CN113114635A - Authority management method and system - Google Patents
Authority management method and system Download PDFInfo
- Publication number
- CN113114635A CN113114635A CN202110323213.8A CN202110323213A CN113114635A CN 113114635 A CN113114635 A CN 113114635A CN 202110323213 A CN202110323213 A CN 202110323213A CN 113114635 A CN113114635 A CN 113114635A
- Authority
- CN
- China
- Prior art keywords
- authority
- authentication
- management node
- node
- access request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention relates to a method and a system for managing authority, which are used for managing the authority of a user accessing a target service system, and the system comprises the following steps: the system comprises an agent node, a first authority management node and a second authority management node; the proxy node is arranged in the target business system; the first authority management node is arranged outside the target service system. Therefore, the decoupling of the authority management and the service system can be realized, compared with the prior art that a part of authority management logic is integrated in the service system, when the authority management logic is modified, the service system does not need to be synchronously upgraded, and the stability of the service system is improved.
Description
Technical Field
The embodiment of the invention relates to the technical field of data processing, in particular to a method and a system for managing authority.
Background
Rights management generally refers to that a user can access and only can access the authorized system resources according to the security rules or security policies set by the system.
The current authority management system is divided into two parts, wherein one part is integrated in a service system in a component or plug-in mode, authority authentication is carried out on the access request of a user based on rules, and after the authentication is passed, the authority authentication is carried out on the access request of the user by the other part so as to authenticate whether the user has the right to access system resources.
Therefore, the current authority management system is highly coupled with the service system, and when the authority management system needs to be upgraded, the service system also needs to be upgraded synchronously, which is not beneficial to the stability of the service system.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method and a system for rights management to solve a series of technical problems caused by the high coupling between the rights management system and the service component.
In a first aspect, an embodiment of the present invention provides an authority management system, configured to perform authority management on a user accessing a target service system, where the authority management system includes: the system comprises an agent node, a first authority management node and a second authority management node; the proxy node is arranged in the target business system; the first authority management node is arranged outside the target service system and deployed with the target service system in the same way;
the proxy node intercepts an access request of a user to the target service system and sends the access request to the first authority management node;
the first authority management node authenticates the access request based on a preset preposed authority authentication rule; when a first authentication result for indicating that the authentication is not passed is obtained, the first authentication result is sent to the proxy node, so that the proxy node responds to the first authentication result and rejects the access request; when a second authentication result used for representing authentication passing is obtained, the access request is sent to the second authority management node;
and the second authority management node authenticates the access request based on a preset post-authority authentication rule and sends a third authentication result to the proxy node, so that the proxy node releases the access request when determining that the third authentication result represents that the authentication is passed, or rejects the access request when determining that the third authentication result represents that the authentication is not passed.
In a possible embodiment, the second rights management node sends the pre-authorization rule to the first rights management node.
In a possible implementation manner, the proxy node acquires interface information of each interface in the target service system, and sends the interface information to the second right management node;
and the second authority management node generates the preposed authority authentication rule according to the interface information.
In a possible implementation manner, the second right management node outputs a preset right authentication rule configuration page, where the right authentication rule configuration page at least includes interface information of each interface in the target service system;
and receiving the preposed authority authentication rule set by the user through the authority authentication rule configuration page, wherein the preposed authority authentication rule is used for carrying out authority management on the access of each interface in the target service system.
In one possible embodiment, the first rights management node is co-deployed with the target business system.
In a second aspect, an embodiment of the present invention provides a rights management method, which is applied to the rights management system in any of the first aspects, where the method includes:
the proxy node intercepts an access request of a user to the target service system and sends the access request to the first authority management node;
the first authority management node authenticates the access request based on a preset preposed authority authentication rule; when a first authentication result for indicating that the authentication is not passed is obtained, the first authentication result is sent to the proxy node, so that the proxy node responds to the first authentication result and rejects the access request; when a second authentication result used for representing authentication passing is obtained, the access request is sent to the second authority management node;
and the second authority management node authenticates the access request based on a preset post-authority authentication rule and sends a third authentication result to the proxy node, so that the proxy node releases the access request when determining that the third authentication result represents that the authentication is passed, or rejects the access request when determining that the third authentication result represents that the authentication is not passed.
In one possible embodiment, the method further comprises:
the second authority management node sends the preposed authority authentication rule to the first authority management node;
and after receiving the pre-permission authentication rule sent by the second permission management node, the first permission management node updates the local existing pre-permission authentication rule by using the received pre-permission authentication rule.
In one possible embodiment, the pre-authorization authentication rule includes at least one or more of the following items:
the authority authentication rule based on the access time, the authority authentication rule based on the access interface and the authority authentication rule based on the IP address.
In one possible embodiment, when the pre-authorization rule comprises an authorization rule based on an access interface, the method further comprises:
the proxy node acquires interface information of each interface in the target service system and sends the interface information to the second authority management node;
and the second authority management node generates the preposed authority authentication rule according to the interface information.
In a possible implementation manner, the generating, by the second rights management node, the pre-authorization authentication rule according to the interface information includes:
the second authority management node outputs a preset authority authentication rule configuration page, wherein the authority authentication rule configuration page at least comprises interface information of each interface in the target service system;
and receiving the preposed authority authentication rule set by the user through the authority authentication rule configuration page, wherein the preposed authority authentication rule is used for carrying out authority management on the access of each interface in the target service system.
In the authority management method provided by the embodiment of the invention, the proxy node arranged in the service system intercepts the access request to the service system, and the first authority management node and the second authority management node arranged outside the service system perform authority management, so that the authority management is decoupled from the service system.
Meanwhile, the first authority management node and the service system are deployed in the same machine, so that the calling address of the first authority management node is fixed for the proxy node, and therefore when the address of the second authority management node is changed, the change can be shielded for the service system, and the stability of the service system is further improved.
Drawings
Fig. 1 is a schematic diagram of an architecture of a rights management system according to an embodiment of the present invention;
fig. 2 is a flowchart of an embodiment of a rights management method according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
For the convenience of understanding the embodiments of the present invention, the following first explains the rights management system provided in the present invention with reference to the drawings, and the embodiments do not limit the embodiments of the present invention.
Referring to fig. 1, a schematic diagram of an architecture of a rights management system according to an embodiment of the present invention is provided. As shown in fig. 1, includes: a service system 11 and a right management system 12. The right management system 12 is configured to perform right management on the user accessing the service system 11, and includes: a proxy node 121, a first rights management node 122, and a second rights management node 123.
As shown in fig. 1, the proxy node 121 is provided inside the service system 11. Optionally, in an application, the proxy node 121 may be provided inside the service system 11 in a plug-in or component form.
The first right management node 122 is disposed outside the service system 11 and is deployed in the same machine as the service system 11.
As shown in fig. 1, the first rights management node 122 is communicatively connected to the proxy node 121 and the second rights management node 123.
Based on the rights management system illustrated in fig. 1, the rights management method provided by the present invention is further explained in the following with specific embodiments in combination with the accompanying drawings, and the embodiments do not limit the embodiments of the present invention.
Referring to fig. 2, a flowchart of an embodiment of a rights management method provided in an embodiment of the present invention is applicable to the rights management system 12 illustrated in fig. 1, and the method includes the following steps:
The target business system refers to a business system to which the right management system performs the right management on the access, such as the business system 11 illustrated in fig. 1.
As can be seen from the description in step 201, when the target service system receives an access request of a user, the proxy node first intercepts the access request, and the proxy node only intercepts the access request and does not perform permission authentication on the access request, but sends the access request to the first permission management node, so that the first permission management node performs permission authentication on the access request. Therefore, the decoupling of the authority authentication and the service system is realized, compared with the prior art that the authority authentication logic is integrated in the service system, when the authority authentication logic is modified, the service system does not need to be synchronously upgraded, and the stability of the service system is improved.
202, the first authority management node authenticates the access request based on a preset preposed authority authentication rule; when a first authentication result indicating that the authentication is not passed is obtained, executing step 203; when a second authentication result indicating that the authentication is passed is obtained, step 204 is performed.
As an embodiment, a static pre-authorization rule may be set in the first authorization management node.
As an embodiment, a pre-authorization authentication rule may be set in the first authorization management node in a dynamic manner, where as an optional implementation manner, the pre-authorization authentication rule may be sent to the first authorization management node by the second authorization management node. After the first authority management node receives the pre-authority authentication rule sent by the second authority management node, the received pre-authority authentication rule is used for updating the locally existing pre-authority authentication rule, wherein the updating comprises adding or replacing, and the specific updating mode can be selected according to actual requirements. Therefore, the hot update of the preposed authority authentication rule in the first authority management node is realized, namely, the first authority management node does not need to be restarted when the preposed authority authentication rule in the first authority management node is updated.
Optionally, the pre-authorization authentication rule at least includes one or more of the following items: the authority authentication rule based on the access time, the authority authentication rule based on the access interface and the authority authentication rule based on the IP address. The usage of each pre-authorization rule is described in the following, and will not be described in detail here.
Step 203, the first right management node sends the first authentication result to the proxy node, so that the proxy node responds to the first authentication result and refuses the access request.
And step 204, the first authority management node sends the access request to the second authority management node.
And step 205, the second authority management node authenticates the access request based on a preset post-authority authentication rule, and sends a third authentication result to the proxy node.
It can be understood that the post-authorization authentication rule in this step 205 is different from the pre-authorization authentication rule, that is, the first authorization management node and the second authorization management node perform authorization management on the access request of the user to the target service system from different dimensions. For example, the pre-authorization authentication rule authenticates the validity of the user identity, and the post-authorization authentication rule authenticates the access authorization of the resource in the service system.
Specifically, authenticating the access request based on the preset post-authorization authentication rule may include: the method comprises the steps of obtaining a user role, further obtaining an authority list corresponding to the user role, and then judging whether a resource corresponding to an access request, namely a resource identifier of a resource to be accessed exists in the authority list, if so, indicating that the authentication is passed, namely obtaining an authentication result (for convenience of description, hereinafter referred to as a third authentication result) for indicating that the authentication is passed, and if not, indicating that the authentication is not passed, namely obtaining the third authentication result for indicating that the authentication is not passed.
And step 206, the proxy node passes the access request when determining that the third authentication result represents that the authentication is passed, or rejects the access request when determining that the third authentication result represents that the authentication is not passed.
The following provides a unified description of the execution of steps 202 to 206:
as can be seen from the above description, the first right management node authenticates the access request based on the preset pre-authorization authentication rule, and when an authentication result (referred to as a first authentication result for convenience of description) indicating that the authentication is not passed is obtained, the first authentication result is sent to the proxy node, so that the proxy node rejects the access request in response to the first authentication result. In the process, when the access request of the user to the target service system does not pass the authority authentication of the first authority management node, the first authority management node does not send the access request to the second authority management node any more, so that the communication process between the first authority management node and the second authority management node can be reduced, namely, the network communication in the authority management process is reduced, and the communication resource is saved.
Upon obtaining an authentication result (referred to as a second authentication result for convenience of description) indicating that the authentication is passed, the first rights management node transmits the access request to the second rights management node. Further, the second right management node authenticates the access request based on a preset post-right authentication rule, and sends an authentication result (referred to as a third authentication result for convenience of description) to the proxy node. Finally, when the proxy node determines that the third authentication result indicates that the authentication is passed, the proxy node allows the user to access the target service system; the access request is denied upon determining that the third authentication result indicates that the authentication did not pass.
For example, in an exemplary scenario, assuming that some components of the target business system need to be maintained at 0 to 6 points per day, during the maintenance process, the user's access request to the target business system needs to be denied, and for this reason, an access time-based authorization rule may be set in the first authorization management node to indicate that the access request received within the time period of 0 to 6 points is denied. According to the above description, when the target service system receives the access request, the proxy node intercepts the access request and sends the access request to the first right management node. The first authority management node receives the access request, acquires the current time, judges whether the current time meets the preposed authority authentication rule, if so, obtains a first authentication result for indicating that the authentication fails, and then sends the first authentication result to the proxy node so that the proxy node responds to the first authentication result to reject the access request.
For another example, in another exemplary scenario, assuming that the target service system needs to perform permission control on the access environment of the requester, for this purpose, a permission authentication rule based on an IP address may be set in the first permission management node to distinguish the environments such as an office network, a cloud desktop, a bastion machine, and the like, as follows:
{ "office net": "10.0.," allow access ";
'fort machine': "10.4.," allow access ";
"cloud desktop": "10.16.," deny access "}
To { "office network": "10.0.," allow access "} is an example, which means that if the IP address of the requester belongs to the segment 10.0.," the requester belongs to the office network environment, and the authority of the office network environment is to allow access.
Based on this, when the first right management node receives the access request, the source IP address of the access request is obtained (it can be understood that the source IP address is the IP address of the requester), and then the source IP address is matched with the pre-authorization rule, so as to determine the environment to which the source IP address belongs and the right corresponding to the environment, if the right is to allow access, a second authentication result for indicating that the authentication is passed can be obtained, and if the right is to deny access, a first authentication result for indicating that the authentication is not passed can be obtained.
Further, according to the above description, when the first right management node obtains the second authentication result, the access request is sent to the second right management node, the second right management node obtains the user role according to the access request, further obtains the right list corresponding to the user role, if the resource identifier of the resource corresponding to the access request exists in the right list, a third authentication result for indicating that the authentication is passed can be obtained, and if the resource identifier of the resource corresponding to the access request does not exist in the right list, a third authentication result for indicating that the authentication is not passed can be obtained.
Still further, according to the above description, the second rights management node sends the third authentication result to the proxy node, and then the proxy node passes the access request when determining that the third authentication result indicates that the authentication is passed, and rejects the access request when determining that the third authentication result indicates that the authentication is not passed.
For another example, in another exemplary scenario, assuming that some interfaces of the target business system need to limit access, for this reason, an access interface-based authority authentication rule may be set in the first authority management node for performing authority management on access to each interface in the target business system, such as allowing the user a to access the interfaces 1-5, and not allowing the user a to access the interfaces 6-10. Based on this, when the first authority management node receives the access request, the target interface corresponding to the access request, that is, the interface to be accessed and the user identifier are obtained, and then the user identifier and the target interface are matched with the pre-authority authentication rule to determine the authentication result. For example, if the user identifier is user a and the target interface is interface 3, a first authentication result indicating that the authentication is passed may be obtained; for another example, if the user is identified as user a and the target interface is interface 7, a second authentication result indicating that the authentication is not passed may be obtained.
Further, in this example, the second rights management node may generate the aforementioned pre-authorization rule by: the proxy node acquires interface information of each interface in the target service system, sends the interface information to a second authority management node, the second authority management node outputs a preset authority authentication rule configuration page, the authority authentication rule configuration page at least comprises the interface information of each interface in the target service system, and receives a preposed authority authentication rule set by a user through the authority authentication rule configuration page.
In the above manner, since the proxy node is disposed inside the target service system, the proxy node can acquire interface information of each interface in the target service system. Because the permission authentication rule configuration page at least comprises interface information of each interface in the target service system, a user can know the interface information of each interface in the target service system through the permission authentication rule configuration interface, and further sets a preposed permission authentication rule for carrying out permission management on access of each interface in the target service system according to the interface information.
In the authority management method provided by the embodiment of the invention, the proxy node arranged in the service system intercepts the access request to the service system, and the first authority management node and the second authority management node arranged outside the service system perform authority management, so that the authority management is decoupled from the service system.
Meanwhile, the first authority management node and the service system are deployed in the same machine, so that the calling address of the first authority management node is fixed for the proxy node, and therefore when the address of the second authority management node is changed, the change can be shielded for the service system, and the stability of the service system is further improved.
Corresponding to the foregoing embodiments of the rights management method, the rights management system provided in the embodiments of the present invention is described below with reference to the rights management system illustrated in fig. 1:
the proxy node intercepts an access request of a user to the target service system and sends the access request to the first authority management node;
the first authority management node authenticates the access request based on a preset preposed authority authentication rule; when a first authentication result for indicating that the authentication is not passed is obtained, the first authentication result is sent to the proxy node, so that the proxy node responds to the first authentication result and rejects the access request; when a second authentication result used for representing authentication passing is obtained, the access request is sent to the second authority management node;
and the second authority management node authenticates the access request based on a preset post-authority authentication rule and sends a third authentication result to the proxy node, so that the proxy node releases the access request when determining that the third authentication result represents that the authentication is passed, or rejects the access request when determining that the third authentication result represents that the authentication is not passed.
Optionally, the second right management node sends the pre-authorization authentication rule to the first right management node; and after receiving the pre-permission authentication rule sent by the second permission management node, the first permission management node updates the local existing pre-permission authentication rule by using the received pre-permission authentication rule.
Optionally, the pre-authorization authentication rule at least includes one or more of the following items:
the authority authentication rule based on the access time, the authority authentication rule based on the access interface and the authority authentication rule based on the IP address.
Optionally, when the pre-authorization authentication rule includes an authorization authentication rule based on an access interface, the proxy node acquires interface information of each interface in the target service system, and sends the interface information to the second authorization management node;
and the second authority management node generates the preposed authority authentication rule according to the interface information.
Optionally, the second right management node outputs a preset right authentication rule configuration page, where the right authentication rule configuration page at least includes interface information of each interface in the target service system; and receiving the preposed authority authentication rule set by the user through the authority authentication rule configuration page, wherein the preposed authority authentication rule is used for carrying out authority management on the access of each interface in the target service system.
Those of skill would further appreciate that the various illustrative components and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied in hardware, a software module executed by a processor, or a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (10)
1. A rights management system for rights management of a user to access a target business system, comprising: the system comprises an agent node, a first authority management node and a second authority management node; the proxy node is arranged in the target business system; the first authority management node is arranged outside the target service system;
the proxy node intercepts an access request of a user to the target service system and sends the access request to the first authority management node;
the first authority management node authenticates the access request based on a preset preposed authority authentication rule; when a first authentication result for indicating that the authentication is not passed is obtained, the first authentication result is sent to the proxy node, so that the proxy node responds to the first authentication result and rejects the access request; when a second authentication result used for representing authentication passing is obtained, the access request is sent to the second authority management node;
and the second authority management node authenticates the access request based on a preset post-authority authentication rule and sends a third authentication result to the proxy node, so that the proxy node releases the access request when determining that the third authentication result represents that the authentication is passed, or rejects the access request when determining that the third authentication result represents that the authentication is not passed.
2. The system of claim 1,
and the second authority management node sends the preposed authority authentication rule to the first authority management node.
3. The system of claim 2,
the proxy node acquires interface information of each interface in the target service system and sends the interface information to the second authority management node;
and the second authority management node generates the preposed authority authentication rule according to the interface information.
4. The system of claim 3,
the second authority management node outputs a preset authority authentication rule configuration page, wherein the authority authentication rule configuration page at least comprises interface information of each interface in the target service system;
and receiving the preposed authority authentication rule set by the user through the authority authentication rule configuration page, wherein the preposed authority authentication rule is used for carrying out authority management on the access of each interface in the target service system.
5. The system of claim 1, wherein the first rights management node is co-deployed with the target business system.
6. A rights management method applied to the rights management system of any one of claims 1 to 5, the method comprising:
the proxy node intercepts an access request of a user to the target service system and sends the access request to the first authority management node;
the first authority management node authenticates the access request based on a preset preposed authority authentication rule; when a first authentication result for indicating that the authentication is not passed is obtained, the first authentication result is sent to the proxy node, so that the proxy node responds to the first authentication result and rejects the access request; when a second authentication result used for representing authentication passing is obtained, the access request is sent to the second authority management node;
and the second authority management node authenticates the access request based on a preset post-authority authentication rule and sends a third authentication result to the proxy node, so that the proxy node releases the access request when determining that the third authentication result represents that the authentication is passed, or rejects the access request when determining that the third authentication result represents that the authentication is not passed.
7. The method of claim 6, further comprising:
the second authority management node sends the preposed authority authentication rule to the first authority management node;
and after receiving the pre-permission authentication rule sent by the second permission management node, the first permission management node updates the local existing pre-permission authentication rule by using the received pre-permission authentication rule.
8. The method of claim 7, wherein the pre-authorization rule comprises at least one or more of the following:
the authority authentication rule based on the access time, the authority authentication rule based on the access interface and the authority authentication rule based on the IP address.
9. The method of claim 8, wherein when the pre-authorization rule comprises an authorization rule based on an access interface, the method further comprises:
the proxy node acquires interface information of each interface in the target service system and sends the interface information to the second authority management node;
and the second authority management node generates the preposed authority authentication rule according to the interface information.
10. The method of claim 9, wherein the second rights management node generates the pre-authorization rule according to the interface information, and wherein the generating comprises:
the second authority management node outputs a preset authority authentication rule configuration page, wherein the authority authentication rule configuration page at least comprises interface information of each interface in the target service system;
and receiving the preposed authority authentication rule set by the user through the authority authentication rule configuration page, wherein the preposed authority authentication rule is used for carrying out authority management on the access of each interface in the target service system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110323213.8A CN113114635A (en) | 2021-03-25 | 2021-03-25 | Authority management method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110323213.8A CN113114635A (en) | 2021-03-25 | 2021-03-25 | Authority management method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113114635A true CN113114635A (en) | 2021-07-13 |
Family
ID=76712537
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110323213.8A Pending CN113114635A (en) | 2021-03-25 | 2021-03-25 | Authority management method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113114635A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023216084A1 (en) * | 2022-05-09 | 2023-11-16 | 北京小米移动软件有限公司 | Authentication method and device, medium and chip |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105912949A (en) * | 2016-04-13 | 2016-08-31 | 北京京东尚科信息技术有限公司 | Data permission management method, data permission management system and service management system |
| US20160342803A1 (en) * | 2015-05-19 | 2016-11-24 | Avecto Limited | Computer device and method for controlling access to a resource via a security system |
| CN111737723A (en) * | 2020-08-25 | 2020-10-02 | 杭州海康威视数字技术股份有限公司 | Service processing method, device and equipment |
| CN112311788A (en) * | 2020-10-28 | 2021-02-02 | 北京锐安科技有限公司 | Access control method, device, server and medium |
-
2021
- 2021-03-25 CN CN202110323213.8A patent/CN113114635A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160342803A1 (en) * | 2015-05-19 | 2016-11-24 | Avecto Limited | Computer device and method for controlling access to a resource via a security system |
| CN105912949A (en) * | 2016-04-13 | 2016-08-31 | 北京京东尚科信息技术有限公司 | Data permission management method, data permission management system and service management system |
| CN111737723A (en) * | 2020-08-25 | 2020-10-02 | 杭州海康威视数字技术股份有限公司 | Service processing method, device and equipment |
| CN112311788A (en) * | 2020-10-28 | 2021-02-02 | 北京锐安科技有限公司 | Access control method, device, server and medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023216084A1 (en) * | 2022-05-09 | 2023-11-16 | 北京小米移动软件有限公司 | Authentication method and device, medium and chip |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10055561B2 (en) | Identity risk score generation and implementation | |
| CA2439446C (en) | Method and system for server support for pluggable authorization systems | |
| EP3120290B1 (en) | Techniques to provide network security through just-in-time provisioned accounts | |
| US10749679B2 (en) | Authentication and authorization using tokens with action identification | |
| JP6675163B2 (en) | Authority transfer system, control method of authorization server, authorization server and program | |
| US20120079569A1 (en) | Federated mobile authentication using a network operator infrastructure | |
| CN108289098B (en) | Authority management method and device of distributed file system, server and medium | |
| CN112597472A (en) | Single sign-on method, device and storage medium | |
| CN110049048B (en) | Data access method, equipment and readable medium for government affair public service | |
| JP2017004301A (en) | Authentication server system, method, program, and storage medium | |
| GB2454792A (en) | Controlling user access to multiple domains on a terminal using a removable storage means | |
| CN111526111B (en) | Control method, device and equipment for logging in light application and computer storage medium | |
| EP4158518A1 (en) | Secure resource authorization for external identities using remote principal objects | |
| CN110086813A (en) | Access right control method and device | |
| US11102204B1 (en) | Agreement and enforcement of rules for a shared resource | |
| KR20160018554A (en) | Roaming internet-accessible application state across trusted and untrusted platforms | |
| US11489844B2 (en) | On-the-fly creation of transient least privileged roles for serverless functions | |
| US11947657B2 (en) | Persistent source values for assumed alternative identities | |
| CN114417278A (en) | Interface unified management system and platform interface management system | |
| CN114417303A (en) | Login authentication management method, device, processor and machine-readable storage medium | |
| CN113114635A (en) | Authority management method and system | |
| CN115795493A (en) | Access control policy deployment method, related device and access control system | |
| KR20220121320A (en) | System for authenticating user and device totally and method thereof | |
| CN112417403A (en) | Automatic system authentication and authorization processing method based on GitLab API | |
| CN114024755B (en) | Service access control method, device, equipment and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210713 |
|
| RJ01 | Rejection of invention patent application after publication |