CN108521407A - A kind of secondary safety access control method based on cloudy platform - Google Patents
A kind of secondary safety access control method based on cloudy platform Download PDFInfo
- Publication number
- CN108521407A CN108521407A CN201810233972.3A CN201810233972A CN108521407A CN 108521407 A CN108521407 A CN 108521407A CN 201810233972 A CN201810233972 A CN 201810233972A CN 108521407 A CN108521407 A CN 108521407A
- Authority
- CN
- China
- Prior art keywords
- function
- verification
- user
- secondary safety
- cloud platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention relates to cloudy platform management technical field, especially a kind of secondary safety access control method based on cloudy platform.The present invention registers multiple cloud platforms in the cloud registration center of system under the overall leadership first;Secondly all function points of system under the overall leadership are concluded, and are divided into system function and nonsystematic function two major classes;Then user defines and enables verification mode;Select from nonsystematic function by cloud platform to need to carry out the function of secondary safety verification followed by user;Then user accesses needs to carry out the function of secondary safety verification in corresponding cloud platform;Last system under the overall leadership intercepts access request, and triggers corresponding verification mode and verified, could normal access operation after being verified.The present invention solves cloudy platform access control complexity, the permission of cloudy platform can not uniformly be arranged, cause the problems such as waste of human resource;It can be applied to cloudy administrative skill field.
Description
Technical field
The present invention relates to cloudy platform management technical field, especially a kind of secondary secure access control based on cloudy platform
Method processed.
Background technology
For many years due to cloud computing fast development, the cloud computing platform of large quantities of maturations has been emerged in large numbers;These cloud platforms are carried
The function of confession is similar;Many large enterprises or government organs all dispose the cloud platform of multiple and different brands;And these clouds
Platform each has a set of access control method, thus there is following hidden danger:
First, the function that each cloud platform provides is similar, however its access control page, api interface are not consistent,
It can not be managed collectively.
Second is that each cloud platform is required for individual expert engineer to carry out rights management, waste of human resource is caused.
Meanwhile as the safe practice of software systems continues to develop, the safe practice to emerge one after another ensures the conjunction of user
Method equity;But these technical concerns is all that the safety check of user " first time " is forgotten to nullify after logging in system by user,
Or log-on message has been revealed, it is easy to that unprincipled fellow is allowed easily to get user information, or even malice distorts user information,
User information safety is constituted and is greatly threatened.
Invention content
The technical issues of the method for the present invention solves is to provide a kind of secondary safe access control side based on cloudy platform
Method;Solve cloudy platform power control is complicated, the access control of cloudy platform can not uniformly be arranged, cause waste of human resource etc.
Problem.
The technical solution that the present invention solves above-mentioned technical problem is to include the following steps:
It is system function and nonsystematic function that the method, which is by the function distinguishing of cloud platform,;To nonsystematic function by with
Family selection decides whether to carry out secondary safety verification;Determine that the nonsystematic function of needing secondary safety verification carries out again to selected
Safety verification.
The method includes the following steps:
Step 1:Multiple cloud platforms are registered in the cloud registration center of system under the overall leadership;
Step 2:All function points of system under the overall leadership are concluded, and are divided into system function and nonsystematic function two major classes;
Step 3:User defines and enables verification mode;
Step 4:User is selected by cloud platform from nonsystematic function to need to carry out the function of secondary safety verification;
Step 5:It accesses and needs to carry out the function of secondary safety verification in corresponding cloud platform;
Step 6:System under the overall leadership intercepts access request, and triggers corresponding verification mode and verified.
The system under the overall leadership, refers to the system of the multiple cloud platform infrastructure of unified management, cloud platform it is various
Function is all operated by this system, and system under the overall leadership contains all feature operations of different cloud platforms;
The multiple cloud platforms of the registration refer to being registered to call in system under the overall leadership by the address of service of deployment of components
The Service Source is a kind of object-oriented service registration mode.
Whether described is divided into system function and nonsystematic function two major classes, refer to according to the importance of function, under the overall leadership
System or the cloud platform function all to system under the overall leadership that play a decisive role are classified;
System function refers to then anti-to system under the overall leadership or the vital feature operation of cloud platform, nonsystematic function;
The operation of all system functions all has to just carry out by secondary safety verification, and then user presses nonsystematic function
Cloud platform chooses whether to need to carry out secondary safety verification.
The definition verification mode refers to verifying whether user is asked by the method for secondary safety verification, including close guarantor
Topic, mailbox verification and three kinds of verification modes of short-message verification;
The enabling verification mode refers to user according to defined verification mode, which verification voluntarily selection enables
Mode, and at least select a kind of verification mode;Each user corresponds to a set of independent verification mode, does not interfere with each other, and fit
All cloud platforms in system under the overall leadership.
The described function of selecting from nonsystematic function to need to carry out secondary safety verification by cloud platform refers to user from
It is that each cloud platform selection needs to carry out the function of secondary safety verification, each cloud platform pair of each user in nonsystematic function
It answers and a series of the function of carrying out secondary safety verification is needed not interfere with each other independently of each other.
The access needs the function of secondary safety verification, refers to that user is flat by any cloud of system access operation under the overall leadership
The function of platform.
The system under the overall leadership intercepts access request, refers to that system under the overall leadership first determines whether that the request currently intercepted is
No to belong to system function, if the request belongs to system function, the verification mode for triggering active user's configuration verifies;It is no
Which cloud platform is the operation object for then continuing to obtain the request be, in conjunction with cloud platform and user information, judges whether the request belongs to
In the nonsystematic function of needing to carry out secondary safety verification that active user has selected in the cloud platform, if be not belonging to,
It lets pass the request, otherwise triggers corresponding verification mode and verified;
The corresponding verification mode of the triggering is verified, and refers to that active user is called to be enabled in corresponding cloud platform
Secondary safety verification mode, the legitimacy of current request is verified;By verification, then relevant information is normally returned;
Otherwise will continue to verify, until verifying successfully.
Beneficial effects of the present invention are as follows:
The present invention provides a set of secondary safe verification method that can customize, user can need setting phase according to itself
The safety check parameter answered, when user's access operation is to relevant function, system can be according to user-defined secondary secure side
Method is verified, and after verification, could be carried out relevant operation, more effectively be ensured user's right.
The present invention can not only unify to configure, but also each user individual can be allowed to be arranged, and further enhance and believe user
The protection of breath can not be by other people easily even if after logging in system by user, forgetting to nullify, or revealed log-on message
Malicious operation relevant information, effectively ensure user's right;It can be applied to cloudy administrative skill field.
Description of the drawings
The following further describes the present invention with reference to the drawings:
Fig. 1 is flow chart of the present invention.
Specific implementation mode
As shown in Figure 1, it is system function and nonsystematic function that the present invention, which is by the function distinguishing of cloud platform,;To nonsystematic work(
It can select to decide whether to carry out secondary safety verification by user;To it is selected determine need the nonsystematic function of secondary safety verification into
Capable safety verification again.It is as follows:
Step 1:Multiple cloud platforms are registered in the cloud registration center of system under the overall leadership;
System under the overall leadership refers to the system of the multiple cloud platform infrastructure of unified management, and the various functions of cloud platform are all
It is operated by this system, system under the overall leadership contains all feature operations of different cloud platforms;
Multiple cloud platforms are registered, refer to being registered to call the service in system under the overall leadership by the address of service of deployment of components
Resource is a kind of object-oriented service registration mode.
Step 2:All function points of system under the overall leadership are concluded, and are divided into system function and nonsystematic function two major classes;
Whether according to the importance of function, play a decisive role to system under the overall leadership or cloud platform the work(all to system under the overall leadership
It can classify;
System function refers to then anti-to system under the overall leadership or the vital feature operation of cloud platform, nonsystematic function;
The operation of all system functions all has to just carry out by secondary safety verification, and then user presses nonsystematic function
Cloud platform chooses whether to need to carry out secondary safety verification.
Step 3:User defines and enables verification mode;
Verification mode is defined, refers to whether verifying user by the method for secondary safety verification, including close guarantor's problem, mailbox
Verification and three kinds of verification modes of short-message verification;
Enabling verification mode refers to user according to defined verification mode, which verification mode voluntarily selection enables, and
And at least select a kind of verification mode;Each user corresponds to a set of independent verification mode, does not interfere with each other, and suitable under the overall leadership
All cloud platforms in system.
Step 4:User is selected by cloud platform from nonsystematic function to need to carry out the function of secondary safety verification;
User is that each cloud platform selection needs to carry out the function of secondary safety verification, each user from nonsystematic function
Each cloud platform correspond to and a series of the function of carrying out secondary safety verification needed not interfere with each other independently of each other.
Step 5:It accesses and needs to carry out the function of secondary safety verification in corresponding cloud platform;
The function that user passes through any cloud platform of system access operation under the overall leadership.
Step 6:System under the overall leadership intercepts access request, and triggers corresponding verification mode and verified.
System under the overall leadership first determines whether the request currently intercepted belongs to system function, if the request belongs to system work(
Can, then the verification mode for triggering active user's configuration verifies;Otherwise which cloud is the operation object for continuing to obtain the request be
Platform judges whether the request belongs to the needs that active user has selected in the cloud platform in conjunction with cloud platform and user information
The nonsystematic function of carrying out secondary safety verification, if be not belonging to, the request of letting pass, otherwise trigger corresponding verification mode into
Row verification;
The corresponding verification mode of the triggering is verified, and refers to that active user is called to be enabled in corresponding cloud platform
Secondary safety verification mode, the legitimacy of current request is verified;By verification, then relevant information is normally returned;
Otherwise will continue to verify, until verifying successfully.
The basic procedure of the present invention is as follows:
1, registration cloud platform code is as follows:
2, the master switch of secondary system safety verification is defined, initialization is defaulted as opening, and code is as follows:
3, user defines and enables verification mode, and code is as follows:
4, user's selection needs to carry out the function of secondary safety verification, and code is as follows:
5, system intercepts access request, and triggers corresponding verification mode and verified, and code is as follows:
Whole flow process terminates.
Claims (8)
1. a kind of secondary safety access control method based on cloudy platform, it is characterised in that:The method is by cloud platform
Function distinguishing be system function and nonsystematic function;Carrying out secondary safety, which tests, is decided whether by user's selection to nonsystematic function
Card;Determine that the nonsystematic function of needing secondary safety verification carries out safety verification again to selected.
2. according to the method described in claim 1, it is characterized in that:The method includes the following steps:
Step 1:Multiple cloud platforms are registered in the cloud registration center of system under the overall leadership;
Step 2:All function points of system under the overall leadership are concluded, and are divided into system function and nonsystematic function two major classes;
Step 3:User defines and enables verification mode;
Step 4:User is selected by cloud platform from nonsystematic function to need to carry out the function of secondary safety verification;
Step 5:It accesses and needs to carry out the function of secondary safety verification in corresponding cloud platform;
Step 6:System under the overall leadership intercepts access request, and triggers corresponding verification mode and verified.
3. according to the method described in claim 2, it is characterized in that:
The system under the overall leadership refers to the system of the multiple cloud platform infrastructure of unified management, the various functions of cloud platform
It is all operated by this system, system under the overall leadership contains all feature operations of different cloud platforms;
The multiple cloud platforms of the registration refer to being registered to call the clothes in system under the overall leadership by the address of service of deployment of components
Business resource, is a kind of object-oriented service registration mode.
4. according to the method described in claim 2, it is characterized in that:
Whether described is divided into system function and nonsystematic function two major classes, refer to according to the importance of function, to system under the overall leadership
Or the cloud platform function all to system under the overall leadership that play a decisive role is classified;
System function refers to then anti-to system under the overall leadership or the vital feature operation of cloud platform, nonsystematic function;
The operation of all system functions all has to just carry out by secondary safety verification, and then user is flat by cloud for nonsystematic function
Platform chooses whether to need to carry out secondary safety verification.
5. according to the method described in claim 2, it is characterized in that:
The definition verification mode refers to whether verifying user by the method for secondary safety verification, including close guarantor's problem, postal
Case is verified and three kinds of verification modes of short-message verification;
The enabling verification mode refers to user according to defined verification mode, which verification mode voluntarily selection enables,
And at least select a kind of verification mode;Each user corresponds to a set of independent verification mode, does not interfere with each other, and suitable for system
All cloud platforms on guard system.
6. according to the method described in claim 2, it is characterized in that:
The described function of selecting from nonsystematic function to need to carry out secondary safety verification by cloud platform refers to user from non-system
It is that each cloud platform selection needs to carry out the function of secondary safety verification in system function, each cloud platform of each user corresponds to one
Series needs the function of carrying out secondary safety verification not interfere with each other independently of each other.
7. according to the method described in claim 2, it is characterized in that:
The access needs the function of secondary safety verification, refers to that user passes through any cloud platform of system access operation under the overall leadership
Function.
8. according to the method described in claim 2, it is characterized in that:
The system under the overall leadership intercepts access request, refers to that system under the overall leadership first determines whether the request currently intercepted belongs to
In system function, if the request belongs to system function, the verification mode for triggering active user's configuration verifies;Otherwise after
Which cloud platform is the continuous operation object for obtaining the request be, in conjunction with cloud platform and user information, judges whether the request belongs to and works as
What preceding user had selected in the cloud platform needs the nonsystematic function of carrying out secondary safety verification to let pass if be not belonging to
Otherwise the request triggers corresponding verification mode and is verified;
The corresponding verification mode of the triggering is verified, and refers to calling active user enabled two in corresponding cloud platform
Secondary safety verification mode, verifies the legitimacy of current request;By verification, then relevant information is normally returned;Otherwise
It will continue to verify, until verifying successfully.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810233972.3A CN108521407A (en) | 2018-03-21 | 2018-03-21 | A kind of secondary safety access control method based on cloudy platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810233972.3A CN108521407A (en) | 2018-03-21 | 2018-03-21 | A kind of secondary safety access control method based on cloudy platform |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108521407A true CN108521407A (en) | 2018-09-11 |
Family
ID=63433807
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810233972.3A Withdrawn CN108521407A (en) | 2018-03-21 | 2018-03-21 | A kind of secondary safety access control method based on cloudy platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108521407A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109376130A (en) * | 2018-10-18 | 2019-02-22 | 国云科技股份有限公司 | A method of the self-defined template based on cloudy platform records operation log |
| CN109447637A (en) * | 2018-10-18 | 2019-03-08 | 四川师范大学 | Online trading payment cipher verification method based on online data |
| CN109729145A (en) * | 2018-11-28 | 2019-05-07 | 国云科技股份有限公司 | A kind of functional module differentiation methods of exhibiting based on cloudy platform |
| CN110704851A (en) * | 2019-09-18 | 2020-01-17 | 上海联蔚信息科技有限公司 | Public cloud data processing method and device |
| CN114826746A (en) * | 2022-04-28 | 2022-07-29 | 济南浪潮数据技术有限公司 | Cloud platform identity authentication method, device and medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101409757A (en) * | 2007-10-12 | 2009-04-15 | 富士施乐株式会社 | Information processing apparatus, information processing system, and information processing method |
| CN101895555A (en) * | 2010-07-30 | 2010-11-24 | 中国科学院软件研究所 | Business process execution language (BPEL)-based secure access service integration modeling method |
| CN101895533A (en) * | 2010-07-05 | 2010-11-24 | 浙江汇信科技有限公司 | Mandatory authorization method for application permission in unified identity authentication system |
| WO2013135116A1 (en) * | 2012-03-13 | 2013-09-19 | 华为技术有限公司 | A-msdu aggregation method and apparatus, data reception method and apparatus |
| CN104168329A (en) * | 2014-08-28 | 2014-11-26 | 尚春明 | User secondary authentication method, device and system in cloud computing and Internet |
| CN105391724A (en) * | 2015-11-25 | 2016-03-09 | 用友网络科技股份有限公司 | Authorization management method and authorization management device used for information system |
| CN107277066A (en) * | 2017-08-11 | 2017-10-20 | 中国银行股份有限公司 | Account management method, portable electric appts and account management system |
-
2018
- 2018-03-21 CN CN201810233972.3A patent/CN108521407A/en not_active Withdrawn
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101409757A (en) * | 2007-10-12 | 2009-04-15 | 富士施乐株式会社 | Information processing apparatus, information processing system, and information processing method |
| CN101895533A (en) * | 2010-07-05 | 2010-11-24 | 浙江汇信科技有限公司 | Mandatory authorization method for application permission in unified identity authentication system |
| CN101895555A (en) * | 2010-07-30 | 2010-11-24 | 中国科学院软件研究所 | Business process execution language (BPEL)-based secure access service integration modeling method |
| WO2013135116A1 (en) * | 2012-03-13 | 2013-09-19 | 华为技术有限公司 | A-msdu aggregation method and apparatus, data reception method and apparatus |
| CN104168329A (en) * | 2014-08-28 | 2014-11-26 | 尚春明 | User secondary authentication method, device and system in cloud computing and Internet |
| CN105391724A (en) * | 2015-11-25 | 2016-03-09 | 用友网络科技股份有限公司 | Authorization management method and authorization management device used for information system |
| CN107277066A (en) * | 2017-08-11 | 2017-10-20 | 中国银行股份有限公司 | Account management method, portable electric appts and account management system |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109376130A (en) * | 2018-10-18 | 2019-02-22 | 国云科技股份有限公司 | A method of the self-defined template based on cloudy platform records operation log |
| CN109447637A (en) * | 2018-10-18 | 2019-03-08 | 四川师范大学 | Online trading payment cipher verification method based on online data |
| CN109729145A (en) * | 2018-11-28 | 2019-05-07 | 国云科技股份有限公司 | A kind of functional module differentiation methods of exhibiting based on cloudy platform |
| CN110704851A (en) * | 2019-09-18 | 2020-01-17 | 上海联蔚信息科技有限公司 | Public cloud data processing method and device |
| CN114826746A (en) * | 2022-04-28 | 2022-07-29 | 济南浪潮数据技术有限公司 | Cloud platform identity authentication method, device and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108521407A (en) | A kind of secondary safety access control method based on cloudy platform | |
| CN110113167B (en) | Information protection method and system of intelligent terminal and readable storage medium | |
| CN103207969B (en) | The device of detection Android malware and method | |
| EP3484125A1 (en) | Method and device for scheduling interface of hybrid cloud | |
| CN1258141C (en) | Safe application distribution and execution in wireless environment | |
| CN106357609B (en) | A kind of method and system, public network server and private clound equipment creating user | |
| CN109257334B (en) | Block chain-based data uplink system, method and storage medium | |
| CN108965480A (en) | Cloud desktop login management-control method, device and computer readable storage medium | |
| CN106933660A (en) | The implementation method of application process keep-alive under a kind of Android platform | |
| CN109062667B (en) | Simulator identification method, simulator identification equipment and computer readable medium | |
| CN111709023B (en) | Application isolation method and system based on trusted operating system | |
| CN113408006B (en) | Monitoring data access method and device, indoor monitoring system and storage medium | |
| CN110677453A (en) | ZooKeeper-based distributed lock service implementation method, device, equipment and storage medium | |
| CN105975272A (en) | Method and system for generating unique device number of device | |
| CN105975333B (en) | The method and device of application program operation control | |
| CN112231726A (en) | Access control method, device, computer equipment and readable storage medium | |
| CN104022878A (en) | Film-mounted SIM card and corresponding application authentication system and authentication method | |
| CN109710486A (en) | A method of the customized example warning strategies based on cloudy platform | |
| CN117014226B (en) | Service request authentication method, device, equipment, system and storage medium | |
| CN110162959A (en) | Data processing method and device based on device-fingerprint | |
| CN111131440A (en) | Resource scheduling method and device and server | |
| WO2023159956A1 (en) | Bare metal server inspection and deployment method and apparatus, and device and medium | |
| CN112417402B (en) | Authority control method, authority control device, authority control equipment and storage medium | |
| CN106533882B (en) | Message processing method and device | |
| CN108156071A (en) | To method, terminal device and the computer readable storage medium of community's addition member |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20180911 |