CN115442145A - Method and system for controlling user to access object - Google Patents
Method and system for controlling user to access object Download PDFInfo
- Publication number
- CN115442145A CN115442145A CN202211082778.2A CN202211082778A CN115442145A CN 115442145 A CN115442145 A CN 115442145A CN 202211082778 A CN202211082778 A CN 202211082778A CN 115442145 A CN115442145 A CN 115442145A
- Authority
- CN
- China
- Prior art keywords
- node
- user
- access
- data table
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000004590 computer program Methods 0.000 claims description 11
- 238000012795 verification Methods 0.000 claims description 9
- 238000012545 processing Methods 0.000 claims description 3
- 238000013507 mapping Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012797 qualification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method for controlling a user to access an object, which comprises the steps of obtaining a request of the user for accessing the object through an intermediate service platform of a distributed system; after the expression form of the user access object is converted into a preset form, querying a node to which the user access object belongs in the data table; judging the type form of the node corresponding to the user access object, when the type of the node is judged to be a virtual node, traversing a data table corresponding to the virtual node information, inquiring whether a virtual node corresponding to the user access object exists or not, if so, inquiring a real node corresponding to the virtual node, feeding back a request of the user for accessing the object according to the authority management strategy of the real node, if not, judging that the virtual node is a honeypot node, judging that the user access is malicious access, and recording the information data of the user.
Description
Technical Field
The invention relates to the technical field of computer security, in particular to a method and a system for controlling a user to access an object.
Background
In the field of secure Access Control, existing rights Control methods, such as the RBAC (Role-Based-Access-Control) model, are widely used because of their support for authorization management capabilities. Through the introduction of the roles, the user can obtain all the rights of the roles by being endowed with various roles only by allocating the rights to the roles with corresponding responsibilities and qualifications. The relationship among the user, the role and the authority also has a corresponding relationship. However, applying the RBAC model to the workflow has the following problems: (1) The user obtains the authority of task processing by virtue of the role, but the role can also process tasks outside role responsibility, and the diversity of role tasks is not considered. (2) The RBAC model has poor support for dynamic allocation of the authority in the workflow task and the minimum principle of the authority. (3) After the user obtains the corresponding authority through the role, the authority always exists, and the authority is also a potential safety hazard.
If the Task-Based Access Control model (TBAC) is selected to associate the Access rights with the workflow Task, the Access Control model is established from the Task perspective, the user's rights are activated along with the execution of the Task, and the rights are withdrawn after the Task execution is completed, thus satisfying the dynamic allocation and minimum principles of the rights to a certain extent. Since in the TBAC model the task authority changes with the environment in which the task is executed, it is very suitable for the security model of the workflow system. However, the TBAC model has the disadvantage that no further formal description is given, nor is various safety constraints taken into account.
For example, in a system and a method for controlling a user to access an object disclosed in patent CN201811483548, a directed acyclic graph structure is provided to represent an authority relationship to achieve refinement degree and flexibility of authority management, however, for a complex distributed system, not all node information is correct, and an access object is used as an object for authority control, and authenticity of a distributed node of the access object cannot be distinguished, and particularly when a virtual node provided for information security exists in the distributed system, if the access object corresponds to the virtual node, correct authority management cannot be performed, and for malicious access, subdivision of authority management cannot be performed.
Disclosure of Invention
The present invention is directed to solving at least one of the problems of the prior art. To this end, the invention discloses a method for controlling a user to access an object, the method comprising the steps of:
step 1, acquiring a request of a user for accessing an object through an intermediate service platform of a distributed system;
step 2, after the expression form of the user access object is converted into a preset form, calculating the data abstract of the user access object in the preset form through an abstract algorithm, and inquiring the node of the user access object in the data table according to the data abstract of the user access object;
step 3, judging the type form of the node corresponding to the user access object, when the type of the node is judged to be a real node, inquiring an authority management strategy corresponding to the node in the data table, and feeding back a request of the user access object according to the authority management strategy corresponding to the node;
step 4, when the type of the node is judged to be a virtual node, the intermediate service platform carries out credibility verification on the user, and after the user is judged to be a credible user, the user is allowed to access a credible area of the intermediate service platform, wherein the credible area comprises a data table corresponding to virtual node information;
and 5, traversing a data table corresponding to the virtual node information, inquiring whether a virtual node corresponding to a user access object exists, if so, inquiring a real node corresponding to the virtual node, feeding back a request of the user for accessing the object according to the authority management strategy of the real node, if not, judging that the virtual node is a honeypot node, judging that the user access is malicious access, and recording information data of the user.
Further, before the step 1, the identity of the user needs to be verified, the intermediate service platform receives a login request of the user, and after the login verification is completed, the intermediate service platform verifies a first access right corresponding to the user, wherein the first access right includes a node ID range of the accessible distributed system.
Further, after querying the node to which the user access object belongs, determining whether the node ID exists in a node ID range corresponding to the first access right of the user, and if not, determining that the user access is malicious access and recording information data of the user.
Still further, the step 1 further comprises: the data table of the intermediate service platform stores the data abstract of the content of each node in the distributed system, and the data table also stores the corresponding relation between the ID of each node and the data abstract.
Still further, said querying said data table for said node to which said user accessed object belongs in said step 2 further comprises: and inquiring the node corresponding to the access object in the original data table, and if the corresponding node ID information is not inquired, updating the data abstract of the content of each node in the data table.
Furthermore, in a preset period, if the number of times that the corresponding node ID information is not inquired is greater than a preset value, the access request of the user is judged to be malicious access, and the information data of the user is recorded and sent to a system manager.
The invention also discloses a system for controlling the user to access the object, which comprises the following modules:
the system comprises a request acquisition module, a data table and a data processing module, wherein the request acquisition module is used for acquiring a request of a user for accessing an object through an intermediate service platform of a distributed system, the data table of the intermediate service platform stores a data abstract of the content of each node in the distributed system, and the data table also stores the corresponding relation between the ID of each node and the data abstract;
the object judgment module is used for calculating the data abstract of the user access object in the preset form through an abstract algorithm after the expression form of the user access object is converted into the preset form, inquiring the node to which the user access object belongs in the data table according to the data abstract of the user access object, inquiring the node to which the access object corresponds in the original data table, updating the data abstract of the content of each node in the data table if corresponding node ID information is not inquired, then continuously searching the node ID information corresponding to the access object in the updated data table, judging that the access request of the user is malicious access if the number of times that the corresponding node ID information is not inquired is greater than the preset value in a preset period, recording the information data of the user and sending the information data to a system manager;
the node judgment module is used for judging the type form of the node corresponding to the user access object, inquiring the authority management strategy corresponding to the node in the data table when the type of the node is judged to be a real node, and feeding back a request of the user access object according to the authority management strategy corresponding to the node;
and the management module corresponding to the virtual node verifies the credibility of the user when the type of the node is judged to be the virtual node, and allows the user to access a credible area of the intermediate service platform after the user is judged to be the credible user, wherein the credible area comprises a data table corresponding to the virtual node information, the data table corresponding to the virtual node information is traversed, whether a virtual node corresponding to a user access object exists is inquired, if so, a real node corresponding to the virtual node is inquired, a request of the user access object is fed back according to the authority management strategy of the real node, if not, the virtual node is judged to be a honeypot node, the access of the user is judged to be malicious access, and the information data of the user is recorded.
Further, before the request obtaining module, the identity of the user needs to be verified, the intermediate service platform receives a login request of the user, and after the login verification is completed, the intermediate service platform verifies a first access right corresponding to the user, where the first access right includes a node ID range of an accessible distributed system, and after the node to which the user access object belongs is queried, it is determined whether the node ID exists in the node ID range corresponding to the first access right of the user, and if not, it is determined that the access of the user is malicious access and information data of the user is recorded.
The invention further discloses an electronic system comprising: a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of a method of controlling access to an object by a user as described above when executing the computer program.
The invention further discloses a computer readable storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of the above-mentioned method of controlling access to an object by a user.
Compared with the prior art, the invention has the beneficial effects that: (1) the invention aims at carrying out corresponding refined authority management in a distributed system with virtual nodes/honeypot nodes, and in the invention, an intermediate service platform is arranged for recording the relation between an access object and the nodes, and meanwhile, a safe and reliable area is opened up in the intermediate service platform for storing the mapping relation of the virtual nodes; (2) setting a plurality of judgment rules for judging whether the user has malicious access, for example, judging whether an object requested by the user exceeds a corresponding right during login, for example, judging whether the requested object of the user in a period needs to update a data list for many times, judging whether the user access object belongs to a honeypot node, and the like, so as to determine whether the access of the user has malicious access; (3) after logging in, the user still needs to follow the access authority management principle of each node, that is, if the node corresponding to the range needs the user to provide authentication information for the node, the user needs to provide the authentication information so as to realize fine-grained authority management of different nodes.
Drawings
The invention will be further understood from the following description in conjunction with the accompanying drawings. The components in the figures are not necessarily to scale, emphasis instead being placed upon illustrating the principles of the embodiments. In the drawings, like reference numerals designate corresponding parts throughout the different views.
FIG. 1 is a flow chart of a method of controlling user access to an object of the present invention.
Detailed Description
The technical solution of the present invention will be described in more detail with reference to the accompanying drawings and examples.
A mobile terminal implementing various embodiments of the present invention will now be described with reference to the accompanying drawings. In the following description, suffixes such as "module", "component", or "unit" used to denote elements are used only for facilitating the explanation of the present invention, and have no specific meaning in themselves. Thus, "module" and "component" may be used in a mixture.
The mobile terminal may be implemented in various forms. For example, the terminal described in the present invention may include a mobile terminal such as a mobile phone, a smart phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a navigation device, and the like, and a stationary terminal such as a digital TV, a desktop computer, and the like. In the following, it is assumed that the terminal is a mobile terminal. However, it will be understood by those skilled in the art that the configuration according to the embodiment of the present invention can be applied to a fixed type terminal in addition to elements particularly used for moving purposes.
A method of controlling user access to an object as shown in figure 1, the method comprising the steps of:
step 1, acquiring a request of a user for accessing an object through an intermediate service platform of a distributed system;
step 2, after the expression form of the user access object is converted into a preset form, calculating the data abstract of the user access object in the preset form through an abstract algorithm, and inquiring the node of the user access object in the data table according to the data abstract of the user access object;
step 3, judging the type form of the node corresponding to the user access object, when the type of the node is judged to be a real node, inquiring the authority management strategy corresponding to the node in the data table, and feeding back a request of the user access object according to the authority management strategy corresponding to the node;
step 4, when the type of the node is judged to be a virtual node, the intermediate service platform carries out credibility verification on the user, and after the user is judged to be a credible user, the user is allowed to access a credible area of the intermediate service platform, wherein the credible area comprises a data table corresponding to the virtual node information;
and 5, traversing a data table corresponding to the virtual node information, inquiring whether a virtual node corresponding to a user access object exists, if so, inquiring a real node corresponding to the virtual node, feeding back a request of the user for accessing the object according to the authority management strategy of the real node, if not, judging that the virtual node is a honeypot node, judging that the user access is malicious access, and recording information data of the user.
Further, before the step 1, the identity of the user needs to be verified, the intermediate service platform receives a login request of the user, and after the login verification is completed, the intermediate service platform verifies a first access right corresponding to the user, wherein the first access right includes a node ID range of the accessible distributed system.
Further, after querying the node to which the user access object belongs, determining whether the node ID exists in a node ID range corresponding to the first access right of the user, and if not, determining that the user access is malicious access and recording information data of the user.
Still further, the step 1 further comprises: the data table of the intermediate service platform stores the data abstract of the content of each node in the distributed system, and the data table also stores the corresponding relation between the ID of each node and the data abstract.
Still further, said step 2 of querying said data table for said node to which said user accesses an object further comprises: and querying the node corresponding to the access object in the original data table, and if the corresponding node ID information is not queried, updating the data abstract of the content of each node in the data table.
Furthermore, in a preset period, if the number of times that the corresponding node ID information is not inquired is greater than a preset value, the access request of the user is judged to be malicious access, and the information data of the user is recorded and sent to a system manager.
The invention also discloses a system for controlling the user to access the object, which comprises the following modules:
the system comprises a request acquisition module, a data table and a data analysis module, wherein the request acquisition module is used for acquiring a request of a user for accessing an object through an intermediate service platform of a distributed system, the data table of the intermediate service platform is stored with a data abstract of the content of each node in the distributed system, and the data table is also stored with the corresponding relation between the ID of each node and the data abstract;
the object judgment module is used for calculating the data abstract of the user access object in the preset form through an abstract algorithm after the expression form of the user access object is converted into the preset form, inquiring the node to which the user access object belongs in the data table according to the data abstract of the user access object, inquiring the node to which the access object corresponds in the original data table, updating the data abstract of the content of each node in the data table if corresponding node ID information is not inquired, then continuously searching the node ID information corresponding to the access object in the updated data table, judging that the access request of the user is malicious access if the number of times that the corresponding node ID information is not inquired is greater than the preset value in a preset period, recording the information data of the user and sending the information data to a system manager;
the node judgment module is used for judging the type form of the node corresponding to the user access object, inquiring the authority management strategy corresponding to the node in the data table when the type of the node is judged to be a real node, and feeding back a request of the user access object according to the authority management strategy corresponding to the node;
and the management module corresponding to the virtual node verifies the credibility of the user when the type of the node is judged to be the virtual node, and allows the user to access a credible area of the intermediate service platform after the user is judged to be the credible user, wherein the credible area comprises a data table corresponding to the virtual node information, the data table corresponding to the virtual node information is traversed, whether a virtual node corresponding to a user access object exists is inquired, if so, a real node corresponding to the virtual node is inquired, a request of the user access object is fed back according to the authority management strategy of the real node, if not, the virtual node is judged to be a honeypot node, the access of the user is judged to be malicious access, and the information data of the user is recorded.
Further, before the request obtaining module, the identity of the user needs to be verified, the intermediate service platform receives a login request of the user, after the login verification is completed, the intermediate service platform verifies a first access right corresponding to the user, wherein the first access right includes a node ID range of an accessible distributed system, after the node to which the user access object belongs is queried, whether the node ID exists in the node ID range corresponding to the first access right of the user is judged, and if the node ID does not exist in the first access right range of the user, the access of the user is judged to be malicious access and information data of the user is recorded.
The invention further discloses an electronic system comprising: a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method for controlling a user to access an object when executing the computer program.
The invention further discloses a computer readable storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of the above-mentioned method of controlling access to an object by a user.
In this embodiment, different nodes may store corresponding authority lists, and a top-level index table in the authority list table is used as a current initial index table; acquiring each update index value in the corresponding level update index table in the list table to be updated; comparing each updated index value with the initial index value in the current initial index table; and inserting the updated index value which does not exist in the current initial index table into the initial index table, acquiring a lower-level memory block pointed by the index value to be updated and correspondingly inserting the updated index value into the user access object authority list table.
In this embodiment, when a user logs in to an intermediate platform, the access authority information of the user may be determined based on a mapping relationship between predefined access permission and the user; or storing the user information and the corresponding authority mapping relation on the intermediate platform so as to realize the authority determination of the first layer.
Furthermore, in this embodiment, before the user and the node are associated, if the data table does not need to be updated, it may be determined whether the service of the node operates normally through the getServerState () function, and return to the integer of 0 for stopping and 1 for starting "after receiving the return value that the node operates normally, the right management policy corresponding to the node is queried in the data table, and the technical content of the request of the user for accessing the object is fed back according to the right management policy corresponding to the node".
In this implementation, the step of feeding back the request of the user for accessing the object according to the rights management policy corresponding to the node further includes that the node directly interacts with the user, for example, feeding back other information that needs to be input to the user or raising a problem for further rights authentication, for example, if the object requested by the user is a "math-related object", the corresponding real node is a math node, and when feeding back, the step may be performed for solving a problem related to the object requested by the user, which is not described herein again.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising one of 8230; \8230;" 8230; "does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises that element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Although the invention has been described above with reference to various embodiments, it should be understood that many changes and modifications may be made without departing from the scope of the invention. It is therefore intended that the foregoing detailed description be regarded as illustrative rather than limiting, and that it be understood that it is the following claims, including all equivalents, that are intended to define the spirit and scope of this invention. The above examples are to be construed as merely illustrative and not limitative of the remainder of the disclosure. After reading the description of the present invention, the skilled person can make various changes or modifications to the invention, and these equivalent changes and modifications also fall into the scope of the invention defined by the claims.
Claims (10)
1. A method of controlling access to an object by a user, the method comprising the steps of:
step 1, acquiring a request of a user for accessing an object through an intermediate service platform of a distributed system;
step 2, after the expression form of the user access object is converted into a preset form, calculating the data abstract of the user access object in the preset form through an abstract algorithm, and inquiring the node of the user access object in the data table according to the data abstract of the user access object;
step 3, judging the type form of the node corresponding to the user access object, when the type of the node is judged to be a real node, inquiring the authority management strategy corresponding to the node in the data table, and feeding back a request of the user access object according to the authority management strategy corresponding to the node;
step 4, when the type of the node is judged to be a virtual node, the intermediate service platform carries out credibility verification on the user, and after the user is judged to be a credible user, the user is allowed to access a credible area of the intermediate service platform, wherein the credible area comprises a data table corresponding to the virtual node information;
and 5, traversing a data table corresponding to the virtual node information, inquiring whether a virtual node corresponding to a user access object exists, if so, inquiring a real node corresponding to the virtual node, feeding back a request of the user for accessing the object according to the authority management strategy of the real node, if not, judging that the virtual node is a honeypot node, judging that the user access is malicious access, and recording information data of the user.
2. The method for controlling a user to access an object according to claim 1, wherein before step 1, the identity of the user needs to be verified, the intermediate service platform receives a login request of the user, and after the login verification is completed, the intermediate service platform verifies a first access right corresponding to the user, wherein the first access right includes a node ID range of a distributed system that can be accessed.
3. The method as claimed in claim 2, wherein after querying the node to which the user accesses the object, determining whether the node ID exists in a node ID range corresponding to the first access right of the user, and if not, determining that the user accesses the object as a malicious access and recording information data of the user.
4. A method for controlling access to an object by a user according to claim 3, wherein said step 1 further comprises: the data table of the intermediate service platform stores the data abstract of the content of each node in the distributed system, and the data table also stores the corresponding relation between the ID of each node and the data abstract.
5. The method of claim 1, wherein said step 2 of querying said data table for said node to which said user accesses said object further comprises: and querying the node corresponding to the access object in the original data table, and if the corresponding node ID information is not queried, updating the data abstract of the content of each node in the data table.
6. The method as claimed in claim 5, wherein in a predetermined period, if the number of times that the corresponding node ID information is not queried is greater than a predetermined value, the access request of the user is determined to be malicious access, and information data of the user is recorded and sent to a system administrator.
7. A system for controlling access to an object by a user, comprising:
the system comprises a request acquisition module, a data table and a data processing module, wherein the request acquisition module is used for acquiring a request of a user for accessing an object through an intermediate service platform of a distributed system, the data table of the intermediate service platform stores a data abstract of the content of each node in the distributed system, and the data table also stores the corresponding relation between the ID of each node and the data abstract;
the object judgment module is used for calculating the data abstract of the user access object in the preset form through an abstract algorithm after converting the expression form of the user access object into the preset form, inquiring the node to which the user access object belongs in the data table according to the data abstract of the user access object, inquiring the node to which the access object corresponds in the original data table, if corresponding node ID information is not inquired, updating the data abstract of the content of each node in the data table, then continuously searching the node ID information corresponding to the access object in the updated data table, judging that the access request of the user is malicious access if the number of times that the corresponding node ID information is not inquired is greater than the preset value in a preset period, recording the information data of the user and sending the information data to a system manager;
the node judgment module is used for judging the type form of the node corresponding to the user access object, inquiring the authority management strategy corresponding to the node in the data table when the type of the node is judged to be a real node, and feeding back a request of the user access object according to the authority management strategy corresponding to the node;
and the management module corresponding to the virtual node verifies the credibility of the user when the type of the node is judged to be the virtual node, and allows the user to access a credible area of the intermediate service platform after the user is judged to be the credible user, wherein the credible area comprises a data table corresponding to the virtual node information, the data table corresponding to the virtual node information is traversed, whether a virtual node corresponding to a user access object exists is inquired, if so, a real node corresponding to the virtual node is inquired, a request of the user access object is fed back according to the authority management strategy of the real node, if not, the virtual node is judged to be a honeypot node, the access of the user is judged to be malicious access, and the information data of the user is recorded.
8. The system according to claim 7, wherein before the request obtaining module, the identity of the user needs to be verified, the intermediate service platform receives a login request of the user, and after the login verification is completed, the intermediate service platform verifies a first access right corresponding to the user, where the first access right includes a node ID range of the accessible distributed system, and after the node to which the user accesses the object is queried, it determines whether the node ID exists in the node ID range corresponding to the first access right of the user, and if not, determines that the user accesses the object as malicious access and records information data of the user.
9. An electronic system, comprising: memory, processor and computer program stored on the memory and executable on the processor, the processor implementing the steps in a method of controlling user access to an object according to any of claims 1 to 6 when executing the computer program.
10. A computer-readable storage medium, having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method of controlling access by a user to an object according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211082778.2A CN115442145A (en) | 2022-09-06 | 2022-09-06 | Method and system for controlling user to access object |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211082778.2A CN115442145A (en) | 2022-09-06 | 2022-09-06 | Method and system for controlling user to access object |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115442145A true CN115442145A (en) | 2022-12-06 |
Family
ID=84248084
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211082778.2A Pending CN115442145A (en) | 2022-09-06 | 2022-09-06 | Method and system for controlling user to access object |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115442145A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117009353A (en) * | 2023-07-28 | 2023-11-07 | 达州领投信息技术有限公司 | Financial big data information storage method and equipment based on cloud platform |
-
2022
- 2022-09-06 CN CN202211082778.2A patent/CN115442145A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117009353A (en) * | 2023-07-28 | 2023-11-07 | 达州领投信息技术有限公司 | Financial big data information storage method and equipment based on cloud platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8756704B2 (en) | User impersonation and authentication | |
| US10165007B2 (en) | Securing data usage in computing devices | |
| US8904551B2 (en) | Control of access to files | |
| US11138323B2 (en) | Blockchain-based content management system, method, apparatus, and electronic device | |
| US8359467B2 (en) | Access control system and method | |
| KR102351948B1 (en) | File reputation evaluation | |
| US9078129B1 (en) | Knowledge-based authentication for restricting access to mobile devices | |
| EP2767030A1 (en) | Multi-repository key storage and selection | |
| WO2021208758A1 (en) | Data permissions management | |
| US20110270885A1 (en) | Security configuration systems and methods for portal users in a multi-tenant database environment | |
| CN115442145A (en) | Method and system for controlling user to access object | |
| US11418500B2 (en) | User authentication based on cognitive profiling | |
| EP2963856B1 (en) | User authentication method and device and terminal | |
| US9600582B2 (en) | Blocking objectionable content in service provider storage systems | |
| US10070308B2 (en) | Systems and methods for protecting mobile contact information | |
| US20170083721A1 (en) | Sustained data protection | |
| US20130174234A1 (en) | Light-weight credential synchronization | |
| US10142344B2 (en) | Credential management system | |
| US11425126B1 (en) | Sharing of computing resource policies | |
| CN110717153B (en) | Authority verification method and device | |
| CN105354506A (en) | File hiding method and apparatus | |
| US20190080109A1 (en) | Information processing apparatus and non-transitory computer readable medium | |
| EP3151154B1 (en) | Data access control based on storage validation | |
| US7953697B2 (en) | System and method for collaborative information development | |
| CN107046522B (en) | Security access control method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |