CN115913625A - Information processing method, device, equipment, medium and product - Google Patents

Information processing method, device, equipment, medium and product Download PDF

Info

Publication number
CN115913625A
CN115913625A CN202211192073.6A CN202211192073A CN115913625A CN 115913625 A CN115913625 A CN 115913625A CN 202211192073 A CN202211192073 A CN 202211192073A CN 115913625 A CN115913625 A CN 115913625A
Authority
CN
China
Prior art keywords
permission
user
information
abnormal
behavior
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211192073.6A
Other languages
Chinese (zh)
Inventor
许少伟
魏聪惠
朱佳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
CCB Finetech Co Ltd
Original Assignee
China Construction Bank Corp
CCB Finetech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp, CCB Finetech Co Ltd filed Critical China Construction Bank Corp
Priority to CN202211192073.6A priority Critical patent/CN115913625A/en
Publication of CN115913625A publication Critical patent/CN115913625A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

An embodiment of the application provides an information processing method, an apparatus, a device, a medium and a product, which are applied to a first system and include: acquiring the permission use information of a first user under the condition that the first user sends a permission use request to a second system through user equipment; and in the case that the permission use information comprises the abnormal use permission behavior information of the first user, intercepting the permission use request so that the second system can not execute the operation corresponding to the permission use request. According to the embodiment of the application, leakage of system data is avoided.

Description

Information processing method, device, equipment, medium and product
Technical Field
The present application relates to the field of information processing, and in particular, to an information processing method, apparatus, device, medium, and product.
Background
In real life, the authority management system can only grant roles or authorities of users in corresponding systems, so that the users can execute operations corresponding to the roles or authorities in the systems based on the roles or authorities. However, in the prior art, the situation that system data may be leaked due to the user behavior of the abnormal use authority of the user is not considered.
Disclosure of Invention
The embodiment of the application provides an information processing method, an information processing device, information processing equipment, information processing media and an information processing product, and leakage of system data is avoided.
In a first aspect, an embodiment of the present application provides an information processing method, which is applied to a first system, and includes:
acquiring the permission use information of a first user under the condition that the first user sends a permission use request to a second system through user equipment and the permission use information of the first user is acquired;
and intercepting the permission use request under the condition that the permission use information comprises the abnormal use permission behavior information of the first user, wherein the permission use request is used for the second system not to execute the operation corresponding to the permission use request.
In an optional implementation of the first aspect, the permission use request comprises a target permission; the abnormal use permission behavior information comprises at least one permission abnormally used by the first user;
in the case that the permission use information is determined to include abnormal use permission behavior information of the first user, intercepting a permission use request, comprising:
and intercepting the permission use request in the case that the at least one permission abnormally used by the first user comprises the target permission.
In an optional implementation manner of the first aspect, in a case that the first user sends the permission request to the second system through the user device, before the obtaining of the permission information of the first user, the method further includes:
acquiring user behavior information of a first user permission and abnormal behavior rules;
and generating the permission use information of the first user based on the user behavior information and the abnormal behavior rule.
In an optional implementation manner of the first aspect, before obtaining the abnormal behavior rule, the method further includes:
receiving a first input of a second user on a rule input page, wherein the first input comprises a plurality of rule contents;
in response to the first input, an abnormal behavior rule is generated based on a plurality of rule contents included in the first input.
In an optional implementation of the first aspect, the method further comprises:
acquiring a processing strategy under the condition that the authority use information comprises abnormal use authority behavior information;
storing information corresponding to the abnormal usage permission behavior in the case that the processing policy includes a storage policy;
and generating alarm information based on the abnormal use authority behavior information under the condition that the processing strategy comprises an alarm strategy.
In an alternative embodiment of the first aspect, the method further comprises:
receiving a second input of a second user on the query page;
responding to the second input, and acquiring abnormal use permission behavior information;
and displaying abnormal use permission behavior information.
In a second aspect, an embodiment of the present application provides an information processing apparatus, which is applied to a first system, and includes:
the acquisition module is used for acquiring the permission use information of the first user under the condition that the first user sends a permission use request to the second system through the user equipment and the permission use information of the first user is acquired;
and the interception module is used for intercepting the permission use request under the condition that the permission use information is determined to comprise the abnormal use permission behavior information of the first user, so that the second system cannot execute the operation corresponding to the permission use request.
In a third aspect, an electronic device is provided, including: a memory for storing computer program instructions; and the processor is used for reading and executing the computer program instructions stored in the memory so as to execute the information processing method provided by any optional implementation mode in the first aspect.
In a fourth aspect, a computer storage medium is provided, on which computer program instructions are stored, and the computer program instructions, when executed by a processor, implement the information processing method provided in any optional implementation manner of the first aspect.
In a fifth aspect, a computer program product is provided, and instructions in the computer program product, when executed by a processor of an electronic device, cause the electronic device to execute an information processing method provided in any optional implementation manner in the first aspect.
In the embodiment of the application, the first system can intercept the permission request by acquiring permission information of the first user when the first user sends the permission request to the second system through the user equipment and determining that the permission information of the first user includes abnormal use permission behavior information of the first user, so that the second system cannot receive the permission request sent by the first user through the user equipment, and further cannot execute an operation corresponding to the permission request. Therefore, the user behavior of the abnormal use permission of the user is avoided, and the condition of system data leakage caused by the abnormal use permission behavior is further avoided.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the embodiments of the present application will be briefly described below, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is an architecture diagram of an information handling system provided by an embodiment of the present application;
fig. 2 is a schematic flowchart of an information processing method provided in an embodiment of the present application;
fig. 3 is a schematic structural diagram of an information processing apparatus according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Features and exemplary embodiments of various aspects of the present application will be described in detail below, and in order to make objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail below with reference to the accompanying drawings and specific embodiments. It should be understood that the specific embodiments described herein are merely illustrative of, and not restrictive on, the present application. It will be apparent to one skilled in the art that the present application may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the present application by illustrating examples thereof. In addition, in the technical scheme of the application, the acquisition, storage, use, processing and the like of the data all conform to relevant regulations of national laws and regulations.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising 8230; \8230;" comprise 8230; "do not exclude the presence of additional identical elements in any process, method, article, or apparatus that comprises the element.
The term "and/or" herein is merely an association describing an associated object, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone.
In the embodiment of the present application, a first system may obtain permission use information of a first user under the condition that the first user sends a permission use request to a second system through user equipment, and intercept the permission use request under the condition that it is determined that the permission use information of the first user includes abnormal use permission behavior information of the first user, so that the second system cannot receive the permission use request sent by the first user through user equipment, and further cannot execute an operation corresponding to the permission use request. Therefore, the user behavior of the abnormal use permission of the user is avoided, and the condition of system data leakage caused by the abnormal use permission behavior is further avoided.
The data processing method provided by the embodiment of the present application is described in detail below with reference to the accompanying drawings by specific embodiments.
Fig. 1 is an architecture diagram of an information processing system according to an embodiment of the present application.
As shown in fig. 1, the architecture diagram may include a first system 10 and a second system 20. Wherein, the first system 10 can be connected with the second system 20 in a wireless manner.
It should be further noted that the first system may assign a role or a right of the user in the second system to the user, so that the user may perform a corresponding operation in the second system by using the role or the right. The first system may be a system located inside the second system or may be a system independent of the second system.
Based on the architecture diagram of the information processing system, the following describes in detail the information processing method provided in the embodiment of the present application by using a specific embodiment with reference to fig. 2.
Fig. 2 is a schematic flowchart of an information processing method according to an embodiment of the present application.
As shown in fig. 2, an execution subject of the information processing method may be a first system, and the method may specifically include the following steps:
s210, under the condition that the first user sends the permission request to the second system through the user equipment, the permission use information of the first user is obtained.
Specifically, under the condition that the first user sends the permission use request to the second system through the user equipment, the first system can acquire the permission use information of the first user, so that whether the permission use request is intercepted or not can be judged subsequently based on the permission use information of the first user, and data leakage of the second system is avoided.
The user equipment includes, but is not limited to, an electronic device that can log in to the second system to perform an operation, such as a mobile phone, a computer, and the like. The right use request may be a request for requesting use of a right to perform the related operation, which is transmitted when the first user can perform the related operation in the second system through the user device. The permission usage information may be used to determine whether the first user has abnormal usage permission behavior.
S220, intercepting the permission use request under the condition that the permission use information comprises the abnormal use permission behavior information of the first user, wherein the permission use request is used for the second system not to execute the operation corresponding to the permission use request.
Specifically, after obtaining the permission use information of the first user, the first system may directly intercept the permission use request under the condition that it is determined that the permission use information includes the abnormal use permission behavior information of the first user, so as to prevent the second system from receiving the permission use request, and further prevent the second system from executing an operation corresponding to the permission use request.
It should be noted that, when a first user accesses a second system, a login request is first sent to the second system through a user device, and after the gateway service authentication of the second system passes, the first system may obtain the right use information of the first user to perform the right verification on the first user under the condition that the first user sends a right use request to the second system through the user device to hope that the second system performs a certain operation.
It should be further noted that, when the first system performs authority control on the first user due to the fact that the first user has a behavior of abnormal usage authority, the first user may send a request to the first system through the user device to request to continue using the related authority, and if the request is successful, the first user may still send an authority usage request to the second system through the user device, so that the second system executes a related operation corresponding to the authority usage request.
In the embodiment of the application, the first system may obtain the permission information of the first user when the first user sends the permission request to the second system through the user equipment, and intercept the permission request when it is determined that the permission information of the first user includes the abnormal use permission behavior information of the first user, so that the second system cannot receive the permission request sent by the first user through the user equipment, and the second system cannot execute the operation corresponding to the permission request. Therefore, the user behavior of the abnormal use permission of the user is avoided, and the condition of system data leakage caused by the abnormal use permission behavior is further avoided.
In order to more accurately intercept the permission use permission request, the situation of mistaken interception is avoided, and the situation of low user experience is caused. In an embodiment, since the permission use request may include the target permission, the related abnormal use permission behavior information may include at least one permission that the first user abnormally uses, based on which the related S220 may specifically include the following steps:
and in the case that at least one authority which is abnormally used by the first user comprises a target authority, intercepting an authority use request.
Specifically, in the case that the at least one privilege abnormally used by the first user includes a target privilege requested to be used by the privilege use request, that is, the first user has a behavior of abnormally using the target privilege, the first system may directly intercept the privilege use request.
It should be further noted that the permission use request may include not only the target permission that the first user requests to use through the user equipment, but also a user identifier of the first user and a Uniform Resource Locator, URL) address. The URL address may be an address of information or resource that needs to be obtained when the second system performs an operation corresponding to the permission request, and based on this, if the permission request is not intercepted, the second system may obtain related information or resource based on the URL address and perform the operation corresponding to the permission request.
In this embodiment, since the permission use request may include a target permission that the first user requests to use through the user device, and the abnormal use permission behavior information may include at least one permission that the first user abnormally uses, in a case that the at least one permission that the first user abnormally uses included in the abnormal use permission behavior information includes the target permission, the permission use request is directly intercepted. Therefore, the permission use request can be intercepted in a targeted manner, so that the condition of mistaken interception is avoided.
In order to describe the information processing method provided in the embodiments of the present application in more detail, in an embodiment, before the first user acquires the right use information of the first user when the first user sends a right use request to the second system through the user device, the information processing method related to the foregoing may further include the following steps:
acquiring user behavior information of a first user permission and abnormal behavior rules;
and generating the authority use information of the first user based on the user behavior information and the abnormal behavior rule.
Specifically, when the first user accesses the second system, the second system may generate a corresponding access log, so that the first system may obtain the user behavior information of the first user usage right from the access log generated by the second system, obtain the abnormal behavior rule from the database of the first system, and further generate the right usage information of the first user based on the user behavior information of the first user usage right and the abnormal behavior rule.
The user behavior information may be user behavior information of the first user permission to perform the relevant operation on the second system, and more specifically, the user behavior information may be historical user behavior information of the first user permission to perform the relevant operation on the second system within a preset time period, where the preset time period may be a time period preset based on actual experience or situation, for example, the preset time period may be one month or one week, and a time length of the specific preset time period is not specifically limited herein.
In some embodiments, the abnormal behavior rules may include a plurality of rules for determining whether the first user has abnormal usage rights behavior. For example, the abnormal behavior rules may include rules such as access frequency of some sensitive fields, maximum data amount in batch query, etc., and are not limited in detail herein.
It should be noted that, in the case that the matching between the user behavior information and the abnormal behavior rule is successful, that is, in the case that the first user has an abnormal usage permission behavior, the permission usage information generated by the first system may include the abnormal usage permission behavior information of the first user. In the case that the matching of the user behavior information and the abnormal behavior rule is unsuccessful, that is, the first user does not have the abnormal usage permission behavior, the permission usage information generated by the first system may not include the abnormal usage permission behavior information of the first user.
It should be further noted that, when the first user accesses the second system, the second system may generate a corresponding access log in the back-end server, where the access log may include data for the first user to apply for permission to execute a related operation, and the back-end server may collect and transmit the access log to the kafka message queue cluster through a collection component such as filebeat, and perform an aggregation, temporary storage, and peak leveling function. And then consuming the original access log in the kafka by the logstack component, extracting effective access log records related to the permission use by adopting modes of cleaning, filtering and the like, and storing the effective access log records into a redis cache cluster, wherein the redis is stored by adopting a list data structure type.
Based on this, the first system can query the user behavior information of the user usage right from the list queue of the redis cluster in real time, and analyze and calculate the user behavior information to obtain the user behavior characteristics, which may include access source, access frequency, query content, query data size, and whether the user behavior characteristics include sensitive fields and other contents.
In this embodiment, the first system may generate the permission use information of the first user by acquiring the user behavior information of the permission used by the first user and the abnormal behavior rule and by matching the user behavior information with the abnormal behavior rule before acquiring the permission use information of the first user when the first user sends the permission use request to the second system through the user device. In this way, whether the first user has abnormal use permission behavior or not can be accurately judged based on the permission use information of the first user conveniently and subsequently.
Based on this, in an embodiment, before obtaining the abnormal behavior rule, the information processing method related to the foregoing may further include the following steps:
receiving a first input of a second user on a rule input page, wherein the first input comprises a plurality of rule contents;
in response to the first input, an abnormal behavior rule is generated based on a plurality of rule contents included in the first input.
In this embodiment, the first system may generate the abnormal behavior rule based on a plurality of rule contents included in the first input in response to the first input by receiving the first input of the second user on the rule input page in the first system. In this way, the rule for determining whether the first user has an illegal usage right behavior can be flexibly configured based on actual needs.
In order to fully and specifically describe the information processing method provided in the embodiment of the present application, in an embodiment, the information processing method mentioned above may further include:
acquiring a processing strategy under the condition that the authority use information comprises abnormal use authority behavior information;
storing abnormal use permission behavior information under the condition that the processing strategy comprises a storage strategy;
and generating alarm information based on the abnormal use authority behavior information under the condition that the processing strategy comprises an alarm strategy.
The processing policy may be a policy preset in the first system, where the processing policy includes at least one of a storage policy and an alarm policy, and it should be noted that the processing policy may also be configured flexibly according to an actual situation, for example, the processing policy may also include other policies such as secondary verification, which is not limited specifically herein.
It should be noted that, in the case that the processing policy includes an alarm policy, after the alarm information is generated, the alarm may be given by a mail, a short message, an application program, or the like to notify the user.
In this embodiment, since the processing policy is obtained for processing the abnormal usage permission behavior information of the first user when the abnormal usage permission behavior information is included in the permission usage information, that is, the user behavior information indicating the usage permission of the first user includes the abnormal usage permission behavior information, that is, when the first user is an abnormal user having an abnormal usage permission behavior. And under the condition that the processing strategy comprises a storage strategy, storing the abnormal use authority behavior information so as to be convenient for follow-up inquiry and verification, and under the condition that the processing strategy comprises an alarm strategy, generating alarm information based on the abnormal use authority behavior information. Therefore, the abnormal use permission behavior information can be correspondingly processed by flexibly configuring the processing strategy.
Based on this, in one embodiment, the information processing method mentioned above may further include the steps of:
receiving a second input of a second user on the query page;
responding to the second input, and acquiring abnormal use permission behavior information;
and displaying and abnormal use permission behavior information.
Specifically, the first system may obtain the abnormal usage permission behavior information in response to a second input of the second user on the query page by receiving the second input, and may further display the abnormal usage permission behavior information.
In one example, since all the abnormal usage permission behavior information is recorded in the database, when the first system receives a second input of the second user on the query page, the first system may query the abnormal usage permission behavior information in response to the second input, and may display the abnormal usage permission behavior information through various graphs, for example, the abnormal usage permission behavior information may be filtered and displayed in multiple dimensions, such as mechanism, function, and personnel. Therefore, based on the data analysis capability provided by the first system, the analysis result of the abnormal use permission behavior information can be provided, the second user is provided with a visual display, the second user can configure a corresponding processing strategy conveniently, and scientific data decision support is provided for the implementation effect of the processing strategy.
In this embodiment, the first system may obtain the abnormal usage permission behavior information in response to a second input of the second user on the query page by receiving the second input, and may further display the abnormal usage permission behavior information. In this way, the abnormal use permission of the user can be intuitively observed.
It should be noted that the first user mentioned above may be understood as a general user, and the second user may be understood as an administrator. Specifically, the method may be used for distinguishing the first user from the second user based on an account of the user logging in the second system, or based on a user identifier carried in a request when the user sends various requests to the first system through the user equipment, and is not limited specifically herein.
Based on the same inventive concept, the embodiment of the present application also provides an information processing apparatus, which can be applied to the first system. The information processing apparatus provided in the embodiment of the present application is specifically described with reference to fig. 3.
Fig. 3 is a schematic structural diagram of an information processing apparatus according to an embodiment of the present application.
As shown in fig. 3, the information processing apparatus 300 may include: an acquisition module 310 and an interception module 320.
The obtaining module 310 is configured to obtain the right use information of the first user when the first user sends a right use request to the second system through the user equipment.
And an intercepting module 320, configured to intercept the permission use request when it is determined that the permission use information includes abnormal use permission behavior information of the first user, so that the second system cannot perform an operation corresponding to the permission use request.
In one embodiment, the permission-use request includes a target permission; the abnormal usage permission behavior information includes at least one permission abnormally used by the first user.
And the interception module is also used for intercepting the permission use request under the condition that at least one permission abnormally used by the first user comprises a target permission.
In an embodiment, the obtaining module is further configured to obtain user behavior information of the first user's usage right and the abnormal behavior rule before obtaining the right usage information of the first user when the first user sends a right usage request to the second system through the user device.
The information processing apparatus as referred to above may further include a generation module.
And the generating module is used for generating the authority use information of the first user based on the user behavior information and the abnormal behavior rule.
In one embodiment, the information processing apparatus mentioned above may further include a receiving module.
And the receiving module is used for receiving first input of a second user on the rule input page before the abnormal behavior rule is acquired, wherein the first input comprises a plurality of rule contents.
The generating module is used for responding to the first input and generating the abnormal behavior rule based on a plurality of rule contents included by the first input.
In one embodiment, the information processing apparatus mentioned above may further include a storage module and an alarm module.
The acquisition module is further used for acquiring the processing strategy under the condition that the authority use information comprises abnormal use authority behavior information.
And the storage module is used for storing information corresponding to the abnormal use permission behavior under the condition that the processing strategy comprises a storage strategy.
And the alarm module generates alarm information based on the abnormal use authority behavior information under the condition that the processing strategy comprises an alarm strategy.
In one embodiment, the information processing apparatus mentioned above may further include a display module.
The receiving module is further used for receiving a second input of a second user on the query page.
And the acquisition module is also used for responding to the second input and acquiring the abnormal use permission behavior information.
And the display module is also used for displaying the abnormal use permission behavior information.
In the embodiment of the application, the first system may obtain the permission information of the first user when the first user sends the permission request to the second system through the user equipment, and intercept the permission request when it is determined that the permission information of the first user includes the abnormal use permission behavior information of the first user, so that the second system cannot receive the permission request sent by the first user through the user equipment, and the second system cannot execute the operation corresponding to the permission request. Therefore, the user behavior of the abnormal use permission of the user is avoided, and the condition of system data leakage caused by the abnormal use permission behavior is further avoided.
Each module in the information processing apparatus provided in the embodiment of the present application may implement the method steps in the embodiment shown in fig. 2, and achieve the corresponding technical effects, and for brevity, no further description is given here.
Fig. 4 shows a hardware structure diagram of an electronic device provided in an embodiment of the present application.
The electronic device may include a processor 401 and a memory 402 storing computer program instructions.
Specifically, the processor 401 may include a Central Processing Unit (CPU), or an Application Specific Integrated Circuit (ASIC), or may be configured to implement one or more Integrated circuits of the embodiments of the present Application.
Memory 402 may include mass storage for data or instructions. By way of example, and not limitation, memory 402 may include a Hard Disk Drive (HDD), floppy Disk Drive, flash memory, optical Disk, magneto-optical Disk, tape, or Universal Serial Bus (USB) Drive or a combination of two or more of these. Memory 402 may include removable or non-removable (or fixed) media, where appropriate. The memory 402 may be internal or external to the integrated gateway disaster recovery device, where appropriate. In a particular embodiment, the memory 402 is non-volatile solid-state memory.
The memory may include Read Only Memory (ROM), random Access Memory (RAM), magnetic disk storage media devices, optical storage media devices, flash memory devices, electrical, optical, or other physical/tangible memory storage devices. Thus, in general, the memory includes one or more tangible (non-transitory) computer-readable storage media (e.g., a memory device) encoded with software comprising computer-executable instructions and when the software is executed (e.g., by one or more processors) it is operable to perform operations described with reference to the method according to an aspect of the disclosure.
The processor 401 realizes any one of the information processing methods in the above-described embodiments by reading and executing computer program instructions stored in the memory 402.
In one example, the electronic device may also include a communication interface 403 and a bus 410. As shown in fig. 4, the processor 401, the memory 402, and the communication interface 403 are connected via a bus 410 to complete communication therebetween.
The communication interface 403 is mainly used for implementing communication between modules, apparatuses, units and/or devices in the embodiments of the present application.
Bus 410 comprises hardware, software, or both that couple the components of the online data traffic billing device to one another. By way of example, and not limitation, a bus may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industrial Standard Architecture (EISA) bus, a Front Side Bus (FSB), a Hyper Transport (HT) interconnect, an Industrial Standard Architecture (ISA) bus, an infiniband interconnect, a Low Pin Count (LPC) bus, a memory bus, a Micro Channel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a video electronics standards association local (VLB) bus, or other suitable bus or a combination of two or more of these. Bus 410 may include one or more buses, where appropriate. Although specific buses are described and shown in the embodiments of the application, any suitable buses or interconnects are contemplated by the application.
In addition, in combination with the information processing method in the foregoing embodiments, the embodiments of the present application may be implemented by providing a computer storage medium. The computer storage medium having computer program instructions stored thereon; the computer program instructions realize the information processing method provided by the embodiment of the application when being executed by a processor.
Embodiments of the present application further provide a computer program product, where instructions in the computer program product, when executed by a processor of an electronic device, cause the electronic device to execute the information processing method provided in the embodiments of the present application.
It is to be understood that the present application is not limited to the particular arrangements and instrumentalities described above and shown in the attached drawings. A detailed description of known methods is omitted herein for the sake of brevity. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present application are not limited to the specific steps described and illustrated, and those skilled in the art can make various changes, modifications and additions, or change the order between the steps, after comprehending the spirit of the present application.
The functional blocks shown in the above structural block diagrams may be implemented as hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, plug-in, function card, or the like. When implemented in software, the elements of the present application are the programs or code segments used to perform the required tasks. The program or code segments can be stored in a machine-readable medium or transmitted by a data signal carried in a carrier wave over a transmission medium or a communication link. A "machine-readable medium" may include any medium that can store or transfer information. Examples of a machine-readable medium include electronic circuits, semiconductor memory devices, ROM, flash memory, erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, radio Frequency (RF) links, and so forth. The code segments may be downloaded via computer networks such as the internet, intranet, etc.
It should also be noted that the exemplary embodiments mentioned in this application describe some methods or systems based on a series of steps or devices. However, the present application is not limited to the order of the above-described steps, that is, the steps may be performed in the order mentioned in the embodiments, may be performed in an order different from the order in the embodiments, or may be performed simultaneously.
Aspects of the present disclosure are described above with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable information processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable information processing apparatus, implement the functions/acts specified in the flowchart and/or block diagram block or blocks. Such a processor may be, but is not limited to, a general purpose processor, a special purpose processor, an application specific processor, or a field programmable logic circuit. It will also be understood that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware for performing the specified functions or acts, or combinations of special purpose hardware and computer instructions.
As will be apparent to those skilled in the art, for convenience and brevity of description, the specific working processes of the systems, modules and units described above may refer to corresponding processes in the foregoing method embodiments, and are not described herein again. It should be understood that the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive various equivalent modifications or substitutions within the technical scope of the present application, and these modifications or substitutions should be covered within the scope of the present application.

Claims (10)

1. An information processing method applied to a first system, the method comprising:
acquiring the permission use information of a first user under the condition that the first user sends a permission use request to a second system through user equipment;
and intercepting the permission use request under the condition that the permission use information is determined to comprise abnormal use permission behavior information of the first user, so that the second system cannot execute the operation corresponding to the permission use request.
2. The method of claim 1, wherein the permission use request comprises a target permission; the abnormal use permission behavior information comprises at least one permission abnormally used by the first user;
the intercepting the permission use request under the condition that the permission use information is determined to include abnormal use permission behavior information of the first user comprises the following steps:
and intercepting the permission use request in the case that at least one permission abnormally used by the first user comprises a target permission.
3. The method of claim 1, wherein before the obtaining the right use information of the first user in a case that the first user sends a right use request to the second system through the user device, the method further comprises:
acquiring user behavior information of a first user permission and abnormal behavior rules;
and generating the authority use information of the first user based on the user behavior information and the abnormal behavior rule.
4. The method of claim 3, wherein prior to obtaining the abnormal behavior rules, the method further comprises:
receiving a first input of a second user on a rule input page, wherein the first input comprises a plurality of rule contents;
in response to the first input, generating an abnormal behavior rule based on a plurality of rule contents included in the first input.
5. The method according to claim 1 or 3, characterized in that the method further comprises:
acquiring a processing strategy under the condition that the permission use information comprises abnormal permission use behavior information;
storing the abnormal usage permission behavior information under the condition that the processing policy comprises a storage policy;
and generating alarm information based on the abnormal use authority behavior information under the condition that the processing strategy comprises an alarm strategy.
6. The method of claim 5, further comprising:
receiving a second input of a second user on the query page;
responding to the second input, and acquiring the abnormal use permission behavior information;
and displaying the abnormal use permission behavior information.
7. An information processing apparatus, applied to a first system, the apparatus comprising:
the acquisition module is used for acquiring the permission use information of the first user under the condition that the first user sends a permission use request to the second system through the user equipment and the permission use information of the first user is acquired;
and the interception module is used for intercepting the permission use request under the condition that the permission use information is determined to comprise the abnormal use permission behavior information of the first user, so that the second system cannot execute the operation corresponding to the permission use request.
8. An electronic device, characterized in that the device comprises: a processor and a memory storing computer program instructions;
the processor reads and executes the computer program instructions to implement the information processing method according to any one of claims 1 to 6.
9. A computer storage medium, characterized in that it has stored thereon computer program instructions which, when executed by a processor, implement the information processing method according to any one of claims 1 to 6.
10. A computer program product, characterized in that instructions in the computer program product, when executed by a processor of an electronic device, cause the electronic device to perform the information processing method according to any one of claims 1 to 6.
CN202211192073.6A 2022-09-28 2022-09-28 Information processing method, device, equipment, medium and product Pending CN115913625A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211192073.6A CN115913625A (en) 2022-09-28 2022-09-28 Information processing method, device, equipment, medium and product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211192073.6A CN115913625A (en) 2022-09-28 2022-09-28 Information processing method, device, equipment, medium and product

Publications (1)

Publication Number Publication Date
CN115913625A true CN115913625A (en) 2023-04-04

Family

ID=86479558

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211192073.6A Pending CN115913625A (en) 2022-09-28 2022-09-28 Information processing method, device, equipment, medium and product

Country Status (1)

Country Link
CN (1) CN115913625A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116232770A (en) * 2023-05-08 2023-06-06 中国石油大学(华东) Enterprise network safety protection system and method based on SDN controller

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116232770A (en) * 2023-05-08 2023-06-06 中国石油大学(华东) Enterprise network safety protection system and method based on SDN controller

Similar Documents

Publication Publication Date Title
US10091230B1 (en) Aggregating identity data from multiple sources for user controlled distribution to trusted risk engines
CN111062024B (en) Application login method and device
CN104811428A (en) Method, device and system for verifying client identity by social relation data
CN107819743B (en) Resource access control method and terminal equipment
KR20130094522A (en) Mobile terminal and method for security diagnostics
CN115913625A (en) Information processing method, device, equipment, medium and product
CN111339151A (en) Online examination method, device, equipment and computer storage medium
CN113191892A (en) Account risk prevention and control method, device, system and medium based on equipment fingerprint
CN113852639A (en) Data processing method and device, electronic equipment and computer readable storage medium
CN110971690B (en) Push message processing method, device and equipment of IOS client
CN109699030B (en) Unmanned aerial vehicle authentication method, device, equipment and computer readable storage medium
CN115361450B (en) Request information processing method, apparatus, electronic device, medium, and program product
CN109635558B (en) Access control method, device and system
CN110955921A (en) Electronic signature method, device, equipment and storage medium
CN114385695A (en) Information query method, device, equipment and computer readable storage medium
CN114553432A (en) Identity authentication method, device, equipment and computer readable storage medium
CN112330366A (en) Redemption code redemption request verification method, apparatus, device and computer readable medium
CN111131369B (en) APP use condition transmission method and device, electronic equipment and storage medium
CN112714108A (en) Method, device and equipment for verifying terminal communication number and computer storage medium
CN115967522A (en) Data processing method, device, equipment and storage medium
US9565205B1 (en) Detecting fraudulent activity from compromised devices
CN114675970A (en) Information determination method, device, equipment, storage medium and computer program product
US20230179966A1 (en) Smishing fraud prevention system, method and program
CN115766183A (en) Evaluation method, device, equipment and medium applied to bale plucking tool
CN114676459A (en) Resource access processing method, device, equipment, medium and product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination