CN112487450B - File server access grading method - Google Patents

File server access grading method Download PDF

Info

Publication number
CN112487450B
CN112487450B CN202011378726.0A CN202011378726A CN112487450B CN 112487450 B CN112487450 B CN 112487450B CN 202011378726 A CN202011378726 A CN 202011378726A CN 112487450 B CN112487450 B CN 112487450B
Authority
CN
China
Prior art keywords
file
appid
access
file server
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011378726.0A
Other languages
Chinese (zh)
Other versions
CN112487450A (en
Inventor
邬敏健
何彦霖
胡醒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yinsheng Payment Service Co Ltd
Original Assignee
Yinsheng Payment Service Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yinsheng Payment Service Co Ltd filed Critical Yinsheng Payment Service Co Ltd
Priority to CN202011378726.0A priority Critical patent/CN112487450B/en
Publication of CN112487450A publication Critical patent/CN112487450A/en
Application granted granted Critical
Publication of CN112487450B publication Critical patent/CN112487450B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Power Engineering (AREA)
  • Computing Systems (AREA)
  • Databases & Information Systems (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides a file server access grading method, which comprises the following steps: the application app ranks the access rights of the files, forms a file access rights table by utilizing the rights ranks and the unique identification Fi of the files, judges whether the ip of the client is in an ip white list or a black list when the client requests the file server, judges whether the client has the access rights of the files by using a signature verification mode, makes an access request to the file server, acquires a request parameter set { MD5es, t, fi, appId }, acquires values of app Id, salt and SECRETKEY in the file access rights table through Fi, compares a first target MD5es and a second target MD5fes of an MD5 encryption result, acquires a temporary token through a 0-level system authorization interface, caches k-v pairs, receives the request parameter set { Fi, token }, compares the cached k-v pairs, and has a 0-level system authorization interface; the embodiment of the invention improves the security of file access.

Description

File server access grading method
Technical Field
The invention relates to the technical field of computers, in particular to a file server access grading method.
Background
With the development of the internet, the popularity of the micro-service architecture and the continuous improvement of the requirements on the user experience, the static resource management of files, pictures and the like of a plurality of companies gradually tend to be centralized management. Centralized management of pictures is performed by establishing a file service system, but centralized management of files also causes the following problems, how to ensure the security of file access.
Summary of the invention
In order to overcome the defects of the prior art, the invention provides a file server access grading method which is used for solving the technical problem of low file access security.
The technical scheme adopted for solving the technical problems is as follows: there is provided a file server access ranking method comprising the steps of:
S1: the application app ranks the access rights of the files, and forms a file access rights table by using the rights ranks and the unique identification Fi of the files;
s2: when a client requests a file server, judging whether the ip of the client is in an ip white list or a blacklist;
s3: the level 3 and the level 1 judge whether the file has the access right or not by using a signature verification mode;
s4: constructing a request parameter set { MD5es, t, fi, appId }, and carrying out an access request on a file server;
s5: the file server acquires a request parameter set { MD5es, t, fi, appId }, and acquires values of appId, salt and SECRETKEY in a file access authority table through Fi;
s6: comparing the MD5 encryption result with the first target MD5es and the second target MD5 fes;
s7: the application app obtains a temporary token through a 0-level system authorization interface and caches k-v pairs;
S8: constructing a request parameter set { Fi, token }, receiving the request parameter set { Fi, token }, and comparing the cached k-v by the file server;
S9: level 0 system authorization interface.
Specifically, by judging whether the ip of the client is in the ip white list or the black list, the steps include:
when the ip of the client is in the blacklist, access is refused, and a 'file does not exist' is returned;
and returning a file non-existence when the ip of the client is not in the blacklist and is not in the white list.
Specifically, the level 3 and the level 1 determine whether the file has the access right by using a signature verification method, and the steps include:
the file server randomly generates a salt value S at regular time, and the application app obtains the latest salt value S from the file server at regular time;
When the app is applied to access a file, a to-be-encrypted character string es= appId +k+s+t+fi is calculated, wherein k is a key SECRETKEY, S is a Salt value Salt, t is a current timestamp, and Fi is a file id to be accessed.
Preferably, after calculating the string to be encrypted es= appId +k+s+t+fi, the steps further include:
and carrying out MD5 encryption on the character string to be encrypted to obtain a first target MD5 es=MD 5 (Es).
Specifically, the file server obtains the request parameter set { MD5es, t, fi, appId }, and obtains values of appId, salt, and SECRETKEY in the file access authority table through Fi, where the steps include:
The character string to be encrypted fes= appId + SECRETKEY +salt+t+fi, wherein SECRETKEY, SALT is obtained from the file access authority table, and t is a time stamp and is sent by the application app.
Preferably, after obtaining the string to be encrypted fes= appId + SECRETKEY +salt+t+fi, the steps further include:
And carrying out MD5 encryption on the character string to be encrypted to obtain a second target MD5 fes=MD 5 (FEs) of the character string.
Specifically, the MD5 encryption result is compared with the first target MD5es and the second target MD5fes, and the steps include:
When the MD5 encryption result is equal to the first target MD5es and the second target MD5fes, returning the file;
When the MD5 encryption result is that the first target MD5es and the second target MD5fes are not equal, the prompt file does not exist.
Specifically, the file server receives a request parameter set { Fi, token }, compares the cached k-v, and the steps include:
Returning a file when the token values are the same;
when the token values are different, the "file does not exist" is prompted.
Specifically, the level 0 system authorization interface, the steps include:
The 0-level system authorization interface randomly generates new RAS public and private key pairs pubK and priK each day;
an application App generates an AES algorithm through a time stamp t to generate an AES key;
To-be-encrypted character string As= appId +password+t, and then generating a key for encryption by using a first-step AES algorithm to R;
Encrypting the AES key generated by 1 using the public key of the RSA algorithm yields rKey = RSA (aesKey, pubK).
Preferably, after encrypting the AES key generated by 1 using the public key of the RSA algorithm to obtain rKey = RSA (aesKey, pubK), the steps further include:
Constructing a request parameter set { appId, rKey, R, t }, requesting an authorization interface;
After receiving appId, the authorization interface obtains pub-key and nPassword through the authorization information table, and decrypts rKey by using pub-key to obtain AES key;
performing AES decryption on R by using an AES key to obtain an original character string AS;
Background splice nAs = appId + nPassword +t, compared to AS;
if the same, authorization is performed, and if different, not.
The beneficial effects of the invention are as follows: the application app ranks the access rights of the files, forms a file access rights table by using the rights ranks and the unique identification Fi of the files, judges whether the ip of the client is in an ip white list or a black list when the client requests the file server, judges whether the client has the access rights of the files by using a signature verification mode, constructs request parameter sets { MD5es, t, fi, appId }, makes an access request to the file server, acquires the request parameter sets { MD5es, t, fi, appId }, acquires values of app Id, salt and SECRETKEY from the file access rights table through Fi, and compares the MD5 encryption result with the MD5 target MD5es and the second target MD5fes, acquires a temporary token through a 0-level system authorization interface, caches k-v pairs, constructs the request parameter sets { Fi, token }, receives the request parameter sets { Fi, token }, compares the cached k-v, and improves the security of the file access.
Drawings
FIG. 1 is a flow diagram of a method for file server access classification.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The following describes in detail the implementation of the present invention in connection with specific embodiments:
Embodiment one:
Fig. 1 shows a flow of implementing a file server access classification method according to a first embodiment of the present invention, and for convenience of explanation, only the portions relevant to the embodiment of the present invention are shown, which are described in detail below:
in step S101, the application app ranks the access rights of the file, and forms a file access rights table using the rights ranks and the unique identifier Fi of the file;
In step S102, the levels 0, 1, and 2 are all controlled by the IP black-and-white list, and when the client requests the file server, whether the IP of the client is in the IP white list or the black list is determined;
when the ip of the client is in the blacklist, access is refused, and a 'file does not exist' is returned;
and returning a file non-existence when the ip of the client is not in the blacklist and is not in the white list.
In step S103, the level 3 and level 1 will determine whether the file has access rights by using a signature verification method;
specifically, the file server randomly generates a salt value S every day, and the application app acquires the latest salt value S from the file server every day;
when the application app performs file access, calculating a character string Es= appId +k+S+t+Fi to be encrypted;
Where k is key SECRETKEY, S is Salt, t is the current timestamp, and Fi is the file id that needs to be accessed.
And carrying out MD5 encryption on the character string to be encrypted to obtain a first target MD5 es=MD 5 (Es).
In step S104, a request parameter set { MD5es, t, fi, appId }, is constructed, and an access request is made to the file server;
in step S105, the file server obtains the request parameter set { MD5es, t, fi, appId }, and obtains values of appId, salt, and SECRETKEY in the file access authority table through Fi;
The character string to be encrypted fes= appId + SECRETKEY +salt+t+fi, wherein SECRETKEY, SALT is obtained from the file access authority table, and t is a time stamp and is sent by the application app.
And carrying out MD5 encryption on the character string to be encrypted to obtain a second target MD5 fes=MD 5 (FEs) of the character string.
In step S106, the MD5 encryption result is compared between the first target MD5es and the second target MD5 fes;
specifically, when the MD5 encryption result is equal to the first target MD5es and the second target MD5fes, returning the file;
when the MD5 encryption result is that the first target MD5es and the second target MD5fes are not equal, prompting that the file does not exist;
in step S107, the application app obtains a temporary token, caches k-v pairs,
In step S108, a request parameter set { Fi, token } is constructed, the file server receives the request parameter set { Fi, token }, and the cached k-v is compared;
Returning a file when the token values are the same;
And when the token values are different, prompting that the file does not exist.
In step S109, the level 0 system authorization interface
Specifically, the level 0 system authorization interface randomly generates new RAS public and private key pairs pubK and priK each day
Application App generates an AES key by generating an AES algorithm with time stamp t
To-be-encrypted character string as= appId +password+t, and then generating key for encryption by using a first-step AES algorithm to R
Encrypting the AES key generated by 1 using the public key of the RSA algorithm yields rKey = RSA (aesKey, pubK)
A request parameter set { appId, rKey, R, t } is constructed requesting an authorization interface.
After receiving appId, the authorization interface obtains pub-key and nPassword through the authorization information table, decrypts rKey by using pub-key to obtain AES key, and then takes AES key to carry out AES decryption on R to obtain the original character string AS. Background splice nAs = appId + nPassword + t, compared to AS, authorized if the same, not authorized if different.
Those of ordinary skill in the art will appreciate that all or a portion of the steps in implementing the methods of the above embodiments may be implemented by a program to instruct related hardware, where the program may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc.
Embodiment two:
in order to facilitate explanation, another specific flow of the file server access classification method provided in the second embodiment of the present invention is described in detail as follows:
S1, an application app ranks access rights of a file, and forms a file access rights table by using the rights ranks and a unique identifier Fi of the file;
The table structure is as follows:
if the application app needs to perform level 0 file access, a level 0 authorization interface needs to be accessed, and each application app has a relative authorization information table;
The structure of the watch is as follows
S2, the levels 0, 1 and 2 are all controlled by IP black-and-white lists, and when the client requests the file server, whether the IP of the client is in the IP white list or the black list is judged. If the file is in the blacklist, access is denied, and the file is returned to be non-existence. If not in the blacklist, but not in the white list at the same time, a 'file does not exist' is returned. File access is only possible if ip is not in the black list and is in the white list.
S3, judging whether the file has the access right or not by using a signature verification mode through the level 3 and the level 1.
The file server randomly generates a salt value S every day, and the application app acquires the latest S from the file server every day.
When the application app performs file access, a string to be encrypted es= appId +k+s+t+fi is calculated.
Where k is key SECRETKEY, S is Salt, t is the current timestamp, and Fi is the file id that needs to be accessed.
And carrying out MD5 encryption on the character string to be encrypted to obtain a character string Md5es=Md5 (Es).
S4, constructing a request parameter set { MD5es, t, fi, appId }, and carrying out access request on the file server.
S5, after the file server obtains the request parameter set { MD5es, t, fi, appId }, obtaining values of appId, salt and SECRETKEY in the file access authority table through Fi, and then calculating according to the process of S3:
The string to be encrypted fes= appId + SECRETKEY +salt+t+fi, where SECRETKEY, SALT is obtained from the file access rights table, and t is a timestamp, and is sent by the application app.
The string to be encrypted is MD5 encrypted, resulting in a string md5fes=md5 (FEs).
S6, comparing the MD5 encryption results MD5es and MD5fes of the S3 and the S5, returning the file if the encryption results are equal, and prompting that the file does not exist if the encryption results are unequal.
S7, for the level 0, adopting a two-section access mode, acquiring a temporary token by using an application app through a level 0 system authorization interface, storing the produced k-v pair in a cache, constructing a request parameter set { Fi, token }, comparing the cached k-v pair after a file server receives a request, returning a file if the tokens are the same, otherwise prompting that the file does not exist.
S8, a process of a 0-level system authorization interface:
level 0 system authorization interface randomly generates new RAS public and private key pairs pubK and priK each day
Application App generates an AES key by generating an AES algorithm with time stamp t
To-be-encrypted character string as= appId +password+t, and then generating key for encryption by using a first-step AES algorithm to R
Encrypting the AES key generated by 1 using the public key of the RSA algorithm yields rKey = RSA (aesKey, pubK)
A request parameter set { appId, rKey, R, t } is constructed requesting an authorization interface.
After receiving appId, the authorization interface obtains pub-key and nPassword through [ authorization information table ], decrypts rKey by using pub-key to obtain AES key, and then takes AES key to carry out AES decryption on R to obtain original character string AS. Background splice nAs = appId + nPassword + t, compared to AS, and if the same, authorized, and if different, not authorized.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the embodiments described in connection with the embodiments disclosed herein can be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution.
Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention. The foregoing is merely illustrative of the present invention, and the present invention is not limited thereto, and any person skilled in the art will readily appreciate variations or alternatives within the scope of the present invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.

Claims (8)

1. A file server access ranking method, comprising the steps of:
S1: the application app ranks the access rights of the files, and forms a file access rights table by using the rights ranks and the unique identification Fi of the files;
s2: when a client requests a file server, judging whether the ip of the client is in an ip white list or a blacklist;
s3: the level 3 and the level 1 judge whether the file has the access right or not by using a signature verification mode;
s4: constructing a request parameter set { MD5es, t, fi, appId }, and carrying out an access request on a file server;
s5: the file server acquires a request parameter set { MD5es, t, fi, appId }, and acquires values of appId, salt and SECRETKEY in a file access authority table through Fi;
s6: comparing the MD5 encryption result with the first target MD5es and the second target MD5 fes;
s7: the application app obtains a temporary token through a 0-level system authorization interface and caches k-v pairs;
S8: constructing a request parameter set { Fi, token }, receiving the request parameter set { Fi, token }, and comparing the cached k-v by the file server;
S9: the 0 level system authorization interface comprises the steps of:
The 0-level system authorization interface randomly generates new RAS public and private key pairs pubK and priK each day;
an application App generates an AES algorithm through a time stamp t to generate an AES key;
To-be-encrypted character string As= appId +password+t, generating a key by using a first-step AES algorithm, and encrypting to obtain R;
Encrypting the generated AES key using the public key of the RSA algorithm to yield rKey = RSA (aesKey, pubK);
Constructing a request parameter set { appId, rKey, R, t }, requesting an authorization interface;
after receiving appId, the authorization interface obtains pubk and nPassword through the authorization information table, and decrypts rKey by using pubk to obtain an AES key;
performing AES decryption on R by using an AES key to obtain an original character string AS;
Background splice nAs = appId + nPassword +t, compared to AS;
if the same, authorization is performed, and if different, not.
2. The method according to claim 1, wherein the step of determining whether the ip of the client is in the ip white list or the black list comprises:
when the ip of the client is in the blacklist, access is refused, and a 'file does not exist' is returned;
and returning a file non-existence when the ip of the client is not in the blacklist and is not in the white list.
3. The method for classifying access to a file server according to claim 2, wherein the level 3 and the level 1 are to determine whether the file has access right by using a signature verification method, the steps comprising:
the file server randomly generates a salt value S at regular time, and the application app obtains the latest salt value S from the file server at regular time;
When the app is applied to access a file, a to-be-encrypted character string es= appId +k+s+t+fi is calculated, wherein k is a key SECRETKEY, S is a Salt value Salt, t is a current timestamp, and Fi is a file id to be accessed.
4. A file server access ranking method according to claim 3, wherein after calculating the string to be encrypted Es = appId +k+s+t+fi, the steps further comprise:
and carrying out MD5 encryption on the character string to be encrypted to obtain a first target MD5 es=MD 5 (Es).
5. The method of claim 4, wherein the file server obtains the request parameter set { MD5es, t, fi, appId }, and obtains values of appId, salt, and SECRETKEY in the file access rights table by Fi, the steps comprising:
The character string to be encrypted fes= appId + SECRETKEY +salt+t+fi, wherein SECRETKEY, SALT is obtained from the file access authority table, and t is a time stamp and is sent by the application app.
6. The method for classifying access to a file server according to claim 5, wherein after obtaining the string to be encrypted fes= appId + SECRETKEY +salt+t+fi, the steps further comprise:
And carrying out MD5 encryption on the character string to be encrypted to obtain a second target MD5 fes=MD 5 (FEs) of the character string.
7. The method of claim 6, wherein the MD5 encryption results are compared between a first target MD5es and a second target MD5fes, the steps comprising:
When the MD5 encryption result is equal to the first target MD5es and the second target MD5fes, returning the file;
When the MD5 encryption result is that the first target MD5es and the second target MD5fes are not equal, the prompt file does not exist.
8. The method of claim 7, wherein the file server receives a request parameter set { Fi, token }, compares the cached k-v, and the steps comprise:
Returning a file when the token values are the same;
when the token values are different, the "file does not exist" is prompted.
CN202011378726.0A 2020-11-30 2020-11-30 File server access grading method Active CN112487450B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011378726.0A CN112487450B (en) 2020-11-30 2020-11-30 File server access grading method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011378726.0A CN112487450B (en) 2020-11-30 2020-11-30 File server access grading method

Publications (2)

Publication Number Publication Date
CN112487450A CN112487450A (en) 2021-03-12
CN112487450B true CN112487450B (en) 2024-08-13

Family

ID=74937828

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011378726.0A Active CN112487450B (en) 2020-11-30 2020-11-30 File server access grading method

Country Status (1)

Country Link
CN (1) CN112487450B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113051611B (en) * 2021-03-15 2022-04-29 上海商汤智能科技有限公司 Authority control method of online file and related product
CN113806777B (en) * 2021-09-18 2024-07-16 深圳须弥云图空间科技有限公司 File access realization method and device, storage medium and electronic equipment
CN114257583A (en) * 2021-12-22 2022-03-29 贵州东彩供应链科技有限公司 Safe downloading method for solving JWT authorization
CN114611137B (en) * 2022-03-01 2022-11-15 北京航星永志科技有限公司 Data access method, data access device and electronic equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101582275A (en) * 2008-05-16 2009-11-18 索尼株式会社 Information processing apparatus, information recording medium, information processing method, and information processing program
CN107463838A (en) * 2017-08-14 2017-12-12 广州大学 Method for safety monitoring, device, system and storage medium based on SGX

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111541547B (en) * 2020-04-24 2021-09-07 上海简苏网络科技有限公司 Federation chain architecture providing multi-tier data privacy

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101582275A (en) * 2008-05-16 2009-11-18 索尼株式会社 Information processing apparatus, information recording medium, information processing method, and information processing program
CN107463838A (en) * 2017-08-14 2017-12-12 广州大学 Method for safety monitoring, device, system and storage medium based on SGX

Also Published As

Publication number Publication date
CN112487450A (en) 2021-03-12

Similar Documents

Publication Publication Date Title
CN112487450B (en) File server access grading method
CN111708991B (en) Service authorization method, device, computer equipment and storage medium
US8196186B2 (en) Security architecture for peer-to-peer storage system
CN111147255B (en) Data security service system, method and computer readable storage medium
JP6810334B2 (en) Profile data distribution control device, profile data distribution control method, and profile data distribution control program
CA2448853C (en) Methods and systems for authentication of a user for sub-locations of a network location
US8683196B2 (en) Token renewal
CN106559408B (en) SDN authentication method based on trust management
EP1914658B1 (en) Identity controlled data center
US20080086634A1 (en) Techniques for using AAA services for certificate validation and authorization
CN110784441A (en) Authentication method for client through network
US11757877B1 (en) Decentralized application authentication
US8977857B1 (en) System and method for granting access to protected information on a remote server
CN111444499B (en) User identity authentication method and system
KR101817152B1 (en) Method for providing trusted right information, method for issuing user credential including trusted right information, and method for obtaining user credential
CN111914293A (en) Data access authority verification method and device, computer equipment and storage medium
WO2022148182A1 (en) Key management method and related device
WO2021107755A1 (en) A system and method for digital identity data change between proof of possession to proof of identity
CN115277168A (en) Method, device and system for accessing server
CN115842680A (en) Network identity authentication management method and system
CN111614687A (en) Identity verification method, system and related device
WO2022042745A1 (en) Key management method and apparatus
CN108667800B (en) Access authority authentication method and device
CN113132116A (en) Sensitive data anonymous access method based on knowledge signature
CN110807210B (en) Information processing method, platform, system and computer storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant