CN112800413B - Authority information pushing method, device, equipment and storage medium - Google Patents
Authority information pushing method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN112800413B CN112800413B CN202110220589.6A CN202110220589A CN112800413B CN 112800413 B CN112800413 B CN 112800413B CN 202110220589 A CN202110220589 A CN 202110220589A CN 112800413 B CN112800413 B CN 112800413B
- Authority
- CN
- China
- Prior art keywords
- information
- target
- abac
- release
- authorization center
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 230000002159 abnormal effect Effects 0.000 claims abstract description 28
- 238000004590 computer program Methods 0.000 claims description 7
- 238000010586 diagram Methods 0.000 description 9
- 230000003287 optical effect Effects 0.000 description 8
- 230000006870 function Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000013475 authorization Methods 0.000 description 3
- 239000013307 optical fiber Substances 0.000 description 3
- 230000002093 peripheral effect Effects 0.000 description 3
- 238000003491 array Methods 0.000 description 2
- 239000003795 chemical substances by application Substances 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method, a device, equipment and a storage medium for pushing authority information. The method comprises the following steps: the ABAC authorization center receives the abnormal information sent by the terminal and generates target release information according to the abnormal information; the ABAC authorization center determines a target receiving interface according to the target release information; the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface so that the protected resource is changed according to the target authority information.
Description
Technical Field
The embodiment of the invention relates to the technical field of computers, in particular to a method, a device, equipment and a storage medium for pushing authority information.
Background
ABAC (Attribute Base Access Control attribute-based rights control) differs from the usual way of associating users to rights in some way, which is to make authorization decisions by dynamically computing one or a set of attributes to determine if certain conditions are met (simple logic can be written).
Attributes are generally divided into four categories: user attributes (e.g., user age, user address), environment attributes (e.g., current time), operation attributes (add, delete, change, search), object attributes (e.g., an article, also known as a resource attribute).
The mode of the ABAC authority center is mainly based on dynamic authority information actively requested by the protected resource, so that if the terminal is abnormal and not operated after service access, the protected resource cannot be timely notified after ABAC dynamic decision, and the service security risk that the risk of the terminal is increased and the authority of accessing the protected resource is unchanged exists.
Disclosure of Invention
The embodiment of the invention provides a method, a device, equipment and a storage medium for pushing authority information, so as to realize that an ABAC authority center actively notifies protected resources under the abnormal condition of a terminal.
In a first aspect, an embodiment of the present invention provides a method for pushing rights information, including:
the ABAC authorization center receives the abnormal information sent by the terminal and generates target release information according to the abnormal information;
the ABAC authorization center determines a target receiving interface according to the target release information;
and the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface so that the protected resource is changed according to the target authority information.
Further, the ABAC authority determines a target receiving interface according to the target release information, including:
the ABAC authorization center acquires the information type carried by the target release information;
and the ABAC authorization center determines a target receiving interface according to the information type.
Further, the ABAC authority determines a target receiving interface according to the target release information, including:
after the self-checking of the ABAC authorization center is finished, judging whether the information release interface is subscribed;
if the information release interface is subscribed, judging whether information release exists or not;
and if the target release information is detected, determining a target receiving interface according to the target release information.
Further, the method further comprises the following steps:
if the information publishing interface is not subscribed, the information publishing interface is subscribed.
Further, if the information publishing interface has subscribed, determining whether there is information published, further includes:
if the release information is not detected, judging whether the receiving interface is subscribed;
and if the receiving interface is not subscribed, returning to execute the judgment of whether the information publishing interface is subscribed.
In a second aspect, an embodiment of the present invention further provides a rights information pushing device, which is disposed in an ABAC authorization center, where the device includes:
the receiving module is used for receiving the abnormal information sent by the terminal and generating target release information according to the abnormal information;
the determining module is used for determining a target receiving interface according to the target release information;
and the sending module is used for sending the target authority information carried by the target release information to the protected resource through the target receiving interface so as to enable the protected resource to be changed according to the target authority information.
Further, the determining module is specifically configured to:
the ABAC authorization center acquires the information type carried by the target release information;
and the ABAC authorization center determines a target receiving interface according to the information type.
Further, the determining module is specifically configured to:
after the self-checking of the ABAC authorization center is finished, judging whether the information release interface is subscribed;
if the information release interface is subscribed, judging whether information release exists or not;
and if the target release information is detected, determining a target receiving interface according to the target release information.
In a third aspect, an embodiment of the present invention further provides a computer device, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the processor implements the rights information pushing method according to any one of the embodiments of the present invention when executing the program.
In a fourth aspect, an embodiment of the present invention further provides a computer readable storage medium, where a computer program is stored, where the program when executed by a processor implements the rights information pushing method according to any one of the embodiments of the present invention.
According to the embodiment of the invention, the ABAC authorization center receives the abnormal information sent by the terminal and generates target release information according to the abnormal information; the ABAC authorization center determines a target receiving interface according to the target release information; and the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface so that the protected resource is changed according to the target authority information, and the ABAC authorization center actively informs the protected resource under the abnormal condition of the terminal.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a method for pushing rights information according to a first embodiment of the present invention;
FIG. 1a is a flowchart of a method for pushing rights information according to a first embodiment of the present invention;
fig. 2 is a schematic structural diagram of a rights information pushing device in a second embodiment of the present invention;
fig. 3 is a schematic structural diagram of a computer device in a third embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting thereof. It should be further noted that, for convenience of description, only some, but not all of the structures related to the present invention are shown in the drawings.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures. Meanwhile, in the description of the present invention, the terms "first", "second", and the like are used only to distinguish the description, and are not to be construed as indicating or implying relative importance.
Example 1
Fig. 1 is a flowchart of a method for pushing rights information according to a first embodiment of the present invention, where the method may be implemented by a device for pushing rights information according to the first embodiment of the present invention, and the device may be implemented in software and/or hardware, as shown in fig. 1, and the method specifically includes the following steps:
s110, the ABAC authorization center receives the abnormal information sent by the terminal and generates target release information according to the abnormal information.
The abnormal information may be sent in a message form, or may be sent in other forms, which is not limited in the embodiment of the present invention.
Wherein the target release information includes: information type and target rights information.
S120, the ABAC authorization center determines a target receiving interface according to the target release information.
The determining mode of the target receiving interface can be that the information type is determined according to the target release information, and then the target receiving interface is determined according to the information type; the determining manner of the target receiving interface may be directly determining the target receiving interface according to the target release information, which is not limited in the embodiment of the present invention.
S130, the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface so that the protected resource is changed according to the target authority information.
The protected resource may be an application, an operating system, or a network device, which is not limited in this embodiment of the present invention.
The mode of changing the protected resource according to the target authority information may be: after receiving the target authority information, the protected resource acquires the original authority information, if the original authority information and the target authority information are different, the original authority information is replaced by the target authority information, if the original authority information and the target authority information are the same, the original authority information is not changed, the original authority information is not exploded, and the mode of changing the protected resource according to the target authority information can be as follows: the protected resource directly completes the modification of the rights information according to the target rights information, which is not limited in the embodiment of the present invention.
Optionally, the ABAC authority determines a target receiving interface according to the target release information, including:
the ABAC authorization center acquires the information type carried by the target release information;
and the ABAC authorization center determines a target receiving interface according to the information type.
Optionally, the ABAC authority determines a target receiving interface according to the target release information, including:
after the self-checking of the ABAC authorization center is finished, judging whether the information release interface is subscribed;
if the information release interface is subscribed, judging whether information release exists or not;
and if the target release information is detected, determining a target receiving interface according to the target release information.
Optionally, the method further comprises:
if the information publishing interface is not subscribed, the information publishing interface is subscribed.
Optionally, if the information publishing interface has subscribed, determining whether there is information published, further includes:
if the release information is not detected, judging whether the receiving interface is subscribed;
and if the receiving interface is not subscribed, returning to execute the judgment of whether the information publishing interface is subscribed.
In a specific example, the embodiment of the invention provides an interface agent mode, which is initiated by an ABAC authorization center, and corresponding resources can receive notification of subscription information through subscribing an interface agent, so that the change of authority information is obtained, and the problems that the protected resources cannot timely obtain the change of the authority information due to the abnormality of a network environment and a terminal, so that service sensitive information is leaked and service authority safety is avoided.
As shown in fig. 1a, the method comprises the steps of: the method comprises the steps of (1) checking ABAC authorization center information, (2) automatically subscribing an information publishing interface, (3) accepting subscription of a receiving interface, (4) subscribing a protected resource to the receiving interface, (5) publishing information by the ABAC authorization center, (6) verifying and matching the receiving interface, (7) pushing the authorization information, and (8) completing modification of the authorization information by the protected resource.
According to the technical scheme of the embodiment, the ABAC authorization center receives abnormal information sent by the terminal and generates target release information according to the abnormal information; the ABAC authorization center determines a target receiving interface according to the target release information; and the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface so that the protected resource is changed according to the target authority information, and the ABAC authorization center actively informs the protected resource under the abnormal condition of the terminal.
Example two
Fig. 2 is a schematic structural diagram of a rights information pushing device according to a second embodiment of the present invention. The embodiment may be applicable to the case of rights information pushing, and the device may be implemented in a software and/or hardware manner, and may be integrated in any device that provides a rights information pushing function, as shown in fig. 2, where the rights information pushing device specifically includes: a receiving module 210, a determining module 220 and a transmitting module 230.
The receiving module 210 is configured to receive the anomaly information sent by the terminal, and generate target release information according to the anomaly information;
a determining module 220, configured to determine a target receiving interface according to the target release information;
and the sending module 230 is configured to send the target authority information carried by the target release information to the protected resource through the target receiving interface, so that the protected resource is changed according to the target authority information.
Optionally, the determining module is specifically configured to:
the ABAC authorization center acquires the information type carried by the target release information;
and the ABAC authorization center determines a target receiving interface according to the information type.
Optionally, the determining module is specifically configured to:
after the self-checking of the ABAC authorization center is finished, judging whether the information release interface is subscribed;
if the information release interface is subscribed, judging whether information release exists or not;
and if the target release information is detected, determining a target receiving interface according to the target release information.
The product can execute the method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
According to the technical scheme of the embodiment, the ABAC authorization center receives abnormal information sent by the terminal and generates target release information according to the abnormal information; the ABAC authorization center determines a target receiving interface according to the target release information; and the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface so that the protected resource is changed according to the target authority information, and the ABAC authorization center actively informs the protected resource under the abnormal condition of the terminal.
Example III
Fig. 3 is a schematic structural diagram of a computer device according to a third embodiment of the present invention. FIG. 3 illustrates a block diagram of an exemplary computer device 12 suitable for use in implementing embodiments of the present invention. The computer device 12 shown in fig. 3 is merely an example and should not be construed as limiting the functionality and scope of use of embodiments of the present invention.
As shown in FIG. 3, computer device 12 is in the form of a general purpose computing device. Components of computer device 12 may include, but are not limited to: one or more processors or processing units 16, a system memory 28, a bus 18 that connects the various system components, including the system memory 28 and the processing units 16.
Bus 18 represents one or more of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, a processor, and a local bus using any of a variety of bus architectures. By way of example, and not limitation, such architectures include industry standard architecture (Industry Standard Architecture, ISA) bus, micro channel architecture (Micro Channel Architecture, MCA) bus, enhanced ISA bus, video electronics standards association (Video Electronics Standards Association, VESA) local bus, and peripheral component interconnect (Peripheral Component Interconnect, PCI) bus.
Computer device 12 typically includes a variety of computer system readable media. Such media can be any available media that is accessible by computer device 12 and includes both volatile and nonvolatile media, removable and non-removable media.
The system memory 28 may include computer system readable media in the form of volatile memory, such as random access memory (Random Access Memory, RAM) 30 and/or cache memory 32. The computer device 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from or write to non-removable, nonvolatile magnetic media (not shown in FIG. 3, commonly referred to as a "hard disk drive"). Although not shown in fig. 3, a disk drive for reading from and writing to a removable nonvolatile magnetic disk (e.g., a "floppy disk"), and an optical disk drive for reading from or writing to a removable nonvolatile optical disk (Compact Disc-Read Only Memory, CD-ROM), digital versatile disk (Digital Video Disc-Read Only Memory, DVD-ROM), or other optical media, may be provided. In such cases, each drive may be coupled to bus 18 through one or more data medium interfaces. Memory 28 may include at least one program product having a set (e.g., at least one) of program modules configured to carry out the functions of embodiments of the invention.
A program/utility 40 having a set (at least one) of program modules 42 may be stored in, for example, memory 28, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment. Program modules 42 generally perform the functions and/or methods of the embodiments described herein.
The computer device 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, etc.), one or more devices that enable a user to interact with the computer device 12, and/or any devices (e.g., network card, modem, etc.) that enable the computer device 12 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 22. In addition, in the computer device 12 of the present embodiment, the display 24 is not present as a separate body but is embedded in the mirror surface, and the display surface of the display 24 and the mirror surface are visually integrated when the display surface of the display 24 is not displayed. Moreover, the computer device 12 may also communicate with one or more networks such as a local area network (Local Area Network, LAN), a wide area network Wide Area Network, a WAN) and/or a public network such as the internet via the network adapter 20. As shown, network adapter 20 communicates with other modules of computer device 12 via bus 18. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with computer device 12, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, disk array (Redundant Arrays of Independent Disks, RAID) systems, tape drives, data backup storage systems, and the like.
The processing unit 16 executes various functional applications and data processing by running programs stored in the system memory 28, for example, implementing the authority information pushing method provided by the embodiment of the present invention:
the ABAC authorization center receives the abnormal information sent by the terminal and generates target release information according to the abnormal information;
the ABAC authorization center determines a target receiving interface according to the target release information;
and the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface so that the protected resource is changed according to the target authority information.
Example IV
A fourth embodiment of the present invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the rights information pushing method as provided in all the embodiments of the present invention:
the ABAC authorization center receives the abnormal information sent by the terminal and generates target release information according to the abnormal information;
the ABAC authorization center determines a target receiving interface according to the target release information;
and the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface so that the protected resource is changed according to the target authority information.
Any combination of one or more computer readable media may be employed. The computer readable medium may be a computer readable signal medium or a computer readable storage medium or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
In some implementations, the clients, servers may communicate using any currently known or future developed network protocol, such as HTTP (Hyper Text Transfer Protocol ), and may be interconnected with any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the internet (e.g., the internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed networks.
The computer readable medium may be contained in the electronic device; or may exist alone without being incorporated into the electronic device.
Computer program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units involved in the embodiments of the present disclosure may be implemented by means of software, or may be implemented by means of hardware. Wherein the names of the units do not constitute a limitation of the units themselves in some cases.
The functions described above herein may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: a Field Programmable Gate Array (FPGA), an Application Specific Integrated Circuit (ASIC), an Application Specific Standard Product (ASSP), a system on a chip (SOC), a Complex Programmable Logic Device (CPLD), and the like.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
Note that the above is only a preferred embodiment of the present invention and the technical principle applied. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, while the invention has been described in connection with the above embodiments, the invention is not limited to the embodiments, but may be embodied in many other equivalent forms without departing from the spirit or scope of the invention, which is set forth in the following claims.
Claims (10)
1. The authority information pushing method is characterized by comprising the following steps of:
the ABAC authorization center receives the abnormal information sent by the terminal and generates target release information according to the abnormal information;
the ABAC authorization center determines a target receiving interface according to the target release information;
and the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface, and the protected resource acquires the original authority information after receiving the target authority information, so that the protected resource changes the original authority information according to the target authority information.
2. The method of claim 1, wherein the ABAC authority determines a target receiving interface from the target release information, comprising:
the ABAC authorization center acquires the information type carried by the target release information;
and the ABAC authorization center determines a target receiving interface according to the information type.
3. The method of claim 1, wherein the ABAC authority determines a target receiving interface from the target release information, comprising:
after the self-checking of the ABAC authorization center is finished, judging whether the information release interface is subscribed;
if the information release interface is subscribed, judging whether information release exists or not;
and if the target release information is detected, determining a target receiving interface according to the target release information.
4. A method according to claim 3, further comprising:
if the information publishing interface is not subscribed, the information publishing interface is subscribed.
5. The method of claim 3, wherein if the information publishing interface has subscribed, determining whether there is information published, further comprising:
if the release information is not detected, judging whether the receiving interface is subscribed;
and if the receiving interface is not subscribed, returning to execute the judgment of whether the information publishing interface is subscribed.
6. The utility model provides a permission information pusher, its characterized in that sets up in ABAC authorization center, permission information pusher includes:
the receiving module is used for receiving the abnormal information sent by the terminal and generating target release information according to the abnormal information;
the determining module is used for determining a target receiving interface according to the target release information;
and the sending module is used for sending the target authority information carried by the target release information to the protected resource through the target receiving interface, and the protected resource acquires the original authority information after receiving the target authority information so that the protected resource changes the original authority information according to the target authority information.
7. The apparatus of claim 6, wherein the determining module is specifically configured to:
the ABAC authorization center acquires the information type carried by the target release information;
and the ABAC authorization center determines a target receiving interface according to the information type.
8. The apparatus of claim 6, wherein the determining module is specifically configured to:
after the self-checking of the ABAC authorization center is finished, judging whether the information release interface is subscribed;
if the information release interface is subscribed, judging whether information release exists or not;
and if the target release information is detected, determining a target receiving interface according to the target release information.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any of claims 1-5 when the program is executed by the processor.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method according to any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110220589.6A CN112800413B (en) | 2021-02-26 | 2021-02-26 | Authority information pushing method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110220589.6A CN112800413B (en) | 2021-02-26 | 2021-02-26 | Authority information pushing method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112800413A CN112800413A (en) | 2021-05-14 |
| CN112800413B true CN112800413B (en) | 2024-03-15 |
Family
ID=75816060
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110220589.6A Active CN112800413B (en) | 2021-02-26 | 2021-02-26 | Authority information pushing method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112800413B (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106170772A (en) * | 2014-10-21 | 2016-11-30 | 铁网网络安全股份有限公司 | Network safety system |
| CN106789996A (en) * | 2016-12-12 | 2017-05-31 | 墨宝股份有限公司 | A kind of smart power grid user access mandate control method |
| CN108537011A (en) * | 2018-03-16 | 2018-09-14 | 维沃移动通信有限公司 | A kind of application permission processing method, terminal and server |
| CN108829781A (en) * | 2018-05-31 | 2018-11-16 | 中国平安人寿保险股份有限公司 | Client information inquiry method, device, computer equipment and storage medium |
| KR102024142B1 (en) * | 2018-06-21 | 2019-09-23 | 주식회사 넷앤드 | A access control system for detecting and controlling abnormal users by users’ pattern of server access |
| CN110647418A (en) * | 2019-09-12 | 2020-01-03 | 努比亚技术有限公司 | Exception handling method, server and mobile terminal |
| CN111064718A (en) * | 2019-12-09 | 2020-04-24 | 国网河北省电力有限公司信息通信分公司 | Dynamic authorization method and system based on user context and policy |
| CN111079104A (en) * | 2019-11-21 | 2020-04-28 | 腾讯科技(深圳)有限公司 | Authority control method, device, equipment and storage medium |
| CN111798580A (en) * | 2019-04-08 | 2020-10-20 | 珠海格力电器股份有限公司 | Authority configuration method, device, system, server, terminal and storage medium |
| CN111832879A (en) * | 2020-04-15 | 2020-10-27 | 中国人民解放军军事科学院战争研究院 | Information resource sharing and authorization method of open enterprise-level information system |
| CN111935131A (en) * | 2020-08-06 | 2020-11-13 | 中国工程物理研究院计算机应用研究所 | SaaS resource access control method based on resource authority tree |
| CN111967046A (en) * | 2020-08-17 | 2020-11-20 | 中国人民解放军战略支援部队信息工程大学 | Self-adaptive access control method for big data resources |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9264451B2 (en) * | 2013-09-17 | 2016-02-16 | International Business Machines Corporation | Generation of attribute based access control policy from existing authorization system |
| US11206262B2 (en) * | 2019-06-12 | 2021-12-21 | International Business Machines Corporation | Policy-based triggering of revision of access control information |
-
2021
- 2021-02-26 CN CN202110220589.6A patent/CN112800413B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106170772A (en) * | 2014-10-21 | 2016-11-30 | 铁网网络安全股份有限公司 | Network safety system |
| CN106789996A (en) * | 2016-12-12 | 2017-05-31 | 墨宝股份有限公司 | A kind of smart power grid user access mandate control method |
| CN108537011A (en) * | 2018-03-16 | 2018-09-14 | 维沃移动通信有限公司 | A kind of application permission processing method, terminal and server |
| CN108829781A (en) * | 2018-05-31 | 2018-11-16 | 中国平安人寿保险股份有限公司 | Client information inquiry method, device, computer equipment and storage medium |
| KR102024142B1 (en) * | 2018-06-21 | 2019-09-23 | 주식회사 넷앤드 | A access control system for detecting and controlling abnormal users by users’ pattern of server access |
| CN111798580A (en) * | 2019-04-08 | 2020-10-20 | 珠海格力电器股份有限公司 | Authority configuration method, device, system, server, terminal and storage medium |
| CN110647418A (en) * | 2019-09-12 | 2020-01-03 | 努比亚技术有限公司 | Exception handling method, server and mobile terminal |
| CN111079104A (en) * | 2019-11-21 | 2020-04-28 | 腾讯科技(深圳)有限公司 | Authority control method, device, equipment and storage medium |
| CN111064718A (en) * | 2019-12-09 | 2020-04-24 | 国网河北省电力有限公司信息通信分公司 | Dynamic authorization method and system based on user context and policy |
| CN111832879A (en) * | 2020-04-15 | 2020-10-27 | 中国人民解放军军事科学院战争研究院 | Information resource sharing and authorization method of open enterprise-level information system |
| CN111935131A (en) * | 2020-08-06 | 2020-11-13 | 中国工程物理研究院计算机应用研究所 | SaaS resource access control method based on resource authority tree |
| CN111967046A (en) * | 2020-08-17 | 2020-11-20 | 中国人民解放军战略支援部队信息工程大学 | Self-adaptive access control method for big data resources |
Non-Patent Citations (5)
| Title |
|---|
| 危机事件下基于本体的自适应访问控制模型研究;杨阳;《中国优秀硕士学位论文全文数据库》;信息科技辑 I140-850 * |
| 基于代理重加密的物联网云节点授权可信更新机制;苏铓等;《计算机研究与发展》;第55卷(第07期);第1479-1487页 * |
| 基于安全接入的移动IT应急处置系统设计与实现;杨壮观;《中国优秀硕士学位论文全文数据库》;工程科技Ⅱ辑 C042-2812 * |
| 基于用户属性的终端安全防护系统研究与实现;张毅等;《科学技术与工程》;第9卷(第18期);第5570-5575页 * |
| 多传感器图像融合算法研究;吴良华;《中国优秀硕士学位论文全文数据库》;信息科技辑 I138-755 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112800413A (en) | 2021-05-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10313352B2 (en) | Phishing detection with machine learning | |
| CN105917627B (en) | Method and system for customizing execution environment by cloud service | |
| US20090100289A1 (en) | Method and System for Handling Failover in a Distributed Environment that Uses Session Affinity | |
| US10693972B2 (en) | Secure cross-domain session storage | |
| US11113126B2 (en) | Verifying transfer of detected sensitive data | |
| US11188667B2 (en) | Monitoring and preventing unauthorized data access | |
| US20130067100A1 (en) | Multi-desktop interaction using nested remote desktop sessions | |
| US8341733B2 (en) | Creating secured file views in a software partition | |
| EP3714388B1 (en) | Authentication token in manifest files of recurring processes | |
| US10116668B2 (en) | System and method for enhanced display-screen security and privacy | |
| WO2024001038A1 (en) | Method for detecting private data leak | |
| US20210092112A1 (en) | Multi-factor authentication via multiple devices | |
| CN111586177B (en) | Cluster session loss prevention method and system | |
| US10528708B2 (en) | Prevention of unauthorized resource updates | |
| US11741588B2 (en) | Systems and methods for visual anomaly detection in a multi-display system | |
| CN112800413B (en) | Authority information pushing method, device, equipment and storage medium | |
| US9830436B1 (en) | Managing authenticated user access to public content | |
| US20120303775A1 (en) | Status determination in computer network-based communications system | |
| CN111460020B (en) | Method, device, electronic equipment and medium for resolving message | |
| CN112364268A (en) | Resource acquisition method and device, electronic equipment and storage medium | |
| CN114996169B (en) | Device diagnosis method, device, electronic device, and storage medium | |
| US20240187431A1 (en) | System and method for monitoring user actions with respect to a resource presented by a web browser | |
| US10812647B1 (en) | Sharing emergency information | |
| CN117093702A (en) | Method and device for generating data service package, storage medium and electronic equipment | |
| CN117744043A (en) | Code obfuscation method, apparatus, device, storage medium, and program product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |