CN106713372B - A kind of method of controlling security and safety control system based on permission control - Google Patents
A kind of method of controlling security and safety control system based on permission control Download PDFInfo
- Publication number
- CN106713372B CN106713372B CN201710189481.9A CN201710189481A CN106713372B CN 106713372 B CN106713372 B CN 106713372B CN 201710189481 A CN201710189481 A CN 201710189481A CN 106713372 B CN106713372 B CN 106713372B
- Authority
- CN
- China
- Prior art keywords
- data
- character string
- forms
- converted
- dimension
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The present invention proposes a kind of method of controlling security and system based on permission control, and method includes: that front-end server receives account information, input data, data processing request and request address information;Input data is encrypted, forms the first data, and account information, the first data, data processing request and request address information are sent to background server;If the first data group is matched with second data group in first database, the first data are decrypted, the second data after forming decryption;If the second data are matched with predefined input parameter, third data group is matched with the second database;If third data group is matched with the 4th data group in the second database, data processing is carried out according to the second data and data processing request, generates third data;Third data are sent to front-end server by background server.The safety of the accuracy and data of guarantee operation of the present invention.
Description
Technical field
The present invention relates to communication technique field, more particularly, to a kind of method of controlling security based on permission control and
Safety control system.
Background technique
With information-based high speed development, demand of the people to information security comes one after another, talent competition, market competition,
Financial crisis etc. all brings great risk to the development of enterprises and institutions, and inside steals secret information, hacker attack, unconscious divulge a secret etc. are stolen secret information
Means become between interpersonal, enterprise and enterprise, inter-State security risk.
The demand in market, the awareness of safety of people, environment factors promote the information security high speed development in China, believe
Breath safety experienced prevents from traditional single protection such as firewall to information security total solution, from traditional external network
Protect intranet security, Host Security etc..
When transmitting data in current client application platform, the operation data of user can be passed through operation circle by client
Face is sent to front-end server, then is forwarded to background server by front-end server, and generated with user's by background server
The corresponding business datum of operation data is to complete corresponding operation flow.
But operation interface is easy to be tampered, so that the priority assignation of user does not play a role, user can obtain this and not answer
The data that can be obtained.Also, during front-end server sends operation data to background server, if operation data is non-
Method is distorted, then background server will receive the operation data after being tampered, and be generated according to the operation data after being tampered
The business datum of mistake, this will cause operation flow that entanglement occurs, seriously affect the safety and accuracy of data.
Therefore it provides a kind of method of controlling security and safety control system based on permission control, to ensure operation interface
Safety and accuracy with data transmission are this field urgent problems to be solved.
Summary of the invention
In view of this, the present invention provides a kind of method of controlling security and safety control system based on permission control, solution
It has determined the technical issues of easily illegally being distorted, influence Information Security and accuracy in data transmission procedure in the prior art.
In order to solve the above-mentioned technical problem, the present invention proposes a kind of method of controlling security based on permission control, comprising:
Front-end server receives account information, input data, data processing request and request address information;
The front-end server encrypts the input data, forms encrypted first data, and by the account
Family information, first data, the data processing request and the request address information are sent to background server;Its
In, the account information, the request address information and the data processing request form the first data group;
The background server matches first data group received with first database;Wherein, described
First database includes at least one second data group, and second data group is account information, request address information and number
The predefined combination formed according to processing request;
If first data group is matched with second data group in the first database, the background service
First data are decrypted in device, the second data after forming decryption;Then by second data with it is predefined defeated
Enter parameter to be matched;Wherein, the account information and second data form third data group;
If second data are matched with the predefined input parameter, the background server is by the third number
It is matched according to group with the second database;Wherein, second database includes at least one the 4th data group, the 4th number
It is account information and the predefined combination that input data is formed according to group;
If the third data group is matched with the 4th data group in second database, the backstage
Server carries out data processing according to second data and the data processing request, generates third data;
The third data are sent to the front-end server by the background server.
Further, wherein added when the front-end server encrypts the input data using RSA Algorithm
It is close, comprising:
According to character sequencing, the input data is split as multiple first character strings, each first character
The maximum length of string is 30 bytes, forms the first character string dimension;
First character string dimension is recycled, the first character string in each first character string dimension is converted to
Then the first byte array is converted to 16 systems by one byte array, form the first BigInteger type number;
The first BigInteger type number is encrypted using rsa encryption formula, and is converted to the of 16 systems
Two character strings;It circuits sequentially, ultimately forms the second character string dimension;
According to the sequencing of the second character string in second character string dimension, second character string dimension is recycled,
Increase Chinese branch after each second character string, final splicing becomes an encrypted character string, forms the first number
According to.
Further, wherein solved when first data are decrypted in the background server using RSA Algorithm
It is close, comprising:
According to the sequencing of character, first data are split as multiple third character strings using Chinese branch, often
The maximum length of a third character string is 30 bytes, forms third character string dimension;
The third character string dimension is recycled, the third character string in each third character string dimension by 16 systems
Character string is converted to the 2nd byte array, and the 2nd byte array is then converted to 16 systems, forms second
BigInteger type number, and the 2nd BigInteger type number being decrypted using RSA decryption formula, formed 16 into
The 3rd BigInteger type number, is finally converted to the 3rd byte array by the 3rd BigInteger type number of system, and
The 3rd byte array is converted to the 4th character string;It circuits sequentially, ultimately forms the 4th character string dimension;
According to the sequencing of the 4th character string in the 4th character string dimension, the 4th character string dimension is turned
It is changed to the 5th character string, forms the second data.
Further, wherein the third data are sent to the front-end server by the background server, comprising:
The background server encrypts the third data, forms encrypted 4th data, and by described the
Four data are sent to the front-end server;And
The front-end server receives the 4th data, and the 4th data are decrypted, after forming decryption
5th data.
Further, wherein added when the background server encrypts the third data using RSA Algorithm
It is close, comprising:
According to character sequencing, the third data are split as multiple 6th character strings, each 6th character
The maximum length of string is 30 bytes, forms the 5th character string dimension;
The 5th character string dimension is recycled, the 6th character string in each 5th character string dimension is converted to
Then the 4th byte array is converted to 16 systems by four byte arrays, form the 4th BigInteger type number;
The 4th BigInteger type number is encrypted using rsa encryption formula, and is converted to the of 16 systems
Seven character strings;It circuits sequentially, ultimately forms the 6th character string dimension;
According to the sequencing of the 7th character string in the 6th character string dimension, the 6th character string dimension is recycled,
Increase Chinese branch after each 7th character string, final splicing becomes an encrypted character string, forms described the
Four data.
Further, wherein described to be decrypted using RSA Algorithm when 4th data are decrypted, comprising:
According to the sequencing of character, the 4th data are split as multiple 8th character strings using Chinese branch, often
The maximum length of a 8th character string is 30 bytes, forms the 7th character string dimension;
The 7th character string dimension is recycled, the 8th character string in each 7th character string dimension by 16 systems
Character string is converted to the 5th byte array, and the 5th byte array is then converted to 16 systems, forms the 5th
BigInteger type number, and the 5th BigInteger type number being decrypted using RSA decryption formula, formed 16 into
The 6th BigInteger type number, is finally converted to the 6th byte array by the 6th BigInteger type number of system, and
The 6th byte array is converted to the 9th character string;It circuits sequentially, ultimately forms the 8th character string dimension;
According to the sequencing of the 9th character string in the 8th character string dimension, the 8th character string dimension is turned
It is changed to the tenth character string, forms the 5th data.
On the other hand, the invention also provides a kind of safety control systems based on permission control, which is characterized in that packet
It includes: front-end server and background server, wherein the background server includes:
Encrypted data reception module is believed for receiving encrypted first data, account from the front-end server
Breath, data processing request and request address information;Wherein, the account information, the request address information and the number
It requests to form the first data group according to processing;
First data match module, for matching first data group with first database;Wherein, described
One database includes at least one second data group, and second data group is account information, request address information and data
The predefined combination that processing request is formed;
Encryption data deciphering module, for first data to be decrypted, the second data after forming decryption;
Parameter matching module, for matching second data with predefined input parameter;Wherein, the account
Family information and second data form third data group;
Second data match module, for matching the third data group with the second database;Wherein, described
Two databases include at least one the 4th data group, the 4th data group is account information and input data formed it is predefined
Combination;
Data generation module is generated for carrying out data processing according to second data and the data processing request
Third data;And
Data transmission blocks are generated, for the third data to be sent to the front-end server.
Further, wherein the front-end server includes:
Input data receiving module, for receiving account information, input data, data processing request and request address letter
Breath;
Data encryption module forms encrypted first data for encrypting to the input data;
Encryption data sending module, for by the account information, first data, the data processing request and
The request address information is sent to background server;And
Data reception module is generated, for receiving the third data from the background server.
Further, wherein the background server further includes generating data encryption module, for the third data
It is encrypted, forms encrypted 4th data;Wherein, the generation data encryption module is encrypted using RSA Algorithm, is wrapped
It includes:
According to character sequencing, the third data are split as multiple 6th character strings, each 6th character
The maximum length of string is 30 bytes, forms the 5th character string dimension;
The 5th character string dimension is recycled, the 6th character string in each 5th character string dimension is converted to
Then the 4th byte array is converted to 16 systems by four byte arrays, form the 4th BigInteger type number;
The 4th BigInteger type number is encrypted using rsa encryption formula, and is converted to the of 16 systems
Seven character strings;It circuits sequentially, ultimately forms the 6th character string dimension;
According to the sequencing of the 7th character string in the 6th character string dimension, the 6th character string dimension is recycled,
Increase Chinese branch after each 7th character string, final splicing becomes an encrypted character string, forms described the
Four data;
Also, the front-end server further includes generating data decryption module, for the 4th data to be decrypted,
The 5th data after forming decryption;Wherein, the generation data decryption module is decrypted using RSA Algorithm, comprising:
According to the sequencing of character, the 4th data are split as multiple 8th character strings using Chinese branch, often
The maximum length of a 8th character string is 30 bytes, forms the 7th character string dimension;
The 7th character string dimension is recycled, the 8th character string in each 7th character string dimension by 16 systems
Character string is converted to the 5th byte array, and the 5th byte array is then converted to 16 systems, forms the 5th
BigInteger type number, and the 5th BigInteger type number being decrypted using RSA decryption formula, formed 16 into
The 6th BigInteger type number, is finally converted to the 6th byte array by the 6th BigInteger type number of system, and
The 6th byte array is converted to the 9th character string;It circuits sequentially, ultimately forms the 8th character string dimension;
According to the sequencing of the 9th character string in the 8th character string dimension, the 8th character string dimension is turned
It is changed to the tenth character string, forms the 5th data.
Further, wherein the input data includes any filled in by data query, list, in data importing
The business datum of approach typing.
Compared with prior art, a kind of method of controlling security and safety control system based on permission control of the invention,
Realize it is following the utility model has the advantages that
(1) method of controlling security and safety control system of the present invention based on permission control, by input number
According to the transmission for carrying out data after being encrypted again, avoids and illegally distorted in data transmission procedure, and data deciphering
It is preceding to carry out corresponding function privilege verifying, it avoids being tampered because of operation interface, causes function privilege setting not play a role, then
Data permission verifying is carried out, prevents user from obtaining the data outside permission;The duplicate protection means of data encryption and Authority Verification are protected
Hinder the safety of the accuracy and data of operation.
(2) it is of the present invention based on permission control method of controlling security and safety control system, front-end server and
Background server is both needed to carry out the encryption and decryption process of data when transmitting data, carries out to input data and output data comprehensive
Protection, avoids data in network transmission process from being tampered, causes leaking data.
Detailed description of the invention
It is combined in the description and the attached drawing for constituting part of specification shows the embodiment of the present invention, and even
With its explanation together principle for explaining the present invention.
Fig. 1 is a kind of flow diagram of method of controlling security based on permission control provided in an embodiment of the present invention;
Fig. 2 is a kind of flow diagram of input data encryption provided in an embodiment of the present invention;
Fig. 3 is the flow diagram provided in an embodiment of the present invention that the first data are decrypted;
Fig. 4 is the flow diagram of priority assignation of the invention;
Fig. 5 is the flow diagram of another method of controlling security based on permission control provided in an embodiment of the present invention;
Fig. 6 is the flow diagram provided in an embodiment of the present invention encrypted to third data;
Fig. 7 is the flow diagram provided in an embodiment of the present invention that the 4th data are decrypted;
Fig. 8 is a kind of structural schematic diagram of background server provided in an embodiment of the present invention;
Fig. 9 is a kind of structural schematic diagram of front-end server provided in an embodiment of the present invention;
Figure 10 is the structural schematic diagram of another background server provided in an embodiment of the present invention;
Figure 11 is the structural schematic diagram of another front-end server provided in an embodiment of the present invention.
Specific embodiment
Carry out the various exemplary embodiments of detailed description of the present invention now with reference to attached drawing.It should also be noted that unless in addition having
Body explanation, the unlimited system of component and the positioned opposite of step, numerical expression and the numerical value otherwise illustrated in these embodiments is originally
The range of invention.
Be to the description only actually of at least one exemplary embodiment below it is illustrative, never as to the present invention
And its application or any restrictions used.
Technology, method and apparatus known to person of ordinary skill in the relevant may be not discussed in detail, but suitable
In the case of, the technology, method and apparatus should be considered as part of specification.
It is shown here and discuss all examples in, any occurrence should be construed as merely illustratively, without
It is as limitation.Therefore, other examples of exemplary embodiment can have different values.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined in a attached drawing, then in subsequent attached drawing does not need that it is further discussed.
Embodiment 1
Fig. 1 is a kind of flow diagram of method of controlling security based on permission control provided in an embodiment of the present invention, institute
The method of stating includes:
Step 101, front-end server receive account information, input data, data processing request and request address information.
Specifically, front-end server can obtain account information, when client is in front-end server when client logs in
Operation interface on input data and when filing a request, front-end server is ready to receive to arrive corresponding input data, data processing
Request and request address information.
Step 102, front-end server encrypt input data, form encrypted first data, and account is believed
Breath, the first data, data processing request and request address information are sent to background server;
Wherein, account information, request address information and data processing request form the first data group.
It can be to avoid input data from front end server transport to background server by being encrypted to input data
During illegally distorted.
Optionally, input data may include filled in by data query, list, the business for the approach typing such as data import
Data.
Wherein, the algorithm encrypted to input data can be RSA (Rivest-Shamir-Adleman, password system
System) or DES (Date Encryption Standard, data encryption standards) or IDEA (International Date
Encryption Algorithm, international data encryption algorithm) or AES (Advanced Encryption Standard, it is advanced
Encryption standard) or other existing Encryption Algorithm.
In some alternative embodiments, RSA Algorithm progress can be used when front-end server encrypts input data
Encryption.Fig. 2 is a kind of flow diagram of input data encryption provided in an embodiment of the present invention, wherein this method includes as follows
Step:
Step 201, according to character sequencing, input data is split as multiple first character strings, each first character
The maximum length of string is 30 bytes, forms the first character string dimension;
The first character string in each first character string dimension, is converted to the by step 202, the first character string dimension of circulation
Then first byte array is converted to 16 systems by one byte array, form the first BigInteger type number;
First BigInteger number is encrypted using rsa encryption formula, and is converted to 16 systems by step 203
Second character string;It circuits sequentially, ultimately forms the second character string dimension;
Step 204, according to the sequencing of the second character string in the second character string dimension, recycle the second character string dimension,
Increase Chinese branch after each second character string, final splicing becomes an encrypted character string, forms the first data.
RSA cryptographic algorithms are current most influential Encryption Algorithm, it can resist up to the present known big absolutely
Most cryptographic attacks, are recommended as data encryption standards by ISO.
Step 103, background server match the first data group received with first database.
Wherein, first database includes at least one second data group, and the second data group is account information, request address letter
The predefined combination that breath and data processing request are formed;
Specifically, when background server receive front-end server transmission by account information, request address information and
Data processing request formed after the first data group, the first data group is matched with the second data group, with the first number of detection
According to whether have in library in the first data group account information, request address information and data processing request it is all the same second
Data group is to judge whether user has the function privilege for handling the input data.
If step 104, the first data group are matched with second data group in first database, background server pair
First data are decrypted, the second data after forming decryption, then by the second data and the progress of predefined input parameter
Match;
Wherein, account information and the second data form third data group.
Specifically, when detecting in first database there is second data group, the account information for being included, request ground
Location information and data processing request information match with the first data group, illustrate that user has and use the data processing function
Permission, the first data can be decrypted in background server at this time, formed decryption after the second data.
Otherwise, if not found in first database and matched second data group of the first data group, background server
Forward end server returns to error message.
After decryption obtains the second data, the second data after decryption are matched with predefined input parameter, with inspection
Survey whether the second data match with input parameter predefined in system.In some alternative embodiments, background server
RSA Algorithm can be used when the first data are decrypted to be decrypted.Fig. 3 be it is provided in an embodiment of the present invention to the first data into
The flow diagram of row decryption, wherein this method comprises the following steps:
First data are split as multiple third characters using Chinese branch by step 301, the sequencing according to character
String, the maximum length of each third character string are 30 bytes, form third character string dimension;
Step 302, circulation third character string dimension, the third character string in each third character string dimension by 16 systems
Character string is converted to the 2nd byte array, and the 2nd byte array is then converted to 16 systems, forms the 2nd BigInteger type
Number, and the 2nd BigInteger type number is decrypted using RSA decryption formula, form the third of 16 systems
3rd BigInteger type number, is finally converted to the 3rd byte array, and the 3rd byte number by BigInteger type number
Group is converted to the 4th character string;It circuits sequentially, ultimately forms the 4th character string dimension;
Step 303, according to the sequencing of the 4th character string in the 4th character string dimension, the 4th character string dimension is turned
It is changed to the 5th character string, forms the second data.
Input data after encryption is decrypted by RSA Algorithm, it is ensured that the accuracy and safety of decryption.
If step 105, the second data are matched with predefined input parameter, background server is by third data group and the
Two databases are matched.
Wherein, the second database includes at least one the 4th data group, and the 4th data group is account information and input data
The predefined combination formed.
Specifically, illustrating that background server is decrypted to obtain when detecting that the second data are matched with predefined input parameter
The second data can be used for requested data processing, then background server can will be in third data group and the second database
The 4th data group matched, whether have in the second database and account information in third data group and the second number to detect
According to the 4th data group all the same.
If step 106, third data group are matched with the 4th data group in the second database, background server root
Data processing is carried out according to the second data and data processing request, generates third data.
Specifically, when detect account information in the 4th data group in the second database and input data with
Third data group matches, and illustrates that user has the permission for accessing the data.Then background server can be to the second data sum number
It requests to carry out data processing according to processing, generates third data.
Otherwise, if can not be found in the second database and matched 4th data group of third data group, background server
Terminate the process, and forward end server returns to error message.
Third data are sent to front-end server by step 107, background server.
User can check the data information by the operation interface of front-end server.
Front-end server in the embodiment of the present invention is first encrypted user by the input data that client is sent, shape
Background server is sent at the first data, then by the first data and the first data group, and background server is by by the first data
Group is after first database matching judgment user has the permission using the data processing function, then the first data are decrypted
To obtain the second data, background server passes through the third data group for forming the second data and account information and the second database
It is matched, judges that user has the permission for accessing the data, the second data are finally subjected to processing and generate third Data Concurrent
It send to front-end server.It can be seen that data quilt in transmission process can be effectively prevented by carrying out encryption to input data
It illegally distorts, to guarantee the safety of data, and passes through the matching judgment of data group and Relational database, it is ensured that backstage
Server, which only has relevant function treatment or data access rights in limited time in judgement user, can just be decrypted related data
Or data processing, to ensure that the safety and accuracy of data.
Method of controlling security of the present invention based on permission control, is carried out on the basis of rights management.Fig. 4 is
The flow diagram of priority assignation of the invention, this method comprises the following steps:
Step 401, administrator log in;
The administrator of system is the manager of system, and the user being responsible in management system, administrator can be in front end services
The function privilege and data permission of user are set in the operation interface of device, achieve the purpose that manage user.
User is the object of system service, and user can be used the function of system and obtain the data of system.
Step 402, administrator select the user of system;
Each user has an account.When user uses the data in system or system, after needing logon account information
Data can be obtained.This step mainly selects specific user that associated rights are arranged from the user of system.
Step 403, setting function privilege;
The interface of front-end server can be accessed by background server or menu is defined as function privilege, each function
The URL of the corresponding HTTP request of permission.
The business function that use object when function privilege is user's operation, i.e. user can be used.For example, inquiring certain public affairs
The record or to inquire someone identification card number be business function of paying taxes of department.The unusable business function of user is the user's
Front-end server is in hidden state.
User can have multiple function privileges, and the corresponding relationship of user and function privilege is stored in authority information library.
Step 404, setting data permission;
System classifies data, and every one kind data have corresponding data parameters.As data permission.Such as statistics bureau
Data parameters be TJJ, the data parameters of public security bureau are GAJ etc..The permission of the accessible data parameters of user, that is, data power
Limit.
User can have multiple data permissions, and the corresponding relationship of user and data permission is stored in authority information library
In.
Step 405, authority information storage.
After the function privilege and data permission at the handy family of administrator setting, setting rights objects storage to authority information library
In, in case being called when authorization check.Authority information library can be file or database.
Embodiment 2
As shown in figure 5, for the process of another method of controlling security based on permission control provided in an embodiment of the present invention
Schematic diagram, this method comprises the following steps:
Step 501, front-end server receive account information, input data, data processing request and request address information.
Specifically, front-end server can obtain account information, when client is in front-end server when client logs in
Operation interface on input data and when filing a request, front-end server is ready to receive to arrive corresponding input data, data processing
Request and request address information.For example, being filled in after logging in system by user in operation interface: name " Zhang San ", gender
" male " submits the application of personnel query identification card number.Wherein, the log-on message of user can be account information, name ": "
Three ", " gender ": " male " } it is input data, personnel query identification card number is data processing request, during information transmission certainly
So generate request address information.
Step 502, front-end server encrypt input data, form encrypted first data, and account is believed
Breath, the first data, data processing request and request address information are sent to background server;
Wherein, account information, request address information and data processing request form the first data group.
Specifically, front-end server receives account information, input data, data processing request and request address information
Afterwards, input data { " name ": " Zhang San ", " gender ": " male " } is encrypted, forms encrypted first data, this first
If data are printed as a messy code data, to ensure that the safety of data.
Then account information, the first data, data processing request and request address information are sent to background server;
Wherein, account information, request address information and data processing request form the first data group.
It can be to avoid input data from front end server transport to background server by being encrypted to input data
During illegally distorted.
Wherein, algorithm input data encrypted can for RSA or DES or IDEA or AES or other it is existing plus
Close algorithm.
Step 503, background server match the first data group received with first database;Wherein, first
Database includes at least one second data group, and the second data group is that account information, request address information and data processing are asked
Ask the predefined combination to be formed.
Specifically, when background server receive front-end server transmission by account information, request address information and
Data processing request formed after the first data group, the first data group is matched with first database;With the first number of detection
According to whether have in library in the first data group account information, request address information and data processing request it is all the same second
Data group, that is, can determine whether user has the permission of inquiry identity card function.
If step 504, the first data group are matched with second data group in first database, background server pair
First data are decrypted, the second data after forming decryption,
Then the second data are matched with predefined input parameter;
Wherein, account information and the second data form third data group.
Specifically, when detecting in first database there is second data group, the account information for being included, request ground
Location information and data processing request information match with the first data group, illustrate that user has the power of inquiry identity card function
Limit.Then background server can be decrypted the first data, { " Zhang San ", " male " } after forming decryption;Otherwise, if the first number
According to not finding in library and matched second data group of the first data group, then forward end server returns to error message.
After decryption obtains the second data, by the second data and predefined input parameter such as { " name ", " property after decryption
It is not matched " }, to detect whether the second data match with input parameter predefined in system.
If step 505, the second data are matched with predefined input parameter, background server is by third data group and the
Two databases are matched;
Wherein, the second database includes at least one the 4th data group, and the 4th data group is account information and input data
The predefined combination formed.
Specifically, if detect the second data be { " Zhang San ", " male " }, with predefined input parameter " name ",
" gender " } match, the second data { " Zhang San ", " male " } for illustrating that background server is decrypted can be used for inquiring identity card
Data processing.Then background server carries out the third data group formed by account information and the second data and the second database
Matching, to detect whether third data group matches with the 4th data group in the second database.
If step 506, third data group are matched with the 4th data group in the second database, background server root
Data processing is carried out according to the second data and data processing request, generates third data.
Specifically, when detect account information in the 4th data group in the second database and input data with
Third data group matches, and illustrates that user has the permission of identification card number of access Zhang San (male).Then background server can be right
Second data carry out data processing, generate third data, the i.e. identification card number of Zhang San.
Otherwise, if can not be found in the second database and matched 4th data group of third data group, background server
Terminate the process, and forward end server returns to error message.
Step 507, background server encrypt third data, form encrypted 4th data, and the 4th is counted
According to being sent to front-end server.
Specifically, background server encrypts third data (for example, identification card number of Zhang San), formed encrypted
4th data, and the 4th data are sent to front-end server.
Being encrypted by the identification card number to Zhang San can be to avoid its identification card number before being transferred to from background server
It is illegally distorted during platform server, to guarantee the safety of data transmission procedure.
The algorithm wherein encrypted to third data can be RSA or IDEA or AES or other existing Encryption Algorithm.
In some alternative embodiments, RSA Algorithm progress can be used when background server encrypts third data
Encryption, as shown in fig. 6, being the flow diagram provided in an embodiment of the present invention encrypted to third data, wherein this method
Include the following steps:
Step 601, according to character sequencing, third data are split as multiple 6th character strings, each 6th character
The maximum length of string is 30 bytes, forms the 5th character string dimension;
The 6th character string in each 5th character string dimension, is converted to the by step 602, the 5th character string dimension of circulation
Then 4th byte array is converted to 16 systems by four byte arrays, form the 4th BigInteger type number;
4th BigInteger number is encrypted using rsa encryption formula, and is converted to 16 systems by step 603
7th character string;It circuits sequentially, ultimately forms the 6th character string dimension;
Step 604, according to the sequencing of the 7th character string in the 6th character string dimension, recycle the 6th character string dimension,
Increase Chinese branch after each 7th character string, final splicing becomes an encrypted character string, forms the 4th data.
Step 508, front-end server receive the 4th data, and the 4th data are decrypted, the 5th after forming decryption
Data.
Specifically, front-end server receives the 4th data, and the 4th data are decrypted, the 5th number after forming decryption
According to the i.e. identification card number of Zhang San.Due to the 4th data received be it is encrypted, such as wanting to read the data first needs pair
The data ensure that the safety of data transmission into Xie Hangmi processing.
In some alternative embodiments, RSA Algorithm can be used when the 4th data are decrypted to be decrypted, such as Fig. 7
It is shown, it is the flow diagram provided in an embodiment of the present invention that the 4th data are decrypted, wherein this method includes following step
It is rapid:
4th data are split as multiple 8th characters using Chinese branch by step 701, the sequencing according to character
String, the maximum length of each 8th character string are 30 bytes, form the 7th character string dimension;
Step 702, the 7th character string dimension of circulation, the 8th character string in each 7th character string dimension by 16 systems
Character string is converted to the 5th byte array, and the 5th byte array is then converted to 16 systems, forms the 5th BigInteger type
Number, and the 5th BigInteger type number is decrypted using RSA decryption formula, form the 6th of 16 systems
6th BigInteger type number, is finally converted to the 6th byte array, and the 6th byte number by BigInteger type number
Group is converted to the 9th character string;It circuits sequentially, ultimately forms the 8th character string dimension;
Step 703, according to the sequencing of the 9th character string in the 8th character string dimension, the 8th character string dimension is turned
It is changed to the tenth character string, forms the 5th data.
Front-end server in the embodiment of the present invention first encrypts the input data that user sends through client, is formed
First data, then the first data and the first data group are sent to background server, background server is by by the first data group
After the permission whether with first database matching judgment user with the data processing function, then to the first data be decrypted with
Obtain the second data, background server by by the third data group and the second database of the second data and account information formation into
Row matching judges that user has the permission for accessing inputted data, and the second data are finally carried out processing and generate third data,
Background server again encrypts third data, is then delivered to front-end server, front-end server is with the encryption data
The data that can be obtained that treated after decryption.It can be seen that can be effective by being encrypted to input data and inquiry data
It prevents data from illegally being distorted in transmission process, to guarantee the safety of data, and passes through data group and Relational database
Matching judgment, it is ensured that background server only determine user have relevant function treatment or access authority Shi Caihui
Related data is decrypted, encrypt or data transmission, to ensure that the accuracy of data.
Embodiment 3
Present embodiment describes a kind of safety control systems based on permission control, which includes: front end services
Device and background server.Wherein, the structure of background server and front-end server is respectively as can be seen from figures 8 and 9, wherein Fig. 8 is
A kind of structural schematic diagram of background server provided in an embodiment of the present invention;Fig. 9 is a kind of front end provided in an embodiment of the present invention
The structural schematic diagram of server.
As shown in figure 8, the background server 80 include: encrypted data reception module 801, the first data match module 802,
Encryption data deciphering module 803, the second data match module 805, data generation module 806, generates parameter matching module 804
Data transmission blocks 807.
Encrypted data reception module 801 is believed for receiving encrypted first data, account from front-end server 90
Breath, data processing request and request address information;Wherein, account information, request address information and data processing request shape
At the first data group;
Specifically, encrypted data reception module 801 can receive encrypted first data from front-end server 90, keep away
Exempt from directly to receive input data, information is illegally distorted during transmission, guarantees the safety of data.
Optionally, input data may include filled in by data query, list, the business for the approach typing such as data import
Data.
First data match module 802, for matching the first data group with first database;Wherein, the first number
It include at least one second data group according to library, the second data group is account information, request address information and data processing request
The predefined combination formed.
Specifically, after encrypted data reception module 801 receives encrypted first data and the first data group, pass through by
First data group is matched with first database, for detecting whether the user has power using the data processing function
Limit.
Encryption data deciphering module 803, for the first data to be decrypted, the second data after forming decryption;
Specifically, when the first data match module 802 detects the second data in the first data group and first database
Group matches, then illustrates that user has the permission using the data processing function.Encryption data deciphering module can be passed through
803, the first data are decrypted, the second data after forming decryption.
Parameter matching module 804, for matching the second data with predefined input parameter;Wherein, account is believed
Breath and the second data form third data group;
Specifically, working as encryption data deciphering module 803, the first data are decrypted after generating the second data, parameter
With module 804, the second data can be matched with predefined input parameter, decrypt to obtain for detecting background server
The second data whether can be used for handling requested data.
Second data match module 805, for matching third data group with the second database;Wherein, the second number
It include at least one the 4th data group according to library, the 4th data group is account information and the predefined combination that input data is formed;
Specifically, working as parameter matching module 804, when detecting that the second data and predefined input parameter match, say
Bright the second obtained data of decrypting can be used for handling requested data.Second data match module 805, so that it may
Third data group is matched with the second database, to detect whether the user has the permission for accessing the data.
Data generation module 806 generates third number for carrying out data processing according to the second data and data processing request
According to;
Specifically, when the second data match module 805 detects one the 4th number of third data group Yu the second database
When matching according to group, illustrate that user has the permission for accessing the data.Data generation module 806, so that it may to the second data into
Row processing, generates third data.
Data transmission blocks 807 are generated, for third data to be sent to front-end server 90.
Specifically, data generation module 806, handles the second data, after generating third data, by generating data
Third data are sent to front-end server 90 by sending module 807.
As shown in figure 9, the front-end server 90 includes: input data receiving module 901, data encryption module 902, encryption
Data transmission blocks 903 generate data reception module 904.
Input data receiving module 901, for receiving account information, input data, data processing request and request ground
Location information;
Data encryption module 902 forms encrypted first data for encrypting to input data;
Specifically, work as input data receiving module 901, receive account information, input data, data processing request and
After request address information, by data encryption module 902, input data is encrypted, forms encrypted first data.It is logical
Cross the safety for carrying out being encrypted to ensure that data transmission to input data.
Encryption data sending module 903 is used for account information, the first data, data processing request and request address
Information is sent to background server 80;
Specifically, working as data encryption module 902, input data is encrypted, forms encrypted first data.Pass through
Encryption data sending module 903, after being sent to account information, the first data, data processing request and request address information
Platform server 80.By carry out data transmission again after encryption forms the first data to input data, input data is avoided to exist
It is illegally distorted when being sent to background server 80 from front-end server 90.
Data reception module 904 is generated, for receiving the third data from background server 80.
Specifically, after the second data that decryption obtains are converted to third data by background server 80, through background service
Third data are sent to front-end server 90, the generation data receiver of front-end server 90 by the generation data transmission blocks of device 80
Module 904 can receive third data.
It as shown in Figure 10, is the structural schematic diagram of another background server provided in an embodiment of the present invention, background service
Device 80 may include encrypted data reception module 801 in embodiment corresponding to above-mentioned Fig. 8, the first data match module 802 plus
Ciphertext data deciphering module 803, the second data match module 805, data generation module 806, generates number at parameter matching module 804
According to sending module 807, further, background server can also include: to generate data encryption module 808;
Data encryption module 808 is generated for encrypting to third data, forms encrypted 4th data;
Specifically, working as data generation module 806, the second data are handled, after generating third data, then by generating
Data encryption module 808 encrypts third data, forms encrypted 4th data, sends mould finally by data are generated
4th data are sent to front-end server 90 by block 807.
Further, the present embodiment is generated data encryption module 808 and is encrypted using RSA Algorithm, to third data
The algorithm encrypted flow diagram shown in Figure 6 and above-mentioned respective description.
It as shown in figure 11, is the structural schematic diagram of another front-end server provided in an embodiment of the present invention, front end services
Device 90 may include input data receiving module 901, data encryption module 902, encryption number in embodiment corresponding to above-mentioned Fig. 9
According to sending module 903, data reception module 904 is generated, further, front-end server further includes generating data decryption module
905;
Data decryption module 905 is generated, for the 4th data to be decrypted, the 5th data after forming decryption;
Specifically, the generation data encryption module 808 when background server 80 encrypts third data, encryption is formed
4th data are sent to front-end server 90, front end clothes then by generating data transmission blocks 807 by the 4th data afterwards
The generation data reception module 904 of business device 90 receives the 4th data, then by generating data decryption module 905, to the 4th
Data are decrypted, the 5th data after forming decryption.
Further, the present embodiment is decrypted to data decryption module is generated using RSA Algorithm, to the 4th data into
The algorithm flow diagram shown in Figure 7 of row decryption and above-mentioned respective description.
Through the foregoing embodiment it is found that it is of the invention based on permission control method of controlling security and safety control system,
Reached it is following the utility model has the advantages that
(1) method of controlling security and safety control system of the present invention based on permission control, by input number
According to the transmission for carrying out data after being encrypted again, avoids and illegally distorted in data transmission procedure, and data deciphering
It is preceding to carry out corresponding function privilege verifying, it avoids being tampered because of operation interface, causes function privilege setting not play a role, then
Data permission verifying is carried out, prevents user from obtaining the data outside permission;The duplicate protection means of data encryption and Authority Verification are protected
Hinder the safety of the accuracy and data of operation.
(2) it is of the present invention based on permission control method of controlling security and safety control system, front-end server and
Background server is both needed to carry out the encryption and decryption process of data when transmitting data, carries out to input data and output data comprehensive
Protection, avoids data in network transmission process from being tampered, causes leaking data.
Although some specific embodiments of the invention are described in detail by example, the skill of this field
Art personnel it should be understood that example above merely to being illustrated, the range being not intended to be limiting of the invention.The skill of this field
Art personnel are it should be understood that can without departing from the scope and spirit of the present invention modify to above embodiments.This hair
Bright range is defined by the following claims.
Claims (10)
1. a kind of method of controlling security based on permission control characterized by comprising
Front-end server receives account information, input data, data processing request and request address information;
The front-end server encrypts the input data, forms encrypted first data, and the account is believed
Breath, first data, the data processing request and the request address information are sent to background server;Wherein, institute
It states account information, the request address information and the data processing request and forms the first data group;
The background server matches first data group received with first database;Wherein, described first
Database includes at least one second data group, and second data group is at account information, request address information and data
The predefined combination that reason request is formed;
If first data group is matched with second data group in the first database, the background server pair
First data are decrypted, the second data after forming decryption;Then second data and predefined input are joined
Number is matched;Wherein, the account information and second data form third data group;
If second data are matched with the predefined input parameter, the background server is by the third data group
It is matched with the second database;Wherein, second database includes at least one the 4th data group, the 4th data group
The predefined combination formed for account information and input data;
If the third data group is matched with the 4th data group in second database, the background service
Device carries out data processing according to second data and the data processing request, generates third data;
The third data are sent to the front-end server by the background server.
2. the method for controlling security according to claim 1 based on permission control, which is characterized in that the front-end server
It is encrypted when being encrypted to the input data using RSA Algorithm, comprising:
According to character sequencing, the input data is split as multiple first character strings, each first character string
Maximum length is 30 bytes, forms the first character string dimension;
First character string dimension is recycled, the first character string in each first character string dimension is converted to first
Then the first byte array is converted to 16 systems by byte array, form the first BigInteger type number;
The first BigInteger type number is encrypted using rsa encryption formula, and is converted to the second word of 16 systems
Symbol string;It circuits sequentially, ultimately forms the second character string dimension;
According to the sequencing of the second character string in second character string dimension, second character string dimension is recycled, every
Increase Chinese branch after a second character string, final splicing becomes an encrypted character string, forms the first data.
3. the method for controlling security according to claim 2 based on permission control, which is characterized in that the background server
It is decrypted when first data are decrypted using RSA Algorithm, comprising:
According to the sequencing of character, first data are split as multiple third character strings, Mei Gesuo using Chinese branch
The maximum length for stating third character string is 30 bytes, forms third character string dimension;
The third character string dimension is recycled, the third character string in each third character string dimension by 16 system characters
String is converted to the 2nd byte array, and the 2nd byte array is then converted to 16 systems, forms the 2nd BigInteger type
Number, and the 2nd BigInteger type number is decrypted using RSA decryption formula, form the third of 16 systems
The 3rd BigInteger type number is finally converted to the 3rd byte array by BigInteger type number, and described the
Three byte arrays are converted to the 4th character string;It circuits sequentially, ultimately forms the 4th character string dimension;
According to the sequencing of the 4th character string in the 4th character string dimension, the 4th character string dimension is converted to
5th character string forms the second data.
4. the method for controlling security according to claim 1 based on permission control, which is characterized in that the background server
The third data are sent to the front-end server, comprising:
The background server encrypts the third data, forms encrypted 4th data, and the described 4th is counted
According to being sent to the front-end server;And
The front-end server receives the 4th data, and the 4th data are decrypted, the 5th after forming decryption
Data.
5. the method for controlling security according to claim 4 based on permission control, which is characterized in that the background server
It is encrypted when being encrypted to the third data using RSA Algorithm, comprising:
According to character sequencing, the third data are split as multiple 6th character strings, each 6th character string
Maximum length is 30 bytes, forms the 5th character string dimension;
The 5th character string dimension is recycled, the 6th character string in each 5th character string dimension is converted to the 4th
Then the 4th byte array is converted to 16 systems by byte array, form the 4th BigInteger type number;
The 4th BigInteger type number is encrypted using rsa encryption formula, and is converted to the 7th word of 16 systems
Symbol string;It circuits sequentially, ultimately forms the 6th character string dimension;
According to the sequencing of the 7th character string in the 6th character string dimension, the 6th character string dimension is recycled, every
Increase Chinese branch after a 7th character string, final splicing becomes an encrypted character string, forms the 4th number
According to.
6. the method for controlling security according to claim 5 based on permission control, which is characterized in that described to the described 4th
It is decrypted when data are decrypted using RSA Algorithm, comprising:
According to the sequencing of character, the 4th data are split as multiple 8th character strings, Mei Gesuo using Chinese branch
The maximum length for stating the 8th character string is 30 bytes, forms the 7th character string dimension;
The 7th character string dimension is recycled, the 8th character string in each 7th character string dimension by 16 system characters
String is converted to the 5th byte array, and the 5th byte array is then converted to 16 systems, forms the 5th BigInteger type
Number, and the 5th BigInteger type number is decrypted using RSA decryption formula, form the 6th of 16 systems
The 6th BigInteger type number is finally converted to the 6th byte array by BigInteger type number, and described the
Six byte arrays are converted to the 9th character string;It circuits sequentially, ultimately forms the 8th character string dimension;
According to the sequencing of the 9th character string in the 8th character string dimension, the 8th character string dimension is converted to
Tenth character string forms the 5th data.
7. a kind of safety control system based on permission control characterized by comprising front-end server and background server,
Wherein, the background server includes:
Encrypted data reception module, for receiving encrypted first data from the front-end server, account information, number
According to processing request and request address information;Wherein, the account information, the request address information and the data processing
Request forms the first data group;
First data match module, for matching first data group with first database;Wherein, first number
It include at least one second data group according to library, second data group is account information, request address information and data processing
Request the predefined combination formed;
Encryption data deciphering module, for first data to be decrypted, the second data after forming decryption;
Parameter matching module, for matching second data with predefined input parameter;Wherein, the account letter
Breath and second data form third data group;
Second data match module, for matching the third data group with the second database;Wherein, second number
It include at least one the 4th data group according to library, the 4th data group is predefined group of account information and input data formation
It closes;
Data generation module generates third for carrying out data processing according to second data and the data processing request
Data;And
Data transmission blocks are generated, for the third data to be sent to the front-end server.
8. the safety control system according to claim 7 based on permission control, which is characterized in that the front-end server
Include:
Input data receiving module, for receiving account information, input data, data processing request and request address information;
Data encryption module forms encrypted first data for encrypting to the input data;
Encryption data sending module, for by the account information, first data, the data processing request and described
Request address information is sent to background server;And
Data reception module is generated, for receiving the third data from the background server.
9. the safety control system according to claim 8 based on permission control, which is characterized in that the background server
Further include generating data encryption module, for encrypting to the third data, forms encrypted 4th data;Wherein,
The generation data encryption module is encrypted using RSA Algorithm, comprising:
According to character sequencing, the third data are split as multiple 6th character strings, each 6th character string
Maximum length is 30 bytes, forms the 5th character string dimension;
The 5th character string dimension is recycled, the 6th character string in each 5th character string dimension is converted to the 4th
Then the 4th byte array is converted to 16 systems by byte array, form the 4th BigInteger type number;
The 4th BigInteger type number is encrypted using rsa encryption formula, and is converted to the 7th word of 16 systems
Symbol string;It circuits sequentially, ultimately forms the 6th character string dimension;
According to the sequencing of the 7th character string in the 6th character string dimension, the 6th character string dimension is recycled, every
Increase Chinese branch after a 7th character string, final splicing becomes an encrypted character string, forms the 4th number
According to;
Also, the front-end server further includes generating data decryption module, for the 4th data to be decrypted, is formed
The 5th data after decryption;Wherein, the generation data decryption module is decrypted using RSA Algorithm, comprising:
According to the sequencing of character, the 4th data are split as multiple 8th character strings, Mei Gesuo using Chinese branch
The maximum length for stating the 8th character string is 30 bytes, forms the 7th character string dimension;
The 7th character string dimension is recycled, the 8th character string in each 7th character string dimension by 16 system characters
String is converted to the 5th byte array, and the 5th byte array is then converted to 16 systems, forms the 5th BigInteger type
Number, and the 5th BigInteger type number is decrypted using RSA decryption formula, form the 6th of 16 systems
The 6th BigInteger type number is finally converted to the 6th byte array by BigInteger type number, and described the
Six byte arrays are converted to the 9th character string;It circuits sequentially, ultimately forms the 8th character string dimension;
According to the sequencing of the 9th character string in the 8th character string dimension, the 8th character string dimension is converted to
Tenth character string forms the 5th data.
10. the safety control system according to claim 7 based on permission control, which is characterized in that the input data
The business datum of any approach typing including being filled in by data query, list, in data importing.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710189481.9A CN106713372B (en) | 2017-03-27 | 2017-03-27 | A kind of method of controlling security and safety control system based on permission control |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710189481.9A CN106713372B (en) | 2017-03-27 | 2017-03-27 | A kind of method of controlling security and safety control system based on permission control |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106713372A CN106713372A (en) | 2017-05-24 |
CN106713372B true CN106713372B (en) | 2019-07-05 |
Family
ID=58887071
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710189481.9A Active CN106713372B (en) | 2017-03-27 | 2017-03-27 | A kind of method of controlling security and safety control system based on permission control |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106713372B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107395600B (en) * | 2017-07-25 | 2019-12-06 | 金在(北京)金融信息服务有限公司 | Service data verification method, service platform and mobile terminal |
CN109617895A (en) * | 2018-12-27 | 2019-04-12 | 东莞见达信息技术有限公司 | Access safety control method and system |
CN111555880B (en) * | 2019-02-12 | 2023-05-30 | 北京京东尚科信息技术有限公司 | Data collision method and device, storage medium and electronic equipment |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103401561A (en) * | 2013-07-25 | 2013-11-20 | 百度在线网络技术(北京)有限公司 | Methods and devices for compressing and decompressing map data |
CN106339760A (en) * | 2016-08-31 | 2017-01-18 | 湖北既济电力集团有限公司科技信息分公司 | Communication cable maintenance management information system |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4375715B2 (en) * | 2003-07-11 | 2009-12-02 | 本田技研工業株式会社 | Front structure of motorcycle |
KR101371608B1 (en) * | 2011-10-10 | 2014-03-14 | 주식회사 알티베이스 | Database Management System and Encrypting Method thereof |
-
2017
- 2017-03-27 CN CN201710189481.9A patent/CN106713372B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103401561A (en) * | 2013-07-25 | 2013-11-20 | 百度在线网络技术(北京)有限公司 | Methods and devices for compressing and decompressing map data |
CN106339760A (en) * | 2016-08-31 | 2017-01-18 | 湖北既济电力集团有限公司科技信息分公司 | Communication cable maintenance management information system |
Also Published As
Publication number | Publication date |
---|---|
CN106713372A (en) | 2017-05-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU667925B2 (en) | Cryptographic data security in a secured computer system | |
US7058971B1 (en) | Access privilege transferring method | |
CN106302328B (en) | Sensitive user data processing system and method | |
CN106790250A (en) | Data processing, encryption, integrity checking method and authentication identifying method and system | |
CN105827574B (en) | A kind of file access system, method and device | |
CN102170350B (en) | Multiple uncertainty encryption system with misleading function | |
CN103455744B (en) | A kind of data security protection method based on vein identification technology and system | |
CN206212040U (en) | A kind of real-name authentication system for express delivery industry | |
CN106452764A (en) | Method for automatically updating identification private key and password system | |
CN111954211B (en) | Novel authentication key negotiation system of mobile terminal | |
CN103108028A (en) | Cloud computing processing system with security architecture | |
US8316437B2 (en) | Method for protecting the access to an electronic object connected to a computer | |
CN106713372B (en) | A kind of method of controlling security and safety control system based on permission control | |
US9516059B1 (en) | Using mock tokens to protect against malicious activity | |
CN110225014B (en) | Internet of things equipment identity authentication method based on fingerprint centralized issuing mode | |
CN105743905A (en) | Method, device and system for realizing security login and security equipment | |
US10615975B2 (en) | Security authentication method for generating secure key by combining authentication elements of multi-users | |
CN116743470A (en) | Service data encryption processing method and device | |
CN108667801A (en) | A kind of Internet of Things access identity safety certifying method and system | |
CN106992978A (en) | Network safety managing method and server | |
Said et al. | A multi-factor authentication-based framework for identity management in cloud applications | |
CN113918977A (en) | User information transmission device based on Internet of things and big data analysis | |
CN109145557A (en) | A kind of computer data protection system | |
CN107451483A (en) | A kind of safe encryption method of data platform | |
CN111464543B (en) | Teaching information safety protection system based on cloud platform |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |