CN114139128B - System resource access method, device and medium - Google Patents
System resource access method, device and medium Download PDFInfo
- Publication number
- CN114139128B CN114139128B CN202111306334.8A CN202111306334A CN114139128B CN 114139128 B CN114139128 B CN 114139128B CN 202111306334 A CN202111306334 A CN 202111306334A CN 114139128 B CN114139128 B CN 114139128B
- Authority
- CN
- China
- Prior art keywords
- certificate
- permission
- access
- user
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 61
- 238000004590 computer program Methods 0.000 claims description 12
- 238000004458 analytical method Methods 0.000 claims description 4
- 238000012986 modification Methods 0.000 abstract description 5
- 230000004048 modification Effects 0.000 abstract description 5
- 230000000694 effects Effects 0.000 abstract description 3
- 238000012545 processing Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 4
- 238000007726 management method Methods 0.000 description 3
- 238000013473 artificial intelligence Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000009877 rendering Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
- G06F21/335—User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The application discloses a system resource access method, after a system receives a permission certificate, analyzing the permission certificate to acquire permission information of specific resources in the permission certificate, opening the permission of the specific resources to a user according to the permission information, and opening the permission of the specific resources to the user only, thereby avoiding the problem of low security caused by the fact that the user has additional access permissions of other resources while having access permissions of the specific resources due to the modification of the user role. In addition, the application also provides a system resource access device and a computer readable storage medium, which correspond to the method and have the same effects.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method, an apparatus, and a medium for accessing system resources.
Background
With the development of internet technology, access control methods based on users, roles and resource rights are mainstream systems rights management methods, for example, system rights management based on Role-Based Access Control (RBAC), that is, users are associated with rights through roles. That is, one user has several roles, each having several rights. In such models, there is typically a many-to-many relationship between users and roles, and between roles and rights. The system realizes the authority division of the user through different roles of an administrator, an operator, a viewer and the like. The system gives different system access rights according to different roles of login users, and the rights of the roles are distributed along with the establishment of the roles. When a user needs to temporarily access a resource without access right in a specific period, typically, an administrator modifies the role of the user to enable the user to have the access right of the resource, and when the user access is completed, the administrator needs to modify the role of the user.
Because of the relationship between users and roles, there is typically a many-to-many relationship between roles and permissions. Once the user is assigned with the role, the user has all the operation rights of the role, so that the user has the access rights to specific resources and has the access rights to other resources at the same time by modifying the role of the user, the resource information is easy to leak, and the security is low.
Therefore, how to solve the problem of low security when the user opens the use authority of the specific resource is a technical problem to be solved urgently by the person skilled in the art.
Disclosure of Invention
The purpose of the application is to provide a system resource access method for solving the problem of low security when the use permission of a specific resource is opened to a user.
In order to solve the above technical problems, the present application provides a system resource access method, including:
receiving a permission certificate, wherein the permission certificate uniquely corresponds to account information of a user and contains permission information which is set for the user and has permission to temporarily access a specific resource;
analyzing the authority certificate to acquire the authority information of the specific resource in the authority certificate;
and opening the authority of the specific resource to the user according to the authority information.
Preferably, in the system resource access method, the generating the authority certificate includes the following steps:
when an administrator logs in, receiving a request for generating the permission certificate;
receiving the account information of the user and the authority information of the specific resource;
and generating the permission certificate according to the account information and the permission information of the specific resource.
Preferably, in the system resource access method, after receiving the request for generating the permission certificate, the method further includes:
receiving access start time and access end time;
correspondingly, the generating the permission certificate according to the account information and the permission information of the specific resource comprises the following steps:
and generating the permission certificate according to the account information, the permission information of the specific resource, the access start time and the access end time.
Preferably, in the system resource access method, after receiving the account information of the user and the authority information of the specific resource, the method further includes:
judging whether the user has the access right of the specific resource or not;
if not, entering the step of generating the permission certificate according to the account information and the permission information of the specific resource;
otherwise, the process is finished.
Preferably, in the system resource access method, after the step of receiving the permission certificate, before the step of parsing the permission certificate to obtain the permission information of the specific resource in the permission certificate, the method further includes:
judging whether the authority certificate is issued by an administrator of the system, whether the current use time is between the access start time and the access time of the authority certificate, and whether the user account information of the authority certificate is consistent with login account information of the current system;
if yes, the step of analyzing the authority certificate to acquire the authority information of the specific resource in the authority certificate is entered.
Preferably, in the system resource access method, after the authority of the specific resource is opened to the user, the method further includes:
and closing the access right of the user to the specific resource after the access connection is disconnected.
Preferably, in the system resource access method, after the determining whether the permission certificate is issued by an administrator of the system and whether a current usage time is between the access start time and the access time of the permission certificate and whether the user account information of the permission certificate is consistent with login account information of a current system, the method further includes:
if not, sending out a prompt that the permission certificate has errors.
The application also provides a system resource access device, which comprises:
the receiving module is used for receiving a permission certificate, wherein the permission certificate uniquely corresponds to the account information of the user and contains permission information which is set for the user and has the permission of temporarily accessing the specific resource;
the analysis module is used for analyzing the authority certificate to acquire the authority information of the specific resource in the authority certificate;
the right opening module is used for opening the right of the specific resource to the user according to the right information;
the receiving request module is used for receiving a request for generating the permission certificate when an administrator logs in;
the receiving information module is used for receiving account information of a user and authority information of specific resources;
the generation module is used for generating a permission certificate according to the account information and the permission information of the specific resource;
the receiving time module is used for receiving the access start time and the access end time after the receiving request module receives the request for generating the permission certificate;
the judging module is used for judging whether the user has access rights of the specific resource after the receiving information module receives the account information of the user and the rights information of the specific resource, and triggering the generating module if not;
the security checking module is configured to determine whether the permission certificate is issued by an administrator of the system after the receiving module 21 receives the permission certificate, and whether the current usage time is between the access start time and the access time of the permission certificate, and whether the user account information of the permission certificate is consistent with the login account information of the current system, if yes, trigger the analysis module, and if no, trigger the prompting module;
the prompting module is used for sending out a prompt that the permission certificate has errors;
and the closing module is used for closing the access authority of the user to the specific resource after the access connection is disconnected.
The application also provides a system resource access device, which comprises:
a memory for storing a computer program;
and the processor is used for realizing the steps of the system resource access method when executing the computer program.
The present application also provides a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of system resource access described above.
According to the system resource access method, after the permission certificate is received, the permission certificate is analyzed to obtain the permission information of the specific resource in the permission certificate, and the permission of the specific resource is opened to the user according to the permission information, wherein the permission certificate is uniquely corresponding to the account information of the user and contains the permission information which is set for the user and has the permission of temporarily accessing the specific resource.
In addition, the application also provides a system resource access device and a computer readable storage medium, which correspond to the method and have the same effects.
Drawings
For a clearer description of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described, it being apparent that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of a system resource access method provided in an embodiment of the present application;
fig. 2 is a schematic diagram of a system resource access device according to an embodiment of the present application;
fig. 3 is a block diagram of a system resource access device according to another embodiment of the present application.
Detailed Description
The following description of the technical solutions in the embodiments of the present application will be made clearly and completely with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, but not all embodiments. All other embodiments obtained by those skilled in the art based on the embodiments herein without making any inventive effort are intended to fall within the scope of the present application.
The core of the application is to provide a system resource access method, which solves the problem of low security caused by changing the role of a user to enable the user to have the access authority of a specific resource.
In order to provide a better understanding of the present application, those skilled in the art will now make further details of the present application with reference to the drawings and detailed description.
Fig. 1 is a flowchart of a system resource access method provided in an embodiment of the present application. As shown in fig. 1, a system resource access method includes:
s11: receiving a permission certificate, wherein the permission certificate uniquely corresponds to account information of a user and contains permission information which is set for the user and has permission to temporarily access a specific resource;
s12: analyzing the authority certificate to obtain the authority information of the specific resource in the authority certificate;
s13: and opening the authority of the specific resource to the user according to the authority information.
In the existing system rights management system, the rights of the user are generally divided by different roles of an administrator, an operator, a viewer and the like, and the rights certificate mentioned in this embodiment refers to a certificate containing user account information and specific resource rights information issued by the system administrator by means of a root certificate installed in the system. When the system parses the rights certificate, the issuer signature of the certificate needs to be verified by means of the root certificate public key to determine whether the rights certificate is issued by an administrator of the system, otherwise the parsing cannot be accessed.
The specific resource mentioned in this embodiment refers to resource information that the user does not have access rights, but needs to temporarily open rights to the user, and this embodiment does not limit the specific type of the specific resource, and may be a file, a website, a video, etc., and also does not limit the expression form of the specific resource in the rights certificate, for example, may be a file name, an access path, a storage address, etc., and may be designed according to actual needs. In addition, the number of specific resources is not limited in this embodiment, and may be one or more, and may be designed according to actual needs.
The present embodiment does not limit whether the rights certificate further includes other content, for example, access start time, access end time, access right is only viewing right, access right is editable right, access right is downloadable right, and the like, and is designed according to specific actual requirements, and the present embodiment is not limited specifically.
The user account information in the rights certificate mentioned in this embodiment is unique, meaning that the current rights certificate only opens the access rights of a specific resource to the current user.
Specifically, the user uploads the permission certificate, the system analyzes the permission information of the specific resource in the permission certificate, and the permission of the specific resource is opened to the user according to the permission information recorded in the permission certificate.
By the system resource access method provided by the embodiment, after the system receives the permission certificate uploaded by the user, the permission certificate is analyzed to obtain the permission information of the specific resource in the permission certificate, and the permission of the specific resource is opened to the user according to the permission information, because the permission certificate is uniquely corresponding to the account information of the user and contains the permission information which is set for the user and has the permission of temporarily accessing the specific resource, the additional resource information cannot be leaked. Therefore, by the system resource access method, the authority of the specific resource can be only opened to the user, and the problem of low security caused by the fact that the user has the access authority of the specific resource and has the access authority of other additional resources at the same time due to the fact that the user role is modified is solved.
According to the above embodiment, as for the method for generating the rights certificate, the present embodiment provides a preferred solution, and the method for generating the rights certificate includes the following steps:
when an administrator logs in, receiving a request for generating a permission certificate;
receiving account information of a user and authority information of specific resources;
and generating a permission certificate according to the account information of the user and the specific resource permission information.
Specifically, when an administrator of the system logs in, a request for generating a permission certificate is received, account information of a user uploaded by the administrator and permission information of a specific resource are received, and the system generates the permission certificate by combining the account information of the user and the permission information of the specific resource by means of the root certificate.
In addition, the present embodiment does not limit whether the rights certificate contains other information, for example, the access start time, the access end time, the access right is only the viewing right, the access right is the editable right, the access right is the downloadable right, and the like, and the present embodiment is not limited specifically.
The embodiment provides a preferred scheme for generating the permission certificate so as to ensure that the permission certificate is issued by an administrator of the system and the security of the permission certificate is ensured.
According to the above embodiment, when the access right of a specific resource is temporary and the user does not have the access right of the specific resource after the time is exceeded, the administrator may cancel the rights certificate to make the user unable to obtain the access right of the specific resource through the rights certificate, but because the cancellation needs to be managed each time, manpower and time are wasted.
Receiving access start time and access end time;
correspondingly, generating the permission certificate according to the account information and the permission information of the specific resource comprises the following steps:
generating the permission certificate according to the account information, the permission information of the specific resource, the access start time and the access end time.
Between the access start time and the access end time mentioned in this embodiment, which are set by the system administrator for the effective time for which the user can access a specific resource. When the access ending time is exceeded or before the access starting time, the rights certificate does not open the user with valid information of the specific resource.
If the authority to open a specific resource to the user is permanent, the access start time and the access end time may not be set.
According to the scheme provided by the embodiment, by setting the access start time and the access end time, the situation that after the user finishes using, the administrator cancels the permission certificate so that the user can not obtain the access permission of the specific resource through the permission certificate any more is avoided, and manpower and time are wasted.
According to the above embodiment, in order to avoid that the user already has access rights of a specific resource and generates an invalid rights certificate, the present embodiment provides a preferred solution, in the step of generating the rights certificate, the step of receiving account information of the user, and after the specific resource rights information, further includes:
judging whether the user has access rights to the specific resources;
if not, entering a step of generating a permission certificate according to the account information and the specific resource permission information;
otherwise, the process is finished.
After receiving account information of the user and authority information of the specific resource, judging whether the user has access authority of the specific resource, if the user originally has the authority of the specific resource, generating an authority certificate is not needed, and when the user does not have the authority of the specific resource, the step of generating the authority certificate is carried out.
By the scheme provided by the embodiment, the resource waste caused by generating the authority certificate for the specific resource authority owned by the user is avoided.
According to the above embodiment, in order to improve security when the system opens the rights of the specific resources to the user, the present embodiment provides a preferred solution, in the above system resource access method, after the step of receiving the rights certificate, the step of analyzing the rights certificate to obtain the rights information of the specific resources in the rights certificate further includes:
judging whether the permission certificate is issued by an administrator of the system, whether the current use time is between the access start time and the access time of the permission certificate, and whether the user account information of the permission certificate is consistent with the login account information of the current system;
if yes, a step of analyzing the authority certificate to acquire the authority information of the specific resource in the authority certificate is entered.
The judging whether the authority certificate is issued by the administrator of the system or not mentioned in the embodiment, because the authority certificate is issued by the root certificate, the issuer signature of the certificate is verified by the root certificate public key, and whether the authority certificate is issued by the administrator of the system or not can be judged; in addition, judging whether the current user use time is effective time, namely, the access start time and the access end time set in the permission certificate; judging whether the user account information of the permission certificate is consistent with the login account information of the current system, and avoiding the leakage of resources caused by that other non-permission certificates allow users to steal permission certificates to acquire permissions of specific resources.
If and only if the rights certificate is issued by an administrator of the system and the current use time is between the access start time and the access time of the rights certificate and the user account information of the rights certificate is consistent with the login account information of the current system, a step of parsing the rights certificate to obtain rights information of a specific resource in the rights certificate can be entered. If either of these is negative, the step of parsing the rights certificate to obtain rights information for the particular resource in the rights certificate cannot be entered.
By the scheme provided by the embodiment, the authority certificate is issued by an administrator of the system, the current use time is the access effective time of the authority certificate, and the user account information of the authority certificate is consistent with the login account information of the current system, so that the safety is improved.
According to the above embodiment, in order to avoid that the user has the authority of the specific resource infinitely after obtaining the access authority of the specific resource through the authority certificate, the embodiment provides a preferred scheme, and the system resource access method, after opening the authority of the specific resource to the user, further includes:
and closing the access right of the user to the specific resource after the access connection is disconnected.
In this embodiment, after the current access connection is disconnected, the access authority of the user to the specific resource is closed, which means that the access authority of the specific resource only takes effect for the current access connection of the user, when the current access connection is disconnected, the system closes the authority of the user to the specific resource, and if the user uses the account to log in again, the authority certificate is not imported, and the user has no access authority of the specific resource.
Therefore, when the user needs to acquire the access right of the specific resource every time logging in, the permission certificate needs to be imported, and after the system is checked, the access right of the specific resource is opened.
According to the above embodiment, the present embodiment provides a preferred solution, after determining whether the permission certificate is issued by an administrator of the system, and whether the current usage time is between the access start time and the access time of the permission certificate, and whether the user account information of the permission certificate is consistent with the login account information of the current system, further including:
if not, sending out a prompt that the permission certificate has errors.
When the permission certificate is not issued by an administrator of the system, or the current use time is not between the access start time and the access time of the permission certificate, or the user account information of the permission certificate is inconsistent with the login account information of the current system, the permission certificate is judged to be wrong, and a prompt that the permission certificate is wrong is sent. To alert the user to check whether the rights certificate is not a certificate issued by an administrator, whether the rights certificate exceeds an access time, or whether the current login account is inconsistent with the account information of the user of the rights certificate.
In the above embodiments, the detailed description is given to the system resource access method, and the application further provides a corresponding embodiment of the system resource access device. It should be noted that the present application describes an embodiment of the device portion from two angles, one based on the angle of the functional module and the other based on the angle of the hardware.
Fig. 2 is a schematic diagram of a system resource access device according to an embodiment of the present application. As shown in fig. 2, a system resource access device includes:
a receiving module 21, configured to receive a permission certificate, where the permission certificate uniquely corresponds to account information of a user and includes permission information set for the user to have permission to temporarily access a specific resource;
a parsing module 22, configured to parse the rights certificate to obtain rights information of a specific resource in the rights certificate;
and an open authority module 23, configured to open the authority of the specific resource to the user according to the authority information.
The receiving module 21 receives a permission certificate, which uniquely corresponds to the account information of the user and contains permission information set for the user to have permission to temporarily access the specific resource, the analyzing module 22 analyzes the permission certificate to obtain the permission information of the specific resource in the permission certificate, and the opening permission module 23 opens the permission of the specific resource to the user according to the permission information of the specific resource obtained by the analyzing module 22.
In addition, the present embodiment further includes:
the receiving request module is used for receiving a request for generating the permission certificate when an administrator logs in;
the receiving information module is used for receiving account information of a user and authority information of specific resources;
the generation module is used for generating a permission certificate according to the account information and the permission information of the specific resource;
the receiving time module is used for receiving the access start time and the access end time after the receiving request module receives the request for generating the permission certificate;
the judging module is used for judging whether the user has access rights of the specific resource after the receiving information module receives the account information of the user and the rights information of the specific resource, and triggering the generating module if not;
the security checking module is configured to determine whether the permission certificate is issued by an administrator of the system after the receiving module 21 receives the permission certificate, and whether the current usage time is between the access start time and the access time of the permission certificate, and whether the user account information of the permission certificate is consistent with the login account information of the current system, if yes, trigger the analysis module, and if no, trigger the prompting module;
the prompting module is used for sending out a prompt that the permission certificate has errors;
and the closing module is used for closing the access authority of the user to the specific resource after the access connection is disconnected.
Since the embodiments of the apparatus portion and the embodiments of the method portion correspond to each other, the embodiments of the apparatus portion are referred to the description of the embodiments of the method portion, and are not repeated herein.
Fig. 3 is a block diagram of a system resource access device according to another embodiment of the present application, and as shown in fig. 3, the system resource access device includes: a memory 30 for storing a computer program;
a processor 31 for implementing the steps of the system resource access method of the above-described embodiment when executing the computer program.
The system resource access device provided in this embodiment may include, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, or the like.
Processor 31 may include one or more processing cores, such as a 4-core processor, an 8-core processor, etc. The processor 31 may be implemented in hardware in at least one of digital signal processing (Digital Signal Processing, DSP), field programmable gate array (Field-Programmable Gate Array, FPGA), programmable logic array (Programmable Logic Array, PLA). The processor 31 may also comprise a main processor, which is a processor for processing data in an awake state, also called central processor (Central Processing Unit, CPU), and a coprocessor; a coprocessor is a low-power processor for processing data in a standby state. In some embodiments, the processor 31 may be integrated with an image processor (Graphics Processing Unit, GPU) for rendering and rendering of content required to be displayed by the display screen. In some embodiments, the processor 31 may also include an artificial intelligence (Artificial Intelligence, AI) processor for processing computing operations related to machine learning.
Memory 30 may include one or more computer-readable storage media, which may be non-transitory. Memory 30 may also include high-speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In this embodiment, the memory 30 is at least used for storing a computer program 301, where the computer program, when loaded and executed by the processor 31, is capable of implementing the relevant steps of the system resource access method disclosed in any of the foregoing embodiments. In addition, the resources stored in the memory 30 may further include an operating system 302, data 303, and the like, where the storage manner may be transient storage or permanent storage. The operating system 302 may include Windows, unix, linux, among other things. The data 303 may include, but is not limited to, data related to implementing a system resource access method, and the like.
In some embodiments, the system resource access device may further include a display 32, an input/output interface 33, a communication interface 34, a power supply 35, and a communication bus 36.
Those skilled in the art will appreciate that the architecture shown in fig. 3 is not limiting of the system resource access device and may include more or fewer components than shown.
The system resource access device provided by the embodiment of the application comprises a memory and a processor, wherein the processor can realize the following method when executing a program stored in the memory: a system resource access method. After the system receives the permission certificate uploaded by the user, the permission certificate is analyzed to obtain the permission information of the specific resource in the permission certificate, and the permission of the specific resource is opened to the user according to the permission information, because the permission certificate is uniquely corresponding to the account information of the user and contains the permission information which is set for the user and has the permission of temporarily accessing the specific resource, the additional resource information cannot be leaked. Because only the authority of the specific resource is opened to the user, the problem of low security caused by the leakage of resource information because the user has the access authority of the specific resource and the access authority of other additional resources at the same time due to the modification of the user role is avoided.
Finally, the present application also provides a corresponding embodiment of the computer readable storage medium. The computer-readable storage medium stores a computer program which, when executed by a processor, performs the steps described in the system resource access method embodiments described above.
It will be appreciated that the methods of the above embodiments, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored on a computer readable storage medium. With such understanding, the technical solution of the present application, or a part contributing to the prior art or all or part of the technical solution, may be embodied in the form of a software product stored in a storage medium, performing all or part of the steps of the method described in the various embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The present application provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, is capable of implementing the method of: after the system receives the permission certificate uploaded by the user, the permission certificate is analyzed to obtain the permission information of the specific resource in the permission certificate, and the permission of the specific resource is opened to the user according to the permission information. Because the permission certificate uniquely corresponds to the account information of the user and contains permission information which is set for the user and has the permission of temporarily accessing the specific resource, no extra resource information is revealed. Because only the authority of the specific resource is opened to the user, the problem of low security caused by the leakage of resource information because the user has the access authority of the specific resource and the access authority of other additional resources at the same time due to the modification of the user role is avoided.
The above describes in detail a system resource access method, device and medium provided by the present application. In the description, each embodiment is described in a progressive manner, and each embodiment is mainly described by the differences from other embodiments, so that the same similar parts among the embodiments are mutually referred. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section. It should be noted that it would be obvious to those skilled in the art that various improvements and modifications can be made to the present application without departing from the principles of the present application, and such improvements and modifications fall within the scope of the claims of the present application.
It should also be noted that in this specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Claims (7)
1. A system resource access method, comprising:
receiving a permission certificate uploaded by a user, wherein the permission certificate uniquely corresponds to account information of the user and contains permission information which is set for the user and has permission to temporarily access a specific resource;
when the authority certificate is determined to be issued by an administrator of a system, analyzing the authority certificate to acquire the authority information of a specific resource in the authority certificate; the authority certificate is issued by means of a root certificate installed in the system, and the system uses a root certificate public key to verify the issuer signature of the authority certificate so as to judge whether the authority certificate is issued by an administrator of the system;
opening the authority of the specific resource to the user according to the authority information;
closing the access right of the user to the specific resource after the access connection is disconnected;
the generating of the rights certificate comprises the following steps:
when an administrator logs in, receiving a request for generating the permission certificate;
receiving the account information of the user and the authority information of the specific resource;
judging whether the user has the access right of the specific resource or not;
if not, generating the permission certificate according to the account information and the permission information of the specific resource;
otherwise, the process is finished.
2. The system resource access method according to claim 1, wherein after the receiving the request for generating the authority certificate, further comprising:
receiving access start time and access end time;
correspondingly, the generating the permission certificate according to the account information and the permission information of the specific resource comprises the following steps:
and generating the permission certificate according to the account information, the permission information of the specific resource, the access start time and the access end time.
3. The system resource access method according to claim 2, wherein after the step of receiving a rights certificate, before the step of parsing the rights certificate to acquire the rights information of the specific resource in the rights certificate, further comprising:
judging whether the authority certificate is issued by an administrator of the system, whether the current use time is between the access start time and the access end time of the authority certificate, and whether the user account information of the authority certificate is consistent with login account information of the current system;
if yes, the step of analyzing the authority certificate to acquire the authority information of the specific resource in the authority certificate is entered.
4. The system resource access method according to claim 3, wherein after said determining whether the authority certificate is issued by an administrator of the system and a current usage time is between the access start time and the access end time of the authority certificate and whether the user account information of the authority certificate coincides with login account information of a current system, further comprising:
if not, sending out a prompt that the permission certificate has errors.
5. A system resource access device, comprising:
the receiving module is used for receiving a permission certificate uploaded by a user, wherein the permission certificate uniquely corresponds to the account information of the user and contains permission information which is set for the user and has permission to temporarily access a specific resource;
the analysis module is used for analyzing the authority certificate to acquire the authority information of the specific resource in the authority certificate when the authority certificate is determined to be issued by an administrator of the system; the authority certificate is issued by means of a root certificate installed in the system, and the system uses a root certificate public key to verify the issuer signature of the authority certificate so as to judge whether the authority certificate is issued by an administrator of the system;
the right opening module is used for opening the right of the specific resource to the user according to the right information;
the closing module is used for closing the access authority of the user to the specific resource after the access connection is disconnected;
the receiving request module is used for receiving a request for generating the permission certificate when an administrator logs in;
a receiving information module, configured to receive the account information of the user, and the authority information of the specific resource;
the judging module is used for judging whether the user has the access right of the specific resource, if not, triggering the generating module, otherwise, ending;
the generation module is used for generating the permission certificate according to the account information and the permission information of the specific resource.
6. A system resource access device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the system resource access method according to any of claims 1 to 4 when executing said computer program.
7. A computer readable storage medium, characterized in that it has stored thereon a computer program which, when executed by a processor, implements the steps of system resource access according to any of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111306334.8A CN114139128B (en) | 2021-11-05 | 2021-11-05 | System resource access method, device and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111306334.8A CN114139128B (en) | 2021-11-05 | 2021-11-05 | System resource access method, device and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114139128A CN114139128A (en) | 2022-03-04 |
| CN114139128B true CN114139128B (en) | 2024-03-08 |
Family
ID=80392255
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111306334.8A Active CN114139128B (en) | 2021-11-05 | 2021-11-05 | System resource access method, device and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114139128B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101640687A (en) * | 2009-08-31 | 2010-02-03 | 国家信息中心 | Privilege management system and method |
| CN103973637A (en) * | 2013-01-28 | 2014-08-06 | 华为终端有限公司 | Method for configuring permission, agent equipment and server |
| CN109657429A (en) * | 2018-09-27 | 2019-04-19 | 深圳壹账通智能科技有限公司 | Video resource management method, equipment, system and computer readable storage medium |
| CN111800440A (en) * | 2020-09-08 | 2020-10-20 | 平安国际智慧城市科技股份有限公司 | Multi-policy access control login method and device, computer equipment and storage medium |
| CN112118237A (en) * | 2020-09-04 | 2020-12-22 | 紫光云(南京)数字技术有限公司 | Resource access management method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8412932B2 (en) * | 2008-02-28 | 2013-04-02 | Red Hat, Inc. | Collecting account access statistics from information provided by presence of client certificates |
-
2021
- 2021-11-05 CN CN202111306334.8A patent/CN114139128B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101640687A (en) * | 2009-08-31 | 2010-02-03 | 国家信息中心 | Privilege management system and method |
| CN103973637A (en) * | 2013-01-28 | 2014-08-06 | 华为终端有限公司 | Method for configuring permission, agent equipment and server |
| CN109657429A (en) * | 2018-09-27 | 2019-04-19 | 深圳壹账通智能科技有限公司 | Video resource management method, equipment, system and computer readable storage medium |
| CN112118237A (en) * | 2020-09-04 | 2020-12-22 | 紫光云(南京)数字技术有限公司 | Resource access management method |
| CN111800440A (en) * | 2020-09-08 | 2020-10-20 | 平安国际智慧城市科技股份有限公司 | Multi-policy access control login method and device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114139128A (en) | 2022-03-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2973146B1 (en) | System and method for transparently injecting policy in a platform as a service infrastructure | |
| CN112997153B (en) | System and method for consistent execution policy across different SAAS applications via embedded browser | |
| CN112313652A (en) | System and method for providing data loss protection via an embedded browser | |
| US20170353458A1 (en) | System and method to allow third-party developer to debug code in customer environment | |
| CN106471466A (en) | Brief application | |
| US9027131B2 (en) | Refinement-based security analysis | |
| US11531929B2 (en) | Systems and methods for machine generated training and imitation learning | |
| US11743295B2 (en) | Methods and apparatus to provide resource security | |
| KR102502181B1 (en) | Rights control method and device, computer device and storage medium | |
| CN111414612B (en) | Security protection method and device for operating system mirror image and electronic equipment | |
| Akhawe et al. | Data-confined HTML5 applications | |
| Bastys et al. | Tracking Information Flow via Delayed Output: Addressing Privacy in IoT and Emailing Apps | |
| CN110990798B (en) | Application program permission configuration method and device, electronic equipment and storage medium | |
| CN113904821A (en) | Identity authentication method and device and readable storage medium | |
| TWI594133B (en) | File processing system and method | |
| CN110581863B (en) | Single sign-on method, device, equipment and medium for cloud platform | |
| CN114139128B (en) | System resource access method, device and medium | |
| EP3651034A1 (en) | Systems and methods for watermarking audio of saas applications | |
| CN113761478B (en) | Authorization method and device for software product | |
| CN113449330B (en) | Method for transmitting Javascript encrypted file | |
| CN117131515B (en) | Application request execution method and device, computer equipment and storage medium | |
| CN107305607A (en) | A kind of method and apparatus for preventing backstage rogue program independent operating | |
| CN113297595A (en) | Method and device for processing right-offering, storage medium and electronic equipment | |
| CN116305312A (en) | Program authorization method, program authorization protection system and related components | |
| CN117873587A (en) | Plug-in development method, plug-in operation method, device and computer readable medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |