CN108197480A - Access control method, device and computer readable storage medium - Google Patents
Access control method, device and computer readable storage medium Download PDFInfo
- Publication number
- CN108197480A CN108197480A CN201711322094.4A CN201711322094A CN108197480A CN 108197480 A CN108197480 A CN 108197480A CN 201711322094 A CN201711322094 A CN 201711322094A CN 108197480 A CN108197480 A CN 108197480A
- Authority
- CN
- China
- Prior art keywords
- user
- access information
- history
- mark
- history access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The present invention proposes a kind of access control method, device and computer readable storage medium, wherein, this method includes:The first system logging request that user sends is received, the logging request includes the mark of the user;According to the mark of the user, judge whether the user has the permission for accessing second system;If so, the login interface of the second system is then shown in user interface;When determining that the user triggers the login interface of the second system, first history access information of the user to the second system is obtained, wherein the first history access information includes the mark of the user;The first history access information is sent to the second system, so that the second system judges whether the current access of the user is legal.As a result, when user accesses second system by the first system, without using third party system, the verification accessed user can be realized by second system, realize that process is succinct, efficient, improve user experience.
Description
Technical field
The present invention relates to a kind of information technology field more particularly to access control method, device and computer-readable storages
Medium.
Background technology
With the development of computer technology and internet, many business need to carry out on computers, and different systems
The business usually handled is different, when needing to jump to another business from a kind of business, it is necessary between different systems
It switches over.For example, care management system can nurse community-dwelling elder for nursing staff provides a workbench, community-dwelling elder
Pending nursery work can be found in care management system, but when old man is sick or other unexpected needs occurs to doctor
When institute goes to a doctor, doctor is needed to open doctor's advice by hospital information system, and pending doctor's advice task, it needs to access information for hospital system
System can just be found, this just needs nursing staff's frequent switching between care management system and hospital information system, so as to band
Carry out the inconvenience in work.It is switched between the systems in order to more convenient, needs mutually access between different systems, and
In order to improve the safety of access, need authentication-access whether legal.
The prior art when mutually accessing between two systems, needs to rely on third party system and accesses verification.For example,
When system A needs access system B, system A first will first access system C, a verification token be obtained at system C, then
System A will verify that token is sent to system B, after system B is verified token, also to access system C and carry out token authentication, if testing
It is legal errorless to demonstrate,prove token, then is verified, system A can access system B.This mode realizes that process is complicated, and efficiency is low,
Poor user experience.
Invention content
The present invention is directed to solve at least some of the technical problems in related technologies.
For this purpose, the present invention proposes a kind of access control method, when user accesses second system by the first system, without
Using third party system, the verification accessed user can be realized by second system, realize that process is succinct, efficient, improve
User experience.
The present invention also proposes another access control method.
The present invention also proposes a kind of access control apparatus.
The present invention also proposes another access control apparatus.
The present invention also proposes a kind of computer readable storage medium.
The present invention also proposes a kind of electronic equipment.
First aspect present invention embodiment proposes a kind of access control method, including:Receive the first system that user sends
System logging request, the logging request include the mark of the user;According to the mark of the user, judge that the user is
It is no to have the permission for accessing second system;If so, the login interface of the second system is then shown in user interface;Described in determining
When user triggers the login interface of the second system, obtain the user and letter is accessed to the first history of the second system
Breath, wherein the first history access information includes the mark of the user;The first history access information is sent to described
Second system, so that the second system judges whether the current access of the user is legal.
The access control method of the embodiment of the present invention, the first system is in the first system logging request for receiving user's transmission
Afterwards, it can judge whether user has the permission for accessing second system according to the mark of user, if so, then can be in user interface
It shows the login interface of second system, and when determining that user triggers the login interface of second system, obtains user to the second system
First history access information of system, is then sent to second system by the first history access information, so that second system judges to use
Whether the current access in family is legal.As a result, when user accesses second system by the first system, it is without using third party
The verification accessed user can be realized by second system in system, realizes that process is succinct, efficient, improves user experience.
Second aspect of the present invention embodiment proposes another access control method, including:Second system obtains the first system
The the first history access information sent, the first history access information include the mark of user;The second system according to
The mark of the user obtains the second history access information of the user of local record;Judge that first history accesses
Whether information is consistent with the second history access information;If consistent, message is verified to the first system return.
The access control method of the embodiment of the present invention, second system obtain the first history access information that the first system is sent
Afterwards, the second history access information of the user of local record according to the mark of user, can be obtained, then judges that the first history is visited
Ask whether information is consistent with the second history access information, if unanimously, message is verified to the first system return.Exist as a result,
When user accesses second system by the first system, without using third party system, it can be realized by second system to user
The verification of access realizes that process is succinct, efficient, improves user experience.
Third aspect present invention embodiment proposes a kind of access control apparatus, including:Receiving module, for receiving user
The first system logging request of transmission, the logging request include the mark of the user;First judgment module, for basis
The mark of the user, judges whether the user has the permission for accessing second system;First display module, for having in user
When accessing the permission of second system, the login interface of the second system is shown in user interface;First acquisition module, for
When determining that the user triggers the login interface of the second system, first history of the user to the second system is obtained
Access information, wherein the first history access information includes the mark of the user;First sending module, for by described first
History access information is sent to the second system, so that the second system judges whether the current access of the user closes
Method.
The access control apparatus of the embodiment of the present invention, can be with after the first system logging request for receiving user's transmission
According to the mark of user, judge whether user has the permission for accessing second system, if so, then can show second in user interface
The login interface of system, and when determining that user triggers the login interface of second system, user is obtained to the first of second system
Then first history access information is sent to second system by history access information, so as to judge user current for second system
Whether access legal.As a result, when user accesses second system by the first system, without using third party system, by the
The verification accessed user can be realized in two system, realizes that process is succinct, efficient, improves user experience.
Fourth aspect present invention embodiment proposes another access control apparatus, including:Second acquisition module, for second
System obtains the first history access information that the first system is sent, and the first history access information includes the mark of user;
Third acquisition module for the second system according to the mark of the user, obtains the second of the user of local record
History access information;Third judgment module, for judging whether the first history access information accesses with second history
Information is consistent;Second sending module, for the first history access information it is consistent with the second history access information when, to
The first system return is verified message.
The access control apparatus of the embodiment of the present invention, can be with after obtaining the first history access information that the first system is sent
According to the mark of user, the second history access information of the user of local record is obtained, then judges the first history access information
It is whether consistent with the second history access information, if unanimously, message is verified to the first system return.Lead to as a result, in user
When crossing the first system access second system, without using third party system, it can be realized what user was accessed by second system
Verification realizes that process is succinct, efficient, improves user experience.
Fifth aspect present invention embodiment proposes a kind of computer readable storage medium, is stored thereon with computer journey
Sequence, realize when said program is executed by a processor access control method as described in relation to the first aspect and/or, such as second aspect
The access control method.
Sixth aspect present invention embodiment proposes a kind of electronic equipment, including:Processor;And memory, for depositing
Store up the executable instruction of the processor;Wherein, the processor is configured to perform the via the executable instruction is performed
Access control method described in one side or second aspect.
Description of the drawings
Above-mentioned and/or additional aspect and advantage of the invention will become from the following description of the accompanying drawings of embodiments
Significantly and it is readily appreciated that, wherein:
Fig. 1 is the flow chart of the access control method of one embodiment of the invention;
Fig. 2 is the flow chart of the access control method of another embodiment of the present invention;
Fig. 3 is the flow chart of the access control method of another embodiment of the present invention;
Fig. 4 is the signaling interaction diagram of the access control method of one embodiment of the invention;
Fig. 5 is the structure diagram of the access control apparatus of one embodiment of the invention;
Fig. 6 is the structure diagram of the access control apparatus of another embodiment of the present invention.
Specific embodiment
The embodiment of the present invention is described below in detail, the example of the embodiment is shown in the drawings, wherein from beginning to end
Same or similar label represents same or similar element or the element with same or like function.Below with reference to attached
The embodiment of figure description is exemplary, it is intended to for explaining the present invention, and is not considered as limiting the invention.
Various embodiments of the present invention are directed to the prior art, when mutually accessing between two systems, need to rely on third party system
The problem of access verification, this mode, realizes that process is complicated, and efficiency is low, poor user experience, proposes a kind of access control
Method.
Access control method provided in an embodiment of the present invention, the first system are logged in the first system for receiving user's transmission
After request, when determining that user has the permission for accessing second system, the login interface of second system can be shown in user interface,
And when determining that user triggers the login interface of second system, first history access information of the user to second system is obtained, so
The first history access information is sent to second system afterwards, so that second system judges whether the current access of user is legal.By
This, when user accesses second system by the first system, without using third party system, can be realized pair by second system
The verification that user accesses realizes that process is succinct, efficient, improves user experience.
Separately below by taking the first system side and second system side as an example, to access control side provided in an embodiment of the present invention
Method, device and computer readable storage medium illustrate.
First by taking the first system side as an example, access control method provided in an embodiment of the present invention is illustrated.
Fig. 1 is the flow chart of the access control method of one embodiment of the invention.
As shown in Figure 1, the access control method includes:
Step 101, the first system logging request that user sends is received, logging request includes the mark of user.
Specifically, the executive agent of access control method provided in an embodiment of the present invention is the first system.
Wherein, the operation touch-controls such as the first system logging request can be user by clicking, long-press or slip, which have, to be stepped on
The button triggering or user of the function of the first system is recorded by speech trigger, is not restricted herein.
The mark of user can be the account, ID card No., mobile phone of user for the identity of unique mark user
Number, email address, identification (Identification, abbreviation ID) number etc. arbitrarily can be with the letters of identity user identity
Breath.
Specifically, after the first system receives the first system logging request of user's transmission, user can be allowed to log in the
One system.
Optionally, after the first system receives the first system logging request of user's transmission, it can also judge user identity
It is whether legal, if user identity is legal, then user is allowed to log in the first system.
That is, first password corresponding with the mark of user can also be included in logging request.
Correspondingly, after step 101, can also include:
Judge with the corresponding first password of mark of user whether with the second password match for being stored in the first system.
Specifically, password corresponding with the mark of each user can be pre-set, and it is stored in the first system, so as to
It, can be according to the mark for the user that logging request includes, from the first system after the first system logging request for obtaining user
In each password of storage, the second password corresponding with the mark of user is obtained, and judge that the second password includes with logging request
First password corresponding with the mark of user whether match.If matching, can determine that user identity is legal, so as to allow to use
Family logs in the first system;It if mismatching, can determine that user identity is illegal, the first system is logged in so as to refuse user.
It should be noted that password corresponding with the mark of each user, can be the first system setting or
It is user-defined, it is not restricted herein.
Step 102, according to the mark of user, judge whether user has the permission for accessing second system.
Specifically, a user list can be pre-set, list includes the institute with the permission for accessing second system
There is the mark of user, so as to after the first system logging request that user sends is obtained, it can be determined that the user in logging request
Identify whether be included in user list in.If the mark of user in user list, can determine that user has access second
The permission of system;If the mark of user not in user list, can determine that user does not access the permission of second system.
Step 103, if so, then showing the login interface of second system in user interface.
Specifically, if it is determined that user has the permission for accessing second system, then second system can be shown in user interface
Login interface.
Wherein, login interface can be arbitrary form.For example, can be button, network address etc..
Step 104, it when determining that user triggers the login interface of second system, obtains user and is gone through to the first of second system
History access information, wherein the first history access information includes the mark of user.
Wherein, the first history access information can include user and access the access times of second system, user the every time
One or more of information such as time, the geographical location of two system.
Specifically, user is after the first system is logged in, to log in second system, then can by clicking, long-press or
The login interface of the operations such as slip triggering second system.
Step 105, the first history access information is sent to second system, so that second system judges the current visit of user
Whether ask legal.
Specifically, when each user accesses second system every time, the first system can be identified as index with user,
Access information of the user to second system is locally recorded, so as to determine that user triggers the login interface of second system in the first system
When, can the first history access information corresponding with the mark of user that recorded before be obtained, and will packet according to the mark of user
The the first history access information for including the mark of user is sent to second system, so that second system judges the current access of user is
It is no legal.
It is understood that when accessing second system every time due to each user, access information is all variation, therefore sharp
Accessed verification with the history access information of user, can to avoid other systems by the identity of copying and forging the first system,
Unauthorized access second system improves the safety mutually accessed between system.
The access control method of the embodiment of the present invention, the first system is in the first system logging request for receiving user's transmission
Afterwards, it can judge whether user has the permission for accessing second system according to the mark of user, if so, then can be in user interface
It shows the login interface of second system, and when determining that user triggers the login interface of second system, obtains user to the second system
First history access information of system, is then sent to second system by the first history access information, so that second system judges to use
Whether the current access in family is legal.As a result, when user accesses second system by the first system, it is without using third party
The verification accessed user can be realized by second system in system, realizes that process is succinct, efficient, improves user experience.
By above-mentioned analysis it is found that the first system is when determining that user will access second system, user can be obtained to
First history access information of two system, and the first history access information is sent to second system, so that second system judges
Whether the current access of user is legal.Optionally, after the first history access information can also be encrypted in the first system
Second system is then forwarded to, so as to avoid accessing the information leakage in verification process, the safety mutually accessed between raising system
Property.With reference to Fig. 2, access control method provided in an embodiment of the present invention is further described.
Fig. 2 is the flow chart of the access control method of another embodiment of the present invention.
As shown in Fig. 2, this method includes:
Step 201, receive user send the first system logging request, logging request include user mark and with
The corresponding first password of mark at family.
Step 202, judge with the corresponding first password of mark of user whether with the second password for being stored in the first system
Matching.
Step 203, if matching, according to the mark of user, judge whether user has the permission for accessing second system.
Step 204, if so, then showing the login interface of second system in user interface.
Step 205, when determining that user triggers the login interface of second system, first history of the user to second system is obtained
Access information, wherein the first history access information includes the mark of user.
Wherein, the specific implementation process and principle of above-mentioned steps 201-205 is referred to retouching in detail for above-described embodiment
It states, details are not described herein again.
Step 206, using the public key of second system, the first history access information is encrypted.
Step 207, the first history access information after encryption is sent to second system, so that second system judges
Whether the current access of user is legal.
Specifically, second system is previously according to rivest, shamir, adelman after public key and private key is determined, it can be by its public affairs
Key is sent to the first system, so as to which the first system is after user is obtained to the first history access information of second system, Ke Yili
With the public key of second system, the first history access information is encrypted, and the first history after encryption is accessed
Information is sent to second system, so that second system can access the first history of acquisition according to private key corresponding with public key
Information is decrypted, and according to the first history access information after decryption, judges whether the current access of user is legal.It is logical
It crosses after the first history access information encryption, is then forwarded to second system, avoid the information accessed in verification process and let out
Dew, improves the safety mutually accessed between system.
It is understood that if the first history access information that second system is sent according to the first system, determines that user works as
Preceding access is legal, then can be returned to the first system and be verified message, so as to which user can access second from the first system
System.
Optionally, the first history access information can include the access times of user, and the access times of user can with
The access variation at family, user often access once, and access times add one, correspondingly, after step 207, can also include:
If get second system return is verified message, the access times of user are added one.
Wherein, the access times of user refer to that user accesses the number of second system.
Specifically, the first system after second system sends the first history access information, returns if receiving second system
Be verified message, i.e. user can access second system, then can the access times of user be added one.
As an example it is assumed that the current access times of user are 10, then after the login interface for triggering second system in user,
The first system can obtain access times 10 of the user to second system, and the public key sent using second system, be carried out to 10
Then encrypted data are sent to second system by encryption.If second system determines user, current access is legal, and
It being returned to the first system and is verified message, then the current access times 10 of user can be added one by the first system, thus
When user accesses second system again by the first system, the first system can obtain the access times 11 of user, and 11 are added
Second system is sent to after close processing, so that second system judges whether the access of user again is legal.
It accesses verification, can pass through to avoid other systems multiple by using the access times that can change are accessed every time
System forges the identity of the first system, and unauthorized access second system improves the safety mutually accessed between system.
Further, it when second system determines that the current access of user is legal, can obtain corresponding with the mark of user
Access data, and by access data be sent to the first system, to realize that user accesses second system by the first system.
That is, get second system return be verified message after, can also include:
The data content corresponding to the user of second system return is shown in user interface.
The access control method of the embodiment of the present invention, after the first system receives the first system logging request that user sends,
May determine that with the corresponding first password of mark of user whether with the second password match for being stored in the first system, if matching,
Then it can judge whether user has the permission for accessing second system according to the mark of user, if so, then showing the in user interface
The login interface of two system when determining that user triggers the login interface of second system, can obtain user to second system
First history access information, and using the public key of second system, the first history access information is encrypted, then will be added
Close treated that the first history access information is sent to second system, so that second system judges whether the current access of user closes
Method.As a result, when user accesses second system by the first system, without using third party system, pass through second system
It realizes the verification that accesses user, realizes that process is succinct, efficient, and by by after the first history access information encryption, then
Second system is sent to, the information leakage accessed in verification process is avoided, improves the safety mutually accessed between system,
Improve user experience.
Below by taking second system side as an example, access control method provided in an embodiment of the present invention is illustrated.
Fig. 3 is the flow chart of the access control method of another embodiment of the present invention.
As shown in figure 3, the access control method includes:
Step 301, second system obtains the first history access information that the first system is sent, in the first history access information
Mark including user.
Specifically, the executive agent of access control method provided in an embodiment of the present invention is second system.
Wherein, the first history access information can include user and access the access times of second system, user the every time
One or more of information such as time, the geographical location of two system.
During specific implementation, the first system is determining that user has the permission for accessing second system, and show the in user interface
After the login interface of two system, when determining that user triggers the login interface of second system, it can be obtained according to the mark of user
First history access information of the mark including user is sent to by user to the first history access information of second system
Two system, so as to which second system can obtain the first history access information of the mark including user.
Step 302, second system obtains the second history access information of the user of local record according to the mark of user.
Specifically, when each user accesses second system every time, second system can be identified as index with user,
Access information of the user to second system is locally recorded, so as to get the first history letter of the first system transmission in second system
After breath, the mark of user that can be included according to the first historical information obtains the corresponding with the mark of user of local record
Second history access information.
Step 303, judge whether the first history access information is consistent with the second history access information.
Step 304, if unanimously, message is verified to the first system return.
Specifically, after second system obtains the second history access information of local record, you can will be obtained from the first system
The first history access information, compared with the second history access information, however, it is determined that the first history access information is gone through with second
History access information is consistent, then can determine that the current access of user is legal, so as to be verified message to the first system return.If
Second system determines that the first history access information and the second history access information are inconsistent, then can determine the current access of user
It is illegal, so as to return to authentication failed message to the first system.
Optionally, the first system is then forwarded to second system after can the first history access information be encrypted,
So as to avoid accessing the information leakage in verification process, the safety mutually accessed between raising system.Correspondingly, in the second system
After system gets encrypted first history access information, the first history access information can also be decrypted.That is,
After step 301, it can also include:
The first history access information is decrypted using private key corresponding with the first system.
Specifically, second system can determine public key and private key according to rivest, shamir, adelman, and public key is sent to
One system so as to which the first system is after user is obtained to the first history access information of second system, can utilize second system
Public key, the first history access information is encrypted, and the first history access information after encryption is sent to
Second system.Second system can carry out after the first history access information after obtaining encryption using with the first system
Public key used corresponding private key during encryption is decrypted encrypted first history access information, so as to sentence
Whether the first history access information and the second history access information after disconnected decryption are consistent, whether to judge the current access of user
It is legal.
It is understood that it may each comprise the access of user in the first history access information and the second history access information
Number, and the access times of user can change with the access of user, user often accesses once, and access times add one, correspondingly,
After step 304, it can also include:
The access times of user are added one.
Wherein, the access times of user refer to that user accesses the number of second system.
Specifically, if second system determines that the first history access information is consistent with the second history access information, i.e., user can
To access second system, then the access times of user can be added one.
As an example it is assumed that the access times of access times and second system local record that the first system is sent are
10, then it, can be to the after the access times of second system sends the first system access times and local record are compared
The return of one system is verified message, and by 10 plus 1, thus when user accesses second system again by the first system, the
After two system gets the access times of the first system transmission again, it can be determined that whether the access times received are with 11 1
It causes, to judge whether the access of user again is legal.
It accesses verification by using the access information such as access times that can change are accessed every time, it can be to avoid other
System improves the safety mutually accessed between system by the identity of copying and forging the first system, unauthorized access second system
Property.
Further, it when second system determines that the current access of user is legal, can obtain corresponding with the mark of user
Access data, and by access data be sent to the first system, to realize that user accesses second system by the first system.
That is, after step 304, can also include:
According to the mark of user, the corresponding access data of user are determined;
Data will be accessed and return to the first system.
The access control method of the embodiment of the present invention, second system obtain the first history access information that the first system is sent
Afterwards, the second history access information of the user of local record according to the mark of user, can be obtained, then judges that the first history is visited
Ask whether information is consistent with the second history access information, if unanimously, message is verified to the first system return.Exist as a result,
When user accesses second system by the first system, without using third party system, it can be realized by second system to user
The verification of access realizes that process is succinct, efficient, improves user experience.
Fig. 4 is the signaling interaction diagram of the access control method of one embodiment of the invention.
As shown in figure 4, the interactive process of the first system and second system is as follows:
Step 401, the first system receives the first system logging request that user sends.
Wherein, logging request includes the mark of user.
Step 402, the first system is according to the mark of user, when determining that user has the permission for accessing second system, in user
The login interface of interface display second system.
Step 403, the first system obtains user to second system when determining that user triggers the login interface of second system
The first history access information.
Wherein, the first history access information includes the mark of user.
Step 404, the first history access information is sent to second system by the first system.
Step 405, second system obtains the second history access information of the user of local record according to the mark of user.
Step 406, second system determines that the first history access information is consistent with the second history access information.
Step 407, second system is verified message to the first system return.
Specifically, after the first system receives the first system logging request that user sends, if according to the mark of user, determine
User has the permission for accessing second system, then the login interface of second system can be shown in user interface, is determining that user touches
When sending out the login interface of second system, first history access information of the user to second system can be obtained, and by the first history
Access information is sent to second system.After second system gets the first history access information of the first system transmission, Ke Yigen
According to the mark of user that the first history access information includes, the second history access information of the user of local record is obtained, if
It determines that the first history access information is consistent with the second history access information, then can be returned to the first system and be verified message.
By the above process, when user accesses second system by the first system, without using third party system, pass through
The verification accessed user can be realized in second system, realizes that process is succinct, efficient, improves user experience.
Fig. 5 is the structure diagram of the access control apparatus of one embodiment of the invention.
As shown in figure 5, the access control apparatus includes:
Receiving module 51, for receiving the first system logging request of user's transmission, logging request includes the mark of user
Know;
First judgment module 52 for the mark according to user, judges whether user has the permission for accessing second system;
First display module 53, for when user has the permission for accessing second system, the second system to be shown in user interface
The login interface of system;
First acquisition module 54, for when determining that user triggers the login interface of second system, obtaining user to second
First history access information of system, wherein the first history access information includes the mark of user;
First sending module 55, for the first history access information to be sent to second system, so that second system judges
Whether the current access of user is legal.
Specifically, access control apparatus provided in an embodiment of the present invention, can be configured in the first system, for performing
The access control method that first aspect present invention embodiment provides.
Optionally, the access control apparatus can also include:
For the public key sent using second system, place is encrypted to the first history access information in first processing module
Reason.
Optionally, the first history access information, the access times including user, correspondingly, the access control apparatus, may be used also
To include:
First control module, for getting when being verified message of second system return, then by the access of user
Number adds one.
Optionally, the access control apparatus can also include:
Second display module, for showing the data content corresponding to the user of second system return in user interface.
Optionally, first password corresponding with the mark of user is further included in logging request, correspondingly, the access control fills
It puts, can also include:
Second judgment module, for whether judging with the corresponding first password of mark of user with being stored in the first system
Second password match.
It should be noted that the explanation of the aforementioned access control method embodiment provided first aspect embodiment
Suitable for the access control apparatus of the embodiment, details are not described herein again.
The access control apparatus of the embodiment of the present invention, can be with after the first system logging request for receiving user's transmission
According to the mark of user, judge whether user has the permission for accessing second system, if so, then can show second in user interface
The login interface of system, and when determining that user triggers the login interface of second system, user is obtained to the first of second system
Then first history access information is sent to second system by history access information, so as to judge user current for second system
Whether access legal.As a result, when user accesses second system by the first system, without using third party system, by the
The verification accessed user can be realized in two system, realizes that process is succinct, efficient, improves user experience.
Fig. 6 is the structure diagram of the access control apparatus of another embodiment of the present invention.
As shown in fig. 6, the access control apparatus includes:
Second acquisition module 61 obtains the first history access information of the first system transmission for second system, and first goes through
History access information includes the mark of user;
Third acquisition module 62, for second system according to the mark of user, obtain the user of local record second is gone through
History access information;
Third judgment module 63, for judging whether the first history access information is consistent with the second history access information;
Second sending module 64, for the first history access information it is consistent with the second history access information when, to the first system
System returns and is verified message.
Specifically, access control apparatus provided in an embodiment of the present invention, can be configured in second system, for performing
The access control method that second aspect of the present invention embodiment provides.
Optionally, the access control apparatus can also include:
Second processing module, for place to be decrypted to the first history access information using private key corresponding with the first system
Reason.
Optionally, the access control apparatus can also include:
Determining module for the mark according to user, determines the corresponding access data of user;
Third sending module returns to the first system for that will access data.
Optionally, the second history access information includes the access times of user, correspondingly,
The access control apparatus can also include:
Second control module, for the access times of user to be added one.
It should be noted that the explanation of the aforementioned access control method embodiment provided second aspect embodiment
Suitable for the access control apparatus of the embodiment, details are not described herein again.
Access control apparatus provided in an embodiment of the present invention, after obtaining the first history access information that the first system is sent,
The second history access information of the user of local record according to the mark of user, can be obtained, then judges that the first history accesses
Whether information is consistent with the second history access information, if unanimously, message is verified to the first system return.As a result, with
When family accesses second system by the first system, without using third party system, it can be realized by second system and user visited
The verification asked realizes that process is succinct, efficient, improves user experience.
The embodiment of the present invention also proposes a kind of system, including the access control apparatus as described in first party and/or, such as the
Access control apparatus described in two aspects.
The embodiment of the present invention also proposes a kind of computer readable storage medium, is stored thereon with computer program, when the journey
Realize when sequence is executed by processor such as the access control method in first aspect embodiment and/or, in second aspect embodiment
Access control method.
The embodiment of the present invention also proposes a kind of computer program product, when the instruction in the computer program product by
When managing device and performing, perform such as the access control method in first aspect embodiment and/or, such as the visit in second aspect embodiment
Ask control method.
The embodiment of the present invention also proposes a kind of electronic equipment, including:Processor;And memory, for storing the place
Manage the executable instruction of device;Wherein, the processor be configured to via perform the executable instruction perform first aspect or
Access control method described in second aspect.
In the description of this specification, reference term " one embodiment ", " example ", " is specifically shown " some embodiments "
The description of example " or " some examples " etc. means specific features, structure, material or the spy for combining the embodiment or example description
Point is contained at least one embodiment of the present invention or example.In the present specification, schematic expression of the above terms are not
It must be directed to identical embodiment or example.Moreover, particular features, structures, materials, or characteristics described can be in office
It is combined in an appropriate manner in one or more embodiments or example.In addition, without conflicting with each other, the skill of this field
Art personnel can tie the different embodiments or examples described in this specification and the feature of different embodiments or examples
It closes and combines.
In addition, term " first ", " second " are only used for description purpose, and it is not intended that instruction or hint relative importance
Or the implicit quantity for indicating indicated technical characteristic.Define " first " as a result, the feature of " second " can be expressed or
Implicitly include at least one this feature.In the description of the present invention, " multiple " are meant that at least two, such as two, three
It is a etc., unless otherwise specifically defined.
Any process described otherwise above or method description are construed as in flow chart or herein, represent to include
Module, segment or the portion of the code of the executable instruction of one or more the step of being used to implement custom logic function or process
Point, and the range of the preferred embodiment of the present invention includes other realization, wherein can not press shown or discuss suitable
Sequence, including according to involved function by it is basic simultaneously in the way of or in the opposite order, to perform function, this should be of the invention
Embodiment person of ordinary skill in the field understood.
Expression or logic and/or step described otherwise above herein in flow charts, for example, being considered use
In the order list for the executable instruction for realizing logic function, may be embodied in any computer-readable medium, for
Instruction execution system, device or equipment (such as computer based system, including the system of processor or other can be held from instruction
The system of row system, device or equipment instruction fetch and execute instruction) it uses or combines these instruction execution systems, device or set
It is standby and use.For the purpose of this specification, " computer-readable medium " can any can be included, store, communicate, propagate or pass
Defeated program is for instruction execution system, device or equipment or the dress used with reference to these instruction execution systems, device or equipment
It puts.The more specific example (non-exhaustive list) of computer-readable medium is including following:Electricity with one or more wiring
Connecting portion (electronic device), portable computer diskette box (magnetic device), random access memory (RAM), read-only memory
(ROM), erasable edit read-only storage (EPROM or flash memory), fiber device and portable optic disk is read-only deposits
Reservoir (CDROM).In addition, computer-readable medium can even is that the paper that can print described program on it or other are suitable
Medium, because can be for example by carrying out optical scanner to paper or other media, then into edlin, interpretation or when necessary with it
His suitable method is handled electronically to obtain described program, is then stored in computer storage.
It should be appreciated that each section of the present invention can be realized with hardware, software, firmware or combination thereof.Above-mentioned
In embodiment, software that multiple steps or method can in memory and by suitable instruction execution system be performed with storage
Or firmware is realized.If for example, with hardware come realize in another embodiment, can be under well known in the art
Any one of row technology or their combination are realized:With for the logic gates to data-signal realization logic function
Discrete logic, have suitable combinational logic gate circuit application-specific integrated circuit, programmable gate array (PGA), scene
Programmable gate array (FPGA) etc..
Those skilled in the art are appreciated that realize all or part of step that above-described embodiment method carries
Suddenly it is that relevant hardware can be instructed to complete by program, the program can be stored in a kind of computer-readable storage medium
In matter, the program when being executed, one or a combination set of the step of including embodiment of the method.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, it can also
That each unit is individually physically present, can also two or more units be integrated in a module.Above-mentioned integrated mould
The form that hardware had both may be used in block is realized, can also be realized in the form of software function module.The integrated module is such as
Fruit is realized in the form of software function module and is independent product sale or in use, can also be stored in a computer
In read/write memory medium.
Storage medium mentioned above can be read-only memory, disk or CD etc..Although it has been shown and retouches above
The embodiment of the present invention is stated, it is to be understood that above-described embodiment is exemplary, it is impossible to be interpreted as the limit to the present invention
System, those of ordinary skill in the art can be changed above-described embodiment, change, replace and become within the scope of the invention
Type.
Claims (13)
1. a kind of access control method, which is characterized in that including:
The first system logging request that user sends is received, the logging request includes the mark of the user;
According to the mark of the user, judge whether the user has the permission for accessing second system;
If so, the login interface of the second system is then shown in user interface;
When determining that the user triggers the login interface of the second system, the user is obtained to the of the second system
One history access information, wherein the first history access information includes the mark of the user;
The first history access information is sent to the second system, so that the second system judges that the user is current
Access it is whether legal.
2. the method as described in claim 1, which is characterized in that described that the first history access information is sent to described
Before two system, further include:
The public key sent using the second system, is encrypted the first history access information.
3. the method as described in claim 1, which is characterized in that the first history access information includes the visit of the user
Ask number;
It is described the first history access information is sent to the second system after, further include:
If get the second system return is verified message, the access times of the user are added one.
4. method as claimed in claim 3, which is characterized in that it is described get that the second system returns be verified and disappear
After breath, further include:
The data content corresponding with the user of the second system return is shown in the user interface.
5. the method as described in claim 1-4 is any, which is characterized in that further included in the logging request with the user's
Identify corresponding first password;
After the first system logging request for receiving user and sending, further include:
Judge with the corresponding first password of mark of the user whether with the second password match for being stored in the first system.
6. a kind of access control method, which is characterized in that including:
Second system obtains the first history access information that the first system is sent, and the first history access information includes user
Mark;
The second system obtains the second history access information of the user of local record according to the mark of the user;
Judge whether the first history access information is consistent with the second history access information;
If consistent, message is verified to the first system return.
7. method as claimed in claim 6, which is characterized in that the first history access information for obtaining the first system and sending
Later, it further includes:
The first history access information is decrypted using private key corresponding with the first system.
8. method as claimed in claim 6, which is characterized in that it is described to the first system return be verified message it
Afterwards, it further includes:
According to the mark of the user, the corresponding access data of the user are determined;
The access data are returned into the first system.
9. the method as described in claim 6-8 is any, which is characterized in that the second history access information includes the use
The access times at family;
It is described to the first system return be verified message after, further include:
The access times of the user are added one.
10. a kind of access control apparatus, which is characterized in that including:
Receiving module, for receiving the first system logging request of user's transmission, the logging request includes the user's
Mark;
First judgment module for the mark according to the user, judges whether the user has the permission for accessing second system;
First display module, for when user has the permission for accessing second system, the second system to be shown in user interface
Login interface;
First acquisition module, for when determining that the user triggers the login interface of the second system, obtaining the user
To the first history access information of the second system, wherein the first history access information includes the mark of the user;
First sending module, for the first history access information to be sent to the second system, so that second system
System judges whether the current access of the user is legal.
11. a kind of access control apparatus, which is characterized in that including:
Second acquisition module obtains the first history access information of the first system transmission, first history for second system
Access information includes the mark of user;
Third acquisition module for the second system according to the mark of the user, obtains the user's of local record
Second history access information;
Third judgment module, for judging whether the first history access information is consistent with the second history access information;
Second sending module, for the first history access information it is consistent with the second history access information when, to described
The first system return is verified message.
12. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that described program is handled
The access control method as described in any in claim 1-9 is realized when device performs.
13. a kind of electronic equipment, which is characterized in that including:
Processor;And
Memory, for storing the executable instruction of the processor;
Wherein, the processor is configured to carry out perform claim 1~9 any one of them of requirement via the execution executable instruction
Access control method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711322094.4A CN108197480A (en) | 2017-12-12 | 2017-12-12 | Access control method, device and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711322094.4A CN108197480A (en) | 2017-12-12 | 2017-12-12 | Access control method, device and computer readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108197480A true CN108197480A (en) | 2018-06-22 |
Family
ID=62574314
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711322094.4A Pending CN108197480A (en) | 2017-12-12 | 2017-12-12 | Access control method, device and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108197480A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109413096A (en) * | 2018-11-30 | 2019-03-01 | 北京海泰方圆科技股份有限公司 | A kind of login method and device more applied |
| CN111552900A (en) * | 2020-04-30 | 2020-08-18 | 北京大米科技有限公司 | Access control method and device, readable storage medium and electronic equipment |
| CN113094676A (en) * | 2021-05-10 | 2021-07-09 | 安徽思珀特信息科技有限公司 | Saas-based intelligent safety operation and maintenance system |
| WO2021147442A1 (en) * | 2020-01-22 | 2021-07-29 | 华为技术有限公司 | Access control method and apparatus, terminal device, and storage medium |
| CN114978749A (en) * | 2022-06-14 | 2022-08-30 | 中国电信股份有限公司 | Login authentication method and system, storage medium and electronic equipment |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1946022A (en) * | 2006-10-31 | 2007-04-11 | 华为技术有限公司 | Method and system for switching third party landing and third party network and service server |
| CN101212369A (en) * | 2006-12-31 | 2008-07-02 | 上海普名软件技术有限公司 | Internet based method for verifying terminal use for application system |
| GB2483568A (en) * | 2009-03-19 | 2012-03-14 | Fujitsu Ltd | Access controller, information management device and access control method |
| CN103546456A (en) * | 2009-07-29 | 2014-01-29 | 索尼公司 | Information processing apparatus, information providing server, and login information providing server |
| CN104468510A (en) * | 2014-10-29 | 2015-03-25 | 中国建设银行股份有限公司 | Service access method, device and system |
| CN105915515A (en) * | 2016-04-15 | 2016-08-31 | 湖南亿谷科技发展股份有限公司 | Method and system for user identity verification, and campus management system |
| CN107196892A (en) * | 2016-03-15 | 2017-09-22 | 阿里巴巴集团控股有限公司 | A kind of Website logging method and device |
| CN107222481A (en) * | 2017-05-31 | 2017-09-29 | 深圳云天励飞技术有限公司 | The method and apparatus of User logs in data query system |
-
2017
- 2017-12-12 CN CN201711322094.4A patent/CN108197480A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1946022A (en) * | 2006-10-31 | 2007-04-11 | 华为技术有限公司 | Method and system for switching third party landing and third party network and service server |
| CN101212369A (en) * | 2006-12-31 | 2008-07-02 | 上海普名软件技术有限公司 | Internet based method for verifying terminal use for application system |
| GB2483568A (en) * | 2009-03-19 | 2012-03-14 | Fujitsu Ltd | Access controller, information management device and access control method |
| CN103546456A (en) * | 2009-07-29 | 2014-01-29 | 索尼公司 | Information processing apparatus, information providing server, and login information providing server |
| CN104468510A (en) * | 2014-10-29 | 2015-03-25 | 中国建设银行股份有限公司 | Service access method, device and system |
| CN107196892A (en) * | 2016-03-15 | 2017-09-22 | 阿里巴巴集团控股有限公司 | A kind of Website logging method and device |
| CN105915515A (en) * | 2016-04-15 | 2016-08-31 | 湖南亿谷科技发展股份有限公司 | Method and system for user identity verification, and campus management system |
| CN107222481A (en) * | 2017-05-31 | 2017-09-29 | 深圳云天励飞技术有限公司 | The method and apparatus of User logs in data query system |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109413096A (en) * | 2018-11-30 | 2019-03-01 | 北京海泰方圆科技股份有限公司 | A kind of login method and device more applied |
| CN109413096B (en) * | 2018-11-30 | 2019-08-09 | 北京海泰方圆科技股份有限公司 | A kind of login method and device more applied |
| WO2021147442A1 (en) * | 2020-01-22 | 2021-07-29 | 华为技术有限公司 | Access control method and apparatus, terminal device, and storage medium |
| CN111552900A (en) * | 2020-04-30 | 2020-08-18 | 北京大米科技有限公司 | Access control method and device, readable storage medium and electronic equipment |
| CN111552900B (en) * | 2020-04-30 | 2023-11-21 | 北京大米科技有限公司 | Access control method, device, readable storage medium and electronic equipment |
| CN113094676A (en) * | 2021-05-10 | 2021-07-09 | 安徽思珀特信息科技有限公司 | Saas-based intelligent safety operation and maintenance system |
| CN114978749A (en) * | 2022-06-14 | 2022-08-30 | 中国电信股份有限公司 | Login authentication method and system, storage medium and electronic equipment |
| CN114978749B (en) * | 2022-06-14 | 2023-10-10 | 中国电信股份有限公司 | Login authentication method and system, storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108197480A (en) | Access control method, device and computer readable storage medium | |
| CN110909073B (en) | Method and system for sharing private data based on intelligent contract | |
| CN105493054B (en) | It is protected using the rapid data of double file system | |
| CN105453105B (en) | System and method for cloud data safety | |
| Fan et al. | DACAR platform for eHealth services cloud | |
| CN104240342B (en) | Access control method and device based on identity authentication | |
| CN107111702A (en) | Access in cooperative surroundings for data loss prevention is prevented | |
| MY194172A (en) | Padlock device, systems including a padlock device, and methods of operating therefor | |
| CN107113313A (en) | Data are uploaded to the agency service of destination from source | |
| CN109361704A (en) | Cloud storage data encryption and transmission method, system, equipment and storage medium | |
| CN105659520A (en) | Secure proxy to protect private data | |
| CN110414258A (en) | Document handling method and system, data processing method | |
| CN104995621A (en) | Server device, private search program, recording medium, and private search system | |
| CN104102483A (en) | Method and system for securely using public services for private or enterprise purposes | |
| Panwar et al. | A blockchain framework to secure personal health record (PHR) in IBM cloud-based data lake | |
| CN109446259B (en) | Data processing method and device, processor and storage medium | |
| CN104796412B (en) | End-to-end cloud service system and access method to its sensitive data | |
| US11741254B2 (en) | Privacy centric data security in a cloud environment | |
| CN108768963A (en) | The communication means and system of trusted application and safety element | |
| CN107483495A (en) | A kind of big data cluster Host Administration method, management system and service end | |
| CN105653969B (en) | Data processing method, device and electronic equipment | |
| CN106997440A (en) | A kind of role access control method | |
| Sharma et al. | Merkle-tree based approach for ensuring integrity of electronic medical records | |
| CN109784084B (en) | Data transaction method, device and system | |
| CN110414253A (en) | A kind of electronic health record management method, device, system and equipment based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180622 |
|
| RJ01 | Rejection of invention patent application after publication |