CN113992406A - Authority access control method for alliance chain cross-chain - Google Patents
Authority access control method for alliance chain cross-chain Download PDFInfo
- Publication number
- CN113992406A CN113992406A CN202111256667.4A CN202111256667A CN113992406A CN 113992406 A CN113992406 A CN 113992406A CN 202111256667 A CN202111256667 A CN 202111256667A CN 113992406 A CN113992406 A CN 113992406A
- Authority
- CN
- China
- Prior art keywords
- authority
- user
- management module
- chain
- role
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
Abstract
The invention discloses a permission access control method for alliance chain cross-chain, which comprises the following steps: setting three user roles of an administrator, a common user and a supervisory user in a cross-link network; setting authority by dividing according to user roles; the authority management module sets an authority control strategy for all operations in the cross-link network; respectively setting corresponding authorities of an administrator, a common user and a supervisory user according to an authority control strategy; setting a mapping relation mode of an operation or an operation object of a user management module and a user, and acquiring the identity of the user from a service session to judge; setting the operation of the card and the single number, setting the server side to perform the unauthorized verification on the object information used for the business operation, verifying whether the information belongs to the current user, reporting an error if the verification fails, and preventing the unauthorized operation from being tampered to operate the card number and the single number of other people. The invention can realize the role authority access control, thereby realizing the safety of cross-link access.
Description
Technical Field
The invention belongs to the technical field of alliance chain crossing, and particularly relates to an authority access control method for alliance chain crossing.
Background
Currently, a cross-link technology is used as a bridge between platforms which are connected to different block chain underlying architectures, data structures, network links and technical interfaces, so that data on different platforms can be intercommunicated, and key problems that data cannot be intercommunicated due to the underlying architectures, the data structures, the link networks, the interface technologies and the like between block chains are solved, wherein the cross-link technology is generally used for realizing data intercommunion between different platforms through the interface technology.
However, when this function is executed, because of being limited by the underlying architecture, the data structure, and the network link, the user data structures and formats between the block chains of different business users are different, it is difficult to perform secure interaction and intercommunication, it is difficult to implement a universal access interface, and there is a problem that data access cannot be controlled, and it is not satisfactory to implement access control of the application, data, and user rights on different platforms.
Patent application No. CN202011458000.8, namely 'a heterogeneous license chain value exchange method with existence certification', discloses a heterogeneous license chain value exchange method with existence certification, which can perform existence certification on inter-chain transactions, unify communication protocols among heterogeneous license chains, and realize the requirements of authenticity, reliability, value equivalence, transaction consistency and the like of inter-chain information interaction; the method can be used for parallel expansion among the license chains, has good expansibility, enables value exchange among heterogeneous license chains to be carried out, is expanded into a multi-service scene from a single scene or connection or expansion, is expanded by a single service main body or connected to the multi-service main body, and can greatly expand application scenes. According to the scheme, communication protocols among heterogeneous license chains are unified, existence certification is conducted on transactions among the chains, parallel expansion is conducted among the license chains, authenticity, reliability, equal value and transaction consistency of information interaction among the chains are achieved, a single business main body or a heterogeneous license chain with the existence certification is expanded or connected to a multi-business main body, the existence certification aiming at the information among the chains is achieved through the heterogeneous license chain value exchange method, and two sides of value exchange are heterogeneous license chains. Each license chain is connected with any node in the license chain through a cross-chain communication agent node, the agent node is responsible for registration, message signing, transaction routing, signature verification, transaction existence verification and transaction consistency guarantee among the license chains, all heterogeneous license chains are communicated and interacted through a cross-chain network communication module, a cross-chain standard interaction protocol CSCP (cross-chain standard interaction protocol designed in Cross) and a standard interface for inter-chain network communication of the block chains are designed in the cross-chain network communication module, the cross-chain implementation mode does not relate to authority access control, and the problem of how to solve security of user access in the data interaction process is not specifically mentioned.
Therefore, in order to meet the requirement of inter-federation chain crossing, a method for controlling inter-federation chain cross-link authority access is urgently needed.
Disclosure of Invention
Based on the background and the problems in the prior art, the invention proposes to design a permission access control method for alliance chain cross-linking, realizes data isolation of different Namespaces through a Namespace (Namespace), sets application chains, gateways and service contracts under different namespaces to be renamed, each Namespace comprises an alliance chain network and a plurality of cross-linking gateways, and the gateways are connected with the application chains in the block chain network to form the basis of permission access control of the invention.
To achieve these objects and other advantages and in accordance with the purpose of the invention, as embodied and broadly described herein, there is provided a method for controlling access to rights of a federation chain across chains, comprising:
setting three types of user roles of an administrator, a common user and a supervisory user in a cross-link network, and dividing and setting a permission system according to the role types;
the authority management module sets an authority control strategy for all operations in the cross-link network, when a client operation request is obtained, the server checks the authority of the current user, judges the authority of the current user for the operation, and refuses access if the server does not have the authority; during important operation, user authority needs to be verified so as to prevent horizontal unauthorized operation;
respectively setting corresponding authorities of an administrator, an operator and an approver according to an authority control strategy;
setting an operation or operation object (user) of a user management module and a mapping relation mode of a user role (role), namely a one-to-one relation mode, wherein the user, the operator or the operation object and the role form the one-to-one mapping relation mode in the operations such as a client number, a mobile phone number and the like, and the identity of the user is obtained from a service session for judgment;
because each user may have information such as a plurality of drop cards, a plurality of operation single numbers, a plurality of signing numbers and the like at the same time, the information needs to be sent to a server side from a client side, the operation of setting the cards and the single numbers is realized, namely, the server side is set to carry out unauthorized verification on object information used for business operation, such as card numbers, the single numbers and the like, whether the information belongs to the current user is verified, if the verification is not passed, an error is reported, and the card numbers and the single numbers of other people are prevented from being tampered and operated by unauthorized verification.
The object of the present invention can be further achieved by a method for determining all viewable data and all interactive operations in a cross-link network based on the authority system set by the user role, the method relates to the authority system and further comprises a user management module, a role management module and an authority management module:
a user management module: the password resetting function is mainly used for user creation, user information inquiry, user deactivation or activation and password resetting;
the role management module: the role authority management system is mainly used for one or more functions of role creation or deletion and role authority inquiry or update;
the authority management module: the method is mainly used for setting different authority control of each role on application chain management, gateway management and CCTP management.
In the above scheme, cross-chain access control is implemented based on three management modules involved in an authority system, and further, the specific implementation steps include:
the user management module verifies the complexity of the password in the password setting, password modification and password resetting processes, prevents weak passwords from being generated, and realizes a preliminary admission mechanism, namely an access control mechanism;
based on the access control mechanism of the user management module, the role management module is realized by the access control mechanism of the authority management module and comprises the following steps: controlling the page of the user after logging in accessed by the user, controlling the browsing of the directory list, controlling the information leakage of the site and the unauthorized downloading of the file, controlling the minimum authority required by granting different accounts to complete the respective undertaking tasks and forming a mutual restriction relationship between the minimum authority and the minimum authority;
and the authority management module realizes access control requirement threshold through the access control mechanism, the requirement threshold meets corresponding safety requirement based on the requirement number, and the requirement threshold is set according to the safety requirement.
In the above solution, the access control mechanism is implemented by configuring a verification operation corresponding to the authority number, and the user management module verifies the complexity of the password in the password setting, password modification, and password resetting processes to prevent the weak password from being generated, and preferably, the access control mechanism can also be implemented by verifying the complexity of the password in the login module and performing authority access control according to the verification result, including: the weak password is found to refuse to log in or modify one or more operations of the login password through other effective authentication modes (such as a short message verification code).
Further, the specific implementation steps of the authority control policy include:
when the authority configuration is realized, corresponding modules are deployed for the service end to carry out authority rule verification, and the set mutually exclusive authority cannot be simultaneously granted to the same user role; wherein the content of the first and second substances,
configuring parameter maintenance and user management authority for the administrator, configuring corresponding service operation authority for a common user, and configuring service approval authority for a supervisory user;
when each user role performs important operation, the authority of the user role needs to be verified, and the vertical override operation is controlled.
Further, when the checksum passes, the specific implementation steps of error reporting include:
the client submits a request, acquires the user role identity from the session through the server, judges the current operation authority to realize direct server verification, executes the operation request if the operation request passes the verification, and returns an authority verification exception to the client if the operation request does not pass the verification; in addition, the first and second substrates are,
in order to save storage space, part of the channel system (channel server) is set not to store relevant business data, such as a fixed-length deposit account, a serial number, a subscription number and the like.
In the above scheme, under the condition that the selected and set part of channel system does not store related service data and the system cannot be directly verified, the method further comprises the following steps:
before checking, inquiring information such as a single number owned by a current client through the background and other core service systems, such as the internet bank background and a background core, and further performing unauthorized check;
when acquiring single number information from the background and other service core systems (e.g. the internet bank background or the background core), storing the single number information in the session for subsequent unauthorized check;
setting interfaces between a channel server and a background and other service core systems (an internet bank background and a background core), such as inquiry or other operations taking a single number, a signing number and the like as objects, adding a client unique identifier such as a client number and the like into request parameters of the background and other service core systems, and carrying out unauthorized check on the client number and the single number by the background and other service core systems. The channel server and the background and interfaces between other service core systems (the internet bank background and the background core) are set, the field (such as a client number) of the client identity is added in the query result, and the channel server performs unauthorized check with the current client identity through the field of the client identity returned by the background.
Based on the technical scheme, the invention provides a method for realizing inter-alliance inter-chain cross-chain permission access, which has the following beneficial effects:
1. the invention provides a method for controlling access of cross-link authority among allied links, which realizes data isolation of different Namespaces through a Namespace (Namespace) to form the basis of authority access of the invention;
2. based on a naming space, a 'user-role-authority' model diagram is built to realize the role distribution for the user, and further to set an authority system to realize all viewable data and all interactive operations in the authority access control cross-link network;
3. the authority system is divided into three modules, the function division is clear, and the safety of cross-chain interactive operation is ensured;
4. setting a set authority control strategy for the authority system to prevent unauthorized operation;
5. the method sets the operation mode of the user management module or the one-to-one relationship mode of the operation object and the user and the operation of the card and single number level, and solves the problem that each user possibly has information authority access control processing services such as a plurality of lower hanging cards, a plurality of operation single numbers, a plurality of signing numbers and the like simultaneously in the process of inter-alliance chain crossing.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required to be used in the description of the embodiments are briefly introduced below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings may be obtained according to the drawings without any creative effort, and it is obvious that the concrete implementation flows in the drawings are further specific embodiments of the present invention and fall into the protection scope of the present invention.
FIG. 1 is a diagram of a user-role-privilege model of the present invention;
FIG. 2 is a schematic diagram of the operation performed by the subscriber management module of the present invention;
FIG. 3 is a flow chart of the client performing direct server verification in accordance with the present invention;
FIG. 4 is a flow chart of the information flow of the unauthorized inquiry single number of the online banking regular account service system of the present invention;
FIG. 5 is a flowchart illustrating the process of storing details of the online banking periodic account after querying the details;
FIG. 6 is a flowchart of the details query submission request parameter for the online banking periodic account according to the present invention;
fig. 7 is a flowchart of the internet bank periodic account detail query increment field according to the present invention.
Detailed Description
In order to clearly illustrate the present invention and make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, so that those skilled in the art can implement the technical solutions in reference to the description text. The technology of the present invention will be described in detail below with reference to the accompanying drawings in conjunction with specific embodiments.
The noun explains:
CCTP (CCTP): cross Chain Transport Protocol, a Cross-link Protocol, implements data transmission between a Cross-link gateway and a Cross-link network.
Namespace, Namespace: one form of code organization is classified by name space, distinguishing different code functions.
Session: and (5) session control. When a user jumps between Web pages of an application program, a Web server automatically creates a Session object, the Session object stores attributes and configuration information required by a specific user Session, and variables stored in the Session object are not lost but exist in the whole user Session.
The invention provides a cross-link authority access control method between allied links, which realizes data isolation of different Namespaces through a Namespace (Namespace), and can rename application chains, gateways and service contracts under different namespaces. Each name space contains a alliance chain network and a plurality of cross-chain gateways, and the gateways are connected with application chains in the block chain network to form the basis of the authority access control of the invention.
FIG. 1 is a model diagram of "user-role-authority" in the present invention, wherein a role is assigned to a user and an authority is configured for the role. Each user has a role, and each role corresponds to a plurality of users. The method comprises the following steps:
step 1: setting three types of user roles of an administrator, a common user and a supervisory user in a cross-link network, and dividing and setting an authority system according to the user role types, wherein the method specifically comprises the following steps:
(1) setting the authority system based on the user role to judge all viewable data and all interactive operations in the cross-link network;
(2) the authority system further comprises a user management module, a role management module and an authority management module, and the authority system specifically comprises the following components:
1) a user management module: the password resetting function is mainly used for user creation, user information inquiry, user deactivation or activation and password resetting;
2) the role management module: the method is mainly used for functions of role creation or deletion, role authority inquiry/update and the like;
3) the authority management module: the method is mainly used for setting different authority control of each role on application chain management, gateway management and CCTP management.
The method comprises the following steps of realizing cross-chain authority access control based on three management modules related to an authority system, wherein the specific realization steps comprise:
1) the user management module checks the complexity of the password in the password setting, password modification and password resetting processes, prevents weak passwords from being generated, and can also check the complexity of the password through the login module and perform authority access control according to the check result, and the method comprises the following steps: obtaining a weak password to refuse login or modifying one or more operations of a login password through other effective authentication modes (such as a short message verification code), and realizing a preliminary admission mechanism, namely an access control mechanism;
2) based on the access control mechanism of the user management module, the role management module is realized by the access control mechanism of the authority management module, and comprises the following steps: the method comprises the steps of controlling an unregistered user to access a page after the user logs in, controlling directory list browsing, controlling site information leakage and unauthorized file downloading, granting different accounts with minimum rights required for completing respective bearing tasks, and forming a mutual restriction relationship among the pages. In another embodiment of the present invention, "control" may be replaced with "inhibit" herein.
3) The authority management module realizes the access control requirement threshold through an access control mechanism, the requirement threshold meets corresponding safety requirements based on requirement numbers, the requirement threshold is set according to the safety requirements, and the specific summary includes the operations of the following tables:
step 2: the authority management module sets an authority control strategy for all operations in the cross-link network, when an operation request is obtained, the server side verifies the authority of the current user, and if the current user does not have the authority of the operation, the access is refused; during important operation, user authority needs to be verified, and horizontal unauthorized operation is prevented;
and 3, step 3: according to the authority control strategy, configuring the corresponding authorities of an administrator, a common user and a supervisory user respectively: configuring parameter maintenance and user management authority for an administrator, configuring corresponding service operation authority for a common user, and configuring service approval authority for a supervision user. When the authority is configured, the server deploys a corresponding module to carry out authority rule verification, and the set mutually exclusive authority cannot be granted to the same type of nodes at the same time; during important operation, user authority needs to be verified, and vertical unauthorized operation is prevented;
and 4, step 4: setting an operation or operation object of a user management module and a user mapping relation mode, wherein a one-to-one mapping relation mode is formed by users, operators or operation objects and roles in operations such as client numbers, mobile phone numbers and the like, and the identities of the users are obtained from service session for judgment; FIG. 2 is a schematic diagram of the operation performed by the user management module of the present invention;
and 5, step 5: because each user may have information such as a plurality of drop cards, a plurality of operation single numbers, a plurality of signing numbers and the like at the same time, the information needs to be sent to a server side from a client side, the operation of the cards and the single numbers is set, the server side is set to carry out unauthorized verification on object information (such as card numbers, single numbers and the like) used for business operation, whether the information belongs to the current user is verified, if the verification is not passed, an error is reported, and the card numbers and the single numbers of other people are prevented from being tampered and operated by unauthorized verification; the method specifically comprises the following steps:
(1) the client submits a request, acquires the user role identity from the session through the server, judges the current operation authority to realize direct server verification, executes the operation request if the operation request passes the verification, and returns an authority verification exception to the client if the operation request does not pass the verification to realize direct server verification, wherein the specific flow is shown in FIG. 3;
(2) in order to save storage space, part of the channel system (channel server) is set not to store related service data (such as a fixed deposit account, a serial number, a subscription number and the like), and in this case, if the system cannot be directly verified, the method can be solved by the following steps:
1) before checking, the background and other service core systems (the internet bank background and the background core) are used for inquiring the information such as the single number owned by the current customer again, then the unauthorized check is carried out, and the specific implementation flow including the information of the single number is shown in the following figure 4 by taking the internet bank regular account detail inquiry as an example;
2) when acquiring the single number information from the background and other service core systems (the internet bank background and the background core), storing the single number information in the session for subsequent unauthorized check, taking the internet bank regular account detail query as an example, and the overall specific implementation flow including information storage is shown in fig. 5:
3) setting interfaces between a channel server and a background and other service core systems (an online bank background and a background core), such as query or other operations taking a single number, a subscription number and the like as objects, and adding a client unique identifier such as a client number and the like into request parameters of the background and other service core systems, wherein the background and other service core systems carry out unauthorized check on the client number and the single number, taking online bank regular account detail query as an example, as shown in fig. 6;
in the above steps, interfaces between the channel server and other service systems (e.g. the internet bank background and the background core) in the background are set, a field of the customer identity (i.e. the customer number) is added in the query result, and the channel end server performs unauthorized check with the current customer identity through the field of the customer identity returned by the background, taking the internet bank periodic account details query as an example, and the overall flow including the added field is shown in fig. 7.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
The embodiments described above are presented to enable a person having ordinary skill in the art to make and use the invention. It will be readily apparent to those skilled in the art that various modifications to the above-described embodiments may be made, and the generic principles defined herein may be applied to other embodiments without the use of inventive faculty. Therefore, the present invention is not limited to the above embodiments, and those skilled in the art should make improvements and modifications to the present invention based on the disclosure of the present invention within the protection scope of the present invention.
Claims (9)
1. A permission access control method for alliance chain cross-chain is characterized by comprising the following specific implementation steps:
setting three types of user roles of an administrator, a common user and a supervisory user in a cross-link network, and dividing and setting permissions according to the role types;
the authority management module sets an authority control strategy for all operations in the cross-link network, when a client operation request is obtained, the server checks the authority of the current user, judges the authority of the current user for the operation, and refuses access if the server does not have the authority; when important operation is carried out, user authority needs to be verified;
setting a user of a user management module and the role mapping relation mode, and acquiring the identity of the user from the session of the server side for judgment;
and setting the server side to perform unauthorized verification on the user information used for business operation, verifying the condition that the user information belongs to the current user role, and reporting an error if the verification is not passed.
2. The method for controlling authority access of alliance chain cross-chain according to claim 1, wherein, judge all viewable data and all interoperable in cross-chain network based on the authority, the authority system further includes the user management module, the role management module and the authority management module;
a user management module: for user creation, user information query, user deactivation or activation, password reset functions;
the role management module: one or more functions for role creation or deletion and role authority inquiry or update;
the authority management module: for setting each role to different authority controls for application chain management, gateway management, and CCTP management.
3. The method for controlling authority access of a federation chain across chains according to claim 2, wherein the cross-chain authority access control is realized based on three management modules involved in an authority system, and the specific implementation steps include:
the user management module verifies the complexity of the password in the password setting, password modification and password resetting processes, prevents weak passwords from being generated, and realizes a preliminary admission mechanism;
based on the access control mechanism of the user management module, the role management module is realized by the access control mechanism of the authority management module and comprises the following steps: controlling the page of the user after logging in accessed by the user, controlling the browsing of the directory list, controlling the information leakage of the site and the unauthorized downloading of the file, controlling the minimum authority required by granting different accounts to complete the respective undertaking tasks and forming a mutual restriction relationship between the minimum authority and the minimum authority;
and the authority management module realizes access control requirement threshold through the access control mechanism, the requirement threshold meets corresponding safety requirement based on the requirement number, and the requirement threshold is set according to the safety requirement.
4. The method as claimed in claim 3, wherein the access control mechanism is implemented by configuring a verification operation corresponding to the authority number, the user management module verifies the complexity of the password in the password setting, password modification and password resetting processes, and the implementation of the method for verifying the complexity of the password in the login module and performing the authority access control according to the verification result includes: and when the weak password is acquired, one or more operations of refusing to log in or modifying the login password through other effective authentication modes are carried out.
5. The method for controlling authority access of a federation chain across chains as claimed in claim 1, wherein the authority control policy is implemented by the steps of:
when the authority configuration is realized, corresponding modules are deployed for the service end to carry out authority rule verification, and the set mutually exclusive authority cannot be simultaneously granted to the same user role; wherein the content of the first and second substances,
configuring parameter maintenance and user management authority for the administrator, configuring corresponding service operation authority for a common user, and configuring service approval authority for a supervisory user;
when each user role performs important operation, the authority of the user role needs to be verified, and the vertical override operation is controlled.
6. The method for controlling authority access of a federation chain across chains according to claim 1, wherein when the checksum passes, the error reporting is implemented by:
the client submits a request, acquires the user role identity from the session through the server, judges the current operation authority to realize direct server verification, executes the operation request if the operation request passes the verification, and returns an authority verification exception to the client if the operation request does not pass the verification; in addition, the first and second substrates are,
and setting part of channel systems not to store related business data.
7. The method of claim 6, wherein when the selected and set part of channel servers do not store related service data and cannot be directly verified, the method further comprises the following steps:
before checking, inquiring information such as a single number owned by the current client through the background and other core service systems;
when acquiring the single number information from the background and other service core systems, storing the single number information in the session;
and setting interfaces between the channel server and the background and other service core systems, and performing unauthorized check on the client number and the single number.
8. The method as claimed in claim 7, wherein the interface is configured to perform an unauthorized check with the current client identity through the field of the client identity returned from the background by adding the field of the client identity to the query result.
9. Method for federated cross-chain access control in accordance with any of claims 1-7, characterized in that the cross-chain network is a federated cross-chain network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111256667.4A CN113992406A (en) | 2021-10-27 | 2021-10-27 | Authority access control method for alliance chain cross-chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111256667.4A CN113992406A (en) | 2021-10-27 | 2021-10-27 | Authority access control method for alliance chain cross-chain |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113992406A true CN113992406A (en) | 2022-01-28 |
Family
ID=79742664
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111256667.4A Pending CN113992406A (en) | 2021-10-27 | 2021-10-27 | Authority access control method for alliance chain cross-chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113992406A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114884728A (en) * | 2022-05-06 | 2022-08-09 | 浙江蓝景科技有限公司 | Security access method based on role access control token |
| CN116432207A (en) * | 2023-06-07 | 2023-07-14 | 国网福建省电力有限公司 | Power data authority hierarchical management method based on blockchain |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017114210A1 (en) * | 2015-12-31 | 2017-07-06 | 阿里巴巴集团控股有限公司 | Apparatus and method for security control of data processing system |
| CN108173850A (en) * | 2017-12-28 | 2018-06-15 | 杭州趣链科技有限公司 | A kind of identity authorization system and identity identifying method based on block chain intelligence contract |
| CN108632268A (en) * | 2018-04-28 | 2018-10-09 | 腾讯科技(深圳)有限公司 | The method for authenticating and device, storage medium, electronic device that block chain accesses |
| CN112187748A (en) * | 2020-09-15 | 2021-01-05 | 中信银行股份有限公司 | Cross-network access control management method and device and electronic equipment |
| CN112632164A (en) * | 2020-12-21 | 2021-04-09 | 杭州云象网络技术有限公司 | Universal cross-chain programming interface method for realizing trusted authority access |
| CN112632605A (en) * | 2020-12-22 | 2021-04-09 | 平安普惠企业管理有限公司 | Method and device for preventing unauthorized access, computer equipment and storage medium |
| CN113271211A (en) * | 2021-05-18 | 2021-08-17 | 网易(杭州)网络有限公司 | Digital identity verification system, method, electronic device and storage medium |
-
2021
- 2021-10-27 CN CN202111256667.4A patent/CN113992406A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017114210A1 (en) * | 2015-12-31 | 2017-07-06 | 阿里巴巴集团控股有限公司 | Apparatus and method for security control of data processing system |
| CN108173850A (en) * | 2017-12-28 | 2018-06-15 | 杭州趣链科技有限公司 | A kind of identity authorization system and identity identifying method based on block chain intelligence contract |
| CN108632268A (en) * | 2018-04-28 | 2018-10-09 | 腾讯科技(深圳)有限公司 | The method for authenticating and device, storage medium, electronic device that block chain accesses |
| WO2019205849A1 (en) * | 2018-04-28 | 2019-10-31 | 腾讯科技(深圳)有限公司 | Authentication method and apparatus for blockchain access, and storage medium and electronic apparatus |
| CN112187748A (en) * | 2020-09-15 | 2021-01-05 | 中信银行股份有限公司 | Cross-network access control management method and device and electronic equipment |
| CN112632164A (en) * | 2020-12-21 | 2021-04-09 | 杭州云象网络技术有限公司 | Universal cross-chain programming interface method for realizing trusted authority access |
| CN112632605A (en) * | 2020-12-22 | 2021-04-09 | 平安普惠企业管理有限公司 | Method and device for preventing unauthorized access, computer equipment and storage medium |
| CN113271211A (en) * | 2021-05-18 | 2021-08-17 | 网易(杭州)网络有限公司 | Digital identity verification system, method, electronic device and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 张奥;白晓颖;: "区块链隐私保护研究与实践综述", 软件学报, no. 05 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114884728A (en) * | 2022-05-06 | 2022-08-09 | 浙江蓝景科技有限公司 | Security access method based on role access control token |
| CN116432207A (en) * | 2023-06-07 | 2023-07-14 | 国网福建省电力有限公司 | Power data authority hierarchical management method based on blockchain |
| CN116432207B (en) * | 2023-06-07 | 2023-09-22 | 国网福建省电力有限公司 | Power data authority hierarchical management method based on blockchain |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110598394B (en) | Authority verification method and device and storage medium | |
| CN110012015B (en) | Block chain-based Internet of things data sharing method and system | |
| US8935398B2 (en) | Access control in client-server systems | |
| CN102638454B (en) | Plug-in type SSO (single signon) integration method oriented to HTTP (hypertext transfer protocol) identity authentication protocol | |
| CN1852094B (en) | Method and system for protecting account of network business user | |
| CN101931613B (en) | Centralized authenticating method and centralized authenticating system | |
| CN109670768A (en) | Right management method, device, platform and the readable storage medium storing program for executing in multi-service domain | |
| CN100421399C (en) | Distribution type group communication management system and method for setting group | |
| CN101729541B (en) | Method and system for accessing resources of multi-service platform | |
| JP2006053923A5 (en) | ||
| CN113992406A (en) | Authority access control method for alliance chain cross-chain | |
| CN113221093B (en) | Single sign-on system, method, equipment and product based on block chain | |
| CN114553440B (en) | Cross-data center identity authentication method and system based on block chain and attribute signature | |
| CN113722722A (en) | Block chain-based high-security-level access control method and system | |
| CN111953491B (en) | SSH Certificate and LDAP based two-step authentication auditing method | |
| CN112202564B (en) | Transaction transfer method and device, electronic equipment and readable storage medium | |
| CN116488868A (en) | Server security access method, device and storage medium | |
| US7631344B2 (en) | Distributed authentication framework stack | |
| CN113807700B (en) | Method and system for issuing and receiving aircraft in-wing command scheduling based on block chain | |
| Lin et al. | User-managed access delegation for blockchain-driven IoT services | |
| CN100362804C (en) | Method and system for realizing area management over sub network | |
| CN111447090A (en) | Configuration management and control system among multi-service systems | |
| CN115102717B (en) | Interconnection and intercommunication data transmission method and system based on user system | |
| CN112989398B (en) | Data processing method and device for block chain network, computer equipment and medium | |
| CN116956247B (en) | Information processing system based on BIM |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |