CN110263574A - Data managing method, device, system and readable storage medium storing program for executing - Google Patents
Data managing method, device, system and readable storage medium storing program for executing Download PDFInfo
- Publication number
- CN110263574A CN110263574A CN201910494610.4A CN201910494610A CN110263574A CN 110263574 A CN110263574 A CN 110263574A CN 201910494610 A CN201910494610 A CN 201910494610A CN 110263574 A CN110263574 A CN 110263574A
- Authority
- CN
- China
- Prior art keywords
- data
- subsystem
- token
- feedback
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention discloses a kind of data managing method, device, system and readable storage medium storing program for executing, this method comprises: obtaining the authentication parameter in the authentication request when detecting the authentication request that subsystem is sent;According in the authentication parameter the first token and default first generating algorithm generate with associated first signature of the authentication request, and judge the first signature and in the authentication parameter second sign it is whether consistent;If the first signature signs consistent with second in the authentication parameter, the second token is generated according to default second generating algorithm;It include the first feedback data of second token to subsystem feedback, so that the subsystem is synchronous with the data of the data management system based on first feedback data realization.The access control management that the present invention solves business data resource in the prior art expends excessive technical problem.
Description
Technical field
The present invention relates to financial technology (Fintech) technical field more particularly to a kind of data managing method, device, it is
System and readable storage medium storing program for executing.
Background technique
With financial technology (Fintech), the especially continuous development of internet techno-financial, more and more technologies are answered
Used in financial field.Wherein, the data management in financial field is to be related to numerous technologies, the data management packet in financial field
The access control management of enclosed tool system data resource, in the prior art, for the access control of each subsystem data resource,
It is all correspondingly arranged a management system, and for enterprise, generally there are multiple subsystems, each subsystem requires logarithm
A management system is established according to the access control of resource, it is clear that can waste computer resource, and since each management system needs
Operation management person is configured at least one, even more will cause the waste of human resources.
Summary of the invention
The main purpose of the present invention is to provide a kind of data managing method, device, system and readable storage medium storing program for executing, it is intended to
The access control management for solving business data resource in the prior art expends excessive technical problem.
To achieve the above object, the embodiment of the present invention provides a kind of data managing method, the data managing method application
In the data management system for managing multiple subsystems, the data managing method includes:
When detecting the authentication request that subsystem is sent, the authentication parameter in the authentication request is obtained;
It is generated according to the first token in the authentication parameter with default first generating algorithm and is associated with the authentication request
First signature, and judge first signature and in the authentication parameter second sign it is whether consistent;
If the first signature is consistent with the second signature in the authentication parameter, according to default second generating algorithm generation the
Two tokens;
It include the first feedback data of second token to subsystem feedback, so that the subsystem is based on described
First feedback data is realized synchronous with the data of the data management system.
Optionally, described when detecting the authentication request that subsystem is sent, obtain the authentication ginseng in the authentication request
Include: before number step
If receive the access request of the subsystem request access data management system, obtains the access and ask
Role-security data and user role data in asking, by the role-security data and the user role data, with
Pre-set user mapping association in the data management system obtains mapping data;
To subsystem distribution application ID and first token, and by the application ID, first token and institute
State mapping data correlation storage.
Optionally, described to first feedback data of the subsystem feedback including second token, for the son
System is realized based on first feedback data
It include the first feedback data of second token to subsystem feedback;
The first full dose synchronization request that the subsystem is sent based on first feedback data is received, it is complete to described first
It measures second token in synchronization request and carries out the second verification;
If detect second token by the second verification, the complete of the subsystem is obtained based on the inquiry request
Measure data, the full dose data returned into the subsystem, wherein the full dose data include full dose role-security data with
And full dose user role data.
Optionally, described to first feedback data of the subsystem feedback including second token, for the son
System is realized based on first feedback data
It include the first feedback data of second token to subsystem feedback;
If being sentenced when receiving the subsystem and asking whether to need the inquiry request of increment synchronization based on the inquiry request
The disconnected incremental data with the presence or absence of the subsystem until synchronization time to current time last time;
If it exists when the incremental data of the subsystem, there are the incremental datas of the subsystem for the return of Xiang Suoshu subsystem
The second feedback result;
The first increment synchronization request that the subsystem is sent based on second feedback result is received, is increased to described first
It measures second token in synchronization request and carries out the first verification;
If detect second token by the first verification, the incremental data is returned into the subsystem,
In, the incremental data includes increment role permissions data and increment user role data.
Optionally, the first increment synchronization request for receiving the subsystem and being sent based on second feedback result,
Carrying out the first verification step to second token in first increment synchronization request includes:
The first increment synchronization request that the subsystem is sent based on second feedback result is received, obtains described first
The validity period of second token described in increment synchronization request;
Judge second token whether within the validity period, when second token is within the validity period, really
Second token in the fixed synchronization request passes through the first verification.
Optionally, described to be wrapped later to the first feedback data step that subsystem feedback includes second token
It includes:
Call that the preset distributed lock mechanism based on redis requests first increment synchronization or the first full dose is same
Step request carries out locking operation processing, obtains the request of the first increment synchronization or the first full dose in locking-in state and synchronizes and ask
It asks;
Consistent second increment synchronization is requested to be requested with first increment synchronization in locking-in state if detecting, or
If person detects the second full dose synchronization request consistent with the first full dose synchronization request in locking-in state, to described
The request of second increment synchronization or the second full dose synchronization request carry out ignoring processing, and send prompt information to the subsystem
System.
Optionally, described to first feedback data of the subsystem feedback including second token, for the son
System is realized based on first feedback data
Judge whether that receiving the subsystem data synchronizes successful feedback information;
If the data for not receiving the subsystem synchronize successful feedback information, first increment synchronization is requested
Or first full dose synchronization request be unlocked processing, to call the preset distributed lock mechanism based on redis to described
The request of two increment synchronizations or the second full dose synchronization request carry out locking operation processing, to obtain the incremental data and feed back.
The present invention also provides a kind of data administrator, the data administrator includes:
Detection module, for obtaining the authentication in the authentication request when detecting the authentication request that subsystem is sent
Parameter;
First generation module, for according in the authentication parameter the first token and default first generating algorithm generate with
Associated first signature of authentication request, and judge whether the first signature and the second signature in the authentication parameter are consistent;
Second generation module, if sign consistent with second in the authentication parameter for the first signature, according to default
Second generating algorithm generates the second token;
Synchronization module, for including the first feedback data of second token to subsystem feedback, for described
Subsystem is realized synchronous with the data of the data management system based on first feedback data.
Optionally, the data administrator further include:
Module is obtained, if access the access request of the data management system for receiving the subsystem request,
The role-security data and user role data in the access request are obtained, by the role-security data and the use
Pre-set user mapping association in family character data, with the data management system obtains mapping data;
Memory module, for subsystem distribution application ID and first token, and by the application ID, described
First token and the mapping data correlation store.
Optionally, the synchronization module includes:
First feedback unit, for including the first feedback data of second token to subsystem feedback;
First receiving unit, it is synchronous for receiving the first full dose that the subsystem is sent based on first feedback data
Request carries out the second verification to second token in the first full dose synchronization request;
Second feedback unit, if being based on the inquiry request when for detecting second token by the second verification
The full dose data are returned to the subsystem by the full dose data for obtaining the subsystem, wherein the full dose data include
Full dose role-security data and full dose user role data.
Optionally, the synchronization module includes:
Third feedback unit, for including the first feedback data of second token to subsystem feedback;
If judging unit is based on ask whether to need the inquiry request of increment synchronization for receiving the subsystem
The incremental data of inquiry request subsystem until judging whether there is synchronization time to current time last time;
4th feedback unit, when for the incremental data of the subsystem if it exists, there are institutes for the return of Xiang Suoshu subsystem
State the second feedback result of the incremental data of subsystem;
Second receiving unit, the first increment synchronization sent for receiving the subsystem based on second feedback result
Request carries out the first verification to second token in first increment synchronization request;
5th feedback unit, if returning the incremental data when for detecting second token by the first verification
Back to the subsystem, wherein the incremental data includes increment role permissions data and increment user role data.
Optionally, first receiving unit includes:
Receiving subelement is asked for receiving the first increment synchronization that the subsystem is sent based on second feedback result
It asks, obtains the validity period of the second token described in the first increment synchronization request;
Judgment sub-unit, for judging second token whether within the validity period, when second token is in institute
When stating in validity period, determine that second token in the synchronization request passes through the first verification.
Optionally, the third feedback unit includes:
Subelement is called, for calling the preset distributed lock mechanism based on redis to ask first increment synchronization
Ask perhaps the first full dose synchronization request carry out locking operation processing obtain the first increment synchronization request in locking-in state or
First full dose synchronization request;
Subelement is handled, if for detecting and the first increment synchronization request consistent second in locking-in state
Increment synchronization request, if detecting same with consistent second full dose of the first full dose synchronization request in locking-in state
When step request, second increment synchronization request or the second full dose synchronization request are carried out to ignore processing, and send and mention
Show information to the subsystem.
Optionally, the data administrator further include:
Judgment module, for judging whether that receiving the subsystem data synchronizes successful feedback information;
Unlocked state, if the data for not receiving the subsystem synchronize successful feedback information, to described
The request of one increment synchronization or the first full dose synchronization request are unlocked processing, to call the preset distribution based on redis
Lock mechanism requests second increment synchronization or the second full dose synchronization request carries out locking operation processing, to obtain the increasing
Amount data are simultaneously fed back.
The present invention also provides a kind of readable storage medium storing program for executing, data administrator, institute are stored on the readable storage medium storing program for executing
It states and realizes when data administrator is executed by processor such as the step of above-mentioned data managing method.
The present invention obtains the authentication parameter in the authentication request when detecting the authentication request that subsystem is sent;Root
According to the first token in the authentication parameter and the generation of the first generating algorithm and associated first signature of the authentication request are preset,
And judge whether the first signature and the second signature in the authentication parameter are consistent;If in the first signature and the authentication parameter
When second signature is consistent, the second token is generated according to default second generating algorithm;It include described second to subsystem feedback
First feedback data of token, so that the subsystem is realized and the data management system based on first feedback data
Data are synchronous.It in this application, is no longer the access control pipe that a data resource is set for each subsystem of enterprise
Reason system, but a data management system is only set, and the unified management subsystem can be realized and carry out with subsystems
Data are synchronous, with the data resource of unified management control subsystems outside the data interaction between isolation subsystems
Access, specifically, for the data money of unified management control subsystems outside the data interaction between isolation subsystems
The access in source, in this application, data management system first authenticate the subsystem for needing data synchronous, specifically, data
The authentication request that management system receiving subsystem is sent, and generated and calculated based on the first token parameter in authentication request and default first
Method is generated signs with the authentication request associated first, to be compared according to the first signature with the second signature parameter, with true
Whether whether stator system authenticates passes through, and subsystem generates the second token when the authentication is passed, according to default second generating algorithm,
With determine fed back to the subsystem include second token the first feedback data, so that the subsystem is based on described the
One feedback data is realized synchronous with the data of the data management system.That is, in this application, being no longer directed to each subsystem
All developing a management system also may be implemented the access of data resource of management control subsystems, and then solve existing
The access control management of business data resource expends excessive technical problem in technology.
Detailed description of the invention
Fig. 1 is the flow diagram of data managing method first embodiment of the present invention;
Fig. 2 be data managing method second embodiment of the present invention in detect subsystem transmission authentication request when, obtain
Take the refinement flow diagram before the authentication parameter step in the authentication request;
Fig. 3 is the system structure diagram for the hardware running environment that present invention method is related to.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
The present invention provides a kind of data managing method, in one embodiment of data managing method, the data managing method
Applied to the data management system for managing multiple subsystems, referring to Fig. 3, the data managing method includes:
Step S10 obtains the authentication parameter in the authentication request when detecting the authentication request that subsystem is sent;
Step S20 according to the first token in the authentication parameter and presets the generation of the first generating algorithm and the authentication
Associated first signature is requested, and judges whether the first signature and the second signature in the authentication parameter are consistent;
Step S30 is generated according to default second and is calculated if the first signature signs consistent with second in the authentication parameter
Method generates the second token;
Step S40, Xiang Suoshu subsystem feedback includes the first feedback data of second token, for the subsystem
It is realized based on first feedback data synchronous with the data of the data management system.
Specific step is as follows:
Step S10 obtains the authentication parameter in the authentication request when detecting the authentication request that subsystem is sent;
In the present embodiment, it is provided with data management system, the unified multiple subsystems to enterprise of the data management system
The control management for carrying out user's access, in the control management process that unified multiple subsystems to enterprise carry out user's access,
It is related to data synchronization and data isolation process, wherein data, which synchronize, refers to that subsystems pass through communication request such as HTTP
The process that user access control data are obtained from data management system is requested, and data isolation refers to each subsystem from number
The data for being pertaining only to this subsystem are got according to synchronizing in management system, the data of other subsystems are that can not obtain to this subsystem
Take and sightless, and in order to realize that data are synchronous and data isolation, data management system need to subsystems into
Row subsystem authentication, subsystem authentication refer to that subsystems are sent out by communication request such as HTTP request mode to management system
Play legitimate verification request, wherein after only the authentication is passed in data management system, subsystem just may be implemented from number subsystem
It is synchronous according to data are carried out in management system.
It should be noted that subsystem needs to carry out in a management system before initiating authentication request to management system
Access is put on record, specifically, described when detecting the authentication request that subsystem is sent, and obtains the authentication ginseng in the authentication request
Include: before number step
If step S01 obtains institute receive the access request of the subsystem request access data management system
The role-security data and user role data in access request are stated, by the role-security data and the user role
Pre-set user mapping association in data, with the data management system obtains mapping data;
Wherein, data management system is access control based roles RBAC (Role-Based to the management of data
Access Control) determine.As shown, defining various roles, permission first in RBAC, role, permission are remembered respectively
Record, by using role-security contingency table, assigns different rights to different role namely role weighs in role's table and authority list
The mapping relations of limit contingency table record role to permission are associated with after obtaining role-security contingency table by using user role
Table distributes corresponding role for user, is that user role contingency table records user to the mapping relations of role, records due to realizing
Role belonging to user, so belongs to the user subject of certain role, just has the permission of this kind of role, in the management system
In can behave as can the permission of corresponding data resource can be with currently, for extending user in correct access sub-system
The concept of user group is introduced, user group can be associated with multiple roles, if such a user belongs to some user group, so that it may
Possess various rolls indirectly, reduces for the operation of a user repeated dispensing role, the management for obtaining more efficient quick is imitated
Fruit.Wherein, in order to realize the management to data, role management module, permission pipe are included at least in the RBAC of data management system
Manage module, information inquiry module, wherein role management module safeguards the mapping relations of role and permission for defining role;
Authority management module, which is used to operate system resource, carries out delineation of power, carries out authority distribution to the defined role of system and ties up
Corresponding mapping relations are protected, information inquiry module is used to query the role permission information of system users, specific as schemed institute
Show.
In the present embodiment, it is right before data management system realizes the control management that multiple subsystems are carried out with user's access
The subsystem answered needs to access data management system, specifically, if receiving the subsystem request accesses the data management
When the access request of system, data management system obtains role-security data and the user angle of the carrying in the access request
Chromatic number evidence, wherein role-security data and user role data include role, permission, user role mapping table and role's power
The contents such as mapping table are limited, after obtaining role-security data and user role data, by role-security data and described
Pre-set user mapping association in user role data, with the data management system obtains mapping data, for example, role weighs
Limiting in data and user role data includes party A-subscriber, and corresponding role is developer, and corresponding permission is a permission, from number
According to obtaining party A-subscriber in the user list of management system, and based on the role-security data and user role data received, in number
The party A-subscriber in user list is associated with developer, a permission according in management system.
Specifically, subsystems are managed collectively to realize, the data management system in the present embodiment is arranged based on RBAC
Three big modules: visualized management module, subsystem AM access module and data transmission interface module, the visualized management module
Include four submodules: Role Management submodule, rights management submodule, empowerment management submodule and subsystem authentication management
Module, Role Management submodule for the good character data of the multiple subsystem definitions of maintenance and management, provide visual increasing,
It deletes, change, looking into and character data batch import operation, subsystem need to lead to if there is demands such as character data modification or importings
It crosses and carries out applying for etc. that operation is just able to achieve to data management system, rights management submodule is responsible for the multiple subsystems of maintenance and management
The permissions data defined, and offer visually increases, deletes, changing, looking into and permissions data batch import operation;Empowerment management
Module is used to provide the import operation of visual authorization and batch role-security data and/or batch user role data,
In addition, empowerment management submodule is also used to the mapping relations of maintenance and management user and permission, while user right being provided and looks into function
It can, it should be noted that the empowerment management submodule is related to including role's table, authority list, user role contingency table, role-security
The tables such as contingency table.
Step S02, Xiang Suoshu subsystem distributes application ID and first token, and by the application ID, described first
Token and the mapping data correlation store.
In the present embodiment, data management system further includes subsystem authentication management module, subsystem authentication management module
For managing the authentication of multiple subsystems, before being authenticated, subsystem authentication management module is also each subsystem application one
A subsystem application identities ID (application ID or appId) and corresponding subsystem the first token token (the first token or
Apptoken), wherein application ID is sent out for identifying a subsystem, the first token for encrypting storage, and for subsystem
Corresponding data signature is generated when playing authentication request, in addition, subsystem in subsequent synchronisation data, can also carry first
Token, it is corresponding under subsystem authentication management module to protect if the application ID of subsystem and first token are all applied after passing through
Deposit subsystem distribution application ID and the first token, and by the application ID, the first token and the mapping
Data correlation storage, the purpose of associated storage are, carry out data isolation for the data to each subsystem and lay the foundation.
When detecting the authentication request that subsystem is sent, the authentication parameter in the authentication request is obtained;
In the present embodiment, subsystem firstly generates authentication request, and specifically, subsystem is in the authentication behaviour for receiving user
When making, first call random code generation phase generate random code (nonce), wherein nonce can be 5 bit digitals, obtain with
After machine code nonce, default first generating algorithm is called to generate the second signature sign, generate the second signature sign default first is raw
At algorithm are as follows: sign=md5 (md5 (appId+nonce+timeStamp)+apptoken), wherein md5 (x) expression asks x's
Md5 value, that is, Cryptographic Hash Function value, appId are application ID, and timeStamp is timestamp, and apptoken is the first token, will
The parameters such as random code, the second signature, timestamp are added in authentication request, thus, it is asked in the authentication for detecting that subsystem is sent
When asking, data management system can be extracted from authentication request including authentication parameters such as random code, timestamp and the second signatures.
Step S20 according to the first token in the authentication parameter and presets the generation of the first generating algorithm and the authentication
Associated first signature is requested, and judges whether the first signature and the second signature in the authentication parameter are consistent;
For data management system, after obtaining authentication parameter, extract the first token parameter therein, and will with it is pre-
If the first generating algorithm generates and associated first signature of the authentication request, default first generating algorithm are as follows: sign=md5
(md5 (appId+nonce+timeStamp)+apptoken) judges the first signature and the authentication after obtaining the first signature
Whether the second signature in parameter is identical.
Step S30 is generated according to default second and is calculated if the first signature signs consistent with second in the authentication parameter
Method generates the second token;
If the first signature is identical with the second signature in the authentication parameter, according to default second generating algorithm generation the
Two tokens, wherein default second generating algorithm are as follows: the second token token (the 2nd token)=des (appId+expireTime
+ auth+key), wherein expireTime is the out-of-service time, and unit is the second, and random number (auth) is 5 random digits, and des is
A kind of symmetric encipherment algorithm, key are encryption code key.
Step S40, Xiang Suoshu subsystem feedback includes the first feedback data of second token, for the subsystem
It is realized based on first feedback data synchronous with the data of the data management system.
After obtaining the second token, Xiang Suoshu subsystem feedback includes the first feedback data of second token, wherein
First feedback data of data management system feedback is the data of JSON format, specifically includes appId in the first feedback data, the
Two token, auth, the contents such as expireTime, after feeding back the first feedback data to subsystem, the subsystem is based on described
The realization of first feedback data is synchronous with the data of the data management system, and synchronous data include incremental data synchronization and full dose
Data synchronize.
Specifically, described to first feedback data of the subsystem feedback including second token, for the son
System is realized based on first feedback data
Step S41, Xiang Suoshu subsystem feedback includes the first feedback data of second token;
Include the first feedback data of second token to subsystem feedback, is enabled so that subsystem obtains second
Board.
If step S42 is based on the inquiry receive the subsystem and ask whether to need the inquiry request of increment synchronization
Ask the incremental data of the subsystem until request judges whether there is synchronization time to current time last time;
In the present embodiment, subsystem every preset time period initiates an inquiry request to data management system, for example,
Subsystem asks whether to need to carry out increment synchronization, if data management system receives every the inquiry request of initiation in 30 seconds
When the subsystem asks whether to need the inquiry request of increment synchronization, when obtaining subsynchronous on the pre-recorded subsystem
Between, and whether the subsystem has data that are newly-increased or updating until checking synchronization time to current time last time, for example whether depositing
In the medium update of role's table, authority list, user role contingency table, role-security contingency table, check synchronization time last time to working as
Whether the subsystem has data that are newly-increased or updating mainly by checking that renewal time field mode obtains until the preceding time, wherein
The time that renewal time field is used to record corresponding data insertion or last time updates, if the update in renewal time field
Prior to synchronization time last time, then there is incremental data in the time, there are when incremental data, it is also necessary to obtain the incremental data, specifically
Ground, the increment character data of subsystem until searching synchronization time to current time last time according to appId are modified or newly-increased
Character data, according to appId search synchronization time to current time last time until subsystem increment permissions data, that is, repaired
The permissions data for changing or increasing newly, the increment user angle of subsystem until searching synchronization time to current time last time according to appId
Chromatic number evidence, that is, the user role data modified or increased newly, son until searching synchronization time to current time last time according to appId
Increment role's permissions data of system, that is, the role-security modified or increased newly, to obtain complete incremental data, wherein when
When there is no incremental data, the prompt that there is no incremental data is returned to, specifically, incremental data includes increment role's permissions data
And increment user role data etc..
Step S43, if it exists when the incremental data of the subsystem, there are the subsystems for the return of Xiang Suoshu subsystem
Second feedback result of incremental data;
If it exists when the incremental data of the subsystem, there are the incremental datas of the subsystem for the return of Xiang Suoshu subsystem
The second feedback result, for subsystem based on second feedback result carry out the first increment synchronization request generation and hair
It send.
Step S44 receives the first increment synchronization request that the subsystem is sent based on second feedback result, to institute
It states second token in the request of the first increment synchronization and carries out the first verification;
Receive the first increment synchronization request that the subsystem is sent based on second feedback result, the first increment synchronization
The required parameter of request are as follows: appId, auth and the 2nd token, wherein auth and the 2nd token can be in subsystem authentication
It is obtained in request, that is, the first increment synchronization is requested when subsystem access data management system fixes time interior generation really,
2nd token can be identical as the first token, that is, being not that each first increment synchronization that carries out requests to require to obtain newly
Token, when the first token in authentication parameter is in validity period, which can be set as the 2nd token progress
Verification, the process for verifying the second token can be with are as follows: carry out des decryption firstly the need of to the second token, obtained after decryption appId,
Whether the contents such as expireTime and auth, first comparison appId and auth and parameter corresponding in data management system are consistent,
If consistent, judged according to expireTime, determine whether the second token passes through verifying.
It is described to receive the subsystem and requested based on the first increment synchronization that second feedback result is sent, to described the
Second token in the request of one increment synchronization carries out the first verification step
Step S441 receives the first increment synchronization request that the subsystem is sent based on second feedback result, obtains
Take the validity period of the second token described in the first increment synchronization request;
In the present embodiment, the first increment synchronization that the subsystem is sent based on second feedback result is received to ask
It asks, obtains the validity period of the second token described in the first increment synchronization request, such as validity period of any token can be small for 2
When, the purpose for obtaining validity period is to determine whether subsystem needs to re-start authentication, namely is not each progress first
Increment synchronization request requires to obtain the 2nd new token, therefore, it is possible to the access times of subsystem authentication interface are reduced, with
Reduce the waste of resource.
Step S442 judges second token whether within the validity period, when second token is described effective
When in the phase, determine that second token in the synchronization request passes through the first verification.
Judge second token whether within the validity period, when second token is within the validity period, really
Second token in the fixed synchronization request is by the first verification, when second token is not within the validity period, weight
Newly-generated second token, and corresponding execution subsequent logic.
If the incremental data is returned to the son detect second token by the first verification by step S45
System, wherein the incremental data includes increment role permissions data and increment user role data.
The incremental data includes increment role permissions data and increment user role data etc., in the present embodiment,
If detect second token by the first verification, the incremental data that will acquire returns to the subsystem, with reality
Now unified management subsystem is synchronous with the incremental data of subsystem.
The present invention obtains the authentication parameter in the authentication request when detecting the authentication request that subsystem is sent;Root
According to the first token in the authentication parameter and the generation of the first generating algorithm and associated first signature of the authentication request are preset,
And judge whether the first signature and the second signature in the authentication parameter are consistent;If in the first signature and the authentication parameter
When second signature is consistent, the second token is generated according to default second generating algorithm;It include described second to subsystem feedback
First feedback data of token, so that the subsystem is realized and the data management system based on first feedback data
Data are synchronous.It in this application, is no longer the access control pipe that a data resource is set for each subsystem of enterprise
Reason system, but a data management system is only set, and the unified management subsystem can be realized and carry out with subsystems
Data are synchronous, with the data resource of unified management control subsystems outside the data interaction between isolation subsystems
Access, specifically, for the data money of unified management control subsystems outside the data interaction between isolation subsystems
The access in source, in this application, data management system first authenticate the subsystem for needing data synchronous, specifically, data
The authentication request that management system receiving subsystem is sent, and generated and calculated based on the first token parameter in authentication request and default first
Method is generated signs with the authentication request associated first, to be compared according to the first signature with the second signature parameter, with true
Whether whether stator system authenticates passes through, and subsystem generates the second token when the authentication is passed, according to default second generating algorithm,
With determine fed back to the subsystem include second token the first feedback data, so that the subsystem is based on described the
One feedback data is realized synchronous with the data of the data management system.That is, in this application, being no longer directed to each subsystem
All developing a management system also may be implemented the access of data resource of management control subsystems, and then solve existing
The access control management of business data resource expends excessive technical problem in technology.
Further, the present invention provides another embodiment of data managing method, in this embodiment, described to the subsystem
System feedback includes that the first feedback data step of second token includes: later
Step S451, call the preset distributed lock mechanism based on redis first increment synchronization is requested or
First full dose synchronization request carries out locking operation processing, obtains the first increment synchronization request or first in locking-in state entirely
Measure synchronization request;
For each subsystem there are multiple computer machines, multiple computer machine may be simultaneously to data management system
Same increment synchronization request or full dose synchronization request are sent, to avoid data management system from needing to handle multiple same increasings
The wasting of resources caused by synchronization request or full dose synchronization request is measured, in the present embodiment, is called preset based on redis's
Distributed lock mechanism requests first increment synchronization or the first full dose synchronization request carries out locking operation processing, obtains everywhere
In the first increment synchronization request of locking-in state or the first full dose synchronization request, specifically, call preset based on redis's
Distributed lock mechanism refers to: calling set () method of redis to realize the distributed deployment lock of redis, set () method is fixed
Totally 5 parameters, String are adopted set (String key, String value, String nx, String px, int time)
Character string, String key namely key assignmerts of character strings are that uniquely, when key assignmerts of character strings difference, corresponding increment synchronization request is not
Together, therefore, it is possible to judge whether multiple increment synchronization requests are identical according to key assignmerts of character strings;String value namely value character
String is associated with the second token token value;String nx is indicated are as follows: in the absence of String key, carries out set operation;String
Px is that expired setting is added to String key, expired setting refer to specific first increment synchronization request locking setting whether
It is in non-expired state in expired state, whether the locking setting of the first increment synchronization request is in expired state still
Time in non-expired state is determined by the 5th parameter time;Int time and String px is echoed, int time mark
Set () method of the expired time of String key, redis generally results in two kinds of results: if currently without locking-in state is in
The first increment synchronization request (in the absence of key), then received first increment synchronization is requested to carry out locking operation, and corresponding
Add expired setting;If having the presence of the first increment synchronization request in locking-in state, other locking operations are not executed.
Step S452 requests consistent second increment same if detecting with first increment synchronization in locking-in state
Step request, if detecting and the consistent second full dose synchronization request of the first full dose synchronization request in locking-in state
When, second increment synchronization request or the second full dose synchronization request are carried out ignoring processing, and send prompt information
To the subsystem.
If detect with the first increment synchronization request consistent second increment synchronization request in locking-in state,
To second increment synchronization request carry out ignoring processing, if detect with first full dose in locking-in state synchronize ask
When seeking consistent second full dose synchronization request, the second full dose synchronization request is carried out ignoring processing, with described in latching
First increment synchronization of state requests consistent second increment synchronization request to refer to the identical request of synchrodata requested, with
The consistent second full dose synchronization request of the first full dose synchronization request in locking-in state refers to the synchrodata of request
Identical request carries out ignoring processing being not feed back this to second increment synchronization request or the second full dose synchronization request
The request of second increment synchronization or the second full dose synchronization request, and the prompt information that do not feed back is sent to the subsystem.
It is described to feed back the first feedback data including second token to the subsystem, so that the subsystem is based on
First feedback data is realized includes: later with the data synchronizing step of the data management system
Step S453 judges whether that receiving the subsystem data synchronizes successful feedback information;
Step S454 increases if the data for not receiving the subsystem synchronize successful feedback information to described first
Amount synchronization request or the first full dose synchronization request are unlocked processing, to call the preset distributed lock machine based on redis
System carries out locking operation processing to second increment synchronization request or the second full dose synchronization request, to obtain the incremental number
According to and feed back.
It should be noted that in the present embodiment, if the request of the first increment synchronization in locking-in state or first is entirely
When measuring the locking setting of synchronization request in expired state, or the data of the subsystem are not received and synchronize successful feedback
When information, the request of the first increment synchronization or the corresponding synchrodata of the first full dose synchronization request obtain failure, in latching
First increment synchronization of state is requested or the first full dose synchronization request is unlocked processing, so that data management system handles it
His requests consistent second increment synchronization request or is in this to lock with first increment synchronization for being in locking-in state
First increment synchronization of state requests consistent second full dose synchronization request, that is, calls the preset distributed lock based on redis
Mechanism is requested second increment synchronization or the request row locking operation processing of the second increment synchronization, to obtain the incremental number
According to or full dose data and feed back, to avoid causing to be difficult to obtain corresponding synchronization for a long time because of a certain computer machine failure
Data.
In the present embodiment, by calling the preset distributed lock mechanism based on redis to first increment synchronization
Request or the first full dose synchronization request carry out locking operation processing, obtain in locking-in state the first increment synchronization request or
Person's the first full dose synchronization request;Consistent second increment is requested with first increment synchronization in locking-in state if detecting
Synchronization request, if detect with consistent second full dose of the first full dose synchronization request in locking-in state synchronize ask
When asking, second increment synchronization request or the second full dose synchronization request are carried out ignoring processing, and sends prompt letter
It ceases to the subsystem.In the present embodiment, data management system is avoided to need to handle multiple same increment synchronization request institutes
Caused by the wasting of resources.
Further, another embodiment of data managing method is provided in the present invention, it is in this embodiment, described to the son
System feedback includes the first feedback data of second token, so that the subsystem is realized based on first feedback data
Data synchronizing step with the data management system includes:
Step S46, Xiang Suoshu subsystem feedback includes the first feedback data of second token;
Step S47 receives the first full dose synchronization request that the subsystem is sent based on first feedback data, to institute
It states second token in the first full dose synchronization request and carries out the second verification;
In the present embodiment, the synchronization of full dose data, needle in the data management system that full dose data refer to can also be realized
Sub-system corresponds to user, role, permission, role-security, and the data of the whole such as user role specifically receive the subsystem
To described in the first full dose synchronization request after the first full dose synchronization request that is sent based on first feedback data of uniting
Second token carries out the second verification, and the process of the second verification is carried out to second token in the first full dose synchronization request
With to the increment synchronization request in second token carry out first verification process it is essentially identical, details are not described herein.
If step S48 obtains the son based on the inquiry request detect second token by the second verification
The full dose data are returned to the subsystem by the full dose data of system, wherein the full dose data include full dose role power
Limit data and full dose user role data.
If detect second token by the second verification, the complete of the subsystem is obtained based on the inquiry request
Measure data, the full dose data returned into the subsystem, wherein the full dose data include full dose role-security data with
And full dose user role data specifically search the full dose character data of subsystem, full dose permissions data, full dose according to appId
User role data, full dose role-security data, to obtain complete full dose data.
By feeding back the first feedback data including second token to the subsystem;The subsystem is received to be based on
The first full dose synchronization request that first feedback data is sent, to second token in the first full dose synchronization request
Carry out the second verification;If detect second token by the second verification, the subsystem is obtained based on the inquiry request
The full dose data are returned to the subsystem, wherein the full dose data include full dose role-security by the full dose data of system
Data and full dose user role data.In the present embodiment, the synchronization of full dose data is realized.
Referring to Fig. 3, Fig. 3 is the system structure diagram for the hardware running environment that the embodiment of the present invention is related to.
Data management system of the embodiment of the present invention can be PC, be also possible to smart phone, tablet computer, portable computer
Equal terminal devices.
As shown in figure 3, the data management system may include: processor 1001, such as CPU, memory 1005, communication is always
Line 1002.Wherein, communication bus 1002 is for realizing the connection communication between processor 1001 and memory 1005.Memory
1005 can be high speed RAM memory, be also possible to stable memory (non-volatile memory), such as disk is deposited
Reservoir.Memory 1005 optionally can also be the storage equipment independently of aforementioned processor 1001.
Optionally, which can also include target user interface, network interface, camera, RF (Radio
Frequency, radio frequency) circuit, sensor, voicefrequency circuit, WiFi module etc..Target user interface may include display screen
(Display), input unit such as keyboard (Keyboard), optional target user interface can also include that the wired of standard connects
Mouth, wireless interface.Network interface optionally may include standard wireline interface and wireless interface (such as WI-FI interface).
It will be understood by those skilled in the art that the not structure paired data management of data management system structure shown in Fig. 3
The restriction of system may include perhaps combining certain components or different component cloth than illustrating more or fewer components
It sets.
As shown in figure 3, as may include that operating system, network are logical in a kind of memory 1005 of computer storage medium
Believe module and data administrator.Operating system is to manage and control the program of data management system hardware and software resource,
Support the operation of data administrator and other softwares and/or program.Network communication module is for realizing in memory 1005
Communication between each component in portion, and communicated between hardware and softwares other in data management system.
In data management system shown in Fig. 3, processor 1001 is for executing the data pipe stored in memory 1005
The step of managing program, realizing data managing method described in any of the above embodiments.
Data management system specific embodiment of the present invention and each embodiment of above-mentioned data managing method are essentially identical, herein
It repeats no more.
In addition, the embodiment of the present invention also proposes a kind of data administrator, the data administrator specific embodiment with
Above-mentioned each embodiment of data managing method is essentially identical, and details are not described herein.
In addition, the embodiment of the present invention also proposes that a kind of data management system, system include: memory 109, processor 110
And it is stored in the data administrator that can be run on memory 109 and on processor 110, data administrator is by processor
110 the step of each embodiment of above-mentioned data managing method is realized when executing.
In addition, the present invention also provides a kind of computer readable storage medium, the computer-readable recording medium storage
Having one, perhaps more than one program the one or more programs can also be by one or more than one processor
The step of executing with embodiment each for realizing above-mentioned data managing method.
In the expansion of the specific embodiment of present system and readable storage medium storing program for executing (i.e. computer readable storage medium)
Appearance is essentially identical with each embodiment of above-mentioned data managing method, and this will not be repeated here.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that the process, method, article or the device that include a series of elements not only include those elements, and
And further include other elements that are not explicitly listed, or further include for this process, method, article or device institute it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do
There is also other identical elements in the process, method of element, article or device.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art
The part contributed out can be embodied in the form of software products, which is stored in a storage medium
In (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal (can be mobile phone, computer, service
Device, air conditioner or network equipment etc.) execute method described in each embodiment of the present invention.
The embodiment of the present invention is described with above attached drawing, but the invention is not limited to above-mentioned specific
Embodiment, the above mentioned embodiment is only schematical, rather than restrictive, those skilled in the art
Under the inspiration of the present invention, without breaking away from the scope protected by the purposes and claims of the present invention, it can also make very much
Form, all of these belong to the protection of the present invention.
Claims (10)
1. a kind of data managing method, which is characterized in that the data managing method is applied to manage the data of multiple subsystems
Management system, the data managing method include:
When detecting the authentication request that subsystem is sent, the authentication parameter in the authentication request is obtained;
According in the authentication parameter the first token and default first generating algorithm generate and the authentication request associated the
One signature, and judge whether the first signature and the second signature in the authentication parameter are consistent;
If the first signature signs consistent with second in the authentication parameter, second is generated according to default second generating algorithm and is enabled
Board;
It include the first feedback data of second token to subsystem feedback, so that the subsystem is based on described first
Feedback data is realized synchronous with the data of the data management system.
2. data managing method as described in claim 1, which is characterized in that described to be asked in the authentication for detecting that subsystem is sent
When asking, include: before obtaining the authentication parameter step in the authentication request
If receive the access request of the subsystem request access data management system, obtain in the access request
Role-security data and user role data, it is and described by the role-security data and the user role data
Pre-set user mapping association in data management system obtains mapping data;
To subsystem distribution application ID and first token, and the application ID, first token are reflected with described
Penetrate data correlation storage.
3. data managing method as claimed in claim 1 or 2, which is characterized in that described to include institute to subsystem feedback
The first feedback data of the second token is stated, is realized and the data management so that the subsystem is based on first feedback data
The data synchronizing step of system includes:
It include the first feedback data of second token to subsystem feedback;
The first full dose synchronization request that the subsystem is sent based on first feedback data is received, it is same to first full dose
Second token in step request carries out the second verification;
If detect second token by the second verification, the full dose number of the subsystem is obtained based on the inquiry request
According to the full dose data are returned to the subsystem, wherein the full dose data include full dose role-security data and complete
Measure user role data.
4. data managing method as claimed in claim 1 or 2, which is characterized in that described to include institute to subsystem feedback
The first feedback data of the second token is stated, is realized and the data management so that the subsystem is based on first feedback data
The data synchronizing step of system includes:
It include the first feedback data of second token to subsystem feedback;
If when receiving the subsystem and asking whether to need the inquiry request of increment synchronization, being based on inquiry request judgement
The incremental data of the subsystem until the no synchronization time to current time there are last time;
If it exists when the incremental data of the subsystem, Xiang Suoshu subsystem returns to that there are the of the incremental data of the subsystem
Two feedback results;
The first increment synchronization request that the subsystem is sent based on second feedback result is received, it is same to first increment
Second token in step request carries out the first verification;
If detect second token by the first verification, the incremental data is returned into the subsystem, wherein institute
Stating incremental data includes increment role permissions data and increment user role data.
5. data managing method as claimed in claim 4, which is characterized in that described to receive the subsystem based on described second
The first increment synchronization request that feedback result is sent carries out first to second token in first increment synchronization request
Verification step includes:
The first increment synchronization request that the subsystem is sent based on second feedback result is received, first increment is obtained
The validity period of second token described in synchronization request;
Judge that second token whether within the validity period, when second token is within the validity period, determines institute
Second token stated in synchronization request passes through the first verification.
6. the data managing method as described in claim 3 or 4, which is characterized in that described to include to subsystem feedback
Include: after first feedback data step of second token
Call that the preset distributed lock mechanism based on redis requests first increment synchronization or the first full dose is synchronized and asked
It asks and carries out locking operation processing, obtain the request of the first increment synchronization or the first full dose synchronization request in locking-in state;
Consistent second increment synchronization is requested to be requested with first increment synchronization in locking-in state if detecting, Huo Zheruo
When detecting the second full dose synchronization request consistent with the first full dose synchronization request in locking-in state, to described second
Increment synchronization request or the second full dose synchronization request carry out ignoring processing, and send prompt information to the subsystem.
7. data managing method as claimed in claim 6, which is characterized in that it is described to subsystem feedback include described the
First feedback data of two tokens is realized and the data management system so that the subsystem is based on first feedback data
Data synchronizing step after include:
Judge whether that receiving the subsystem data synchronizes successful feedback information;
If the data for not receiving the subsystem synchronize successful feedback information, to first increment synchronization request or
First full dose synchronization request is unlocked processing, to call the preset distributed lock mechanism based on redis to increase to described second
It measures synchronization request or the second full dose synchronization request carries out locking operation processing, to obtain the incremental data and feed back.
8. a kind of data administrator, which is characterized in that the data administrator is applied to manage the data of multiple subsystems
Management system, the data administrator include:
Detection module, for obtaining the authentication parameter in the authentication request when detecting the authentication request that subsystem is sent;
First generation module, for according to the first token and default first generating algorithm in the authentication parameter generate with it is described
Associated first signature of authentication request, and judge whether the first signature and the second signature in the authentication parameter are consistent;
Second generation module, if sign consistent with second in the authentication parameter for the first signature, according to default second
Generating algorithm generates the second token;
Synchronization module, for including the first feedback data of second token to subsystem feedback, for the subsystem
System is realized synchronous with the data of the data management system based on first feedback data.
9. a kind of data management system, which is characterized in that the system comprises: memory, processor and it is stored in the storage
It is real when the data administrator is executed by the processor on device and the data administrator that can run on the processor
Now the step of data managing method as described in any one of claims 1 to 7.
10. a kind of readable storage medium storing program for executing, which is characterized in that data administrator is stored on the readable storage medium storing program for executing, it is described
The step of data managing method as described in any one of claims 1 to 7 is realized when data administrator is executed by processor.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910494610.4A CN110263574A (en) | 2019-06-06 | 2019-06-06 | Data managing method, device, system and readable storage medium storing program for executing |
| PCT/CN2020/092137 WO2020244408A1 (en) | 2019-06-06 | 2020-05-25 | Data management method, apparatus and system, and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910494610.4A CN110263574A (en) | 2019-06-06 | 2019-06-06 | Data managing method, device, system and readable storage medium storing program for executing |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110263574A true CN110263574A (en) | 2019-09-20 |
Family
ID=67917339
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910494610.4A Pending CN110263574A (en) | 2019-06-06 | 2019-06-06 | Data managing method, device, system and readable storage medium storing program for executing |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN110263574A (en) |
| WO (1) | WO2020244408A1 (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111294354A (en) * | 2020-02-04 | 2020-06-16 | 北京嗨学网教育科技股份有限公司 | Signature verification method, apparatus, device and storage medium for distributed environment |
| CN111865576A (en) * | 2020-07-03 | 2020-10-30 | 北京天空卫士网络安全技术有限公司 | Method and device for synchronizing URL classification data |
| WO2020244408A1 (en) * | 2019-06-06 | 2020-12-10 | 深圳前海微众银行股份有限公司 | Data management method, apparatus and system, and readable storage medium |
| CN113783867A (en) * | 2021-09-07 | 2021-12-10 | 福建天泉教育科技有限公司 | Request authentication method and terminal |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP5407482B2 (en) * | 2009-03-27 | 2014-02-05 | ソニー株式会社 | Information processing apparatus, information processing method, and program |
| US8627114B2 (en) * | 2010-08-02 | 2014-01-07 | Cleversafe, Inc. | Authenticating a data access request to a dispersed storage network |
| US10708392B2 (en) * | 2013-12-07 | 2020-07-07 | Appex Networks Holding Limited | System and method for compression and decompression of data containing redundancies |
| CN110263574A (en) * | 2019-06-06 | 2019-09-20 | 深圳前海微众银行股份有限公司 | Data managing method, device, system and readable storage medium storing program for executing |
-
2019
- 2019-06-06 CN CN201910494610.4A patent/CN110263574A/en active Pending
-
2020
- 2020-05-25 WO PCT/CN2020/092137 patent/WO2020244408A1/en active Application Filing
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020244408A1 (en) * | 2019-06-06 | 2020-12-10 | 深圳前海微众银行股份有限公司 | Data management method, apparatus and system, and readable storage medium |
| CN111294354A (en) * | 2020-02-04 | 2020-06-16 | 北京嗨学网教育科技股份有限公司 | Signature verification method, apparatus, device and storage medium for distributed environment |
| CN111865576A (en) * | 2020-07-03 | 2020-10-30 | 北京天空卫士网络安全技术有限公司 | Method and device for synchronizing URL classification data |
| CN111865576B (en) * | 2020-07-03 | 2023-02-28 | 北京天空卫士网络安全技术有限公司 | Method and device for synchronizing URL classification data |
| CN113783867A (en) * | 2021-09-07 | 2021-12-10 | 福建天泉教育科技有限公司 | Request authentication method and terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2020244408A1 (en) | 2020-12-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110263574A (en) | Data managing method, device, system and readable storage medium storing program for executing | |
| US11743054B2 (en) | Method and system for creating and checking the validity of device certificates | |
| US8522361B2 (en) | Tokenized resource access | |
| CN103795692B (en) | Open authorization method, system and certification authority server | |
| CN102461060B (en) | Key management in secure network enclaves | |
| CN101291228B (en) | Generating, authenticating method for super code, system and device thereof | |
| CN102025716B (en) | Method for updating seeds of dynamic password token | |
| KR100751428B1 (en) | System for certify one-time password and method for generating one-time password | |
| JP2015537428A (en) | Secure data processing with virtual machines | |
| US20140006781A1 (en) | Encapsulating the complexity of cryptographic authentication in black-boxes | |
| CN108259502A (en) | For obtaining the identification method of interface access rights, server-side and storage medium | |
| US7165176B2 (en) | Access privilege authentication of client computer for services provided by server computer | |
| CN107517103B (en) | Authority verification method, device and system | |
| US20110069839A1 (en) | Authentication information generating system, authentication information generating method, client apparatus, and authentication information generating program for implementing the method | |
| KR20080087917A (en) | System for certify one-time password, system for issue a seed, and method for generating one-time password | |
| CN106936797A (en) | The management method and system of magnetic disk of virtual machine and file encryption key in a kind of cloud | |
| JP2009003501A (en) | Onetime password authentication system | |
| Xia et al. | Security Access Solution of Cloud Services for Trusted Mobile Terminals Based on TrustZone. | |
| CN106209751A (en) | Service-oriented interface authentication method based on the operating system certificate of authority | |
| CN101296245B (en) | Login method and system of service server | |
| CN101729508B (en) | Method and device for managing contents | |
| KR20100001811A (en) | Method for generating one time password and system therefor | |
| CN109672526B (en) | Method and system for managing executable program | |
| JP5768543B2 (en) | Electronic signature system, signature server, signer client, electronic signature method, and program | |
| CN106230586A (en) | A kind of token seed dynamics update method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |