CN107038583A - The method for verifying authority and system of a kind of transaction system - Google Patents

The method for verifying authority and system of a kind of transaction system Download PDF

Info

Publication number
CN107038583A
CN107038583A CN201710210344.9A CN201710210344A CN107038583A CN 107038583 A CN107038583 A CN 107038583A CN 201710210344 A CN201710210344 A CN 201710210344A CN 107038583 A CN107038583 A CN 107038583A
Authority
CN
China
Prior art keywords
authority
screen operation
authority verification
client
mark
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201710210344.9A
Other languages
Chinese (zh)
Inventor
方敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Bill Trading Center Co Ltd
Original Assignee
Wuhan Bill Trading Center Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Bill Trading Center Co Ltd filed Critical Wuhan Bill Trading Center Co Ltd
Priority to CN201710210344.9A priority Critical patent/CN107038583A/en
Publication of CN107038583A publication Critical patent/CN107038583A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/405Establishing or using transaction specific rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Abstract

The invention discloses a kind of method for verifying authority of transaction system and system, method includes:S1, receive client send the first screen operation request, and to the first screen operation request be packaged obtain Authority Verification request, Authority Verification request include:The corresponding ID of the mark ID of first screen operation, client and the first picture input information;S2, according to mark ID and ID to the first screen operation carry out Authority Verification;S3, when it is determined that being proved to be successful, return be proved to be successful information;S4, when it is determined that during authentication failed, returning to lack of competence prompting message and authentication failed information.The beneficial effects of the invention are as follows:The mark ID, ID and this paper input frames of screen operation in the user client interface content inputted are packaged and bound by the technical program, Authority Verification is carried out to screen operation by identifying ID and ID, it is ensured that the confidentiality and security of customer transaction information.

Description

The method for verifying authority and system of a kind of transaction system
Technical field
The present invention relates to transaction system technical field, the method for verifying authority and system of more particularly to a kind of transaction system.
Background technology
At present, existing transaction system includes enterprises end and bank end, for the friendship between enterprise, between enterprise and bank The confidentiality and security of easy information can not be ensured well, also in the presence of very big risk hidden danger.
The content of the invention
The invention provides a kind of method for verifying authority of transaction system and system, prior art Transaction Information is solved There is the technical problem of greater risk hidden danger in security and confidentiality.
The technical scheme that the present invention solves above-mentioned technical problem is as follows:A kind of method for verifying authority of transaction system, including:
S1, the first screen operation request for receiving client transmission, and first screen operation request is packaged Authority Verification request is obtained, the Authority Verification asks to be used to ask to carry out Authority Verification, the authority to the first screen operation Checking request includes:Mark ID, the corresponding ID of the client and the first picture input information of first screen operation;
S2, Authority Verification carried out to first screen operation according to the mark ID and the ID;
S3, when it is determined that being proved to be successful, return be proved to be successful information;
S4, when it is determined that during authentication failed, returning to lack of competence prompting message and authentication failed information.
The beneficial effects of the invention are as follows:The technical program by the mark ID of the screen operation in user client interface, use The content of family ID and this paper input frame input is packaged and bound, and screen operation is weighed by identifying ID and ID Limit checking, it is ensured that the confidentiality and security of customer transaction information.
On the basis of above-mentioned technical proposal, the present invention can also do following improvement.
Preferably, before step S1, in addition to:
For each one authority of user configuring and/or a permission group, the permission group includes at least one described authority, Each authority is respectively provided with unique authority keyword, and each user is respectively provided with unique ID.
Preferably, before step S1, in addition to:
Unique mark ID is respectively provided with for each screen operation of the client;
According to the authority keyword and the mark ID, Authority Verification list is generated, the Authority Verification list includes: Identify ID and authority keyword.
Preferably, step S2 includes:
The all permissions that S21, the corresponding ID of the acquisition client possess;
S22, judge in all permissions whether there is first screen operation mark ID, in this way then determine checking Success, otherwise determines authentication failed.
Preferably, in step S1, the first screen operation request that client is sent is received by apps server, led to Cross zookeeper servers to be packaged first screen operation request and be sent to Authority Verification server, pass through institute State Authority Verification server and Authority Verification is carried out to the first screen operation.
Preferably, the authority includes:Trading privilege and air control authority.
Preferably, the trading privilege is used to define whether first screen operation can perform.
Preferably, the air control authority is used to whether within a predetermined range to define the first picture input information.
A kind of Authority Verification system of transaction system, including:Client, apps server, zookeeper servers With Authority Verification server,
The apps server is used for the first screen operation request for receiving client transmission, passes through zookeeper Server is packaged to first screen operation request and is sent to Authority Verification server;
The Authority Verification server is used for the Authority Verification request for receiving client transmission, the Authority Verification request bag Include:Mark ID, the corresponding ID of the client and the first picture input information of first screen operation;And
Be additionally operable to carry out Authority Verification to first screen operation according to the mark ID and the ID, when it is determined that When being proved to be successful, returned to the client and be proved to be successful information;And when it is determined that during authentication failed, giving the client to return Lack of competence prompting message and authentication failed information.
Preferably, the Authority Verification server is additionally operable to as each one authority of user configuring and/or a permission group, The permission group includes at least one described authority, and each authority is respectively provided with unique authority keyword, and each user is respectively provided with Unique ID;And
The each screen operation being additionally operable to as the client is respectively provided with unique mark ID, according to the authority keyword With the mark ID, Authority Verification list is generated, the Authority Verification list includes:Identify ID and authority keyword.
Brief description of the drawings
Fig. 1 is a kind of schematic flow sheet of the method for verifying authority of transaction system provided in an embodiment of the present invention;
A kind of structural representation of the Authority Verification system for transaction system that Fig. 2 provides for another embodiment of the present invention.
Embodiment
The principle and feature of the present invention are described below in conjunction with accompanying drawing, the given examples are served only to explain the present invention, and It is non-to be used to limit the scope of the present invention.
As shown in figure 1, in one embodiment there is provided a kind of method for verifying authority of transaction system, including:
S1, the first screen operation request for receiving client transmission, and the first screen operation is asked to be packaged to obtain Authority Verification is asked, and Authority Verification asks to be used to ask to carry out the first screen operation Authority Verification, and Authority Verification request includes: The corresponding ID of the mark ID of first screen operation, client and the first picture input information;
S2, according to mark ID and ID to the first screen operation carry out Authority Verification;
S3, when it is determined that being proved to be successful, return be proved to be successful information;
S4, when it is determined that during authentication failed, returning to lack of competence prompting message and authentication failed information.
It should be understood that the mark ID, ID and this paper input frames of the screen operation in user client interface are inputted Content be packaged and bind, by identify ID and ID to screen operation carry out Authority Verification, it is ensured that customer transaction believe The confidentiality and security of breath.
Specifically, user clicks on a certain button in the operation interface of client, is sent out by the button to background server Corresponding operation requests are sent, server is first packaged to the request before the request is responded and obtains Authority Verification request, from And the authority to the operation requests is verified, if be proved to be successful, then it represents that the operation requests are legal, and server can be with The operation requests are performed, if authentication failed, then it represents that the operation requests are illegal, and server will not be to the behaviour Make request to be performed, while the information such as the reason for returning to prompting message and the authentication failed of " lack of competence ", so as to both ensure that The security of information is supplied to the more preferable usage experience of user further through notifying user without this operating right.
Specifically, before step S1, in addition to:
For each one authority of user configuring and/or a permission group, permission group includes at least one authority, each authority Unique authority keyword is respectively provided with, each user is respectively provided with unique ID.
Specifically, a user can possess an authority, can also possess multiple authorities, and each authority is respectively provided with uniquely Keyword, equally, each user is respectively provided with unique ID, so as to avoid the situation that multiple authorities are mixed up.
Specifically, before step S1, in addition to:
Unique mark ID is respectively provided with for each screen operation of client;
According to authority keyword and mark ID, Authority Verification list is generated, Authority Verification list includes:Identify ID and authority Keyword.
Specifically, before user carries out interface operation, it is necessary to each screen operation (such as button) on interface point With a unique mark ID, then the mark ID of the authority keyword of authority and screen operation is associated, one is generated Authority Verification list, facilitates the follow-up execution that corresponding authority is found according to mark ID.
Specifically, step S2 includes:
The all permissions that S21, the corresponding ID of acquisition client possess;
S22, judge in all permissions whether there is the first screen operation mark ID, in this way then determine be proved to be successful, it is no Then determine authentication failed.
Specifically, in step S1, the first screen operation request that client is sent is received by apps server, led to Cross zookeeper servers to be packaged the request of the first screen operation and be sent to Authority Verification server, tested by authority Demonstrate,prove server and Authority Verification is carried out to the first screen operation.
Zookeeper servers are distributed, open source code a distributed application program coordination service devices, are Hadoop and Hbase significant components there is provided function include:Configuring maintenance, domain name service, distributed synchronization, group service etc.. The target of zookeeper servers is exactly the error-prone key service of packaged complexity, and interface easy to use and performance is high Effect, the system of function-stable are supplied to user.Zookeeper servers can be with the clothes of how many offer search engine of automatic sensing Business device simultaneously sends searching request to these servers, and standby server is enabled automatically when director server delays machine.
Specifically, authority includes:Trading privilege and air control authority.
Specifically, trading privilege is used to define whether the first screen operation can perform, and air control authority is used to define the first picture Within a predetermined range whether face input information.The form of air control authority definition uses Json character string forms, is replaced with rule list Rule defines the regular expression for the computing for directly storing verification in table, rule list with JSON forms.Such as:
{Rule1:{rule1:field:$price1,type:double,op:<,value:@param1},op:&&, rule2:{field:$price1,type:double,op:>,value:@param2}},op:||,rule2{field:$ price2,type:double,op:<,value:@param3},op:&&,rule2:{field:$price2,type: double,op:>,value:@param4 } } }, the configuration parameter field of rule list preserves { param1:1000, param2:100, param3:500, param4:200 }, server can resolve to json the expression formula of following string format:
($Priec1<@param1&&$price1>@param2)||($Priec2<@param3&&$price2>@ Param4) ,@beginning parameter by backstage from need verify user rule configuration list in parse obtain, $ beginning parameter by It is incoming during calling interface, incorporating parametric and expression formula, with third party's el expression parsing instrument back-checking results.
Authority Verification server, can be in advance by all user lists, permissions list, user in order to improve its probatio inspectionem pecuoarem efficiency And its authority relation possessed is loaded among memory cache, reading efficiency is improved.If follow-up have increase to authority and change, Memory cache is then updated by resident thread.
As shown in Fig. 2 in another embodiment there is provided a kind of Authority Verification system of transaction system, including:Client 1, Apps server 2, zookeeper servers 3 and Authority Verification server 4,
Apps server 2 is used for the first screen operation request for receiving the transmission of client 1, is taken by zookeeper The 3 pair of first screen operation request of business device is packaged and is sent to Authority Verification server 4;
Authority Verification server 4 is used for the Authority Verification request for receiving the transmission of client 1, and Authority Verification request includes:The The corresponding ID of the mark ID of one screen operation, client and the first picture input information;And
It is additionally operable to carry out Authority Verification to the first screen operation according to mark ID and ID, when it is determined that being proved to be successful, Returned to client 1 and be proved to be successful information;And when it is determined that during authentication failed, to client 1 return lack of competence prompting message and Authentication failed information.
Specifically, Authority Verification server 4 is additionally operable to each one authority of user configuring and/or a permission group, power Limit group includes at least one authority, and each authority is respectively provided with unique authority keyword, and each user is respectively provided with unique user ID;And
The each screen operation being additionally operable to as client is respectively provided with unique mark ID, according to authority keyword and mark ID, generates Authority Verification list, and Authority Verification list includes:Identify ID and authority keyword.
The foregoing is only presently preferred embodiments of the present invention, be not intended to limit the invention, it is all the present invention spirit and Within principle, any modification, equivalent substitution and improvements made etc. should be included in the scope of the protection.

Claims (10)

1. a kind of method for verifying authority of transaction system, it is characterised in that including:
S1, the first screen operation request for receiving client transmission, and first screen operation is asked to be packaged to obtain Authority Verification is asked, and the Authority Verification asks to be used to ask to carry out Authority Verification, the Authority Verification to the first screen operation Request includes:Mark ID, the corresponding ID of the client and the first picture input information of first screen operation;
S2, Authority Verification carried out to first screen operation according to the mark ID and the ID;
S3, when it is determined that being proved to be successful, return be proved to be successful information;
S4, when it is determined that during authentication failed, returning to lack of competence prompting message and authentication failed information.
2. the method for verifying authority of a kind of transaction system according to claim 1, it is characterised in that before step S1, Also include:
For each one authority of user configuring and/or a permission group, the permission group includes at least one described authority, each Authority is respectively provided with unique authority keyword, and each user is respectively provided with unique ID.
3. the method for verifying authority of a kind of transaction system according to claim 2, it is characterised in that before step S1, Also include:
Unique mark ID is respectively provided with for each screen operation of the client;
According to the authority keyword and the mark ID, Authority Verification list is generated, the Authority Verification list includes:Mark ID and authority keyword.
4. a kind of method for verifying authority of transaction system according to claim any one of 1-3, it is characterised in that step S2 Including:
The all permissions that S21, the corresponding ID of the acquisition client possess;
S22, judge in all permissions whether there is first screen operation mark ID, in this way then determine verify into Work(, otherwise determines authentication failed.
5. the method for verifying authority of a kind of transaction system according to claim 4, it is characterised in that in step S1, pass through Apps server receives the first screen operation request that client is sent, by zookeeper servers to described first Screen operation request is packaged and is sent to Authority Verification server, and the first picture is grasped by the Authority Verification server Make carry out Authority Verification.
6. the method for verifying authority of a kind of transaction system according to claim 4, it is characterised in that the authority includes: Trading privilege and air control authority.
7. the method for verifying authority of a kind of transaction system according to claim 6, it is characterised in that the trading privilege is used Whether can be performed in definition first screen operation.
8. the method for verifying authority of a kind of transaction system according to claim 6, it is characterised in that the air control authority is used In definition the first picture input information whether within a predetermined range.
9. a kind of Authority Verification system of transaction system, it is characterised in that including:Client (1), apps server (2), Zookeeper servers (3) and Authority Verification server (4),
The apps server (2) is used for the first screen operation request for receiving client (1) transmission, passes through Zookeeper servers (3) are packaged to first screen operation request and are sent to Authority Verification server (4);
The Authority Verification server (4) is used for the Authority Verification request for receiving client (1) transmission, the Authority Verification request Including:Mark ID, the corresponding ID of the client (1) and the first picture input information of first screen operation;And
It is additionally operable to carry out Authority Verification to first screen operation according to the mark ID and the ID, when it is determined that checking During success, returned to the client (1) and be proved to be successful information;And when it is determined that during authentication failed, being returned to the client (1) Return lack of competence prompting message and authentication failed information.
10. a kind of Authority Verification system of transaction system according to claim 9, it is characterised in that the Authority Verification Server (4) is additionally operable to as each one authority of user configuring and/or a permission group, and the permission group includes at least one institute Authority is stated, each authority is respectively provided with unique authority keyword, and each user is respectively provided with unique ID;And
The each screen operation being additionally operable to as the client (1) is respectively provided with unique mark ID, according to the authority keyword With the mark ID, Authority Verification list is generated, the Authority Verification list includes:Identify ID and authority keyword.
CN201710210344.9A 2017-03-31 2017-03-31 The method for verifying authority and system of a kind of transaction system Withdrawn CN107038583A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710210344.9A CN107038583A (en) 2017-03-31 2017-03-31 The method for verifying authority and system of a kind of transaction system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710210344.9A CN107038583A (en) 2017-03-31 2017-03-31 The method for verifying authority and system of a kind of transaction system

Publications (1)

Publication Number Publication Date
CN107038583A true CN107038583A (en) 2017-08-11

Family

ID=59533947

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710210344.9A Withdrawn CN107038583A (en) 2017-03-31 2017-03-31 The method for verifying authority and system of a kind of transaction system

Country Status (1)

Country Link
CN (1) CN107038583A (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102034036A (en) * 2010-09-07 2011-04-27 北京握奇数据系统有限公司 Permission management method and equipment
JP2014035610A (en) * 2012-08-08 2014-02-24 Hitachi Ltd Authentication system and authentication method
US20140096024A1 (en) * 2012-09-29 2014-04-03 Oracle International Corporation Dynamic configurable menu using self-describing applications
CN103731428A (en) * 2014-01-02 2014-04-16 合一网络技术(北京)有限公司 Method and system for permission management of copyright user
CN104376102A (en) * 2014-11-26 2015-02-25 浪潮电子信息产业股份有限公司 Connection method based on python and HBase jdbc
CN104732123A (en) * 2015-03-24 2015-06-24 浪潮集团有限公司 Function operation authority control method based on JSON format
CN105653977A (en) * 2015-12-28 2016-06-08 上海瀚银信息技术有限公司 Menu permission configuration method and system
CN106131213A (en) * 2016-08-17 2016-11-16 深圳市金证科技股份有限公司 A kind of service management and system
CN106254451A (en) * 2016-08-01 2016-12-21 迈普通信技术股份有限公司 Embedded device web menu control system and method
CN106302548A (en) * 2016-10-18 2017-01-04 许遥 Distinguish user right to provide the mechanism of map network image data service

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102034036A (en) * 2010-09-07 2011-04-27 北京握奇数据系统有限公司 Permission management method and equipment
JP2014035610A (en) * 2012-08-08 2014-02-24 Hitachi Ltd Authentication system and authentication method
US20140096024A1 (en) * 2012-09-29 2014-04-03 Oracle International Corporation Dynamic configurable menu using self-describing applications
CN103731428A (en) * 2014-01-02 2014-04-16 合一网络技术(北京)有限公司 Method and system for permission management of copyright user
CN104376102A (en) * 2014-11-26 2015-02-25 浪潮电子信息产业股份有限公司 Connection method based on python and HBase jdbc
CN104732123A (en) * 2015-03-24 2015-06-24 浪潮集团有限公司 Function operation authority control method based on JSON format
CN105653977A (en) * 2015-12-28 2016-06-08 上海瀚银信息技术有限公司 Menu permission configuration method and system
CN106254451A (en) * 2016-08-01 2016-12-21 迈普通信技术股份有限公司 Embedded device web menu control system and method
CN106131213A (en) * 2016-08-17 2016-11-16 深圳市金证科技股份有限公司 A kind of service management and system
CN106302548A (en) * 2016-10-18 2017-01-04 许遥 Distinguish user right to provide the mechanism of map network image data service

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
吴应良主编: "《电子商务概论》", 31 August 2006, 华南理工大学出版社 *
蔡立志,武星,刘振宇: "《大数据测评》", 31 January 2015, 上海科学技术出版社 *

Similar Documents

Publication Publication Date Title
KR102514325B1 (en) Model training system and method, storage medium
CN109522735B (en) Data permission verification method and device based on intelligent contract
Xu et al. An efficient privacy‐enhanced attribute‐based access control mechanism
US9900290B2 (en) Methods and systems for proxying data
CN103716326B (en) Resource access method and URG
CN112260990B (en) Method and device for safely accessing intranet application
CN107967416A (en) The methods, devices and systems of copyright right-safeguarding detection
US9065828B2 (en) System for delegation of authority, access management service system, medium, and method for controlling the system for delegation of authority
CN103780580B (en) Method, server and system for providing capability access strategy
KR101985029B1 (en) On-line membership verification utilizing an associated organization certificate
CN104639650B (en) A kind of fine granularity distributed interface access control method and device
CN103297437A (en) Safety server access method for mobile intelligent terminal
US20220321357A1 (en) User credential control system and user credential control method
CN101626369A (en) Method, device and system for single sign-on
CN106257480A (en) A kind of method and device preventing the robot tool malicious access page
CN110086813A (en) Access right control method and device
CN114117264A (en) Illegal website identification method, device, equipment and storage medium based on block chain
Bruhner et al. Changing of the guards: Certificate and public key management on the internet
JP2018022501A (en) Server system and method for controlling multiple service systems
CN105119916B (en) A kind of authentication method and system based on http
CN106888200A (en) Mark correlating method, method for sending information and device
US20230368185A1 (en) Public trust ledger smart contract token transfer in a database system
CN107038583A (en) The method for verifying authority and system of a kind of transaction system
CN106685901A (en) Method for processing cross-domain data, first server and second server
CN104378395B (en) Access the method and device of OTT application, server push message

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20170811