CN111400676A - Service data processing method, device, equipment and medium based on sharing authority - Google Patents
Service data processing method, device, equipment and medium based on sharing authority Download PDFInfo
- Publication number
- CN111400676A CN111400676A CN202010130967.7A CN202010130967A CN111400676A CN 111400676 A CN111400676 A CN 111400676A CN 202010130967 A CN202010130967 A CN 202010130967A CN 111400676 A CN111400676 A CN 111400676A
- Authority
- CN
- China
- Prior art keywords
- information
- user
- tenant
- permission
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
Abstract
The present application relates to the field of data security, and in particular, to a method, an apparatus, a device, and a medium for processing service data based on a sharing authority. The method comprises the following steps: receiving a login request of a user terminal, wherein the login request carries a user identifier; inquiring a tenant identification corresponding to the user identification, inquiring user authority information of a user corresponding to the user identification in a tenant corresponding to the tenant identification, and generating authorization information according to the user authority information; generating session information according to the authorization information, the user authority information and the user identification, and sending the authorization information to the user terminal; receiving a service request sent by a user terminal, wherein the service request carries authorization information; inquiring stored session information corresponding to the authorization information, and performing authority control on the service request according to user authority information in the session information to obtain response data corresponding to the service request; and returning the response data to the user terminal. The method can ensure data security.
Description
Technical Field
The present application relates to the field of big data processing technologies, and in particular, to a method, an apparatus, a device, and a medium for processing service data based on a sharing authority.
Background
With the increasing sophistication of virtualization and cloud computing technologies, a completely new application model, SaaS (software and service), is gradually widely accepted and used. SaaS is a mode for providing software through Internet, software manufacturers uniformly deploy application software on their servers, customers can order required application software services from the manufacturers through the Internet according to actual requirements, pay fees to the software manufacturers according to the number and time of the ordered services, and obtain the services provided by the software manufacturers through the Internet. Users need not purchase software any more, but rent Web-based software to software manufacturers to manage business activities without maintaining the software. The software manufacturer can manage and maintain the software in full authority, and provides the off-line operation and local data storage of the software while providing the internet application for the client, so that the client can use the ordered software and services anytime and anywhere. SaaS is the best approach to adopt advanced technology for many small businesses, eliminating the need for businesses to purchase, build, and maintain infrastructure and applications.
However, for the SaaS mode, most of the modes are based on the traditional RBAC model, and the traditional RABC model is a single-layer management model, namely, access control is performed for a platform layer. The platform roles are divided into a rule role and a management role, the rule role is used for executing the service function of the platform, and the management role is used for managing the creation of the roles in the platform and the distribution of the authority. However, the traditional RBAC model is global in allocation and role division of the whole platform resources, cannot customize an access control policy according to tenant requirements, cannot separate rules and management roles between tenants, and cannot further perform isolation management on data of different tenants of the same platform, so that the risk of leakage of data between different tenants exists.
Disclosure of Invention
In view of the foregoing, it is necessary to provide a method, an apparatus, a device and a medium for processing service data based on sharing authority, which can ensure data security.
A business data processing method based on sharing authority comprises the following steps:
receiving a login request of a user terminal, wherein the login request carries a user identifier;
querying a tenant identification corresponding to the user identification, querying user authority information of a user corresponding to the user identification in a tenant corresponding to the tenant identification, and generating authorization information according to the user authority information;
generating session information according to the authorization information, the user permission information and the user identification, and sending the authorization information to the user terminal;
receiving a service request sent by a user terminal, wherein the service request carries authorization information;
inquiring stored session information corresponding to the authorization information, and performing authority control on the service request according to user authority information in the session information to obtain response data corresponding to the service request;
and returning the response data to the user terminal.
In one embodiment, the generating of the user right information includes:
receiving a user permission configuration request sent by a tenant terminal, and creating a role corresponding to the user permission configuration request and a plurality of user accounts corresponding to the role;
acquiring tenant permission information corresponding to the tenant terminal, wherein the tenant permission information comprises system permission packages of systems corresponding to a plurality of products in a platform;
analyzing the system permission packet to obtain a plurality of pieces of initial permission information;
and configuring corresponding initial permission information for the role so as to authorize the user account to generate user permission information.
In one embodiment, the generation manner of the tenant permission information includes:
receiving a tenant permission configuration request sent by a tenant terminal, wherein the tenant permission configuration request carries a product identifier and a system identifier;
inquiring a plurality of systems corresponding to the product identification, and selecting a target system according to the system identification;
acquiring system permission information corresponding to a target system, selecting target permission information from the system permission information according to the tenant permission configuration request, and packaging the target permission information to obtain a tenant permission package;
and configuring the tenant permission package to the tenant to obtain tenant permission information.
In one embodiment, the querying a plurality of systems corresponding to the product identification comprises:
inquiring the tenant field corresponding to the tenant terminal;
querying a plurality of systems corresponding to the product identification from the tenant domain.
In one embodiment, the querying stored session information corresponding to the authorization information includes:
inquiring whether stored session information corresponding to the authorization information exists in a cache or not;
when the stored session information corresponding to the authorization information does not exist in the cache, inquiring whether the stored session information corresponding to the authorization information exists in a database or not;
and when the stored session information corresponding to the authorization information exists in the database, reading the session information into a cache.
A service data processing apparatus based on sharing authority, the apparatus comprising:
the first receiving module is used for receiving a login request of a user terminal, wherein the login request carries a user identifier;
the first query module is used for querying a tenant identification corresponding to the user identification, querying user permission information of a user corresponding to the user identification in a tenant corresponding to the tenant identification, and generating authorization information according to the user permission information;
the session information generating module is used for generating session information according to the authorization information, the user permission information and the user identification and sending the authorization information to the user terminal;
the second receiving module is used for receiving a service request sent by a user terminal, wherein the service request carries authorization information;
the second query module is used for querying stored session information corresponding to the authorization information, and performing authority control on the service request according to user authority information in the session information to obtain response data corresponding to the service request;
and the sending module is used for returning the response data to the user terminal.
In one embodiment, the apparatus further comprises:
the third receiving module is used for receiving a user permission configuration request sent by a tenant terminal, and creating a role corresponding to the user permission configuration request and a plurality of user accounts corresponding to the role;
the system authority package acquisition module is used for acquiring tenant authority information corresponding to the tenant terminal, and the tenant authority information comprises system authority packages of systems corresponding to a plurality of products in the platform;
the analysis module is used for analyzing the system permission packet to obtain a plurality of pieces of initial permission information;
and the user permission information generating module is used for configuring corresponding initial permission information for the role so as to authorize the user account to generate user permission information.
In one embodiment, the apparatus further comprises:
the fourth receiving module is used for receiving a tenant permission configuration request sent by a tenant terminal, wherein the tenant permission configuration request carries a product identifier and a system identifier;
the third query module is used for querying a plurality of systems corresponding to the product identification and selecting a target system according to the system identification;
the tenant permission package acquisition module is used for acquiring system permission information corresponding to a target system, selecting the target permission information from the system permission information according to the tenant permission configuration request, and packaging the target permission information to obtain a tenant permission package;
and the tenant permission information configuration module is used for configuring the tenant permission package to the tenant to obtain tenant permission information.
A computer device comprising a memory storing a computer program and a processor implementing the steps of any of the methods described above when the processor executes the computer program.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method of any of the above.
The service data processing method, the device, the equipment and the medium based on the sharing authority firstly acquire the tenant identification corresponding to the user identification after receiving the login request sent by the user terminal, further, the authority information of the user in the tenant can be inquired, and the authorization information is generated according to the authority information, therefore, the authorization information, the user authority information and the user identification are generated into the session information and then stored, when a service request exists, can directly inquire the corresponding authority information in the session information, thus carrying out authority control on the service request through the authority information, the method and the device can ensure that different users can only acquire the data in the permission, data leakage cannot be caused, and because the user permission information is inquired in login, the user permission information can be directly used subsequently in service processing, multiple times of inquiry is not needed, and the processing efficiency can be improved.
Drawings
FIG. 1 is a diagram illustrating an application scenario of a method for sharing rights-based service data processing in an embodiment;
FIG. 2 is a flowchart illustrating a method for processing service data based on sharing permissions in an embodiment;
FIG. 3 is a diagram of an example of a seven-layer model in one embodiment;
FIG. 4 is a diagram illustrating rights configuration in one embodiment;
figure 5 is a diagram of personalized tenant functional adaptation in one embodiment;
FIG. 6 is a schematic illustration of domain management in one embodiment;
FIG. 7 is a timing diagram illustrating a method for sharing rights based service data in one embodiment;
FIG. 8 is a block diagram of a service data processing apparatus based on sharing authority in one embodiment;
FIG. 9 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The service data processing method based on the sharing authority can be applied to the application environment shown in fig. 1. Wherein the user terminal 102 and the server 104 communicate over a network. The user terminal 102 sends a login request to the server 104, so that the server 104 can query a tenant identity corresponding to the user identity, query user permission information of a user corresponding to the user identity in the tenant corresponding to the tenant identity, generate authorization information according to the user permission information, generate session information according to the authorization information, the user permission information and the user identity, and send the authorization information to the user terminal 102. Therefore, when the user terminal 102 sends the service request to the server 104, the server 104 may query the stored session information corresponding to the authorization information, perform authority control on the service request according to the user authority information in the session information, obtain response data corresponding to the service request, and send the obtained response data 104 to the user terminal 102. Therefore, the service request is subjected to authority control through the authority information, different users can be guaranteed to only acquire data in the authority, data leakage cannot be caused, the user authority information is inquired in login, the user authority information can be directly used subsequently in service processing, multiple inquiry is not needed, the processing efficiency can be improved, the terminal 102 can be but not limited to various personal computers, notebook computers, smart phones, tablet computers and portable wearable equipment, and the server 104 can be realized by an independent server or a server cluster formed by a plurality of servers.
In an embodiment, as shown in fig. 2, a method for processing service data based on sharing rights is provided, which is described by taking the method as an example applied to the server in fig. 1, and includes the following steps:
s202: and receiving a login request of the user terminal, wherein the login request carries a user identifier.
Specifically, the login request is generated by the user terminal, and may include a user identifier, such as an account and a password, a list, a map, a deep parameter, and the like, the user terminal concatenates the parameters through a signature string, concatenates the parameters with a fixed parameter in a header after the concatenation is completed, concatenates the parameters in a random string plus a timestamp form in order to ensure uniqueness, and finally adds a dynamic encryption value to form a parameter signature string, encrypts the signature string by using sha256, encrypts the signature string by using md5 in a reverse order to obtain a signature value, and finally generates the login request according to the signature value.
S204: and inquiring the tenant identification corresponding to the user identification, inquiring the user authority information of the user corresponding to the user identification in the tenant corresponding to the tenant identification, and generating authorization information according to the user authority information.
Specifically, the tenant identification is used for uniquely determining the tenant, the tenant is relative to the platform and is an abstract organization, the platform may include a plurality of different products, each product may correspond to a different system, each system may include a plurality of different permission packages, and the tenant may be configured with a plurality of different permission packages. A plurality of different roles can be set under the tenant, and each role can be configured with different users. Wherein the role is authorized to the user under the tenant; different tenants can perform role definition according to the requirement of respective management and authorize the users. Therefore, after the server receives the user identifier, the tenant identifier corresponding to the user identifier can be determined to determine which tenant the user belongs to, so that the role corresponding to the user under the tenant can be obtained, and therefore the authority corresponding to the role, namely the user authority information, can be obtained.
Optionally, the server may receive the login request through the gateway, verify the signature information in the login request through the gateway, and after the verification is successful, log in the user center through the user account and the password, where the verification process is the reverse of the signature information generation process, and is not described herein again.
S206: and generating session information according to the authorization information, the user authority information and the user identifier, and sending the authorization information to the user terminal.
Specifically, after generating the authorization information, the server generates and stores the authorization information, the user permission information, and the user identifier into session information, so that the session information is directly used when the user terminal performs a service processing request.
Specifically, as described above, after logging in to the user center, the user center verifies the account and the password input by the user, and then performs authentication. After the authentication is successful, session information is generated, for example, after the user information validity verification passes, an authorization Token and a dynamic encryption verification value are issued for the login, the Token, the dynamic verification value and the user information are cached in a cache server, and only the authorized Token information and the dynamic verification value information are returned to the user terminal, so that when the user terminal performs subsequent service processing, the corresponding authority information can be directly inquired and the login state of the user terminal can be maintained.
The authentication process may include a plurality of authentication methods: for example, multiple authentication strategies (including no authentication, session-level authentication, authority item authentication and non-public network interface authentication), multiple security encryption strategies (including access Token and RefreshToken dual Token mechanism, session-level dynamic encryption verification mechanism, interface authentication mechanism), self-defined tamper-proof encryption algorithm, and equal-protection three-level security level design (encryption storage of sensitive data, control capability of session and concurrent user number, and dual-factor authentication mechanism (when logging in, after a user inputs an original personal password (static password), a dynamic password displayed on a Token is input, and secure dual-factor identity authentication protection is realized)).
S208: and receiving a service request sent by a user terminal, wherein the service request carries authorization information.
Specifically, the service request is a request for the user terminal to apply for the service of the server, and may carry the authorization information, so that the query of the authority information may be facilitated while the login state is ensured.
And optionally, the server may receive the service request through the gateway, then verify the signature information in the service request through the gateway, specifically, authenticate through a unified gateway based on the oauth2.0 protocol, and read the session information from the user center after the authentication is successful.
S210: and inquiring stored session information corresponding to the authorization information, and performing authority control on the service request according to the user authority information in the session information to obtain response data corresponding to the service request.
Specifically, the server sends the information of successful authentication to the user center, so that the user center can read the stored session information and perform permission control on the service request according to the user permission information in the session information, for example, whether to allow reading of data, whether to allow writing of data, and the like, to obtain response data corresponding to the service request.
S212: and returning the response data to the user terminal.
Specifically, after the processing is completed, the server returns the response data to the user terminal, and the processing of the whole service request is completed. If the user also processes other systems in the platform, the user can directly jump to another system and then perform service processing, and the specific processing process is as above and is not described any further.
The service data processing method based on sharing authority firstly obtains the tenant identification corresponding to the user identification after receiving the login request sent by the user terminal, further, the authority information of the user in the tenant can be inquired, and the authorization information is generated according to the authority information, therefore, the authorization information, the user authority information and the user identification are generated into the session information and then stored, when a service request exists, can directly inquire the corresponding authority information in the session information, thus carrying out authority control on the service request through the authority information, the method and the device can ensure that different users can only acquire the data in the permission, data leakage cannot be caused, and because the user permission information is inquired in login, the user permission information can be directly used subsequently in service processing, multiple times of inquiry is not needed, and the processing efficiency can be improved.
Specifically, please refer to fig. 3 to 5, wherein fig. 3 is a diagram illustrating an example of a seven-layer model in an embodiment, fig. 4 is a diagram illustrating permission configuration in an embodiment, and fig. 5 is a diagram illustrating personalized tenant function adaptation in an embodiment.
In one embodiment, with reference to fig. 3 to 5, the generating of the user right information includes:
firstly, a server receives a user authority configuration request sent by a tenant terminal, and creates a role corresponding to the user authority configuration request and a plurality of user accounts corresponding to the role.
Specifically, the role is an authorization for the administrator, the tenant is an abstract organization, and there is a user under the tenant, and the role is authorized for the user under the tenant; different tenants can perform role definition according to the requirement of respective management and authorize the users. The tenant can configure the user, and during configuration, the server receives a user permission configuration request sent by the tenant, and then different roles and users can be created according to the configuration request.
Secondly, the server acquires tenant permission information corresponding to the tenant terminal, wherein the tenant permission information comprises system permission packages of systems corresponding to a plurality of products in the platform.
Specifically, the tenant may obtain the permission packages of multiple systems, so as to obtain tenant permission information, where the tenant permission information may include the permission packages of multiple systems.
Thirdly, the server analyzes the system permission packet to obtain a plurality of pieces of initial permission information; and configuring corresponding initial permission information for the role so as to authorize the user account to generate user permission information.
Specifically, the server may analyze the permission packet to obtain a plurality of initial permission information, for example, different permission information corresponding to each type of data, including read and write permissions, permission of a data read range, and the like, and the server may configure the corresponding initial permission information for each role as required, so that the role is authorized to the user account, thereby completing configuration of the user permission information.
In the embodiment, the user is managed by taking the role as granularity, and the permission configuration is performed on the platform, the product, the system, the permission package, the tenant, the role and the user layer by layer for the user, so that the permission function management requirement can be met, and the user can be conveniently managed.
In one embodiment, please continue to combine fig. 3 to fig. 5, the generation manner of tenant permission information includes:
firstly, a server receives a tenant permission configuration request sent by a tenant terminal, wherein the tenant permission configuration request carries a product identifier and a system identifier.
The tenant permission configuration request corresponds to products and systems, each product can be provided with a plurality of systems, and tenants can rent different systems under different products to complete corresponding services.
Secondly, the server inquires a plurality of systems corresponding to the product identification, and selects a target system according to the system identification.
The server firstly inquires a plurality of systems corresponding to the product identification, and determines a system rented by the user, namely a target system according to the system identification.
And thirdly, the server acquires system permission information corresponding to the target system, selects the target permission information from the system permission information according to the tenant permission configuration request, and packages the target permission information to obtain a tenant permission package.
Specifically, the generation manner of the permission package includes: the method comprises the steps of metadata definition and data rule definition, wherein the metadata mainly describes data attributes and is used for supporting functions such as indicating storage positions, historical data, resource searching, file recording and the like, the data rules are preset data processing rules, and the data rules, namely system authority information, are packaged to obtain corresponding authority packages.
Fourthly, the tenant permission package is configured to the tenant to obtain tenant permission information.
And the server configures the permission packet for different tenants so as to obtain the tenant permission information.
In the embodiment, the system permission packet is used as granularity, permission information is configured for the tenants, personalized function requirements of different tenants can be flexibly met, and the adaptive capacity and the expansion capacity of the platform are improved through configuration management.
In one embodiment, querying a plurality of systems corresponding to product identifications comprises: inquiring a tenant field corresponding to the tenant terminal; and querying a plurality of systems corresponding to the product identification from the tenant field.
Specifically, please refer to fig. 6, where fig. 6 is a schematic diagram of domain management in an embodiment, in the embodiment, the tenant permission configuration request further includes a tenant domain, and the server further needs to query the corresponding domain according to the domain of the tenant before querying the multiple systems corresponding to the product identifier, so as to query the multiple systems corresponding to the product identifier from the corresponding domain, that is, the user distinguishes the user type. The tenant is one of the core composition units in the platform, represents different organizations such as hospitals, companies, government departments and the like, and different types of organizations in the platform can classify users, namely fields, such as three fields of A \ B \ G, the field A corresponding to a platform service provider, the field B corresponding to a hospital and the field G corresponding to a government department. When configuring a tenant, the domain needs to be determined so as to obtain different permission packages, so that when configuring the user under the tenant, the tenant can label the type of the user so as to obtain the permission corresponding to the domain.
In one embodiment, querying stored session information corresponding to authorization information includes: inquiring whether stored session information corresponding to the authorization information exists in the cache or not; when the stored session information corresponding to the authorization information does not exist in the cache, inquiring whether the stored session information corresponding to the authorization information exists in the database or not; and when the stored session information corresponding to the authorization information exists in the database, reading the session information into the cache.
Specifically, when reading the stored session information, the server may first read whether session information corresponding to the authorization information exists in the cache, and if so, directly return to the successful query, otherwise, continuously query whether the session information exists in the database, and if so, read the session information in the database into the cache, so that when processing the service request, the server directly queries the cache, and then obtains user permission information, and after performing permission control through the user permission information pair, obtains response data corresponding to the service request.
Referring to fig. 7, fig. 7 is a timing diagram of a service data processing method based on sharing permissions in an embodiment, in the embodiment, a user terminal first generates a login request, signs the login request and then sends the login request to a gateway, the gateway checks the login request, after the check is completed, the login authentication is sent to a user center, the user center authenticates and records a log, queries corresponding user permission information, generates authorization information and session information, caches the authorization information and the session information in a cache management database, and then returns a session result, that is, authorization information, to the user terminal through the user center and the gateway, so that the user terminal caches the authorization information and jumps to a service processing interface.
Thus, the user terminal receives the service request input by the user through the service processing interface, signs the service request and sends the signed service request to the gateway, after the gateway checks the label, the service request with the checked label is sent to the user center to carry out interface authentication, so that the user center can read the cache from the cache management database and return the session information and the authority information, if the cache does not exist, the session information and the authority information in the database are read to complete the interface authentication, and the authentication result is returned to the gateway, so that the gateway sends the service request to the service system after the authentication is passed, so that the service system reads the session information from the cache management database, and after the service request is subjected to authority control according to the user authority information in the session information, the response data corresponding to the service request is obtained, and after the service system obtains the response data, and returning the response data to the user terminal.
The service data processing method based on sharing authority firstly obtains the tenant identification corresponding to the user identification after receiving the login request sent by the user terminal, further, the authority information of the user in the tenant can be inquired, and the authorization information is generated according to the authority information, therefore, the authorization information, the user authority information and the user identification are generated into the session information and then stored, when a service request exists, can directly inquire the corresponding authority information in the session information, thus carrying out authority control on the service request through the authority information, the method and the device can ensure that different users can only acquire the data in the permission, data leakage cannot be caused, and because the user permission information is inquired in login, the user permission information can be directly used subsequently in service processing, multiple times of inquiry is not needed, and the processing efficiency can be improved.
It should be understood that although the steps in the flowcharts of fig. 2 and 7 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2 and 7 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performing the sub-steps or stages is not necessarily sequential, but may be performed alternately or alternately with other steps or at least some of the sub-steps or stages of other steps.
In one embodiment, as shown in fig. 8, there is provided a service data processing apparatus based on sharing authority, including: the first receiving module 100, the first query module 200, the session information generating module 300, the second receiving module 400, the second query module 500, and the sending module 600, wherein:
the first receiving module 100 is configured to receive a login request of a user terminal, where the login request carries a user identifier.
The first query module 200 is configured to query a tenant identifier corresponding to the user identifier, query user permission information of a user corresponding to the user identifier in the tenant corresponding to the tenant identifier, and generate authorization information according to the user permission information.
And a session information generating module 300, configured to generate session information according to the authorization information, the user permission information, and the user identifier, and send the authorization information to the user terminal.
The second receiving module 400 is configured to receive a service request sent by a user terminal, where the service request carries authorization information.
The second query module 500 is configured to query stored session information corresponding to the authorization information, perform authority control on the service request according to the user authority information in the session information, and obtain response data corresponding to the service request.
A sending module 600, configured to return the response data to the user terminal.
In one embodiment, the service data processing apparatus based on sharing authority may further include:
and the third receiving module is used for receiving the user permission configuration request sent by the tenant terminal, and creating a role corresponding to the user permission configuration request and a plurality of user accounts corresponding to the role.
And the system permission packet acquisition module is used for acquiring tenant permission information corresponding to the tenant terminal, and the tenant permission information comprises system permission packets of the system corresponding to a plurality of products in the platform.
And the analysis module is used for analyzing the system permission packet to obtain a plurality of pieces of initial permission information.
And the user permission information generating module is used for configuring corresponding initial permission information for the role so as to authorize a user account to generate the user permission information.
In one embodiment, the service data processing apparatus based on sharing authority may further include:
and the fourth receiving module is used for receiving a tenant permission configuration request sent by the tenant terminal, wherein the tenant permission configuration request carries the product identifier and the system identifier.
And the third query module is used for querying the multiple systems corresponding to the product identifiers and selecting the target system according to the system identifiers.
And the tenant permission package acquisition module is used for acquiring the system permission information corresponding to the target system, selecting the target permission information from the system permission information according to the tenant permission configuration request, and packaging the target permission information to obtain the tenant permission package.
And the tenant permission information configuration module is used for configuring the tenant permission package to the tenant to obtain the tenant permission information.
In one embodiment, the third query module may include:
and the domain query unit is used for querying the tenant domain corresponding to the tenant terminal.
And the system query unit is used for querying a plurality of systems corresponding to the product identifications from the tenant field.
In one embodiment, the second query module 500 may include:
and the cache inquiring unit is used for inquiring whether the stored session information corresponding to the authorization information exists in the cache.
And the database query unit is used for querying whether the stored session information corresponding to the authorization information exists in the database or not when the stored session information corresponding to the authorization information does not exist in the cache.
And the reading unit is used for reading the session information into the cache when the stored session information corresponding to the authorization information exists in the database.
For the specific limitation of the service data processing apparatus based on sharing authority, reference may be made to the above limitation on the service data processing method based on sharing authority, and details are not described herein again. All or part of each module in the service data processing device based on the sharing authority can be realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as shown in fig. 9. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing business data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method for processing service data based on sharing rights.
Those skilled in the art will appreciate that the architecture shown in fig. 9 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, there is provided a computer device comprising a memory storing a computer program and a processor implementing the following steps when the processor executes the computer program: receiving a login request of a user terminal, wherein the login request carries a user identifier; inquiring a tenant identification corresponding to the user identification, inquiring user authority information of a user corresponding to the user identification in a tenant corresponding to the tenant identification, and generating authorization information according to the user authority information; generating session information according to the authorization information, the user authority information and the user identification, and sending the authorization information to the user terminal; receiving a service request sent by a user terminal, wherein the service request carries authorization information; inquiring stored session information corresponding to the authorization information, and performing authority control on the service request according to user authority information in the session information to obtain response data corresponding to the service request; and returning the response data to the user terminal.
In one embodiment, the generation of user rights information involved in the execution of the computer program by the processor comprises: receiving a user permission configuration request sent by a tenant terminal, and creating a role corresponding to the user permission configuration request and a plurality of user accounts corresponding to the role; acquiring tenant permission information corresponding to a tenant terminal, wherein the tenant permission information comprises system permission packages of systems corresponding to a plurality of products in a platform; analyzing the system permission packet to obtain a plurality of pieces of initial permission information; and configuring corresponding initial permission information for the role so as to authorize the user account to generate user permission information.
In one embodiment, the tenant permission information related to the execution of the computer program by the processor is generated in a manner that includes: receiving a tenant permission configuration request sent by a tenant terminal, wherein the tenant permission configuration request carries a product identifier and a system identifier; inquiring a plurality of systems corresponding to the product identification, and selecting a target system according to the system identification; acquiring system permission information corresponding to a target system, selecting the target permission information from the system permission information according to a tenant permission configuration request, and packaging the target permission information to obtain a tenant permission package; and configuring the tenant permission package to the tenant to obtain tenant permission information.
In one embodiment, a plurality of systems for querying for correspondence with product identifications implemented by a processor executing a computer program, comprises: inquiring a tenant field corresponding to the tenant terminal; and querying a plurality of systems corresponding to the product identification from the tenant field.
In one embodiment, querying stored session information corresponding to authorization information implemented by a processor executing a computer program comprises: inquiring whether stored session information corresponding to the authorization information exists in the cache or not; when the stored session information corresponding to the authorization information does not exist in the cache, inquiring whether the stored session information corresponding to the authorization information exists in the database or not; and when the stored session information corresponding to the authorization information exists in the database, reading the session information into the cache.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of: receiving a login request of a user terminal, wherein the login request carries a user identifier; inquiring a tenant identification corresponding to the user identification, inquiring user authority information of a user corresponding to the user identification in a tenant corresponding to the tenant identification, and generating authorization information according to the user authority information; generating session information according to the authorization information, the user authority information and the user identification, and sending the authorization information to the user terminal; receiving a service request sent by a user terminal, wherein the service request carries authorization information; inquiring stored session information corresponding to the authorization information, and performing authority control on the service request according to user authority information in the session information to obtain response data corresponding to the service request; and returning the response data to the user terminal.
In one embodiment, the generation of the user rights information involved in the execution of the computer program by the processor comprises: receiving a user permission configuration request sent by a tenant terminal, and creating a role corresponding to the user permission configuration request and a plurality of user accounts corresponding to the role; acquiring tenant permission information corresponding to a tenant terminal, wherein the tenant permission information comprises system permission packages of systems corresponding to a plurality of products in a platform; analyzing the system permission packet to obtain a plurality of pieces of initial permission information; and configuring corresponding initial permission information for the role so as to authorize the user account to generate user permission information.
In one embodiment, the tenant permission information related to the computer program when executed by the processor is generated in a manner that includes: receiving a tenant permission configuration request sent by a tenant terminal, wherein the tenant permission configuration request carries a product identifier and a system identifier; inquiring a plurality of systems corresponding to the product identification, and selecting a target system according to the system identification; acquiring system permission information corresponding to a target system, selecting the target permission information from the system permission information according to a tenant permission configuration request, and packaging the target permission information to obtain a tenant permission package; and configuring the tenant permission package to the tenant to obtain tenant permission information.
In one embodiment, a plurality of systems for querying for correspondence with product identifications, implemented when a computer program is executed by a processor, includes: inquiring a tenant field corresponding to the tenant terminal; and querying a plurality of systems corresponding to the product identification from the tenant field.
In one embodiment, querying stored session information corresponding to authorization information, implemented when the computer program is executed by a processor, comprises: inquiring whether stored session information corresponding to the authorization information exists in the cache or not; when the stored session information corresponding to the authorization information does not exist in the cache, inquiring whether the stored session information corresponding to the authorization information exists in the database or not; and when the stored session information corresponding to the authorization information exists in the database, reading the session information into the cache.
It will be understood by those of ordinary skill in the art that all or a portion of the processes of the methods of the embodiments described above may be implemented by a computer program that may be stored on a non-volatile computer-readable storage medium, which when executed, may include the processes of the embodiments of the methods described above, wherein any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A business data processing method based on sharing authority comprises the following steps:
receiving a login request of a user terminal, wherein the login request carries a user identifier;
querying a tenant identification corresponding to the user identification, querying user authority information of a user corresponding to the user identification in a tenant corresponding to the tenant identification, and generating authorization information according to the user authority information;
generating session information according to the authorization information, the user permission information and the user identification, and sending the authorization information to the user terminal;
receiving a service request sent by a user terminal, wherein the service request carries authorization information;
inquiring stored session information corresponding to the authorization information, and performing authority control on the service request according to user authority information in the session information to obtain response data corresponding to the service request;
and returning the response data to the user terminal.
2. The method of claim 1, wherein the generating of the user right information comprises:
receiving a user permission configuration request sent by a tenant terminal, and creating a role corresponding to the user permission configuration request and a plurality of user accounts corresponding to the role;
acquiring tenant permission information corresponding to the tenant terminal, wherein the tenant permission information comprises system permission packages of systems corresponding to a plurality of products in a platform;
analyzing the system permission packet to obtain a plurality of pieces of initial permission information;
and configuring corresponding initial permission information for the role so as to authorize the user account to generate user permission information.
3. The method according to claim 1, wherein the tenant permission information is generated in a manner that includes:
receiving a tenant permission configuration request sent by a tenant terminal, wherein the tenant permission configuration request carries a product identifier and a system identifier;
inquiring a plurality of systems corresponding to the product identification, and selecting a target system according to the system identification;
acquiring system permission information corresponding to a target system, selecting target permission information from the system permission information according to the tenant permission configuration request, and packaging the target permission information to obtain a tenant permission package;
and configuring the tenant permission package to the tenant to obtain tenant permission information.
4. The method of claim 3, wherein querying a plurality of systems corresponding to the product identifier comprises:
inquiring the tenant field corresponding to the tenant terminal;
querying a plurality of systems corresponding to the product identification from the tenant domain.
5. The method according to any one of claims 1 to 4, wherein the querying stored session information corresponding to the authorization information comprises:
inquiring whether stored session information corresponding to the authorization information exists in a cache or not;
when the stored session information corresponding to the authorization information does not exist in the cache, inquiring whether the stored session information corresponding to the authorization information exists in a database or not;
and when the stored session information corresponding to the authorization information exists in the database, reading the session information into a cache.
6. A service data processing device based on sharing authority, the device comprising:
the first receiving module is used for receiving a login request of a user terminal, wherein the login request carries a user identifier;
the first query module is used for querying a tenant identification corresponding to the user identification, querying user permission information of a user corresponding to the user identification in a tenant corresponding to the tenant identification, and generating authorization information according to the user permission information;
the session information generating module is used for generating session information according to the authorization information, the user permission information and the user identification and sending the authorization information to the user terminal;
the second receiving module is used for receiving a service request sent by a user terminal, wherein the service request carries authorization information;
the second query module is used for querying stored session information corresponding to the authorization information, and performing authority control on the service request according to user authority information in the session information to obtain response data corresponding to the service request;
and the sending module is used for returning the response data to the user terminal.
7. The apparatus of claim 6, further comprising:
the third receiving module is used for receiving a user permission configuration request sent by a tenant terminal, and creating a role corresponding to the user permission configuration request and a plurality of user accounts corresponding to the role;
the system authority package acquisition module is used for acquiring tenant authority information corresponding to the tenant terminal, and the tenant authority information comprises system authority packages of systems corresponding to a plurality of products in the platform;
the analysis module is used for analyzing the system permission packet to obtain a plurality of pieces of initial permission information;
and the user permission information generating module is used for configuring corresponding initial permission information for the role so as to authorize the user account to generate user permission information.
8. The apparatus of claim 6, further comprising:
the fourth receiving module is used for receiving a tenant permission configuration request sent by a tenant terminal, wherein the tenant permission configuration request carries a product identifier and a system identifier;
the third query module is used for querying a plurality of systems corresponding to the product identification and selecting a target system according to the system identification;
the tenant permission package acquisition module is used for acquiring system permission information corresponding to a target system, selecting the target permission information from the system permission information according to the tenant permission configuration request, and packaging the target permission information to obtain a tenant permission package;
and the tenant permission information configuration module is used for configuring the tenant permission package to the tenant to obtain tenant permission information.
9. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 5 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 5.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010130967.7A CN111400676A (en) | 2020-02-28 | 2020-02-28 | Service data processing method, device, equipment and medium based on sharing authority |
| PCT/CN2020/098690 WO2021169112A1 (en) | 2020-02-28 | 2020-06-29 | Shared permission-based service data procesing method, apparatus and device, and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010130967.7A CN111400676A (en) | 2020-02-28 | 2020-02-28 | Service data processing method, device, equipment and medium based on sharing authority |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111400676A true CN111400676A (en) | 2020-07-10 |
Family
ID=71435944
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010130967.7A Pending CN111400676A (en) | 2020-02-28 | 2020-02-28 | Service data processing method, device, equipment and medium based on sharing authority |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN111400676A (en) |
| WO (1) | WO2021169112A1 (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111800440A (en) * | 2020-09-08 | 2020-10-20 | 平安国际智慧城市科技股份有限公司 | Multi-policy access control login method and device, computer equipment and storage medium |
| CN111914233A (en) * | 2020-08-11 | 2020-11-10 | 广东电网有限责任公司广州供电局 | Account authority management method and device |
| CN112257047A (en) * | 2020-11-17 | 2021-01-22 | 珠海大横琴科技发展有限公司 | Safety control method, device, equipment and medium for data sharing platform |
| CN112333272A (en) * | 2020-11-06 | 2021-02-05 | 杭州安恒信息技术股份有限公司 | Micro-service data access method, device, equipment and readable storage medium |
| CN112995179A (en) * | 2021-02-25 | 2021-06-18 | 杭州迪普信息技术有限公司 | Response message processing method and device |
| CN113359526A (en) * | 2021-06-10 | 2021-09-07 | 上海钛米机器人股份有限公司 | Authority data processing method, device, equipment and storage medium |
| CN113542527A (en) * | 2020-11-26 | 2021-10-22 | 腾讯科技(深圳)有限公司 | Face image transmission method and device, electronic equipment and storage medium |
| CN113626844A (en) * | 2021-08-18 | 2021-11-09 | 平安普惠企业管理有限公司 | User authority control method, system, computer equipment and storage medium |
| CN113626863A (en) * | 2021-08-11 | 2021-11-09 | 杭州橙鹰数据技术有限公司 | Data processing method and device |
| CN113779625A (en) * | 2021-08-31 | 2021-12-10 | 成都商汤科技有限公司 | Data access method and device, electronic equipment and storage medium |
| CN113794720A (en) * | 2021-09-14 | 2021-12-14 | 树根互联股份有限公司 | Method and device for authorization of permission of cross-tenant device resources and electronic device |
| CN114238420A (en) * | 2022-02-24 | 2022-03-25 | 北京仁科互动网络技术有限公司 | Method and device for using metadata based on multi-tenant architecture and electronic equipment |
| CN114301714A (en) * | 2022-01-20 | 2022-04-08 | 杭萧钢构股份有限公司 | Multi-tenant permission control method and system |
| CN114553450A (en) * | 2020-11-24 | 2022-05-27 | 贝斯平环球公司 | Merging management system and control method of merging management system |
| CN114826738A (en) * | 2022-04-26 | 2022-07-29 | 天工信创(广州)信息科技有限公司 | Multi-tenant realization method, processor and device based on SSO user system |
| WO2023051189A1 (en) * | 2021-09-30 | 2023-04-06 | 华为技术有限公司 | Communication method and apparatus for managing service |
| CN117375901A (en) * | 2023-09-30 | 2024-01-09 | 上海复通软件技术有限公司 | Cross-tenant multi-terminal authentication method and system |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114928461A (en) * | 2022-03-01 | 2022-08-19 | 达而观信息科技(上海)有限公司 | Robot process automation system and data authority control method thereof |
| CN114726590A (en) * | 2022-03-18 | 2022-07-08 | 重庆米帕斯科技有限公司 | Method for realizing login authentication without centralization in distributed system |
| CN114417287B (en) * | 2022-03-25 | 2022-09-06 | 阿里云计算有限公司 | Data processing method, system, device and storage medium |
| CN114726629B (en) * | 2022-04-12 | 2024-03-12 | 树根互联股份有限公司 | Authority configuration method, system, device, electronic equipment and readable storage medium |
| CN115086431B (en) * | 2022-06-10 | 2024-03-15 | 深圳市大族数控科技股份有限公司 | PCB equipment data transmission method and device, computer equipment and storage medium |
| CN115208646B (en) * | 2022-07-03 | 2024-03-26 | 上海妙一生物科技有限公司 | SaaS application authority management method and system |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102467617A (en) * | 2010-11-04 | 2012-05-23 | 镇江金软计算机科技有限责任公司 | Data isolation method of software as a service (SaaS) application software |
| CN103714273B (en) * | 2013-12-31 | 2017-06-09 | 深圳市兴邦创新信息技术有限公司 | A kind of software authorization system and method based on online dynamic authorization |
| US10585682B2 (en) * | 2016-08-05 | 2020-03-10 | Oracle International Corporation | Tenant self-service troubleshooting for a multi-tenant identity and data security management cloud service |
| CN109388631A (en) * | 2018-10-11 | 2019-02-26 | 山东浪潮通软信息科技有限公司 | A kind of database of multi-tenant divides library implementation method |
| CN110086813A (en) * | 2019-04-30 | 2019-08-02 | 新华三大数据技术有限公司 | Access right control method and device |
-
2020
- 2020-02-28 CN CN202010130967.7A patent/CN111400676A/en active Pending
- 2020-06-29 WO PCT/CN2020/098690 patent/WO2021169112A1/en active Application Filing
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111914233A (en) * | 2020-08-11 | 2020-11-10 | 广东电网有限责任公司广州供电局 | Account authority management method and device |
| CN111800440A (en) * | 2020-09-08 | 2020-10-20 | 平安国际智慧城市科技股份有限公司 | Multi-policy access control login method and device, computer equipment and storage medium |
| CN111800440B (en) * | 2020-09-08 | 2020-12-18 | 平安国际智慧城市科技股份有限公司 | Multi-policy access control login method and device, computer equipment and storage medium |
| CN112333272A (en) * | 2020-11-06 | 2021-02-05 | 杭州安恒信息技术股份有限公司 | Micro-service data access method, device, equipment and readable storage medium |
| CN112333272B (en) * | 2020-11-06 | 2023-05-26 | 杭州安恒信息技术股份有限公司 | Micro-service data access method, device, equipment and readable storage medium |
| CN112257047A (en) * | 2020-11-17 | 2021-01-22 | 珠海大横琴科技发展有限公司 | Safety control method, device, equipment and medium for data sharing platform |
| CN114553450A (en) * | 2020-11-24 | 2022-05-27 | 贝斯平环球公司 | Merging management system and control method of merging management system |
| CN113542527A (en) * | 2020-11-26 | 2021-10-22 | 腾讯科技(深圳)有限公司 | Face image transmission method and device, electronic equipment and storage medium |
| CN113542527B (en) * | 2020-11-26 | 2023-08-18 | 腾讯科技(深圳)有限公司 | Face image transmission method and device, electronic equipment and storage medium |
| CN112995179A (en) * | 2021-02-25 | 2021-06-18 | 杭州迪普信息技术有限公司 | Response message processing method and device |
| CN113359526A (en) * | 2021-06-10 | 2021-09-07 | 上海钛米机器人股份有限公司 | Authority data processing method, device, equipment and storage medium |
| CN113626863A (en) * | 2021-08-11 | 2021-11-09 | 杭州橙鹰数据技术有限公司 | Data processing method and device |
| CN113626844A (en) * | 2021-08-18 | 2021-11-09 | 平安普惠企业管理有限公司 | User authority control method, system, computer equipment and storage medium |
| CN113779625A (en) * | 2021-08-31 | 2021-12-10 | 成都商汤科技有限公司 | Data access method and device, electronic equipment and storage medium |
| CN113794720A (en) * | 2021-09-14 | 2021-12-14 | 树根互联股份有限公司 | Method and device for authorization of permission of cross-tenant device resources and electronic device |
| WO2023051189A1 (en) * | 2021-09-30 | 2023-04-06 | 华为技术有限公司 | Communication method and apparatus for managing service |
| CN114301714A (en) * | 2022-01-20 | 2022-04-08 | 杭萧钢构股份有限公司 | Multi-tenant permission control method and system |
| CN114301714B (en) * | 2022-01-20 | 2024-01-19 | 杭萧钢构股份有限公司 | Multi-tenant authority control method and system |
| CN114238420A (en) * | 2022-02-24 | 2022-03-25 | 北京仁科互动网络技术有限公司 | Method and device for using metadata based on multi-tenant architecture and electronic equipment |
| CN114826738A (en) * | 2022-04-26 | 2022-07-29 | 天工信创(广州)信息科技有限公司 | Multi-tenant realization method, processor and device based on SSO user system |
| CN117375901A (en) * | 2023-09-30 | 2024-01-09 | 上海复通软件技术有限公司 | Cross-tenant multi-terminal authentication method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2021169112A1 (en) | 2021-09-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111400676A (en) | Service data processing method, device, equipment and medium based on sharing authority | |
| US11102196B2 (en) | Authenticating API service invocations | |
| US11290446B2 (en) | Access to data stored in a cloud | |
| US10397213B2 (en) | Systems, methods, and software to provide access control in cloud computing environments | |
| CN102947797A (en) | Online service access controls using scale out directory features | |
| US10992656B2 (en) | Distributed profile and key management | |
| US20170214673A1 (en) | Secure assertion attribute for a federated log in | |
| WO2017138944A1 (en) | Cloud access rule translation for hybrid cloud computing environments | |
| US20220224535A1 (en) | Dynamic authorization and access management | |
| US11652631B2 (en) | Distribution of security credentials | |
| US11645424B2 (en) | Integrity verification in cloud key-value stores | |
| CN105991624B (en) | A kind of method for managing security and device of server | |
| CN112308561A (en) | Block chain-based evidence storing method and system, computer equipment and storage medium | |
| CN112492028A (en) | Cloud desktop login method and device, electronic equipment and storage medium | |
| US11477187B2 (en) | API key access authorization | |
| Barati et al. | Privacy‐aware cloud ecosystems: Architecture and performance | |
| US10326833B1 (en) | Systems and method for processing request for network resources | |
| US11032708B2 (en) | Securing public WLAN hotspot network access | |
| Tiwari et al. | Design and Implementation of Enhanced Security Algorithm for Hybrid Cloud using Kerberos | |
| CN117118640A (en) | Data processing method, device, computer equipment and readable storage medium | |
| US11677549B2 (en) | Maintaining confidentiality in decentralized policies | |
| US11750397B2 (en) | Attribute-based encryption keys as key material for key-hash message authentication code user authentication and authorization | |
| US20220229928A1 (en) | Multi-Tenant Data Protection Using Tenant-Based Token Validation and Data Encryption | |
| US11153299B2 (en) | Secure data transport using trusted identities | |
| US20230229752A1 (en) | Attestation of application identity for inter-app communications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20210129 Address after: 518066 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.) Applicant after: Shenzhen saiante Technology Service Co.,Ltd. Address before: 1-34 / F, Qianhai free trade building, 3048 Xinghai Avenue, Mawan, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong 518000 Applicant before: Ping An International Smart City Technology Co.,Ltd. |
|
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |