CN108304704B - Authority control method and device, computer equipment and storage medium - Google Patents

Authority control method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN108304704B
CN108304704B CN201810122839.0A CN201810122839A CN108304704B CN 108304704 B CN108304704 B CN 108304704B CN 201810122839 A CN201810122839 A CN 201810122839A CN 108304704 B CN108304704 B CN 108304704B
Authority
CN
China
Prior art keywords
identifier
preset
user
identifiers
logs
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810122839.0A
Other languages
Chinese (zh)
Other versions
CN108304704A (en
Inventor
林端迎
袁文涛
张婷
谢曦时
丁一杰
张燕飞
董鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Puhui Enterprise Management Co Ltd
Original Assignee
Ping An Puhui Enterprise Management Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Puhui Enterprise Management Co Ltd filed Critical Ping An Puhui Enterprise Management Co Ltd
Priority to CN201810122839.0A priority Critical patent/CN108304704B/en
Publication of CN108304704A publication Critical patent/CN108304704A/en
Application granted granted Critical
Publication of CN108304704B publication Critical patent/CN108304704B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3438Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment monitoring of user actions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Quality & Reliability (AREA)
  • Software Systems (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The application relates to a method, a system, a computer device and a storage medium for controlling authority. The method comprises the following steps: acquiring operation logs of a plurality of service systems within a preset time length; the operation log comprises a user identifier and an operation identifier, and the user identifier and the operation identifier have a corresponding relation; counting the number of the operation identifications corresponding to the same user identification to obtain the operation number of the operation identification; detecting whether operation identifiers corresponding to the same user identifier and the operation number of the operation identifiers trigger preset monitoring conditions or not; if so, reducing the user authority corresponding to the user identifier according to the triggered preset monitoring condition; the user right is the right to operate the service system. By adopting the method, the risk of sensitive information leakage can be reduced, and the safety of the service system is improved.

Description

Authority control method and device, computer equipment and storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for controlling an authority, a computer device, and a storage medium.
Background
The sensitive information may include: personal privacy information, business management information, financial information, personnel information, IT operation and maintenance information and the like. Sensitive information for an enterprise is typically stored in a distributed manner across a plurality of corresponding business systems. Sensitive information leakage can cause property loss, network service breakdown, enterprise reputation threat and other adverse effects. In order to prevent sensitive information from being leaked, enterprises generally encrypt and store the sensitive information. Thus, even if a hacker downloads the database, password cracking is not easy.
However, the conventional sensitive information leakage-proof method can only reduce the risk that the sensitive information is stolen by personnel outside the enterprise, but is difficult to prevent the personnel inside the enterprise from directly acquiring the sensitive information from the business system. Therefore, the condition that sensitive information is leaked through the business system can still happen repeatedly three times, and the safety of the business system is low.
Disclosure of Invention
In view of the foregoing, it is desirable to provide an authority control method, an apparatus, a computer device, and a storage medium capable of improving security of a business system.
A method of rights control, the method comprising: acquiring operation logs of a plurality of service systems within a preset time length; the operation log comprises a user identifier and an operation identifier, and the user identifier and the operation identifier have a corresponding relation; counting the number of operation identifiers corresponding to the same user identifier to obtain the operation number of the operation identifiers; detecting whether operation identifiers corresponding to the same user identifier and the operation number of the operation identifiers trigger preset monitoring conditions or not; if so, reducing the user authority corresponding to the user identification according to a triggered preset monitoring condition; the user right is the right for operating the service system.
In one embodiment, the obtaining the operation logs of the plurality of service systems within the preset time duration includes: capturing operation events corresponding to a plurality of preset buried points in a plurality of service systems, and extracting user identifications and time identifications corresponding to the operation events; analyzing the operation event to obtain an operation identifier corresponding to the operation event; generating an operation log according to the user identifier, the time identifier and the operation identifier corresponding to the operation event; and extracting the operation logs of the plurality of service systems within a preset time length according to the time identification in the operation logs.
In one embodiment, the extracting the operation logs of the plurality of service systems within a preset time length according to the time identifier in the operation log includes: sending the multiple operation logs to a cache queue, and sequentially storing the operation logs according to the generation time of the operation logs; and extracting the operation logs from the cache queue every preset time length.
In one embodiment, the analyzing the operation event to obtain an operation identifier corresponding to the operation event includes: judging whether the operation event is a sensitive operation event; the sensitive operation event comprises at least one of login operation, information query operation and information download operation; and if so, acquiring an operation identifier corresponding to the operation event.
In one embodiment, the operation event is a login operation; the obtaining of the operation identifier corresponding to the operation event includes: obtaining login result parameters of the login operation; the login result parameters comprise login success parameters and/or login failure parameters; acquiring an operation identifier corresponding to the login result parameter; the login success parameter corresponds to a first operation identifier; the login failure parameter corresponds to a second operation identifier; the counting the number of the operation identifiers corresponding to the same user identifier to obtain the operation number of the operation identifiers comprises the following steps: and counting first operation identifications corresponding to the same user identification to obtain first operation times, and/or counting second operation identifications corresponding to the same user identification to obtain second operation times.
In one embodiment, the operation event is an information query operation; the obtaining of the operation identifier corresponding to the operation event includes: acquiring a query keyword corresponding to the information query operation; judging whether the query keyword is matched with a preset sensitive keyword or not; if yes, acquiring an operation identifier corresponding to the matched sensitive keyword; the generating an operation log according to the user identifier, the time identifier and the operation identifier corresponding to the operation event includes: and generating an operation log according to the user identifier, the time identifier, the operation identifier and the query keyword which correspond to the information query operation.
In one embodiment, the counting the number of the operation identifiers corresponding to the same user identifier to obtain the operation number of the operation identifier includes: when the operation logs corresponding to the same user identification contain various operation identifications, counting the number of the operation identifications of the same type to obtain the operation number of each operation identification; the detecting whether the operation identifiers corresponding to the same user identifier and the operation number of the operation identifiers trigger preset monitoring conditions includes: judging whether the operation number of each operation identifier is larger than a corresponding preset number or not; if so, judging to trigger a preset monitoring condition corresponding to the operation identifiers with the number larger than the corresponding preset number.
An entitlement control device, the device comprising: the operation log obtaining module is used for obtaining operation logs of a plurality of service systems within a preset time length; the operation log comprises a user identifier and an operation identifier, and the user identifier and the operation identifier have a corresponding relation; the operation quantity counting module is used for counting the quantity of the operation identifications corresponding to the same user identification to obtain the operation quantity of the operation identification; the operation monitoring module is used for detecting whether operation identifiers corresponding to the same user identifier and the operation number of the operation identifiers trigger preset monitoring conditions or not; the authority control module is used for reducing the user authority corresponding to the user identification according to the triggered preset monitoring condition when the operation identification corresponding to the same user identification and the operation number of the operation identification trigger the preset monitoring condition; the user right is the right for operating the service system.
A computer device comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, implements the steps of the entitlement control method described in the various embodiments above.
A computer-readable storage medium, on which a computer program is stored, which when executed by a processor implements the steps of the entitlement control method described in the various embodiments above.
According to the permission control method, the permission control device, the computer equipment and the storage medium, the operation logs of a plurality of service systems within the preset time length are obtained, and the operation quantity is obtained by carrying out quantity statistics according to the user identification and the operation identification contained in the operation logs. And matching the operation identification and the operation quantity with preset monitoring conditions to obtain the triggered preset monitoring conditions. And reducing the user authority corresponding to the user identification for operating the service system according to the triggered preset monitoring condition. The operation logs of the plurality of service systems are monitored according to preset monitoring conditions, operation events with risks of sensitive information leakage can be found in time, and further leakage of sensitive information can be avoided by reducing user permission for operating the service systems corresponding to the user identifications with the risks, so that the safety of the service systems can be improved.
Drawings
FIG. 1 is a diagram illustrating an exemplary embodiment of a method for controlling access rights;
FIG. 2 is a flow diagram illustrating a method for controlling permissions in one embodiment;
FIG. 3 is a flow chart illustrating a method for controlling permissions in another embodiment;
FIG. 4 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
It will be understood that, as used herein, the terms "first," "second," and the like may be used herein to describe various elements, but these elements are not limited by these terms. These terms are only used to distinguish one element from another. For example, a first operational indicia may be referred to as a second operational indicia, and similarly, a second operational indicia may be referred to as a first operational indicia, without departing from the scope of the present application. The first operation identification and the second operation identification are both operation identifications, but are not the same operation identification.
The authority control method provided by the application can be applied to the application environment shown in fig. 1. Wherein the terminal 102 and the server 104 communicate via a network. The terminal 102 may include a plurality of terminals, such as a first terminal 102a, a second terminal 102b, and a third terminal 102 c. The terminal 102 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices, and the server 104 may be implemented by an independent server or a server cluster formed by a plurality of servers. The terminal 102 may be connected to a plurality of service systems, and when an operation event such as a login operation, an information query operation, and the like occurs on the terminal 102, the server 104 may generate an operation log according to a user identifier and an operation identifier corresponding to the operation event. The server 104 may count the number of the operation identifiers corresponding to the same user identifier to obtain the operation number of the operation identifiers. When the server 104 detects that the operation identifiers corresponding to the same user identifier and the operation number of the operation identifiers trigger the preset monitoring condition, the server 104 may reduce the user right corresponding to the user identifier, where the user right is a right to operate the service system. The operation event is monitored in real time according to the preset monitoring condition, and the user authority corresponding to the user identification with the sensitive information leakage risk is timely reduced, so that the safety of the service system is improved.
In one embodiment, as shown in fig. 2, a method for controlling authority is provided, which is described by taking the method as an example applied to the server in fig. 1, and includes the following steps:
step 202, acquiring operation logs of a plurality of service systems within a preset time length; the operation log comprises a user identifier and an operation identifier, and the user identifier and the operation identifier have a corresponding relation.
The business system is a system used for managing one or more kinds of sensitive information such as personal privacy information, business management information, financial information, personnel information, IT operation and maintenance information and the like in an enterprise. The operation log means a log formed by monitoring operation events of the user acting on the terminal. The operation event class includes daily operation events such as power-on operation and power-off operation, and may also include sensitive operation events such as login operation, information query operation and information download operation for the service system. The user identifier is an identifier used for locating an operation object of an operation event, and may be, for example, an IP Address of a terminal (Internet Protocol Address, an Internet Protocol Address, where an IP Address is a logical Address in a unified Address format allocated by an IP Protocol to each terminal on the Internet), a user account used by a user to log in a service system, or a combination of an IP Address and a user account. The operation identifier means an identifier for distinguishing one operation event from other operation events.
In one embodiment, a plug-in SDK (Software Development Kit) is installed in the terminal. The SDK is a script generated by pre-development across a platform framework based on an open source UI (User Interface). The UI cross-platform framework can be a read Native framework (an open source cross-platform mobile application development framework) or a Weex framework (an extensible, cross-platform solution for dynamic programming and publishing projects), etc. The SDK comprises a data acquisition script, an operation event interception script, an operation event reporting script and the like, and is used for data acquisition, operation event interception, operation event reporting and the like. The terminal can intercept the operation events of the user in a plurality of service systems and the user identification and the operation identification corresponding to the operation events through the SDK, and generate an operation log according to the intercepted operation events. The terminal can store and locally generate the operation log in real time and send the operation log to the server every preset time.
And 204, counting the number of the operation identifications corresponding to the same user identification to obtain the operation number of the operation identification.
Because the connection can be made with one or more service systems through the terminal according to a plurality of user accounts, and the number of the terminals can be multiple, the operation logs of a plurality of service systems can contain a plurality of user identifications and operation identifications. And counting the number of the operation identifiers contained in the operation logs corresponding to the same user identifier to obtain the operation number of the operation identifiers. For example, the operation logs containing the same IP address may be counted to obtain the operation number corresponding to each IP address. For another example, the operation logs containing the same user account may be counted to obtain the operation number corresponding to each user account. Furthermore, the operation logs with the same user identifier and the same operation identifier can be counted to obtain the corresponding operation quantity.
In one embodiment, the oplog further includes a system identification. Wherein the system identification refers to an identification for distinguishing one service system from other service systems. When a user logs in a service system, or when the service system executes information inquiry operation or information downloading operation, the corresponding system identifier of the service system can be recorded. The operation logs of the same user identification and the same system identification can be counted to obtain the operation number of the operation identification; the operation logs of the same user identification and the same operation identification can be counted to obtain the operation number of the system identification; or the operation logs with the same user identifier, the same system identifier and the same operation identifier may be counted to obtain the corresponding operation number, which is not limited to this.
Step 206, detecting whether the operation identifiers corresponding to the same user identifier and the operation number of the operation identifiers trigger preset monitoring conditions.
The preset monitoring condition refers to a preset condition for monitoring whether the operation event has a sensitive information leakage risk. The preset monitoring condition can be composed of condition descriptions such as user identification, operation quantity and the like. The operation identifiers and the operation number of the operation identifiers corresponding to the same user identifier obtained through statistics can be matched with a plurality of preset monitoring conditions, and whether the matched preset monitoring conditions exist or not is detected. And if so, judging that the operation identifiers corresponding to the same user identifier and the operation quantity of the operation identifiers trigger preset monitoring conditions.
In one embodiment, performing quantity statistics on operation identifiers corresponding to the same user identifier to obtain the operation quantity of the operation identifiers includes: when the operation logs corresponding to the same user identification contain various operation identifications, counting the number of the operation identifications of the same type to obtain the operation number of each operation identification; detecting whether the operation identifiers corresponding to the same user identifiers and the operation quantity of the operation identifiers trigger preset monitoring conditions or not, wherein the detection comprises the following steps: judging whether the operation number of each operation identifier is larger than a corresponding preset number or not; if so, judging to trigger a preset monitoring condition corresponding to the operation identifiers with the number larger than the corresponding preset number.
Table 1 illustrates several preset monitoring conditions. When the user account number '001' is counted and obtained within 24 hours, the operation number of the operation identifiers corresponding to the login operation is 25, the operation identifiers also correspond to 8 system identifiers, and since 8 is larger than 7, the preset monitoring condition that multiple systems are logged in through the same account number is triggered. When the login success event corresponds to 5 IP addresses within 24 hours after the user account number '001' is obtained through statistics, the preset monitoring condition 'multiple IP successful login with the same account number' is triggered.
TABLE 1
Figure BDA0001572628750000071
Figure BDA0001572628750000081
Step 208, when the operation identifiers corresponding to the same user identifier and the operation number of the operation identifiers trigger preset monitoring conditions, reducing the user authority corresponding to the user identifier according to the triggered preset monitoring conditions; the user right is the right to operate the service system.
The user right refers to a right for operating the service system, for example, a right for logging in the service system by a user account, a right for viewing information after logging in the service system by the user account, a right for downloading information after logging in the service system by the user account, or a right for connecting the terminal to the service system, but is not limited thereto. When the trigger preset monitoring condition is detected, it indicates that there is a risk of sensitive information leakage, and the user right corresponding to the user identifier needs to be reduced. The manner of reducing the user authority corresponding to the user identifier may include various authority control policies, for example, restricting the authority of the user account to log in the service system, or reducing information that can be viewed after the user account logs in the service system, and the like, and rejecting an access request sent by the terminal to the service system. For example, when it is detected that the terminal with the IP address of 116.24.64.100 triggers the preset monitoring condition that "the number of login accounts is greater than 5 within one hour with the IP", the access request to the service system sent by the terminal with the IP address of 116.24.64.100 may be rejected when the access request is received again; the access request to the business system sent by the user account that triggered the preset monitoring condition may also be denied, regardless of whether the access request was sent from IP address 116.24.64.100.
In one embodiment, a globally unique condition ID may be set for each preset monitoring condition, and a corresponding authority control policy may be configured for each preset monitoring condition. Each preset monitoring condition is distinguished from other preset monitoring conditions by a condition ID. When detecting the operation identifiers corresponding to the same user identifier triggering the preset monitoring condition and the operation number of the operation identifiers, recording the condition ID of the triggered preset monitoring condition. After the user identifier of the preset starting monitoring condition is extracted, the user right corresponding to the user identifier can be reduced according to the right control strategy corresponding to the triggered condition ID. The preset monitoring conditions of different condition IDs can correspond to the same or different authority control strategies.
For example, when the triggered condition ID is a preset monitoring condition of 1, locking the corresponding user account so that the user account cannot log in the service system within a preset time; when the triggered condition ID is a preset monitoring condition of 2, adding the corresponding user account into a blacklist, and logging in a service system only after the account is checked or verified by a manager; when the triggered condition ID is a preset monitoring condition of 3, the verification page is sent when the corresponding user account requests to log in the service system again, for example, a preset privacy problem can be sent, and the next operation can be performed only when the user inputs a correct answer, so that the condition that others steal the account can be prevented.
In the permission control method, the operation logs of a plurality of service systems within the preset time length are obtained, and statistics is carried out according to the user identification and the operation identification contained in the operation logs to obtain the operation quantity. And matching the operation identification and the operation quantity with preset monitoring conditions to obtain the triggered preset monitoring conditions. And reducing the user authority corresponding to the user identification for operating the service system according to the triggered preset monitoring condition. The operation logs of the plurality of service systems are monitored according to preset monitoring conditions, operation events with risks of sensitive information leakage can be found in time, and further leakage of sensitive information can be avoided by reducing user permission for operating the service systems corresponding to the user identifications with the risks, so that the safety of the service systems can be improved.
It should be understood that, although the steps in the flowchart of fig. 2 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in fig. 2 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
In one embodiment, obtaining operation logs of a plurality of service systems within a preset time duration includes: capturing operation events corresponding to a plurality of preset buried points in a plurality of service systems, and extracting user identifications and time identifications corresponding to the operation events; analyzing the operation event to obtain an operation identifier corresponding to the operation event; generating an operation log according to the user identifier, the time identifier and the operation identifier corresponding to the operation event; and extracting the operation logs of the plurality of service systems within a preset time length according to the time identification in the operation logs.
Preset burial points can be preset in the business system, for example, the burial points can be preset for controls, texts, pictures, reports and the like in the business system. After a user is connected with a business system through a terminal, preset embedded points corresponding to controls, texts, pictures, reports and the like in the business system can be triggered. When the preset embedded point is triggered, for example, when the terminal receives a click operation acting on the control or detects a download operation acting on the report, the terminal may report the operation event to the server after acquiring the operation event and extracting the user identifier and the time identifier corresponding to the operation event. The server can capture operation events corresponding to a plurality of preset burial points in a plurality of service systems. The time stamp is a stamp formed by the point in time at which the operating event occurred. Since the operation event may include a login operation, an information query operation, an information download operation, and the like, the operation event needs to be analyzed to obtain an operation identifier corresponding to the operation event.
After the user identification, the time identification and the operation identification are obtained, the operation log can be generated according to the user identification, the time identification and the operation identification corresponding to the operation event, so that the operation logs of a plurality of service systems within a preset time length can be extracted according to the time identification in the operation log, the accuracy of counting the operation number is improved, the operation number can be accurately matched with a preset monitoring condition, and the user permission corresponding to the user identification is timely reduced. Therefore, the leakage of sensitive information can be prevented more timely, and the safety of a service system is improved.
In one embodiment, extracting the operation logs of the plurality of service systems within a preset time length according to the time identifier in the operation log includes: sending the multiple operation logs to a cache queue, and sequentially storing the operation logs according to the generation time of the operation logs; and extracting the operation log from the buffer queue at intervals of preset time.
The buffer queue refers to a message queue for storing an operation log. The operation logs of the plurality of service systems can be sent to the cache queue for storage in real time according to the generation time of the operation logs, so that the server can process the operation logs in the cache queue according to the generation time of the operation logs.
Because the operation events occur continuously, the related data of the operation events are huge, and the operation events are inconvenient to manage if processed in real time. The method includes the steps that after the terminal collects an operation event, and extracts a user identifier and a time identifier corresponding to the operation event, relevant data of the operation event are stored in the local part of the terminal, and an operation log is generated by the detected relevant data of the operation event every other first preset time length and sent to a cache queue. And the server extracts the operation logs from the cache queue at intervals of a second preset time length, wherein the second preset time length is greater than the first preset time length. For example, the operation log generated by the data related to the operation event detected by the terminal is sent to the buffer queue every 10 minutes, and the server extracts the operation log from the buffer queue every 1 hour. The utilization efficiency of the memory resources of the server can be improved through the management of the cache queue, for example, deleting the operation logs exceeding the third preset time length in the cache queue.
In one embodiment, parsing the operation event to obtain an operation identifier corresponding to the operation event includes: judging whether the operation event is a sensitive operation event; the sensitive operation event comprises at least one of login operation, information query operation and information download operation; and if so, acquiring an operation identifier corresponding to the operation event.
Sensitive operation events refer to operations that may cause sensitive information to leak. The login operation refers to an operation that a user logs in the service system on the terminal through a user account. The information inquiry operation refers to an operation of inquiring information after a user logs in a service system. The information downloading operation refers to an operation of downloading information after a user logs in a business system. Each sensitive operation event is preset with a corresponding globally unique operation identifier for distinguishing each sensitive operation event from other operation events.
In one embodiment, the operation event is a login operation, and acquiring an operation identifier corresponding to the operation event includes: obtaining login result parameters of login operation; the login result parameters comprise login success parameters and/or login failure parameters; acquiring an operation identifier corresponding to the login result parameter; the login success parameter corresponds to a first operation identifier; the login failure parameter corresponds to a second operation identifier; counting the number of the operation identifiers corresponding to the same user identifier to obtain the operation number of the operation identifiers, including: and counting first operation identifications corresponding to the same user identification to obtain first operation times, and/or counting second operation identifications corresponding to the same user identification to obtain second operation times.
The login result parameter refers to a parameter generated according to a login result of the login operation, and includes a login success parameter and/or a login failure parameter. The first operation times correspond to the first operation identification, and the second operation times correspond to the second operation identification. When a user inputs a user account and a user password through the terminal, the server can receive and verify the user account and the corresponding user password sent by the terminal. When the verification is passed, the server can feed back login success parameters to the terminal when the login success event is detected; when the authentication fails, the server may feed back the login failure parameter to the terminal when the login failure event is detected.
When a user logs in a service system from a terminal browser, the browser firstly sends a login page request to a server, the server returns a login page response according to the login page request, and the login page response comprises a section of embedded point JS code. The terminal can display the system login page according to the login page response. The point-embedded JS code dynamically creates a script tag and points the script tag to a separate data collection script, which is then requested and executed by the browser for collecting operational data. After the operation data is collected, the data collection script returns the collected operation data to the server in the form of hypertext transfer Protocol (HTTP) parameters, and the server can analyze the HTTP parameters to obtain information such as a user account, an Internet Protocol (IP) address of the terminal, a system identifier, a time identifier, and login result parameters.
After counting a first operation frequency corresponding to a first operation identifier and a second operation frequency corresponding to a second operation identifier in an operation log corresponding to the same user identifier, detecting whether the operation number of the operation identifier and the operation identifier corresponding to the same user identifier triggers a preset monitoring condition or not, including: and detecting whether the first operation times or the second operation times trigger a preset monitoring condition. For example, when the second operation frequency corresponding to the second operation identifier exceeds 20 within 24 hours, the preset monitoring condition "login failure frequency of the same account and the same system" is triggered.
In one embodiment, the operational event is an information query operation; acquiring an operation identifier corresponding to an operation event, wherein the operation identifier comprises: acquiring a query keyword corresponding to an information query operation; judging whether the query keyword is matched with a preset sensitive keyword or not; if yes, acquiring an operation identifier corresponding to the matched sensitive keyword; generating an operation log according to the user identifier, the time identifier and the operation identifier corresponding to the operation event, wherein the operation log comprises the following steps: and generating an operation log according to the user identifier, the time identifier, the operation identifier and the query keyword which correspond to the information query operation.
When a user logs in a service system and inquires information through a terminal browser, the user needs to click an inquiry control for inquiring the information after inputting an inquiry keyword, so that a buried point can be preset for the inquiry control. The terminal can request a preset response file from the server through the preset embedded point triggering browser when the terminal detects the click operation acting on the query control. For example, the response file may be a blank gif picture of 1K size. After the server receives the request, the server can think that the information query operation is captured, and obtain the query key words corresponding to the information query operation. By matching the query keyword with the preset sensitive keyword, for example, when the query keyword is "customer", "fund", "mobile phone number", or the like, it can be determined that the query by the user is sensitive information, and the operation identifier corresponding to the matched sensitive keyword is obtained. And generating an operation log according to the user identifier, the time identifier, the operation identifier and the query keyword corresponding to the information query operation.
The operation log may be composed of a plurality of fields. For example, a [ user account ] field, an [ IP address ] field, a [ time identification ] field, an [ operation identification ] field, and the like may be included. An [ operation identification ] field such as an information query operation may correspond to the field "query". Each operation event may also be numbered, for example, a parent operation event may include a login operation number 001, an information query operation number 002, and an information download operation number 003. And the parent class operation event can be further subdivided into subclass operation events, such as the subclass operation event of the login operation including a login success event number 001a and a login failure event number 001 b. The [ sensitive keyword ] field can also be preset for the [ inquiry ] field, for example, the sensitive keyword can be "customer name", "mobile phone number", and the like.
In one embodiment, after reducing the user right corresponding to the user identifier according to the triggered preset monitoring condition, the method further includes: and generating an alarm mail according to the operation log corresponding to the triggered preset monitoring condition, and sending the alarm mail to a management mailbox corresponding to the service system. The warning mail may include a plurality of fields in the operation log, such as a [ user account ] field, an [ IP address ] field, a [ time identifier ] field, a [ preset duration ] field, an [ operation identifier ] field, a [ sensitive keyword ] field, and the like, or may further include a [ operation number ] field. For example, when the user triggers a preset monitoring condition, "the number of times of querying the sensitive information of the client in 1 hour by the user is more than 30 times", the content of the warning mail may be the preset monitoring condition, "the user 5022017/9/1522: 10-23:10 queries the name/phone number of the client for 50 times," the user502 "is the [ user account ] field," 2017/9/15 "is the [ time identifier ] field," 22:10-23:10 "is the [ preset duration ] field," the query "is the [ operation identifier ] field," the name/phone number of the client "is the [ sensitive keyword ] field," and "50 times" is the [ operation number ] field. The triggered preset monitoring conditions and the relevant field information are sent to the management mailbox corresponding to the business system in the form of warning mails, so that management personnel of the business system can timely warn and manage the user triggering the preset monitoring conditions.
In one embodiment, after obtaining the operation logs of the plurality of service systems within a preset time period, the method further includes: encrypting the operation log through a preset encryption algorithm; and storing the encrypted operation log to a preset disk. For example, the encrypted oplog is stored in a unified NAS (Network Attached Storage, which may be connected to a server via a protocol and used for storing dedicated data) or a removable hard disk, and is used for backup and subsequent trace back.
In one embodiment, as shown in fig. 3, there is provided an entitlement control device 300 comprising: an operation log obtaining module 302, configured to obtain operation logs of multiple service systems within a preset time duration; the operation log comprises a user identifier and an operation identifier, and the user identifier and the operation identifier have a corresponding relation; an operation number counting module 304, configured to count the number of the operation identifiers corresponding to the same user identifier to obtain the operation number of the operation identifiers; the operation monitoring module 306 is configured to detect whether the operation identifiers and the operation numbers of the operation identifiers corresponding to the same user identifier trigger preset monitoring conditions; the authority control module 308 is configured to, when the operation identifier corresponding to the same user identifier and the operation number of the operation identifier trigger a preset monitoring condition, reduce the user authority corresponding to the user identifier according to the triggered preset monitoring condition; the user right is the right to operate the service system.
In an embodiment, the operation log obtaining module 302 is further configured to capture operation events corresponding to a plurality of preset burial points in a plurality of business systems, and extract a user identifier and a time identifier corresponding to the operation events; analyzing the operation event to obtain an operation identifier corresponding to the operation event; generating an operation log according to the user identifier, the time identifier and the operation identifier corresponding to the operation event; and extracting the operation logs of the plurality of service systems within a preset time length according to the time identification in the operation logs.
In an embodiment, the operation log obtaining module 302 is further configured to send a plurality of operation logs to a cache queue, and store the operation logs in sequence according to the generation time of the operation logs; and extracting the operation log from the buffer queue at intervals of preset time.
In one embodiment, the operation log obtaining module 302 is further configured to determine whether the operation event is a sensitive operation event; the sensitive operation event comprises at least one of login operation, information query operation and information download operation; and if so, acquiring an operation identifier corresponding to the operation event.
In an embodiment, the operation event is a login operation, and the operation log obtaining module 302 is further configured to obtain a login result parameter of the login operation; the login result parameters comprise login success parameters and/or login failure parameters; acquiring an operation identifier corresponding to the login result parameter; the login success parameter corresponds to a first operation identifier; the login failure parameter corresponds to a second operation identifier; the operation number counting module 304 is further configured to count a first operation identifier corresponding to the same user identifier to obtain a first operation frequency, and/or count a second operation identifier corresponding to the same user identifier to obtain a second operation frequency.
In an embodiment, the operation event is an information query operation, and the operation log obtaining module 302 is further configured to obtain a query keyword corresponding to the information query operation; judging whether the query keyword is matched with a preset sensitive keyword or not; if yes, acquiring an operation identifier corresponding to the matched sensitive keyword; and generating an operation log according to the user identifier, the time identifier, the operation identifier and the query keyword which correspond to the information query operation.
In an embodiment, the operation number counting module 304 is further configured to count the number of the operation identifiers of the same category to obtain the operation number of each operation identifier when the operation log corresponding to the same user identifier includes multiple operation identifiers; the operation monitoring module 306 is further configured to determine whether the operation number of each operation identifier is greater than a corresponding preset number; if so, judging to trigger a preset monitoring condition corresponding to the operation identifiers with the number larger than the corresponding preset number.
For the specific definition of the right control device, reference may be made to the definition of the right control method above, and details are not described here. The modules in the above-mentioned right control device can be implemented wholly or partially by software, hardware and their combination. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 4. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing operation logs of a plurality of business systems. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method of entitlement control.
Those skilled in the art will appreciate that the architecture shown in fig. 4 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, there is provided a computer device comprising a memory and a processor, the memory storing a computer program that when executed by the processor performs the steps of: acquiring operation logs of a plurality of service systems within a preset time length; the operation log comprises a user identifier and an operation identifier, and the user identifier and the operation identifier have a corresponding relation; counting the number of the operation identifications corresponding to the same user identification to obtain the operation number of the operation identification; detecting whether operation identifiers corresponding to the same user identifier and the operation number of the operation identifiers trigger preset monitoring conditions or not; if so, reducing the user authority corresponding to the user identifier according to the triggered preset monitoring condition; the user right is the right to operate the service system.
In one embodiment, the step of obtaining the operation logs of the plurality of service systems within the preset time duration when the computer program is executed by the processor includes: capturing operation events corresponding to a plurality of preset buried points in a plurality of service systems, and extracting user identifications and time identifications corresponding to the operation events; analyzing the operation event to obtain an operation identifier corresponding to the operation event; generating an operation log according to the user identifier, the time identifier and the operation identifier corresponding to the operation event; and extracting the operation logs of the plurality of service systems within a preset time length according to the time identification in the operation logs.
In one embodiment, the step of extracting the operation logs of the plurality of service systems within the preset time length according to the time identifier in the operation logs, which is implemented when the computer program is executed by the processor, includes: sending the multiple operation logs to a cache queue, and sequentially storing the operation logs according to the generation time of the operation logs; and extracting the operation log from the buffer queue at intervals of preset time.
In one embodiment, the step of parsing the operation event to obtain the operation identifier corresponding to the operation event, which is implemented when the computer program is executed by the processor, includes: judging whether the operation event is a sensitive operation event; the sensitive operation event comprises at least one of login operation, information query operation and information download operation; and if so, acquiring an operation identifier corresponding to the operation event.
In one embodiment, the operational event is a login operation; the step of obtaining the operation identifier corresponding to the operation event, which is implemented when the computer program is executed by the processor, includes: obtaining login result parameters of login operation; the login result parameters comprise login success parameters and/or login failure parameters; acquiring an operation identifier corresponding to the login result parameter; the login success parameter corresponds to a first operation identifier; the login failure parameter corresponds to a second operation identifier; the step of counting the number of the operation identifiers corresponding to the same user identifier to obtain the operation number of the operation identifiers comprises the following steps: and counting first operation identifications corresponding to the same user identification to obtain first operation times, and/or counting second operation identifications corresponding to the same user identification to obtain second operation times.
In one embodiment, the operational event is an information query operation; the step of obtaining the operation identifier corresponding to the operation event, which is implemented when the computer program is executed by the processor, includes: acquiring a query keyword corresponding to an information query operation; judging whether the query keyword is matched with a preset sensitive keyword or not; if yes, acquiring an operation identifier corresponding to the matched sensitive keyword; the step of generating an operation log according to the user identifier, the time identifier and the operation identifier corresponding to the operation event includes: and generating an operation log according to the user identifier, the time identifier, the operation identifier and the query keyword which correspond to the information query operation.
In one embodiment, the step of counting the number of operation identifiers corresponding to the same user identifier to obtain the operation number of the operation identifier, which is implemented when the computer program is executed by the processor, includes: when the operation logs corresponding to the same user identification contain various operation identifications, counting the number of the operation identifications of the same type to obtain the operation number of each operation identification; the step of detecting whether the operation identifiers corresponding to the same user identifier and the operation number of the operation identifiers trigger the preset monitoring condition or not includes: judging whether the operation number of each operation identifier is larger than a corresponding preset number or not; if so, judging to trigger a preset monitoring condition corresponding to the operation identifiers with the number larger than the corresponding preset number.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of: acquiring operation logs of a plurality of service systems within a preset time length; the operation log comprises a user identifier and an operation identifier, and the user identifier and the operation identifier have a corresponding relation; counting the number of the operation identifications corresponding to the same user identification to obtain the operation number of the operation identification; detecting whether operation identifiers corresponding to the same user identifier and the operation number of the operation identifiers trigger preset monitoring conditions or not; if so, reducing the user authority corresponding to the user identifier according to the triggered preset monitoring condition; the user right is the right to operate the service system.
In one embodiment, the step of obtaining the operation logs of the plurality of service systems within the preset time duration when the computer program is executed by the processor includes: capturing operation events corresponding to a plurality of preset buried points in a plurality of service systems, and extracting user identifications and time identifications corresponding to the operation events; analyzing the operation event to obtain an operation identifier corresponding to the operation event; generating an operation log according to the user identifier, the time identifier and the operation identifier corresponding to the operation event; and extracting the operation logs of the plurality of service systems within a preset time length according to the time identification in the operation logs.
In one embodiment, the step of extracting the operation logs of the plurality of service systems within the preset time length according to the time identifier in the operation logs, which is implemented when the computer program is executed by the processor, includes: sending the multiple operation logs to a cache queue, and sequentially storing the operation logs according to the generation time of the operation logs; and extracting the operation log from the buffer queue at intervals of preset time.
In one embodiment, the step of parsing the operation event to obtain the operation identifier corresponding to the operation event, which is implemented when the computer program is executed by the processor, includes: judging whether the operation event is a sensitive operation event; the sensitive operation event comprises at least one of login operation, information query operation and information download operation; and if so, acquiring an operation identifier corresponding to the operation event.
In one embodiment, the operational event is a login operation; the step of obtaining the operation identifier corresponding to the operation event, which is implemented when the computer program is executed by the processor, includes: obtaining login result parameters of login operation; the login result parameters comprise login success parameters and/or login failure parameters; acquiring an operation identifier corresponding to the login result parameter; the login success parameter corresponds to a first operation identifier; the login failure parameter corresponds to a second operation identifier; the step of counting the number of the operation identifiers corresponding to the same user identifier to obtain the operation number of the operation identifiers comprises the following steps: and counting first operation identifications corresponding to the same user identification to obtain first operation times, and/or counting second operation identifications corresponding to the same user identification to obtain second operation times.
In one embodiment, the operational event is an information query operation; the step of obtaining the operation identifier corresponding to the operation event, which is implemented when the computer program is executed by the processor, includes: acquiring a query keyword corresponding to an information query operation; judging whether the query keyword is matched with a preset sensitive keyword or not; if yes, acquiring an operation identifier corresponding to the matched sensitive keyword; the step of generating an operation log according to the user identifier, the time identifier and the operation identifier corresponding to the operation event includes: and generating an operation log according to the user identifier, the time identifier, the operation identifier and the query keyword which correspond to the information query operation.
In one embodiment, the step of counting the number of operation identifiers corresponding to the same user identifier to obtain the operation number of the operation identifier, which is implemented when the computer program is executed by the processor, includes: when the operation logs corresponding to the same user identification contain various operation identifications, counting the number of the operation identifications of the same type to obtain the operation number of each operation identification; the step of detecting whether the operation identifiers corresponding to the same user identifier and the operation number of the operation identifiers trigger the preset monitoring condition or not includes: judging whether the operation number of each operation identifier is larger than a corresponding preset number or not; if so, judging to trigger a preset monitoring condition corresponding to the operation identifiers with the number larger than the corresponding preset number.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (8)

1. A method of rights control, the method comprising:
acquiring operation logs of a plurality of service systems within a preset time length; the operation log comprises a user identifier and an operation identifier, and the user identifier and the operation identifier have a corresponding relation;
counting the number of operation identifiers corresponding to the same user identifier to obtain the operation number of the operation identifiers;
detecting whether operation identifiers corresponding to the same user identifier and the operation number of the operation identifiers trigger preset monitoring conditions or not, wherein the preset monitoring conditions are composed of condition descriptions comprising the user identifiers, the operation identifiers and the operation number, each preset monitoring condition is provided with a globally unique condition ID, and each preset monitoring condition is configured with a corresponding authority control strategy;
if so, recording a condition ID of a triggered preset monitoring condition, and reducing the user authority corresponding to the user identifier according to an authority control strategy corresponding to the triggered condition ID; the user authority is the authority for operating the service system;
the acquiring of the operation logs of the plurality of service systems within the preset time includes:
capturing operation events corresponding to a plurality of preset buried points in a plurality of service systems, and extracting user identifications and time identifications corresponding to the operation events;
judging whether the operation event is a sensitive operation event; the sensitive operation event comprises an information query operation;
if yes, acquiring a query keyword corresponding to the information query operation;
judging whether the query keyword is matched with a preset sensitive keyword or not;
if yes, acquiring an operation identifier corresponding to the matched sensitive keyword;
generating an operation log according to the user identifier, the time identifier, the operation identifier and the query keyword corresponding to the information query operation;
and extracting the operation logs of the plurality of service systems within a preset time length according to the time identification in the operation logs.
2. The method according to claim 1, wherein the extracting the operation logs of the plurality of service systems within a preset time duration according to the time identifier in the operation logs comprises:
sending the multiple operation logs to a cache queue, and sequentially storing the operation logs according to the generation time of the operation logs;
and extracting the operation logs from the cache queue every preset time length.
3. The method of claim 1, wherein the operational event is a login operation; the obtaining of the operation identifier corresponding to the operation event includes:
obtaining login result parameters of the login operation; the login result parameters comprise login success parameters and/or login failure parameters;
acquiring an operation identifier corresponding to the login result parameter; the login success parameter corresponds to a first operation identifier; the login failure parameter corresponds to a second operation identifier;
the counting the number of the operation identifiers corresponding to the same user identifier to obtain the operation number of the operation identifiers comprises the following steps:
and counting first operation identifications corresponding to the same user identification to obtain first operation times, and/or counting second operation identifications corresponding to the same user identification to obtain second operation times.
4. The method according to any one of claims 1 to 3, wherein the performing quantity statistics on the operation identifiers corresponding to the same user identifier to obtain the operation quantity of the operation identifier includes:
when the operation logs corresponding to the same user identification contain various operation identifications, counting the number of the operation identifications of the same type to obtain the operation number of each operation identification;
the detecting whether the operation identifiers corresponding to the same user identifier and the operation number of the operation identifiers trigger preset monitoring conditions includes:
judging whether the operation number of each operation identifier is larger than a corresponding preset number or not;
if so, judging to trigger a preset monitoring condition corresponding to the operation identifiers with the number larger than the corresponding preset number.
5. An entitlement control device, characterized in that said device comprises:
the operation log obtaining module is used for obtaining operation logs of a plurality of service systems within a preset time length; the operation log comprises a user identifier and an operation identifier, and the user identifier and the operation identifier have a corresponding relation;
the operation quantity counting module is used for counting the quantity of the operation identifications corresponding to the same user identification to obtain the operation quantity of the operation identification;
the operation monitoring module is used for detecting whether operation identifiers corresponding to the same user identifiers and operation numbers of the operation identifiers trigger preset monitoring conditions or not, the preset monitoring conditions are composed of condition descriptions comprising the user identifiers, the operation identifiers and the operation numbers, each preset monitoring condition is provided with a globally unique condition ID, and each preset monitoring condition is configured with a corresponding authority control strategy;
the authority control module is used for recording condition IDs of triggered preset monitoring conditions when the operation identifiers corresponding to the same user identifiers and the operation quantity of the operation identifiers trigger the preset monitoring conditions, and reducing the user authority corresponding to the user identifiers according to authority control strategies corresponding to the triggered condition IDs; the user authority is the authority for operating the service system;
the operation log acquisition module is also used for capturing operation events corresponding to a plurality of preset burying points in a plurality of service systems and extracting user identifications and time identifications corresponding to the operation events; judging whether the operation event is a sensitive operation event; the sensitive operation event comprises an information query operation; if yes, acquiring a query keyword corresponding to the information query operation; judging whether the query keyword is matched with a preset sensitive keyword or not; if yes, acquiring an operation identifier corresponding to the matched sensitive keyword; generating an operation log according to the user identifier, the time identifier, the operation identifier and the query keyword corresponding to the information query operation; and extracting the operation logs of the plurality of service systems within a preset time length according to the time identification in the operation logs.
6. The permission control device according to claim 5, wherein the operation log obtaining module is further configured to send a plurality of operation logs to a cache queue, and store the operation logs in sequence according to generation time of the operation logs; and extracting the operation logs from the cache queue every preset time length.
7. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the computer program realizes the steps of the method of any one of claims 1 to 4 when executed by the processor.
8. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 4.
CN201810122839.0A 2018-02-07 2018-02-07 Authority control method and device, computer equipment and storage medium Active CN108304704B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810122839.0A CN108304704B (en) 2018-02-07 2018-02-07 Authority control method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810122839.0A CN108304704B (en) 2018-02-07 2018-02-07 Authority control method and device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN108304704A CN108304704A (en) 2018-07-20
CN108304704B true CN108304704B (en) 2021-02-09

Family

ID=62864605

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810122839.0A Active CN108304704B (en) 2018-02-07 2018-02-07 Authority control method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN108304704B (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109032819B (en) * 2018-07-27 2021-10-29 郑州云海信息技术有限公司 Method, device, equipment and storage medium for synchronizing message events between systems
CN109684863B (en) * 2018-09-07 2024-01-19 平安科技(深圳)有限公司 Data leakage prevention method, device, equipment and storage medium
CN111224920B (en) * 2018-11-23 2021-04-20 珠海格力电器股份有限公司 Method, device, equipment and computer storage medium for preventing illegal login
CN109657485B (en) * 2018-12-13 2021-10-22 广州虎牙信息科技有限公司 Authority processing method and device, terminal equipment and storage medium
CN109858735A (en) * 2018-12-14 2019-06-07 深圳壹账通智能科技有限公司 Consumer's risk scoring assessment method, device, computer equipment and storage medium
CN111353163A (en) * 2018-12-24 2020-06-30 华为技术有限公司 Method, device and storage medium for determining access authority
CN109840693A (en) * 2019-01-04 2019-06-04 平安科技(深圳)有限公司 It attends a banquet behavior safety monitoring method, device, computer equipment and storage medium
CN109871211B (en) * 2019-01-28 2024-05-07 平安科技(深圳)有限公司 Information display method and device
CN110647512B (en) * 2019-09-29 2022-05-24 北京思维造物信息科技股份有限公司 Data storage and analysis method, device, equipment and readable medium
CN110708495A (en) * 2019-10-15 2020-01-17 广州国音智能科技有限公司 Video conference monitoring method, terminal and readable storage medium
CN111124830B (en) * 2019-12-24 2024-01-19 个体化细胞治疗技术国家地方联合工程实验室(深圳) Micro-service monitoring method and device
CN111800295A (en) * 2020-06-23 2020-10-20 四川虹美智能科技有限公司 Server audit management method, device and system
CN113254460B (en) * 2021-07-07 2022-01-11 阿里云计算有限公司 Data processing method, system, electronic device and storage medium
CN115967521A (en) * 2022-09-08 2023-04-14 平安银行股份有限公司 Sensitive information operation monitoring method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082704A (en) * 2009-11-30 2011-06-01 中国移动通信集团河北有限公司 Safety monitoring method and system
CN102946319A (en) * 2012-09-29 2013-02-27 焦点科技股份有限公司 System and method for analyzing network user behavior information
US8516107B2 (en) * 2010-05-28 2013-08-20 Computer Associates Think, Inc. Privileged activity monitoring through privileged user password management and log management systems
CN106295388A (en) * 2015-06-04 2017-01-04 中国移动通信集团山东有限公司 A kind of data desensitization method and device
CN107409126A (en) * 2015-02-24 2017-11-28 思科技术公司 System and method for protecting enterprise computing environment safety

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082704A (en) * 2009-11-30 2011-06-01 中国移动通信集团河北有限公司 Safety monitoring method and system
US8516107B2 (en) * 2010-05-28 2013-08-20 Computer Associates Think, Inc. Privileged activity monitoring through privileged user password management and log management systems
CN102946319A (en) * 2012-09-29 2013-02-27 焦点科技股份有限公司 System and method for analyzing network user behavior information
CN107409126A (en) * 2015-02-24 2017-11-28 思科技术公司 System and method for protecting enterprise computing environment safety
CN106295388A (en) * 2015-06-04 2017-01-04 中国移动通信集团山东有限公司 A kind of data desensitization method and device

Also Published As

Publication number Publication date
CN108304704A (en) 2018-07-20

Similar Documents

Publication Publication Date Title
CN108304704B (en) Authority control method and device, computer equipment and storage medium
US11271955B2 (en) Platform and method for retroactive reclassification employing a cybersecurity-based global data store
CN108780485B (en) Pattern matching based data set extraction
CN110798472B (en) Data leakage detection method and device
CN112217835B (en) Message data processing method and device, server and terminal equipment
Grover Android forensics: Automated data collection and reporting from a mobile device
US20160164893A1 (en) Event management systems
US9129257B2 (en) Method and system for monitoring high risk users
US10027679B2 (en) Secondary asynchronous background authorization (SABA)
CN113489713B (en) Network attack detection method, device, equipment and storage medium
US20050114658A1 (en) Remote web site security system
US20070283194A1 (en) Log collection, structuring and processing
EP2577545A2 (en) Security threat detection associated with security events and an actor category model
CN113177205B (en) Malicious application detection system and method
CN109684863B (en) Data leakage prevention method, device, equipment and storage medium
CN106339629A (en) Application management method and device
CN109542764B (en) Webpage automatic testing method and device, computer equipment and storage medium
US8745010B2 (en) Data storage and archiving spanning multiple data storage systems
CN112651021A (en) Information security defense system based on big data
US10679183B2 (en) Method and system for distributing and tracking information
CN116208415A (en) Method, device and equipment for managing API (application program interface) assets
CN114208114A (en) Multi-view security context per participant
CN113239327A (en) Method, apparatus, computer device and storage medium for monitoring software licenses
CN114189515B (en) SGX-based server cluster log acquisition method and device
CN111259383A (en) Safety management center system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant