CN110401674B - Data access method, device, system, electronic equipment and computer readable medium - Google Patents

Data access method, device, system, electronic equipment and computer readable medium Download PDF

Info

Publication number
CN110401674B
CN110401674B CN201910765096.3A CN201910765096A CN110401674B CN 110401674 B CN110401674 B CN 110401674B CN 201910765096 A CN201910765096 A CN 201910765096A CN 110401674 B CN110401674 B CN 110401674B
Authority
CN
China
Prior art keywords
data
verification
password
user
platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910765096.3A
Other languages
Chinese (zh)
Other versions
CN110401674A (en
Inventor
孟淑玲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Taikang Insurance Group Co Ltd
Original Assignee
Taikang Insurance Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Taikang Insurance Group Co Ltd filed Critical Taikang Insurance Group Co Ltd
Priority to CN201910765096.3A priority Critical patent/CN110401674B/en
Publication of CN110401674A publication Critical patent/CN110401674A/en
Application granted granted Critical
Publication of CN110401674B publication Critical patent/CN110401674B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security

Abstract

The disclosure relates to a data access method, device, system, electronic equipment and computer readable medium. The method comprises the following steps: performing first verification on the enterprise platform through a first user name and a first password to obtain first verification data; performing second verification on the auxiliary authentication platform through a second user name, a second password and the first verification data to obtain second verification data; generating a data access request through the second verification data and the identification of the target data; and obtaining a return result based on the access request. The data access method, the data access device, the data access system, the electronic equipment and the computer readable medium can ensure the access security of data in the system.

Description

Data access method, device, system, electronic equipment and computer readable medium
Technical Field
The present disclosure relates to the field of computer information processing, and in particular, to a data access method, apparatus, system, electronic device, and computer readable medium.
Background
In order to ensure the security of the system, when a user wants to use the data in the system, the user is authenticated, which is an important measure for ensuring the security of the system. Most systems open data access rights to users after user authentication has passed. For a system with a large number of agencies, the problem of insecurity often results from the leakage of user names and passwords. Moreover, different users may need to upload their respective data to the system, and how to prevent the data between different users from being leaked is also an important problem to ensure their respective privacy.
Particularly, in the field of insurance, each user inputs insurance policy information into an insurance company system through an external network, and the user needs to acquire an insurance policy image from the insurance company system through the external network and store the insurance policy image to the local place when settling a claim. The image data of the insurance policy is stored in the intranet of the insurance company, so that the safety problem of image data access is solved, and the problem that the access data of different users are independent needs to be solved urgently.
In the prior art, a user accesses image data stored in an intranet of an insurance company through a user name and a password, and once the user name and the password are revealed, potential safety hazards of information disclosure can be generated. In addition, each user can access the image data stored in the intranet, so that each user can view the data of other users, and the privacy of the data cannot be ensured.
Therefore, a new data access method, apparatus, system, electronic device, and computer readable medium are needed.
The above information disclosed in this background section is only for enhancement of understanding of the background of the disclosure and therefore it may contain information that does not constitute prior art that is already known to a person of ordinary skill in the art.
Disclosure of Invention
In view of this, the present disclosure provides a data access method, an apparatus, a system, an electronic device, and a computer readable medium, which can ensure the access security of data in the system and ensure the mutual independence of data in the system among different access users.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of the disclosure.
According to an aspect of the present disclosure, a data access method is provided, the method including: performing first verification on the enterprise platform through a first user name and a first password to obtain first verification data; performing second verification on the auxiliary authentication platform through a second user name, a second password and the first verification data to obtain second verification data; generating a data access request through the second verification data and the identification of the target data; and obtaining a return result based on the access request.
In an exemplary embodiment of the present disclosure, further comprising: and acquiring the updated first user name, the first password, the second user name and the second password at regular time.
In an exemplary embodiment of the present disclosure, obtaining a return result based on the access request includes: sending the access request to the enterprise platform; and receiving the returned results generated by the enterprise platform.
According to an aspect of the present disclosure, a data access method is provided, the method including: acquiring a first user name and a first password from a user; performing first verification on the first username and the first password; after the first verification passes, generating first verification data; and sending the first verification data to the user and an auxiliary authentication platform.
In an exemplary embodiment of the present disclosure, further comprising: acquiring second verification data by the auxiliary authentication platform; obtaining, by the user, a data access request; performing a third authentication on the data access request based on the second authentication data; and after the third verification is passed, generating a return result for the user.
In an exemplary embodiment of the disclosure, the third verifying the data access request based on the second verification data comprises: verifying the second verification data in the access request through the second verification data acquired from the auxiliary authentication platform; and/or performing authority verification on the authority identified by the target data in the access request.
In an exemplary embodiment of the present disclosure, the second verification data includes a time stamp therein; performing a third validation of the data access request based on the second validation data further comprises: and performing third verification on the data access request based on the time stamp.
In an exemplary embodiment of the present disclosure, further comprising: and regularly updating the first user name and the first password with the second user name and the second password in an associated manner.
According to an aspect of the present disclosure, a data access method is provided, the method including: acquiring a second user name, a second password and first verification data from a user; performing second verification on the second user name, the second password and the first verification data; after the second verification passes, generating second verification data; and sending the second validation data to the user and enterprise platform.
In an exemplary embodiment of the present disclosure, further comprising: and acquiring the updated second user name and the second password at regular time.
According to an aspect of the present disclosure, a data access apparatus is provided, the apparatus including: the first data module is used for performing first verification on the enterprise platform through a first user name and a first password to obtain first verification data; the second data module is used for performing second verification on the auxiliary authentication platform through a second user name, a second password and the first verification code to obtain second verification data; the access request module is used for generating a data access request through the second verification data and the identification of the target data; and a return result module for obtaining a return result based on the access request.
According to an aspect of the present disclosure, a data access apparatus is provided, the apparatus including: the first receiving module is used for acquiring a first username and a first password from a user; the first verification module is used for performing first verification on the first username and the first password; after the first verification passes, generating first verification data; and the first sending module is used for sending the first verification data to the user and the auxiliary authentication platform.
According to an aspect of the present disclosure, a data access apparatus is provided, the apparatus including: the second receiving module is used for acquiring a second user name, a second password and first verification data from a user; the second verification module is used for performing second verification on the second user name, the second password and the first verification code; after the second verification passes, generating second verification data; and a second sending module for sending the second verification data to the user and the enterprise platform.
According to an aspect of the present disclosure, a data access system is provided, the system comprising: the user side is used for performing first verification on the enterprise platform through a first user name and a first password to obtain first verification data; performing second verification on the auxiliary authentication platform through a second user name, a second password and the first verification code to obtain second verification data; generating a data access request through the second verification data and the identification of the target data; and obtaining a return result based on the access request; the enterprise platform is used for acquiring a first user name and a first password from a user; performing first verification on the first username and the first password; after the first verification passes, generating first verification data; and sending the first verification data to the user and an auxiliary authentication platform; the auxiliary authentication platform is used for acquiring a second user name, a second password and the first verification code from a user; performing second verification on the second user name, the second password and the first verification code; after the second verification passes, generating second verification data; and sending the second validation data to the user and enterprise platform.
According to an aspect of the present disclosure, an electronic device is provided, the electronic device including: one or more processors; storage means for storing one or more programs; when executed by one or more processors, cause the one or more processors to implement a method as above.
According to an aspect of the disclosure, a computer-readable medium is proposed, on which a computer program is stored, which program, when being executed by a processor, carries out the method as above.
According to the data access method, the data access device, the data access system, the electronic equipment and the computer readable medium, through the auxiliary verification mode of the auxiliary authentication platform, the access safety of the data in the system can be guaranteed, and the mutual independence of the data in the system among different access users can also be guaranteed.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings. The drawings described below are merely some embodiments of the present disclosure, and other drawings may be derived from those drawings by those of ordinary skill in the art without inventive effort.
Fig. 1 is a system scenario block diagram illustrating a data access method and apparatus according to an example embodiment.
FIG. 2 is a flow diagram illustrating a data access system according to another exemplary embodiment.
FIG. 3 is a flow chart illustrating a method of data access according to an exemplary embodiment.
Fig. 4 is a flow chart illustrating a method of data access according to another exemplary embodiment.
Fig. 5 is a flow chart illustrating a method of data access according to another exemplary embodiment.
FIG. 6 is a flow chart illustrating a method of data access according to an exemplary embodiment.
FIG. 7 is a system block diagram illustrating a method of data access in accordance with an exemplary embodiment.
FIG. 8 is a block diagram illustrating a data access device according to an example embodiment.
Fig. 9 is a block diagram illustrating a data access device according to another example embodiment.
Fig. 10 is a block diagram illustrating a data access device according to another example embodiment.
FIG. 11 is a block diagram illustrating an electronic device in accordance with an example embodiment.
FIG. 12 is a schematic diagram illustrating a computer-readable storage medium according to an example embodiment.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The same reference numerals denote the same or similar parts in the drawings, and thus, a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the subject matter of the present disclosure can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the disclosure.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
It will be understood that, although the terms first, second, third, etc. may be used herein to describe various components, these components should not be limited by these terms. These terms are used to distinguish one element from another. Thus, a first component discussed below may be termed a second component without departing from the teachings of the disclosed concept. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
It is to be understood by those skilled in the art that the drawings are merely schematic representations of exemplary embodiments, and that the blocks or processes shown in the drawings are not necessarily required to practice the present disclosure and are, therefore, not intended to limit the scope of the present disclosure.
Fig. 1 is a system scenario block diagram illustrating a data access method and apparatus according to an example embodiment.
As shown in fig. 1, the system architecture 100 may include a user terminal 101, an enterprise platform 102, an auxiliary authentication platform 103, and a network 104; the system architecture 100 may also include a query system 105, a data system 106. Wherein. A medium used by the network 104 to provide a communication link between the user terminal 101, the enterprise platform 102, and the secondary authentication platform 103; network 104 also serves as a medium for providing communication links between enterprise platform 102 and query system 105 and data system 106. Various types of connections may be included in network 104, such as wire, wireless communication links, or fiber optic cables, to name a few.
The agency may interact with the enterprise platform 102, the secondary authentication platform 103, through the network 104, with the user terminal 101 to receive or send messages, etc. The user terminal 101, the enterprise platform 102, the auxiliary authentication platform 103, the query system 105, and the data system 106 may have various communication client applications installed thereon, such as a web browser application, a search application, an instant messaging tool, a mailbox client, social platform software, and the like.
The user terminal 101, the enterprise platform 102, the auxiliary authentication platform 103, the query system 105, and the data system 106 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The enterprise platform 102 and the auxiliary authentication platform 103 may be servers that provide various services, such as a server that supports data access requests made by users through the user terminal 101. The enterprise platform 102 and the auxiliary authentication platform 103 may analyze and perform other processing on the received data, and feed back the processing result to the user terminal 101.
The user terminal 101 may perform a first authentication on the enterprise platform, for example, through a first user name and a first password, and the user terminal 101 may obtain first authentication data, for example; the user terminal 101 may perform a second verification on the auxiliary authentication platform, for example, through a second user name, a second password, and the first verification code, to obtain second verification data; the user terminal 101 may generate a data access request, for example, by the second authentication data and the identification of the target data; and the user terminal 101 may obtain a return result, e.g. based on the access request. The access request can be an access request of a user to the image data on the enterprise platform.
The enterprise platform 102 may obtain, for example, a first username and a first password from a user; the enterprise platform 102 may, for example, perform a first authentication on the first username and first password; the enterprise platform 102 may generate first validation data, for example, after the first validation passes; and the enterprise platform 102 may, for example, send the first verification data to the user and secondary authentication platform. Acquiring second verification data by the auxiliary authentication platform; the enterprise platform 102 may, for example, obtain data access requests from the users; the enterprise platform 102 may perform a third validation on the data access request, e.g., based on the second validation data; and the enterprise platform 102 may generate a return result for the user, e.g., after the third verification passes.
Where enterprise platform 102 may perform a first validation and generate a return result, for example, through data interaction with query system 105, data system 106.
The secondary authentication platform 103 may, for example, obtain a second username, a second password, and the first verification code from the user; the secondary authentication platform 103 can perform a second verification of the second username, second password, and the first verification code, for example; the secondary authentication platform 103 may generate second verification data, for example, after the second verification passes; and the secondary authentication platform 103 may, for example, send the second verification data to the user and enterprise platform.
The enterprise platform 102 and the auxiliary authentication platform 103 may be one entity server, and may also be composed of a plurality of servers, for example, it should be noted that the data access method provided by the embodiment of the present disclosure may be executed by the user terminal 101, the enterprise platform 102, and the auxiliary authentication platform 103, and accordingly, the data access device may be disposed in the user terminal 101, the enterprise platform 102, and the auxiliary authentication platform 103.
According to the data access method, the security problem after the user reveals the user password of the enterprise platform is avoided by the auxiliary verification mode of the auxiliary authentication platform, the data access request is subjected to data authority inquiry, and the independence of the user on image data access is ensured. The method can ensure the access security of the data in the system and ensure the mutual independence of the data in the system among different access users.
According to the data access method disclosed by the invention, a user accesses image data stored in an intranet of an insurance company (an enterprise platform) through a user name and a password, even if the user name and the password of the enterprise platform are leaked, when other users access the enterprise platform through the leaked user name and the password of the enterprise platform, because the auxiliary verification of an auxiliary authentication platform is still required when accessing the enterprise platform, the leaked password cannot directly access the data of the enterprise platform, the safety of the data is ensured, and the mutual independence of the data among different access users is also ensured.
FIG. 2 is a flow diagram illustrating a data access system according to another exemplary embodiment. The flow in fig. 2 is a detailed description of the system processing procedure, and the data access method 20 includes at least steps S201 to S209.
In one embodiment, in the initial stage, the enterprise platform assigns a user with a separate username and password, and the auxiliary authentication platform also assigns a separate username and password to the user, wherein the username and password of the enterprise platform are different from the username and password of the auxiliary authentication platform.
In one embodiment, the enterprise platform may also assign a first set of username and password and a second set of username and password to the user, for example, at an initial stage, the enterprise platform assigning the second set of username and password to the secondary authentication platform for use by the user, the username and password of the enterprise platform being different from the username and password of the secondary authentication platform. The present application is not limited thereto.
As shown in fig. 2, in S201, the user transmits a first username and a first password to the enterprise platform.
In S202, the enterprise platform checks the login user, checks whether the user is legal, and returns first verification data to the user if the user is legal, where the first verification data may be a string of random serial numbers, and forwards the random serial numbers to the auxiliary authentication platform. If not, the request is directly denied.
In S203, after the enterprise platform verifies that the data is legal, first verification data is returned to the user.
In S204, the user sends an authentication request to the auxiliary authentication platform, where the authentication request carries a second username and a second password of the user on the auxiliary authentication platform, and first verification data (random serial number) received by the user from the enterprise platform.
In S205, the secondary authentication platform verifies the received second username, the second password, and the random serial number of the user.
In S206, after the verification is successful, a user authentication success response is sent to the user and the enterprise platform, where the response carries second verification data, and the second verification data may include an ID of the user who successfully authenticates, and a new random serial number and a timestamp generated by the auxiliary authentication platform.
In S207, the user generates the second verification data and the identifier of the target data to be downloaded through the auxiliary authentication platform, and sends the data access request to the enterprise platform again.
In S208, the enterprise platform receives the data access request, performs a third verification, and determines whether the received new random sequence number and timestamp are valid and valid.
In one embodiment, if the third verification is legal, the enterprise platform may query the data query system for the target data information by using the target data serial number, otherwise, reject the query request of the user. And if the new random serial number received from the user is consistent with the new random serial number received from the third party and the receiving time of the new random serial number is within the specified time, the random serial number is considered to be legal, and if not, the random serial number is considered to be illegal.
In one embodiment, the data query system returns the target data information to the enterprise platform. The enterprise platform judges whether the organization has the authority of accessing the target data according to the target data information, if so, the enterprise platform acquires an image from the data system and returns the target data to the user; if the target data is not viewed, the response is denied directly back to the user. The specific method for judging whether the authority has the authority to access the target data may be: and detecting whether the user information in the target data information is the user or an organization authorized to the user, if so, the organization has the authority of accessing the image, otherwise, the organization does not have the authority of accessing the image.
In S209, after the third check is passed, return data is generated.
In one embodiment, the enterprise platform periodically updates the user name and password allocated to the user by the system and synchronizes the changed information to the user and the auxiliary authentication platform.
In one embodiment, the auxiliary authentication platform receives a change message of the enterprise platform, records a user name and a password sent by the enterprise platform, changes the user name and the password distributed to the user by the system, and then synchronizes the change message to the user.
In one embodiment, the user receives the change information and records the change information to the local. The next time authentication is requested with a new username password.
FIG. 3 is a flow chart illustrating a method of data access according to an exemplary embodiment. The flow in fig. 3 is a detailed description of the processing procedure at the user end, and the data access method 30 at least includes steps S302 to S308.
As shown in fig. 3, in S302, a first authentication is performed on the enterprise platform through a first user name and a first password, and first authentication data is obtained.
In S304, a second verification is performed on the auxiliary authentication platform through the second user name, the second password, and the first verification data, so as to obtain second verification data.
In S306, a data access request is generated through the second verification data and the identifier of the target data.
In S308, a return result is obtained based on the access request.
In one embodiment, further comprising: and acquiring the updated first user name, the first password, the second user name and the second password at regular time.
FIG. 4 is a flow chart illustrating a method of data access according to an exemplary embodiment. The flow in fig. 4 is a detailed description of the enterprise platform process, and the data access method 40 includes at least steps S402 to S408.
As shown in fig. 4, in S402, a first username and a first password are obtained by a user.
In S404, a first authentication is performed on the first username and the first password.
In S406, after the first verification passes, first verification data is generated.
In S408, the first verification data is sent to the user and the auxiliary authentication platform.
In one embodiment, further comprising: acquiring second verification data by the auxiliary authentication platform; obtaining, by the user, a data access request; performing third verification on the data access request based on the second verification data; and after the third verification is passed, generating a return result for the user.
In one embodiment, further comprising: and regularly updating the first username and the first password in association with the second username and the second password.
FIG. 5 is a flow chart illustrating a method of data access according to an exemplary embodiment. The flowchart in fig. 5 is a detailed description of the process of the secondary authentication platform, and the data access method 50 includes at least steps S502 to S508.
As shown in fig. 5, in S502, a second username, a second password and first authentication data are acquired by the user.
In S504, a second verification is performed on the second username, the second password, and the first verification data.
In S506, after the second verification passes, second verification data is generated.
In S508, the second validation data is sent to the user and enterprise platform.
In one embodiment, further comprising: and acquiring the updated second user name and the second password at regular time.
According to the data access method disclosed by the invention, through a mode of multiple times of verification, the access safety of the data in the system can be ensured, and the mutual independence of the data in the system among different access users can also be ensured.
FIG. 6 is a flow chart illustrating a method of data access according to an exemplary embodiment. Fig. 7 is a system block diagram of a data access method, and fig. 6 and 7 describe in detail the content of the present disclosure in a specific application scenario including an agent (client), an enterprise platform, a data query system, an image system, and a third-party auxiliary platform, and the specific flow is as follows:
in S1, in the initial stage, the enterprise platform assigns independent user names and passwords to the agencies, and the third party authentication platform also assigns independent user names and passwords to the agencies, each of which is different from one another.
At S2, the agent sends the user request for authentication to the enterprise platform using the username and password assigned to itself.
At S3, the enterprise platform verifies the logged-in user, verifies whether the user is legitimate, and if so, returns a random serial number to the agency and forwards the random serial number to the third party authentication platform. If not, the request is directly denied.
At S4, the agency sends an authentication request to the third party authentication platform, where the authentication request carries the user name, password, and random serial number received by the agency from the enterprise platform.
In S5, the third party certification platform verifies the received user name, password, and random serial number of the agency, and after the verification succeeds, sends a successful agency certification response to the agency and the enterprise platform, where the response carries the ID of the agency that succeeded in the certification, and the new random serial number and timestamp generated by the third party certification platform.
At S6, the agency sends the image download request to the enterprise platform again with the new random serial number, timestamp and image serial number generated by the third party certification platform
At S7, the enterprise platform receives the download request, and verifies whether the received new random serial number and timestamp are valid or not, if so, the enterprise platform queries the data information of the image from the data query system by using the image serial number as an input, otherwise, rejects the query request of the agency. And if the new random sequence number received from the agency is consistent with the new random sequence number received from the third party and the receiving time of the new random sequence number is within the specified time, the random sequence number is considered to be legal, and otherwise, the random sequence number is considered to be illegal.
At S8, the data query system returns the image data information to the enterprise platform.
In S9, the enterprise platform determines whether the organization has the right to access the image according to the data information of the image, and if so, acquires the image from the image system and returns the image data to the agency; if the image is not viewed, a response is denied directly back to the agency. The specific method for judging whether the mechanism has the authority of accessing the image is as follows: and detecting whether the agency information in the data information of the image is the agency or an agency authorized to the agency, if so, the agency has the authority to access the image, otherwise, the agency does not have the authority to access the image.
At S10, the enterprise platform periodically updates the username and password assigned to the agent by the system and synchronizes the changed information to the agent and the third party platform.
In S11, the third party platform receives the change message from the enterprise platform, records the username and password sent by the enterprise platform, changes the username and password assigned to the agent by the system, and synchronizes the change message to the agent.
In S12, the agency receives the change information and records it locally. The next time authentication is requested with a new username password.
It should be clearly understood that this disclosure describes how to make and use particular examples, but the principles of this disclosure are not limited to any details of these examples. Rather, these principles can be applied to many other embodiments based on the teachings of the present disclosure.
Those skilled in the art will appreciate that all or part of the steps implementing the above embodiments are implemented as computer programs executed by a CPU. When executed by the CPU, performs the functions defined by the above-described methods provided by the present disclosure. The program may be stored in a computer readable storage medium, which may be a read-only memory, a magnetic or optical disk, or the like.
Furthermore, it should be noted that the above-mentioned figures are only schematic illustrations of the processes involved in the methods according to exemplary embodiments of the present disclosure, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
The following are embodiments of the disclosed apparatus that may be used to perform embodiments of the disclosed methods. For details not disclosed in the embodiments of the apparatus of the present disclosure, refer to the embodiments of the method of the present disclosure.
FIG. 8 is a block diagram illustrating a data access device according to an example embodiment. The data access device 80 may be provided at a user side, and the data access device 80 includes: a first data module 802, a second data module 804, an access request module 806, and a return result module 808.
The first data module 802 is configured to perform first authentication on the enterprise platform through a first user name and a first password, and obtain first authentication data;
the second data module 804 is configured to perform second verification on the auxiliary authentication platform through a second user name, a second password and the first verification code, and obtain second verification data;
the access request module 806 is configured to generate a data access request according to the second verification data and the identifier of the target data; and
the return result module 808 is configured to obtain a return result based on the access request.
Fig. 9 is a block diagram illustrating a data access device according to another example embodiment. The data access device 90 may be disposed on an enterprise platform, the data access device 90 comprising: a first receiving module 902, a first authenticating module 904, a first sending module 906, a second authenticating module 908, a first requesting module 910, a third authenticating module 912, and a result returning module 914.
The first receiving module 902 is used for obtaining a first username and a first password from a user;
the first authentication module 904 is configured to perform a first authentication on the first username and the first password; after the first verification passes, generating first verification data; and
a first sending module 906 is configured to send the first verification data to the user and an auxiliary authentication platform.
The second verification module 908 is configured to obtain second verification data by the secondary authentication platform;
the first request module 910 is used for obtaining a data access request from the user;
a third authentication module 912 is configured to perform a third authentication on the data access request based on the second authentication data; and
the result returning module 914 is configured to generate a return result for the user after the third verification passes.
Fig. 10 is a block diagram illustrating a data access device according to another example embodiment. The data access device 100 may be disposed on a secondary authentication platform, and the data access device 100 includes: a second receiving module 1002, a second verifying module 1004, and a second sending module 1006.
The second receiving module 1002 is configured to obtain a second username, a second password, and first verification data from a user;
the second verification module 1004 is configured to perform a second verification on the second username, the second password, and the first verification code; after the second verification passes, generating second verification data; and
a second sending module 1006 is configured to send the second verification data to the user and enterprise platform.
According to the data access device, the safety problem that a user leaks the user password of the enterprise platform is solved by adopting the auxiliary authentication platform, the data access request is subjected to data authority inquiry, and the independence of the user on image data access is ensured. The method can ensure the access security of the data in the system and ensure the mutual independence of the data in the system among different access users.
FIG. 11 is a block diagram illustrating an electronic device in accordance with an example embodiment.
An electronic device 200 according to this embodiment of the present disclosure is described below with reference to fig. 11. The electronic device 200 shown in fig. 11 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 11, the electronic device 200 is embodied in the form of a general purpose computing device. The components of the electronic device 200 may include, but are not limited to: at least one processing unit 210, at least one memory unit 220, a bus 230 connecting different system components (including the memory unit 220 and the processing unit 210), a display unit 240, and the like.
Wherein the storage unit stores program code executable by the processing unit 210 to cause the processing unit 210 to perform the steps according to various exemplary embodiments of the present disclosure described in the above-mentioned electronic prescription flow processing method section of the present specification. For example, the processing unit 210 may perform the steps as shown in fig. 2, 3, 4, 5, 6.
The memory unit 220 may include readable media in the form of volatile memory units, such as a random access memory unit (RAM)2201 and/or a cache memory unit 2202, and may further include a read only memory unit (ROM) 2203.
The storage unit 220 may also include a program/utility 2204 having a set (at least one) of program modules 2205, such program modules 2205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
Bus 230 may be one or more of several types of bus structures, including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 200 may also communicate with one or more external devices 300 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 200, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 200 to communicate with one or more other computing devices. Such communication may occur via an input/output (I/O) interface 250. Also, the electronic device 200 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via the network adapter 260. The network adapter 260 may communicate with other modules of the electronic device 200 via the bus 230. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 200, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, or a network device, etc.) to execute the above method according to the embodiments of the present disclosure.
Fig. 12 schematically illustrates a computer-readable storage medium in an exemplary embodiment of the disclosure.
Referring to fig. 12, a program product 400 for implementing the above method according to an embodiment of the present disclosure is described, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present disclosure is not so limited, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable storage medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The computer readable medium carries one or more programs which, when executed by a device, cause the computer readable medium to perform the functions of:
performing first verification on the enterprise platform through a first user name and a first password to obtain first verification data; performing second verification on the auxiliary authentication platform through a second user name, a second password and the first verification data to obtain second verification data; generating a data access request through the second verification data and the identification of the target data; and obtaining a return result based on the access request.
Acquiring a first user name and a first password from a user; performing first verification on the first username and the first password; after the first verification passes, generating first verification data; and sending the first verification data to the user and an auxiliary authentication platform.
Acquiring a second user name, a second password and first verification data from a user; performing second verification on the second user name, the second password and the first verification data; after the second verification passes, generating second verification data; and sending the second validation data to the user and enterprise platform.
Those skilled in the art will appreciate that the modules described above may be distributed in the apparatus according to the description of the embodiments, or may be modified accordingly in one or more apparatuses unique from the embodiments. The modules of the above embodiments may be combined into one module, or further split into multiple sub-modules.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a mobile terminal, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
In addition, the structures, the proportions, the sizes, and the like shown in the drawings of the present specification are only used for matching with the contents disclosed in the specification, so as to be understood and read by those skilled in the art, and are not used for limiting the limit conditions which the present disclosure can implement, so that the present disclosure has no technical essence, and any modification of the structures, the change of the proportion relation, or the adjustment of the sizes, should still fall within the scope which the technical contents disclosed in the present disclosure can cover without affecting the technical effects which the present disclosure can produce and the purposes which can be achieved. In addition, the terms "above", "first", "second" and "a" as used in the present specification are for the sake of clarity only, and are not intended to limit the scope of the present disclosure, and changes or modifications of the relative relationship may be made without substantial changes in the technical content.

Claims (11)

1. A data access method can be applied to a user side, and is characterized by comprising the following steps:
performing first verification on an enterprise platform through a first user name and a first password to obtain first verification data, wherein the first user name and the first password are the user name and the password distributed by the enterprise platform;
performing second verification on a third-party auxiliary authentication platform through a second user name, a second password and the first verification data to obtain second verification data, wherein the second user name and the second password are the user name and the password distributed by the third-party auxiliary authentication platform;
generating a data access request to the enterprise platform through the second verification data and the identification of the target data; and
obtaining a return result based on the data access request, including:
sending the data access request to the enterprise platform so that the enterprise platform performs third verification on the data access request, and after the third verification is passed, the enterprise platform queries corresponding target data information from a data query system according to the identifier of the target data, wherein the target data information comprises user information;
performing authority verification on the authority of the user side according to the user information; and
and if the verification is passed, acquiring the target data from a data system and returning the target data to the user side.
2. A data access method can be applied to an enterprise platform end, and is characterized by comprising the following steps:
a user end acquires a first username and a first password, wherein the first username and the first password are a username and a password distributed by the enterprise platform end;
performing first verification on the first username and the first password;
after the first verification passes, generating first verification data; sending the first verification data to the user side and a third-party auxiliary authentication platform;
acquiring second verification data by the third-party auxiliary authentication platform, wherein the second verification data is verification data generated on the third-party auxiliary authentication platform through a second user name, a second password and the first verification data, and the second user name and the second password are the user name and the password distributed by the third-party auxiliary authentication platform;
obtaining, by the user end, a data access request, the data access request including an identification of target data;
performing a third authentication on the data access request based on the second authentication data;
after the third verification is passed, inquiring corresponding target data information from a data inquiry system according to the identification of the target data, wherein the target data information comprises user information;
performing authority verification on the authority of the user side according to the user information; and
and if the verification is passed, acquiring the target data from a data system, and generating a return result for the user side.
3. The method of claim 2, wherein the third authenticating the data access request based on the second authentication data comprises:
and verifying the second verification data in the data access request through the second verification data acquired from the third-party auxiliary authentication platform.
4. The method of claim 3, wherein the second validation data includes a timestamp;
performing a third validation of the data access request based on the second validation data further comprises:
and performing third verification on the data access request based on the time stamp.
5. A data access method can be applied to a third-party auxiliary authentication platform end, and is characterized by comprising the following steps:
acquiring a second user name, a second password and first verification data by a user end, wherein the first verification data is verification data generated on an enterprise platform through a first user name and a first password, and the first user name and the first password are the user name and the password distributed by the enterprise platform;
performing second verification on the second username, the second password and the first verification data, wherein the second username and the second password are a username and a password distributed by the third-party auxiliary authentication platform;
generating second verification data after the second verification passes;
sending the second verification data to the user terminal and the enterprise platform, wherein the enterprise platform obtains a data access request from the user terminal, and the data access request comprises an identifier of target data;
the enterprise platform carries out third verification on the data access request, and queries corresponding target data information from a data query system according to the identification of the target data after the third verification is passed, wherein the target data information comprises user information;
performing authority verification on the authority of the user side according to the user information; and
and if the verification is passed, acquiring the target data from a data system and returning the target data to the user side.
6. A data access device, applicable to a user side, comprising:
the enterprise platform comprises a first data module, a second data module and a third data module, wherein the first data module is used for performing first verification on the enterprise platform through a first user name and a first password to obtain first verification data, and the first user name and the first password are the user name and the password distributed by the enterprise platform;
the second data module is used for performing second verification on a third-party auxiliary authentication platform through a second user name, a second password and the first verification data to obtain second verification data, wherein the second user name and the second password are the user name and the password distributed by the third-party auxiliary authentication platform;
the access request module is used for generating a data access request to the enterprise platform through the second verification data and the identification of the target data; and
a return result module for obtaining a return result based on the data access request,
wherein the return result module is configured to:
sending the data access request to the enterprise platform so that the enterprise platform performs third verification on the data access request, and after the third verification is passed, the enterprise platform queries corresponding target data information from a data query system according to the identifier of the target data, wherein the target data information comprises user information;
performing authority verification on the authority of the user side according to the user information; and
and if the verification is passed, acquiring the target data from a data system and returning the target data to the user side.
7. A data access device, which can be applied to an enterprise platform side, is characterized by comprising:
the first receiving module is used for acquiring a first username and a first password from a user end, wherein the first username and the first password are a username and a password distributed by the enterprise platform end;
the first verification module is used for performing first verification on the first username and the first password; after the first verification passes, generating first verification data;
the first sending module is used for sending the first verification data to the user side and a third-party auxiliary authentication platform;
the second verification module is used for acquiring second verification data by the third-party auxiliary authentication platform, wherein the second verification data is verification data generated on the third-party auxiliary authentication platform through a second user name, a second password and the first verification data, and the second user name and the second password are the user name and the password distributed by the third-party auxiliary authentication platform;
the first request module is used for acquiring a data access request by the user terminal, wherein the data access request comprises an identifier of target data;
a third verification module, configured to perform third verification on the data access request based on the second verification data; and
a result return module to:
after the third verification is passed, inquiring corresponding target data information from a data inquiry system according to the identification of the target data, wherein the target data information comprises user information;
performing authority verification on the authority of the user side according to the user information; and
and if the verification is passed, acquiring the target data from a data system to generate a return result for the user side.
8. A data access device, which can be applied to a third-party auxiliary authentication platform, is characterized by comprising:
the second receiving module is used for acquiring a second username, a second password and first verification data from a user end, wherein the first verification data is verification data generated on an enterprise platform through the first username and the first password, and the first username and the first password are the username and the password distributed by the enterprise platform;
the second verification module is used for performing second verification on the second user name, the second password and the first verification data; after the second verification is passed, generating second verification data, wherein the second user name and the second password are a user name and a password distributed by the third-party auxiliary authentication platform; and
a second sending module, configured to send the second verification data to the user terminal and the enterprise platform, where the enterprise platform obtains a data access request from the user terminal, where the data access request includes an identifier of target data,
wherein the enterprise platform performs third verification on the data access request, and queries corresponding target data information from a data query system according to the identification of the target data after the third verification is passed, wherein the target data information comprises user information,
and the enterprise platform also carries out authority verification on the authority of the user side according to the user information, and if the authority verification passes, the target data is acquired from a data system and returned to the user side.
9. A data access system, comprising:
a user side for:
performing first verification on an enterprise platform through a first user name and a first password to obtain first verification data, wherein the first user name and the first password are the user name and the password distributed by the enterprise platform;
performing second verification on a third-party auxiliary authentication platform through a second user name, a second password and the first verification data to obtain second verification data, wherein the second user name and the second password are the user name and the password distributed by the third-party auxiliary authentication platform;
generating a data access request to the enterprise platform through the second verification data and the identification of the target data; and
obtaining a return result based on the access request;
the enterprise platform is used for:
obtaining, by the user end, the first username and the first password;
performing the first authentication on the first username and the first password;
after the first verification passes, generating the first verification data;
sending the first verification data to the user side and the third-party auxiliary authentication platform;
obtaining, by the third-party assisted authentication platform, the second verification data;
obtaining, by the user end, the data access request, where the data access request includes an identifier of target data;
performing a third authentication on the data access request based on the second authentication data;
after the third verification is passed, inquiring corresponding target data information from a data inquiry system according to the identification of the target data, wherein the target data information comprises user information;
performing authority verification on the authority of the user side according to the user information; and
if the verification is passed, acquiring the target data from a data system, and generating the return result for the user side; and
the third-party auxiliary authentication platform is used for:
obtaining, by the user end, the second username, the second password, and the first authentication data;
performing the second authentication on the second username, the second password, and the first authentication data;
after the second verification passes, generating the second verification data; and
and sending the second verification data to the user side and the enterprise platform.
10. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1 or 2-4 or 5.
11. A computer-readable medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1 or 2-4 or 5.
CN201910765096.3A 2019-08-19 2019-08-19 Data access method, device, system, electronic equipment and computer readable medium Active CN110401674B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910765096.3A CN110401674B (en) 2019-08-19 2019-08-19 Data access method, device, system, electronic equipment and computer readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910765096.3A CN110401674B (en) 2019-08-19 2019-08-19 Data access method, device, system, electronic equipment and computer readable medium

Publications (2)

Publication Number Publication Date
CN110401674A CN110401674A (en) 2019-11-01
CN110401674B true CN110401674B (en) 2022-05-17

Family

ID=68328756

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910765096.3A Active CN110401674B (en) 2019-08-19 2019-08-19 Data access method, device, system, electronic equipment and computer readable medium

Country Status (1)

Country Link
CN (1) CN110401674B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113098975B (en) * 2021-04-16 2023-01-10 北京沃东天骏信息技术有限公司 Cross-platform application publishing method and device

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102025506A (en) * 2010-12-20 2011-04-20 中国联合网络通信集团有限公司 User authentication method and device
CN102651739B (en) * 2011-02-28 2016-01-13 阿里巴巴集团控股有限公司 Login validation method, system and IM server
CN105282125B (en) * 2014-07-25 2018-07-06 中国电信股份有限公司 Access control method and device in Web real-time Communication for Power
US9992198B2 (en) * 2015-12-15 2018-06-05 Verizon Patent And Licensing Inc. Network-based frictionless two-factor authentication service
CN107665293B (en) * 2016-07-28 2023-07-11 中兴通讯股份有限公司 Multi-user account switching method and mobile terminal
CN106790267A (en) * 2017-02-13 2017-05-31 郑州云海信息技术有限公司 A kind of method and apparatus of access server operating system
CN107018153A (en) * 2017-05-27 2017-08-04 上海爱优威软件开发有限公司 A kind of safe login method
CN109492374B (en) * 2018-09-26 2022-03-18 平安医疗健康管理股份有限公司 System login method, device, server and storage medium based on identity authentication
CN109873805B (en) * 2019-01-02 2021-06-25 平安科技(深圳)有限公司 Cloud desktop login method, device, equipment and storage medium based on cloud security

Also Published As

Publication number Publication date
CN110401674A (en) 2019-11-01

Similar Documents

Publication Publication Date Title
US11520912B2 (en) Methods, media, apparatuses and computing devices of user data authorization based on blockchain
CN109347855B (en) Data access method, device, system, electronic design and computer readable medium
US9736146B2 (en) Embedded extrinsic source for digital certificate validation
US7509497B2 (en) System and method for providing security to an application
CN111355726B (en) Identity authorization login method and device, electronic equipment and storage medium
US20080015986A1 (en) Systems, methods and computer program products for controlling online access to an account
US20200322151A1 (en) Apparatus and methods for secure access to remote content
JP5193787B2 (en) Information processing method, relay server, and network system
CN114417344A (en) Resource security integration platform
CN113271296A (en) Login authority management method and device
CN111177735A (en) Identity authentication method, device, system and equipment and storage medium
US9407654B2 (en) Providing multi-level password and phishing protection
CN114584381A (en) Security authentication method and device based on gateway, electronic equipment and storage medium
US20140007259A1 (en) Methods for governing the disclosure of restricted data
CN112202813B (en) Network access method and device
CN112905990A (en) Access method, client, server and access system
CN110401674B (en) Data access method, device, system, electronic equipment and computer readable medium
CN113553302A (en) Credit report acquisition method, system, equipment and storage medium
JP2020154453A (en) Inter-enterprise information cooperation system and inter-enterprise information cooperation method
US9424543B2 (en) Authenticating a response to a change request
Madsen et al. Challenges to supporting federated assurance
KR102498688B1 (en) Method and system for providing authentication service
CN110611656B (en) Identity management method, device and system based on master identity multiple mapping
CN113742663B (en) Watermark file acquisition method and device and electronic equipment
CN110490003B (en) User trusted data generation method, user trusted data acquisition method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant