CN115643051A - Access authority management method and device - Google Patents
Access authority management method and device Download PDFInfo
- Publication number
- CN115643051A CN115643051A CN202211180485.8A CN202211180485A CN115643051A CN 115643051 A CN115643051 A CN 115643051A CN 202211180485 A CN202211180485 A CN 202211180485A CN 115643051 A CN115643051 A CN 115643051A
- Authority
- CN
- China
- Prior art keywords
- access
- encryption
- authority
- user
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses an access authority management method and device, which can be used in the field of finance, wherein the method comprises the following steps: receiving a user registration request, wherein the user registration request carries user attribute information; determining corresponding access authority information according to the user attribute information and a pre-established attribute authority mapping table; determining a corresponding encryption and decryption key according to the access authority information and a pre-established authority key mapping table; and performing access authority management according to the encryption and decryption key. The invention can manage the access authority, effectively realize fine-grained access control and reduce unnecessary resource waste.
Description
Technical Field
The invention relates to the field of finance, in particular to an access authority management method and device. It should be noted that the access right management method and apparatus of the present invention can be used in the financial field, and can also be used in any field other than the financial field.
Background
This section is intended to provide a background or context to the embodiments of the invention that are recited in the claims. The description herein is not admitted to be prior art by inclusion in this section.
When a user logs in the system, the user can log in the system to request service for operation only by performing identity authentication, a merchant who does not pass the identity authentication is not allowed to log in the system to request operation, and requirements of different systems for user authentication may be different. When the login system requests operation, a user may exist, in which some functions in the system need to meet some conditions, to request service or need to request to use some functions of other systems, so that corresponding rights need to be granted to clients with various requests.
Most of the prior art is used for encrypting and decrypting data uploaded by a user, is limited to data access control, cannot realize fine-grained access control and authorization, and causes resource waste.
Therefore, there is a need for an access rights management scheme that can overcome the above-mentioned problems.
Disclosure of Invention
The embodiment of the invention provides an access authority management method, which is used for carrying out access authority management, effectively realizing fine-grained access control and reducing unnecessary waste of resources, and comprises the following steps:
receiving a user registration request, wherein the user registration request carries user attribute information;
determining corresponding access authority information according to the user attribute information and a pre-established attribute authority mapping table;
determining a corresponding encryption and decryption key according to the access authority information and a pre-established authority key mapping table;
and carrying out access authority management according to the encryption and decryption key.
An embodiment of the present invention provides an access right management apparatus for performing access right management, effectively implementing fine-grained access control, and reducing unnecessary resource waste, the apparatus including:
a registration request receiving module, configured to receive a user registration request, where the user registration request carries user attribute information;
the access authority determining module is used for determining corresponding access authority information according to the user attribute information and a pre-established attribute authority mapping table;
the encryption and decryption key determining module is used for determining a corresponding encryption and decryption key according to the access authority information and a pre-established authority key mapping table;
and the access authority management module is used for carrying out access authority management according to the encryption and decryption key.
The embodiment of the invention also provides computer equipment which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor realizes the access right management method when executing the computer program.
An embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the method for managing access rights is implemented.
An embodiment of the present invention further provides a computer program product, where the computer program product includes a computer program, and when the computer program is executed by a processor, the method for managing access rights is implemented.
The embodiment of the invention receives a user registration request, wherein the user registration request carries user attribute information; determining corresponding access authority information according to the user attribute information and a pre-established attribute authority mapping table; determining a corresponding encryption and decryption key according to the access authority information and a pre-established authority key mapping table; and carrying out access authority management according to the encryption and decryption key. The embodiment of the invention establishes an attribute authority mapping table and an authority key mapping table in advance, thereby establishing the corresponding relation between the attribute and the authority as well as between the authority and the key, and determining the encryption and decryption key according to the attribute information of the user and the established corresponding relation when the user registers, thereby effectively finishing fine-grained access control, reducing unnecessary waste of resources and realizing the management of access authority.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts. In the drawings:
FIG. 1 is a diagram illustrating an access right management method according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating another access right management method according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating the structure of an access right management apparatus according to an embodiment of the present invention;
FIG. 4 is a diagram of another access right management apparatus according to another embodiment of the present invention;
fig. 5 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention are further described in detail below with reference to the accompanying drawings. The exemplary embodiments and descriptions of the present invention are provided to explain the present invention, but not to limit the present invention.
In order to perform access right management, effectively implement fine-grained access control, and reduce unnecessary waste of resources, an embodiment of the present invention provides an access right management method, as shown in fig. 1, where the method may include:
103, determining a corresponding encryption and decryption key according to the access authority information and a pre-established authority key mapping table;
and 104, performing access authority management according to the encryption and decryption key.
As shown in fig. 1, it can be known that, in the embodiment of the present invention, a user registration request is received, where the user registration request carries user attribute information; determining corresponding access authority information according to the user attribute information and a pre-established attribute authority mapping table; determining a corresponding encryption and decryption key according to the access authority information and a pre-established authority key mapping table; and carrying out access authority management according to the encryption and decryption key. The embodiment of the invention establishes an attribute authority mapping table and an authority key mapping table in advance, thereby establishing the corresponding relation between the attribute and the authority as well as between the authority and the key, and determining the encryption and decryption key according to the attribute information of the user and the established corresponding relation when the user registers, thereby effectively finishing fine-grained access control, reducing unnecessary waste of resources and realizing the management of access authority.
Each step is analyzed in detail below.
In steps 101 to 102, a user registration request is received, the user registration request carries user attribute information, and corresponding access authority information is determined according to the user attribute information and a pre-established attribute authority mapping table.
In one embodiment, the attribute authority mapping table is pre-established as follows:
obtaining a plurality of historical user attribute information;
classifying the plurality of historical user attribute information to determine at least one attribute type;
setting corresponding access authority information according to the attribute type of each historical user attribute information;
and establishing an attribute authority mapping table according to the historical user attribute information and the access authority information.
In step 103, a corresponding encryption and decryption key is determined according to the access authority information and a pre-established authority key mapping table.
In one embodiment, the rights key mapping table is pre-established as follows:
calculating an encryption and decryption key corresponding to each historical user attribute information by using an ABE attribute encryption algorithm according to the access authority information;
and establishing an authority key mapping table according to the access authority information and the encryption and decryption keys.
In step 104, access right management is performed according to the encryption and decryption key.
In one embodiment, as shown in fig. 2, the access right management method further includes:
It should be noted that, when the two mapping relationships related to the establishment of the attribute authority control table and the access authority control table are established, the initial generation mapping relationship may be divided by the system itself according to the existing user attribute, or divided according to the user attribute that will use the system, and then maintenance, update, extension, and the like of the attribute may be supported.
The embodiment of the invention establishes an access control system, the system provides access control authority management and corresponding authorization to different clients, the access control system maintains the access authorities of different systems, the access control system distributes encryption and decryption keys according to different authorities, and only users meeting encryption and decryption rules can access the system and request service to perform functional operation. And the access control system judges and verifies according to the related attributes in the information data, and gives the user the authority to access the related system and the encryption and decryption keys corresponding to the authority. The client sends the encrypted data when accessing the system, and only the system which accords with the encryption and decryption rules can decrypt the data to carry out identity verification.
A specific embodiment is given below to illustrate a specific application of the access right management in the embodiment of the present invention. The method comprises the steps of obtaining user attribute information during user registration, establishing an attribute set, carrying out attribute division during user identity authentication, and granting corresponding authority according to set-authority correspondence. The method comprises the following specific steps:
1. establishing an access control and authorization system, wherein the system is mainly responsible for analyzing the attribute of a client according to data uploaded by the client, performing access control judgment on the system according to the attribute of the user, authorizing access authority and distributing an encryption and decryption key of the attribute of the client, wherein the ABE attribute encryption algorithm is used for extracting the attribute of the user, a key is generated according to the attribute of the user, only the key which is in line with the attribute of the user can be decrypted and accessed to the system, and the algorithm is called according to the attribute of the user to generate the encryption and decryption key.
2. Establishing an attribute authority mapping table, an authority key mapping table and an access control strategy, carding the attributes and the authorities of users, endowing certain type of attributes with which authorities can be possessed, associating the authorities with the keys of the users, successfully decrypting and accessing a system only by the conforming keys, facilitating the identity verification of the users, endowing the users with access authorities according to the attributes and distributing encryption and decryption keys of the users according to the access authorities, determining which authorities the users possess by the attributes of the users, distributing corresponding encryption and decryption keys for the users according to the authority key association table, and decrypting only by the conforming keys when the users perform identity authentication.
The user after the identity authentication can access the system, the encryption and decryption algorithm is used for decrypting according to the encrypted information transmitted by the user, and after the decryption is passed, the identity authentication is considered to be passed. If the attribute of the user is a student, the corresponding attribute is used for selecting the key encryption information during identity authentication, and when a certain system is accessed, the successfully decrypted system is considered as a system which can be accessed by the student and is allowed to be accessed. The user's attribute determines the user's authority, extracts the user's attribute when the user logs in, distributes corresponding authority for the user with specific attribute according to the attribute authority association table, selects corresponding encryption and decryption keys according to the authority key corresponding table, and encrypts the transmitted data. If the attribute of the user is a student, extracting the attribute student of the user, selecting the authority which can be given according to the corresponding attribute, selecting the encryption and decryption keys of the attribute of the student according to the authority to encrypt the data and transmit the data, and when accessing a certain system to perform identity authentication, judging whether the data can be successfully decrypted or not to perform the identity authentication.
The petrochemical embodiment of the invention is convenient for identity authentication of users, gives access rights to clients according to the attributes and distributes encryption and decryption keys of the clients according to the access rights. The access control and authorization scheme based on the attributes can perform access control and authorization according to the user attributes, so that resources are saved, the user can operate conveniently, and the operation flow of the client is simplified.
Based on the same inventive concept, the embodiment of the present invention further provides an access right management apparatus, as described in the following embodiments. Since the principles of solving these problems are similar to those of the access right management method, the implementation of the access right management apparatus can be referred to the implementation of the method, and repeated details are not repeated.
Fig. 3 is a structural diagram of an access authority management apparatus according to an embodiment of the present invention, and as shown in fig. 3, the access authority management apparatus includes:
a registration request receiving module 301, configured to receive a user registration request, where the user registration request carries user attribute information;
an access authority determining module 302, configured to determine corresponding access authority information according to the user attribute information and a pre-established attribute authority mapping table;
an encryption and decryption key determining module 303, configured to determine a corresponding encryption and decryption key according to the access authority information and a pre-established authority key mapping table;
and an access right management module 304, configured to perform access right management according to the encryption and decryption key.
In one embodiment, the attribute authority mapping table is pre-established as follows:
obtaining a plurality of historical user attribute information;
classifying the historical user attribute information to determine at least one attribute type;
setting corresponding access authority information according to the attribute type of each historical user attribute information;
and establishing an attribute authority mapping table according to the historical user attribute information and the access authority information.
In one embodiment, the authority key mapping table is pre-established as follows:
according to the access authority information, calculating an encryption and decryption key corresponding to each historical user attribute information by using an ABE attribute encryption algorithm;
and establishing an authority key mapping table according to the access authority information and the encryption and decryption keys.
In one embodiment, as shown in fig. 4, the map access authority management apparatus further comprises:
an access request receiving module 401, configured to receive a user access request, where the user registration request carries user attribute information encrypted by an encryption key in the encryption and decryption keys;
and an access request decryption module 402, configured to decrypt the user access request with a decryption key of the encryption and decryption keys.
Based on the aforementioned inventive concept, as shown in fig. 5, an embodiment of the present invention further provides a computer device 500, which includes a memory 510, a processor 520, and a computer program 530 stored on the memory 510 and executable on the processor 520, wherein the processor 520 executes the computer program 530 to implement the above access right management method.
Based on the foregoing inventive concept, an embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the computer program implements the above access right management method.
An embodiment of the present invention further provides a computer program product, where the computer program product includes a computer program, and when the computer program is executed by a processor, the method for managing access permissions is implemented.
The embodiment of the invention receives a user registration request, wherein the user registration request carries user attribute information; determining corresponding access authority information according to the user attribute information and a pre-established attribute authority mapping table; determining a corresponding encryption and decryption key according to the access authority information and a pre-established authority key mapping table; and carrying out access authority management according to the encryption and decryption key. The embodiment of the invention establishes an attribute authority mapping table and an authority key mapping table in advance, thereby establishing the corresponding relation between the attribute and the authority as well as between the authority and the key, and determining the encryption and decryption key according to the attribute information of the user and the established corresponding relation when the user registers, thereby effectively finishing fine-grained access control, reducing unnecessary waste of resources and realizing the management of access authority.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (11)
1. An access right management method, comprising:
receiving a user registration request, wherein the user registration request carries user attribute information;
determining corresponding access authority information according to the user attribute information and a pre-established attribute authority mapping table;
determining a corresponding encryption and decryption key according to the access authority information and a pre-established authority key mapping table;
and performing access authority management according to the encryption and decryption key.
2. The access right management method according to claim 1, wherein the attribute right mapping table is previously established as follows:
obtaining a plurality of historical user attribute information;
classifying the plurality of historical user attribute information to determine at least one attribute type;
setting corresponding access authority information according to the attribute type of each historical user attribute information;
and establishing an attribute authority mapping table according to the historical user attribute information and the access authority information.
3. The access right management method according to claim 2, wherein the right key mapping table is previously established as follows:
calculating an encryption and decryption key corresponding to each historical user attribute information by using an ABE attribute encryption algorithm according to the access authority information;
and establishing an authority key mapping table according to the access authority information and the encryption and decryption keys.
4. The access rights management method of claim 1, further comprising:
receiving a user access request, wherein the user registration request carries user attribute information encrypted by an encryption key in an encryption and decryption key;
and decrypting the user access request by using a decryption key in the encryption and decryption keys.
5. An access right management apparatus, comprising:
a registration request receiving module, configured to receive a user registration request, where the user registration request carries user attribute information;
the access authority determining module is used for determining corresponding access authority information according to the user attribute information and a pre-established attribute authority mapping table;
the encryption and decryption key determining module is used for determining a corresponding encryption and decryption key according to the access authority information and a pre-established authority key mapping table;
and the access authority management module is used for carrying out access authority management according to the encryption and decryption key.
6. The access right management device according to claim 5, wherein the attribute right mapping table is previously established as follows:
obtaining a plurality of historical user attribute information;
classifying the plurality of historical user attribute information to determine at least one attribute type;
setting corresponding access authority information according to the attribute type of each historical user attribute information;
and establishing an attribute authority mapping table according to the historical user attribute information and the access authority information.
7. The access rights management unit according to claim 6, wherein the rights key mapping table is previously established as follows:
according to the access authority information, calculating an encryption and decryption key corresponding to each historical user attribute information by using an ABE attribute encryption algorithm;
and establishing an authority key mapping table according to the access authority information and the encryption and decryption keys.
8. The access right management device according to claim 5, further comprising:
the access request receiving module is used for receiving a user access request, wherein the user registration request carries user attribute information encrypted by an encryption key in the encryption and decryption key;
and the access request decryption module is used for decrypting the user access request by using a decryption key in the encryption and decryption keys.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any of claims 1 to 4 when executing the computer program.
10. A computer-readable storage medium, characterized in that it stores a computer program which, when executed by a processor, implements the method of any one of claims 1 to 4.
11. A computer program product, characterized in that the computer program product comprises a computer program which, when being executed by a processor, carries out the method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211180485.8A CN115643051A (en) | 2022-09-27 | 2022-09-27 | Access authority management method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211180485.8A CN115643051A (en) | 2022-09-27 | 2022-09-27 | Access authority management method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115643051A true CN115643051A (en) | 2023-01-24 |
Family
ID=84943104
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211180485.8A Pending CN115643051A (en) | 2022-09-27 | 2022-09-27 | Access authority management method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115643051A (en) |
-
2022
- 2022-09-27 CN CN202211180485.8A patent/CN115643051A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108390876B (en) | Multi-authorization-center access control method capable of supporting outsourcing revocation and verification and cloud server | |
| CN110417781B (en) | Block chain-based document encryption management method, client and server | |
| CN110855671B (en) | Trusted computing method and system | |
| US7051211B1 (en) | Secure software distribution and installation | |
| CN111783075A (en) | Authority management method, device and medium based on secret key and electronic equipment | |
| WO2021139338A1 (en) | Data access permission verification method and apparatus, computer device, and storage medium | |
| CN109347625B (en) | Password operation method, work key creation method, password service platform and equipment | |
| CN111654367A (en) | Password operation method, work key creation method, password service platform and equipment | |
| CN113051540B (en) | Application program interface safety grading treatment method | |
| CN108521424B (en) | Distributed data processing method for heterogeneous terminal equipment | |
| CN107302524A (en) | A kind of ciphertext data-sharing systems under cloud computing environment | |
| CN113872751B (en) | Method, device and equipment for monitoring service data and storage medium | |
| CN110737905A (en) | Data authorization method, data authorization device and computer storage medium | |
| CN116893903B (en) | Encryption resource allocation method, system, equipment and storage medium | |
| CN108616517B (en) | High-reliability cloud platform service providing method | |
| CN115643051A (en) | Access authority management method and device | |
| CN210745178U (en) | Identity authentication system | |
| CN114329390A (en) | Financial institution database access password protection method and system | |
| CN108449358B (en) | Cloud-based low-delay secure computing method | |
| CN116527257B (en) | Heterogeneous computing system and resource processing method based on same | |
| CN117294465B (en) | Attribute encryption system and method based on cross-domain communication | |
| JP7477907B2 (en) | Information provision system, information provision method, and information provision program | |
| JPH10105470A (en) | Method for authenticating file access | |
| Li-hua et al. | Research on a security model of data in computer supported collaborative design integrated with PDM system | |
| CN115442136A (en) | Application system access method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |