CN109670322A - A kind of method and system of data sharing re-authentication - Google Patents

A kind of method and system of data sharing re-authentication Download PDF

Info

Publication number
CN109670322A
CN109670322A CN201811501517.3A CN201811501517A CN109670322A CN 109670322 A CN109670322 A CN 109670322A CN 201811501517 A CN201811501517 A CN 201811501517A CN 109670322 A CN109670322 A CN 109670322A
Authority
CN
China
Prior art keywords
information
access
user
target user
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811501517.3A
Other languages
Chinese (zh)
Inventor
王世晋
范渊
周俊
莫金友
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dbappsecurity Technology Co Ltd
Original Assignee
Hangzhou Dbappsecurity Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dbappsecurity Technology Co Ltd filed Critical Hangzhou Dbappsecurity Technology Co Ltd
Priority to CN201811501517.3A priority Critical patent/CN109670322A/en
Publication of CN109670322A publication Critical patent/CN109670322A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of method and systems of data sharing re-authentication, are related to the technical field of data safety, comprising: obtain shared data and first object target information set by user that first object user uploads;Shared data is stored based on target information, and configures shared information for shared data, wherein shared information includes: shared link and/or shared password;If getting the first access information that the second target user is sent based on shared information, verify whether the second target user is default access user;If, first then, which is sent, to the second target user determines information, so that the second target user determines information and its access authority accessing shared data according to first, it solves in existing data sharing method, any access user can be by the correct shared connection and/or correct access cryptographic acess shared data of shared data, the technical problem for causing the safety of shared data lower.

Description

A kind of method and system of data sharing re-authentication
Technical field
The present invention relates to technical field of data security, a kind of method more particularly, to data sharing re-authentication and are System.
Background technique
User selects the storage of cloud data space personal or business data, on the one hand in view of the convenience of trans-regional across a network with Fast, the sharing functionality of cloud data space is on the other hand also benefited from.However, the data sharing of cloud data space exists centainly Leaking data problem, when the higher file of security requirement needs shared by cloud data space, since existing data are total Connection and correct access cryptographic acess shared data can be shared by the correct of shared data by enjoying any access user of mode, The technical problem for causing the safety of shared data lower.
In view of the above-mentioned problems, not putting forward effective solutions also.
Summary of the invention
In view of this, the purpose of the present invention is to provide a kind of method and system of data sharing re-authentication, to alleviate In existing data sharing method, any access user can pass through the correct shared connection of shared data and correctly access Cryptographic acess shared data, the technical problem for causing the safety of shared data lower.
In a first aspect, it is applied to server the embodiment of the invention provides a kind of method of data sharing re-authentication, it should Method includes: the shared data and first object target information set by user for obtaining first object user and uploading, wherein It include: access authority information of all kinds of access users to shared data in the target information;Based on the target information to institute It states shared data to be stored, and configures shared information for the shared data, wherein the shared information includes shared link And/or access password;If getting the first access information that the second target user is sent based on the shared information, institute is verified State whether the second target user is default access user, the default access user is being capable of basis in all kinds of access users First access information directly accesses the user of the shared data;If so, sending first to second target user Information is determined, so that second target user determines that information and its access authority access the shared number according to described first According to.
Further, the method also includes: if second target user is not the default access user, to institute It states the second target user and sends the first feedback information, so that second target user sends the second access letter to the server Breath, wherein first feedback information is for prompting second target user to send second access to the server Information;If getting the second access information that second target user sends, second access information is transmitted to institute First object user is stated, so that the first object user is based on second access information and sends the second feedback information, wherein Second feedback information is for characterizing whether the first object user allows the second target user access described shared Data;If getting second feedback information to allow second target user to access the shared data, Xiang Suoshu Second target user sends second and determines information, so that second target user determines information and its access based on described second Permission accesses the shared data.
Further, first access information carries the identity information of second target user, and described second visits Ask the identity information that second target user is carried in information, the method also includes: if getting the first access letter Breath then records the identity information for sending the second target user carried in first access information, and record gets institute State the time of the first access information;If get second access information, record and send second access information The identity information of second target user of middle carrying, and record get the time of second access information.
Further, the second determining information is being sent to second target user, alternatively, using to second target Family send first determine information after, if get that the first object user sends checks information, checked based on described Information is by the acquisition time of the identity information of the second target user carried in target access information and the target access information It is sent to the first object user, wherein the target access information includes: that first access information or described second are visited Ask information.
Further, it includes: to obtain first access that whether verifying second target user, which is default access user, The identity information of the second target user is carried in information;It will be in the identity information and the target information of second target user The identity information for the default access user for being included is compared;If comprising described in the identity information of the default access user The identity information of second target user, then verifying second target user is the default access user.
Further, the method also includes: if getting the deletion information that the first object user sends, be based on Shared data described in the deletion information deletion, and the shared data is labeled as having deleted.
Further, the access authority comprises at least one of the following: read-only authority, download permission and unloading permission.
Second aspect, the embodiment of the invention provides a kind of devices of data sharing re-authentication, are set to server, should Device includes: acquiring unit, storage unit, authentication unit and first information transmission unit, wherein the acquiring unit is for obtaining The shared data and first object target information set by user for taking first object user to upload;It is wrapped in the target information It includes: access authority information of all kinds of access users to shared data;The storage unit is used for based on the target information to institute It states shared data to be stored, and configures shared information for the shared data, wherein the shared information includes shared link And/or access password;If the authentication unit is for getting the second target user is sent based on the shared information first Access information then verifies whether second target user is default access user, and the default access user is described all kinds of The user of the shared data can be directly accessed in access user according to first access information;The first information is sent If unit is the default access user for second target user, first is sent to second target user and is determined Information, so that second target user determines that information and its access authority access the shared data according to described first.
Further, the system also includes the second information transmitting units, if be not institute for second target user Default access user is stated, then sends the first feedback information to second target user, so that second target user is to institute It states server and sends the second access information, wherein first feedback information is for prompting second target user to described Server sends second access information;If the second access information that second target user sends is got, by institute It states the second access information and is transmitted to the first object user, so that the first object user is based on second access information Send the second feedback information, wherein second feedback information is for characterizing whether the first object user allows described the Two target users access the shared data;If getting second feedback information to allow second target user to access The shared data then sends second to second target user and determines information, so that second target user is based on institute It states second and determines that information and its access authority access the shared data.
Further, the system also includes recording units, if record for getting first access information The identity information of the second target user carried in first access information is sent, and record gets first access The time of information;If get second access information, record for sending and carrying in second access information The identity information of two target users, and record get the time of second access information.
In embodiments of the present invention, firstly, shared data and first object user that acquisition first object user uploads are set Fixed target information;Then, shared data is stored based on target information, and configures shared information for shared data;When The first access information that the second target user is sent based on shared information is got, then verifies whether the second target user is default User is accessed, if the second target user is default access user, first is sent to the second target user and determines information, so that Second target user determines information and its access authority accessing shared data according to first.
In the present invention, access user is in order to which accessing shared data is in addition to needing to access user by inputting correct share Outside link and access password, it is also necessary to which whether authentication-access user is default access user, when access user is that default access is used Family, access user could visit shared data based on the access authority that data sharing user is the access user setting It asks, to solve in existing data sharing method, any access user can pass through the correct shared company of shared data It connects and correctly accesses cryptographic acess shared data, the technical problem for causing the safety of shared data lower, and then realize and mention The technical effect of the safety of high shared data.
Other features and advantages of the present invention will illustrate in the following description, also, partly become from specification It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention are in specification, claims And specifically noted structure is achieved and obtained in attached drawing.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate Appended attached drawing, is described in detail below.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is a kind of flow chart of the method for data sharing re-authentication provided in an embodiment of the present invention;
Fig. 2 is the flow chart of the method for another data sharing re-authentication provided in an embodiment of the present invention;
Fig. 3 is the flow chart of the method for another data sharing re-authentication provided in an embodiment of the present invention;
Fig. 4 is a kind of schematic diagram of the system of data sharing re-authentication provided in an embodiment of the present invention;
Fig. 5 is a kind of schematic diagram of server provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with attached drawing to the present invention Technical solution be clearly and completely described, it is clear that described embodiments are some of the embodiments of the present invention, rather than Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise Under every other embodiment obtained, shall fall within the protection scope of the present invention.
Embodiment one:
According to embodiments of the present invention, a kind of embodiment of the method for data sharing re-authentication is provided, it should be noted that Step shown in the flowchart of the accompanying drawings can execute in a computer system such as a set of computer executable instructions, and It, in some cases, can be to be different from sequence execution institute herein and although logical order is shown in flow charts The step of showing or describing.
Fig. 1 is a kind of method of data sharing re-authentication according to an embodiment of the present invention, as shown in Figure 1, this method packet Include following steps:
Step S102 obtains shared data and first object target letter set by user that first object user uploads Breath, wherein include: access authority information of all kinds of access users to shared data in the target information;
Step S104 stores the shared data based on the target information, and configures for the shared data Shared information, wherein the shared information includes shared link and/or access password;
Step S106 is tested if getting the first access information that the second target user is sent based on the shared information Demonstrate,prove whether second target user is default access user, the default access user is can in all kinds of access users The user of the shared data is directly accessed according to first access information;
Step S108, if so, sending first to second target user determines information, so that second target is used Family determines that information and its access authority access the shared data according to described first.
In the present invention, access user is in order to which accessing shared data is in addition to needing to access user by inputting correct share Outside link and access password, it is also necessary to which whether authentication-access user is default access user, when access user is that default access is used Family, access user could visit shared data based on the access authority that data sharing user is the access user setting It asks, to solve in existing data sharing method, any access user can pass through the correct shared company of shared data It connects and correctly accesses cryptographic acess shared data, the technical problem for causing the safety of shared data lower, and then realize and mention The technical effect of the safety of high shared data.
It should be noted that can determine whether the second target user is default access user by following steps:
Step S11 obtains the identity information that the second target user is carried in first access information;
Step S12 will preset access included in the identity information of second target user and the target information The identity information of user is compared;
Step S13, if in the identity information of the default access user including the identity information of second target user, Then verifying second target user is the default access user.
In embodiments of the present invention, the second target is carried in the first access information sent due to the second target user to use The identity information at family, therefore, when server gets the first access information of the second target user transmission, server is by first The identity information that the second target user is carried in access information, with the identity for presetting access user included in target information Information is compared.
If including the identity information of the second target user in the identity information of default access user, then can determine Going out the second target user is default access user.
In addition, it should also be noted that, the access authority of user comprises at least one of the following: read-only authority, download permission With unloading permission.
In embodiments of the present invention, as shown in Fig. 2, the method also includes following steps:
Step S110, if second target user is not the default access user, to second target user The first feedback information is sent, so that second target user sends the second access information to the server, wherein described the One feedback information is for prompting second target user to send second access information to the server;
Step S112 is accessed if getting the second access information that second target user sends by described second Information is transmitted to the first object user, so that the first object user is based on second access information and sends second instead Feedforward information, wherein second feedback information is for characterizing whether the first object user allows second target user Access the shared data;
Step S114, if getting second feedback information to allow second target user to access the shared number According to then to the determining information of second target user transmission second, so that second target user determines based on described second Information and its access authority access the shared data.
In embodiments of the present invention, when judging the second target user not is pre-set user, server is to the second target User sends for prompting the second target user to send second access information to the server.
After server gets the second access information of the second target user transmission, which is transmitted to first Target user, so that prompting first object user is non-default access user, if second target user is allowed to access altogether Enjoy data.
When server gets permission the second target user accessing shared data of first object user transmission, then to second Target user sends second and determines information, so that the second target user can determine information and its access authority to altogether based on second Data are enjoyed to access.
In the present invention, when non-default access user's accessing shared data, need non-default access user to the first mesh It marks user and sends an access information, after the permission for obtaining first object user, non-default access user can be to shared Data access, and can further be protected to shared data by above-mentioned method, to improve shared data Safety.
In embodiments of the present invention, the method also includes following steps:
Step S21 records for sending and carrying in first access information if getting first access information The identity information of two target users, and record get the time of first access information;Or
Step S22 records for sending and carrying in second access information if getting second access information The identity information of two target users, and record get the time of second access information.
In embodiments of the present invention, after server gets the first access information of the second target user transmission, service Device will record the identity information of the second target user carried in the first access information, and records and get the first access The time of information.
After server gets the second access information of the second target user transmission, server will record the second access The identity information of the second target user carried in information, and record the time for getting the second access information.
By the identity information to the second target user carried in the first access information, the first access information is got Time, the identity information of the second target user carried in the second access information get the time of the second access information, can Facilitate first object user recognize oneself shared data dynamic.
In embodiments of the present invention, the method also includes following steps:
Step S31 determines information sending second to second target user, alternatively, using to second target Family send first determine information after, if get that the first object user sends checks information, checked based on described Information is by the acquisition time of the identity information of the second target user carried in target access information and the target access information It is sent to the first object user, wherein the target access information includes: that first access information or described second are visited Ask information.
In embodiments of the present invention, information is determined sending second to second target user, alternatively, to described the Two target users send first determine information after, if server get first object user transmission check information, Server will check that information by the identity information of the second target user carried in the first access information, gets first according to this The time of access information, the identity information of the second target user carried in the second access information get the second access information Time be sent to first object user.
In embodiments of the present invention, as shown in figure 3, the method also includes following steps:
Step S41 is based on the deletion information deletion if getting the deletion information that the first object user sends The shared data, and the shared data is labeled as having deleted.
In embodiments of the present invention, target information is based in server to store shared data, and be shared data After configuring shared information, if getting the deletion information of first object user transmission, server deletes shared data It removes, and by shared data labeled as having deleted, when the second target user accesses the shared data, server will delete this The label removed is sent to the second target user, and the second target user shared data has been prompted to be deleted by first object user It removes.
Embodiment two:
The present invention also provides a kind of system of data sharing re-authentication, the system is for executing the embodiment of the present invention The method for stating data sharing re-authentication provided by content is data sharing re-authentication provided in an embodiment of the present invention below System specific introduction.
As shown in figure 4, system setting and server, comprising: acquiring unit 10, storage unit 20,30 He of authentication unit First information transmission unit 40, wherein
The acquiring unit 10 is used to obtain the shared data of first object user upload and the first object user sets Fixed target information;It include: access authority information of all kinds of access users to shared data in the target information;
The storage unit 20 is used to store the shared data based on the target information, and is described shared Data configuration shared information, wherein the shared information includes shared link and/or access password;
If the authentication unit 30 is used to get the first access that the second target user is sent based on the shared information Information then verifies whether second target user is default access user, and the default access user is all kinds of access The user of the shared data can be directly accessed in user according to first access information;
If the first information transmission unit 40 is the default access user for second target user, to institute It states the second target user and sends the first determining information, so that second target user determines information and its visit according to described first Ask that permission accesses the shared data.
In the present invention, access user is in order to which accessing shared data is in addition to needing to access user by inputting correct share Outside link and access password, it is also necessary to which whether authentication-access user is default access user, when access user is that default access is used Family, access user could visit shared data based on the access authority that data sharing user is the access user setting It asks, to solve in existing data sharing method, any access user can pass through the correct shared company of shared data It connects and correctly accesses cryptographic acess shared data, the technical problem for causing the safety of shared data lower, and then realize and mention The technical effect of the safety of high shared data.
Optionally, the system also includes the second information transmitting units, if be not described for second target user Default access user, then send the first feedback information to second target user, so that second target user is to described Server sends the second access information, wherein first feedback information is for prompting second target user to the clothes Business device sends second access information;It, will be described if getting the second access information that second target user sends Second access information is transmitted to the first object user, so that the first object user is sent out based on second access information Send the second feedback information, wherein second feedback information is for characterizing whether the first object user allows described second Target user accesses the shared data;Institute is accessed if getting second feedback information for permission second target user Shared data is stated, then sends second to second target user and determines information, so that second target user is based on described Second determines that information and its access authority access the shared data.
Optionally, the system also includes recording units, if record hair for getting first access information The identity information of the second target user carried in first access information, and record is sent to get the first access letter The time of breath;If get second access information, record second for sending and carrying in second access information The identity information of target user, and record get the time of second access information.
Optionally, the system also includes the first execution units, for sending second really to second target user Determine information, alternatively, after sending the first determining information to second target user, if getting the first object user What is sent checks information, then based on the identity information for checking the second target user that information will carry in target access information The first object user is sent to the acquisition time of the target access information, wherein the target access information includes: First access information or second access information.
Optionally, the authentication unit is also used to: obtaining the body that the second target user is carried in first access information Part information;The identity of access user will be preset included in the identity information of second target user and the target information Information is compared;If in the identity information of the default access user including the identity information of second target user, Verifying second target user is the default access user.
Optionally, the system also includes the second execution units, if sent for getting the first object user Information is deleted, then based on shared data described in the deletion information deletion, and the shared data is labeled as having deleted.
Referring to Fig. 5, the embodiment of the present invention also provides a kind of server 100, comprising: processor 50, memory 51, bus 52 With communication interface 53, the processor 50, communication interface 53 and memory 51 are connected by bus 52;Processor 50 is for executing The executable module stored in memory 51, such as computer program.
Wherein, memory 51 may include high-speed random access memory (RAM, RandomAccessMemory), can also It can further include non-labile memory (non-volatile memory), for example, at least a magnetic disk storage.By at least One communication interface 53 (can be wired or wireless) realizes the communication between the system network element and at least one other network element Connection, can be used internet, wide area network, local network, Metropolitan Area Network (MAN) etc..
Bus 52 can be isa bus, pci bus or eisa bus etc..The bus can be divided into address bus, data Bus, control bus etc..Only to be indicated with a four-headed arrow convenient for indicating, in Fig. 4, it is not intended that an only bus or A type of bus.
Wherein, memory 51 is for storing program, and the processor 50 executes the journey after receiving and executing instruction Sequence, method performed by the device that the stream process that aforementioned any embodiment of the embodiment of the present invention discloses defines can be applied to handle In device 50, or realized by processor 50.
Processor 50 may be a kind of IC chip, the processing capacity with signal.During realization, above-mentioned side Each step of method can be completed by the integrated logic circuit of the hardware in processor 50 or the instruction of software form.Above-mentioned Processor 50 can be general processor, including central processing unit (Central Processing Unit, abbreviation CPU), network Processor (Network Processor, abbreviation NP) etc.;It can also be digital signal processor (Digital Signal Processing, abbreviation DSP), specific integrated circuit (Application Specific Integrated Circuit, referred to as ASIC), ready-made programmable gate array (Field-Programmable Gate Array, abbreviation FPGA) or other are programmable Logical device, discrete gate or transistor logic, discrete hardware components.It may be implemented or execute in the embodiment of the present invention Disclosed each method, step and logic diagram.General processor can be microprocessor or the processor is also possible to appoint What conventional processor etc..The step of method in conjunction with disclosed in the embodiment of the present invention, can be embodied directly in hardware decoding processing Device executes completion, or in decoding processor hardware and software module combination execute completion.Software module can be located at Machine memory, flash memory, read-only memory, programmable read only memory or electrically erasable programmable memory, register etc. are originally In the storage medium of field maturation.The storage medium is located at memory 51, and processor 50 reads the information in memory 51, in conjunction with Its hardware completes the step of above method.
In addition, in the description of the embodiment of the present invention unless specifically defined or limited otherwise, term " installation ", " phase Even ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;It can To be mechanical connection, it is also possible to be electrically connected;It can be directly connected, can also can be indirectly connected through an intermediary Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood at this with concrete condition Concrete meaning in invention.
In the description of the present invention, it should be noted that term " center ", "upper", "lower", "left", "right", "vertical", The orientation or positional relationship of the instructions such as "horizontal", "inner", "outside" be based on the orientation or positional relationship shown in the drawings, merely to Convenient for description the present invention and simplify description, rather than the device or element of indication or suggestion meaning must have a particular orientation, It is constructed and operated in a specific orientation, therefore is not considered as limiting the invention.In addition, term " first ", " second ", " third " is used for descriptive purposes only and cannot be understood as indicating or suggesting relative importance.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with It realizes by another way.The apparatus embodiments described above are merely exemplary, for example, the division of the unit, Only a kind of logical function partition, there may be another division manner in actual implementation, in another example, multiple units or components can To combine or be desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or beg for The mutual coupling, direct-coupling or communication connection of opinion can be through some communication interfaces, device or unit it is indirect Coupling or communication connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, each functional unit in each embodiment of the present invention can integrate in an access unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product It is stored in the executable non-volatile computer-readable storage medium of an accessor.Based on this understanding, of the invention Technical solution substantially the part of the part that contributes to existing technology or the technical solution can be with software in other words The form of product embodies, which is stored in a storage medium, including some instructions use so that One computer equipment (can be personal computer, server or the network equipment etc.) executes each embodiment institute of the present invention State all or part of the steps of method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read- Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. are various can be with Store the medium of program code.
Finally, it should be noted that embodiment described above, only a specific embodiment of the invention, to illustrate the present invention Technical solution, rather than its limitations, scope of protection of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair It is bright to be described in detail, those skilled in the art should understand that: anyone skilled in the art In the technical scope disclosed by the present invention, it can still modify to technical solution documented by previous embodiment or can be light It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make The essence of corresponding technical solution is detached from the spirit and scope of technical solution of the embodiment of the present invention, should all cover in protection of the invention Within the scope of.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. a kind of method of data sharing re-authentication, which is characterized in that be applied to server, comprising:
Obtain shared data and first object target information set by user that first object user uploads, wherein described It include: access authority information of all kinds of access users to shared data in target information;
The shared data is stored based on the target information, and configures shared information for the shared data, wherein The shared information includes shared link and/or access password;
If getting the first access information that the second target user is sent based on the shared information, second target is verified Whether user is default access user, and the default access user is that can visit according to described first in all kinds of access users Ask that information directly accesses the user of the shared data;
If so, sending first to second target user determines information, so that second target user is according to described the One determines that information and its access authority access the shared data.
2. the method according to claim 1, wherein the method also includes:
If second target user is not the default access user, the first feedback letter is sent to second target user Breath, so that second target user sends the second access information to the server, wherein first feedback information is used for Second target user is prompted to send second access information to the server;
If getting the second access information that second target user sends, second access information is transmitted to described First object user, so that the first object user is based on second access information and sends the second feedback information, wherein institute The second feedback information is stated for characterizing whether the first object user allows second target user to access the shared number According to;
If getting second feedback information to allow second target user to access the shared data, to described the Two target users send second and determine information, so that second target user determines information and its access right based on described second Limit accesses the shared data.
3. according to the method described in claim 2, it is characterized in that, first access information carries second target user Identity information, and the identity information of second target user is carried in second access information, the method also includes:
If getting first access information, records and send the second target user's carried in first access information Identity information, and record get the time of first access information;Or
If getting second access information, records and send the second target user's carried in second access information Identity information, and record get the time of second access information.
4. according to the method described in claim 3, it is characterized in that, the method also includes:
Information is determined sending second to second target user, alternatively, sending first really to second target user After determining information, if get that the first object user sends checks information, check that information visits target based on described The acquisition time of the identity information and the target access information of asking the second target user carried in information is sent to described One target user, wherein the target access information includes: first access information or second access information.
5. the method according to claim 1, wherein whether verifying second target user is that default access is used Family includes:
Obtain the identity information that the second target user is carried in first access information;
The identity letter of access user will be preset included in the identity information of second target user and the target information Breath is compared;
If including the identity information of second target user in the identity information of the default access user, verify described Second target user is the default access user.
6. the method according to claim 1, wherein being carried out based on the target information to the shared data Storage, and for the shared data configure shared information after, the method also includes:
If getting the deletion information that the first object user sends, counted based on being shared described in the deletion information deletion According to, and the shared data is labeled as having deleted.
7. method according to any one of claim 1 to 6, which is characterized in that the access authority include it is following at least It is a kind of: read-only authority, download permission and unloading permission.
8. a kind of system of data sharing re-authentication, which is characterized in that be set to server, comprising: acquiring unit, storage are single Member, authentication unit and first information transmission unit, wherein
The acquiring unit is used to obtain the shared data and first object mesh set by user of first object user upload Mark information;It include: access authority information of all kinds of access users to shared data in the target information;
The storage unit is used to store the shared data based on the target information, and matches for the shared data Set shared information, wherein the shared information includes shared link and/or access password;
If the authentication unit is used to get the first access information that the second target user is sent based on the shared information, Verify whether second target user is default access user, the default access user is energy in all kinds of access users Enough users that the shared data is directly accessed according to first access information;
If the first information transmission unit is the default access user for second target user, to described second Target user sends first and determines information, so that second target user determines information and its access authority according to described first Access the shared data.
9. system according to claim 8, which is characterized in that the system also includes:
Second information transmitting unit, if not being the default access user for second target user, to described second Target user sends the first feedback information, so that second target user sends the second access information to the server, In, first feedback information is for prompting second target user to send second access information to the server;
If getting the second access information that second target user sends, second access information is transmitted to described First object user, so that the first object user is based on second access information and sends the second feedback information, wherein institute The second feedback information is stated for characterizing whether the first object user allows second target user to access the shared number According to;
If getting second feedback information to allow second target user to access the shared data, to described the Two target users send second and determine information, so that second target user determines information and its access right based on described second Limit accesses the shared data.
10. system according to claim 9, which is characterized in that the system also includes:
Recording unit, if recording to send and carrying in first access information for getting first access information The identity information of second target user, and record get the time of first access information;Or
If getting second access information, records and send the second target user's carried in second access information Identity information, and record get the time of second access information.
CN201811501517.3A 2018-12-10 2018-12-10 A kind of method and system of data sharing re-authentication Pending CN109670322A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811501517.3A CN109670322A (en) 2018-12-10 2018-12-10 A kind of method and system of data sharing re-authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811501517.3A CN109670322A (en) 2018-12-10 2018-12-10 A kind of method and system of data sharing re-authentication

Publications (1)

Publication Number Publication Date
CN109670322A true CN109670322A (en) 2019-04-23

Family

ID=66145015

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811501517.3A Pending CN109670322A (en) 2018-12-10 2018-12-10 A kind of method and system of data sharing re-authentication

Country Status (1)

Country Link
CN (1) CN109670322A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110336810A (en) * 2019-06-28 2019-10-15 华为技术有限公司 Information sharing method, platform and calculating equipment
CN111404954A (en) * 2020-03-25 2020-07-10 中国工商银行股份有限公司 Hierarchical sharing method and device
CN112016108A (en) * 2020-08-25 2020-12-01 杭州迪普科技股份有限公司 Data sharing method, device, equipment and computer readable storage medium
CN112785312A (en) * 2021-01-21 2021-05-11 维沃移动通信有限公司 Information sharing method and device, electronic equipment and readable storage medium
US11977728B1 (en) * 2022-12-22 2024-05-07 Lifetrack Medical Systems Private Ltd. Interface-integrated permissions configuration

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103024041A (en) * 2012-12-13 2013-04-03 曙光云计算技术有限公司 Data sharing method in cloud computing system
CN103607469A (en) * 2013-11-28 2014-02-26 东莞中国科学院云计算产业技术创新与育成中心 Cloud platform for achieving distributed isomerous data sharing and data sharing method thereof
US9338242B1 (en) * 2013-09-09 2016-05-10 Amazon Technologies, Inc. Processes for generating content sharing recommendations

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103024041A (en) * 2012-12-13 2013-04-03 曙光云计算技术有限公司 Data sharing method in cloud computing system
US9338242B1 (en) * 2013-09-09 2016-05-10 Amazon Technologies, Inc. Processes for generating content sharing recommendations
CN103607469A (en) * 2013-11-28 2014-02-26 东莞中国科学院云计算产业技术创新与育成中心 Cloud platform for achieving distributed isomerous data sharing and data sharing method thereof

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
徐向阳: "《网络安全和网络行为研究》", 31 August 2008, 中原农民出版社 *
陈敏毅: "《国际传播论文集 第十二辑》", 30 November 2011, 中国国际广播出版社 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110336810A (en) * 2019-06-28 2019-10-15 华为技术有限公司 Information sharing method, platform and calculating equipment
CN110336810B (en) * 2019-06-28 2022-06-14 华为云计算技术有限公司 Information sharing method, platform, computing device and storage medium
CN111404954A (en) * 2020-03-25 2020-07-10 中国工商银行股份有限公司 Hierarchical sharing method and device
CN112016108A (en) * 2020-08-25 2020-12-01 杭州迪普科技股份有限公司 Data sharing method, device, equipment and computer readable storage medium
CN112785312A (en) * 2021-01-21 2021-05-11 维沃移动通信有限公司 Information sharing method and device, electronic equipment and readable storage medium
US11977728B1 (en) * 2022-12-22 2024-05-07 Lifetrack Medical Systems Private Ltd. Interface-integrated permissions configuration

Similar Documents

Publication Publication Date Title
CN109670322A (en) A kind of method and system of data sharing re-authentication
US10387134B2 (en) Method and device for downloading profile of operator
US10645568B2 (en) Carrier configuration processing method, device and system, and computer storage medium
JP6069039B2 (en) Gateway device and service providing system
CN106921636B (en) Identity authentication method and device
WO2015165325A1 (en) Secure terminal authentication method, device and system
CN109716805B (en) Installation method of subscription data set, terminal and server
CN108476223B (en) Method and apparatus for SIM-based authentication of non-SIM devices
CN109274722A (en) Data sharing method, device and electronic equipment
KR20180036971A (en) Subsystem for authorization and activation of features
CN110178393A (en) A kind of method for down loading, equipment and the server of subscription data collection
US20190182044A1 (en) Automating verification using secure encrypted phone verification
EP3639496A1 (en) Improved network access point
CN110198539A (en) A kind of authentication method and its device, equipment and storage medium
US20200374271A1 (en) Method and apparatus for operating a connected device using a secure element device
WO2019134493A1 (en) Subscriber identity module data writing method, device, platform, and storage medium
CN109729535B (en) Base station opening method and device, computer storage medium and equipment
JP2019036091A (en) Vehicle security system and vehicle security method
CN106204003B (en) Method, device and system for safely transferring virtual resources
WO2018010480A1 (en) Network locking method for esim card, terminal, and network locking authentication server
CN113766034A (en) Service processing method and device based on block chain
JP2023519997A (en) Method and communication apparatus for securing terminal parameter updates
CN111737681A (en) Resource acquisition method and device, storage medium and electronic device
JP7208080B2 (en) Automatic activation and onboarding of connected equipment
CN117251837A (en) System access method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190423

RJ01 Rejection of invention patent application after publication