CN113591121A - Resource access authority configuration method, device, equipment and storage medium - Google Patents

Resource access authority configuration method, device, equipment and storage medium Download PDF

Info

Publication number
CN113591121A
CN113591121A CN202110912700.8A CN202110912700A CN113591121A CN 113591121 A CN113591121 A CN 113591121A CN 202110912700 A CN202110912700 A CN 202110912700A CN 113591121 A CN113591121 A CN 113591121A
Authority
CN
China
Prior art keywords
resource
identifier
government affair
access
party application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110912700.8A
Other languages
Chinese (zh)
Inventor
李祖金
莫兹栋
罗新良
邹鹤良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Digital Guangdong Network Construction Co Ltd
Original Assignee
Digital Guangdong Network Construction Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Digital Guangdong Network Construction Co Ltd filed Critical Digital Guangdong Network Construction Co Ltd
Priority to CN202110912700.8A priority Critical patent/CN113591121A/en
Publication of CN113591121A publication Critical patent/CN113591121A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses a method, a device, equipment and a storage medium for configuring resource access authority. The method comprises the following steps: responding to an access instruction of a third-party application facing to a government affair authentication platform, and determining an application identifier of the third-party application, and resource identifiers and version numbers of government affair resources related to the government affair authentication platform; encrypting the application identifier, the resource identifier and the version number of the government affair resource aiming at each government affair resource to obtain an access identifier of the government affair resource facing the third party application; and issuing an access identifier of each government affair resource to the third party application so as to configure the resource access authority of the third party application facing the government affair authentication platform. The resource access authority configuration of the third-party application facing to the government affair authentication platform is realized, the convenience and the high efficiency of the resource access authority configuration are improved, the access identifications of each government affair resource configured on different third-party applications are different, and the safety of resource access is ensured.

Description

Resource access authority configuration method, device, equipment and storage medium
Technical Field
The embodiment of the invention relates to the technical field of permission configuration, in particular to a method, a device, equipment and a storage medium for configuring resource access permission.
Background
In the process of developing the government affair authentication platform, the government affair service system forms a corresponding organization tree according to the hierarchical relationship among government affair resources (such as government affair departments and personnel arranged under the government affair authentication platform) in each government affair authentication platform, and the organization tree is used for storing the unique identifier of the government affair resources under the corresponding hierarchy on each node. At this time, when an application accesses the government affair authentication platform, the government affair service system informs the highest organization tree node accessible to the application, so that the application is configured with access authority of all resources stored by the highest organization tree node and its subordinate nodes, and the application can recursively acquire detailed information of each resource by accessing the unique identifier of each resource having the access authority. However, due to invariance of the unique identifier of the resource, there may be a case that the unique identifier of some resource is actively or passively leaked between third-party service providers, so that sensitive information in the resource is illegally acquired by an application without the access right of the resource.
At present, when each application accesses to a corresponding government affair authentication platform, the identifier of each resource accessible by the application is stored in a database, so that the configuration of the access authority of the application for each accessible resource is realized, excessive configuration data are caused when the application accesses to the corresponding government affair authentication platform, and the configuration efficiency of the resource access authority when the application accesses to the corresponding government affair authentication platform is reduced.
Disclosure of Invention
The embodiment of the invention provides a method, a device, equipment and a storage medium for configuring resource access authority, which improve the convenience and high efficiency of resource access authority configuration, and ensure the safety of resource access because the access identifiers configured on different third-party applications of each government affair resource are different.
In a first aspect, an embodiment of the present invention provides a method for configuring resource access permissions, where the method includes:
responding to an access instruction of a third-party application facing to a government affair authentication platform, and determining an application identifier of the third-party application, and resource identifiers and version numbers of government affair resources related to the government affair authentication platform;
encrypting the application identifier, the resource identifier and the version number of the government affair resource aiming at each government affair resource to obtain an access identifier of the government affair resource facing the third party application;
and issuing an access identifier of each government affair resource to the third party application so as to configure the resource access authority of the third party application facing the government affair authentication platform.
In a second aspect, an embodiment of the present invention provides an apparatus for configuring resource access permissions, where the apparatus includes:
the application access response module is used for responding to an access instruction of a third-party application facing to a government affair authentication platform, and determining an application identifier of the third-party application, and a resource identifier and a version number of each government affair resource associated with the government affair authentication platform;
the access identifier determining module is used for encrypting the application identifier, the resource identifier and the version number of the government affair resource aiming at each government affair resource to obtain an access identifier of the government affair resource facing the third party application;
and the access authority configuration module is used for issuing an access identifier of each government affair resource to the third party application so as to configure the resource access authority of the third party application facing the government affair authentication platform.
In a third aspect, an embodiment of the present invention provides a computer device, where the computer device includes:
one or more processors;
storage means for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors implement the method for configuring resource access rights according to any embodiment of the present invention.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a method for configuring resource access permissions according to any embodiment of the present invention.
After receiving an access instruction of a third-party application facing a government affair authentication platform, determining an application identifier of the third-party application, and a resource identifier and a version number of each government affair resource associated with the government affair authentication platform, encrypting the application identifier, the resource identifier and the version number of each government affair resource aiming at each government affair resource to obtain an access identifier of the government affair resource facing the third-party application, so that the access identifiers configured for each government affair resource on different third-party applications are different, and the access identifier configured for one government affair resource on one third-party application cannot realize the access of another third-party application to the government affair resource, thereby ensuring the security of resource access; and furthermore, the access identifier of each government affair resource is issued to the third-party application, so that the resource access authority configuration of the third-party application facing to the government affair authentication platform is realized, and the convenience and the high efficiency of the resource access authority configuration are improved.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments made with reference to the following drawings:
fig. 1 is a flowchart of a method for configuring resource access permissions according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for configuring resource access permissions according to a second embodiment of the present invention;
fig. 3 is a flowchart of a method for configuring resource access permissions according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of a configuration apparatus for resource access permissions according to a fourth embodiment of the present invention;
fig. 5 is a schematic structural diagram of a computer device according to a fifth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a flowchart of a method for configuring resource access permissions according to an embodiment of the present invention. The embodiment can be applied to the situation that when any government affair authentication platform accesses the corresponding third-party application, the resource access authority in the government affair authentication platform is configured for the third-party application. The method for configuring resource access permissions provided in this embodiment may be performed by a device for configuring resource access permissions provided in this embodiment of the present invention, where the device may be implemented in a software and/or hardware manner and is integrated in a computer device for executing the method.
Specifically, referring to fig. 1, the method specifically includes the following steps:
s110, responding to an access instruction of the third-party application facing to the government affair authentication platform, determining an application identifier of the third-party application, and resource identifiers and version numbers of government affair resources related to the government affair authentication platform.
Specifically, the government affair authentication platform supports access to different third-party applications for a pre-developed government affair system for realizing various corresponding government affair functions in any government affair field, and authenticates the identity of the third-party application, so that different users can check government affair information under the corresponding government affair function in the government affair authentication platform through the third-party application accessed by the government affair authentication platform. For example, the government affairs certification platform may be a pre-developed education department platform, and the third party application may be a campus network application developed by each school to which the education department platform supports access, and the like.
Corresponding government departments and personnel are arranged in each government affair authentication platform according to hierarchy division, and it is considered that the third party application usually adopts identification information such as an account number of a certain government department or personnel to check the government affair function information supporting the access of the government department or personnel in the government affair authentication platform, namely when the third party application accesses the government affair authentication platform, the operation authority of the corresponding government department and personnel arranged in the government affair authentication platform needs to be opened for the third party application, so that the third party application has the authority of entering the government affair authentication platform to check the function information. Therefore, in this embodiment, when the third-party application accesses the government affair authentication platform, each government affair resource that needs to be configured with an access right in the third-party application may be a corresponding government affair department, a person, and the like set in the government affair authentication platform, and the third-party application uses the identification information of the corresponding government affair department, the person, and the like to enter the government affair authentication platform to view each item of supported function information.
Meanwhile, in consideration of the fact that corresponding government departments, staff and the like arranged in the government affair authentication platform change, so that the access authority of the government affair resources also changes, in order to guarantee the accuracy of the access authority of the government affair resources, the embodiment can also record the version number of each government affair resource in real time to represent the latest version of the government affair resource.
Moreover, in order to ensure the comprehensiveness of each government affair resource in the government affair authentication platform, a corresponding organization structure tree is formed by the government affair service system according to the hierarchical relationship between each government affair resource (such as the government affair department and the personnel arranged under the government affair authentication platform) in each government affair authentication platform, and identification information of the government affair resource under the corresponding hierarchy is stored in each node of the organization structure tree. At this time, when the government affair resources in the government affair authentication platform change, for example, departments and personnel in the government affair authentication platform change, the organization structure tree formed on the government affair service system is also correspondingly updated, so as to ensure the accuracy of each government affair resource in the government affair authentication platform.
In this embodiment, when a third-party application requests to access a certain government affair authentication platform, the government affair authentication platform receives an access instruction sent by the third-party application, and in order to configure access permissions facing to each government affair resource in each accessed government affair authentication platform to the third-party application, in this embodiment, the government affair authentication platform forwards the received access instruction to a government affair service system, and the government affair service system configures the resource access permissions facing the government affair authentication platform by the third-party application according to an organization structure tree pre-formed for the government affair authentication platform by the government affair service system.
Specifically, in response to an access instruction of the third-party application to the government affair authentication platform, the resource identifier and the version number of each government affair resource associated with the government affair authentication platform are first searched from a pre-formed organization structure tree, so that the resource identifier and the version number are subsequently adopted to jointly configure the access authority of the third-party application to each government affair resource in the government affair authentication platform. Moreover, in order to avoid the situation that the access right to a certain government affair resource is leaked among different third-party applications, and a third-party application without the access right illegally accesses the government affair resource by using the leaked access right, the embodiment further determines the application identifier of the third-party application, and then commonly configures the access right of the third-party application to each government affair resource in the government affair authentication platform by using the application identifier, so as to ensure that the access rights of different third-party applications to the same government affair resource are different.
It should be noted that, in this embodiment, the application identifier of the third-party application may be an 8-byte binary code, which is denoted as APP _ ID; the resource identifier of any government resource can be a binary code of 24 bytes, which is recorded as UID, and the version number of the government resource can be a binary code of 4 bytes, which represents the self-increment serial number of the government resource each time the government resource changes in the government authentication platform, and which is recorded as U _ V.
S120, encrypting the application identifier, the resource identifier and the version number of each government affair resource to obtain an access identifier of each government affair resource facing to a third party application.
Optionally, after accessing the government affair authentication platform, the third party application requires that the third party application can access information of each government affair resource associated with the government affair authentication platform, so this embodiment configures an access right of the third party application to each government affair resource associated with the government affair authentication platform.
Specifically, for each government affair resource, the embodiment configures the access right of the third party application to the government affair resource by using the application identifier of the third party application and the resource identifier and the version number of the government affair resource. The application identifier of the third-party application, the resource identifier and the version number of the government affair resource can be jointly encrypted through the key generated by the third-party application, an access identifier of the government affair resource facing the third-party application is obtained, and the subsequent third-party application can access the government affair resource through the access identifier. The access identifier of each government affair resource facing to the third party application can be obtained by executing the operation on each government affair resource, at the moment, because the access identifier carries the application identifier of the third party application, the access identifiers of different third party applications to the same government affair resource are different, and the access identifier configured for a certain government affair resource on a certain third party application cannot realize the access of another third party application to the government affair resource, so that the safety of resource access is ensured, and the illegal access of the third party application to a certain government affair resource is avoided.
For example, in this embodiment, for each government affair resource, the application identifier of the third party application and the resource identifier and the version number of the government affair resource are merged, and the identifier information after the merging of the government affair resource is encrypted to obtain the access identifier of the government affair resource facing the third party application. That is to say, in this embodiment, for each government affair resource, the application identifier of the third party application and the resource identifier and version number of the government affair resource may be merged, for example, the application identifier APP _ ID is at a lower 8 bytes, the resource identifier UID of the government affair resource is at a middle 24 bytes, and the version number U _ V of the government affair resource is at a higher 4 bytes, so as to splice a new UID with a length of 36 bytes, and then encrypt the new UID with a key generated by the third party application, and after Base64 is encoded, generate an access identifier of the government affair resource facing the third party application, where the access identifier is a binary code of 48 bytes, which is denoted as APP _ UID and represents the identifier of the government affair resource by the third party application.
S130, issuing the access identification of each government affair resource to the third party application so as to configure the resource access authority of the third party application facing to the government affair authentication platform.
Optionally, after determining the access identifier of the third-party application to each government affair resource in the government affair authentication platform, the access identifier of each government affair resource is directly issued to the third-party application, so that after the third-party application accesses the government affair authentication platform, the access identifier of each government affair resource in the government affair authentication platform can be stored, and the subsequent third-party application can check the function information of the government affair resource in the government affair authentication platform by using the access identifier of any government affair resource, thereby realizing the resource access authority configuration of the third-party application facing the government affair authentication platform.
For example, after receiving the access identifier of each government affair resource, the third party application may record the access identifier of each government affair resource in a preset authority configuration table in a key-value pair manner, so as to configure the resource access authority of the third party application facing to the government affair authentication platform. At this time, when the function information of a certain government affair resource needs to be checked by logging in the accessed government affair authentication platform, the access identifier of the government affair resource can be directly obtained from the authority configuration table, and then the government affair authentication platform is logged in by adopting the access identifier of the government affair resource.
According to the technical scheme provided by the embodiment, after an access instruction of a third-party application facing a government affair authentication platform is received, an application identifier of the third-party application, and a resource identifier and a version number of each government affair resource associated with the government affair authentication platform are determined, then the application identifier, the resource identifier and the version number of each government affair resource are encrypted aiming at each government affair resource, and an access identifier of the government affair resource facing the third-party application is obtained, so that access identifiers configured on different third-party applications of each government affair resource are different, and an access identifier configured on a certain government affair resource on a certain third-party application cannot realize access of another third-party application to the government affair resource, and therefore the security of resource access is guaranteed; and furthermore, the access identifier of each government affair resource is issued to the third-party application, so that the resource access authority configuration of the third-party application facing to the government affair authentication platform is realized, and the convenience and the high efficiency of the resource access authority configuration are improved.
Example two
Fig. 2 is a flowchart of a method for configuring resource access permissions according to a second embodiment of the present invention. The embodiment of the invention is optimized on the basis of the embodiment. Optionally, this embodiment mainly explains in detail a specific configuration process and a configuration update process of the resource access permission of the third-party application government affair authentication-oriented platform.
Specifically, referring to fig. 2, the method of this embodiment may specifically include:
s210, in response to the access instruction of the third-party application facing to the government affair authentication platform, determining an application identifier of the third-party application, and resource identifiers and version numbers of government affair resources associated with the government affair authentication platform.
S220, randomly generating an encryption key of the third-party application so as to encrypt the application identifier and the resource identifier and the version number of the government affair resource aiming at each government affair resource.
Optionally, in order to facilitate subsequent encryption of the application identifier of the third-party application and the resource identifier and the version number of each government resource, in this embodiment, an encryption key is first randomly generated for the third-party application, where the encryption key may be a key with a length of 32 bytes, and is denoted as APP _ K. And then, storing the encryption key pre-generated by the third-party application into a corresponding storage system, so as to encrypt the application identifier and the resource identifier and the version number of the government affair resource by adopting the encryption key for each government affair resource subsequently.
And S230, authenticating the government affair identity of the third-party application, and encrypting the application identifier, the resource identifier and the version number of the government affair resource for each government affair resource after the authentication is passed.
In this embodiment, in order to ensure the validity of each third-party application accessed by the government affair authentication platform, in this embodiment, before receiving an access instruction of the third-party application facing the government affair authentication platform and configuring the resource access authority of the government affair authentication platform for the third-party application, the government affair identity of the third-party application needs to be authenticated first, for example, when a campus network application of a certain school requests to access to the platform of the education department, it needs to be authenticated first whether the school is a real school authenticated by the education department, and then after the authentication of the third-party application is passed, the application identifier, and the resource identifier and the version number of the government affair resource are encrypted for each government affair resource to configure the resource access authority of the third-party application facing the government affair authentication platform.
S240, encrypting the application identifier, the resource identifier and the version number of each government affair resource to obtain an access identifier of each government affair resource facing to a third party application.
And S250, issuing an access identifier of each government affair resource to the third party application so as to configure the resource access authority of the third party application facing to the government affair authentication platform.
And S260, responding to the resource updating operation of the government affair authentication platform or responding to the configuration updating request of the third party application, and issuing an access identifier of each government affair resource updated by the government affair authentication platform to the third party application so as to configure and update the resource access authority of the third party application facing the government affair authentication platform.
Optionally, when resources such as departments and personnel in the government affair authentication platform change, an organization tree structure in the government affair service system also changes, so that the configured resource access authority in each application also needs to be relatively adjusted, and therefore, in this embodiment, the resource access authority of the third-party application facing the government affair authentication platform is configured, and the resource access authority is also updated. At this time, in response to the resource updating operation of the government affair authentication platform, when it is detected that the government affair resources in the government affair authentication platform have changes, the steps S210 to S240 may be executed again to determine the access identifier of the third party application for each updated government affair resource in the government affair authentication platform, and then actively issue the access identifier of each updated government affair resource of the government affair authentication platform to the third party application, so as to perform configuration updating on the resource access right of the third party application facing the government affair authentication platform. Or, the third-party application may report a configuration update request for resource access permissions in the government affair authentication platform to the government affair service system periodically, and the government affair service system may re-execute the steps S210-S240 in response to the configuration update request of the third-party application, determine an access identifier of the third-party application for each updated government affair resource in the government affair authentication platform, and then issue the access identifier of each updated government affair resource of the government affair authentication platform to the third-party application, so as to periodically configure and update the resource access permissions of the third-party application facing the government affair authentication platform, thereby simplifying complexity of resource access permission configuration and maintenance in the third-party application, and improving efficient and convenient maintenance of resource access permission configuration in the third-party application.
According to the technical scheme provided by the embodiment, after an access instruction of a third-party application facing a government affair authentication platform is received, an application identifier of the third-party application, and a resource identifier and a version number of each government affair resource associated with the government affair authentication platform are determined, then the application identifier, the resource identifier and the version number of each government affair resource are encrypted aiming at each government affair resource, and an access identifier of the government affair resource facing the third-party application is obtained, so that access identifiers configured on different third-party applications of each government affair resource are different, and an access identifier configured on a certain government affair resource on a certain third-party application cannot realize access of another third-party application to the government affair resource, and therefore the security of resource access is guaranteed; and furthermore, the access identifier of each government affair resource is issued to the third-party application, so that the resource access authority configuration of the third-party application facing to the government affair authentication platform is realized, and the convenience and the high efficiency of the resource access authority configuration are improved.
EXAMPLE III
Fig. 3 is a flowchart of a method for configuring resource access permissions according to a third embodiment of the present invention. The embodiment of the invention is optimized on the basis of the embodiment. Optionally, in this embodiment, a detailed explanation is mainly given to a specific access process of the third-party application for accessing a certain government affair resource in the government affair authentication platform after configuring the resource access authority of the third-party application facing the government affair authentication platform.
Specifically, referring to fig. 3, the method of this embodiment may specifically include:
s310, in response to the access instruction of the third-party application facing to the government affair authentication platform, determining the application identifier of the third-party application, and the resource identifier and the version number of each government affair resource associated with the government affair authentication platform.
S320, encrypting the application identifier, the resource identifier and the version number of each government affair resource to obtain an access identifier of each government affair resource facing to the third party application.
S330, issuing the access identification of each government affair resource to the third party application so as to configure the resource access authority of the third party application facing to the government affair authentication platform.
S340, responding to the access request of the third party application to the target resource, decrypting the access identifier of the target resource to obtain the resource identifier of the target resource.
Optionally, after the resource access right facing the government affair authentication platform is configured in the third-party application, the third-party application may access any government affair resource in the government affair authentication platform, at this time, the third-party application may report an access request for a target resource to the government affair authentication platform, the government affair authentication platform forwards the access request to the government affair service system, and the government affair service system checks detailed information of the target resource.
Specifically, in response to an access request of a third-party application for a target resource, the government affair service system firstly analyzes an access identifier of the target resource from the access request, and then decrypts the access identifier of the target resource to obtain a resource identifier of the target resource, so that resource access information of the target resource is searched by using the resource identifier of the target resource in the following process, and the resource access information is issued to the third-party application.
In addition, when the access identifier of the target resource is decrypted, the decryption result of the access identifier of the target resource may further include a corresponding target application identifier and a target version number. At this time, in order to ensure the access security of the target resource, the embodiment compares the target application identifier with the application identifier of the third party application, and if the target application identifier and the application identifier of the third party application are consistent, the target version number and the version number of the target resource are continuously compared, so that when the target application identifier and the version number of the target resource are consistent, the resource access information of the target resource is issued to the third party application by using the resource identifier of the target resource; and if the target application identifier is not consistent with the application identifier of the third-party application, or the target version number is not consistent with the version number of the target resource, issuing an illegal access message of the target resource to the third-party application.
That is to say, the application identifier of the third-party application is verified by using the target application identifier in the access identifier of the target resource, and it is determined whether the access identifier of the target resource is configured when the third-party application accesses the government affairs authentication platform, or is configured by other third-party applications and forwarded to the third-party application. When the third party application and the government affair authentication platform are consistent, the third party application is indicated as a legal application accessed to the government affair authentication platform, then the target version number in the resource identifier of the target resource is continuously adopted to verify the version number of the target resource, whether the target resource changes after the third party application is accessed to the government affair authentication platform is judged, only when the target version number is consistent with the version number of the target resource, the third party application is determined to have the authority of accessing the target resource, and then the resource identifier of the target resource is utilized to check the resource access information of the target resource.
And S350, issuing the resource access information of the target resource to the third-party application by using the resource identifier of the target resource.
Optionally, when it is determined that the third-party application is legally accessed, the resource identifier of the target resource may be used to search the resource access information of the target resource in the government affair authentication platform, and the resource access information is issued to the third-party application, so as to implement the secure access of the government affair resource.
It should be noted that, in order to ensure that the third-party application reasonably distinguishes resource access permission configuration and resource security access, in this embodiment, two different types of interfaces are set, for example, an interface a with data permission verification and an interface B without data permission are provided, the configuration operation of the third-party application for the resource access permission of the government affair authentication platform is executed through the interface a, and the security access operation of the third-party application for a certain target resource in the government affair authentication platform is executed through the interface B.
According to the technical scheme provided by the embodiment, after the third-party application is configured for the resource access authority of the government affair authentication platform, the third-party application can judge whether the third-party application is legally accessed through the application identifier, the resource identifier and the version number in the access identifier of the target resource, at the moment, the access identifiers configured on different third-party applications of each government affair resource are different, the access identifier configured on one government affair resource on one third-party application cannot realize the access of another third-party application to the government affair resource, and the security of resource access is ensured.
Example four
Fig. 4 is a schematic structural diagram of a configuration apparatus for resource access rights according to a fourth embodiment of the present invention, as shown in fig. 4, the apparatus may include:
the application access response module 410 is configured to determine, in response to an access instruction of a third-party application facing a government affair authentication platform, an application identifier of the third-party application, and resource identifiers and version numbers of government affair resources associated with the government affair authentication platform;
an access identifier determining module 420, configured to encrypt the application identifier, the resource identifier and the version number of the government resource, to obtain an access identifier of the government resource facing the third-party application;
and an access authority configuration module 430, configured to issue an access identifier of each government affair resource to the third party application, so as to configure the resource access authority of the third party application facing the government affair authentication platform.
According to the technical scheme provided by the embodiment, after an access instruction of a third-party application facing a government affair authentication platform is received, an application identifier of the third-party application, and a resource identifier and a version number of each government affair resource associated with the government affair authentication platform are determined, then the application identifier, the resource identifier and the version number of each government affair resource are encrypted aiming at each government affair resource, and an access identifier of the government affair resource facing the third-party application is obtained, so that access identifiers configured on different third-party applications of each government affair resource are different, and an access identifier configured on a certain government affair resource on a certain third-party application cannot realize access of another third-party application to the government affair resource, and therefore the security of resource access is guaranteed; and furthermore, the access identifier of each government affair resource is issued to the third-party application, so that the resource access authority configuration of the third-party application facing to the government affair authentication platform is realized, and the convenience and the high efficiency of the resource access authority configuration are improved.
Further, the access identifier determining module 420 may be specifically configured to:
and aiming at each government affair resource, combining the application identifier of the third party application and the resource identifier and the version number of the government affair resource, and encrypting the combined identifier information of the government affair resource to obtain the access identifier of the government affair resource facing to the third party application.
Further, the apparatus for configuring resource access right may further include:
and the key generation module is used for randomly generating an encryption key of the third-party application so as to encrypt the application identifier and the resource identifier and the version number of the government affair resource aiming at each government affair resource.
Further, the apparatus for configuring resource access right may further include:
and the configuration updating module is used for responding to the resource updating operation of the government affair authentication platform or responding to the configuration updating request of the third party application, and issuing the updated access identifier of each government affair resource to the third party application so as to perform configuration updating on the resource access authority of the third party application facing the government affair authentication platform.
Further, the apparatus for configuring resource access right may further include:
and the application authentication module is used for authenticating the government affair identity of the third-party application, so that after the authentication is passed, the application identifier, the resource identifier and the version number of the government affair resource are encrypted aiming at each government affair resource.
Further, the apparatus for configuring resource access right may further include:
the access identifier decryption module is used for responding to an access request of the third-party application to the target resource, decrypting the access identifier of the target resource and obtaining a resource identifier of the target resource;
and the resource access module is used for issuing the resource access information of the target resource to the third-party application by using the resource identifier of the target resource.
Further, the decryption result of the access identifier of the target resource may further include a corresponding target application identifier and a target version number.
Correspondingly, the apparatus for configuring resource access right may further include:
the access verification module compares the target application identifier with the application identifier of the third-party application, if the target application identifier and the application identifier of the third-party application are consistent, the target version number and the version number of the target resource are continuously compared, and when the target application identifier and the version number of the target resource are consistent, the resource access information of the target resource is issued to the third-party application by using the resource identifier of the target resource;
and the legal access processing module is used for issuing an illegal access message of the target resource to the third-party application if the target application identifier is not consistent with the application identifier of the third-party application or the target version number is not consistent with the version number of the target resource.
The device for configuring the resource access right provided by the embodiment can be applied to the method for configuring the resource access right provided by any embodiment, and has corresponding functions and beneficial effects.
EXAMPLE five
Fig. 5 is a schematic structural diagram of a computer device according to a fifth embodiment of the present invention. As shown in fig. 5, the computer apparatus includes a processor 50, a storage device 51, and a communication device 52; the number of processors 50 in the computer device may be one or more, and one processor 50 is taken as an example in fig. 5; the processor 50, the storage means 51 and the communication means 52 of the computer device may be connected by a bus or other means, as exemplified by the bus connection in fig. 5.
The storage device 51, which is a computer-readable storage medium, can be used to store software programs, computer-executable programs, and modules, such as the modules corresponding to the configuration method of the resource access right in the embodiment of the present invention (for example, the application access response module 410, the access identifier determination module 420, and the access right configuration module 430 in the configuration device of the resource access right). The processor 50 executes various functional applications and data processing of the computer device by running software programs, instructions and modules stored in the storage device 51, that is, the configuration method of the resource access right described above is realized.
The storage device 51 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the storage 51 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, storage 51 may further include memory located remotely from multifunction controller 50, which may be connected to a computer device over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The communication means 52 may be used to enable a network connection or a mobile data connection between the devices.
The computer device provided by this embodiment can be used to execute the configuration method of the resource access right provided by any of the above embodiments, and has corresponding functions and advantages.
EXAMPLE six
The sixth embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, can implement the method for configuring the resource access right in any of the above embodiments. The method specifically comprises the following steps:
responding to an access instruction of a third-party application facing to a government affair authentication platform, and determining an application identifier of the third-party application, and resource identifiers and version numbers of government affair resources related to the government affair authentication platform;
encrypting the application identifier, the resource identifier and the version number of the government affair resource aiming at each government affair resource to obtain an access identifier of the government affair resource facing the third party application;
and issuing an access identifier of each government affair resource to the third party application so as to configure the resource access authority of the third party application facing the government affair authentication platform.
Of course, the storage medium provided by the embodiment of the present invention contains computer-executable instructions, and the computer-executable instructions are not limited to the operations of the method described above, and may also perform related operations in the method for configuring resource access permissions provided by any embodiment of the present invention.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.
It should be noted that, in the embodiment of the configuration apparatus for resource access permissions, each unit and each module included in the configuration apparatus are only divided according to functional logic, but are not limited to the above division, as long as the corresponding function can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A method for configuring resource access authority is characterized by comprising the following steps:
responding to an access instruction of a third-party application facing to a government affair authentication platform, and determining an application identifier of the third-party application, and resource identifiers and version numbers of government affair resources related to the government affair authentication platform;
encrypting the application identifier, the resource identifier and the version number of the government affair resource aiming at each government affair resource to obtain an access identifier of the government affair resource facing the third party application;
and issuing an access identifier of each government affair resource to the third party application so as to configure the resource access authority of the third party application facing the government affair authentication platform.
2. The method according to claim 1, wherein the encrypting the application identifier and the resource identifier and version number of the government resource for each government resource to obtain the access identifier of the government resource to the third party application comprises:
and aiming at each government affair resource, combining the application identifier of the third party application and the resource identifier and the version number of the government affair resource, and encrypting the combined identifier information of the government affair resource to obtain the access identifier of the government affair resource facing to the third party application.
3. The method according to claim 1, wherein in determining the application identification of the third party application, and the resource identification and version number of each government resource associated with the government certification platform, further comprising:
and randomly generating an encryption key of the third-party application so as to encrypt the application identifier and the resource identifier and the version number of the government affair resource aiming at each government affair resource.
4. The method according to claim 1, further comprising, after issuing an access identification for each government resource to the third party application:
responding to the resource updating operation of the government affair authentication platform or responding to the configuration updating request of the third party application, and issuing the updated access identifier of each government affair resource to the third party application so as to perform configuration updating on the resource access authority of the third party application facing the government affair authentication platform.
5. The method according to claim 1, before encrypting, for each government resource, the application identification and the resource identification and version number of the government resource, further comprising:
and authenticating the government affair identity of the third party application, and encrypting the application identifier and the resource identifier and the version number of the government affair resource aiming at each government affair resource after the authentication is passed.
6. The method according to claim 1, further comprising, after issuing an access identification for each government resource to the third party application:
responding to an access request of the third-party application to a target resource, and decrypting an access identifier of the target resource to obtain a resource identifier of the target resource;
and issuing the resource access information of the target resource to the third-party application by using the resource identifier of the target resource.
7. The method of claim 6, wherein the decryption result of the access identifier of the target resource further comprises a corresponding target application identifier and a target version number;
correspondingly, before the resource access information of the target resource is issued to the third-party application by using the resource identifier of the target resource, the method further includes:
comparing the target application identifier with the application identifier of the third-party application, if the target application identifier and the application identifier of the third-party application are consistent, continuing to compare the target version number with the version number of the target resource, and when the target application identifier and the application identifier of the third-party application are consistent, issuing resource access information of the target resource to the third-party application by using the resource identifier of the target resource;
and if the target application identifier is not consistent with the application identifier of the third-party application, or the target version number is not consistent with the version number of the target resource, issuing an illegal access message of the target resource to the third-party application.
8. An apparatus for configuring resource access rights, comprising:
the application access response module is used for responding to an access instruction of a third-party application facing to a government affair authentication platform, and determining an application identifier of the third-party application, and a resource identifier and a version number of each government affair resource associated with the government affair authentication platform;
the access identifier determining module is used for encrypting the application identifier, the resource identifier and the version number of the government affair resource aiming at each government affair resource to obtain an access identifier of the government affair resource facing the third party application;
and the access authority configuration module is used for issuing an access identifier of each government affair resource to the third party application so as to configure the resource access authority of the third party application facing the government affair authentication platform.
9. A computer device, characterized in that the computer device comprises:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement a method of configuring resource access permissions according to any of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out a method for configuring access rights to resources according to any one of claims 1 to 7.
CN202110912700.8A 2021-08-10 2021-08-10 Resource access authority configuration method, device, equipment and storage medium Pending CN113591121A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110912700.8A CN113591121A (en) 2021-08-10 2021-08-10 Resource access authority configuration method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110912700.8A CN113591121A (en) 2021-08-10 2021-08-10 Resource access authority configuration method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN113591121A true CN113591121A (en) 2021-11-02

Family

ID=78256636

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110912700.8A Pending CN113591121A (en) 2021-08-10 2021-08-10 Resource access authority configuration method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113591121A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114201418A (en) * 2021-12-13 2022-03-18 珠海格力电器股份有限公司 Data access method and device, electronic equipment and storage medium
CN117118758A (en) * 2023-10-24 2023-11-24 中国标准化研究院 Data exchange processing method and system for big data integrated government affairs

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114201418A (en) * 2021-12-13 2022-03-18 珠海格力电器股份有限公司 Data access method and device, electronic equipment and storage medium
CN114201418B (en) * 2021-12-13 2024-05-03 珠海格力电器股份有限公司 Data access method, device, electronic equipment and storage medium
CN117118758A (en) * 2023-10-24 2023-11-24 中国标准化研究院 Data exchange processing method and system for big data integrated government affairs
CN117118758B (en) * 2023-10-24 2024-02-02 中国标准化研究院 Data exchange processing method and system for big data integrated government affairs

Similar Documents

Publication Publication Date Title
CN108810006B (en) Resource access method, device, equipment and storage medium
CN111488598B (en) Access control method, device, computer equipment and storage medium
JP6547079B1 (en) Registration / authorization method, device and system
US20220191012A1 (en) Methods For Splitting and Recovering Key, Program Product, Storage Medium, and System
CN112422532B (en) Service communication method, system and device and electronic equipment
CN109344631B (en) Data modification and block verification method, device, equipment and medium for block chain
US8977857B1 (en) System and method for granting access to protected information on a remote server
CN109831435B (en) Database operation method, system, proxy server and storage medium
US11757877B1 (en) Decentralized application authentication
CN107145531B (en) Distributed file system and user management method of distributed file system
US11943345B2 (en) Key management method and related device
KR20150045790A (en) Method and Apparatus for authenticating and managing an application using trusted platform module
CN110225017B (en) Identity authentication method, equipment and storage medium based on alliance block chain
CN111190974B (en) Method, device and equipment for forwarding and acquiring verifiable statement
CN113591121A (en) Resource access authority configuration method, device, equipment and storage medium
CN114629713B (en) Identity verification method, device and system
CN115412269A (en) Service processing method, device, server and storage medium
US9754087B2 (en) Method for verifying web system license based on multi-way tree search
CN104104650A (en) Data file visit method and terminal equipment
CN110602051B (en) Information processing method based on consensus protocol and related device
Lim et al. AuthChain: a decentralized blockchain-based authentication system
CN109302442B (en) Data storage proving method and related equipment
CN110995454A (en) Service verification method and system
CN112865981B (en) Token acquisition and verification method and device
CN113872986B (en) Power distribution terminal authentication method and device and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination