CN113542214B - Access control method, device, equipment and machine-readable storage medium - Google Patents
Access control method, device, equipment and machine-readable storage medium Download PDFInfo
- Publication number
- CN113542214B CN113542214B CN202110597975.7A CN202110597975A CN113542214B CN 113542214 B CN113542214 B CN 113542214B CN 202110597975 A CN202110597975 A CN 202110597975A CN 113542214 B CN113542214 B CN 113542214B
- Authority
- CN
- China
- Prior art keywords
- user
- access request
- information
- authenticating
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
Abstract
The present disclosure provides an access control method, apparatus, device, and machine-readable storage medium, the method comprising: receiving an access request of a user sent by a client, and authenticating the legality of the user; acquiring legal role information and post information of a user, judging whether the user has the function authority associated with the access request according to the role information of the user, and judging whether the user has the authority of the data category associated with the access request according to the post information of the user; and forwarding the access request with the corresponding authority of the associated user to the cloud platform, and forwarding information returned by the cloud platform according to the access request to the client. According to the technical scheme, the access rights of the corresponding users are defined according to the role information corresponding to the different functional rights and the post information of the different data categories, so that the user rights are flexibly configured, the legality and the rights of the user access requests are centrally verified and forwarded, and the security of the cloud platform is improved.
Description
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to an access control method, apparatus, device, and machine-readable storage medium.
Background
The cloud platform is supported by powerful parallel computing and distributed storage capacity, and provides various applications and services for users. The cloud platform is oriented to multiple types of users, and the access control system of the platform is used for providing authority control and resource access limitation for users of different types, so that the users can use the platform more safely. The access control comprises three elements, namely a subject, an object and a control strategy, wherein the subject refers to a specific request for accessing resources, and is an initiator of a certain operation action, such as a user; an object is an entity of an accessed resource, such as a data resource; the control policy is a set of relevant access rules for the subject to the object.
The main purpose of access control is to limit the access of an access subject to an object, and ensure that data resources are effectively used and managed within a legal range. The general access control model has a decision function and an execution function, performs decision according to an access control policy rule, context information, information of a subject and an object, and performs operations such as release, blocking, and the like on access according to a decision result.
Autonomous access is employed in an access control policy. Autonomous access control is to restrict access to an object based on the identity of the subject and to determine whether the request meets a control policy that allows transfer of access rights but where the transferred rights are poorly managed, with an uncertain security risk. Each node in the autonomous access control system can autonomously control access to its own data by others, and each resource data object corresponds to an access control list ACL, which includes a list of users and groups that are allowed to access, and the access level of each user or group. However, the security loopholes are easy to be caused by the method, the maintainability and the expansion performance of the access control list are poor, and the flexibility of authority grant and recovery is poor.
Disclosure of Invention
In view of the above, the present disclosure provides an access control method, an access control device, an electronic device, and a machine-readable storage medium, so as to solve at least one of the above-mentioned problems of security deficiency and flexibility deficiency.
The technical scheme is as follows:
the present disclosure provides an access control method applied to a security device, the method comprising: receiving an access request of a user sent by a client, and authenticating the legality of the user; acquiring legal role information and post information of a user, judging whether the user has the function authority associated with the access request according to the role information of the user, and judging whether the user has the authority of the data category associated with the access request according to the post information of the user; and forwarding the access request with the corresponding authority of the associated user to the cloud platform, and forwarding information returned by the cloud platform according to the access request to the client.
As a technical solution, the receiving the access request of the user sent by the client, and authenticating the validity of the user, includes: and generating a trust value associated with the user according to the recorded action record of the user, wherein the user with the authentication trust value being greater than or equal to a first threshold value is a legal user, and the first threshold value is associated with role information and post information of the user.
As a technical scheme, the method comprises the following steps: the user with the authentication trust value being greater than or equal to the first threshold value and smaller than the second threshold value is a secondary approval user, the secondary approval user is subjected to secondary approval according to a preset strategy, and the secondary approval user passing the authentication secondary approval is a legal user.
As a technical solution, the receiving the access request of the user sent by the client includes: receiving an access request of a logged-in user, and authenticating the legality of the user; the logged-in user is a user allowed to log in after the security device completes verification according to a login request sent by the user.
The present disclosure also provides an access control apparatus applied to a security device, the apparatus comprising: the account module is used for receiving an access request of a user sent by a client and authenticating the legitimacy of the user; the permission module is used for acquiring the role information and the post information of the legal user, judging whether the user has the function permission associated with the access request according to the role information of the user, and judging whether the user has the permission of the data category associated with the access request according to the post information of the user; and the forwarding module is used for forwarding the access request with the corresponding authority of the associated user to the cloud platform and forwarding the information returned by the cloud platform according to the access request to the client.
As a technical solution, the receiving the access request of the user sent by the client, and authenticating the validity of the user, includes: and generating a trust value associated with the user according to the recorded action record of the user, wherein the user with the authentication trust value being greater than or equal to a first threshold value is a legal user, and the first threshold value is associated with role information and post information of the user.
As a technical scheme, the method comprises the following steps: the user with the authentication trust value being greater than or equal to the first threshold value and smaller than the second threshold value is a secondary approval user, the secondary approval user is subjected to secondary approval according to a preset strategy, and the secondary approval user passing the authentication secondary approval is a legal user.
As a technical solution, the receiving the access request of the user sent by the client includes: receiving an access request of a logged-in user, and authenticating the legality of the user; the logged-in user is a user allowed to log in after the security device completes verification according to a login request sent by the user.
The present disclosure also provides an electronic device comprising a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor executing the machine-executable instructions to implement the aforementioned access control method.
The present disclosure also provides a machine-readable storage medium storing machine-executable instructions that, when invoked and executed by a processor, cause the processor to implement the aforementioned access control method.
The technical scheme provided by the disclosure at least brings the following beneficial effects:
according to the role information and the post information of different data categories, which are predefined and can be flexibly changed, the access rights of the corresponding user are defined, so that the user rights are flexibly configured, the security equipment is used as the agent of the cloud platform, the validity and the rights of the user access request are centrally verified and forwarded, and the security of the cloud platform is improved.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings that are required to be used in the embodiments of the present disclosure or the description of the prior art will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments described in the present disclosure, and other drawings may also be obtained according to these drawings of the embodiments of the present disclosure to those skilled in the art.
FIG. 1 is a flow chart of an access control method in one embodiment of the present disclosure;
FIG. 2 is a block diagram of an access control device in one embodiment of the present disclosure;
fig. 3 is a hardware configuration diagram of an electronic device in one embodiment of the present disclosure.
Detailed Description
The terminology used in the embodiments of the disclosure is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used in this disclosure and the claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to any or all possible combinations including one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in the embodiments of the present disclosure to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present disclosure. Depending on the context, furthermore, the word "if" used may be interpreted as "at … …" or "at … …" or "in response to a determination".
The present disclosure provides an access control method, apparatus, electronic device, and machine-readable storage medium, to improve at least one of the above-mentioned security deficiency and flexibility deficiency.
Specifically, the technical scheme is as follows.
In one embodiment, the present disclosure provides an access control method applied to a security device, the method comprising: receiving an access request of a user sent by a client, and authenticating the legality of the user; acquiring legal role information and post information of a user, judging whether the user has the function authority associated with the access request according to the role information of the user, and judging whether the user has the authority of the data category associated with the access request according to the post information of the user; and forwarding the access request with the corresponding authority of the associated user to the cloud platform, and forwarding information returned by the cloud platform according to the access request to the client.
Specifically, as shown in fig. 1, the method comprises the following steps:
step S11, receiving an access request of a user sent by a client, and authenticating the legality of the user;
step S12, acquiring the role information and the post information of a legal user, judging whether the user has the function authority associated with the access request according to the role information of the user, and judging whether the user has the authority of the data category associated with the access request according to the post information of the user;
and step S13, forwarding the access request with the corresponding authority of the associated user to the cloud platform, and forwarding the information returned by the cloud platform according to the access request to the client.
According to the role information and the post information of different data categories, which are predefined and can flexibly change the reconfiguration corresponding to different function authorities, the access authorities of corresponding users are defined, so that the flexible configuration of the user authorities is realized, the security equipment is used as the agent of the cloud platform, the validity and the authority of the user access request are centrally verified and forwarded, and the security of the cloud platform is improved
In one embodiment, the receiving the access request of the user sent by the client, and authenticating the validity of the user, includes: and generating a trust value associated with the user according to the recorded action record of the user, wherein the user with the authentication trust value being greater than or equal to a first threshold value is a legal user, and the first threshold value is associated with role information and post information of the user.
In one embodiment, the method comprises: the user with the authentication trust value being greater than or equal to the first threshold value and smaller than the second threshold value is a secondary approval user, the secondary approval user is subjected to secondary approval according to a preset strategy, and the secondary approval user passing the authentication secondary approval is a legal user.
In one embodiment, the receiving the access request of the user sent by the client includes: receiving an access request of a logged-in user, and authenticating the legality of the user; the logged-in user is a user allowed to log in after the security device completes verification according to a login request sent by the user.
In one embodiment, the security device is used as an access control system and comprises a security agent, authentication management, account management, rights management and cloud monitoring functional units. The security proxy unit is an access entrance, the proxy forwards the login and resource operation request of the user, the adaptation of the service rule is realized through the authority section, the flow direction of the access is controlled through fine granularity, the single sign-on of the legal user is realized, and the like; the authentication management unit cooperates with the security agent to realize unified identity authentication of user login, registers a new account, authenticates the logged account and the like; the account management unit stores the user information, maintains basic data parameters, environment parameters, trust value data and the like of the user, and sets actions related to the threshold according to the trust value and the trust value threshold; the authority management unit defines the roles of the system, distributes the authority of the role operable function associated with the user, divides the data category according to the post attribute, realizes different data access authorities of different users, and the data accessible by the user is constrained by the rule set; the cloud monitoring unit records information such as user operation and access environment, analyzes, calculates and updates trust value and alarm setting of the user, and realizes log export, pushing, custom type display and the like.
The access control system can proxy the client on the external network to access the cloud platform, so that the original webpage information can be protected from being damaged by attack to a certain extent, and the security of the cloud platform can be improved. When the user sends an HTTP login request, the HTTP login request is intercepted by the access control system, the access control system analyzes the login information, judges the legitimacy of the user, and returns a received return result to the user to complete single sign-on for the legitimate user. When a user successfully logs in, an access request of a resource is also transmitted to the cloud platform after verification by the access control system, the access control system analyzes that an API field or a keyword in a URL in XML of the request, inquires a permission database of the permission management module, performs access control in combination with an access return result, directly transmits an allowed normal operation request to the cloud platform, blocks forbidden operation, blocks the operation of the user with a low trust value according to policy selection, alarming, secondary approval or other operations, and transmits the return result to the user, for example, the user trust value is lower than a first threshold value, the user is illegal, the user access request is blocked, the trust value is higher than the first threshold value but lower than a second threshold value, and the user is secondarily approved according to a preset policy, wherein the preset policy can be cloud platform approval, manual approval or other preset policy meeting requirements.
And role information and post information are distributed to each user, the role information of the user determines the function authority of the user, and the post information of the user determines the accessible data types, so that the flexibility and the safety of data access are improved. The service access rule can be customized at the two layers of functions and data, the fine-grained data access control is performed based on different service requirements, and the attribute of the rule can comprise: the control data service data table, field name, judgment condition, judgment object, post, priority, etc.
A system administrator configures a trust policy of a designated user at a trust management site, the policy including trust threshold settings and execution actions after exceeding the threshold, the execution actions including: blocking, alerting, secondary authorization, etc. After the monitored user accesses the identity verification, initializing a trust value, then monitoring the behavior of the monitored user and analyzing information, updating the credibility of suspicious behaviors according to behavior types and a behavior library, and executing specified actions when the credibility of the user is lower than a threshold value.
The trust value is calculated based on user behavior data, and the behavior database records user behaviors, and data sources of the user behaviors are mined from network traffic, such as: the number of user login anomalies, the number of user illegal connections, the number of user scanning important ports, and the like. In the interaction process of the user and the platform, the behavior of the user which is legal and can normally finish corresponds to a positive increment of the trust value, the behavior of the user which is illegal corresponds to a negative increment of the trust value, the trust value is adjusted based on time, and if the user is too low in liveness, namely does not interact with the cloud platform for a long time, the trust value is lowered. The dynamic user trust value evaluation method updates the trust value of the monitored user according to the action increment of the new behavior, and ensures the security of the cloud platform by combining the security policy according to the dynamic trust value change, thereby protecting the cloud platform resources from being destroyed.
And monitoring user behavior, user environment information, user operation information and the like in real time, and considering influence of the user behavior information and the user environment information on the existence of authority information of the user. The categories of user operation records include user operation category logs and platform management logs. The user operation class log records the operation behaviors, operation objects, operation time and the like of a user on the cloud platform resource. The platform management log is used for recording maintenance work of operation and maintenance personnel on the cloud platform. And the alarm configuration can be configured, and the functions of mail push alarm, system alarm and the like are performed on authority monitoring, authority trust value change, potential danger access and the like.
In one embodiment, the present disclosure also provides an access control apparatus, as in fig. 2, applied to a security device, the apparatus comprising: an account module 21, configured to receive an access request of a user sent by a client, and authenticate validity of the user; the permission module 22 is configured to obtain role information and post information of a legal user, determine whether the user has the function permission associated with the access request according to the role information of the user, and determine whether the user has the permission of the data class associated with the access request according to the post information of the user; and the forwarding module 23 is configured to forward an access request with a corresponding right of an associated user to the cloud platform, and forward information returned by the cloud platform according to the access request to the client.
In one embodiment, the receiving the access request of the user sent by the client, and authenticating the validity of the user, includes: and generating a trust value associated with the user according to the recorded action record of the user, wherein the user with the authentication trust value being greater than or equal to a first threshold value is a legal user, and the first threshold value is associated with role information and post information of the user.
In one embodiment, the method comprises: the user with the authentication trust value being greater than or equal to the first threshold value and smaller than the second threshold value is a secondary approval user, the secondary approval user is subjected to secondary approval according to a preset strategy, and the secondary approval user passing the authentication secondary approval is a legal user.
In one embodiment, the receiving the access request of the user sent by the client includes: receiving an access request of a logged-in user, and authenticating the legality of the user; the logged-in user is a user allowed to log in after the security device completes verification according to a login request sent by the user.
The device embodiments are the same as or similar to the corresponding method embodiments and are not described in detail herein.
In one embodiment, the present disclosure provides an electronic device including a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor executing the machine-executable instructions to implement the foregoing access control method, and from a hardware level, a hardware architecture diagram may be seen in fig. 3.
In one embodiment, the present disclosure provides a machine-readable storage medium storing machine-executable instructions that, when invoked and executed by a processor, cause the processor to implement the aforementioned access control method.
Here, a machine-readable storage medium may be any electronic, magnetic, optical, or other physical storage device that may contain or store information, such as executable instructions, data, or the like. For example, a machine-readable storage medium may be: RAM (Radom Access Memory, random access memory), volatile memory, non-volatile memory, flash memory, a storage drive (e.g., hard drive), a solid state drive, any type of storage disk (e.g., optical disk, dvd, etc.), or a similar storage medium, or a combination thereof.
The system, apparatus, module or unit set forth in the above embodiments may be implemented in particular by a computer chip or entity, or by a product having a certain function. A typical implementation device is a computer, which may be in the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email device, game console, tablet computer, wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being functionally divided into various units, respectively. Of course, the functions of the various elements may be implemented in the same one or more software and/or hardware when implementing the present disclosure.
It will be apparent to those skilled in the art that embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Moreover, these computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be appreciated by those skilled in the art that embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (which may include, but are not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
The foregoing is merely an embodiment of the present disclosure and is not intended to limit the present disclosure. Various modifications and variations of this disclosure will be apparent to those skilled in the art. Any modifications, equivalent substitutions, improvements, or the like, which are within the spirit and principles of the present disclosure, are intended to be included within the scope of the claims of the present disclosure.
Claims (10)
1. An access control method for use with a security device, the method comprising:
receiving an access request of a user sent by a client, analyzing login information, and authenticating the legitimacy of the user according to a recorded action record of the user;
acquiring legal role information and post information of a user, judging whether the user has the function authority associated with the access request according to the role information of the user, and judging whether the user has the authority of the data category associated with the access request according to the post information of the user;
and forwarding the access request with the corresponding authority of the associated user to the cloud platform, and forwarding information returned by the cloud platform according to the access request to the client.
2. The method of claim 1, wherein the receiving the access request of the user sent by the client, resolving the login information, and authenticating the validity of the user according to the recorded action record of the user, comprises:
and generating a trust value associated with the user according to the recorded action record of the user, wherein the user with the authentication trust value being greater than or equal to a first threshold value is a legal user, and the first threshold value is associated with role information and post information of the user.
3. The method of claim 1, wherein the receiving the access request of the user sent by the client, resolving the login information, and authenticating the validity of the user according to the recorded action record of the user, comprises:
generating a trust value associated with the user according to the recorded action record of the user, authenticating that the user with the trust value being greater than or equal to a first threshold value and smaller than a second threshold value is a secondary approval user, performing secondary approval on the secondary approval user according to a preset strategy, and authenticating that the secondary approval user passing through the secondary approval is a legal user;
the first threshold and the second threshold are associated with role information and post information of the user.
4. The method of claim 1, wherein the receiving the access request of the user sent by the client comprises:
receiving an access request of a logged-in user, and authenticating the legality of the user;
the logged-in user is a user allowed to log in after the security device completes verification according to a login request sent by the user.
5. An access control apparatus for use with a security device, the apparatus comprising:
the account module is used for receiving an access request of a user sent by a client, analyzing login information and authenticating the legitimacy of the user according to the recorded action record of the user;
the permission module is used for acquiring the role information and the post information of the legal user, judging whether the user has the function permission associated with the access request according to the role information of the user, and judging whether the user has the permission of the data category associated with the access request according to the post information of the user;
and the forwarding module is used for forwarding the access request with the corresponding authority of the associated user to the cloud platform and forwarding the information returned by the cloud platform according to the access request to the client.
6. The apparatus of claim 5, wherein the receiving the access request of the user sent by the client, parsing the login information, and authenticating the validity of the user based on the recorded action record of the user, comprises:
and generating a trust value associated with the user according to the recorded action record of the user, wherein the user with the authentication trust value being greater than or equal to a first threshold value is a legal user, and the first threshold value is associated with role information and post information of the user.
7. The apparatus of claim 5, wherein the receiving the access request of the user sent by the client, parsing the login information, and authenticating the validity of the user based on the recorded action record of the user, comprises:
generating a trust value associated with the user according to the recorded action record of the user, authenticating that the user with the trust value being greater than or equal to a first threshold value and smaller than a second threshold value is a secondary approval user, performing secondary approval on the secondary approval user according to a preset strategy, and authenticating that the secondary approval user passing through the secondary approval is a legal user;
the first threshold and the second threshold are associated with role information and post information of the user.
8. The apparatus of claim 5, wherein the receiving the access request of the user sent by the client comprises:
receiving an access request of a logged-in user, and authenticating the legality of the user;
the logged-in user is a user allowed to log in after the security device completes verification according to a login request sent by the user.
9. An electronic device, comprising: a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor to perform the method of any one of claims 1-4.
10. A machine-readable storage medium storing machine-executable instructions which, when invoked and executed by a processor, cause the processor to implement the method of any one of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110597975.7A CN113542214B (en) | 2021-05-31 | 2021-05-31 | Access control method, device, equipment and machine-readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110597975.7A CN113542214B (en) | 2021-05-31 | 2021-05-31 | Access control method, device, equipment and machine-readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113542214A CN113542214A (en) | 2021-10-22 |
| CN113542214B true CN113542214B (en) | 2023-08-22 |
Family
ID=78095532
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110597975.7A Active CN113542214B (en) | 2021-05-31 | 2021-05-31 | Access control method, device, equipment and machine-readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113542214B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114245400B (en) * | 2021-11-11 | 2023-11-03 | 新华三大数据技术有限公司 | Cloud management platform system and method for dynamically managing users thereof |
| CN115270169B (en) * | 2022-05-18 | 2023-06-13 | 蔓之研(上海)生物科技有限公司 | Decompression method and system for gene data |
| CN115314405A (en) * | 2022-05-28 | 2022-11-08 | 江苏安几科技有限公司 | Zero-trust gateway user dynamic scoring method and device |
| CN115529156B (en) * | 2022-08-08 | 2023-08-01 | 北京雪诺科技有限公司 | Access authentication method and device, storage medium and computer equipment |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107342992A (en) * | 2017-06-27 | 2017-11-10 | 努比亚技术有限公司 | A kind of System right management method, apparatus and computer-readable recording medium |
| CN108268780A (en) * | 2016-12-30 | 2018-07-10 | 航天信息股份有限公司 | A kind of method and device for being used to control system access |
| CN109257364A (en) * | 2018-10-12 | 2019-01-22 | 成都信息工程大学 | A kind of multicore net like multistage cross-domain access control method based on cloud platform |
| CN109388921A (en) * | 2017-08-10 | 2019-02-26 | 顺丰科技有限公司 | A kind of unification user rights management platform and operation method |
| CN109670768A (en) * | 2018-09-27 | 2019-04-23 | 深圳壹账通智能科技有限公司 | Right management method, device, platform and the readable storage medium storing program for executing in multi-service domain |
| CN111431843A (en) * | 2019-01-10 | 2020-07-17 | 中国科学院电子学研究所 | Access control method based on trust and attribute in cloud computing environment |
| CN111935073A (en) * | 2020-06-19 | 2020-11-13 | 中国市政工程华北设计研究总院有限公司 | Authority management method and system of cloud platform based on multi-organization architecture |
| CN112055029A (en) * | 2020-09-16 | 2020-12-08 | 全球能源互联网研究院有限公司 | Zero-trust power Internet of things equipment and user real-time trust degree evaluation method |
| CN112182619A (en) * | 2020-09-30 | 2021-01-05 | 澳优乳业(中国)有限公司 | Service processing method and system based on user permission, electronic device and medium |
| CN112632575A (en) * | 2020-12-22 | 2021-04-09 | 平安普惠企业管理有限公司 | Authority management method and device of business system, computer equipment and storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10348735B2 (en) * | 2017-09-01 | 2019-07-09 | Atlassian Pty Ltd | Systems and methods for accessing cloud resources from a local development environment |
| US11050753B2 (en) * | 2017-09-29 | 2021-06-29 | Oracle International Corporation | Data driven role permissions |
-
2021
- 2021-05-31 CN CN202110597975.7A patent/CN113542214B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108268780A (en) * | 2016-12-30 | 2018-07-10 | 航天信息股份有限公司 | A kind of method and device for being used to control system access |
| CN107342992A (en) * | 2017-06-27 | 2017-11-10 | 努比亚技术有限公司 | A kind of System right management method, apparatus and computer-readable recording medium |
| CN109388921A (en) * | 2017-08-10 | 2019-02-26 | 顺丰科技有限公司 | A kind of unification user rights management platform and operation method |
| CN109670768A (en) * | 2018-09-27 | 2019-04-23 | 深圳壹账通智能科技有限公司 | Right management method, device, platform and the readable storage medium storing program for executing in multi-service domain |
| CN109257364A (en) * | 2018-10-12 | 2019-01-22 | 成都信息工程大学 | A kind of multicore net like multistage cross-domain access control method based on cloud platform |
| CN111431843A (en) * | 2019-01-10 | 2020-07-17 | 中国科学院电子学研究所 | Access control method based on trust and attribute in cloud computing environment |
| CN111935073A (en) * | 2020-06-19 | 2020-11-13 | 中国市政工程华北设计研究总院有限公司 | Authority management method and system of cloud platform based on multi-organization architecture |
| CN112055029A (en) * | 2020-09-16 | 2020-12-08 | 全球能源互联网研究院有限公司 | Zero-trust power Internet of things equipment and user real-time trust degree evaluation method |
| CN112182619A (en) * | 2020-09-30 | 2021-01-05 | 澳优乳业(中国)有限公司 | Service processing method and system based on user permission, electronic device and medium |
| CN112632575A (en) * | 2020-12-22 | 2021-04-09 | 平安普惠企业管理有限公司 | Authority management method and device of business system, computer equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 沙杰.基于RBAC模型的云计算平台访问控制系统设计研究.《信息与电脑(理论版)》.2017,(第03期), * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113542214A (en) | 2021-10-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113542214B (en) | Access control method, device, equipment and machine-readable storage medium | |
| US11716326B2 (en) | Protections against security vulnerabilities associated with temporary access tokens | |
| CN113010911B (en) | Data access control method, device and computer readable storage medium | |
| Modi et al. | A survey on security issues and solutions at different layers of Cloud computing | |
| US9639678B2 (en) | Identity risk score generation and implementation | |
| Genc et al. | Examination of a new defense mechanism: Honeywords | |
| US20190356661A1 (en) | Proxy manager using replica authentication information | |
| US10673862B1 (en) | Token-based access tracking and revocation | |
| CN107196951A (en) | The implementation method and firewall system of a kind of HDFS systems fire wall | |
| CN114553540B (en) | Zero trust-based Internet of things system, data access method, device and medium | |
| US20180176206A1 (en) | Dynamic Data Protection System | |
| US10637864B2 (en) | Creation of fictitious identities to obfuscate hacking of internal networks | |
| CN116760639B (en) | Data security isolation and sharing framework implementation method for multiple tenants | |
| CN113039542A (en) | Secure counting in cloud computing networks | |
| CN114138590A (en) | Operation and maintenance processing method and device for Kubernetes cluster and electronic equipment | |
| US20180176197A1 (en) | Dynamic Data Protection System | |
| US10158623B2 (en) | Data theft deterrence | |
| Kang et al. | A strengthening plan for enterprise information security based on cloud computing | |
| Sanfilippo et al. | Stride-based threat modeling for mysql databases | |
| US20230135186A1 (en) | Abnormal cross authorization detection systems | |
| CN109033882A (en) | A kind of safe dissemination method of retrospective big data and system | |
| US10116438B1 (en) | Managing use of security keys | |
| Jouini et al. | Security problems in cloud computing environments: A deep analysis and a secure framework | |
| US20220272128A1 (en) | Zero-trust decentralized cybersecurity architecture for endpoint devices | |
| Bhandari et al. | A Preliminary Study On Emerging Cloud Computing Security Challenges |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |