CN108959940B - Data access control method, medium, device and computing equipment - Google Patents
Data access control method, medium, device and computing equipment Download PDFInfo
- Publication number
- CN108959940B CN108959940B CN201810631558.8A CN201810631558A CN108959940B CN 108959940 B CN108959940 B CN 108959940B CN 201810631558 A CN201810631558 A CN 201810631558A CN 108959940 B CN108959940 B CN 108959940B
- Authority
- CN
- China
- Prior art keywords
- data
- identifier
- generation
- instruction
- remote
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 86
- 238000013523 data management Methods 0.000 abstract description 11
- 238000012423 maintenance Methods 0.000 abstract description 9
- 239000000243 solution Substances 0.000 description 30
- 238000010586 diagram Methods 0.000 description 8
- 230000001360 synchronised effect Effects 0.000 description 7
- 238000004891 communication Methods 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 5
- 230000010076 replication Effects 0.000 description 4
- 230000001419 dependent effect Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 239000007853 buffer solution Substances 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000001934 delay Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Abstract
The embodiment of the invention provides a data access control method, a medium, a device and computing equipment. The method comprises the following steps: receiving a data generation instruction; generating data according to the data generation instruction and generating a data identifier for accessing the data; wherein the data identifier contains generation place information of the data; storing the data to a local database; and returning the data identifier to a sender of the data generation instruction. According to the embodiment of the invention, the generation place of the data can be accurately identified by writing the generation place information in the data identifier, and the data can be directly acquired from the generation place of the data when the data is accessed and used, so that the synchronization of the all-region database is avoided, the data management efficiency is improved, and the redundancy and the data maintenance cost of the data are reduced.
Description
Technical Field
Embodiments of the present invention relate to the field of communications and computer technologies, and more particularly, to a data access control method, medium, apparatus, and computing device.
Background
This section is intended to provide a background or context to the embodiments of the invention that are recited in the claims. The description herein is not admitted to be prior art by inclusion in this section.
With the development of public clouds, cloud computing manufacturers generally provide multi-Region (Region) services, and meanwhile, the rights management requirements of users on resources in cloud computing are more complex. The security token service (Security Token Service, STS for short) provides short-term access service for the resources in the cloud platform for the user by issuing temporary security credentials (Credential), and is suitable for the scene of temporarily accessing the resources in the cloud platform. Since the short-term security credentials themselves have a time validity, typically only a few minutes or hours of validity, unlike permanent authorization, there is no burden on the management, i.e. the authorizer does not have to actively cancel the authorization of the security credentials.
Disclosure of Invention
However, the present inventors have found during the course of research that STS is a global service, in other words, short-term security credentials issued in any one territory can be used worldwide. Due to the timeliness of the short-term security credentials and their requirement for access performance, it is most suitable to store them in a cache system. The support of the buffer system in the cross-regional access aspect is not ideal, and the own replication mechanism is seriously dependent on the network quality, so that the stability of STS service is greatly reduced.
The related art data access control method for cross-region mainly comprises two modes of database-based or cache-based. As shown in fig. 1A, the user plays a role in the first region application, redeems a temporary security credential, and copies the temporary security credential stored in the first database of the first region to the second database of the second region by using a copy mechanism. When the user uses the temporary security credentials issued by the first region in the second region, the second region can directly retrieve the temporary security credentials synchronously transmitted from the first region from the local database. As shown in fig. 1B, after the temporary security credential is redeemed from the first region, the user may store the temporary security credential in a cache, and then issue a write event (i.e., the generated temporary security credential) to another region by using a Message Queue (MQ for short), and after the temporary security credential is received by the second region, store the temporary security credential in a local cache for access.
The technical solution shown in fig. 1A has several drawbacks:
1. the reliability is poor. This scheme relies heavily on database synchronization, which depends on network quality and the current loading of the database, so it is uncertain when the temporary security credentials synchronize to the zone that needs to be used (zone two in this example). The user generally accesses the temporary security document in a program manner when using the temporary security document, that is, the temporary security document may be used in the second region soon when being generated, and at this time, the second region is likely to not be synchronized with the content of the temporary security document.
2. The difficulty of data management is great. The characteristics of the temporary security credentials determine that the most suitable form of storage is caching (e.g., redis, memcached, etc.). Because the number of temporary security certificates is generally very large, when the temporary security certificates are stored by using a database, the temporary security certificates need to be cleaned regularly, the difficulty of data management is increased, and the performance of accessing the temporary security certificates is reduced.
3. The amount of data redundancy is large. The temporary security credentials are generally fixed in one to two regions, and the scheme can synchronize the generated temporary security credentials to all regions within the range of the full platform, so that the data volume redundancy information is greatly increased, the burden of a private network of the full platform is increased, and the overall utilization rate is low.
4. The synchronous replication mechanism is complex. This scheme relies heavily on the replication mechanism provided by the database it uses. In the case of a small number of zones, maintenance can also be performed by management configuration. However, public cloud manufacturers generally provide tens or even tens of regions, and a scheme for synchronizing by using a database is very complex, so that problems are difficult to check.
The solution shown in fig. 1B uses a cache to store temporary security credentials, although the problem of maintainability in the data management of temporary security credentials in the previous solution is solved to some extent, similar to the previous solution, the solution synchronizes data to other regions by means of a message queue, which is an asynchronous synchronization mechanism, but cannot achieve synchronous writing. The delay caused by the asynchronization can cause the unknown time when the temporary security credentials are synchronized to other territories, so that the problem of poor reliability of data synchronization still exists. In addition, the scheme issues the generated temporary security credentials to all areas within the whole platform through the message queue, and the problem of large data redundancy exists. In addition, the technical scheme requires that each region can communicate through the message queue, and the main stream message queue system has poor support in cross-region access, so that the maintenance cost of the message queue is high.
Therefore, an improved data access control method is very needed to solve the problems of poor data synchronization reliability, high data management difficulty, high data maintenance cost and the like in the related technology at least to a certain extent.
In this context, embodiments of the present invention desire to provide a data access control method, medium, apparatus, and computing device.
In a first aspect of the embodiment of the present invention, there is provided a data access control method, including: receiving a data generation instruction; generating data according to the data generation instruction and generating a data identifier for accessing the data; wherein the data identifier contains generation place information of the data; storing the data to a local database; and returning the data identifier to a sender of the data generation instruction.
In some embodiments of the present invention, based on the above technical solution, the method further includes: receiving a remote data synchronization instruction and acquiring a target data identifier in the remote data synchronization instruction; searching data corresponding to the target data identifier in a local database; and returning the search result to the sender of the remote data synchronization instruction.
In some embodiments of the present invention, based on the above technical solution, returning the search result to the sender of the remote data synchronization instruction includes: judging whether the data corresponding to the target data identifier is found in a local database; if the data corresponding to the target data identifier is found, returning the data corresponding to the target data identifier to a sender of the remote data synchronization instruction; and if the data corresponding to the target data identifier is not found, returning a null value to the sender of the remote data synchronization instruction.
In some embodiments of the present invention, based on the above technical solutions, receiving a remote data synchronization instruction includes: a remote data synchronization instruction is received via a remote procedure call protocol.
In some embodiments of the present invention, based on the above technical solution, before returning the data identifier to the sender of the data generation instruction, the method further includes: and encrypting the data identifier.
In some embodiments of the invention, saving the data to a local database includes: and saving the data to a local cache database.
In a second aspect of the embodiment of the present invention, there is provided a data access control method, including: receiving a data access instruction and acquiring a data identifier in the data access instruction; identifying generation place information in the data identifier when a preset condition is met; according to the generation place information, a remote data synchronization instruction is sent to the generation place of the data; receiving a data synchronization result generated and transmitted by the data generation site according to the remote data synchronization instruction; and returning the data synchronization result to the sender of the data access instruction.
In some embodiments of the present invention, based on the above technical solution, when a preset condition is satisfied, identifying the generation place information in the data identifier includes: searching data corresponding to the data identifier in a local database, and judging whether the data corresponding to the data identifier is searched or not; if no data corresponding to the data identifier is found, identifying the generation place information in the data identifier.
In some embodiments of the present invention, based on the above technical solution, when a preset condition is satisfied, identifying the generation place information in the data identifier further includes: and if the data corresponding to the data identifier is found, returning the data corresponding to the data identifier to the sender of the data access instruction.
In some embodiments of the present invention, based on the above technical solution, issuing a remote data synchronization instruction to a place where data is generated includes: remote data synchronization instructions are issued to the generation of data via a remote procedure call protocol.
In some embodiments of the present invention, based on the above technical solution, identifying the generation place information in the data identifier includes: decrypting the data identifier; generating place information contained in the decrypted data identifier is identified.
In some embodiments of the present invention, based on the above technical solution, after receiving a data synchronization result generated and sent by the generation site of the data according to the remote data synchronization instruction, the method further includes: and storing the data synchronization result to a local database.
In some embodiments of the present invention, based on the above technical solution, storing the data synchronization result in a local database includes: and storing the data synchronization result to a local cache database.
In a third aspect of embodiments of the present invention, there is provided a medium having stored thereon a program which, when executed by a processor, implements a method as defined in any of the above.
In a fourth aspect of the embodiments of the present invention, there is provided a data access control apparatus, comprising: a first receiving module configured to receive a data generation instruction; a data generation module configured to generate data according to the data generation instruction and to generate a data identifier for accessing the data; wherein the data identifier contains generation place information of the data; a first storage module configured to save the data to a local database; a first return module configured to return the data identifier to a sender of the data generation instruction.
In some embodiments of the present invention, based on the above technical solution, the method further includes: the second receiving module is configured to receive the remote data synchronization instruction and acquire a target data identifier in the remote data synchronization instruction; a data lookup module configured to lookup data corresponding to the target data identifier in a local database; and the second return module is configured to return the search result to the sender of the remote data synchronization instruction.
In some embodiments of the present invention, based on the above technical solution, the second return module includes: a first judging sub-module configured to judge whether data corresponding to the target data identifier is found in a local database; a first return sub-module configured to return data corresponding to the target data identifier to a sender of the remote data synchronization instruction if the data corresponding to the target data identifier is found; and the null value returning sub-module is configured to return a null value to the sender of the remote data synchronization instruction if the data corresponding to the target data identifier is not found.
In some embodiments of the present invention, based on the above technical solution, the second receiving module includes: and the second receiving sub-module is configured to receive the remote data synchronization instruction through a remote procedure call protocol.
In some embodiments of the present invention, based on the above technical solution, the method further includes: an encryption module configured to encrypt the data identifier containing the generation place information.
In some embodiments of the present invention, based on the above technical solution, the first storage module includes: and the first storage sub-module is configured to store the data to a local cache database.
In a fifth aspect of the embodiments of the present invention, there is provided a data access control apparatus, comprising: a third receiving module configured to receive a data access instruction and obtain a data identifier in the data access instruction; a generation place identification module configured to identify generation place information in the data identifier when a preset condition is satisfied; the data synchronization module is configured to send a remote data synchronization instruction to the generation place of the data according to the generation place information; a fourth receiving module configured to receive a data synchronization result generated and transmitted by the generation site of the data according to the remote data synchronization instruction; and the third return module is configured to return the data synchronization result to the sender of the data access instruction.
In some embodiments of the present invention, based on the above technical solutions, the generating a place identifying module includes: the second judging sub-module is configured to search the data corresponding to the data identifier in the local database and judge whether the data corresponding to the data identifier is searched or not; and the first identification sub-module is configured to identify the generation place information in the data identifier if the data corresponding to the data identifier is not found.
In some embodiments of the present invention, based on the above technical solution, the generating place identifying module further includes: and the second return sub-module is configured to return the data corresponding to the data identifier to the sender of the data access instruction if the data corresponding to the data identifier is found.
In some embodiments of the present invention, based on the above technical solution, the data synchronization module includes: a data synchronization sub-module configured to issue a remote data synchronization instruction to a place of generation of data via a remote procedure call protocol.
In some embodiments of the present invention, based on the above technical solutions, the generating a place identifying module includes: a decryption sub-module configured to decrypt the data identifier; and a second recognition sub-module configured to recognize the generation place information contained in the decrypted data identifier.
In some embodiments of the present invention, based on the above technical solution, the method further includes: and the second storage module is configured to store the data synchronization result to a local database.
In some embodiments of the present invention, based on the above technical solution, the second storage module includes: and the second storage sub-module is configured to store the data synchronization result to a local database.
In a sixth aspect of embodiments of the present invention, there is provided a computing device comprising: a processor and a memory, the memory storing executable instructions, the processor for invoking the memory stored executable instructions to perform the method of any of the above claims.
In the data access control method provided by the embodiment of the invention, the generation place of the data can be accurately identified by writing the generation place information in the data identifier, and the data can be directly acquired from the generation place of the data when the data is accessed and used, so that the indifferent synchronization of the all-region database is avoided, the data management efficiency is improved, the data redundancy is reduced, and the data maintenance cost is reduced. In addition, the data access control method in the embodiment of the invention has low dependence on network quality and good reliability of data synchronization.
Drawings
The above, as well as additional purposes, features, and advantages of exemplary embodiments of the present invention will become readily apparent from the following detailed description when read in conjunction with the accompanying drawings. Several embodiments of the present invention are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which:
fig. 1A schematically shows a block diagram of a method of data access control in the related art.
Fig. 1B schematically shows another method block diagram of data access control in the related art.
Fig. 2 schematically shows a block flow diagram of a data access control method according to the invention in an application scenario.
Fig. 3 schematically shows a flow chart of the steps of a data access control method according to an embodiment of the invention.
Fig. 4 schematically shows a flow chart of the steps of a data access control method according to another embodiment of the invention.
Fig. 5 schematically shows a flow chart of the steps of a data access control method according to a further embodiment of the invention.
Fig. 6 schematically shows a flow chart of the steps of a data access control method according to a further embodiment of the invention.
Fig. 7 schematically shows a flow chart of the steps of a data access control method according to a further embodiment of the invention.
Fig. 8 schematically shows a block diagram of a data access control apparatus according to an embodiment of the present invention.
Fig. 9 schematically shows a block diagram of a data access control apparatus according to another embodiment of the present invention.
Fig. 10 schematically shows a block diagram of a data access control apparatus according to a further embodiment of the present invention.
Fig. 11 schematically shows a block diagram of a data access control apparatus according to a further embodiment of the present invention.
Fig. 12 schematically shows a block diagram of a data access control apparatus according to a further embodiment of the present invention.
In the drawings, the same or corresponding reference numerals indicate the same or corresponding parts.
Detailed Description
The principles and spirit of the present invention will be described below with reference to several exemplary embodiments. It should be understood that these embodiments are presented merely to enable those skilled in the art to better understand and practice the invention and are not intended to limit the scope of the invention in any way. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
Those skilled in the art will appreciate that embodiments of the invention may be implemented as a system, apparatus, device, method, or computer program product. Thus, the invention may be embodied in the form of: complete hardware, complete software (including firmware, resident software, micro-code, etc.), or a combination of hardware and software.
According to the embodiment of the invention, a data access control method, a medium, a device and a computing device are provided.
In this context, it is to be understood that the term "territory" (Region) is generally referred to as a physically remote machine room, where network communication delays between territories are large.
The term "Available Zone" means a machine room physically close in the same region, and network delay between Available zones is small.
The term "security token service" (Security Token Service, STS for short) is a service that provides users with short-term access to resources within a cloud platform, mainly by issuing temporary security credentials (credentials).
Furthermore, any number of elements in the figures is for illustration and not limitation, and any naming is used for distinction only and not for any limiting sense.
The principles and spirit of the present invention are explained in detail below with reference to several representative embodiments thereof.
Summary of The Invention
The present inventors have found that when a user needs to use a cross-domain data access service, data synchronization of a plurality of domains is required. Taking the STS service as an example, a user redeems temporary security credentials at the data generation site by applying to play a role, the temporary security credentials are to be saved in a database or cache of the data generation site, and then the temporary security credentials are synchronized to all other sites by replication of the database or by means of a message queue. When the user uses the temporary security credentials in other areas, the data is retrieved from the local database or cache again in use. The method for performing data synchronization on all regions without difference has the problem of poor synchronization reliability, generates a large amount of data redundancy, and has great problems in data management and maintenance.
Therefore, the embodiment of the invention provides a data access control method, a medium, a device and a computing device, when a user uses a temporary security certificate across regions, the information of the generation place of the temporary security certificate can be acquired, and further data synchronization can be performed in a targeted manner, for example, the data generation place and the data use place can be synchronized under the request of the data use place, and the data synchronization is not needed in other regions. Therefore, the reliability of data synchronization can be greatly improved, and the problems in data management and maintenance caused by data redundancy can be reduced.
Having described the basic principles of the present invention, various non-limiting embodiments of the invention are described in detail below.
Application scene overview
It should be noted that the following application scenarios are only shown for facilitating understanding of the spirit and principles of the present invention, and embodiments of the present invention are not limited in this respect. Rather, embodiments of the invention may be applied to any scenario where applicable.
Referring to fig. 2, fig. 2 schematically illustrates one exemplary application scenario in which embodiments of the present invention may be implemented. Wherein the user accesses the STS service at the data generating site to generate a temporary security document, the data generating site stores the temporary security document in a local database (cache in this embodiment), and returns an identifier containing information of the data generating site to the user. When the user uses the temporary security credentials in other areas, the request for use includes the identifier. The data usage place can firstly acquire temporary security credentials in a database of the data usage place according to a user request, if the temporary security credentials are found, the subsequent business operation can be executed, and if the temporary security credentials are not found, the data generation place information can be acquired from the identifier, and then a data synchronization request is sent to the data generation place. The data generation place searches temporary security credentials in a database of the data generation place according to a data synchronization request sent by the data use place. If the data producer finds the temporary security credential, the temporary security credential is returned to the data consumer, and if the data producer does not find the temporary security credential, a null value is returned to the data consumer. After receiving the temporary security credentials or null values returned by the data producer, the data consumer saves them in a database of the data consumer for use in performing subsequent business operations.
Exemplary method
A data access control method according to an exemplary embodiment of the present invention will be described below with reference to fig. 3 to 7 in conjunction with the above-described application scenarios.
As shown in fig. 3, in an exemplary embodiment of the present invention, a data access control method applied to a data generation place may mainly include the steps of:
and S310, receiving a data generation instruction.
The step first receives a data generation instruction, which may be issued by a user, or may be issued by a data-dependent party as needed in the process of providing data services to the user.
S320, generating data according to the data generation instruction, and generating a data identifier for accessing the data; wherein the data identifier contains information of the place of generation of the data.
Upon receiving the data generation instruction in step S310, the present step generates data according to the data generation instruction, where the data may be temporary data (for example, temporary security credentials in the application scenario described above) or permanent data, and the present exemplary embodiment is not limited thereto. In this step, the data identifier for accessing the corresponding data is generated at the same time as the data is generated, and the data identifier includes the generation place information for generating the corresponding data. The generation place information can provide directivity for the use of the data, and particularly when a user accesses the data in other regions or other available regions except the generation place of the data, the generation place of the data can be found according to the generation place information, so that the data synchronization can be performed in a targeted manner.
And S330, storing the data into a local database.
The data generated in step S320 is saved in a local database of the data generating place, where the database may be a database that can permanently save data, such as MySQL, or may be a cache database, such as Redis, which is not limited in this exemplary embodiment. When the data generated in step S320 is temporary data, the temporary data may be stored in the cache database, and the validity period of the temporary data may be stored at the same time, so as to reduce complexity of data management and investment in data maintenance.
And S340, returning the data identifier to a sender of the data generation instruction.
This step returns the data identifier generated in step S320 to the sender of the data generation instruction, e.g. the user. The sender of the data generation instruction may use the data identifier for data access. When the data is used across regions, the generation place information of the data can be obtained from the data identifier, so that the corresponding data is obtained from the data generation place, the data access across regions is realized, the reliability of data synchronization is improved, and the data redundancy is reduced.
Referring to fig. 4, the data access control method may further include the following steps, based on the above embodiment:
step S410, a remote data synchronization instruction is received, and a target data identifier in the remote data synchronization instruction is obtained.
The method includes the steps of receiving a remote data synchronization instruction from a data generator and acquiring a target data identifier in the remote data synchronization instruction. The sender of the remote data-synchronization instruction may generally be a data-use site that may issue the remote data-synchronization instruction to the data-generation site via inter-domain data communication when a user requests access to the data at the data-use site. The data usage site and the data generation site may communicate via a remote procedure call (Remote Procedure Call, RPC) protocol, which is a computer protocol that allows a program running on one computer to call a subroutine of another computer without the programmer having to additionally program this interaction. In addition, hypertext transfer (HyperText Transfer Protocol, abbreviated as HTTP) protocol or any other network communication method may be used between the data usage site and the data generation site, and this exemplary embodiment is not particularly limited thereto.
Step S420, searching data corresponding to the target data identifier in a local database.
After the target data identifier is obtained in step S410, the present step searches the local database of the data generation place for the data corresponding to the target data identifier, where the target data identifier may be generated simultaneously with the corresponding data, and there is a unique association between the two.
And S430, returning the search result to a sender of the remote data synchronization instruction.
This step returns the lookup result of step S430 to the sender of the remote data-synchronization instruction, e.g., the data-use site.
Referring to fig. 5, step s430, the sender of the remote data sync instruction may further include the steps of:
step S431, judging whether the data corresponding to the target data identifier is found in the local database.
The method comprises the steps of firstly judging whether corresponding data is found in a local database according to a target data identifier, judging that the result is different, and returning different finding results to a sender of a remote data synchronization instruction.
Step S432, if the data corresponding to the target data identifier is found, the data corresponding to the target data identifier is returned to the sender of the remote data synchronization instruction.
If the determination in step S431 is yes, that is, the data corresponding to the target data identifier is found in the local database, then the present step returns the data corresponding to the target data identifier to the sender of the remote data synchronization instruction.
And S433, if the data corresponding to the target data identifier is not found, returning a null value to the sender of the remote data synchronization instruction.
If the determination in step S431 is negative, i.e. no data corresponding to the target data identifier is found in the local database, this step will return a null value to the sender of the remote data-synchronization instruction. The reason why the corresponding data is not found in the local database may be various, for example, the user uses a forged data identifier, or the data identifier is damaged in the use or transmission process, so that the corresponding data cannot be acquired; for another example, the target data identifier is correct, but the corresponding data is temporary data, and the temporary data has expired, which will also result in the local database not being able to find the data corresponding to the target data identifier. In this case, the sender of the remote data synchronization instruction (e.g., the data-use place) will receive and save the null value, and when the user requests access to the relevant data at the data-use place again using the same target data identifier, the data-use place can directly return the saved null value to the user, thereby avoiding that meaningless data synchronization requests are continually issued to the data-generation place due to frequent operations of the user.
In one embodiment of the present invention, the data access control method of the present invention may further include a step of encrypting the data identifier before returning the data identifier to the sender of the data generation instruction at step s340. For example, the data identifier generated in step S320 is STS.4b3e553a 1878457 d4d 143b8c6+1524885022771+ncs: sam: 3951343724501504: roll/stsRole+cn-east-1, wherein the last portion cn-east-1 is the information of the generation place of the data. Encrypting it with BASE64 will result in an encrypted data identifier:
U1RTLjRiM2U1NTNhMTg3ODQ1M2Q4YzQ0OWQ0ZGYxNDNiOGM2KzE1MjQ4ODUwMjI3NzErbmNzOnNhbTo6Mzk1MTM0Mzc0NzI0NTAxNTA0OnJvbGUvc3RzUm9sZStjbi1lYXN0LTE=
implementation details in the data identifier can be effectively hidden through encryption processing, and generation place information of data contained in the data identifier can be shielded, so that safety of data access and use is improved. The encryption processing performed on the data identifier may employ any symmetric encryption algorithm or asymmetric encryption algorithm, which is not particularly limited in the present exemplary embodiment.
In the above exemplary embodiment, the generation place of the data can be accurately identified by writing the generation place information in the data identifier, and the data can be directly obtained from the generation place of the data when the data is accessed and used, so that blind synchronization of the all-region database is avoided, the efficiency of data management is improved, redundancy of a large amount of data is avoided, and the data maintenance cost is reduced.
Referring to fig. 6, in an exemplary embodiment of the present invention, a data access control method applied to a data usage site may mainly include the steps of:
step S610, receiving a data access instruction and acquiring a data identifier in the data access instruction.
This step will receive the data access instruction in use by the data and obtain the data identifier from the data access instruction. The data access instructions may be issued by the user or by the data-dependent party as required in the process of providing data services to the user.
And S620, identifying the generation place information in the data identifier when the preset condition is met.
When the preset condition is satisfied, the step identifies the generation place information contained in the data indicator. Since the data and the data identifier are usually generated in pairs at the same time and at the same place, the generation place information may be generation place information of the data or generation place information of the data identifier. The preset conditions referred to in this step may include, for example, a case where the data corresponding to the data identifier is not stored in the database of the data usage site, or the related data cannot be obtained from the database of the data usage site, or any other preset conditions set as needed, which is not particularly limited in this exemplary embodiment.
And S630, according to the generation place information, a remote data synchronization instruction is sent to the generation place of the data.
Based on the information of the generation place identified in step S620, this step will issue a remote data synchronization instruction to the generation place of the data. The data usage site and the data generation site may communicate via a Remote Procedure Call (RPC) protocol, or may use a hypertext transfer (HTTP) protocol or any other network communication method, which is not particularly limited in this exemplary embodiment.
Step S640, receiving a data synchronization result generated and transmitted by the data generation place according to the remote data synchronization instruction.
The data producer will produce a data sync result based on the remote data sync instruction issued in step S630, where the data consumer will receive the data sync result issued by the data producer. If a data identifier is included in the remote data synchronization instruction, the data producer may synchronize data corresponding to the data identifier exclusively to the data consumer. In addition, the data generation place can synchronize all data stored in the database to the data using place according to the need.
And S650, returning the data synchronization result to the sender of the data access instruction.
After receiving the data synchronization result in step S640, this step returns the data synchronization result to the sender of the data access instruction, such as the user. If the data synchronization result received in step S640 is synchronization of all the data in the database, this step will return only the data corresponding to the data identifier to the sender of the data access instruction.
After receiving the data synchronization result in step S640, the present exemplary embodiment may also save the data synchronization result to a local database of the data usage site. Therefore, when the user accesses the data again at the same place, the data can be directly acquired from the local database of the data using place, and synchronization is not required to be requested from the data generating place, so that the efficiency and convenience of data access are improved. If the returned data synchronization result is temporary data corresponding to the data identifier, this step may store this temporary data in a local cache database, such as Redis, memcached, etc. Because the temporary data has timeliness, the temporary data does not need to be actively managed, and the investment in the aspect of data management is reduced.
Referring to fig. 7, on the basis of the above exemplary embodiment, step s620, when a preset condition is satisfied, identifying the generation place information in the data identifier may further include the steps of:
Step S621, searching data corresponding to the data identifier in the local database, and judging whether the data corresponding to the data identifier is searched or not.
After receiving the data access instruction in step S610, the present step first searches the local database of the data usage site for data corresponding to the data identifier included in the data access instruction, and determines whether to find the data corresponding to the data identifier.
Step S622, if the data corresponding to the data identifier is not found, identifying the generation place information in the data identifier.
If the determination in step S621 is no, that is, the data corresponding to the data identifier is not found in the local database of the data usage site, this step will recognize the generation site information in the data identifier. If the data identifier is encrypted, this step requires decrypting the data identifier and then identifying the information of the generation contained in the decrypted data identifier.
In one embodiment of the present invention, step S620 may further include:
step S623, if the data corresponding to the data identifier is found, returning the data corresponding to the data identifier to the sender of the data access instruction.
If the determination in step S621 is yes, that is, the data corresponding to the data identifier is found in the local database of the data usage site, the present step may return the data corresponding to the data identifier directly to the sender of the data access instruction without executing the steps of identifying the generation place information, requesting data synchronization from the data generation place, and the like. The reasons for being able to find the corresponding data in the local database of the data usage site may be manifold, e.g. the data usage site is the original data generation site, or the data usage site has been data synchronized with the data generation site. The data synchronization may be performed according to the access request of the user provided in the present exemplary embodiment, or may be performed by a conventional data synchronization between the cross-regional databases.
The data access control method provided by the above exemplary embodiment can perform one-to-one data synchronization on the data using place and the data generating place according to the request by identifying the generating place information carried by the data identifier, thereby avoiding the complexity of all-region data synchronization and reducing the data redundancy.
Exemplary Medium
Having described the method of the exemplary embodiments of the present invention, next, a description will be given of the medium of the exemplary embodiments of the present invention.
In some possible embodiments, the aspects of the present invention may also be implemented as a medium having stored thereon program code for implementing the steps in the data access control method according to the various exemplary embodiments of the present invention described in the "exemplary method" section of the present specification when the program code is executed by a processor of the device.
In an exemplary embodiment of the invention, the program code is executed by a processor of the device for carrying out the steps of: a data generation instruction is received. Generating data according to the data generation instruction and generating a data identifier for accessing the data; wherein the data identifier contains information of a place of generation of the data. And saving the data to a local database. And returning the data identifier to a sender of the data generation instruction.
In some embodiments of the invention, the processor of the device, when executing the program code, is further configured to implement the steps of: receiving a remote data synchronization instruction and acquiring a target data identifier in the remote data synchronization instruction; searching data corresponding to the target data identifier in a local database; and returning the search result to the sender of the remote data synchronization instruction.
In some embodiments of the invention, the program code is executed by a processor of the device for performing the steps of: judging whether the data corresponding to the target data identifier is found in a local database; if the data corresponding to the target data identifier is found, returning the data corresponding to the target data identifier to a sender of the remote data synchronization instruction; and if the data corresponding to the target data identifier is not found, returning a null value to the sender of the remote data synchronization instruction.
In some embodiments of the present invention, based on the above technical solutions, the receiving a remote data synchronization instruction includes: a remote data synchronization instruction is received via a remote procedure call protocol.
In some embodiments of the invention, the program code is executed by a processor of the device for performing the steps of: the data identifier is encrypted before being returned to the sender of the data generation instruction.
In some embodiments of the present invention, based on the above technical solutions, the storing the data in a local database includes: and saving the data to a local cache database.
In another exemplary embodiment of the invention, the program code is executed by a processor of the device for carrying out the steps of: and receiving a data access instruction and acquiring a data identifier in the data access instruction. And identifying the generation place information in the data identifier when the preset condition is met. And according to the generation place information, a remote data synchronization instruction is sent to the generation place of the data. And receiving a data synchronization result generated and transmitted by the generation place of the data according to the remote data synchronization instruction. And returning the data synchronization result to the sender of the data access instruction.
In some embodiments of the invention, the program code is executed by a processor of the device for performing the steps of: searching data corresponding to the data identifier in a local database, and judging whether the data corresponding to the data identifier is searched or not; if no data corresponding to the data identifier is found, identifying the generation place information in the data identifier.
In some embodiments of the invention, the processor of the device, when executing the program code, is further configured to implement the steps of: and if the data corresponding to the data identifier is found, returning the data corresponding to the data identifier to the sender of the data access instruction.
In some embodiments of the present invention, based on the above technical solution, issuing a remote data synchronization instruction to a place where data is generated includes: remote data synchronization instructions are issued to the generation of data via a remote procedure call protocol.
In some embodiments of the invention, the processor of the device, when executing the program code, is further configured to implement the steps of: decrypting the data identifier; generating place information contained in the decrypted data identifier is identified.
In some embodiments of the invention, the processor of the device, when executing the program code, is further configured to implement the steps of: after receiving the data synchronization result generated and transmitted by the data generation place according to the remote data synchronization instruction, saving the data synchronization result to a local database.
In some embodiments of the present invention, based on the above technical solution, storing the data synchronization result in a local database includes: and storing the data synchronization result to a local cache database.
The specific implementation manner of the above steps is described in the corresponding method embodiments, and will not be repeated here.
It should be noted that: the medium may be a readable signal medium or a readable storage medium. The readable storage medium may be, for example, but not limited to: an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The readable signal medium may include a data signal propagated in baseband or as part of a carrier wave with readable program code embodied therein. Such a propagated data signal may take many forms, including, but not limited to: electromagnetic signals, optical signals, or any suitable combination of the preceding. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
Exemplary apparatus
Having described the medium of the exemplary embodiment of the present invention, next, a data access control apparatus of the exemplary embodiment of the present invention will be described with reference to fig. 8.
As shown in fig. 8, the data access control device 80 applied to the data generation place may mainly include: a first receiving module 81, a data generating module 82, a first storing module 83 and a first returning module 84.
Wherein the first receiving module 81 is configured to receive a data generation instruction. The data generation module 82 is configured to generate data according to the data generation instruction and to generate a data identifier for accessing the data; wherein the data identifier contains information of a place of generation of the data. The first storage module 83 is configured to save the data to a local database. The first return module 84 is configured to return the data identifier to the sender of the data generation instruction.
As shown in fig. 9, the data access control device 80 applied to the data generation place may further include: a second receiving module 91, a data finding module 92 and a second returning module 93.
Wherein the second receiving module 91 is configured to receive the remote data synchronization instruction and obtain the target data identifier in the remote data synchronization instruction. The data lookup module 92 is configured to lookup the data corresponding to the target data identifier in a local database. The second return module 93 is configured to return the search result to the sender of the remote data-synchronization instruction.
As shown in fig. 10, the second return module 93 may further include: a first determination sub-module 931, a first return sub-module 932, and a null value return sub-module 933.
Wherein the first determination sub-module 931 is configured to determine whether data corresponding to the target data identifier is found in a local database. The first return sub-module 932 is configured to return data corresponding to the target data identifier to a sender of the remote data-synchronization instruction if the data corresponding to the target data identifier is found. The null value return sub-module 933 is configured to return a null value to the sender of the remote data-synchronization instruction if data corresponding to the target data identifier is not found.
On the basis of the above exemplary embodiment, the second receiving module 91 may further include a second receiving sub-module configured to receive the remote data synchronization instruction through a remote procedure call protocol.
The data access control device 80 may further comprise an encryption module configured to encrypt the data identifier containing the generation place information.
The first storage module 83 may further comprise a first storage sub-module configured to save the data to a local cache database.
Specific operations performed by the above modules or sub-modules thereof are described in the corresponding method embodiments, and are not described herein.
As shown in fig. 11, the data access control device 110 applied to the data usage site may mainly include: a third receiving module 111, a place of generation identifying module 112, a data synchronizing module 113, a fourth receiving module 114 and a third returning module 115.
Wherein the third receiving module 111 is configured to receive a data access instruction and to obtain a data identifier in the data access instruction. The place of generation identifying module 112 is configured to identify place of generation information in the data identifier when a preset condition is satisfied. The data synchronization module 113 is configured to issue a remote data synchronization instruction to the place of generation of the data according to the place of generation information. The fourth receiving module 114 is configured to receive the data synchronization result generated and transmitted by the generation site of the data according to the remote data synchronization instruction. The third return module 115 is configured to return the data synchronization result to the sender of the data access instruction.
As shown in fig. 12, the place identifying module 112 may further include: a second determination sub-module 1121, a first identification sub-module 1122, and a second return sub-module 1123.
Wherein the second judging sub-module 1121 is configured to search the local database for the data corresponding to the data identifier and judge whether to find the data corresponding to the data identifier. The first identifying sub-module 1122 is configured to identify the place of generation information in the data identifier if no data corresponding to the data identifier is found. The second return sub-module 1123 is configured to return data corresponding to the data identifier to the sender of the data access instruction if the data corresponding to the data identifier is found.
On the basis of the above exemplary embodiments, the data synchronization module 113 may further include a data synchronization sub-module configured to issue a remote data synchronization instruction to the generation place of the data through a remote procedure call protocol.
In another exemplary embodiment of the present invention, the place identifying module may include a decryption sub-module and a second identifying sub-module. Wherein the decryption sub-module is configured to decrypt the data identifier. The second identification sub-module is configured to identify the place of generation information contained in the decrypted data identifier.
The data access control device 110 may further comprise a second storage module configured to save the data synchronization result to a local database. The second storage module may further comprise a second storage sub-module configured to save the data synchronization results to a local database.
Specific operations performed by the above modules or sub-modules thereof are described in the corresponding method embodiments, and are not described herein.
Exemplary computing device
Having described the methods, media, and apparatus of exemplary embodiments of the present invention, next, a computing device according to another exemplary embodiment of the present invention is described.
Those skilled in the art will appreciate that the various aspects of the invention may be implemented as a system, method, or program product. Accordingly, aspects of the invention may be embodied in the following forms, namely: an entirely hardware embodiment, an entirely software embodiment (including firmware, micro-code, etc.) or an embodiment combining hardware and software aspects may be referred to herein as a "circuit," module "or" system.
In some possible implementations, a computing device according to embodiments of the invention may include at least one processor, and at least one memory. Wherein the memory stores program code that, when executed by the processor, causes the processor to perform the steps in the data access control method according to various exemplary embodiments of the present invention described in the section "exemplary method" above of the present specification. For example, the processor may perform the steps as shown in fig. 3: and S310, receiving a data generation instruction. S320, generating data according to the data generation instruction, and generating a data identifier for accessing the data; wherein the data identifier contains information of the place of generation of the data. And S330, storing the data into a local database. And S340, returning the data identifier to a sender of the data generation instruction. As another example, the processor may also perform the steps as shown in fig. 4-7.
It should be noted that although in the above detailed description several units or sub-units of the data access control device are mentioned, such a division is only exemplary and not mandatory. Indeed, the features and functions of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the invention. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.
Furthermore, although the operations of the methods of the present invention are depicted in the drawings in a particular order, this is not required to either imply that the operations must be performed in that particular order or that all of the illustrated operations be performed to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform.
While the spirit and principles of the present invention have been described with reference to several particular embodiments, it is to be understood that the invention is not limited to the particular embodiments of the invention nor does it imply that features in the various aspects are not useful in combination, nor are they intended to be useful in any way, such as for convenience of description. The invention is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims (24)
1. A data access control method, comprising:
receiving a data generation instruction;
generating data according to the data generation instruction and generating a data identifier for accessing the data; wherein the data identifier contains generation place information of the data;
storing the data to a local database;
returning the data identifier to a sender of the data generation instruction;
receiving a remote data synchronization instruction sent according to the generation place information, and acquiring a target data identifier in the remote data synchronization instruction;
searching the local database for data corresponding to the target data identifier;
judging whether the data corresponding to the target data identifier is found in a local database;
if the data corresponding to the target data identifier is found, returning the data corresponding to the target data identifier to a sender of the remote data synchronization instruction so as to perform data synchronization only on a generation place of the data and a use place of the data, wherein the use place of the data is the sender of the remote data synchronization instruction;
and if the data corresponding to the target data identifier is not found, returning a null value to a sender of the remote data synchronization instruction, wherein the sender of the remote data synchronization instruction is different from the region of the local database.
2. The data access control method of claim 1, the receiving a remote data synchronization instruction transmitted according to the generation place information comprising:
and receiving a remote data synchronization instruction sent according to the generation place information through a remote procedure call protocol.
3. The data access control method of claim 1, prior to returning the data identifier to the sender of the data generation instruction, the method further comprising:
and encrypting the data identifier.
4. The data access control method of claim 1, the saving the data to a local database comprising:
and saving the data to a local cache database.
5. A data access control method, comprising:
receiving a data access instruction and acquiring a data identifier in the data access instruction;
identifying generation place information in the data identifier when a preset condition is met;
according to the information of the generation place, a remote data synchronization instruction is sent to the generation place of the data, wherein the sender of the remote data synchronization instruction is different from the region of the generation place of the data;
receiving a data synchronization result generated and transmitted by the generation place of the data according to the remote data synchronization instruction so as to perform data synchronization only on the generation place of the data and the use place of the data, wherein the use place of the data is a sender of the remote data synchronization instruction;
Returning the data synchronization result to a sender of the data access instruction;
and if the generation place of the data returns a null value, receiving and storing the null value, and when the user requests to access the related data at the use place of the data again by using the same target data identifier, directly returning the stored null value to the user.
6. The data access control method according to claim 5, wherein the identifying the generation place information in the data identifier when a preset condition is satisfied comprises:
searching data corresponding to the data identifier in a local database, and judging whether the data corresponding to the data identifier is searched or not;
if no data corresponding to the data identifier is found, identifying the generation place information in the data identifier.
7. The data access control method according to claim 6, wherein the identifying the generation place information in the data identifier when a preset condition is satisfied further comprises:
and if the data corresponding to the data identifier is found, returning the data corresponding to the data identifier to the sender of the data access instruction.
8. The data access control method of claim 5, the issuing of the remote data synchronization instruction to the place of generation of the data comprising:
Remote data synchronization instructions are issued to the generation of data via a remote procedure call protocol.
9. The data access control method of claim 5, the identifying the place of generation information in the data identifier comprising:
decrypting the data identifier;
generating place information contained in the decrypted data identifier is identified.
10. The data access control method of claim 5, after receiving a data synchronization result generated and transmitted by the generation site of the data according to the remote data synchronization instruction, the method further comprising:
and storing the data synchronization result to a local database.
11. The data access control method of claim 10, the saving the data synchronization result to a local database comprising:
and storing the data synchronization result to a local cache database.
12. A medium having stored thereon a program which, when executed by a processor, implements the method of any of claims 1 to 11.
13. A data access control apparatus comprising:
a first receiving module configured to receive a data generation instruction;
a data generation module configured to generate data according to the data generation instruction and to generate a data identifier for accessing the data; wherein the data identifier contains generation place information of the data;
A first storage module configured to save the data to a local database;
a first return module configured to return the data identifier to a sender of the data generation instruction;
a second receiving module configured to receive a remote data synchronization instruction transmitted according to the generation place information and acquire a target data identifier in the remote data synchronization instruction;
a data lookup module configured to lookup data corresponding to the target data identifier in the local database;
a first judging sub-module configured to judge whether data corresponding to the target data identifier is found in a local database;
a first return sub-module configured to return data corresponding to the target data identifier to the sender of the remote data synchronization instruction if the data corresponding to the target data identifier is found, so as to perform data synchronization only on a generation place of the data and a use place of the data, wherein the use place of the data is the sender of the remote data synchronization instruction;
and the null value returning sub-module is configured to return a null value to a sender of the remote data synchronization instruction if the data corresponding to the target data identifier is not found, wherein the sender of the remote data synchronization instruction is different from the region of the local database.
14. The data access control device of claim 13, the second receiving module comprising:
and the second receiving sub-module is configured to receive the remote data synchronization instruction sent according to the generation place information through a remote procedure call protocol.
15. The data access control device of claim 13, the device further comprising:
an encryption module configured to encrypt the data identifier containing the generation place information.
16. The data access control device of claim 13, the first storage module comprising:
and the first storage sub-module is configured to store the data to a local cache database.
17. A data access control apparatus comprising:
a third receiving module configured to receive a data access instruction and obtain a data identifier in the data access instruction;
a generation place identification module configured to identify generation place information in the data identifier when a preset condition is satisfied;
the second data synchronization module is configured to send a remote data synchronization instruction to the generation place of the data according to the generation place information, wherein a sender of the remote data synchronization instruction is different from the region of the generation place of the data;
A fourth receiving module configured to receive a data synchronization result generated and transmitted by the generation place of the data according to the remote data synchronization instruction, so as to perform data synchronization only on the generation place of the data and the use place of the data, wherein the use place of the data is a sender of the remote data synchronization instruction;
the third return module is configured to return the data synchronization result to the sender of the data access instruction;
and the null value receiving module is configured to receive and store the null value if the generation place of the data returns the null value, and directly return the stored null value to the user when the user requests to access the related data from the use place of the data again by using the same target data identifier.
18. The data access control device of claim 17, the place of generation identification module comprising:
the second judging sub-module is configured to search the data corresponding to the data identifier in the local database and judge whether the data corresponding to the data identifier is searched or not;
and the first identification sub-module is configured to identify the generation place information in the data identifier if the data corresponding to the data identifier is not found.
19. The data access control device of claim 18, the place of generation identification module further comprising:
and the second return sub-module is configured to return the data corresponding to the data identifier to the sender of the data access instruction if the data corresponding to the data identifier is found.
20. The data access control device of claim 17, the data synchronization module comprising:
a data synchronization sub-module configured to issue a remote data synchronization instruction to a place of generation of data via a remote procedure call protocol.
21. The data access control device of claim 17, the place of generation identification module comprising:
a decryption sub-module configured to decrypt the data identifier;
and a second recognition sub-module configured to recognize the generation place information contained in the decrypted data identifier.
22. The data access control device of claim 17, the device further comprising:
and the second storage module is configured to store the data synchronization result to a local database.
23. The data access control device of claim 22, the second storage module comprising:
And the second storage sub-module is configured to store the data synchronization result to a local cache database.
24. A computing device, comprising: a processor and a memory storing executable instructions for invoking the memory stored executable instructions to perform the method of any of claims 1 to 11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810631558.8A CN108959940B (en) | 2018-06-19 | 2018-06-19 | Data access control method, medium, device and computing equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810631558.8A CN108959940B (en) | 2018-06-19 | 2018-06-19 | Data access control method, medium, device and computing equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108959940A CN108959940A (en) | 2018-12-07 |
| CN108959940B true CN108959940B (en) | 2024-01-19 |
Family
ID=64491534
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810631558.8A Active CN108959940B (en) | 2018-06-19 | 2018-06-19 | Data access control method, medium, device and computing equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108959940B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109992582A (en) * | 2019-02-19 | 2019-07-09 | 深圳点猫科技有限公司 | A kind of ephemeral data processing method and electronic equipment based on graphical programming |
| CN112948430B (en) * | 2021-03-30 | 2022-12-13 | 中国建设银行股份有限公司 | Date data query method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103701913A (en) * | 2013-12-30 | 2014-04-02 | 优视科技有限公司 | Data synchronization method and device |
| CN104408058A (en) * | 2014-10-29 | 2015-03-11 | 中国建设银行股份有限公司 | Data access method and device |
| US9760572B1 (en) * | 2014-07-11 | 2017-09-12 | ProSports Technologies, LLC | Event-based content collection for network-based distribution |
| CN107463693A (en) * | 2017-08-11 | 2017-12-12 | 深圳乐信软件技术有限公司 | A kind of data processing method, device, terminal and computer-readable recording medium |
-
2018
- 2018-06-19 CN CN201810631558.8A patent/CN108959940B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103701913A (en) * | 2013-12-30 | 2014-04-02 | 优视科技有限公司 | Data synchronization method and device |
| US9760572B1 (en) * | 2014-07-11 | 2017-09-12 | ProSports Technologies, LLC | Event-based content collection for network-based distribution |
| CN104408058A (en) * | 2014-10-29 | 2015-03-11 | 中国建设银行股份有限公司 | Data access method and device |
| CN107463693A (en) * | 2017-08-11 | 2017-12-12 | 深圳乐信软件技术有限公司 | A kind of data processing method, device, terminal and computer-readable recording medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108959940A (en) | 2018-12-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11520912B2 (en) | Methods, media, apparatuses and computing devices of user data authorization based on blockchain | |
| CN102427442B (en) | Combining request-dependent metadata with media content | |
| CN109241181A (en) | Database operation method and device | |
| JP5153616B2 (en) | Domain management method and apparatus therefor | |
| CN107613005B (en) | Reverse proxy method and device, electronic device and storage medium | |
| US9774582B2 (en) | Private cloud connected device cluster architecture | |
| US11588642B2 (en) | Method and apparatus for sharing and acquiring information | |
| CN106487763B (en) | Data access method based on cloud computing platform and user terminal | |
| US10911538B2 (en) | Management of and persistent storage for nodes in a secure cluster | |
| CN111258602B (en) | Information updating method and device | |
| CN109542862B (en) | Method, device and system for controlling mounting of file system | |
| CN108427677B (en) | Object access method and device and electronic equipment | |
| CN112714192A (en) | Data synchronization method and device, computer readable medium and electronic equipment | |
| US10951510B2 (en) | Communication device and communication method | |
| CN108959940B (en) | Data access control method, medium, device and computing equipment | |
| CN110348225A (en) | Method and apparatus are determined for the security breaches of application programming interfaces | |
| EP3987712A1 (en) | Cryptographic key orchestration between trusted containers in a multi-node cluster | |
| CN113364587A (en) | System, method, device, medium and equipment for processing streaming media data | |
| US20110296183A1 (en) | Authentication in data management | |
| JP2012003682A (en) | Access control system, access control method, authentication device and authentication system | |
| KR20190139742A (en) | Distributed Ledger for logging inquiry time in blockchain | |
| CN111049949B (en) | Domain name identification method and device, electronic equipment and medium | |
| US20160366125A1 (en) | Service providing method, and service providing device | |
| CN112528239A (en) | Method and device for automatically authorizing software | |
| CN113626873B (en) | Authentication method, device, electronic equipment and computer readable medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 310052 Room 301, Building No. 599, Changhe Street Network Business Road, Binjiang District, Hangzhou City, Zhejiang Province Applicant after: Hangzhou NetEase Shuzhifan Technology Co.,Ltd. Address before: 310052 Room 301, Building No. 599, Changhe Street Network Business Road, Binjiang District, Hangzhou City, Zhejiang Province Applicant before: HANGZHOU LANGHE TECHNOLOGY Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |