CN107038583A - The method for verifying authority and system of a kind of transaction system - Google Patents
The method for verifying authority and system of a kind of transaction system Download PDFInfo
- Publication number
- CN107038583A CN107038583A CN201710210344.9A CN201710210344A CN107038583A CN 107038583 A CN107038583 A CN 107038583A CN 201710210344 A CN201710210344 A CN 201710210344A CN 107038583 A CN107038583 A CN 107038583A
- Authority
- CN
- China
- Prior art keywords
- authority
- screen operation
- authority verification
- client
- mark
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/405—Establishing or using transaction specific rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Abstract
The invention discloses a kind of method for verifying authority of transaction system and system, method includes:S1, receive client send the first screen operation request, and to the first screen operation request be packaged obtain Authority Verification request, Authority Verification request include:The corresponding ID of the mark ID of first screen operation, client and the first picture input information;S2, according to mark ID and ID to the first screen operation carry out Authority Verification;S3, when it is determined that being proved to be successful, return be proved to be successful information;S4, when it is determined that during authentication failed, returning to lack of competence prompting message and authentication failed information.The beneficial effects of the invention are as follows:The mark ID, ID and this paper input frames of screen operation in the user client interface content inputted are packaged and bound by the technical program, Authority Verification is carried out to screen operation by identifying ID and ID, it is ensured that the confidentiality and security of customer transaction information.
Description
Technical field
The present invention relates to transaction system technical field, the method for verifying authority and system of more particularly to a kind of transaction system.
Background technology
At present, existing transaction system includes enterprises end and bank end, for the friendship between enterprise, between enterprise and bank
The confidentiality and security of easy information can not be ensured well, also in the presence of very big risk hidden danger.
The content of the invention
The invention provides a kind of method for verifying authority of transaction system and system, prior art Transaction Information is solved
There is the technical problem of greater risk hidden danger in security and confidentiality.
The technical scheme that the present invention solves above-mentioned technical problem is as follows:A kind of method for verifying authority of transaction system, including:
S1, the first screen operation request for receiving client transmission, and first screen operation request is packaged
Authority Verification request is obtained, the Authority Verification asks to be used to ask to carry out Authority Verification, the authority to the first screen operation
Checking request includes:Mark ID, the corresponding ID of the client and the first picture input information of first screen operation;
S2, Authority Verification carried out to first screen operation according to the mark ID and the ID;
S3, when it is determined that being proved to be successful, return be proved to be successful information;
S4, when it is determined that during authentication failed, returning to lack of competence prompting message and authentication failed information.
The beneficial effects of the invention are as follows:The technical program by the mark ID of the screen operation in user client interface, use
The content of family ID and this paper input frame input is packaged and bound, and screen operation is weighed by identifying ID and ID
Limit checking, it is ensured that the confidentiality and security of customer transaction information.
On the basis of above-mentioned technical proposal, the present invention can also do following improvement.
Preferably, before step S1, in addition to:
For each one authority of user configuring and/or a permission group, the permission group includes at least one described authority,
Each authority is respectively provided with unique authority keyword, and each user is respectively provided with unique ID.
Preferably, before step S1, in addition to:
Unique mark ID is respectively provided with for each screen operation of the client;
According to the authority keyword and the mark ID, Authority Verification list is generated, the Authority Verification list includes:
Identify ID and authority keyword.
Preferably, step S2 includes:
The all permissions that S21, the corresponding ID of the acquisition client possess;
S22, judge in all permissions whether there is first screen operation mark ID, in this way then determine checking
Success, otherwise determines authentication failed.
Preferably, in step S1, the first screen operation request that client is sent is received by apps server, led to
Cross zookeeper servers to be packaged first screen operation request and be sent to Authority Verification server, pass through institute
State Authority Verification server and Authority Verification is carried out to the first screen operation.
Preferably, the authority includes:Trading privilege and air control authority.
Preferably, the trading privilege is used to define whether first screen operation can perform.
Preferably, the air control authority is used to whether within a predetermined range to define the first picture input information.
A kind of Authority Verification system of transaction system, including:Client, apps server, zookeeper servers
With Authority Verification server,
The apps server is used for the first screen operation request for receiving client transmission, passes through zookeeper
Server is packaged to first screen operation request and is sent to Authority Verification server;
The Authority Verification server is used for the Authority Verification request for receiving client transmission, the Authority Verification request bag
Include:Mark ID, the corresponding ID of the client and the first picture input information of first screen operation;And
Be additionally operable to carry out Authority Verification to first screen operation according to the mark ID and the ID, when it is determined that
When being proved to be successful, returned to the client and be proved to be successful information;And when it is determined that during authentication failed, giving the client to return
Lack of competence prompting message and authentication failed information.
Preferably, the Authority Verification server is additionally operable to as each one authority of user configuring and/or a permission group,
The permission group includes at least one described authority, and each authority is respectively provided with unique authority keyword, and each user is respectively provided with
Unique ID;And
The each screen operation being additionally operable to as the client is respectively provided with unique mark ID, according to the authority keyword
With the mark ID, Authority Verification list is generated, the Authority Verification list includes:Identify ID and authority keyword.
Brief description of the drawings
Fig. 1 is a kind of schematic flow sheet of the method for verifying authority of transaction system provided in an embodiment of the present invention;
A kind of structural representation of the Authority Verification system for transaction system that Fig. 2 provides for another embodiment of the present invention.
Embodiment
The principle and feature of the present invention are described below in conjunction with accompanying drawing, the given examples are served only to explain the present invention, and
It is non-to be used to limit the scope of the present invention.
As shown in figure 1, in one embodiment there is provided a kind of method for verifying authority of transaction system, including:
S1, the first screen operation request for receiving client transmission, and the first screen operation is asked to be packaged to obtain
Authority Verification is asked, and Authority Verification asks to be used to ask to carry out the first screen operation Authority Verification, and Authority Verification request includes:
The corresponding ID of the mark ID of first screen operation, client and the first picture input information;
S2, according to mark ID and ID to the first screen operation carry out Authority Verification;
S3, when it is determined that being proved to be successful, return be proved to be successful information;
S4, when it is determined that during authentication failed, returning to lack of competence prompting message and authentication failed information.
It should be understood that the mark ID, ID and this paper input frames of the screen operation in user client interface are inputted
Content be packaged and bind, by identify ID and ID to screen operation carry out Authority Verification, it is ensured that customer transaction believe
The confidentiality and security of breath.
Specifically, user clicks on a certain button in the operation interface of client, is sent out by the button to background server
Corresponding operation requests are sent, server is first packaged to the request before the request is responded and obtains Authority Verification request, from
And the authority to the operation requests is verified, if be proved to be successful, then it represents that the operation requests are legal, and server can be with
The operation requests are performed, if authentication failed, then it represents that the operation requests are illegal, and server will not be to the behaviour
Make request to be performed, while the information such as the reason for returning to prompting message and the authentication failed of " lack of competence ", so as to both ensure that
The security of information is supplied to the more preferable usage experience of user further through notifying user without this operating right.
Specifically, before step S1, in addition to:
For each one authority of user configuring and/or a permission group, permission group includes at least one authority, each authority
Unique authority keyword is respectively provided with, each user is respectively provided with unique ID.
Specifically, a user can possess an authority, can also possess multiple authorities, and each authority is respectively provided with uniquely
Keyword, equally, each user is respectively provided with unique ID, so as to avoid the situation that multiple authorities are mixed up.
Specifically, before step S1, in addition to:
Unique mark ID is respectively provided with for each screen operation of client;
According to authority keyword and mark ID, Authority Verification list is generated, Authority Verification list includes:Identify ID and authority
Keyword.
Specifically, before user carries out interface operation, it is necessary to each screen operation (such as button) on interface point
With a unique mark ID, then the mark ID of the authority keyword of authority and screen operation is associated, one is generated
Authority Verification list, facilitates the follow-up execution that corresponding authority is found according to mark ID.
Specifically, step S2 includes:
The all permissions that S21, the corresponding ID of acquisition client possess;
S22, judge in all permissions whether there is the first screen operation mark ID, in this way then determine be proved to be successful, it is no
Then determine authentication failed.
Specifically, in step S1, the first screen operation request that client is sent is received by apps server, led to
Cross zookeeper servers to be packaged the request of the first screen operation and be sent to Authority Verification server, tested by authority
Demonstrate,prove server and Authority Verification is carried out to the first screen operation.
Zookeeper servers are distributed, open source code a distributed application program coordination service devices, are
Hadoop and Hbase significant components there is provided function include:Configuring maintenance, domain name service, distributed synchronization, group service etc..
The target of zookeeper servers is exactly the error-prone key service of packaged complexity, and interface easy to use and performance is high
Effect, the system of function-stable are supplied to user.Zookeeper servers can be with the clothes of how many offer search engine of automatic sensing
Business device simultaneously sends searching request to these servers, and standby server is enabled automatically when director server delays machine.
Specifically, authority includes:Trading privilege and air control authority.
Specifically, trading privilege is used to define whether the first screen operation can perform, and air control authority is used to define the first picture
Within a predetermined range whether face input information.The form of air control authority definition uses Json character string forms, is replaced with rule list
Rule defines the regular expression for the computing for directly storing verification in table, rule list with JSON forms.Such as:
{Rule1:{rule1:field:$price1,type:double,op:<,value:@param1},op:&&,
rule2:{field:$price1,type:double,op:>,value:@param2}},op:||,rule2{field:$
price2,type:double,op:<,value:@param3},op:&&,rule2:{field:$price2,type:
double,op:>,value:@param4 } } }, the configuration parameter field of rule list preserves { param1:1000, param2:100,
param3:500, param4:200 }, server can resolve to json the expression formula of following string format:
($Priec1<@param1&&$price1>@param2)||($Priec2<@param3&&$price2>@
Param4) ,@beginning parameter by backstage from need verify user rule configuration list in parse obtain, $ beginning parameter by
It is incoming during calling interface, incorporating parametric and expression formula, with third party's el expression parsing instrument back-checking results.
Authority Verification server, can be in advance by all user lists, permissions list, user in order to improve its probatio inspectionem pecuoarem efficiency
And its authority relation possessed is loaded among memory cache, reading efficiency is improved.If follow-up have increase to authority and change,
Memory cache is then updated by resident thread.
As shown in Fig. 2 in another embodiment there is provided a kind of Authority Verification system of transaction system, including:Client 1,
Apps server 2, zookeeper servers 3 and Authority Verification server 4,
Apps server 2 is used for the first screen operation request for receiving the transmission of client 1, is taken by zookeeper
The 3 pair of first screen operation request of business device is packaged and is sent to Authority Verification server 4;
Authority Verification server 4 is used for the Authority Verification request for receiving the transmission of client 1, and Authority Verification request includes:The
The corresponding ID of the mark ID of one screen operation, client and the first picture input information;And
It is additionally operable to carry out Authority Verification to the first screen operation according to mark ID and ID, when it is determined that being proved to be successful,
Returned to client 1 and be proved to be successful information;And when it is determined that during authentication failed, to client 1 return lack of competence prompting message and
Authentication failed information.
Specifically, Authority Verification server 4 is additionally operable to each one authority of user configuring and/or a permission group, power
Limit group includes at least one authority, and each authority is respectively provided with unique authority keyword, and each user is respectively provided with unique user
ID;And
The each screen operation being additionally operable to as client is respectively provided with unique mark ID, according to authority keyword and mark
ID, generates Authority Verification list, and Authority Verification list includes:Identify ID and authority keyword.
The foregoing is only presently preferred embodiments of the present invention, be not intended to limit the invention, it is all the present invention spirit and
Within principle, any modification, equivalent substitution and improvements made etc. should be included in the scope of the protection.
Claims (10)
1. a kind of method for verifying authority of transaction system, it is characterised in that including:
S1, the first screen operation request for receiving client transmission, and first screen operation is asked to be packaged to obtain
Authority Verification is asked, and the Authority Verification asks to be used to ask to carry out Authority Verification, the Authority Verification to the first screen operation
Request includes:Mark ID, the corresponding ID of the client and the first picture input information of first screen operation;
S2, Authority Verification carried out to first screen operation according to the mark ID and the ID;
S3, when it is determined that being proved to be successful, return be proved to be successful information;
S4, when it is determined that during authentication failed, returning to lack of competence prompting message and authentication failed information.
2. the method for verifying authority of a kind of transaction system according to claim 1, it is characterised in that before step S1,
Also include:
For each one authority of user configuring and/or a permission group, the permission group includes at least one described authority, each
Authority is respectively provided with unique authority keyword, and each user is respectively provided with unique ID.
3. the method for verifying authority of a kind of transaction system according to claim 2, it is characterised in that before step S1,
Also include:
Unique mark ID is respectively provided with for each screen operation of the client;
According to the authority keyword and the mark ID, Authority Verification list is generated, the Authority Verification list includes:Mark
ID and authority keyword.
4. a kind of method for verifying authority of transaction system according to claim any one of 1-3, it is characterised in that step S2
Including:
The all permissions that S21, the corresponding ID of the acquisition client possess;
S22, judge in all permissions whether there is first screen operation mark ID, in this way then determine verify into
Work(, otherwise determines authentication failed.
5. the method for verifying authority of a kind of transaction system according to claim 4, it is characterised in that in step S1, pass through
Apps server receives the first screen operation request that client is sent, by zookeeper servers to described first
Screen operation request is packaged and is sent to Authority Verification server, and the first picture is grasped by the Authority Verification server
Make carry out Authority Verification.
6. the method for verifying authority of a kind of transaction system according to claim 4, it is characterised in that the authority includes:
Trading privilege and air control authority.
7. the method for verifying authority of a kind of transaction system according to claim 6, it is characterised in that the trading privilege is used
Whether can be performed in definition first screen operation.
8. the method for verifying authority of a kind of transaction system according to claim 6, it is characterised in that the air control authority is used
In definition the first picture input information whether within a predetermined range.
9. a kind of Authority Verification system of transaction system, it is characterised in that including:Client (1), apps server (2),
Zookeeper servers (3) and Authority Verification server (4),
The apps server (2) is used for the first screen operation request for receiving client (1) transmission, passes through
Zookeeper servers (3) are packaged to first screen operation request and are sent to Authority Verification server (4);
The Authority Verification server (4) is used for the Authority Verification request for receiving client (1) transmission, the Authority Verification request
Including:Mark ID, the corresponding ID of the client (1) and the first picture input information of first screen operation;And
It is additionally operable to carry out Authority Verification to first screen operation according to the mark ID and the ID, when it is determined that checking
During success, returned to the client (1) and be proved to be successful information;And when it is determined that during authentication failed, being returned to the client (1)
Return lack of competence prompting message and authentication failed information.
10. a kind of Authority Verification system of transaction system according to claim 9, it is characterised in that the Authority Verification
Server (4) is additionally operable to as each one authority of user configuring and/or a permission group, and the permission group includes at least one institute
Authority is stated, each authority is respectively provided with unique authority keyword, and each user is respectively provided with unique ID;And
The each screen operation being additionally operable to as the client (1) is respectively provided with unique mark ID, according to the authority keyword
With the mark ID, Authority Verification list is generated, the Authority Verification list includes:Identify ID and authority keyword.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710210344.9A CN107038583A (en) | 2017-03-31 | 2017-03-31 | The method for verifying authority and system of a kind of transaction system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710210344.9A CN107038583A (en) | 2017-03-31 | 2017-03-31 | The method for verifying authority and system of a kind of transaction system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107038583A true CN107038583A (en) | 2017-08-11 |
Family
ID=59533947
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710210344.9A Withdrawn CN107038583A (en) | 2017-03-31 | 2017-03-31 | The method for verifying authority and system of a kind of transaction system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107038583A (en) |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102034036A (en) * | 2010-09-07 | 2011-04-27 | 北京握奇数据系统有限公司 | Permission management method and equipment |
JP2014035610A (en) * | 2012-08-08 | 2014-02-24 | Hitachi Ltd | Authentication system and authentication method |
US20140096024A1 (en) * | 2012-09-29 | 2014-04-03 | Oracle International Corporation | Dynamic configurable menu using self-describing applications |
CN103731428A (en) * | 2014-01-02 | 2014-04-16 | 合一网络技术(北京)有限公司 | Method and system for permission management of copyright user |
CN104376102A (en) * | 2014-11-26 | 2015-02-25 | 浪潮电子信息产业股份有限公司 | Connection method based on python and HBase jdbc |
CN104732123A (en) * | 2015-03-24 | 2015-06-24 | 浪潮集团有限公司 | Function operation authority control method based on JSON format |
CN105653977A (en) * | 2015-12-28 | 2016-06-08 | 上海瀚银信息技术有限公司 | Menu permission configuration method and system |
CN106131213A (en) * | 2016-08-17 | 2016-11-16 | 深圳市金证科技股份有限公司 | A kind of service management and system |
CN106254451A (en) * | 2016-08-01 | 2016-12-21 | 迈普通信技术股份有限公司 | Embedded device web menu control system and method |
CN106302548A (en) * | 2016-10-18 | 2017-01-04 | 许遥 | Distinguish user right to provide the mechanism of map network image data service |
-
2017
- 2017-03-31 CN CN201710210344.9A patent/CN107038583A/en not_active Withdrawn
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102034036A (en) * | 2010-09-07 | 2011-04-27 | 北京握奇数据系统有限公司 | Permission management method and equipment |
JP2014035610A (en) * | 2012-08-08 | 2014-02-24 | Hitachi Ltd | Authentication system and authentication method |
US20140096024A1 (en) * | 2012-09-29 | 2014-04-03 | Oracle International Corporation | Dynamic configurable menu using self-describing applications |
CN103731428A (en) * | 2014-01-02 | 2014-04-16 | 合一网络技术(北京)有限公司 | Method and system for permission management of copyright user |
CN104376102A (en) * | 2014-11-26 | 2015-02-25 | 浪潮电子信息产业股份有限公司 | Connection method based on python and HBase jdbc |
CN104732123A (en) * | 2015-03-24 | 2015-06-24 | 浪潮集团有限公司 | Function operation authority control method based on JSON format |
CN105653977A (en) * | 2015-12-28 | 2016-06-08 | 上海瀚银信息技术有限公司 | Menu permission configuration method and system |
CN106254451A (en) * | 2016-08-01 | 2016-12-21 | 迈普通信技术股份有限公司 | Embedded device web menu control system and method |
CN106131213A (en) * | 2016-08-17 | 2016-11-16 | 深圳市金证科技股份有限公司 | A kind of service management and system |
CN106302548A (en) * | 2016-10-18 | 2017-01-04 | 许遥 | Distinguish user right to provide the mechanism of map network image data service |
Non-Patent Citations (2)
Title |
---|
吴应良主编: "《电子商务概论》", 31 August 2006, 华南理工大学出版社 * |
蔡立志,武星,刘振宇: "《大数据测评》", 31 January 2015, 上海科学技术出版社 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR102514325B1 (en) | Model training system and method, storage medium | |
CN109522735B (en) | Data permission verification method and device based on intelligent contract | |
Xu et al. | An efficient privacy‐enhanced attribute‐based access control mechanism | |
US9900290B2 (en) | Methods and systems for proxying data | |
CN103716326B (en) | Resource access method and URG | |
CN112260990B (en) | Method and device for safely accessing intranet application | |
CN107967416A (en) | The methods, devices and systems of copyright right-safeguarding detection | |
US9065828B2 (en) | System for delegation of authority, access management service system, medium, and method for controlling the system for delegation of authority | |
CN103780580B (en) | Method, server and system for providing capability access strategy | |
KR101985029B1 (en) | On-line membership verification utilizing an associated organization certificate | |
CN104639650B (en) | A kind of fine granularity distributed interface access control method and device | |
CN103297437A (en) | Safety server access method for mobile intelligent terminal | |
US20220321357A1 (en) | User credential control system and user credential control method | |
CN101626369A (en) | Method, device and system for single sign-on | |
CN106257480A (en) | A kind of method and device preventing the robot tool malicious access page | |
CN110086813A (en) | Access right control method and device | |
CN114117264A (en) | Illegal website identification method, device, equipment and storage medium based on block chain | |
Bruhner et al. | Changing of the guards: Certificate and public key management on the internet | |
JP2018022501A (en) | Server system and method for controlling multiple service systems | |
CN105119916B (en) | A kind of authentication method and system based on http | |
CN106888200A (en) | Mark correlating method, method for sending information and device | |
US20230368185A1 (en) | Public trust ledger smart contract token transfer in a database system | |
CN107038583A (en) | The method for verifying authority and system of a kind of transaction system | |
CN106685901A (en) | Method for processing cross-domain data, first server and second server | |
CN104378395B (en) | Access the method and device of OTT application, server push message |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20170811 |