CN113779536A - User access method, system, electronic device and medium - Google Patents
User access method, system, electronic device and medium Download PDFInfo
- Publication number
- CN113779536A CN113779536A CN202111135778.XA CN202111135778A CN113779536A CN 113779536 A CN113779536 A CN 113779536A CN 202111135778 A CN202111135778 A CN 202111135778A CN 113779536 A CN113779536 A CN 113779536A
- Authority
- CN
- China
- Prior art keywords
- user
- data
- login
- acquiring
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 238000004590 computer program Methods 0.000 claims description 13
- 238000004891 communication Methods 0.000 claims description 8
- 238000011156 evaluation Methods 0.000 description 15
- 238000012545 processing Methods 0.000 description 9
- 230000008569 process Effects 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000018109 developmental process Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000000605 extraction Methods 0.000 description 2
- 210000004709 eyebrow Anatomy 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000013527 convolutional neural network Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 210000000887 face Anatomy 0.000 description 1
- 230000001815 facial effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000008140 language development Effects 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2113—Multi-level security, e.g. mandatory access control
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention is suitable for the technical field of computers, and provides a user access method, a system, electronic equipment and a medium, wherein the method comprises the following steps: acquiring access request information of a user, and acquiring the security level of target access information according to the access request information; selecting a target login mode according to the security level, and acquiring target login data according to the target login mode; performing identity authentication on the user according to the target login data, and acquiring target access information after the authentication is passed; the system comprises: the system comprises a login module, a right management module, a grade acquisition module, a selection module and an access module; by adopting the method and the system, the problem of low operation efficiency caused by the fact that the enterprise internal application system cannot adopt a unified account number, authentication mode and authority management mode in the prior art is solved.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a user access method, system, electronic device, and medium.
Background
With the continuous development of information and network technology, the number of application platforms in enterprises is continuously increased, and the enterprise applications are diversified, namely, the traditional C/S mode and browser-based B/S architecture are provided. The method is based on both Net platform development and Java language development. The applications are independent from each other, maintain and manage the user and the user authority in respective modes and data formats, some MySQL databases and some LDAPs may have different stored data fields, and even the values of the same field are inconsistent. For users using the platform, user names for different system logins are different, for example, the system a needs to log in by using a mobile phone number, the system B needs to log in by using a user name, the system C needs to log in by using a mailbox, and the system D needs to log in by using a QQ number. The password set by each system user is also different, and the user needs to remember the password used for logging in each system.
The maintenance and management of individual user and user rights data by each enterprise application results in the need to maintain and manage duplicate data in each application system, resulting in inefficient operation. Because the maintenance management needs to be repeatedly performed on the respective systems, it is easy to cause that the data maintained and managed in some systems is incomplete, or the maintained data is inconsistent with the data in other systems. Maintenance management is carried out respectively, so that different design and concepts of authority systems are brought, and the integration difficulty among the systems is higher.
Disclosure of Invention
The invention provides a user access method, a user access system, electronic equipment and a user access medium, which aim to solve the problem of low operation efficiency caused by the fact that an enterprise internal application system cannot adopt a unified account number, an authentication mode and a permission management mode in the prior art.
The user access method provided by the invention comprises the following steps:
acquiring access request information of a user, and acquiring the security level of target access information according to the access request information;
selecting a target login mode according to the security level, and acquiring target login data according to the target login mode;
and performing identity authentication on the user according to the target login data, and acquiring target access information after the authentication is passed.
Optionally, the user access method includes:
judging whether the security level is greater than a level threshold value;
if so, selecting a first login mode, acquiring first login data of the user according to the first login mode, and authenticating the identity of the user according to the first login data;
if not, selecting a second login mode, acquiring second login data of the user according to the second login mode, and performing identity authentication on the user according to the second login data.
Optionally, the performing identity authentication on the user according to the first login data includes:
encrypting the first login data to obtain encrypted data;
decrypting the encrypted data to obtain decrypted data;
and performing identity authentication on the user according to the decrypted data.
Optionally, before the encrypting the first login data to obtain the encrypted data, the method further includes:
extracting the characteristics of the first login data to obtain target characteristics;
and if the target characteristics do not meet the preset conditions, the first login data of the user is obtained again.
Optionally, the decrypting data includes first physiological data, and the authenticating the user according to the decrypting data includes:
acquiring registration data of a user, wherein the registration data comprises second physiological data;
acquiring the similarity of the first physiological data and the second physiological data;
and if the similarity is greater than the similarity threshold value, the authentication is passed.
Optionally, the user access method further includes:
acquiring the type of the user and acquiring the user authority according to the type;
judging whether the access request information is reasonable or not according to the user permission;
if yes, acquiring target access information according to the access request information;
if not, access is denied.
The invention also provides a user access system, comprising:
the system comprises a level acquisition module, a security level acquisition module and a security level management module, wherein the level acquisition module is used for acquiring access request information of a user and acquiring the security level of target access information according to the access request information;
the selecting module is used for selecting a target login mode according to the security level and acquiring target login data according to the target login mode;
the access module is used for carrying out identity authentication on the user according to the target login data and acquiring target access information after the authentication is passed;
the login module is used for acquiring target login data of a user;
and the authority management module is used for acquiring the type of the user, performing authority distribution according to the type of the user and determining the authority range of the user, and the level acquisition module, the selection module, the access module, the login module and the authority management module are connected.
The present invention also provides an electronic device comprising: a processor and a memory;
the memory is used for storing computer programs, and the processor is used for executing the computer programs stored by the memory so as to enable the electronic equipment to execute the user access method.
The invention also provides a computer-readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, realizes the user access method as described above.
As described above, the present invention provides a user access method, system, electronic device, and medium, which have the following advantages: firstly, obtaining access request information of a user, and obtaining the security level of target access information according to the access request information; selecting a target login mode according to the security level, and acquiring target login data according to the target login mode; performing identity authentication on the user according to the target login data, and acquiring target access information after the authentication is passed; and selecting a proper login mode and a proper authentication mode according to the security level of the target access information, thereby improving the security of the target access information and avoiding the problem of data leakage. The target login mode comprises two login modes, corresponding login data are obtained according to the target mode, then the identity authentication is carried out on the user according to the login data, the user authority is managed in a unified mode, the problem that the operation efficiency is low due to the fact that the internal application systems of the enterprise cannot adopt unified accounts, authentication modes and authority management modes is solved, and the problem that the user data in each application system are not unified and incomplete is solved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed for the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
FIG. 1 is a flow chart illustrating a user access method according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a method for selecting a target login manner according to an embodiment of the present invention;
FIG. 3 is a schematic structural diagram of a user access system in an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device in an embodiment of the present invention.
Detailed Description
The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and effects of the present invention will be easily understood by those skilled in the art from the disclosure of the present specification. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict.
It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present invention, and the components related to the present invention are only shown in the drawings rather than drawn according to the number, shape and size of the components in actual implementation, and the type, quantity and proportion of the components in actual implementation may be changed freely, and the layout of the components may be more complicated.
In order to explain the technical means of the present invention, the following description will be given by way of specific examples.
Fig. 1 is a flowchart illustrating a user access method provided in an embodiment of the present invention.
As shown in fig. 1, the user access method includes steps S110 to S130:
s110, obtaining access request information of a user, and obtaining the security level of target access information according to the access request information;
s120, selecting a target login mode according to the security level, and acquiring target login data according to the target login mode;
s130, performing identity authentication on the user according to the target login data, and acquiring target access information after the authentication is passed.
In step S110 of this embodiment, a user initiates an access request, obtains access request information of the user according to the access request, obtains information that the user wants to access according to the access request information, and further obtains a security level of target access information. Therefore, the security level of the target access information can be obtained through the access request information of the user, and before the security level of the target access information is obtained according to the access request information, the security level of the target access information needs to be configured according to the data importance of the target access information. Configuring the security level of the target access information according to the importance of the target access information includes: and acquiring the importance of the target access information, and configuring the security level of the target access information. The importance of obtaining the target access information includes: acquiring a security parameter of target access information; acquiring technical parameters of access information; and acquiring a security level evaluation parameter of the target access information according to the security parameter and the technical parameter, and configuring the security level of the target access information according to the security level evaluation parameter.
In one embodiment, the obtaining of the security level evaluation parameter of the target access information according to the security parameter and the technical parameter comprises: acquiring a security evaluation parameter according to the security parameter and a preset security weight; acquiring a technical evaluation parameter according to the technical parameter and a preset technical weight; and acquiring a security level evaluation parameter of the target access information according to the security evaluation parameter and the technical evaluation parameter. The security level is configured for the target access information, and a proper login mode and an authentication mode are selected according to the security level, so that the security of the target access information with high security level is improved, and the problem of data leakage is avoided.
In one embodiment, the method for obtaining the security parameters of the target access information comprises the following steps: obtaining the private data volume of the target access information; and acquiring the security parameters according to the amount of the privacy data. Private data includes, but is not limited to, user identification card, user address, user contact, corporate financial data. The preset security weight can be set according to actual conditions, and the security evaluation parameter is obtained according to the product of the security parameter and the preset security parameter.
In one embodiment, the method for acquiring technical parameters of target access information comprises the following steps: acquiring the data volume of a key technology corresponding to the target access information; and acquiring technical parameters according to the data volume of the key technology. The preset technical weight can be set according to actual conditions, technical evaluation parameters are obtained according to the product of the technical parameters and the preset technical parameters, and safety evaluation parameters are obtained according to the sum of the secret evaluation parameters and the technical evaluation parameters; and then setting the security level of the target access information according to the size of the security evaluation parameter. The larger the security evaluation parameter of the target access information is, the higher the security level of the target access information is.
In an embodiment, the user access method further includes: judging whether the private data volume of the target access information and the data volume of the key technology are changed or not, and if so, acquiring the security level of the target access information according to the changed private data volume and the data volume of the key technology; therefore, before the security level of the target access information is obtained according to the request access information, it is necessary to determine whether the security level of the target access information changes, and if so, obtain the latest security level of the target access information. The setting method of the grade threshold comprises the following steps: obtaining an average value of the security levels; obtaining access information closest to the average value of the security levels; judging whether the access information needs a first login mode to be acquired; and if so, determining the security level of the access information as a level threshold. The security levels are set for different access information, and corresponding login modes and authentication modes are adopted according to the corresponding security levels, namely, the higher security login modes and authentication modes are adopted for the higher security target access information, so that the security of the target access information is improved, and the problem of data leakage is avoided.
In step S120 of this embodiment, please refer to fig. 2 for a specific implementation method of selecting a target login manner according to a security level and obtaining target login data according to the target login manner, where fig. 2 is a flowchart illustrating the method for selecting the target login manner in an embodiment of the present invention.
As shown in fig. 2, the method for selecting the target login manner may include the following steps S210 to S230:
s210, judging whether the security level is greater than a level threshold value;
s220, if yes, selecting a first login mode, acquiring first login data of the user according to the first login mode, and authenticating the identity of the user according to the first login data;
and S230, if not, selecting a second login mode, acquiring second login data of the user according to the second login mode, and performing identity authentication on the user according to the second login data.
In one embodiment, the security of the first login method is higher than that of the second login method, and the security of the authentication method based on the first login data is higher than that of the authentication method based on the second login data. The first login mode performs login according to first login data of the user, and the first login data may be physiological data, such as a human face. The second login mode may be login according to second login data, and the second login data may be an account and a password.
In one embodiment, authenticating the user according to the first login data comprises: encrypting the first login data to obtain encrypted data; decrypting the encrypted data to obtain decrypted data; and performing identity authentication on the user according to the decrypted data. The first login data are encrypted and then decrypted, and then the user is authenticated according to the decrypted data, so that the first login data are prevented from being leaked, and the personal privacy data of the user are prevented from being leaked.
In an embodiment, the decryption data is data obtained by decrypting and decrypting the first login data, and the first login data includes the physiological data, so that the decryption data obtained based on the first login data includes the first physiological data. The identity authentication of the user according to the decrypted data comprises: acquiring registration data of a user, wherein the registration data comprises second physiological data; acquiring the similarity of the first physiological data and the second physiological data; and if the similarity is greater than the similarity threshold value, the authentication is passed.
In one embodiment, before obtaining the access request information of the user, it needs to be determined whether the user has completed account registration, and if the user has completed account registration, the subsequent login step is performed; if the user does not complete the registration, the user is required to complete the registration process. The user registration needs to complete the mode of combining an account and a password, and also needs to be carried out according to the physiological data of the user; physiological data includes, but is not limited to, human faces.
In an embodiment, when the user registers by using the physiological data, in order to avoid the nonstandard mode of acquiring the physiological data of the user in the login process, the user needs to acquire the physiological data of the user for many times and at multiple angles during the registration, judge the acquired physiological data of the user, judge whether the acquired physiological data of the user meets the preset condition, if not, acquire the physiological data of the user again until the acquired physiological data meets the preset condition, and then complete the registration process. After the registration is completed, in order to avoid leakage of the user physiological data, encryption processing needs to be carried out on the user physiological data, and then decryption processing needs to be carried out to obtain second physiological data; the encryption processing and the decryption processing are performed in the same manner as the encryption and decryption processing of the first login data.
In an embodiment, taking the biological data as a human face as an example, in the registration process, determining whether the preset condition of the collected user physiological data includes: the method comprises the steps of collecting a face image of a user, extracting features of the face image, and judging whether the extracted features meet preset conditions. Specifically, features of the Face image can be extracted by adopting a Face + + artificial intelligence open platform trained deep-coupled convolutional neural network (DCNN), the extracted features of the Face image are key points for extracting a Face, 83 key points of the Face comprise 19 outer contour points and 64 internal feature points, wherein 8 key points of the left eyebrow and the right eyebrow, 10 key points of the left eye and the right eye, 10 key points of the nose and 1 key point of the mouth are included. Judging whether the extracted features meet preset conditions comprises the following steps: acquiring a plurality of distances between key points; and acquiring the maximum distance, and judging whether the maximum distance is smaller than a distance threshold value. And if the maximum distance is smaller than the distance threshold, the extracted features accord with preset conditions.
In an embodiment, before the first login data is encrypted, the feature of the first login data needs to be extracted to obtain the target feature, whether the target feature meets a preset condition is judged, if the target feature does not meet the preset condition, the user needs to repeat the login process to further obtain the updated first login data of the user, and then the user is authenticated according to the updated first login data. The way of extracting the features of the first login data and judging whether the extracted features meet the preset conditions is the same as the way of processing the physiological data in the registration process.
In one embodiment, obtaining the similarity between the first physiological data and the second physiological data comprises: extracting features of the first physiological data to obtain first features; extracting the features of the second physiological data to obtain second features; and acquiring the similarity between the first characteristic and the second characteristic to obtain the similarity between the first physiological data and the second physiological data. The extraction mode of the first characteristic and the second characteristic is the same as the mode of extracting the facial image characteristic in the registration process.
In an embodiment, the user access method further includes: acquiring the type of the user and acquiring the user authority according to the type; judging whether the access request information is reasonable or not according to the user permission; if yes, acquiring target access information according to the access request information; if not, access is denied. The user access method further comprises the following steps: the method comprises the steps of obtaining the type of a user, carrying out authority distribution according to the type of the user and determining the authority range of the user. Specifically, the types of users include, but are not limited to, a visitor and an administrator, and the types of users may change in different application systems, and if the user is an administrator identity, the user data includes, but is not limited to, functions of adding, querying, updating, and deleting data; in order to avoid the wrong operation of the administrator, the administrator needs to input a correct administrator password before adding, inquiring, updating or deleting data. By uniformly managing the user permission, the problem of low operation efficiency caused by the fact that an enterprise internal application system cannot adopt a uniform permission management mode is solved.
The embodiment of the invention provides a user access method, which comprises the steps of firstly, obtaining access request information of a user and obtaining the security level of target access information according to the access request information; selecting a target login mode according to the security level, and acquiring target login data according to the target login mode; performing identity authentication on the user according to the target login data, and acquiring target access information after the authentication is passed; and selecting a proper login mode and a proper authentication mode according to the security level of the target access information, thereby improving the security of the target access information with high security level and avoiding the problem of data leakage. The target login mode comprises two login modes, corresponding login data are obtained according to the target mode, then the identity authentication is carried out on the user according to the login data, the user authority is managed in a unified mode, the problem that the operation efficiency is low due to the fact that the internal application systems of the enterprise cannot adopt unified accounts, authentication modes and authority management modes is solved, and the problem that the user data in each application system are not unified and incomplete is solved.
Based on the same inventive concept as the user access method, correspondingly, the embodiment also provides a user access system. In this embodiment, the user access system executes the user access method described in any of the above embodiments, and specific functions and technical effects are described with reference to the above embodiments, which are not described herein again.
Fig. 3 is a schematic structural diagram of a user access system provided in the present invention.
As shown in fig. 3, the user access system includes: 31 level acquisition module, 32 selection module and 33 access module.
The system comprises a level acquisition module, a level display module and a security level display module, wherein the level acquisition module is used for acquiring access request information of a user and acquiring the security level of target access information according to the access request information;
the selecting module is used for selecting a target login mode according to the security level and acquiring target login data according to the target login mode;
and the access module is used for carrying out identity authentication on the user according to the target login data and acquiring target access information after the authentication is passed.
In some exemplary embodiments, the user access system further includes:
the login module is used for acquiring target login data of a user;
and the authority management module is used for acquiring the type of the user, performing authority distribution according to the type of the user and determining the authority range of the user, and the level acquisition module, the selection module, the access module, the login module and the authority management module are connected.
The grade judging module is used for judging whether the safety grade is greater than a grade threshold value;
the first authentication module is used for selecting a first login mode if the user is authenticated, acquiring first login data of the user according to the first login mode, and authenticating the identity of the user according to the first login data;
and the second authentication module is used for selecting a second login mode if the user does not login, acquiring second login data of the user according to the second login mode, and authenticating the identity of the user according to the second login data.
In some exemplary embodiments, the first authentication module includes:
the encryption unit is used for carrying out encryption processing on the first login data to obtain encrypted data;
the decryption unit is used for decrypting the encrypted data to obtain decrypted data;
and the authentication unit is used for carrying out identity authentication on the user according to the decrypted data.
In some exemplary embodiments, the first authentication module further comprises:
the characteristic extraction unit is used for extracting the characteristics of the first login data to obtain target characteristics;
and the characteristic judging unit is used for re-acquiring the first login data of the user if the target characteristic does not accord with the preset condition.
In some exemplary embodiments, the authentication unit includes:
the registration data acquisition subunit is used for acquiring registration data of the user, wherein the registration data comprises second physiological data;
a similarity obtaining subunit, configured to obtain a similarity between the first physiological data and the second physiological data;
and the authentication subunit is used for passing the authentication if the similarity is greater than the similarity threshold.
In some exemplary embodiments, the user access system further includes:
the authority acquisition module is used for acquiring the type of the user and acquiring the user authority according to the type;
the access judging module is used for judging whether the access request information is reasonable or not according to the user permission;
the first execution module is used for acquiring target access information according to the access request information if the access request information is positive;
and the second execution module is used for refusing access if the second execution module does not accept the access.
The present embodiment also provides a computer-readable storage medium on which a computer program is stored, which when executed by a processor implements any of the methods in the present embodiments.
In an embodiment, referring to fig. 4, the embodiment further provides an electronic device 400, which includes a memory 401, a processor 402, and a computer program stored in the memory and executable on the processor, and when the processor 402 executes the computer program, the steps of the method according to any one of the above embodiments are implemented.
The computer-readable storage medium in the present embodiment can be understood by those skilled in the art as follows: all or part of the steps for implementing the above method embodiments may be performed by hardware associated with a computer program. The aforementioned computer program may be stored in a computer readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
The electronic device provided by the embodiment comprises a processor, a memory, a transceiver and a communication interface, wherein the memory and the communication interface are connected with the processor and the transceiver and are used for realizing mutual communication, the memory is used for storing a computer program, the communication interface is used for carrying out communication, and the processor and the transceiver are used for operating the computer program to enable the electronic device to execute the steps of the method.
In this embodiment, the Memory may include a Random Access Memory (RAM), and may also include a non-volatile Memory (non-volatile Memory), such as at least one disk Memory.
The Processor may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the Integrated Circuit may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component.
In the above-described embodiments, references in the specification to "the present embodiment," "an embodiment," "another embodiment," "in some exemplary embodiments," or "other embodiments" means that a particular feature, structure, or characteristic described in connection with the embodiments is included in at least some embodiments, but not necessarily all embodiments. The various appearances of the phrase "the present embodiment," "one embodiment," or "another embodiment" are not necessarily all referring to the same embodiment.
In the embodiments described above, although the present invention has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of these embodiments will be apparent to those skilled in the art in light of the foregoing description. For example, other memory structures (e.g., dynamic ram (dram)) may use the discussed embodiments. The embodiments of the invention are intended to embrace all such alternatives, modifications and variances that fall within the broad scope of the appended claims.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The invention is operational with numerous general purpose or special purpose computing system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
The invention may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The foregoing embodiments are merely illustrative of the principles of the present invention and its efficacy, and are not to be construed as limiting the invention. Any person skilled in the art can modify or change the above-mentioned embodiments without departing from the spirit and scope of the present invention. Accordingly, it is intended that all equivalent modifications or changes which can be made by those skilled in the art without departing from the spirit and technical spirit of the present invention be covered by the claims of the present invention.
Claims (10)
1. A user access method, characterized in that the user access method comprises:
acquiring access request information of a user, and acquiring the security level of target access information according to the access request information;
selecting a target login mode according to the security level, and acquiring target login data according to the target login mode;
and performing identity authentication on the user according to the target login data, and acquiring target access information after the authentication is passed.
2. The user access method according to claim 1, wherein the user access method comprises:
judging whether the security level is greater than a level threshold value;
if so, selecting a first login mode, acquiring first login data of the user according to the first login mode, and authenticating the identity of the user according to the first login data;
if not, selecting a second login mode, acquiring second login data of the user according to the second login mode, and performing identity authentication on the user according to the second login data.
3. The method of claim 2, wherein authenticating the user according to the first login data comprises:
encrypting the first login data to obtain encrypted data;
decrypting the encrypted data to obtain decrypted data;
and performing identity authentication on the user according to the decrypted data.
4. The user access method according to claim 3, wherein before the encrypting the first login data to obtain the encrypted data, the method further comprises:
extracting the characteristics of the first login data to obtain target characteristics;
and if the target characteristics do not meet the preset conditions, the first login data of the user is obtained again.
5. The user access method of claim 4, wherein the decrypted data comprises first physiological data, and wherein authenticating the user based on the decrypted data comprises:
acquiring registration data of a user, wherein the registration data comprises second physiological data;
acquiring the similarity of the first physiological data and the second physiological data;
and if the similarity is greater than the similarity threshold value, the authentication is passed.
6. The user access method of claim 1, further comprising:
acquiring the type of the user and acquiring the user authority according to the type;
judging whether the access request information is reasonable or not according to the user permission;
if yes, acquiring target access information according to the access request information;
if not, access is denied.
7. A user access system, the user access system comprising:
the system comprises a level acquisition module, a security level acquisition module and a security level management module, wherein the level acquisition module is used for acquiring access request information of a user and acquiring the security level of target access information according to the access request information;
the selecting module is used for selecting a target login mode according to the security level and acquiring target login data according to the target login mode;
and the access module is used for carrying out identity authentication on the user according to the target login data and acquiring target access information after the authentication is passed.
8. The user access system of claim 7, further comprising:
the login module is used for acquiring target login data of a user;
and the authority management module is used for acquiring the type of the user, performing authority distribution according to the type of the user and determining the authority range of the user.
9. An electronic device comprising a processor, a memory, and a communication bus;
the communication bus is used for connecting the processor and the memory;
the processor is configured to execute a computer program stored in the memory to implement the method of any one of claims 1-6.
10. A computer-readable storage medium, having stored thereon a computer program for causing a computer to perform the method of any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111135778.XA CN113779536A (en) | 2021-09-27 | 2021-09-27 | User access method, system, electronic device and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111135778.XA CN113779536A (en) | 2021-09-27 | 2021-09-27 | User access method, system, electronic device and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113779536A true CN113779536A (en) | 2021-12-10 |
Family
ID=78853633
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111135778.XA Pending CN113779536A (en) | 2021-09-27 | 2021-09-27 | User access method, system, electronic device and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113779536A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114844714A (en) * | 2022-05-24 | 2022-08-02 | 中国民生银行股份有限公司 | User identity authentication method and LDAP protocol-based proxy server |
| CN117093880A (en) * | 2023-10-19 | 2023-11-21 | 四川互慧软件有限公司 | Single sign-on user management method and system based on medical integrated platform |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105207780A (en) * | 2015-08-26 | 2015-12-30 | 中国联合网络通信集团有限公司 | User authentication method and device |
| CN109756458A (en) * | 2017-11-06 | 2019-05-14 | 北京京东尚科信息技术有限公司 | Identity identifying method and system |
| CN110889094A (en) * | 2019-11-18 | 2020-03-17 | 中国银行股份有限公司 | Login authentication method and device |
| CN111581608A (en) * | 2020-04-09 | 2020-08-25 | 苏宁云计算有限公司 | Authentication method, system and computer readable storage medium based on application program login |
-
2021
- 2021-09-27 CN CN202111135778.XA patent/CN113779536A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105207780A (en) * | 2015-08-26 | 2015-12-30 | 中国联合网络通信集团有限公司 | User authentication method and device |
| CN109756458A (en) * | 2017-11-06 | 2019-05-14 | 北京京东尚科信息技术有限公司 | Identity identifying method and system |
| CN110889094A (en) * | 2019-11-18 | 2020-03-17 | 中国银行股份有限公司 | Login authentication method and device |
| CN111581608A (en) * | 2020-04-09 | 2020-08-25 | 苏宁云计算有限公司 | Authentication method, system and computer readable storage medium based on application program login |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114844714A (en) * | 2022-05-24 | 2022-08-02 | 中国民生银行股份有限公司 | User identity authentication method and LDAP protocol-based proxy server |
| CN117093880A (en) * | 2023-10-19 | 2023-11-21 | 四川互慧软件有限公司 | Single sign-on user management method and system based on medical integrated platform |
| CN117093880B (en) * | 2023-10-19 | 2023-12-26 | 四川互慧软件有限公司 | Single sign-on user management method and system based on medical integrated platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11550895B2 (en) | Systems and mechanism to control the lifetime of an access token dynamically based on access token use | |
| US20200236147A1 (en) | Brokered authentication with risk sharing | |
| US20210377254A1 (en) | Federated identity management with decentralized computing platforms | |
| KR102002509B1 (en) | Privite blockchain system including notarizing center and notarial method thereof | |
| TW202024977A (en) | Identity verification method and system therefor | |
| US9544306B2 (en) | Attempted security breach remediation | |
| US11811754B2 (en) | Authenticating devices via tokens and verification computing devices | |
| US20140096210A1 (en) | Advanced Authentication Techniques | |
| CN110268406B (en) | Password security | |
| CN110046156A (en) | Content Management System and method, apparatus, electronic equipment based on block chain | |
| WO2018233051A1 (en) | Data release method and device, and server and storage medium | |
| CN113779536A (en) | User access method, system, electronic device and medium | |
| CN110569658A (en) | User information processing method and device based on block chain network, electronic equipment and storage medium | |
| CN110908786A (en) | Intelligent contract calling method, device and medium | |
| CN112367338A (en) | Malicious request detection method and device | |
| WO2020025056A1 (en) | Method, device, system, and mobile terminal for security authorization | |
| CN112468497B (en) | Block chain terminal equipment authorization authentication method, device, equipment and storage medium | |
| CN111147235B (en) | Object access method and device, electronic equipment and machine-readable storage medium | |
| CN109818915B (en) | Information processing method and device, server and readable storage medium | |
| US11936798B2 (en) | Securing a provable resource possession | |
| CN114154182A (en) | Information encryption method and device, storage medium and electronic device | |
| CN114567451B (en) | Identity verification method, identity verification device, computer equipment and storage medium | |
| US20230208634A1 (en) | Key management method and apparatus | |
| US20240104223A1 (en) | Portable verification context | |
| CN109166070B (en) | Tool generation method and device in government affair system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |