CN114884718B - Data processing method, device, equipment and storage medium - Google Patents

Data processing method, device, equipment and storage medium Download PDF

Info

Publication number
CN114884718B
CN114884718B CN202210469433.6A CN202210469433A CN114884718B CN 114884718 B CN114884718 B CN 114884718B CN 202210469433 A CN202210469433 A CN 202210469433A CN 114884718 B CN114884718 B CN 114884718B
Authority
CN
China
Prior art keywords
user
data
user side
authorization
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210469433.6A
Other languages
Chinese (zh)
Other versions
CN114884718A (en
Inventor
李子龙
王远雄
胡红
王杜鑫
蔡上
钟敏
张驰俊
张培钧
陈颖聪
叶嘉铮
林婷
黄科
王永强
李志华
彭静
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Power Grid Co Ltd
Meizhou Power Supply Bureau of Guangdong Power Grid Co Ltd
Original Assignee
Guangdong Power Grid Co Ltd
Meizhou Power Supply Bureau of Guangdong Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Power Grid Co Ltd, Meizhou Power Supply Bureau of Guangdong Power Grid Co Ltd filed Critical Guangdong Power Grid Co Ltd
Priority to CN202210469433.6A priority Critical patent/CN114884718B/en
Publication of CN114884718A publication Critical patent/CN114884718A/en
Application granted granted Critical
Publication of CN114884718B publication Critical patent/CN114884718B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a data processing method, a device, equipment and a storage medium. Wherein the method comprises the following steps: acquiring an access authorization request sent by a user; verifying the user terminal according to at least one of the user identity, the source network protocol IP address and the visited management authority data of the user terminal; and providing an authorization credential for the user side according to the verification result, so that the user side obtains the requirement data from an edge application layer based on the authorization credential. By the technical scheme, data leakage can be avoided, and the safety of data transmission is improved.

Description

Data processing method, device, equipment and storage medium
Technical Field
Embodiments of the present invention relate to the field of computers, and in particular, to a data processing method, apparatus, device, and storage medium.
Background
When a user sends a data access request, the current internet of things edge computing platform directly searches and acquires the demand data of the user from the cloud through an edge server, and directly sends the demand data of the user to a user terminal, and in the process, a hacker can steal the regional network data through the data access request. How to ensure security in the data transmission process is a problem to be solved.
Disclosure of Invention
The embodiment of the invention provides a data processing method, a device, equipment and a storage medium, which are used for avoiding data leakage and improving the safety of data transmission.
In a first aspect, an embodiment of the present invention provides a data processing method, including:
acquiring an access authorization request sent by a user;
verifying the user terminal according to at least one of the user identity, the source network protocol IP address and the visited management authority data of the user terminal;
and providing an authorization credential for the user side according to the verification result, so that the user side obtains the requirement data from an edge application layer based on the authorization credential.
In a second aspect, an embodiment of the present invention further provides a data processing apparatus, including:
the access authorization request acquisition module is used for acquiring an access authorization request sent by a user side;
the verification module is used for verifying the user terminal according to at least one of the user identity, the source network protocol IP address and the visited management authority data of the user terminal;
and the authorization credential providing module is used for providing authorization credentials for the user side according to the verification result so that the user side can acquire the requirement data from the edge application layer based on the authorization credentials.
In a third aspect, an embodiment of the present invention further provides an electronic device, including:
one or more processors;
a storage means for storing one or more programs;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the data processing methods described in any of the embodiments of the present invention.
In a fourth aspect, an embodiment of the present invention provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the data processing method according to any embodiment of the present invention.
According to the technical scheme provided by the embodiment of the invention, the access authorization request sent by the user side is obtained; verifying the user terminal according to at least one of the user identity of the user terminal, the source network protocol IP address and the visited management authority data; and providing an authorization credential for the user side according to the verification result, so that the user side can acquire the requirement data from the edge application layer based on the authorization credential. According to the scheme, when the user side needs to acquire the demand data through the edge application layer, the edge application layer does not verify the user information, the demand data of the user is searched for the user directly based on the data access request sent by the user side, and the demand data is fed back to the user side. In this case, when the user does not have the data access right, the required data is fed back to the user side, which may cause a problem that the data is stolen. The data confidentiality is guaranteed, and the unexpected leakage of the data is prevented.
Drawings
FIG. 1 is a flowchart of a data processing method according to a first embodiment of the present invention;
FIG. 2 is a flowchart of a data processing method according to a second embodiment of the present invention;
FIG. 3 is a flowchart of a data processing method according to a third embodiment of the present invention;
FIG. 4 is a schematic diagram of a data processing apparatus according to a fourth embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to a fifth embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting thereof. It should be further noted that, for convenience of description, only some, but not all of the structures related to the present invention are shown in the drawings.
Example 1
Fig. 1 is a flowchart of a data processing method according to a first embodiment of the present invention, where the embodiment is applicable to a case of how to process data. The method may be performed by a data processing apparatus provided by an embodiment of the present invention, which may be implemented in software and/or hardware. The device can be configured in a terminal server, and the terminal server can be configured in an electronic device, wherein an authorization layer for performing an authorization function on a user terminal can be configured in the terminal server. The embodiment can be applied to an authorization layer, and the method specifically comprises the following steps:
s110, obtaining an access authorization request sent by a user.
The user terminal refers to user terminal equipment held by a user, and an access party can send out a data access request and/or an access authorization request through the user terminal.
Specifically, when a user requests access to the required data by sending a data access request, the user needs to input account information and a password of an access party through a user terminal to log in a server, and after logging in the server, an access authorization request is sent to an authorization layer in a terminal server to request to acquire data access rights. The authorization layer is one of the constituent structures of the terminal server and has the function of authorizing the user side.
And S120, verifying the user terminal according to at least one of the user identity of the user terminal, the source network protocol IP address and the visited management authority data.
Alternatively, the user identity may include, but is not limited to, login account information, real name information, and the like. The source IP address (Internet Protocol ) refers to the IP address of the user terminal when the user terminal issues an access authorization request.
Optionally, after receiving the access authorization request sent by the user terminal, the authorization layer of the terminal server obtains the user identity to be verified of the user terminal, verifies the user identity, and obtains a verification result of the user identity. For example, the verification method for the user identity may be to verify real-name information in the user identity of the user terminal; and under the condition that the verification is passed, verifying whether the user terminal is an internal user according to the login account information in the user identity.
Specifically, after the authorization layer obtains the user identity to be verified of the user side, according to whether the login account of the user completes real-name authentication, if the login account of the user has completed real-name authentication, the user identity to be verified is further compared with the internal user identity stored in the user layer, and if the user identity to be verified is consistent with the internal user identity, the user is determined to be the internal user; and if the identity of the user to be verified is inconsistent with the identity of the internal user, determining that the user is an external user. For example, if the login account of the user does not complete the real-name authentication, a real-name authentication prompt may be sent to the user through the client.
Optionally, in this embodiment, the method for verifying the source IP address of the user terminal may be: after receiving an access authorization request sent by a user terminal, an authorization layer of a terminal server acquires a source IP address of the user terminal, verifies the source IP address and acquires a verification result of the source IP address. For example, after the authorization layer obtains the source IP address of the user terminal, the source IP address is compared with the internal IP address stored in the user layer, and if the source IP address is consistent with the internal IP address, the source IP address is determined to be the internal IP address; if the source IP address is inconsistent with the internal IP address, the source IP address is determined to be the external IP address. The internal IP address is a user layer pre-stored in the terminal server and has the access right of the regional network; the external IP address is an IP address of an application layer not stored in the terminal server.
Optionally, in this embodiment, the visited administrative rights data includes a regional network administrator login account. After receiving an access authorization request sent by a user side, an authorization layer of a terminal server acquires a login account of the user side, and takes the acquired login account of the user side as a login account to be verified. Comparing the login account to be verified with the login account of the regional network manager stored in the user layer, and if the login account to be verified is consistent with the login account of the regional network manager, the login account to be verified is the login account of the regional network manager; and if the login account to be verified is inconsistent with the login account of the regional network manager, determining that the login account to be verified is not the login account of the regional network manager. The regional network administrator login account refers to a login account of a user with regional network administrator rights. The regional network administrator authority refers to authority not limited by regional network access, and a user with the regional network administrator authority can access all data in the regional network. Regional networks include local area networks, home networks, campus networks, and medical networks.
And S130, providing an authorization credential for the user side according to the verification result, so that the user side can acquire the requirement data from the edge application layer based on the authorization credential.
The authorization credential is a credential for the user to acquire access rights of the required data from the regional network. The demand data is data acquired by a user through a data access request. The edge application layer is an application layer of an edge server, and the edge server refers to a server determined based on edge calculation. The edge computing refers to an open platform with network, computing, storage and application core capabilities on one side close to the object or data source, and a server determined by the edge computing can provide the nearest service for the user side.
Specifically, according to the verification result of at least one of the user identity, the source IP address and the visited management authority data of the user terminal, whether the user has the data access authority of the regional network is determined, and if the user has the data access authority of the regional network, an authorization credential is provided for the user terminal. After the user side obtains the authorization credential, a data access request carrying the authorization credential is sent to the edge application layer, the edge application layer responds to the data access request carrying the authorization credential, and the data access request is searched and obtained from the cloud database and corresponding to the data access request, and the required data is fed back to the user side. For example, if the data access request sent by the user end to the edge application layer does not carry the authorization credential, the edge application layer does not respond to the data access request, and may send alarm information to the terminal server, so as to remind the data maintainer that there is a risk of data leakage currently.
Optionally, in this embodiment, the authorization layer of the terminal server may determine whether to provide the authorization credential for the user side according to a verification result of the user identity of the user side. If the authentication result of the user identity is the internal user, the authorization layer provides authorization credentials for the user side. If the verification result of the user identity is an external user, no authorization credential is provided for the user side. Or, if the verification result of the user identity is an external user, sending a verification code acquisition request to the user terminal to acquire the verification code input by the user, and providing an authorization credential for the user terminal under the condition that the verification code input by the user passes verification.
Optionally, in this embodiment, the authorization layer of the terminal server may determine, according to a verification result of the source IP address of the user terminal, whether to provide the authorization credential for the user terminal. If the verification result of the source IP address is that the source IP address is an internal IP address, providing an authorization credential for the user terminal through an authorization layer; if the verification result of the source IP address is that the source IP address is the external IP address, no authorization credential is provided for the user side.
Optionally, in this embodiment, the authorization layer of the terminal server may determine whether to provide the authorization credential for the user side according to whether the login account of the user side is authenticated management authority data. If the verification result is that the login account of the user side is the login account of the administrator, providing an authorization credential for the user side through an authorization layer; if the verification result is that the login account of the user side is not the login account of the administrator, no authorization credential is provided for the user side.
Preferably, in this embodiment, the authorization credential may also be provided to the user side according to the verification result of the user identity of the user side, the verification result of the source IP address of the user side, and whether the login account of the user side is the verification result of the accessed management authority data. Specifically, if the user identity is determined to be an external user according to the verification result of the user identity of the user end, no authorization credential is provided for the user end;
if the user identity is determined to be an internal user according to the verification result of the user identity of the user end, continuing to verify the source IP address of the user end, and if the source IP address is an external IP address, not providing an authorization credential for the user end; if the source IP address is an internal IP address, further verifying whether the login account of the user is an administrator login account according to the accessed management authority data, and if the login account of the user side is not the administrator login account, not providing an authorization credential for the user side; if the login account of the user is the login account of the administrator, an authorization credential is provided for the user.
According to the technical scheme provided by the embodiment, the access authorization request sent by the user side is obtained; verifying the user terminal according to at least one of the user identity, the source IP address and the visited management authority data of the user terminal; and providing an authorization credential for the user side according to the verification result, so that the user side can acquire the requirement data from the edge application layer based on the authorization credential. According to the scheme, when the user side needs to acquire the demand data through the edge application layer, the edge application layer does not verify the user information, the demand data of the user is searched for the user directly based on the data access request sent by the user side, and the demand data is fed back to the user side. In this case, when the user does not have the data access right, the required data is fed back to the user side, which may cause a problem that the data is stolen. The data confidentiality is guaranteed, and the unexpected leakage of the data is prevented.
Example two
Fig. 2 is a flowchart of a data processing method provided by a second embodiment of the present invention, where the second embodiment is optimized based on the foregoing embodiment, and provides a method for matching a source network protocol IP address of a user terminal with an authorized IP address; if the two are not matched, verifying whether the user side is an optional embodiment of an internal user according to the accessed management authority data. Specifically, as shown in fig. 2, the data processing method provided in this embodiment may include:
s210, obtaining an access authorization request sent by a user.
S220, matching the source network protocol IP address of the user side with the authorized IP address.
Wherein the authorized IP address refers to an internal IP address with data access rights.
Specifically, the authorized IP address is stored in the user layer in advance. After receiving an access authorization request sent by a user terminal, an authorization layer of a terminal server acquires a source IP address of the user terminal and matches the source IP address with an authorized IP address. If the matching result of the source IP address and the authorized IP address is consistent, determining that the source IP address and the authorized IP address are matched; if the matching result of the source IP address and the authorized IP address is inconsistent, the source IP address and the authorized IP address are not matched.
And S230, if the two are not matched, verifying whether the user terminal is an internal user according to the accessed management authority data.
Specifically, if the source IP address of the user terminal is not matched with the authorized IP address, verifying whether the login account of the user is an administrator login account according to the accessed management authority data, and if the login account of the user terminal is not the administrator login account, the user terminal is an external user; if the login account of the user terminal is the administrator login account, the user terminal is an internal user.
Optionally, if the source IP address of the user side matches the authorized IP address, and the login account of the user side is the administrator login account.
And S240, providing an authorization credential for the user side according to the verification result, so that the user side can acquire the requirement data from the edge application layer based on the authorization credential.
In the technical solution provided in this embodiment, the manner of providing the authorization credential for the user side according to the verification result may also be to provide the authorization credential for the user side according to the access right of the user side. Specifically, the method can be realized through the following substeps:
s2401, determining the access right of the user side according to the verification result.
If the verification result is that the user side is an internal user, the access authority of the user side is all the authorities; if the verification result is that the user side is an external user, the access right of the user side is a partial right.
In this alternative embodiment, the access rights of the user side are divided into full rights and partial rights. Wherein, all rights refer to rights to access all data in the regional network; the partial rights refer to rights to access partial data within the regional network. On the basis, the authorization layer can provide the authorization credentials for the user side, wherein the authorization credentials comprise all authority authorization credentials and part of authority authorization credentials.
S2402, providing authorization credentials for the user side according to the access rights.
Specifically, if the user terminal is an internal user, providing all authority authorization credentials for the user terminal; if the user terminal is an external user, sending a verification code acquisition request to the user terminal, acquiring a verification code input by the user, and providing partial authority authorization credentials for the user terminal under the condition that the verification code input by the user passes verification.
According to the verification result of the user terminal, different authorization certificates are provided for the user terminals with different access rights, so that the differentiated requirements of users and enterprises can be met, and the data transmission efficiency is ensured on the basis of ensuring the data transmission safety.
According to the technical scheme provided by the embodiment, the source network protocol IP address of the user terminal is matched with the authorized IP address, whether the user terminal is an internal user is verified according to the matching result, and the authorization credential is provided for the user terminal according to the verification result, so that the user terminal can acquire the demand data from the edge application layer based on the authorization credential. The method solves the problem that when part of users have access rights to part of data of the regional network because of actual demands, the source IP address is an external IP address, so that the demand data cannot be acquired, and the data communication efficiency is low. The data transmission efficiency is ensured while the data transmission safety is ensured.
Example III
Fig. 3 is a flowchart of a data processing method provided in a third embodiment of the present invention, where the data processing method is optimized based on the foregoing embodiment, and a data access request carrying the authorization credential sent by a user terminal is given; under the condition that the user side has the data access authority, searching and acquiring the search data of the data access request, matching the search data with the data access request, and determining whether the search data can be used as an optional embodiment of the demand data according to the matching result. In this embodiment, the edge application layer is integrated in the terminal server, and this embodiment is performed by cooperation of the edge application layer and the authorization layer in the terminal server. Specifically, as shown in fig. 3, the data processing method provided in this embodiment may include:
s310, obtaining an access authorization request sent by a user side.
S320, verifying the user terminal according to at least one of the user identity of the user terminal, the source network protocol IP address and the visited management authority data.
S330, providing authorization credentials for the user side according to the verification result, so that the user side can acquire the requirement data from the edge application layer based on the authorization credentials.
S340, acquiring a data access request carrying an authorization credential sent by a user side.
Specifically, after obtaining the authorization credentials provided by the authorization layer, the user sends the authorization credentials and the data access request to the edge application layer.
And S350, under the condition that the user side has the data access right based on the authorization credential, searching and obtaining search data of the data access request from the cloud database through a search engine.
The search engine is a system for collecting information from the Internet by using a specific computer program according to a certain strategy, organizing and processing the information, providing search service for users, and displaying the searched related information to the users. Cloud databases refer to databases that are optimized or deployed into a virtual computing environment. The search data refers to search results obtained by a search engine searching from a cloud database based on a data access request.
Specifically, after acquiring a data access request sent by a user side, the edge application layer verifies whether the data access request carries an authorization credential, and if the data access request carries the authorization credential, searches data in a cloud database through a search engine based on the data access request, so as to acquire search data of the data access request in the cloud database.
In this embodiment, an alternative implementation manner is as follows: after the edge application layer acquires the data access request sent by the user side, further acquiring the time when the user side sends the data access request, and sequentially sequencing the acquired data access requests according to the time when the user side sends the data access request to obtain a data access request queue. The earliest data access request is arranged at the front of the data access request queue, and the latest data access request is arranged at the rear of the data access request queue. According to the ordering of the data access request queues, based on the data access requests sequentially from front to back, searching data in a cloud database through a search engine, and obtaining search data of the data access requests in the cloud database.
S360, judging whether the search data is matched with the data access request.
Specifically, after searching and obtaining search data of a data access request from a cloud database through a search engine, the edge application layer verifies whether the search data is data requested to be obtained by the data access request or not based on the data access request. If the search data is the data requested to be acquired by the data access request, the search data is matched with the data access request; if the search data is not the data requested to be acquired by the data access request, the search data is not matched with the data access request.
And S370, if the search data are matched, the search data are used as demand data and fed back to the user side.
Specifically, if the search data is matched with the data access request, the search data is used as the demand data, and the demand data is fed back to the user side, so that the user can acquire and browse the demand data based on the user side.
According to the technical scheme provided by the embodiment, the search data of the data access request is matched with the data access request, and the search data is used as the demand data and fed back to the user side under the condition that the search data and the data access request are matched. The problem of feeding back error data to the user is avoided, the data transmission safety is ensured, and the accuracy of the demand data fed back to the user side is further improved.
In the data processing method provided by the invention, another preferred embodiment is as follows:
under the condition that the edge application layer and the authorization layer are respectively integrated in two servers, the authorization credentials and the identification information of the user side can be sent to the edge application layer, so that the edge application layer can verify the data access authority of the user side based on the authorization credentials and the identification information of the user side in the process of providing the required data for the user side.
The identification information of the user side comprises login account information of the user side, user identity of the user side and source IP address of the user side.
Specifically, login account information of the user side, user identity of the user side and source IP address of the user side are stored in the edge application layer in advance in correspondence with authorization credentials of the user side. After the edge application layer acquires the data access request sent by the user side, verifying whether the data access request carries an authorization credential. If the verification result carries the authorization credential for the data access request, further verifying whether the authorization credential carried by the data access request is a valid authorization credential. Verifying whether the authorization credential carried by the data access request is a valid authorization credential includes: verifying whether the authorization credential is consistent with the authorization credential corresponding to the login account information pre-stored in the edge application layer and at the user side, the user identity of the user side and the source IP address of the user side. If the verification result is inconsistent, the verification result is that the user side does not have data access authority, and the edge application layer does not respond to the data access request of the user side; if the verification result is consistent, further verifying whether the authorization credential is out of date, and if the authorization credential is out of date, the verification result is that the user side does not have data access authority, and the edge application layer does not respond to the data access request of the user side; if the authorization credential is not expired, the edge application layer searches data in the cloud database through a search engine based on the data access request, so that search data of the data access request is obtained in the cloud database.
After the edge application layer obtains the data access request carrying the authorization credential sent by the user side, the authorization credential is further verified, so that the security of data transmission can be enhanced.
Example IV
Fig. 4 is a schematic structural diagram of a data processing apparatus according to a fourth embodiment of the present invention, where the present embodiment is applicable to a case of how to process data. As shown in fig. 4, the data processing apparatus includes: an access authorization request acquisition module 410, a verification module 420, and an authorization credential providing module 430.
The access authorization request obtaining module 410 is configured to obtain an access authorization request sent by the user terminal;
the verification module 420 is configured to verify the user terminal according to at least one of a user identity, a source network protocol IP address, and visited management authority data of the user terminal;
the authorization credential providing module 430 is configured to provide the authorization credential for the client according to the verification result, so that the client obtains the requirement data from the edge application layer based on the authorization credential.
According to the technical scheme provided by the embodiment, the access authorization request sent by the user side is obtained; verifying the user terminal according to at least one of the user identity of the user terminal, the source network protocol IP address and the visited management authority data; and providing an authorization credential for the user side according to the verification result, so that the user side can acquire the requirement data from the edge application layer based on the authorization credential. According to the scheme, when the user side needs to acquire the demand data through the edge application layer, the edge application layer does not verify the user information, the demand data of the user is searched for the user directly based on the data access request sent by the user side, and the demand data is fed back to the user side. In this case, when the user does not have the data access right, the required data is fed back to the user side, which may cause a problem that the data is stolen. The data confidentiality is guaranteed, and the unexpected leakage of the data is prevented.
The verification module 420 is specifically configured to:
verifying real name information in the user identity of the user terminal;
and under the condition that the verification is passed, verifying whether the user terminal is an internal user according to the login account information in the user identity.
Illustratively, the verification module 420 is specifically configured to:
matching the source network protocol IP address of the user side with the authorized IP address;
if the two are not matched, verifying whether the user terminal is an internal user according to the accessed management authority data.
Illustratively, the authorization credential providing module 430 includes:
the access right determining unit is used for determining the access right of the user side according to the verification result;
and the authorization credential providing unit is used for providing the authorization credential for the user terminal according to the access authority.
The above access right determining unit is specifically used for example:
if the verification result is that the user side is an internal user, the access authority of the user side is all the authorities;
if the verification result is that the user side is an external user, the access right of the user side is a partial right.
Further, the data processing apparatus further includes:
the data access request acquisition module is used for acquiring a data access request carrying an authorization credential sent by a user side;
the search data acquisition module is used for searching and acquiring search data of a data access request from a cloud database through a search engine under the condition that the user side is determined to have data access rights based on the authorization credentials;
the data matching module is used for judging whether the search data is matched with the data access request;
and the demand data feedback module is used for feeding back the search data as demand data to the user side if the search data is matched with the data access request.
Illustratively, the above data processing apparatus further includes:
the authorization credential sending module is used for sending the authorization credential and the identification information of the user side to the edge application layer so that the edge application layer can verify the data access authority of the user side based on the authorization credential and the identification information of the user side in the process of providing the required data for the user side.
The data processing device provided in this embodiment is applicable to the data processing method provided in any of the above embodiments, and has corresponding functions and beneficial effects.
Example five
Fig. 5 is a schematic structural diagram of an electronic device according to a fifth embodiment of the present invention. Fig. 5 shows a schematic diagram of the structure of an electronic device 10 that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. Electronic equipment may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 5, the electronic device 10 includes at least one processor 11, and a memory, such as a Read Only Memory (ROM) 12, a Random Access Memory (RAM) 13, etc., communicatively connected to the at least one processor 11, in which the memory stores a computer program executable by the at least one processor, and the processor 11 may perform various appropriate actions and processes according to the computer program stored in the Read Only Memory (ROM) 12 or the computer program loaded from the storage unit 18 into the Random Access Memory (RAM) 13. In the RAM 13, various programs and data required for the operation of the electronic device 10 may also be stored. The processor 11, the ROM 12 and the RAM 13 are connected to each other via a bus 14. An input/output (I/O) interface 15 is also connected to bus 14.
Various components in the electronic device 10 are connected to the I/O interface 15, including: an input unit 16 such as a keyboard, a mouse, etc.; an output unit 17 such as various types of displays, speakers, and the like; a storage unit 18 such as a magnetic disk, an optical disk, or the like; and a communication unit 19 such as a network card, modem, wireless communication transceiver, etc. The communication unit 19 allows the electronic device 10 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
The processor 11 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 11 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, digital Signal Processors (DSPs), and any suitable processor, controller, microcontroller, etc. The processor 11 performs the various methods and processes described above, such as data processing methods.
In some embodiments, the data processing method may be implemented as a computer program tangibly embodied on a computer-readable storage medium, such as the storage unit 18. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 10 via the ROM 12 and/or the communication unit 19. One or more of the steps of the data processing method described above may be performed when the computer program is loaded into RAM 13 and executed by processor 11. Alternatively, in other embodiments, the processor 11 may be configured to perform the data processing method in any other suitable way (e.g. by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for carrying out methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be implemented. The computer program may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. The computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) through which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: regional (LAN), wide Area (WAN), blockchain, and internet.
The computing system may include clients and servers. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical hosts and VPS service are overcome.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present invention may be performed in parallel, sequentially, or in a different order, so long as the desired results of the technical solution of the present invention are achieved, and the present invention is not limited herein.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.

Claims (7)

1. A method of data processing, comprising:
acquiring an access authorization request sent by a user;
verifying the user terminal according to at least one of the user identity, the source network protocol IP address and the visited management authority data of the user terminal;
providing an authorization credential for the user side according to the verification result, so that the user side obtains the requirement data from an edge application layer based on the authorization credential;
verifying the user terminal according to the user identity of the user terminal, including:
verifying real name information in the user identity of the user terminal;
under the condition that verification is passed, verifying whether the user terminal is an internal user or not according to login account information in the user identity;
verifying the user terminal according to the source network protocol IP address and the visited management authority data of the user terminal, wherein the method comprises the following steps:
matching the source network protocol IP address of the user side with the authorized IP address;
if the two are not matched, verifying whether the user side is an internal user or not according to the accessed management authority data;
according to the verification result, determining the access right of the user terminal comprises the following steps:
if the verification result shows that the user side is an internal user, the access authority of the user side is all the authorities;
if the verification result shows that the user side is an external user, the access right of the user side is a partial right.
2. The method of claim 1, wherein providing the authorization credential to the client based on the verification result comprises:
determining the access right of the user side according to the verification result;
and providing authorization credentials for the user side according to the access rights.
3. The method as recited in claim 1, further comprising:
acquiring a data access request carrying the authorization credential sent by a user side;
under the condition that the user side is determined to have data access rights based on the authorization credentials, searching and obtaining search data of the data access request from a cloud database through a search engine;
judging whether the search data is matched with the data access request or not;
and if the search data are matched, feeding back the search data to the user side as the demand data.
4. The method as recited in claim 1, further comprising:
and sending the authorization credential and the identification information of the user side to the edge application layer so that the edge application layer can verify the data access authority of the user side based on the authorization credential and the identification information of the user side in the process of providing the requirement data for the user side.
5. A data processing apparatus, comprising:
the access authorization request acquisition module is used for acquiring an access authorization request sent by a user side;
the verification module is used for verifying the user terminal according to at least one of the user identity, the source network protocol IP address and the visited management authority data of the user terminal;
the authorization credential providing module is used for providing authorization credentials for the user side according to the verification result so that the user side can acquire the requirement data from the edge application layer based on the authorization credentials;
the verification module is also used for:
verifying real name information in the user identity of the user terminal;
under the condition that verification is passed, verifying whether the user side is an internal user or not according to login account information in the user identity;
matching the source network protocol IP address of the user side with the authorized IP address;
if the two are not matched, verifying whether the user terminal is an internal user according to the accessed management authority data;
the access right determination unit is further configured to:
if the verification result is that the user side is an internal user, the access authority of the user side is all the authorities;
if the verification result is that the user side is an external user, the access right of the user side is a partial right.
6. An electronic device, the electronic device comprising:
one or more processors;
a storage means for storing one or more programs;
when executed by the one or more processors, causes the one or more processors to implement the data processing method of any of claims 1-4.
7. A computer-readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements a data processing method as claimed in any one of claims 1-4.
CN202210469433.6A 2022-04-28 2022-04-28 Data processing method, device, equipment and storage medium Active CN114884718B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210469433.6A CN114884718B (en) 2022-04-28 2022-04-28 Data processing method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210469433.6A CN114884718B (en) 2022-04-28 2022-04-28 Data processing method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114884718A CN114884718A (en) 2022-08-09
CN114884718B true CN114884718B (en) 2023-08-22

Family

ID=82673619

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210469433.6A Active CN114884718B (en) 2022-04-28 2022-04-28 Data processing method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114884718B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105100007A (en) * 2014-05-08 2015-11-25 国际商业机器公司 Method and device used for controlling resource visit
CN110874464A (en) * 2018-09-03 2020-03-10 巍乾全球技术有限责任公司 Method and equipment for managing user identity authentication data
CN112822675A (en) * 2021-01-11 2021-05-18 北京交通大学 MEC environment-oriented OAuth 2.0-based single sign-on mechanism
CN113949534A (en) * 2021-09-22 2022-01-18 广东电网有限责任公司 Resource access method and device for information system, electronic equipment and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10565664B2 (en) * 2016-06-07 2020-02-18 International Business Machines Corporation Controlling access to a vault server in a multitenant environment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105100007A (en) * 2014-05-08 2015-11-25 国际商业机器公司 Method and device used for controlling resource visit
CN110874464A (en) * 2018-09-03 2020-03-10 巍乾全球技术有限责任公司 Method and equipment for managing user identity authentication data
CN112822675A (en) * 2021-01-11 2021-05-18 北京交通大学 MEC environment-oriented OAuth 2.0-based single sign-on mechanism
CN113949534A (en) * 2021-09-22 2022-01-18 广东电网有限责任公司 Resource access method and device for information system, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN114884718A (en) 2022-08-09

Similar Documents

Publication Publication Date Title
EP3044987B1 (en) Method and system for verifying an account operation
CN112651011B (en) Login verification method, device and equipment for operation and maintenance system and computer storage medium
US10237254B2 (en) Conditional login promotion
WO2019140790A1 (en) Service tracking method and apparatus, terminal device, and storage medium
CN111433770A (en) User-selected key authentication
CN114186206A (en) Login method and device based on small program, electronic equipment and storage medium
CN114884718B (en) Data processing method, device, equipment and storage medium
CN109858235B (en) Portable equipment and password obtaining method and device thereof
CN112825094A (en) Data permission verification method and device
CN113704723B (en) Block chain-based digital identity verification method and device and storage medium
CN115694843B (en) Camera access management method, system, device and medium for avoiding counterfeiting
CN115242478B (en) Method and device for improving data security, electronic equipment and storage medium
CN115834252B (en) Service access method and system
CN116232778B (en) Authority processing method and device, electronic equipment and storage medium
CN115037557B (en) Temporary identity authentication method and device for user access application
CN112527802B (en) Soft link method and device based on key value database
US10298575B2 (en) Multicomputer processing of an event authentication request with centralized event orchestration
CN114444041A (en) Interface access method and device, electronic equipment and storage medium
CN116318769A (en) Gateway interception method, device, electronic equipment and storage medium
CN116015770A (en) Communication method, communication system, communication device and electronic equipment for server
CN116938520A (en) Authority control method, device, system, equipment and storage medium
CN117560209A (en) Object information sharing method, device and server
CN117032893A (en) Container mirror image management method, device, equipment and medium
CN115134810A (en) Safety management method, device, equipment and medium for user side equipment
CN116243933A (en) Data mirror image processing method, system, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant