CN115600235A - Data access method, device, equipment and storage medium - Google Patents

Abstract

The embodiment of the application discloses a data access method, a data access device, data access equipment and a storage medium. The method comprises the following steps: receiving a data access request sent by a receiver client, wherein the data access request is generated by the receiver client in response to the triggering of a data link, and the data access request carries an enterprise identifier to which the receiver client belongs, a data source enterprise identifier and a data identifier; when the receiver client is confirmed to have the access right of the data link according to the enterprise identification to which the receiver client belongs and the data source enterprise identification, target data corresponding to the data identification is fed back to the receiver client, and by adopting the method, the target data can be ensured to be only accessed by users with data access rights, so that the safety of data access is improved.

Description

Data access method, device, equipment and storage medium

Technical Field

The present application relates to the field of computer technologies, and in particular, to a data access method, apparatus, device, and storage medium.

Background

At present, with the continuous development of internet technology, the interactive mode among users breaks through the limitation of space. For example, the terminal may share local data with other terminals (e.g., a target terminal) by using live broadcast software, teleconference related software, information interaction software, and the like, so that a user of the target terminal can view the shared data.

However, as for part of the data, since the content of the data has privacy, if the data is directly shared with other terminals so that users corresponding to the other terminals can view the data, there may be a problem that the data is leaked.

Disclosure of Invention

In view of this, embodiments of the present application provide a data access method, an apparatus, a device, and a storage medium, which can improve security of data access.

In a first aspect, an embodiment of the present application provides a data access method, which is applied to a server, and the method includes: receiving a data access request sent by a receiver client, wherein the data access request is generated by the receiver client in response to the triggering of a data link, and the data access request carries an enterprise identifier to which the receiver client belongs, a data source enterprise identifier and a data identifier; and when the receiver client is confirmed to have the access right of the data link according to the enterprise identification to which the receiver client belongs and the data source enterprise identification, feeding back target data corresponding to the data identification to the receiver client.

In a second aspect, an embodiment of the present application provides a data access method, which is applied to a sender client, where the method includes: acquiring an enterprise identifier to which a receiver client belongs, wherein the receiver client is a receiver client corresponding to a receiver user selected when target data is forwarded; when the data source enterprise identification corresponding to the target data is inconsistent with the enterprise identification to which the receiver client belongs, generating a data link comprising the data source enterprise identification and the data identification; and sending the data link to the client of the receiving party.

In a third aspect, an embodiment of the present application provides a data access method, which is applied to a receiver client, where the method includes: receiving a data link which is sent by a sender client and carries a data source enterprise identifier and a data identifier; displaying the data link; responding to the triggering operation of the data link, sending a data access request to a server, wherein the data access request carries an enterprise identifier to which a sender client belongs, the data source enterprise identifier and the data identifier, and the data access request is used for indicating the server to confirm whether the receiver client has the access authority of the data link according to the data source enterprise identifier; and receiving target data corresponding to the data identification fed back by the server, wherein the target data corresponding to the data identification is fed back when the server confirms that the receiver client has the access right.

In a fourth aspect, an embodiment of the present application provides a data access apparatus, which is applied to a server, and the apparatus includes: the device comprises a request receiving module and a data feedback module. The request receiving module is used for receiving a data access request sent by a receiver client, wherein the data access request is generated by the receiver client in response to the triggering of the data link, and the data access request carries an enterprise identifier to which the receiver client belongs, a data source enterprise identifier and a data identifier. And the data feedback module is used for feeding back target data corresponding to the data identifier to the receiver client when the receiver client is confirmed to have the access right of the data link according to the enterprise identifier to which the receiver client belongs and the data source enterprise identifier.

In a possible implementation manner, the server stores an enterprise identifier and an internet enterprise identifier corresponding to the enterprise identifier, and the data feedback module includes: an identification detection submodule and an authority confirmation submodule. The identification detection module is used for detecting whether the enterprise identification to which the receiver client belongs to the data source enterprise identification or the interconnection enterprise identification corresponding to the data source enterprise identification; and the permission confirmation sub-module is used for confirming that the receiving party client has the access permission of the data link when the enterprise identification to which the receiving party client belongs to the data source enterprise identification or the interconnection enterprise identification corresponding to the data source enterprise identification.

In a possible implementation manner, the data identifier and the data source enterprise identifier carried in the data access request are encrypted data obtained by encrypting the data identifier and the data source enterprise identifier, and the request receiving module includes a request receiving sub-module and an identifier obtaining sub-module. The request receiving submodule is used for receiving a data access request sent by a receiver client and decrypting encrypted data in the data access request; and the identifier obtaining submodule is used for obtaining the data source enterprise identifier and the data identifier in the decrypted data when the decryption is successful.

In one possible implementation, the identifier obtaining sub-module includes a detection unit and an identifier obtaining unit. The detection unit is used for detecting whether the decrypted data meets a preset condition or not; and the identification acquisition unit is used for segmenting the decrypted data to obtain a data source enterprise identification and a data identification when the decrypted data meets the preset condition.

In a possible implementation manner, the detection unit is further configured to detect whether the decrypted data carries a preset field, and detect whether the data length of the decrypted data is within a preset length range, where if the decrypted data carries the preset field and the data length of the decrypted data is within the preset length range, the decrypted data meets a preset condition.

In a fifth aspect, an embodiment of the present application provides a data access apparatus, which is applied to a sender client, and includes: the device comprises an identification acquisition module, a link generation module and a link sending module. The system comprises an identification acquisition module, a client side and a server, wherein the identification acquisition module is used for acquiring an enterprise identification to which a receiver client side belongs, and the receiver client side is a client side corresponding to a receiver user selected when target data is forwarded; the link generation module is used for generating a data link comprising the data source enterprise identification and the data identification when the data source enterprise identification corresponding to the target data is inconsistent with the enterprise identification to which the receiving party client belongs; and the link sending module is used for sending the data link to the client of the receiving party.

In a possible implementation manner, the link generation module is further configured to encrypt the data source enterprise identifier and the data identifier to obtain encrypted data, and generate a data link including the encrypted data.

In a sixth aspect, an embodiment of the present application provides a data access apparatus, which is applied to a receiver client, and includes: the device comprises a link receiving module, a link display module, a request sending module and a data receiving module. The link receiving module is used for receiving a data link which is sent by the client of the sending party and carries a data source enterprise identifier and a data identifier; a link display module for displaying the data link; a request sending module, configured to send a data access request to a server in response to a trigger operation on the data link, where the data access request carries an enterprise identifier to which a sender client belongs, the data source enterprise identifier, and the data access request is used to instruct the server to determine, according to the data source enterprise identifier, whether the receiver client has an access right to the data link; and the data receiving module is used for receiving target data corresponding to the data identification, which is fed back by the server, wherein the target data corresponding to the data identification is fed back when the server confirms that the client of the receiving party has the access authority.

In a possible implementation manner, the link receiving module is further configured to receive a data link that carries encrypted data and is sent by the sender client, where the encrypted data is obtained by encrypting the data source enterprise identifier and the data identifier; and the request sending module is also used for responding to the triggering operation of the data link and sending a data access request comprising the encrypted data and the enterprise identification to which the sender client belongs to the server.

In a possible implementation manner, the data receiving module is further configured to display target data corresponding to the data identifier in the data link.

In a seventh aspect, an embodiment of the present application provides an electronic device, including a processor and a memory; one or more programs are stored in the memory and configured to be executed by the processor to implement the methods described above.

In an eighth aspect, the present application provides a computer-readable storage medium, in which a program code is stored, wherein the program code performs the above-mentioned method when executed by a processor.

In a ninth aspect, embodiments of the present application provide a computer program product or a computer program, which includes computer instructions, which are stored in a computer-readable storage medium. The processor of the computer device obtains the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to perform the method described above.

According to the data access method, the data access device, the data access equipment and the data access storage medium, the server receives a data access request sent by the receiver client, and sends target data corresponding to the data identification to the receiver client when the receiver client is confirmed to have the access right of the data link according to the enterprise identification to which the receiver client belongs and the data source enterprise identification, so that the target data can be ensured to be only accessed by a user with the data access right, the problem of data leakage is avoided, and the safety of data access is improved.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.

Fig. 1 is a schematic structural diagram of a data access system according to an embodiment of the present application;

fig. 2 is a flowchart illustrating a data access method according to an embodiment of the present application;

FIG. 3 shows a schematic flow chart of step S120 in FIG. 2;

FIG. 4 is a schematic flow chart diagram illustrating another data access method provided in an embodiment of the present application;

FIG. 5 shows a schematic flow chart of step S220 in FIG. 4;

FIG. 6 is a flow chart illustrating another data access method proposed in the embodiment of the present application;

fig. 7 is a schematic flowchart illustrating another data access method proposed in the embodiment of the present application;

FIG. 8 is a timing flow diagram of a data access method provided by an embodiment of the present application;

FIG. 9 is a flow chart of another timing of a data access method provided by an embodiment of the present application;

FIG. 10 is an interface view of a sender client provided by an embodiment of the application;

FIG. 11 illustrates an interface view of a recipient client provided by an embodiment of the application;

FIG. 12 illustrates another interface view of a recipient client provided by an embodiment of the present application;

fig. 13 is a connection block diagram of a data access device according to an embodiment of the present application;

fig. 14 is a connection block diagram of another data access device provided in the embodiment of the present application;

fig. 15 is a connection block diagram of another data access device provided in the embodiment of the present application;

fig. 16 shows a block diagram of an electronic device for executing the method of the embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be described clearly and completely with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only some embodiments of the present application, and not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making any creative effort belong to the protection scope of the present application.

At present, electronic devices (mobile phones, computers, tablet computers and other devices for information display and data interaction) are popular in the market, and the electronic devices include a display screen and a processor, wherein the display screen is used for displaying information such as images and characters, and when the display screen is a touch screen, the display screen is also used for receiving touch operation of a user; the processor is used to run various applications of the electronic device to implement different functions. For example, electronic devices may be generally used to play videos, send and receive short messages, chat, and work, etc. through their installed clients. Because the function is complete, the method is widely favored by consumers.

The client refers to various application programs installed on the electronic device. Such as information interaction applications (e.g., weChat, QQ, and Enterprise WeChat), video playback applications (e.g., tencent video), content interaction platform applications (e.g., QQ browser), and gaming applications (e.g., shooting games, role-playing game programs, tactical sports game programs, and strategy game programs).

In the related art, an electronic device is generally used for presenting information such as text or images to a user through an installed client, and meanwhile, data can be forwarded to other clients based on user operation. At present, however, for data with a high requirement for partial confidentiality, when forwarding is performed, the data is usually encrypted and then sent to a user terminal of an appointed user, and the appointed user is informed of a corresponding decryption password, so that the appointed user can decrypt and view the data based on the corresponding decryption password, or the data is directly sent to the appointed user. If the data are encrypted and then transmitted, the data encryption and decryption process is complicated, and the decrypted data can be forwarded to other users for checking; if the data is directly sent to the designated user, the data is also retransmitted to other users, so that the two modes have the condition that the user without the data access authority checks the data, namely, the currently common data forwarding methods have the problem that the data is easy to leak so that the safety is not high.

Based on the above, the inventor provides a data forwarding method, which can be applied to a server, wherein the server is associated with a receiver client and a sender client, in the method, the server receives a data access request sent by the receiver client, the data access request is generated by the receiver client in response to a trigger on a data link, and the data access request carries an enterprise identifier to which the receiver client belongs, a data source enterprise identifier and a data identifier; and when the server confirms that the receiver client has the access right of the data link according to the enterprise identifier to which the receiver client belongs and the data source enterprise identifier, feeding back target data corresponding to the data identifier to the receiver client. When the receiver client needs to access the target data corresponding to the data identifier in the data link, the server needs to verify whether the receiver client has the access right to the data, and when the receiver has the access right to the data, the receiver client can acquire the corresponding data, so that the problem of data leakage is avoided, and the security during data access is improved.

The sender client is a client for forwarding data such as pictures, texts, links, and the like. In this embodiment, specifically to a client for sending a link to a recipient client.

The receiver client is a client for receiving data such as pictures, texts, links, and the like forwarded by an external device (such as a sender client or a server). In this embodiment, the present invention specifically refers to a client configured to receive the link sent by the sending client.

Linking, refers to passing parameters and control commands between modules of an electronic computer program (i.e., between a sender client, a receiver client, and a server). The link is also called a hyperlink, and refers to a connection relationship pointing from one web page to a target, and the target pointed to may be another web page, or different positions on the same web page, or a picture, an email address, a file, or even an application program. Typically, a link contains a reference to another file or directory in the form of an absolute path or a relative path. In this embodiment, the link is a link corresponding to target data (the target data may be a text, an image, a video, or the like), and carries a data source enterprise identifier and a data identifier corresponding to the target data.

The data source enterprise identifier refers to an enterprise identifier of an enterprise to which the client creating the target data belongs, or an enterprise identifier of an enterprise to which the client forwarding the target data belongs, wherein the enterprise identifier refers to a unique character string for identifying the enterprise, and the unique character string is composed of numbers, letters, underlines and the like.

The data identifier refers to a mark for identifying target data, and may be composed of numbers, letters, underlines, and the like.

An exemplary application of the device for executing the data access method provided by the embodiment of the present invention is described below, and the data access method provided by the embodiment of the present invention can be applied to a server and a terminal device in an application environment (data access system) as shown in fig. 1.

The application environment shown in fig. 1 includes a server 10 and at least two terminal devices connected to the server 10 through a network, (only two terminal devices are shown in fig. 1, and one of the two terminal devices is installed with a receiving client 30, and the other terminal device is installed with a sending client 20).

The server 10 may be an independent physical server 10, a server 10 cluster or distributed system formed by a plurality of physical servers 10, or a cloud server 10 providing basic cloud computing services such as cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a network service, cloud communication, middleware service, a domain name service, a security service, a CDN, and a big data and artificial intelligence platform.

The terminal equipment can be a smart phone, a smart television, a tablet computer, a notebook computer, a desktop computer and the like. The client installed by the two terminal devices can be a browser client, an instant messaging client, an education client, a social network client, a shopping client, an audio and video playing client and the like.

The terminal device and the server 10 may be directly or indirectly connected through wired or wireless communication, and the application is not limited herein.

When the data access system is used for data access, the sender client 20 obtains the enterprise identifier of the receiver client corresponding to the receiver user selected when the target data is forwarded, generates a data link including the data source enterprise identifier and the data identifier when the data source enterprise identifier corresponding to the target data is inconsistent with the enterprise identifier of the receiver client, and sends the data link to the receiver client 30. The receiving client 30 displays the data link when receiving the data link, and sends a data access request to the server 10 when receiving a trigger operation on the data link, where the data access request carries an enterprise identifier, a data source enterprise identifier, and a data identifier to which the sending client belongs; the server 10 receives the data access request sent by the receiver client 30, and feeds back the target data corresponding to the data identifier to the receiver client 30 when the receiver client 30 is confirmed to have the access right of the data link according to the enterprise identifier to which the receiver client belongs and the data source enterprise identifier, thereby completing the data forwarding access operation. When the receiver client 30 needs to access the target data corresponding to the data identifier in the data link, the server 10 is required to verify whether the receiver client 30 has the access right to the data, and when the receiver has the access right to the data, the receiver client 30 can obtain the corresponding data, so that the problem of data leakage is avoided, and the security during data access is improved.

It should be understood that the device types of the terminal device installed in the receiver client 30 and the terminal device installed in the sender client 20 may be the same or different, and the device types may include at least one of a smart phone, a desktop computer, a tablet computer, a laptop computer, and the like, which have a touch screen device, and are not limited in particular herein.

Embodiments of the present application will be described in detail below with reference to the accompanying drawings.

Referring to fig. 2, fig. 2 shows a data access method according to an embodiment of the present application, which can be applied to the server 10 in fig. 1, and the method includes:

step S110: a data access request sent by the recipient client 30 is received.

The data access request is generated by the receiver client 30 in response to the trigger of the data link, and the data access request carries the enterprise identifier to which the receiver client belongs, the data source enterprise identifier, and the data identifier.

In this embodiment, each client corresponds to a user ID (that is, a user identifier), each user ID (user identifier) generally belongs to one enterprise, and enterprises to which different user IDs (user identifiers) belong may be the same or different. Each business typically has a unique business ID (business identification), and business identifications of different businesses are different. Therefore, when the user identifier corresponding to the client is obtained, the enterprise to which the user identifier belongs can be obtained, and the enterprise identifier corresponding to the enterprise is obtained; that is, when the user identifier corresponding to the client is obtained, the enterprise identifier to which the client belongs can be obtained.

It should be understood that the aforementioned enterprises may refer to companies, schools, institutions, departments, and the like, and are not limited specifically herein.

The data identification of the target data can be composed of letters, numbers or symbols and the like, and has uniqueness, and the data identifications corresponding to a plurality of file data stored at the same storage address are different. The target data may be a document, a picture, a video, and the like.

The data source enterprise identifier refers to a source or a forwarding source of target data corresponding to the data identifier, that is, the data source enterprise identifier is used to identify which enterprise the target data is generated by or which enterprise performs the forwarding operation, where the enterprise performing the forwarding operation may be an enterprise that performs the forwarding operation for the first time, and may also be an enterprise that performs the forwarding operation again.

The data link includes, among other things, an IP address of the server 10 (or a Domain Name System (DNS) host name of the server 10), a data transmission protocol used, a path of the target data to be accessed, a data source enterprise identification of the target data, and a data identification (or file name).

The receiver client 30 may perform a domain name resolution operation to resolve the data link to obtain an IP address of the server 10 when receiving an operation, such as a click operation, a gesture selection operation, or a voice selection operation, for instructing the receiver client 30 to access data corresponding to the data link, after the receiver client 30 obtains the IP address of the server 10, it is necessary to check whether the connection between the receiver client 30 and the server 10 is opened, if the connection is not opened and a data transmission protocol used between the receiver client 30 and the server 10 is an http protocol, a tcp three-way handshake is further performed to establish the connection, it should be understood that, if an https protocol is used and the connection is not opened, a TLS handshake protocol is further performed before the tcp three-way handshake protocol is performed. After confirming that the connection between the receiver client 30 and the server 10 is established or after establishing the connection between the receiver client 30 and the server 10, a data access request carrying the enterprise identifier to which the receiver client belongs, the data source enterprise identifier and the data identifier is sent to the server 10.

The data access request sent by the receiving-side client 30 to the server 10 may be specifically sent in a data stream form, or may be sent in a message form, and is determined according to a data transmission protocol between the receiving-side client 30 and the server 10. Accordingly, the data access request received by the server 10 is also in a data stream form or a message protocol.

It should be understood that if the receiving client 30 sends the data access request to the server 10 in the form of a data stream, the data access request received by the server 10 is also in the form of a data stream; if the receiving-side client 30 sends the data access request to the server 10 in the form of a message, the data access request received by the server 10 is also in the form of a message. When the server 10 receives a data access request transmitted in the form of a data stream, the data stream may be parsed to obtain the data access request. When the server 10 receives the data access request sent in the form of a message, the message may be parsed to obtain the data access request.

Step S120: and when the receiver client 30 is confirmed to have the access right of the data link according to the enterprise identification and the data source enterprise identification to which the receiver client belongs, feeding back target data corresponding to the data identification to the receiver client 30.

There are various ways to confirm that the recipient client 30 has the access right of the data link according to the enterprise identifier to which the recipient client belongs and the data source enterprise identifier.

As an implementation manner, it is detected whether the enterprise identifier to which the receiving client belongs is the same as the data source enterprise identifier, and if so, it is determined that the receiving client 30 has the access right of the data link.

In another embodiment, it is detected whether the enterprise id to which the receiving client belongs and the data source enterprise id have the same field or identifier, and if so, it is confirmed that the receiving client 30 has the access right of the data link.

The same field or identifier is used for indicating that the enterprise to which the receiving client belongs and the enterprise to which the data source enterprise belongs belong to the same head office respectively.

Referring to fig. 3, as another embodiment, an enterprise id and an internet enterprise id corresponding to the enterprise id are stored in the server 10, and the step S120 includes:

step S122: and detecting whether the enterprise identification to which the receiver client belongs to the data source enterprise identification or the interconnection enterprise identification corresponding to the data source enterprise identification.

And the interconnection enterprise identification corresponding to the data source enterprise identification is used for indicating the enterprise having the data sharing relationship with the enterprise corresponding to the data source enterprise identification.

For example, enterprise a, enterprise B, and enterprise C can share data, but enterprise D cannot share data with enterprise a, enterprise B, and enterprise C, and then enterprise a, enterprise B, and enterprise C are considered to have an interconnection relationship. Enterprise D has no interconnection with enterprise a, enterprise B, and enterprise C. If the data source enterprise identifier is the identifier of enterprise a, the interconnection enterprise identifier corresponding to the data source enterprise identifier includes an enterprise identifier corresponding to enterprise B and an enterprise identifier corresponding to enterprise C. For the data sent by the client corresponding to the enterprise a, the clients corresponding to the enterprises B and C respectively can both access the data.

Step S124: when the enterprise identifier to which the receiver client belongs to the data source enterprise identifier or the internet enterprise identifier corresponding to the data source enterprise identifier, it is determined that the receiver client 30 has the access right of the data link.

When the server 10 confirms that the receiver client 30 has the access right of the data link, the location of the target data may be found through the path of the target data to be accessed, the target data corresponding to the data identifier (e.g., file name) is obtained from the location, and the target data is fed back to the receiver client 30, so that the receiver client 30 may display the target data.

By adopting the data access method provided by the embodiment of the application, the server 10 receives the data access request sent by the receiver client 30, and sends the target data corresponding to the data identification to the receiver client 30 when the receiver client 30 is confirmed to have the access right of the data link according to the enterprise identification to which the receiver client belongs and the data source enterprise identification, so that the target data can be only accessed by the user with the data access right, the problem of data leakage is avoided, and the security of data access is improved.

As shown in fig. 4, another embodiment of the present application provides a data access method, including:

step S210: receiving a data access request sent by the recipient client 30, and decrypting the encrypted data in the data access request.

The data access request is generated by the receiver client 30 in response to the trigger of the data link, the data access request carries the enterprise identifier to which the receiver client belongs, the data source enterprise identifier and the data identifier, and the data identifier and the data source enterprise identifier carried in the data access request are encrypted data obtained by encrypting the data identifier and the data source enterprise identifier.

The encrypting of the data identifier and the data source enterprise identifier may be performed when the sender client 20 forwards the data, specifically, the sender client 20 may obtain the receiver client 30 corresponding to the receiver user selected when the forwarding operation of the user is received, obtain an enterprise identifier to which the receiver client belongs, and encrypt the data source enterprise identifier and the data identifier when the data source enterprise identifier corresponding to the target data is not consistent with the enterprise identifier to which the receiver client belongs, obtain encrypted data, and generate a data link including the encrypted data.

In an implementation manner, the data source enterprise identifier and the data identifier may be encrypted by first splicing the data source enterprise identifier and the data identifier to obtain spliced data, and encrypting the spliced data by using a preset encryption algorithm to obtain encrypted data. The preset encryption algorithm can be any one or more of an MD5 algorithm, an SHA1 algorithm, an HMAC algorithm, an AES algorithm, a DES algorithm, a 3DES algorithm, an RSA algorithm, an ECC algorithm and the like.

Accordingly, when the server 10 decrypts the encrypted data, the decryption algorithm used by it should correspond to the encryption algorithm used by the receiving-side client 30, that is, when the server 10 and the clients (the receiving-side client 30 and the sending-side client 20) perform encryption and decryption operations on data transmitted therebetween, the encryption and decryption algorithms used by them are the same algorithm.

Considering that the data is encrypted by using a partial encryption algorithm (such as DES algorithm), the length of the obtained encrypted data is within a certain length range, therefore, in an implementation manner, before the decryption of the encrypted data in the data access request is performed, the following steps may be further performed: the method comprises the steps of obtaining encrypted data in a data access request, detecting that the data length of the encrypted data is within a preset length range, and when detecting that the data length of the encrypted data is within the preset length range, executing the step of decrypting the encrypted data in the data access request.

Step S220: and if the decryption is successful, acquiring the data source enterprise identification and the data identification in the decrypted data.

Referring to fig. 5, considering that after the encrypted data obtained by using the partial encryption algorithm (such as DES algorithm) is decrypted, the decrypted data may have a specific prefix or field therein and/or have a special composition, the above-mentioned method for decrypting the encrypted data in the data access request may include:

step S222: and detecting whether the decrypted data meets a preset condition.

Wherein, the detecting whether the decrypted data meets the preset condition may be: and detecting whether the decrypted data comprises one or more of a preset field, a preset prefix or a preset composition mode.

Step S224: and when the decrypted data meets the preset conditions, segmenting the decrypted data to obtain the data source enterprise identification and the data identification.

Because the decrypted data comprises the prefix or the preset field and the decrypted data comprises the spliced data source enterprise identification and the spliced data source data identification, the data, the enterprise identification and the data identification can be obtained by segmenting the decrypted data.

Step S230: and when the receiver client 30 is confirmed to have the access right of the data link according to the enterprise identifier to which the receiver client belongs and the data source enterprise identifier, feeding back target data corresponding to the data identifier to the receiver client 30.

In the data access method provided in the embodiment of the present application, the server 10 receives the encrypted data obtained by encrypting the enterprise identifier to which the receiver client belongs and the data source enterprise identifier and the data identifier, which are carried in the data access request sent by the receiver client 30, and when the encrypted data in the data access request is decrypted successfully, obtains the data source enterprise identifier and the data identifier in the decrypted data, and sends the target data corresponding to the data identifier to the receiver client 30 when it is determined that the receiver client 30 has the access right of the data link according to the enterprise identifier and the data source enterprise identifier to which the receiver client belongs. Therefore, when data transmission is performed between the server 10 and the receiver client 30, the situation of data leakage is effectively avoided, and meanwhile, the target data can be ensured to be accessed only by the user with the data access authority, so that the problem of data leakage is further avoided, and the security of data access is improved.

As shown in fig. 6, another embodiment of the present application provides a data access method, which should be applied to the sending client 20 in fig. 1, the method includes:

step S310: the enterprise identification to which the receiver client belongs is obtained, and the receiver client 30 is a client corresponding to the receiver user selected when the target data is forwarded.

The manner of obtaining the enterprise identifier to which the receiver client belongs may specifically be: the sender client 20 obtains a user identifier corresponding to the receiver client 30 selected when the sender user forwards the target data, and obtains an enterprise to which the user identifier belongs, so as to obtain an enterprise identifier corresponding to the enterprise; that is, when the user identifier corresponding to the receiver client 30 is obtained, the enterprise identifier to which the receiver client belongs may be obtained.

Step S320: and when the data source enterprise identification corresponding to the target data is inconsistent with the enterprise identification to which the receiving client belongs, generating a data link comprising the data source enterprise identification and the data identification.

When the data source enterprise identifier corresponding to the target data is not consistent with the enterprise identifier to which the receiver client belongs, it is characterized that the enterprise corresponding to the data source enterprise identifier is not the same as the enterprise of the receiver client 30, and therefore, it is necessary to determine whether the receiver client 30 has an access right to the target data, that is, to perform a step of generating a data link including the data source enterprise identifier and the data identifier.

In order to avoid the leakage of the enterprise id corresponding to the sender client 20 and the data source enterprise id when the sender client 20 forwards the data link with the receiver client 30 and when the receiver client 30 sends the data access request to the server 10, in an implementation manner, the step S320 includes: and encrypting the data source enterprise identification and the data identification to obtain encrypted data and generating a data link comprising the encrypted data.

The specific method for encrypting the data source enterprise identifier and the data identifier to obtain the encrypted data may be: the method comprises the steps of splicing a data source enterprise identifier and a data identifier to obtain spliced data, and encrypting the spliced data by adopting a preset encryption algorithm to obtain encrypted data. The preset encryption algorithm can be any one or more of an MD5 algorithm, an SHA1 algorithm, an HMAC algorithm, an AES algorithm, a DES algorithm, a 3DES algorithm, an RSA algorithm, an ECC algorithm and the like. For example, reference may be made to the foregoing detailed description of step S210, which is not described in detail herein.

Step S330: the data link is sent to the recipient client 30.

By sending the data link to the receiving side, the receiving side client 30 can generate a data access request in response to the trigger on the data link when receiving the data link, and send the data access request to the server 10, so as to instruct the server 10 to perform the authentication operation as in embodiment 1, and feed back the corresponding target data to the receiving side when the authentication is passed.

It should be understood that, in an embodiment of the present application, if the enterprise identifier of the data source corresponding to the target data is consistent with the enterprise identifier to which the recipient client belongs, the data link including the data identifier may be directly generated, so that when the recipient client 30 receives the data link, a user of the recipient client 30 may trigger the data link, so that the recipient client 30 sends a data access request including the data identifier to the server 10 in response to a triggering operation on the data link, so as to instruct the server 10 to return the target data corresponding to the data identifier, so as to complete the data obtaining operation.

In the data access method provided in the embodiment of the application, the sender client 20 obtains the enterprise identifier of the receiver client corresponding to the receiver user selected when the target data is forwarded, and when the enterprise identifier of the receiver client 30 is inconsistent with the data source enterprise identifier, confirms that the enterprise corresponding to the receiver client 30 is not the same as the enterprise corresponding to the data source enterprise identifier, and sends the data link carrying the data source enterprise identifier and the data identifier to the receiver client 30, so that when the receiver client 30 accesses the data corresponding to the data link, it is necessary to verify whether the receiver client 30 has the access right of the target data by using the server 10, and when the receiver client 30 has the access right, the target data can be displayed, thereby ensuring that the target data can only be accessed by the receiver client 30 having the access right, and improving the security of data access.

Referring to fig. 7, another embodiment of the present application provides a data access method, which is applied to the receiving client 30 in fig. 1, and the method includes:

step S410: and receiving the data link carrying the data source enterprise identifier and the data identifier sent by the sender client 20.

In one possible implementation manner, the data source enterprise id and the data id carried in the data link may be obtained by encrypting the encrypted data to the data source enterprise id and the data id.

That is, the step S410 may include: and receiving the data link carrying the encrypted data sent by the sender client 20.

For a specific process of the sender client 20 sending the link with data, reference may be made to the specific description of steps S320 to S330 in the foregoing embodiment, which is not described herein.

Step S420: the data link is displayed.

Step S430: in response to a trigger operation on the data link, a data access request is sent to the server 10.

The data access request carries an enterprise identifier to which the sender client belongs, a data source enterprise identifier, and a data identifier, and the data access request is used to instruct the server 10 to confirm whether the receiver client 30 has an access right of the data link according to the data source enterprise identifier.

The triggering operation on the data link may include a voice operation, a click operation, a gesture operation, or the like.

In one possible embodiment, when the trigger operation is a voice operation, and the receiving client 30 displays the data link, it may send a data access request to the server 10 when receiving voice information, such as "open link", "view link", and the like, input by the user through a voice input to indicate access to the data link.

In another possible embodiment, the triggering operation is a click operation, and when the receiving client 30 displays the data link, the data access request may be sent to the server 10 when the click operation on the data link is detected.

In another possible implementation, when the triggering operation is a gesture operation, and the recipient client 30 displays the data link, it may send a data access request to the server 10 when detecting that the gesture operation of the user is a specific operation, such as a pinch operation, a slide operation in a specific direction, and the like.

It should be understood that, if the data source enterprise identifier and the data identifier carried in the data link are encrypted data obtained by encrypting the data source enterprise identifier and the data identifier, step S430 may specifically be: in response to a trigger operation on the data link, a data access request including the encrypted data and an identification of the enterprise to which the sending client belongs is sent to the server 10.

By adopting the method, the specific data source enterprise identification and the specific data identification of the data link and the data access request cannot be obtained even if the data link and the data access request are hijacked or leaked in the transmission process, so that the safety of the target data can be further improved, and the target data is prevented from being accessed by a client without a data access right item.

For a specific process of the server 10 determining whether the receiving client 30 has the scheme authority according to the enterprise identifier of the data source and the data identifier, reference may be made to the foregoing detailed description of step S120, which is not described herein any more.

Step S440: and receiving target data corresponding to the data identification fed back by the server 10.

Wherein the target data corresponding to the data identification is fed back by the server 10 when confirming that the recipient client 30 has the access right.

In order to facilitate the client corresponding to the receiving client 30 to view the target data, in an implementation manner, in step S140, receiving the target data corresponding to the data identifier fed back by the server 10 further includes: and displaying target data corresponding to the data identification in the data link.

For the feedback of the target data corresponding to the data identifier by the server 10, reference may be made to the foregoing detailed description of step S120, which is not described in detail here.

By adopting the data access method, when receiving the data link carrying the data source enterprise identifier and the data identifier sent by the data sending party client 20, the receiving party client 30 receives the triggering operation of the user on the data link and sends the access request carrying the enterprise identifier, the data source enterprise identifier and the data identifier to the server 10, so as to indicate the server 10 to return the target data corresponding to the data identifier when confirming that the receiving party client 30 has the access right to the data link according to the data source enterprise identifier, so that the receiving party client 30 can obtain the target data only when having the access right to the target data, and the security of target data access is improved.

Further, when the data source enterprise identifier and the data identifier carried in the data link are encrypted data obtained by encrypting the data source enterprise identifier and the data identifier, by sending a data access request including the encrypted data and the enterprise identifier corresponding to the receiver client 30 to the server 10, when the receiver client 30 performs data interaction with the server 10 and the sender client 20, the situation that the data source enterprise identifier and the data identifier are leaked or hijacked can be avoided, and further, a client without access authority can be prevented from accessing the target data according to the leaked or hijacked data source enterprise identifier and the data identifier, so that the security of the target data can be effectively improved by transmitting the encrypted data obtained by encrypting the data source enterprise identifier and the data identifier.

Referring to fig. 8, an embodiment of the present application provides a data access method, which is applied to a data access system including a sender client 20, a receiver client 30 and a server 10, and the method includes:

step S510: the sender client 20 obtains the enterprise identification to which the receiver client belongs.

The receiver client 30 is the receiver client 30 corresponding to the receiver user selected when the sender client 20 forwards the target data.

Step S520: when the data source enterprise identifier corresponding to the target data is not consistent with the enterprise identifier to which the receiving client belongs, the sending client 20 generates a data link including the data source enterprise identifier and the data identifier.

Step S530: the sender client 20 sends a data link to the receiver client 30.

In an implementation manner, the manner of generating the data link including the data source enterprise identifier and the data identifier may specifically be: and encrypting the data source enterprise identification and the data identification to obtain encrypted data and generating a data link comprising the encrypted data.

Step S540: the receiver client 30 receives the data link carrying the data source enterprise identifier and the data identifier sent by the sender client 20, and displays the data link.

Step S550: the recipient client 30 sends a data access request to the server 10 in response to a trigger operation on the data link.

The data access request carries an enterprise identifier to which the sender client belongs, a data source enterprise identifier, and a data identifier, and the data access request is used to instruct the server 10 to confirm whether the receiver client 30 has an access right of the data link according to the data source enterprise identifier.

In an implementation manner, if the data source enterprise identifier and the data identifier carried in the data access request are encrypted to obtain encrypted data, the data access request sent to the server 10 includes the encrypted data.

Step S560: when the server 10 confirms that the receiver client 30 has the access right of the data link according to the enterprise identifier to which the receiver client belongs and the data source enterprise identifier, it feeds back the target data corresponding to the data identifier to the receiver client 30.

In an implementation manner, the data identifier and the data source enterprise identifier carried in the data access request are encrypted data obtained by encrypting the data identifier and the data source enterprise identifier, step S550 may be to receive the data access request sent by the receiver client 30, and decrypt the encrypted data in the data access request; and if the decryption is successful, acquiring the data source enterprise identification and the data identification in the decrypted data.

The receiving client 30 receives the target data corresponding to the data identifier fed back by the server 10.

In an implementation manner, if target data corresponding to the data identifier fed back by the server 10 is received, the method further includes: and displaying target data corresponding to the data identification in the data link.

Referring to fig. 9, it is illustrated that the receiving client 30 and the sending client 20 in the data access system are enterprise WeChat clients, the target data is a report document, and the report document is a report approval document including "user f and user g submit an amount of 27273737.00 yuan (two Qian-seven-two-ten-seven-three thousand-three-thousand-seven-three-ten-seven) on XX month XX day".

The sender user corresponding to the sender client 20 is the user a, when the sender client 20 needs to forward the report document, the sender client 20 may obtain a receiver user (user b) selected when the user a performs a forwarding operation, and if it is determined that the enterprise identifier (re-kernel _ id) to which the receiver client corresponding to the receiver user (user b) belongs is not consistent with the data source enterprise identifier (kernel _ id) of the report document, it may be recognized that the receiver user is an external employee, and it is not possible to determine whether the external employee has an access right at this time, so that the data source enterprise identifier (kernel _ id) and the data identifier (journal _ id) need to be encrypted (for example, encrypted by using a DES encryption algorithm) to obtain encrypted data (journal _ uuid), and a data link carrying the encrypted data (journal _ uuid) is generated, as shown in the data link included in the interface shown in fig. 10, and the data link carrying the encrypted data (journal _ uuid) is sent to the receiver client 30.

When the receiving-side client 30 is in data link, an interface as shown in fig. 11 is displayed, where the interface includes specific information of the data link and time when the user a sends the data link, and if the user corresponding to the receiving-side client 30 needs to access the target data corresponding to the data link, the user b may perform a trigger operation (e.g., a click operation) on the data link, so that the receiving-side client 30 obtains its corresponding enterprise identifier (re-corp _ id) in response to the trigger operation and extracts the encrypted data (journaid) from the data link to generate a data access request including the enterprise identifier (re-corp _ id) and the encrypted data (journaid) to which the receiving-side client belongs, and send the data access request to the server 10.

When receiving a data access request, the server 10 first checks the length of the encrypted data (journal _ uuid), decrypts the encrypted data (for example, decrypts by using a DES algorithm) if the length is within a preset length range, and segments the decrypted data to obtain a data source enterprise identifier (corp _ id) and a data identifier (journal _ id) if the decrypted data includes a preset field, and after obtaining the data source enterprise identifier (corp _ id) and an enterprise identifier (re-corp _ id) to which the receiver client belongs, determines whether the data source enterprise identifier (corp _ id) and the enterprise identifier (re-corp _ id) to which the receiver client belongs have an enterprise interconnection relationship, specifically, whether the data source enterprise identifier (corp _ id) and the enterprise identifier (re-corp _ id) to which the receiver client belongs belong to the same interconnection enterprise set (corp _ id) or not by detecting whether the data source enterprise identifier (corp _ id) and the enterprise identifier (re _ corp _ id) to which the receiver client belongs to belong to the same interconnection enterprise identifier (corp _ id).

When confirming that the enterprise interconnection relationship exists between the data source enterprise identifier (corp _ id) and the enterprise identifier (re-corp _ id) to which the receiver client belongs, the server 10 acquires target data (report approval document) corresponding to the data identifier (journal _ id), and transmits the target data to the receiver client 30.

<xnotran> 30 , 12 ( ) " f g XX XX 27273737.00 ( ) XX XX 27273737.00 ( )", . </xnotran>

It should be understood that, when the receiving client acquires the target data, the upper layer of the window that can display the data link generates a data display window, and displays the target data in the data display port.

Referring to fig. 13, the present application provides a data access apparatus 600 applied to a server 10, wherein the apparatus 600 includes a request receiving module 610 and a data feedback module 620.

The request receiving module 610 is configured to receive a data access request sent by the receiver client 30, where the data access request is generated by the receiver client 30 in response to a trigger on a data link, and the data access request carries an enterprise identifier to which the receiver client belongs, a data source enterprise identifier, and a data identifier.

In an implementation manner, the data identifier and the data source enterprise identifier carried in the data access request are encrypted data obtained by encrypting the data identifier and the data source enterprise identifier, and the request receiving module 610 includes a request receiving sub-module and an identifier obtaining sub-module.

The request receiving submodule is configured to receive a data access request sent by the receiver client 30, and decrypt encrypted data in the data access request.

And the identifier acquisition submodule is used for acquiring the data source enterprise identifier and the data identifier in the decrypted data when the decryption is successful.

In one implementation, the identifier obtaining sub-module includes a detection unit and an identifier obtaining unit.

The detection unit is used for detecting whether the decrypted data meets a preset condition.

In an implementation manner, the detection unit is specifically configured to detect whether the decrypted data carries a preset field and detect whether the data length of the decrypted data is within a preset length range, and if the decrypted data carries the preset field and the data length of the decrypted data is within the preset length range, the decrypted data meets a preset condition.

And the identification acquisition unit is used for segmenting the decrypted data to obtain the data source enterprise identification and the data identification when the decrypted data meet the preset conditions.

And the data feedback module 620 is configured to feed back target data corresponding to the data identifier to the receiver client 30 when it is determined that the receiver client 30 has the access right of the data link according to the enterprise identifier to which the receiver client belongs and the data source enterprise identifier.

In one possible embodiment, the server 10 stores therein an enterprise id and an internet enterprise id corresponding to the enterprise id, and the data feedback module 620 includes: an identification detection submodule and an authority confirmation submodule.

And the identification detection module is used for detecting whether the enterprise identification to which the receiver client belongs to the data source enterprise identification or the interconnected enterprise identification corresponding to the data source enterprise identification.

And the permission confirmation submodule is used for confirming that the receiver client 30 has the access permission of the data link when the enterprise identification to which the receiver client belongs to the data source enterprise identification or the interconnected enterprise identification corresponding to the data source enterprise identification.

Referring to fig. 14, an embodiment of the present invention further provides a data access apparatus 700 applied to a sending client 20, where the apparatus 700 includes: an identity acquisition module 710, a link generation module 720, and a link sending module 730.

The identifier obtaining module 710 is configured to obtain an enterprise identifier to which the receiver client belongs, where the receiver client 30 is a client corresponding to a receiver user selected when the target data is forwarded.

And the link generating module 720 is configured to generate a data link including the data source enterprise identity and the data identity when the data source enterprise identity corresponding to the target data is inconsistent with the enterprise identity to which the receiving client belongs.

In one possible implementation, the link generation module 720 is further configured to encrypt the data source enterprise identification and the data identification to obtain encrypted data, and generate a data link including the encrypted data.

A link sending module 730, configured to send the data link to the receiving client 30.

Referring to fig. 15, an embodiment of the present application further provides a data access apparatus 800 applied to a receiver client 30, where the apparatus 800 includes: a link receiving module 810, a link displaying module 820, a request transmitting module 830, and a data receiving module 840.

The link receiving module 810 is configured to receive a data link that is sent by the sending-side client 20 and carries a data source enterprise identifier and a data identifier.

And a link display module 820 for displaying the data links.

The request sending module 830 is configured to send, in response to a triggering operation on a data link, a data access request to the server 10, where the data access request carries an enterprise identifier to which a sending client belongs, a data source enterprise identifier, and a data identifier, and the data access request is used to instruct the server 10 to determine whether the receiving client 30 has an access right of the data link according to the data source enterprise identifier.

And the data receiving module 840 is configured to receive target data corresponding to the data identifier, which is fed back by the server 10 and corresponds to the data identifier, where the target data is fed back when the server 10 confirms that the receiving client 30 has the access right.

In an implementation manner, the link receiving module 810 is further configured to receive a data link that carries encrypted data and is sent by the sending client 20, where the encrypted data is obtained by encrypting the data source enterprise identifier and the data identifier. The request sending module 830 is further configured to send a data access request including the encrypted data and the enterprise identifier to which the sending client belongs to the server 10 in response to a triggering operation on the data link.

In one possible implementation, the data receiving module 840 is further configured to expose the target data corresponding to the data identifier in the data link.

It should be noted that the device embodiment and the method embodiment in the present application correspond to each other, and specific principles in the device embodiment may refer to the contents in the method embodiment, which is not described herein again.

An electronic device provided by the present application will be described with reference to fig. 16.

Referring to fig. 16, based on the data access method provided in the foregoing embodiment, another electronic device 100 including a processor 102 that can execute the foregoing method is further provided in this embodiment, where the electronic device 100 may be a server 10 or a terminal device, and the terminal device may be a device such as a smart phone, a tablet computer, a computer, or a portable computer.

The electronic device 100 also includes a memory 104. The memory 104 stores programs that can execute the content of the foregoing embodiments, and the processor 102 can execute the programs stored in the memory 104.

Processor 102 may include, among other things, one or more cores for processing data and a message matrix unit. The processor 102 interfaces with various components throughout the electronic device 100 using various interfaces and lines to perform various functions of the electronic device 100 and process data by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 104 and invoking data stored in the memory 104. Alternatively, the processor 102 may be implemented in hardware using at least one of Digital Signal Processing (DSP), field-Programmable Gate Array (FPGA), and Programmable Logic Array (PLA). The processor 102 may integrate one or a combination of a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), a modem, and the like. The CPU mainly processes an operating system, a user interface, an application program and the like; the GPU is used for rendering and drawing display content; the modem is used to handle wireless communications. It is understood that the modem may not be integrated into the processor 102, but may be implemented by a communication chip.

The Memory 104 may include a Random Access Memory (RAM) or a Read-Only Memory (Read-Only Memory). The memory 104 may be used to store instructions, programs, code, sets of codes, or sets of instructions. The memory 104 may include a program storage area and a data storage area, wherein the program storage area may store instructions for implementing an operating system, instructions for implementing at least one function, instructions for implementing the various method embodiments described below, and the like. The storage data area may also store data (e.g., data to be recommended and operating mode) obtained by the electronic device 100 during use, and the like.

The electronic device 100 may further include a network module for receiving and transmitting electromagnetic waves, and implementing interconversion between the electromagnetic waves and the electrical signals, so as to communicate with a communication network or other devices, for example, an audio playing device. The network module may include various existing circuit elements for performing these functions, such as an antenna, a radio frequency transceiver, a digital signal processor, an encryption/decryption chip, a Subscriber Identity Module (SIM) card, memory, and so forth. The network module may communicate with various networks such as the internet, an intranet, a wireless network, or with other devices via a wireless network. The wireless network may comprise a cellular telephone network, a wireless local area network, or a metropolitan area network. The screen can display the interface content and perform data interaction.

In some embodiments, the electronic device 100 may further include: peripheral interface 106 and at least one peripheral device. The processor 102, memory 104, and peripheral interface 106 may be connected by bus or signal lines. Each peripheral device may interface with the peripheral devices through a bus, signal line, or circuit board. Specifically, the peripheral device includes: at least one of a radio frequency component 108, a positioning component 112, a camera 114, an audio component 116, a display screen 118, and a power supply 122, among others

Peripheral interface 106 may be used to connect at least one peripheral device associated with I/O (Input/Output) to processor 102 and memory 104. In some embodiments, the processor 102, memory 104, and peripheral interface 106 are integrated on the same chip or circuit board; in some other embodiments, any one or both of the processor 102, the memory 104, and the peripheral interface 106 may be implemented on a single chip or circuit board, which is not limited in this application.

The Radio Frequency assembly 108 is used to receive and transmit RF (Radio Frequency) signals, also known as electromagnetic signals. The radio frequency assembly 108 communicates with communication networks and other communication devices via electromagnetic signals. The radio frequency assembly 108 converts electrical signals to electromagnetic signals for transmission, or converts received electromagnetic signals to electrical signals. Optionally, the radio frequency assembly 108 comprises: an antenna system, an RF transceiver, one or more amplifiers, a tuner, an oscillator, a digital signal processor, a codec chipset, a subscriber identity module card, and so forth. The radio frequency component 108 may communicate with other terminals via at least one wireless communication protocol. The wireless communication protocols include, but are not limited to: the world wide web, metropolitan area networks, intranets, various generations of mobile communication networks (2G, 3G, 4G, and 5G), wireless local area networks, and/or WiFi (Wireless Fidelity) networks. In some embodiments, the radio frequency component 108 may further include NFC (Near Field Communication) related circuitry, which is not limited in this application.

The positioning component 112 is used to locate a current geographic location of the electronic device to implement navigation or LBS (location based Service). The positioning component 112 may be a positioning component based on the GPS (global positioning System) in the united states, the beidou System in china, or the galileo System in russia.

The camera 114 is used to capture images or video. Optionally, the cameras 114 include front and rear cameras. In general, the front camera is disposed on the front panel of the electronic apparatus 100, and the rear camera is disposed on the rear surface of the electronic apparatus 100. In some embodiments, the number of the rear cameras is at least two, and each rear camera is any one of a main camera, a depth-of-field camera, a wide-angle camera and a telephoto camera, so that the main camera and the depth-of-field camera are fused to realize a background blurring function, the main camera and the wide-angle camera are fused to realize panoramic shooting and a VR (Virtual Reality) shooting function or other fusion shooting functions. In some embodiments, camera 114 may also include a flash. The flash lamp can be a single-color temperature flash lamp or a double-color temperature flash lamp. The double-color-temperature flash lamp is a combination of a warm-light flash lamp and a cold-light flash lamp and can be used for light compensation under different color temperatures.

The audio components 116 may include a microphone and a speaker. The microphone is used for collecting sound waves of a user and the environment, converting the sound waves into electric signals, and inputting the electric signals to the processor 102 for processing or inputting the electric signals to the radio frequency assembly 108 to realize voice communication. The microphones may be provided in a plurality, respectively, at different portions of the electronic device 100 for the purpose of stereo sound acquisition or noise reduction. The microphone may also be an array microphone or an omni-directional pick-up microphone. The speaker is used to convert electrical signals from the processor 102 or the radio frequency components 108 into sound waves. The loudspeaker can be a traditional film loudspeaker and can also be a piezoelectric ceramic loudspeaker. When the speaker is a piezoelectric ceramic speaker, the speaker can be used for purposes such as converting an electric signal into a sound wave audible to a human being, or converting an electric signal into a sound wave inaudible to a human being to measure a distance. In some embodiments, audio component 114 may also include a headphone jack.

The display screen 118 is used to display a UI (User Interface). The UI may include graphics, text, icons, video, and any combination thereof. When the display screen 118 is a touch display screen, the display screen 118 also has the ability to capture touch signals on or above the surface of the display screen 118. The touch signal may be input to the processor 102 as a control signal for processing. At this point, the display screen 118 may also be used to provide virtual buttons and/or a virtual keyboard, also referred to as soft buttons and/or a soft keyboard. In some embodiments, the display screen 118 may be one, providing the front panel of the electronic device 100; in other embodiments, the display screens 118 may be at least two, respectively disposed on different surfaces of the electronic device 100 or in a folded design; in still other embodiments, the display screen 118 may be a flexible display screen disposed on a curved surface or a folded surface of the electronic device 100. Even further, the display screen 118 may be arranged in a non-rectangular irregular pattern, i.e., a shaped screen. The Display screen 118 may be made of LCD (Liquid Crystal Display), OLED (Organic Light-Emitting Diode), and the like.

The power supply 122 is used to supply power to various components in the electronic device 100. The power source 122 may be alternating current, direct current, disposable or rechargeable. When the power source 122 includes a rechargeable battery, the rechargeable battery may be a wired rechargeable battery or a wireless rechargeable battery. The wired rechargeable battery is a battery charged through a wired line, and the wireless rechargeable battery is a battery charged through a wireless coil. The rechargeable battery may also be used to support fast charge technology.

The embodiment of the application also provides a computer readable storage medium. The computer readable medium has stored therein a program code which can be called by a processor to execute the method described in the above method embodiments.

The computer readable storage medium may be an electronic memory such as a flash memory, an EEPROM (electrically erasable programmable read only memory), an EPROM, a hard disk, or a ROM. Alternatively, the computer-readable storage medium comprises a non-volatile computer-readable medium. The computer readable storage medium has storage space for program code for performing any of the method steps of the above-described method. The program code can be read from and written to one or more computer program products. The program code may be compressed, for example, in a suitable form.

Embodiments of the present application also provide a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to perform the method described in the various alternative implementations described above.

In summary, according to the data access method, apparatus, device, and storage medium provided by the present application, the sender client 20 obtains the enterprise identifier of the receiver client corresponding to the receiver user selected when forwarding the target data, generates a data link including the data source enterprise identifier and the data identifier when the data source enterprise identifier corresponding to the target data is inconsistent with the enterprise identifier of the receiver client, and sends the data link to the receiver client 30. The receiving client 30 displays the data link when receiving the data link, and sends a data access request to the server 10 when receiving a trigger operation on the data link, wherein the data access request carries an enterprise identifier to which the sending client belongs, a data source enterprise identifier and a data identifier; the server 10 receives the data access request sent by the receiver client 30, and feeds back target data corresponding to the data identifier to the receiver client 30 when the receiver client 30 is confirmed to have the access right of the data link according to the enterprise identifier to which the receiver client belongs and the data source enterprise identifier, thereby completing the data forwarding access operation. When the receiver client 30 needs to access the target data corresponding to the data identifier in the data link, the server 10 is required to verify whether the receiver client 30 has the access right to the data, and when the receiver has the access right to the data, the receiver client 30 can obtain the corresponding data, so that the problem of data leakage is avoided, and the security during data access is improved. .

Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art will understand that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims (15)

1. A data access method, applied to a server, the method comprising:

receiving a data access request sent by a receiver client, wherein the data access request is generated by the receiver client in response to the triggering of a data link, and the data access request carries an enterprise identifier to which the receiver client belongs, a data source enterprise identifier and a data identifier;

and when the receiver client is confirmed to have the access right of the data link according to the enterprise identification to which the receiver client belongs and the data source enterprise identification, feeding back target data corresponding to the data identification to the receiver client.

2. The method according to claim 1, wherein the server stores therein an enterprise id and an enterprise id corresponding to the enterprise id, and the determining that the recipient client has the access right of the data link according to the enterprise id to which the recipient client belongs and the data source enterprise id includes:

detecting whether the enterprise identification to which the receiver client belongs to the data source enterprise identification or an interconnection enterprise identification corresponding to the data source enterprise identification;

and when the enterprise identification to which the receiver client belongs to the data source enterprise identification or the interconnection enterprise identification corresponding to the data source enterprise identification, confirming that the receiver client has the access right of the data link.

3. The method according to claim 1, wherein the data identifier and the data source enterprise identifier carried in the data access request are encrypted data obtained by encrypting the data identifier and the data source enterprise identifier, and the receiving the data access request sent by the receiving client includes:

receiving a data access request sent by a client of a receiver, and decrypting encrypted data in the data access request;

and if the decryption is successful, acquiring the data source enterprise identification and the data identification in the decrypted data.

4. The method of claim 3, wherein obtaining the data source enterprise identification and the data identification in the decrypted data comprises:

detecting whether the decrypted data meets a preset condition or not;

and when the decrypted data meets the preset condition, segmenting the decrypted data to obtain a data source enterprise identifier and a data identifier.

5. The method of claim 4, wherein detecting whether decrypted data obtained by decrypting the encrypted data satisfies a predetermined condition comprises:

detecting whether the decrypted data carries a preset field or not, detecting whether the data length of the decrypted data is within a preset length range or not, and if the decrypted data carries the preset field and the data length of the decrypted data is within the preset length range, determining that the decrypted data meets a preset condition.

6. A data access method applied to a sender client, the method comprising:

acquiring an enterprise identifier to which a receiver client belongs, wherein the receiver client is a receiver client corresponding to a receiver user selected when target data is forwarded;

when the data source enterprise identification corresponding to the target data is inconsistent with the enterprise identification to which the receiver client belongs, generating a data link comprising the data source enterprise identification and the data identification;

and sending the data link to the client of the receiving party.

7. The data access method of claim 6, wherein generating a data link that includes the data source enterprise identification and a data identification;

and encrypting the data source enterprise identification and the data identification to obtain encrypted data, and generating a data link comprising the encrypted data.

8. A data access method, applied to a recipient client, the method comprising:

receiving a data link which is sent by a sender client and carries a data source enterprise identifier and a data identifier;

displaying the data link;

responding to the triggering operation of the data link, sending a data access request to a server, wherein the data access request carries an enterprise identifier to which a sender client belongs, the data source enterprise identifier and the data identifier, and the data access request is used for indicating the server to confirm whether a receiver client has the access authority of the data link according to the data source enterprise identifier;

and receiving target data corresponding to the data identification fed back by the server, wherein the target data corresponding to the data identification is fed back when the server confirms that the receiver client has the access right.

9. The method of claim 1, wherein the receiving a data link carrying a data source enterprise identifier and a data identifier sent by a sender client comprises:

receiving a data link which is sent by the sender client and carries encrypted data, wherein the encrypted data is obtained by encrypting the data source enterprise identification and the data identification;

the sending a data access request to a server in response to the triggering operation of the data link comprises:

and responding to the triggering operation of the data link, and sending a data access request comprising the encrypted data and the enterprise identification to which the sender client belongs to a server.

10. The method of claim 1, wherein the receiving server feeds back target data corresponding to the data identifier, further comprising: and displaying target data corresponding to the data identification in the data link.

11. A data access device applied to a server, the device comprising:

the request receiving module is used for receiving a data access request sent by a receiver client, wherein the data access request is generated by the receiver client in response to the triggering of a data link, and the data access request carries an enterprise identifier to which the receiver client belongs, a data source enterprise identifier and a data identifier;

and the data feedback module is used for feeding back target data corresponding to the data identifier to the receiver client when the receiver client is confirmed to have the access right of the data link according to the enterprise identifier to which the receiver client belongs and the data source enterprise identifier.

12. A data access apparatus, applied to a sender client, the apparatus comprising:

the system comprises an identification acquisition module, a storage module and a data transmission module, wherein the identification acquisition module is used for acquiring an enterprise identification of a receiver client, and the receiver client is a client corresponding to a receiver user selected when target data is forwarded;

the link generation module is used for generating a data link comprising the data source enterprise identifier and the data identifier when the data source enterprise identifier corresponding to the target data is inconsistent with the enterprise identifier to which the receiver client belongs;

and the link sending module is used for sending the data link to the receiver client.

13. A data access apparatus for use with a recipient client, the apparatus comprising:

the link receiving module is used for receiving a data link which is sent by the client of the sending party and carries a data source enterprise identifier and a data identifier;

a link display module for displaying the data link;

a request sending module, configured to send a data access request to a server in response to a trigger operation on the data link, where the data access request carries an enterprise identifier to which a sender client belongs, the data source enterprise identifier, and the data access request is used to instruct the server to determine, according to the data source enterprise identifier, whether the receiver client has an access right to the data link;

and the data receiving module is used for receiving target data corresponding to the data identification, which is fed back by the server, wherein the target data corresponding to the data identification is fed back when the server confirms that the client of the receiving party has the access authority.

14. An electronic device comprising a processor and a memory; one or more programs are stored in the memory and configured to be executed by the processor to implement the method of any of claims 1-5, 6-7, or 8-10.

15. A computer-readable storage medium, having program code stored therein, wherein the program code when executed by a processor performs the method of any of claims 1-5, 6-7, or 8-10.

Images