjustment.
In prior art, by manual type to realize internet in user right adjustment tackling interconnection During the risk case occurred in net, because manual type would generally consume the long period and than relatively low Effect, causes the risk exposure open hour longer, so as to the safety belt to user account carrys out hidden danger.
The content of the invention
The purpose of the embodiment of the present application is to provide a kind of authority processing method and processing device, to solve prior art in By manual type to realize internet in user right adjustment to tackle internet in occur risk During event, cause the risk exposure open hour longer, to the safety belt of user account asking for hidden danger is carried out Topic.
To solve above-mentioned technical problem, the authority processing method and processing device that the embodiment of the present application is provided is such reality Existing:
A kind of authority processing method, including:
In internet during occurrence risk event, punishment strategy mark corresponding with the risk case is obtained;
In internet during occurrence risk event, acquisition is corresponding with the risk case to include at least one account The accounts information set of information;
Inquire about the punishment set of actions comprising at least one punishment action with the tactful identity map of the punishment;
Each accounts information to including in the accounts information set is performed punishes in set of actions with described Comprising the corresponding authority of punishment action process.
A kind of authority processing meanss, including:
First acquisition unit, during occurrence risk event, obtains corresponding with the risk case in internet Punishment strategy mark;
Second acquisition unit, during occurrence risk event, obtains corresponding with the risk case in internet The accounts information set comprising at least one accounts information;
Query unit, for inquiry and the tactful identity map of the punishment comprising at least one punishment action Punishment set of actions;
Processing unit, for performing and the place to each accounts information included in the accounts information set The corresponding authority of the punishment action included in set of actions is penalized to process.
The technical scheme provided from each embodiment of above the application, the embodiment of the present application is sent out in internet During raw risk case, by obtaining punishment strategy mark corresponding with the current risk case for occurring, to inquire about With the punishment set of actions that the punishment strategy identifies maps mutually;And obtain and closed with the current risk case for occurring The accounts information set comprising at least one accounts information of connection;Final execution to each accounts information punishes dynamic The corresponding authority of each punishment action during work is gathered is processed.Because above procedure is entered not by manual type Row control of authority, relative to manual type, the authority that can efficiently realize batch accounts information is processed, had Effect shortens the open hour of risk exposure, so that it is guaranteed that the security of user account.
Description of the drawings
In order to be illustrated more clearly that the embodiment of the present application or technical scheme of the prior art, below will be to implementing Example or the accompanying drawing to be used needed for description of the prior art are briefly described, it should be apparent that, describe below In accompanying drawing be only some embodiments described in the application, for those of ordinary skill in the art, Without having to pay creative labor, can be with according to these other accompanying drawings of accompanying drawings acquisition.
The flow chart of the authority processing method that Fig. 1 is provided for the embodiment of the application one;
The flow chart of the authority processing method that Fig. 2 is provided for another embodiment of the application;
Fig. 3 for the embodiment of the application one provide based on control of authority platform, in internet occur The flow chart of the authority processing method after risk case;
The mould of the authority processing meanss based on above-mentioned authority processing method that Fig. 4 is provided for the embodiment of the application one Block schematic diagram.
Specific embodiment
In order that those skilled in the art more fully understand the technical scheme in the application, below in conjunction with this Accompanying drawing in application embodiment, is clearly and completely described to the technical scheme in the embodiment of the present application, Obviously, described embodiment is only some embodiments of the present application, rather than the embodiment of whole.Base Embodiment in the application, those of ordinary skill in the art are obtained under the premise of creative work is not made The every other embodiment for obtaining, should all belong to the scope of the application protection.
In in order to solve prior art by manual type to realize internet in user right adjustment come Reply internet in occur risk case during, due to the risk exposure open hour it is longer so that Carry out the problem of hidden danger to the safety belt of user account.The embodiment of the present application is by control of authority platform come in interconnection Automatic batch adjusts the authority of related accounts information during occurrence risk event in net.The control of authority platform is matched somebody with somebody It is equipped with corresponding platform database.
The flow chart of the authority processing method that Fig. 1 is provided for the embodiment of the application one, including:
S110:The type information of risk case that may occur in configuring internet and reflecting for punishment strategy mark Penetrate relation.
S111:The type information of risk case is written to into database with the mapping relations of punishment strategy mark In.
In the embodiment of the present application, the method can estimate the risk thing for obtaining may occurring in internet Part, or in the risk that the new risk case for meeting with is added to possible generation during platform operation In event sets (the risk case set can be the set of be likely to occur risk case).Wherein, Define the unique type information of platform for each risk case, the type information can be event title, Mark of category information, event belonging to event etc..Wherein, the risk case of generation is, for example, in internet: The mailbox leakage of a state or party secret, the stolen event of bank account etc..The application tackles interconnection by certain punishment strategy The various risk cases that may occur in net, for this purpose, the risk thing that may occur in internet need to be pre-configured with The type information of part is with the tactful mapping relations for identifying of punishment and is stored in database.
For example:The type information of the risk case stored in database includes:
{a1、a2、a3};
The punishment strategy mark stored in database includes:
{b1、b2、b3};
The type information of the risk case of storage is with the mapping relations of punishment strategy mark in database:
A1 and b1 maps, and a2 and b3 maps, and a3 and b2 maps;
Wherein, it typically can be that the authority to user account is adjusted to punish strategy, such as:Limit user's account Some authorities at family.
S112:The mapping of configuration punishment strategy mark and the punishment set of actions comprising at least one punishment action Relation.
S113:Punishment strategy mark is closed with the mapping of the punishment set of actions comprising at least one punishment action System is written in database.
Above-mentioned punishment action can be the action limited for a certain authority, and these punishment actions can be One section of code snippet that authority is limited or one section of script.
For example:
The punishment strategy mark stored in database includes:
{b1、b2、b3};
The punishment strategy mark stored in database and the mapping relations for punishing set of actions are:
It is with the punishment set of actions of b1 maps mutuallies:{Publish(a)、Publish(b)、Publish(c)};
It is with the punishment set of actions of b2 maps mutuallies:{Publish(b)、Publish(d)};
It is with the punishment set of actions of b3 maps mutuallies:{Publish(a)、Publish(c)、Publish(d)}.
Wherein, punishment action is, for example, " forbidding logging in ", " forbidding remaining sum to pay " etc..
S114:In internet during occurrence risk event, the bag associated with the current risk case for occurring is obtained Accounts information set containing at least one accounts information.Wherein, the accounts information set of acquisition is waited to make limit power Accounts information set.In the embodiment of the present application, control of authority platform can in internet occurrence risk During event, the accounts information set for waiting to make to limit power of receiving user's input, or can be by inquiring about database Obtain the accounts information set associated with the risk case.For example, if the wind occurred in current internet Dangerous event is E mail safety event, then can be by determining the current E mail safety event for occurring (as mailbox is let out Dew event) mailbox domain name (such as:163.com), and inquire about successively according to the mailbox domain name and obtain and the postal The mailbox of case domain name is (such as:Admin@163.com) accounts information that is associated, so as to obtain above-mentioned account Family information aggregate.Wherein, above-mentioned association can be registered by the mailbox of the mailbox domain name or at this Individual mailbox of above-mentioned mailbox domain name etc. are reserved in the corresponding personal information of accounts information.
S115:In internet during occurrence risk event, from database inquiry obtain with current internet The corresponding punishment strategy mark of type information of the risk case of generation.
In the embodiment of the present application, in internet during occurrence risk event, control of authority platform can receive use Family (platform administrator) is input into type information corresponding with the current risk case for occurring, and according to the type Information inquiry obtains punishment strategy mark corresponding with the type information.Or, the occurrence risk in internet During event, control of authority platform can receive to monitor that the server of risk case sends and the risk thing The corresponding type information of part, further according to the type information inquiry punishment strategy corresponding with the type information is obtained Mark.For example, it is assumed that there is the security incident of 163 mailboxes in current internet, then can by monitor this 163 The server of the security incident of mailbox sends the above-mentioned type information (such as:E mail safety event) to control of authority Platform.Wherein, it is described can be to the server monitored 163 mailboxes server or internet in set Other devices to monitor risk case put.
S116:The inquiry from database obtains the punishment set of actions with punishment strategy mark maps mutually.
For example:The type information of the current risk case for occurring is a2, is obtained and its phase by inquiring about database The punishment strategy mark of mapping is b3.Then inquiry is obtained and punishment strategy mark b3 mappings from database Punishing set of actions can be:
{Publish(a)、Publish(c)、Publish(d)}。
S117:Each accounts information to including in the accounts information set is performed and the punishment behavior aggregate The corresponding authority of punishment action included in conjunction is processed.
Before risk case occurs, control of authority platform has been allocated in advance accordingly for each accounts information Authority.The authority of each accounts information is processed by punishing set of actions, to tackle current interconnection The risk case occurred in net.In preferred embodiment, above-mentioned steps S117 can be specifically included:
It is determined that pending authority corresponding with each punishment action included in the punishment set of actions;Inquiry institute Capability identification of the accounts information in accounts information set with regard to the pending authority is stated, and judges the power Limit is identified whether to be limited for authority and identified;If it is not, then the capability identification is revised as into the authority limits mark Know;If so, then do not make an amendment.
Wherein, above-mentioned pending authority can be authority to be construed as limiting corresponding with each punishment action, That is, after occurrence risk event in internet, can be to each account in specified accounts information set The above-mentioned pending authority of family information is defined (close these pending authorities).
For example, above-mentioned punishment action can be the code of the binding authority defined by developer Block, if punishment action is " forbidding logging in ", it may be determined that the pending authority corresponding to the punishment action It is " login ".During capability identification is pre-configured with, " login " authority can be respectively set Capability identification includes two kinds:Authority limits mark (such as:" 0 ") and authority opening mark is (such as:" 1 "), Wherein, when the capability identification of " login " authority is that authority limits mark (such as:" 0 ") when, representing " to step on Record " authority is prohibited (or restriction);When the capability identification of " login " authority is that authority opens mark (such as: " 1 ") when, represent that being somebody's turn to do " login " authority is opened (or restriction).Based on this, authority limit is being carried out Regularly, it can be determined that whether the capability identification of the pending authority specified is that authority limits mark, and be not Authority is modified when limiting mark.
For example:
The accounts information set being associated with current risk event is:
{ account S1, account S2, account S3 };
The authority that each accounts information is distributed is as follows:
The authority that account S1 is distributed is:{ authority Q1 ∪ authority Q2 ∪ authorities Q3 };
The authority that account S2 is distributed is:{ authority Q3 ∪ authority Q5 ∪ authority Q1 ∪ authorities Q8 };
The authority that account S3 is distributed is:{ authority Q1 ∪ authority Q3 ∪ authority Q6 ∪ authorities Q4 ∪ authorities Q8 };
Inquiring about the punishment set of actions for obtaining is:
{Publish(a)、Publish(c)、Publish(d)};
Where it is assumed that Publish (a) forbidding corresponding to authority Q1;Publish (c) is corresponding to authority Q5 Forbid;Publish (d) forbids corresponding to authority Q8.
Then, by inquiring about above account S1, account S2, the authority of account S3, it is possible to determine that account S1 Authority Q1 for being possessed should be prohibited, will the capability identifications of authority Q1 that possess of account S1 repair It is changed to authority and limits mark (such as:“0”);Can be determined that authority Q5, Q8 that account S2 possesses should Be prohibited, will the capability identifications of authority Q5, Q8 that possess of account S2 be respectively modified as authority limit Calibration is known (such as:“0”);Can be determined that authority Q1, Q8 that account S3 possesses should be prohibited, i.e., The capability identification of authority Q1, Q8 that account S3 is possessed is respectively modified as authority and limits mark (such as: “0”)。
It is worth mentioning that in the running of control of authority platform, user can according to service needed, Adjust the mapping relations of above-mentioned punishment strategy and punishment set of actions.Furthermore it is possible to be set in risk case send out Raw latter section of duration, the authority of each accounts information is limited and is cancelled.
The flow chart of the authority processing method that Fig. 2 is provided for another embodiment of the application, including:
S210:The mapping of configuration punishment strategy mark and the punishment set of actions comprising at least one punishment action Relation.
S211:Punishment strategy mark is closed with the mapping of the punishment set of actions comprising at least one punishment action System is written in database.
Above-mentioned steps S210, S211 are referred to the particular content of above-mentioned steps S112, S113, herein not Repeat again.
S212:In internet during occurrence risk event, receive and the risk case occurred in current internet Corresponding punishment strategy mark.
In the embodiment of the present application, can be with the risk case pair with generation in current internet of receiving user's input The punishment strategy mark answered;Or, receive interconnecting with current for the server transmission to monitor risk case The corresponding punishment strategy mark of risk case occurred in net.For example, it is assumed that occurring 163 in current internet The security incident of mailbox, then can send above-mentioned class by the server of the security incident for monitoring 163 mailbox Penalize strategy mark (such as:B1) to control of authority platform.Wherein, the server to monitor can be Other devices to monitor risk case arranged in the server or internet of 163 mailboxes.Wherein, The punishment strategy mark need to be consistent with the punishment strategy mark being prestored in database.
S213:The inquiry from database obtains the punishment set of actions with punishment strategy mark maps mutually.
S214:In internet during occurrence risk event, it is determined that the bag associated with the current risk case for occurring Accounts information set containing at least one accounts information.
S215:Each accounts information to including in the accounts information set is performed and the punishment behavior aggregate The corresponding authority of punishment action included in conjunction is processed.
Above-mentioned steps S213, S214, S215 be referred to above-mentioned steps S114, S116, S117 it is concrete Content, here is omitted.
In the application other embodiment, control of authority platform can be come after occurrence risk event by user The accounts information set for being currently needed for making limit power is specified, i.e., by receiving user's input comprising at least one account The accounts information set of family information is waited to make the accounts information that limit is weighed to obtain.
Fig. 3 for the embodiment of the application one provide based on control of authority platform, in internet occur The flow chart of the authority processing method after risk case.In running, the authority processing method includes:
S101:In internet during occurrence risk event, obtain and the risk case occurred in current internet Corresponding punishment strategy mark.
Before step S101, methods described also includes:The type of each risk case in internet is believed Breath is mapped and is stored with corresponding punishment strategy mark.
Correspondingly, above-mentioned steps S101 can be specifically included:
In internet during occurrence risk event, the type information of the risk case is received.
Inquiry is identified with the punishment strategy of the type information maps mutually of the risk case.
In the embodiment of the present application, in internet during occurrence risk event, control of authority platform can receive use The type information of family input, or, the risk case during control of authority platform is received to monitor internet is sent out The type information for sending.Certainly, in the application other embodiment, if the risk case in internet is not entered Row classified types, but each risk case corresponds to respectively an event identifier, then can inquire about and the event The corresponding punishment strategy mark of mark.
S102:In internet during occurrence risk event, obtain and the risk case occurred in current internet The accounts information set comprising at least one accounts information of association.
In the embodiment of the present application, step S102 can be specifically included:
In internet during occurrence risk event, receiving user's input it is corresponding with the risk case comprising extremely The accounts information set of a few accounts information;Or,
In internet during occurrence risk event, inquiry associate with the risk case comprising at least one account The accounts information set of information.
Wherein, step S102 can be specifically included:
When there is mailbox risk case in internet, the corresponding mailbox domain name of the mailbox risk case is determined;
The accounts information that inquiry is associated with the mailbox of the mailbox domain name, obtains the accounts information set.
S103:Inquire about and moved with the punishment comprising at least one punishment action of the punishment strategy mark maps mutually Work is gathered.
S104:Each accounts information to including in the accounts information set is performed and the punishment behavior aggregate The corresponding authority of punishment action included in conjunction is processed.
In the embodiment of the present application, step S104 can be specifically included:
It is determined that pending authority corresponding with each punishment action included in the punishment set of actions;
The accounts information inquired about in the accounts information set with regard to the pending authority capability identification, and Judge whether the capability identification is that authority limits mark;
If it is not, then the capability identification is revised as into the authority limits mark;If so, then do not make an amendment.
Based on the above, the method for the embodiment of the present application in internet during occurrence risk event, by obtaining Punishment strategy mark corresponding with the risk case for currently occurring is taken, is set each other off with the punishment strategy mark with inquiring about The punishment set of actions penetrated;And obtain associate with the current risk case for occurring comprising at least one account The accounts information set of information;The final each punishment action each accounts information performed in punishment set of actions Corresponding authority is processed.Because above procedure carries out control of authority not by manual type, relative to people Work mode, the authority that can efficiently realize batch accounts information is processed, and effectively shortens the opening of risk exposure Time, so that it is guaranteed that the security of user account.
Corresponding with said method flow process, embodiments herein additionally provides a kind of authority processing meanss.Should Device can be realized by software, it is also possible to be realized by way of hardware or software and hardware combining.With software It is central processing unit (the Central Process by server as the device on logical meaning as a example by realization Unit, CPU) corresponding computer program instructions are read into what operation in internal memory was formed.
The module diagram of the authority processing meanss that Fig. 4 is provided for the embodiment of the present application.Wherein, in the device The function of each unit is similar with the function of each step in said method, therefore the device is referred to said method reality The particular content of example is applied, is no longer described in detail herein.Wherein, the authority processing meanss include:
First acquisition unit 110, during occurrence risk event, obtains and the risk case in internet Corresponding punishment strategy mark.
Second acquisition unit 120, during occurrence risk event, obtains and the risk case in internet The corresponding accounts information set for including at least one accounts information.
Query unit 130, it is dynamic comprising at least one punishment with the tactful identity map of the punishment for inquiry The punishment set of actions of work.
Processing unit 140, for each accounts information included in accounts information set execution and institute State the corresponding authority of punishment action included in punishment set of actions to process.
In the embodiment of the present application, described device also includes:
Memory cell, for the type information of each risk case in internet and corresponding punishment strategy to be identified Mapped and stored;
Correspondingly, the first acquisition unit 110 is specifically included:
Type reception unit, during occurrence risk event, the type of the risk case is received in internet Information;
Mark query unit, inquiry is identified with the punishment strategy of the type information maps mutually of the risk case.
In the embodiment of the present application, the first acquisition unit 110 specifically for:
In internet during occurrence risk event, the punishment plan corresponding with the risk case of receiving user's input Slightly identify;Or,
In internet during occurrence risk event, receive to monitor risk case server send with this The corresponding punishment strategy mark of risk case.
In the embodiment of the present application, the second acquisition unit 120 specifically for:
In internet during occurrence risk event, receiving user's input it is corresponding with the risk case comprising extremely The accounts information set of a few accounts information;Or,
In internet during occurrence risk event, inquiry associate with the risk case comprising at least one account The accounts information set of information.
In the embodiment of the present application, the query unit 130 specifically for:
When there is mailbox risk case in internet, the corresponding mailbox domain name of the mailbox risk case is determined;
The accounts information that inquiry is associated with the mailbox of the mailbox domain name, obtains the accounts information set.
In the embodiment of the present application, the processing unit 140 is specifically included:
Authority determining unit 141, for each punishment action pair for determining with include in the punishment set of actions The pending authority answered;
Judging unit 142, for inquiring about the accounts information set in accounts information with regard to described pending The capability identification of authority, and judge whether the capability identification is that authority limits mark;
Modification unit 143, for when the capability identification is not that authority limits mark, by the authority mark Knowledge is revised as the authority and limits mark;When the capability identification is that authority limits mark, do not make an amendment.
In sum, the above-mentioned authority treating method and apparatus that the embodiment of the present application is provided, by being pre-configured with Punishment strategy mark and punish set of actions mapping relations, and can constantly update in running be somebody's turn to do Mapping relations, can cause risk operation personnel to be directed to particular risk scene (for example:Mailbox is revealed) carry out Specified authority is (for example:Forbid logging in+forbid remaining sum and pay) tactful configuration form experience accumulation, so The account that risk case is associated is carried out afterwards specify the authority of punishment strategy to process (authority restriction), so as to Can be compared to artificial treatment mode more efficient quick, the safety of effective guarantee user account.In certain journey Solve on degree in prior art by artificial treatment or by script to specifying customer group to carry out the control of authority System, it is impossible to reach the problem that assembling authority forms the effect of empirical punishment strategy, and can also be certain Avoid in degree in prior art by specialty programmer write limit power script come tackle risk case into This consumption with the time.
For convenience of description, it is divided into various units with function when describing apparatus above to describe respectively.Certainly, The function of each unit can be realized in same or multiple softwares and/or hardware when the application is implemented.
Those skilled in the art are it should be appreciated that embodiments of the invention can be provided as method, system or meter Calculation machine program product.Therefore, the present invention can be using complete hardware embodiment, complete software embodiment or knot Close the form of the embodiment in terms of software and hardware.And, the present invention can be adopted and wherein wrapped at one or more Computer-usable storage medium containing computer usable program code (including but not limited to magnetic disc store, CD-ROM, optical memory etc.) on implement computer program form.
The present invention is produced with reference to method according to embodiments of the present invention, equipment (system) and computer program The flow chart and/or block diagram of product is describing.It should be understood that can by computer program instructions flowchart and / or block diagram in each flow process and/or square frame and flow chart and/or the flow process in block diagram and/ Or the combination of square frame.These computer program instructions can be provided to all-purpose computer, special-purpose computer, embedded The processor of formula processor or other programmable data processing devices is producing a machine so that by calculating The instruction of the computing device of machine or other programmable data processing devices is produced for realizing in flow chart one The device of the function of specifying in individual flow process or one square frame of multiple flow processs and/or block diagram or multiple square frames.
These computer program instructions may be alternatively stored in can guide computer or other programmable datas process to set In the standby computer-readable memory for working in a specific way so that in being stored in the computer-readable memory Instruction produce and include the manufacture of command device, command device realization is in one flow process or multiple of flow chart The function of specifying in one square frame of flow process and/or block diagram or multiple square frames.
These computer program instructions also can be loaded in computer or other programmable data processing devices, made Obtain and series of operation steps is performed on computer or other programmable devices to produce computer implemented place Reason, so as to the instruction performed on computer or other programmable devices is provided for realizing in flow chart one The step of function of specifying in flow process or one square frame of multiple flow processs and/or block diagram or multiple square frames.
Also, it should be noted that term " including ", "comprising" or its any other variant are intended to non-row His property is included, so that a series of process, method, commodity or equipment including key elements not only includes Those key elements, but also including other key elements being not expressly set out, or also include for this process, The intrinsic key element of method, commodity or equipment.In the absence of more restrictions, by sentence " including One ... " key element that limits, it is not excluded that including the process of the key element, method, commodity or setting Also there is other identical element in standby.
It will be understood by those skilled in the art that embodiments herein can be provided as method, system or computer journey Sequence product.Therefore, the application can using complete hardware embodiment, complete software embodiment or with reference to software and The form of the embodiment of hardware aspect.And, the application can be adopted and wherein include calculating at one or more Machine usable program code computer-usable storage medium (including but not limited to magnetic disc store, CD-ROM, Optical memory etc.) on implement computer program form.
The application can be described in the general context of computer executable instructions, example Such as program module.Usually, program module includes performing particular task or realizes particular abstract data type Routine, program, object, component, data structure etc..This can also in a distributed computing environment be put into practice Application, in these DCEs, by the remote processing devices connected by communication network come Execution task.In a distributed computing environment, program module may be located at including local including storage device In remote computer storage medium.
Each embodiment in this specification is described by the way of progressive, phase homophase between each embodiment As part mutually referring to, what each embodiment was stressed be it is different from other embodiment it Place.For especially for system embodiment, because it is substantially similar to embodiment of the method, so description Fairly simple, related part is illustrated referring to the part of embodiment of the method.
Embodiments herein is the foregoing is only, the application is not limited to.For this area skill For art personnel, the application can have various modifications and variations.All institutes within spirit herein and principle Any modification, equivalent substitution and improvements of work etc., within the scope of should be included in claims hereof.

Claims (12)

1. a kind of authority processing method, it is characterised in that include:
In internet during occurrence risk event, punishment strategy mark corresponding with the risk case is obtained;
In internet during occurrence risk event, acquisition is corresponding with the risk case to include at least one account The accounts information set of information;
Inquire about the punishment set of actions comprising at least one punishment action with the tactful identity map of the punishment;
Each accounts information to including in the accounts information set is performed punishes in set of actions with described Comprising the corresponding authority of punishment action process.
2. method according to claim 1, it is characterised in that the occurrence risk event in internet When, before obtaining punishment strategy mark corresponding with the risk case, methods described also includes:
The type information of each risk case in internet is mapped simultaneously with corresponding punishment strategy mark Storage;
In internet during occurrence risk event, punishment strategy mark corresponding with the risk case, tool are obtained Body includes:
In internet during occurrence risk event, the type information of the risk case is received;
Inquiry is identified with the punishment strategy of the type information maps mutually of the risk case.
3. method according to claim 1, it is characterised in that the occurrence risk event in internet When, punishment strategy mark corresponding with the risk case is obtained, specifically include:
In internet during occurrence risk event, the punishment plan corresponding with the risk case of receiving user's input Slightly identify;Or,
In internet during occurrence risk event, receive to monitor risk case server send with this The corresponding punishment strategy mark of risk case.
4. method according to claim 1, it is characterised in that the occurrence risk event in internet When, obtain the accounts information set for including at least one accounts information corresponding with the risk case, concrete bag Include:
In internet during occurrence risk event, receiving user's input it is corresponding with the risk case comprising extremely The accounts information set of a few accounts information;Or,
In internet during occurrence risk event, inquiry associate with the risk case comprising at least one account The accounts information set of information.
5. method according to claim 4, it is characterised in that the occurrence risk event in internet When, inquire about the accounts information set comprising at least one accounts information associated with the risk case, concrete bag Include:
When there is mailbox risk case in internet, the corresponding mailbox domain name of the mailbox risk case is determined;
The accounts information that inquiry is associated with the mailbox of the mailbox domain name, obtains the accounts information set.
6. method according to claim 1, it is characterised in that to wrapping in the accounts information set The each accounts information for containing is performed at authority corresponding with the punishment action included in the punishment set of actions Reason, specifically includes:
It is determined that pending authority corresponding with each punishment action included in the punishment set of actions;
The accounts information inquired about in the accounts information set with regard to the pending authority capability identification, and Judge whether the capability identification is that authority limits mark;
If it is not, then the capability identification is revised as into the authority limits mark;If so, then do not make an amendment.
7. a kind of authority processing meanss, it is characterised in that include:
First acquisition unit, during occurrence risk event, obtains corresponding with the risk case in internet Punishment strategy mark;
Second acquisition unit, during occurrence risk event, obtains corresponding with the risk case in internet The accounts information set comprising at least one accounts information;
Query unit, for inquiry and the tactful identity map of the punishment comprising at least one punishment action Punishment set of actions;
Processing unit, for performing and the place to each accounts information included in the accounts information set The corresponding authority of the punishment action included in set of actions is penalized to process.
8. device according to claim 7, it is characterised in that described device also includes:
Memory cell, for the type information of each risk case in internet and corresponding punishment strategy to be marked Knowledge is mapped and is stored;
The first acquisition unit is specifically included:
Type reception unit, during occurrence risk event, the type of the risk case is received in internet Information;
Mark query unit, inquiry is identified with the punishment strategy of the type information maps mutually of the risk case.
9. device according to claim 7, it is characterised in that the first acquisition unit is specifically used In:
In internet during occurrence risk event, the punishment plan corresponding with the risk case of receiving user's input Slightly identify;Or,
In internet during occurrence risk event, receive to monitor risk case server send with this The corresponding punishment strategy mark of risk case.
10. device according to claim 7, it is characterised in that the second acquisition unit is specifically used In:
In internet during occurrence risk event, receiving user's input it is corresponding with the risk case comprising extremely The accounts information set of a few accounts information;Or,
In internet during occurrence risk event, inquiry associate with the risk case comprising at least one account The accounts information set of information.
11. devices according to claim 10, it is characterised in that the query unit specifically for:
When there is mailbox risk case in internet, the corresponding mailbox domain name of the mailbox risk case is determined;
The accounts information that inquiry is associated with the mailbox of the mailbox domain name, obtains the accounts information set.
12. devices according to claim 7, it is characterised in that the processing unit is specifically included:
Authority determining unit, each punishment action for determining with include in the punishment set of actions is corresponding Pending authority;
Judging unit, for inquiring about the accounts information set in accounts information with regard to the pending authority Capability identification, and judge that whether the capability identification is that authority limits mark;
Modification unit, for when the capability identification is not that authority limits mark, the capability identification being repaiied It is changed to the authority and limits mark;When the capability identification is that authority limits mark, do not make an amendment.
CN201510689470.8A 2015-10-21 2015-10-21 Authority processing method and device Active CN106611131B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510689470.8A CN106611131B (en) 2015-10-21 2015-10-21 Authority processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510689470.8A CN106611131B (en) 2015-10-21 2015-10-21 Authority processing method and device

Publications (2)

Publication Number Publication Date
CN106611131A true CN106611131A (en) 2017-05-03
CN106611131B CN106611131B (en) 2020-06-02

Family

ID=58611534

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510689470.8A Active CN106611131B (en) 2015-10-21 2015-10-21 Authority processing method and device

Country Status (1)

Country Link
CN (1) CN106611131B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109801027A (en) * 2017-11-16 2019-05-24 阿里巴巴集团控股有限公司 Data processing method and device, server, storage medium
CN111709736A (en) * 2020-05-14 2020-09-25 支付宝(杭州)信息技术有限公司 Processing method and device of punishment strategy and electronic equipment
CN111861483A (en) * 2019-04-26 2020-10-30 阿里巴巴集团控股有限公司 Communication method, computer equipment and storage medium
CN112182347A (en) * 2020-10-30 2021-01-05 北京字跳网络技术有限公司 Method and device for detecting punishment state, electronic equipment and storage medium
CN113986436A (en) * 2021-10-29 2022-01-28 维沃移动通信有限公司 Information display method, device, equipment and storage medium

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101106458A (en) * 2007-08-17 2008-01-16 华中科技大学 A distributed access control method based on risk
US20080270209A1 (en) * 2007-04-25 2008-10-30 Michael Jon Mauseth Merchant scoring system and transactional database
CN101783730A (en) * 2009-01-19 2010-07-21 华为终端有限公司 Terminal network device and method and system for controlling access to administrator account thereof
CN102611687A (en) * 2011-12-19 2012-07-25 上海华御信息技术有限公司 System and method for controlling access authority based on feedback
CN103106583A (en) * 2012-12-21 2013-05-15 福建联迪商用设备有限公司 Method, device and system of safe electronic payment
CN103310137A (en) * 2012-03-16 2013-09-18 宇龙计算机通信科技(深圳)有限公司 Method for safely accessing terminal and terminal
CN103530772A (en) * 2013-09-30 2014-01-22 深圳钱盒信息技术有限公司 Mobile interaction payment risk control method and system
CN103619014A (en) * 2013-11-13 2014-03-05 广东欧珀移动通信有限公司 Method and system preventing application data from leakage
CN103745345A (en) * 2014-01-27 2014-04-23 上海坤士合生信息科技有限公司 System and method applied to transaction platform for realizing grading safety processing of financial information
CN104702785A (en) * 2015-03-09 2015-06-10 深圳市中兴移动通信有限公司 Method for enhancing individual account security of mobile terminal and mobile terminal therefor

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080270209A1 (en) * 2007-04-25 2008-10-30 Michael Jon Mauseth Merchant scoring system and transactional database
CN101106458A (en) * 2007-08-17 2008-01-16 华中科技大学 A distributed access control method based on risk
CN101783730A (en) * 2009-01-19 2010-07-21 华为终端有限公司 Terminal network device and method and system for controlling access to administrator account thereof
CN102611687A (en) * 2011-12-19 2012-07-25 上海华御信息技术有限公司 System and method for controlling access authority based on feedback
CN103310137A (en) * 2012-03-16 2013-09-18 宇龙计算机通信科技(深圳)有限公司 Method for safely accessing terminal and terminal
CN103106583A (en) * 2012-12-21 2013-05-15 福建联迪商用设备有限公司 Method, device and system of safe electronic payment
CN103530772A (en) * 2013-09-30 2014-01-22 深圳钱盒信息技术有限公司 Mobile interaction payment risk control method and system
CN103619014A (en) * 2013-11-13 2014-03-05 广东欧珀移动通信有限公司 Method and system preventing application data from leakage
CN103745345A (en) * 2014-01-27 2014-04-23 上海坤士合生信息科技有限公司 System and method applied to transaction platform for realizing grading safety processing of financial information
CN104702785A (en) * 2015-03-09 2015-06-10 深圳市中兴移动通信有限公司 Method for enhancing individual account security of mobile terminal and mobile terminal therefor

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109801027A (en) * 2017-11-16 2019-05-24 阿里巴巴集团控股有限公司 Data processing method and device, server, storage medium
CN111861483A (en) * 2019-04-26 2020-10-30 阿里巴巴集团控股有限公司 Communication method, computer equipment and storage medium
CN111709736A (en) * 2020-05-14 2020-09-25 支付宝(杭州)信息技术有限公司 Processing method and device of punishment strategy and electronic equipment
CN112182347A (en) * 2020-10-30 2021-01-05 北京字跳网络技术有限公司 Method and device for detecting punishment state, electronic equipment and storage medium
CN113986436A (en) * 2021-10-29 2022-01-28 维沃移动通信有限公司 Information display method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN106611131B (en) 2020-06-02

Similar Documents

Publication Publication Date Title
CN105653981B (en) The sensitive data protection system and method for the data circulation and transaction of big data platform
CN109918924A (en) The control method and system of dynamic access permission
CN110210961A (en) Data capture method, server and computer storage medium based on alliance's chain
US9325711B2 (en) Apparatus and data processing systems for accessing an object
CN103348373A (en) Personal-information transmission/reception system, personal-information transmission/reception method, personal-information provision device, preference management device, and computer program
CN106611131A (en) Authority processing method and device
TWI818036B (en) Distributed database structures for anonymous information exchange
CN110287660A (en) Access right control method, device, equipment and storage medium
JP2015534138A (en) Method and system for secure authentication and information sharing and analysis
CN101729321A (en) Dynamic cross-domain access control method based on trust valuation mechanism
CN111402101B (en) Food safety supervision method and device, block chain alliance management platform and medium
CN109831459A (en) Method, apparatus, storage medium and the terminal device of secure access
CN103617381A (en) Permission configuration method and permission configuration system of equipment
Opala An analysis of security, cost-effectiveness, and it compliance factors influencing cloud adoption by it managers
CN110245185A (en) Data processing method, terminal device and computer storage medium based on alliance's chain
Abbas et al. Using a social-ethical framework to evaluate location-based services in an internet of things world
CN112202708A (en) Identity authentication method and device, electronic equipment and storage medium
CN108768968A (en) A kind of method and system that service request is handled based on data safety management engine
US20180144050A1 (en) Device-Keyed Filtering for Data Cooperative Access
Alshammari et al. Trust management systems in cloud services environment: Taxonomy of reputation attacks and defense mechanisms
Rose Planning for a Zero Trust Architecture: A Planning Guide for Federal Administrators
CN109087053A (en) Synergetic office work processing method, device, equipment and medium based on associated topologies figure
Havur et al. Greater control and transparency in personal data processing
CN113065152A (en) Cloud service interaction method and system based on cloud computing and information digitization
CN115879156A (en) Dynamic desensitization method, device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20200921

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman, British Islands

Patentee after: Innovative advanced technology Co.,Ltd.

Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman, British Islands

Patentee before: Advanced innovation technology Co.,Ltd.

Effective date of registration: 20200921

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman, British Islands

Patentee after: Advanced innovation technology Co.,Ltd.

Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands

Patentee before: Alibaba Group Holding Ltd.

TR01 Transfer of patent right