CN116776358B - Data processing system for blocking APP access rights of user - Google Patents

Data processing system for blocking APP access rights of user Download PDF

Info

Publication number
CN116776358B
CN116776358B CN202311041250.5A CN202311041250A CN116776358B CN 116776358 B CN116776358 B CN 116776358B CN 202311041250 A CN202311041250 A CN 202311041250A CN 116776358 B CN116776358 B CN 116776358B
Authority
CN
China
Prior art keywords
list
app
data
buried point
identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311041250.5A
Other languages
Chinese (zh)
Other versions
CN116776358A (en
Inventor
赵洲洋
于伟
靳雯
王全修
石江枫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Rizhao Ruian Information Technology Co ltd
Beijing Rich Information Technology Co ltd
Original Assignee
Rizhao Ruian Information Technology Co ltd
Beijing Rich Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Rizhao Ruian Information Technology Co ltd, Beijing Rich Information Technology Co ltd filed Critical Rizhao Ruian Information Technology Co ltd
Priority to CN202311041250.5A priority Critical patent/CN116776358B/en
Publication of CN116776358A publication Critical patent/CN116776358A/en
Application granted granted Critical
Publication of CN116776358B publication Critical patent/CN116776358B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of APP, and provides a data processing system for blocking APP access rights of users, which comprises: the target APP management platform, the target APP identification list, the processor and the memory storing the computer program, when the computer program is executed by the processor, the following steps are realized: acquiring a target user identification list; acquiring a specified access right blocking value list; acquiring a key access authority information list; acquiring a first priority list; blocking the appointed access right of the target APP according to the first priority and the appointed access right blocking value; acquiring a second priority list; and blocking the access rights to the sub-rights in the target APP according to the second priority and the sub-rights blocking value. According to the invention, the access authority of the target user to the target APP can be accurately and timely blocked through the system, the time error is small, and the accuracy of blocking the access authority of the target user to the target APP is improved.

Description

Data processing system for blocking APP access rights of user
Technical Field
The invention relates to the technical field of APP, in particular to a data processing system for blocking APP access rights of users.
Background
Along with the rapid development of computer networks, the number of the APPs is continuously increased, a user can acquire desired data through various APPs and process some data, however, some abnormal data which cannot be queried or processed by the user exists in the APPs, so that the access rights of the user to the APPs are required to be set through an APP management platform, when the data searched by the user relate to the abnormal data or the abnormal data are frequently searched, the access rights of the user to the APPs or the access rights of the data operation rights in the APPs are required to be blocked in time, in the prior art, the method for blocking the access rights of the user to the APPs or the access rights of the data operation rights in the APPs is to acquire the data operation records of the user in the APPs, analyze the data operation records in the APPs manually, determine whether to block the access rights of the user to the APPs or the access rights of the data operation rights in the APPs, and when the access rights of the data operation rights in the APPs are required to be blocked, set through the APP management platform by an administrator.
However, the above method has the following technical problems:
the method comprises the steps of manually analyzing and judging whether the access right of a user to the APP or the access right of the data operation right in the APP is blocked, wherein the access right of the user to the APP or the access right of the data operation right in the APP is uncontrollable, and a time error exists before the manager blocks the access right of the user to the APP or the access right of the data operation right in the APP through an APP management platform, so that the accuracy of blocking the access right of the user to the APP is low.
Disclosure of Invention
Aiming at the technical problems, the invention adopts the following technical scheme:
a data processing system for blocking a user's APP access rights, comprising: target APP management platform and target APP identification list A= { A corresponding to target management platform 1 ,A 2 ,……,A i ,……,A m A processor and a memory storing a computer program, wherein A i For the i-th target APP identity, i=1, 2, … …, m, m is the number of target APP identities, when the computer program is executed by the processor, the following steps are implemented:
s100, acquiring a target user identification list B= { B 1 ,B 2 ,……,B j ,……,B n },B j For the jth target user, j=1, 2, … …, n, n is the number of target user identities.
S200, acquiring a specified access right blocking value list C= { C corresponding to A 1 ,C 2 ,……,C i ,……,C m },C i Is A i The corresponding appointed access authority blocking value is a value for determining to block the appointed access authority corresponding to the target APP identifier, and the appointed access authority is the access authority of the target APP corresponding to the target APP identifier.
S300, acquiring a key access right information list D= { D corresponding to A 1 ,D 2 ,……,D i ,……,D m },D i ={D i1 ,……,D i2 ,……,D ix ,……,D ip },D ix Is A i Corresponding x-th key access right information, wherein x=1, 2, … …, p and p are A i The corresponding key access right information is access right information of sub-rights of the target APP corresponding to the target APP identification, and the sub-rights are rights for operating data in the target APP.
S400, according to B, acquiring a first priority list E= { E corresponding to B 1 ,E 2 ,……,E j ,……,E n },E j ={E j1 ,E j2 ,……,E ji ,……,E jm },E ji Is B j And A is a i A first priority therebetween.
S500, when E ji ≥C i Blocking B when j Corresponding target user pair A i Corresponding appointed access rights;
s600, according to B, acquiring a second priority list F= { F corresponding to B 1 ,F 2 ,……,F j ,……,F n },F j ={F j1 ,F j2 ,……,F ji ,……,F jm },F ji ={F 1 ji ,F 2 ji ,……,F x ji ,……,F p ji },F x ji Is B j And D ix A second priority between sub-rights identifications in (a).
S700, when F x ji ≥D 0 ix Blocking B when j Corresponding target user pair D ix The access rights of the sub rights corresponding to the sub rights identification in the system, D 0 ix For D ix The sub-authority blocking value is a value for determining the access authority of the sub-authority corresponding to the blocking sub-authority identification.
The invention has at least the following beneficial effects:
the invention provides a data processing system for blocking APP access rights of a user, which comprises: the target APP management platform, the target APP identification list, the processor and the memory storing the computer program, when the computer program is executed by the processor, the following steps are realized: acquiring a target user identification list; acquiring a specified access right blocking value list corresponding to a target APP identification list; acquiring a key access right information list corresponding to a target APP identification list; acquiring a first priority list corresponding to a target user identification list according to the target user identification list; comparing the first priority with the designated access right blocking value so as to block the designated access right of the target user to the target APP; acquiring a second priority list corresponding to the target user identifier according to the target user identifier list; and comparing the second priority with the sub-right blocking value so as to block the access right of the target user to the sub-right in the target APP. According to the method and the system, the first priority and the second priority corresponding to the target user can be obtained through the system, the first priority and the second priority are judged, the access right of the target user to the target APP can be accurately and timely blocked, the existing time error is small, and further the accuracy of blocking the access right of the target user to the target APP is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a computer program executed by a data processing system for blocking APP access rights of a user according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to fall within the scope of the invention.
The embodiment of the invention provides a data processing system for blocking APP access rights of a user, which comprises the following components: target APP management platform and target APP identification list A= { A corresponding to target management platform 1 ,A 2 ,……,A i ,……,A m A processor and a memory storing a computer program, wherein A i For the ith target APP identifier, i=1, 2, … …, m, m is the number of target APP identifiers, the target APP identifier is the unique identity identifier of the target APP, the target APP is the APP managed by the target APP management platform, the target APP management platform is a platform which is predetermined by a person skilled in the art according to actual requirements and can manage a plurality of APPs, when the computer program is executed by the processor, the following steps are implemented, as shown in fig. 1:
s100, acquiring a target user identification list B= { B 1 ,B 2 ,……,B j ,……,B n },B j For the jth target user, j=1, 2, … …, n, n is the number of target user identifiers, the target user identifier is the unique identity identifier of the target user, and the target user uses any one A i The corresponding target APP user, those skilled in the art know that any method for obtaining the identifier of the user using the APP in the prior art belongs to the protection scope of the present invention, and will not be described herein.
S200, acquiring the specification corresponding to the AAccess authority blocking value list c= { C 1 ,C 2 ,……,C i ,……,C m },C i Is A i The corresponding appointed access authority blocking value is a value for determining to block the appointed access authority corresponding to the target APP identifier, and the appointed access authority is the access authority of the target APP corresponding to the target APP identifier.
Specifically, S200 includes the steps of:
s201, a historical time period is acquired, wherein the historical time period is the time period which is the last time period of the current time period, the current time period is the time period where the current time point is located, the time period length is 1, and the measurement unit of the time period length is month, and the historical time period can be understood as the last month of the current month, for example: if the current time point is 2023, 7, 27, 10 am, 20 minutes, 5 seconds, then the current time period is 2023, 7, and the historical time period is 2023, 6.
S203, obtain A i Corresponding first critical priority list Q i ={Q i1 ,Q i2 ,……,Q ik ,……,Q it },Q ik Is A i The corresponding kth first critical priority, k=1, 2, … …, t, t is a i The corresponding first key priority number is the target user identification and A in the history time period i A first priority in between, wherein, as known to those skilled in the art, the target user identification and A in the history period are obtained i First priority mode and step S400 of obtaining B j And A is a i The first priority is the same, and will not be described in detail herein.
S205 according to Q ik The order pairs Q from small to large i All Q of (3) ik Ordering to obtain A i Corresponding second Key priority List Q 0 i ={Q 0 i1 ,Q 0 i2 ,……,Q 0 ik ,……,Q 0 it },Q 0 ik Is A i A corresponding kth second critical priority.
S207 according to Q 0 i Acquiring Q 0 i Corresponding priority difference list Q 1 i ={Q 1 i1 ,Q 1 i2 ,……,Q 1 ik ,……,Q 1 i(t-1) }, wherein Q 1 ik Meets the following conditions:
Q 1 ik =Q 0 i(k+1) -Q 0 ik
s209, maximizing Q 1 ik Corresponding Q 0 i(k+1) As C i
Above-mentioned, through the first key priority that historical time period corresponds, obtain the second key priority list that target APP list corresponds, handle the second key priority, can be accurate confirm appointed access right blocking value, compare first priority and appointed access right blocking value, and then block target user's appointed access right to target APP, can be accurate and timely block target user's access right to target APP, the time error that exists is less, and then is favorable to improving the accuracy of blocking target user's access right to target APP.
S300, acquiring a key access right information list D= { D corresponding to A 1 ,D 2 ,……,D i ,……,D m },D i ={D i1 ,……,D i2 ,……,D ix ,……,D ip },D ix Is A i Corresponding x-th key access right information, wherein x=1, 2, … …, p and p are A i The corresponding key access right information is access right information of sub-rights of the target APP corresponding to the target APP identification, and the sub-rights are rights for operating data in the target APP, for example: querying the authority of the data, deleting the authority of the data, modifying the authority of the data, and the like.
Specifically, the access right information includes: the sub-right identifier corresponds to a target APP identifier, the sub-right identifier corresponds to a sub-right blocking value, and the sub-right blocking value is a value for determining to block access rights of the sub-right corresponding to the sub-right identifier, wherein a person skilled in the art knows that any method for acquiring the identifier of the right for operating the data in the APP in the prior art belongs to the protection scope of the invention, and is not repeated herein.
Further, the sub-right identifier is a unique identity identifier of the sub-right.
Specifically, each sub-right corresponds to an access right.
Specifically, S300 includes the steps of obtaining a sub-right blocking value:
s301, obtain D ix A third key priority list corresponding to the sub-right identifiers in the history time period, wherein the third key priority list comprises a plurality of third key priorities, and the third key priorities are target user identifiers and D in the history time period ix A second priority between sub-rights identifications in (1), wherein the person skilled in the art knows to obtain the target user identification and D in the history period ix Second priority mode between sub-right identifiers in S600 and B acquisition in S600 j And D ix The manner of the second priority between the sub-right identifiers in the above is the same, and will not be described in detail here.
S303, acquiring D according to the third key priority list ix The manner of obtaining the sub-right blocking value according to the third key priority list is the same as the manner of obtaining the specified access right blocking value in S205-209, which is known to those skilled in the art, and will not be described herein.
Above-mentioned, handle the third key priority that historical time period corresponds, can be accurate confirm sub-authority and block the value, contrast second priority and sub-authority and block the value to block target user's access authority to the sub-authority in the target APP, can be accurate and timely block target user's access authority to the target APP, the time error that exists is less, and then is favorable to improving and blocks target user's accuracy to target APP's access authority.
S400, according to B, acquiring a first priority list E= { E corresponding to B 1 ,E 2 ,……,E j ,……,E n },E j ={E j1 ,E j2 ,……,E ji ,……,E jm },E ji Is B j And A is a i A first priority therebetween.
Specifically, S400 includes the steps of:
s401, according to B, acquiring an initial buried point log list G= { G corresponding to B 1 ,G 2 ,……,G j ,……,G n },G j ={G j1 ,G j2 ,……,G je ,……,G jf },G je Is B j The e-th initial buried point information in the corresponding initial buried point log, e=1, 2, … …, f, f is B j The initial buried point log is a log which records initial buried point information and is stored in a system in a preset time period, the initial buried point information is buried point information determined by performing data buried point operation on data in a target APP according to a target user, and the length of the preset time period is set according to actual requirements by those skilled in the art, wherein the initial buried point information is the number of the initial buried point information in the corresponding initial buried point log.
Specifically, the ending time point of the preset time period is the current time point.
Further, the length of the preset time period is measured in days.
Specifically, the buried point information includes: a data embedding point time point, a data embedding point type, a key APP identifier, a key authority identifier, a data identifier and a target user identifier, wherein the key APP identifier is a target APP identifier participating in the data embedding point, the key authority identifier is a sub authority identifier of a participating data embedded point in the target APP, the data identifier is an identifier of data acquired by the data embedded point, wherein the first preset weight is an abnormal degree of the data corresponding to the characterization data identifier, and the second preset weight is an important degree of the data corresponding to the characterization data identifier.
Specifically, the range of the first preset weight is [0,1], which is known to those skilled in the art, and the specific value of the first preset weight is set by those skilled in the art according to the actual requirement, and will not be described herein.
Specifically, the value range of the second preset weight is [0,1], which is known to those skilled in the art, and the specific value of the second preset weight is set by those skilled in the art according to the actual requirement, and will not be described herein.
Further, the data embedding point types include: data query, data modification, data deletion.
S403, obtaining G je Medium key APP identification G 0 je
S405, when G 0 je And A is a i When the first identification similarity between the two is 1, G is determined as je As B j First buried point information in the corresponding ith first buried point information list to obtain B j Corresponding ith first buried point information list H ji ={H 1 ji ,H 2 ji ,……,H r ji ,……,H s ji },H r ji Is B j The corresponding r first buried point information in the i first buried point information list, r=1, 2, … …, s and s are the number of the first buried point information in the first buried point information list, and the first identifier similarity is the similarity between the key APP identifier and the target APP identifier, wherein the person skilled in the art knows that any method for obtaining the similarity between the two identifiers in the prior art belongs to the protection scope of the invention, and is not repeated herein.
S407 according to H r ji Obtaining H r ji Corresponding first intermediate priority L r ji
Specifically, S407 specifically includes the following steps:
s4071, acquiring a preset data embedded point type mapping table P= { P 1 ,P 2 ,……,P y ,……,P q },P y ={P y1 ,P y2 },P y1 For the preset data embedded point type in the y-th record in the preset data embedded point type mapping table, P y2 Is P y1 Corresponding preset intermediate weight values, y=1, 2,… …, p, p is the number of records in the preset data embedded point type mapping table, where those skilled in the art know that the preset data embedded point type and the preset intermediate weight value in the preset data embedded point type mapping table are preset by those skilled in the art, and are not described herein.
S4073, obtain H r ji Corresponding intermediate data buried point type H 0r ji The intermediate data embedded point type is the data embedded point type in the first embedded point information.
S4075 when H 0r ji And P y1 When the type similarity between the two is 1, P is calculated y2 As H r ji Corresponding key weight value MD r ji The type similarity is the similarity between the preset data embedded point type and the intermediate data embedded point type, wherein the data embedded point type can be understood as a label, and any method for acquiring the similarity between two labels in the prior art belongs to the protection scope of the present invention and is not described herein.
S4077 when H 0r ji For data inquiry, according to MD r ji Obtaining L r ji Wherein L is r ji Meets the following conditions:
L r ji =MD r ji ×H 1r ji /T r ji ,H 1r ji is H r ji A first preset weight value T r ji For the current time point and H r ji Time differences between the time points of the data burial points are measured in days.
According to the method, the key weight value corresponding to the first buried point information is obtained through presetting the data buried point type mapping list and the data buried point type in the first buried point information, the first preset weight value in the key weight value and the first buried point information, the second weight value and the time difference between the current time point and the data buried point time point are processed, the first intermediate priority corresponding to the first buried point information can be accurately obtained, the first priority is obtained through the first intermediate priority, and the accuracy of obtaining the first priority between the target user identifier and the target APP identifier is improved.
S4079 when H 0r ji When not data inquiry, according to MD r ji Obtaining L r ji Wherein L is r ji Meets the following conditions:
L r ji =MD r ji ×H 2r ji /T r ji ,H 2r ji is H r ji Is a second preset weight value of (a).
S409 according to L r ji Acquisition of E ji Wherein E is ji Meets the following conditions:
E jis r=1 H r ji
the method comprises the steps of obtaining an initial buried point log list of a target user, processing initial buried point information in the initial buried point log list, obtaining corresponding first buried point information of the target user and first intermediate priority corresponding to the first buried point information, processing the first intermediate priority, accurately obtaining the first priority between a target user identifier and a target APP identifier, comparing the first priority with a designated access authority blocking value, and further blocking designated access authority of the target user to the target APP; the method can accurately and timely block the access right of the target user to the target APP, has small time error, and is further beneficial to improving the accuracy of blocking the access right of the target user to the target APP.
S500, when E ji ≥C i Blocking B when j Corresponding target user pair A i Corresponding appointed access rights; it can be understood that: let B j The corresponding target user cannot use A i A corresponding target APP.
S600, according to B, acquiring a second priority list F= { F corresponding to B 1 ,F 2 ,……,F j ,……,F n },F j ={F j1 ,F j2 ,……,F ji ,……,F jm },F ji ={F 1 ji ,F 2 ji ,……,F x ji ,……,F p ji },F x ji Is B j And D ix A second priority between sub-rights identifications in (a).
Specifically, S600 includes the steps of:
s601, obtaining G je Medium key authority identification G 1 je
S603, when G 0 je And D ix The second identity similarity between the target APP identities in the list is 1 and G 1 je And D ix When the similarity of the third identifier among the sub-rights identifiers in the list is 1, G is selected je As B j The corresponding ith second buried point information in the ith second buried point information list is used for obtaining the (g) second buried point information in the (x) th second buried point information list to obtain (B) j An x-th second buried point information list W in the corresponding i-th second buried point information set x ji ={W x1 ji ,W x2 ji ,……,W xg ji ,……,W xh ji },W xg ji Is B j The g=1, 2, … …, h, h are the number of second buried point information in the second buried point information list, the second identification similarity is the identification similarity between the key APP identification and the target APP identification in the key access right information, and the third identification similarity is the identification similarity between the key right identification and the sub-right identification in the key access right information, where those skilled in the art know that the method for obtaining the second identification similarity and the third identification similarity is the same as the method for obtaining the first identification similarity, and are not described herein.
S605 according to W xg ji Obtaining W xg ji Corresponding second intermediate priority U xg ji Wherein, a person skilled in the art knows the manner of acquiring the second intermediate priority corresponding to the second buried point information according to the second buried point informationThe same manner as the first intermediate priority corresponding to the first buried point information is obtained according to the first buried point information in S4071-S4075, and will not be described herein.
S607 according to U xg ji Obtaining F x ji Wherein F x ji Meets the following conditions:
F x jih g=1 U xg ji
above-mentioned, the initial buried point information in the initial buried point log list is handled, obtain the corresponding second buried point information of target user and the second intermediate priority that the second buried point information corresponds, handle the second intermediate priority, can be accurate obtain the second priority between target user identification and the sub-authority identification, compare second priority and sub-authority blocking value, thereby block target user's access authority to the sub-authority in the target APP, can accurate and timely block target user's access authority to the target APP, the time error that exists is less, and then be favorable to improving the accuracy of blocking target user's access authority to the target APP.
S700, when F x ji ≥D 0 ix Blocking B when j Corresponding target user pair D ix The access rights of the sub rights corresponding to the sub rights identification in the system, D 0 ix For D ix A sub-authority blocking value in (a); it can be understood that: let B j The corresponding target user cannot execute the operation corresponding to the sub-right in the target APP corresponding to the target APP identifier, for example, cannot execute the operation of querying data, cannot execute the operation of deleting data, and cannot execute the operation of modifying data.
The invention provides a data processing system for blocking APP access rights of a user, which comprises: the target APP management platform, the target APP identification list, the processor and the memory storing the computer program, when the computer program is executed by the processor, the following steps are realized: acquiring a target user identification list; acquiring a specified access right blocking value list corresponding to a target APP identification list; acquiring a key access right information list corresponding to a target APP identification list; acquiring a first priority list corresponding to a target user identification list according to the target user identification list; comparing the first priority with the designated access right blocking value so as to block the designated access right of the target user to the target APP; acquiring a second priority list corresponding to the target user identifier according to the target user identifier list; and comparing the second priority with the sub-right blocking value so as to block the access right of the target user to the sub-right in the target APP. According to the method and the system, the first priority and the second priority corresponding to the target user can be obtained through the system, the first priority and the second priority are judged, the access right of the target user to the target APP can be accurately and timely blocked, the existing time error is small, and further the accuracy of blocking the access right of the target user to the target APP is improved.
While certain specific embodiments of the invention have been described in detail by way of example, it will be appreciated by those skilled in the art that the above examples are for illustration only and are not intended to limit the scope of the invention. Those skilled in the art will also appreciate that many modifications may be made to the embodiments without departing from the scope and spirit of the invention. The scope of the invention is defined by the appended claims.

Claims (4)

1. A data processing system for blocking a user's APP access rights, the system comprising: target APP management platform and target APP identification list A= { A corresponding to target management platform 1 ,A 2 ,……,A i ,……,A m A processor and a memory storing a computer program, wherein A i For the i-th target APP identity, i=1, 2, … …, m, m is the number of target APP identities, when the computer program is executed by the processor, the following steps are implemented:
s100, acquiring a target user identification list B= { B 1 ,B 2 ,……,B j ,……,B n },B j For the jth target user, j=1, 2, … …, n, n is the number of target user identifications;
s200, acquiring a specified access right blocking value list C= { C corresponding to A 1 ,C 2 ,……,C i ,……,C m },C i Is A i The corresponding appointed access authority blocking value is a value for determining to block the appointed access authority corresponding to the target APP identifier, and the appointed access authority is the access authority of the target APP corresponding to the target APP identifier;
s300, acquiring a key access right information list D= { D corresponding to A 1 ,D 2 ,……,D i ,……,D m },D i ={D i1 ,……,D i2 ,……,D ix ,……,D ip },D ix Is A i Corresponding x-th key access right information, wherein x=1, 2, … …, p and p are A i The corresponding key access right information is access right information of sub rights of the target APP corresponding to the target APP identification, and the sub rights are rights for operating data in the target APP;
s400, according to B, acquiring a first priority list E= { E corresponding to B 1 ,E 2 ,……,E j ,……,E n },E j ={E j1 ,E j2 ,……,E ji ,……,E jm },E ji Is B j And A is a i A first priority therebetween; s400 includes the steps of:
s401, according to B, acquiring an initial buried point log list G= { G corresponding to B 1 ,G 2 ,……,G j ,……,G n },G j ={G j1 ,G j2 ,……,G je ,……,G jf },G je Is B j The e-th initial buried point information in the corresponding initial buried point log, e=1, 2, … …, f, f is B j The method comprises the steps of determining the quantity of initial buried point information in a corresponding initial buried point log, wherein the initial buried point log is a log which records the initial buried point information and is stored by a system in a preset time period, and the initial buried point information is buried point information determined by performing data buried point operation on data in a target APP according to a target user; the buried point information includes: data burialThe method comprises the steps of a point time point, a data embedding point type, a key APP identifier, a key authority identifier, a data identifier and a target user identifier, wherein the first preset weight corresponds to the data identifier and the second preset weight corresponds to the data identifier; the data embedding point type comprises: data inquiry, data modification and data deletion;
s403, obtaining G je Medium key APP identification G 0 je
S405, when G 0 je And A is a i When the first identification similarity between the two is 1, G is determined as je As B j First buried point information in the corresponding ith first buried point information list to obtain B j Corresponding ith first buried point information list H ji ={H 1 ji ,H 2 ji ,……,H r ji ,……,H s ji },H r ji Is B j The corresponding r first buried point information in the i first buried point information list, r=1, 2, … …, s, s are the first buried point information quantity in the first buried point information list, and the first identification similarity is the similarity between the key APP identification and the target APP identification;
s407 according to H r ji Obtaining H r ji Corresponding first intermediate priority L r ji The method comprises the steps of carrying out a first treatment on the surface of the S407 specifically includes the following steps:
s4071, acquiring a preset data embedded point type mapping table P= { P 1 ,P 2 ,……,P y ,……,P q },P y ={P y1 ,P y2 },P y1 For the preset data embedded point type in the y-th record in the preset data embedded point type mapping table, P y2 Is P y1 Corresponding preset intermediate weight values, y=1, 2, … …, q, q being presetThe number of records in the data buried point type mapping table;
s4073, obtain H r ji Corresponding intermediate data buried point type H 0r ji The intermediate data embedded point type is the data embedded point type in the first embedded point information;
s4075 when H 0r ji And P y1 When the type similarity between the two is 1, P is calculated y2 As H r ji Corresponding key weight value MD r ji The type similarity is the similarity between the type of the preset data embedded point and the type of the intermediate data embedded point;
s4077 when H 0r ji For data inquiry, according to MD r ji Obtaining L r ji Wherein L is r ji Meets the following conditions:
L r ji =MD r ji ×H 1r ji /T r ji ,H 1r ji is H r ji A first preset weight value T r ji For the current time point and H r ji Time differences between the time points of the data embedding points, wherein the measurement units of the time differences are days;
s4079 when H 0r ji When not data inquiry, according to MD r ji Obtaining L r ji Wherein L is r ji Meets the following conditions:
L r ji =MD r ji ×H 2r ji /T r ji ,H 2r ji is H r ji A second preset weight value of (a);
s409 according to L r ji Acquisition of E ji Wherein E is ji Meets the following conditions:
E jis r=1 H r ji
s500, when E ji ≥C i Blocking B when j Corresponding target user pair A i Corresponding designated access rightsLimiting;
s600, according to B, acquiring a second priority list F= { F corresponding to B 1 ,F 2 ,……,F j ,……,F n },F j ={F j1 ,F j2 ,……,F ji ,……,F jm },F ji ={F 1 ji ,F 2 ji ,……,F x ji ,……,F p ji },F x ji Is B j And D ix A second priority between sub-rights identifications in (a); s600 includes the steps of:
s601, obtaining G je Medium key authority identification G 1 je
S603, when G 0 je And D ix The second identity similarity between the target APP identities in the list is 1 and G 1 je And D ix When the similarity of the third identifier among the sub-rights identifiers in the list is 1, G is selected je As B j The corresponding ith second buried point information in the ith second buried point information list is used for obtaining the (g) second buried point information in the (x) th second buried point information list to obtain (B) j An x-th second buried point information list W in the corresponding i-th second buried point information set x ji ={W x1 ji ,W x2 ji ,……,W xg ji ,……,W xh ji },W xg ji Is B j G=1, 2, … …, h, h are the number of second buried point information in the second buried point information list, the second identification similarity is the identification similarity between the key APP identification and the target APP identification in the key access permission information, and the third identification similarity is the identification similarity between the key permission identification and the sub-permission identification in the key access permission information;
s605 according to W xg ji Obtaining W xg ji Corresponding second intermediate priority U xg ji
S607 according to U xg ji ObtainingTaking F x ji Wherein F x ji Meets the following conditions:
F x jih g=1 U xg ji
s700, when F x ji ≥D 0 ix Blocking B when j Corresponding target user pair D ix The access rights of the sub rights corresponding to the sub rights identification in the system, D 0 ix For D ix The sub-authority blocking value is a value for determining the access authority of the sub-authority corresponding to the blocking sub-authority identification.
2. The data processing system for blocking a user's APP access rights of claim 1 wherein the access rights information comprises: the sub-rights identification corresponds to the target APP identification, and corresponds to the sub-rights blocking value.
3. The data processing system for blocking the APP access rights of a user as defined in claim 2 wherein S200 comprises the steps of:
s201, acquiring a historical time period, wherein the historical time period is the time period which is the last time period of the current time period, the current time period is the time period where the current time point is located, the time period length is 1, and the measurement unit of the time period length is month;
s203, obtain A i Corresponding first critical priority list Q i ={Q i1 ,Q i2 ,……,Q ik ,……,Q it },Q ik Is A i The corresponding kth first critical priority, k=1, 2, … …, t, t is a i The corresponding first key priority number is the target user identification and A in the history time period i A first priority therebetween;
s205 according to Q ik The order pairs Q from small to large i All Q of (3) ik Ordering to obtain A i Corresponding second Key priority List Q 0 i ={Q 0 i1 ,Q 0 i2 ,……,Q 0 ik ,……,Q 0 it },Q 0 ik Is A i A corresponding kth second critical priority;
s207 according to Q 0 i Acquiring Q 0 i Corresponding priority difference list Q 1 i ={Q 1 i1 ,Q 1 i2 ,……,Q 1 ik ,……,Q 1 i(t-1) }, wherein Q 1 ik Meets the following conditions:
Q 1 ik =Q 0 i(k+1) -Q 0 ik
s209, maximizing Q 1 ik Corresponding Q 0 i(k+1) As C i
4. A data processing system for blocking a user' S APP access rights as claimed in claim 3 wherein S300 comprises the steps of obtaining a sub-rights blocking value:
s301, obtain D ix A third key priority list corresponding to the sub-right identifiers in the history time period, wherein the third key priority list comprises a plurality of third key priorities, and the third key priorities are target user identifiers and D in the history time period ix A second priority between sub-rights identifications in (a);
s303, acquiring D according to the third key priority list ix The sub-right identifier of the corresponding sub-right blocking value.
CN202311041250.5A 2023-08-18 2023-08-18 Data processing system for blocking APP access rights of user Active CN116776358B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311041250.5A CN116776358B (en) 2023-08-18 2023-08-18 Data processing system for blocking APP access rights of user

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311041250.5A CN116776358B (en) 2023-08-18 2023-08-18 Data processing system for blocking APP access rights of user

Publications (2)

Publication Number Publication Date
CN116776358A CN116776358A (en) 2023-09-19
CN116776358B true CN116776358B (en) 2023-11-17

Family

ID=87993383

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311041250.5A Active CN116776358B (en) 2023-08-18 2023-08-18 Data processing system for blocking APP access rights of user

Country Status (1)

Country Link
CN (1) CN116776358B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000181776A (en) * 1998-12-15 2000-06-30 Casio Comput Co Ltd Access controller and its program recording medium
JP2014170324A (en) * 2013-03-01 2014-09-18 Nec Corp Access control system, access control method and program
CN104156660A (en) * 2014-08-28 2014-11-19 东南大学 Android permission fine-grained access control method based on operating environment state

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060294042A1 (en) * 2005-06-23 2006-12-28 Microsoft Corporation Disparate data store services catalogued for unified access

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000181776A (en) * 1998-12-15 2000-06-30 Casio Comput Co Ltd Access controller and its program recording medium
JP2014170324A (en) * 2013-03-01 2014-09-18 Nec Corp Access control system, access control method and program
CN104156660A (en) * 2014-08-28 2014-11-19 东南大学 Android permission fine-grained access control method based on operating environment state

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于身份动态持续认证的大数据平台访问信任技术研究;施麟;张骏;陈宁;;江苏科技信息(35);全文 *

Also Published As

Publication number Publication date
CN116776358A (en) 2023-09-19

Similar Documents

Publication Publication Date Title
CN108763420B (en) Data object classification method, device, terminal and computer-readable storage medium
US10248674B2 (en) Method and apparatus for data quality management and control
GB2615049A (en) Method and system for access control in versioned configuration of computing cluster
CN111755068B (en) Method and device for identifying tumor purity and absolute copy number based on sequencing data
CN115269612B (en) Cross-platform multi-dimensional data fusion system based on micro-service
CN110084476B (en) Case adjustment method, device, computer equipment and storage medium
CN116776358B (en) Data processing system for blocking APP access rights of user
CN117376228B (en) Network security testing tool determining method and device
CN113779568A (en) Abnormal behavior user identification method, device, equipment and storage medium
JPWO2019168599A5 (en)
CN103870562B (en) Regulation verifying method and system in intelligent building system
TWI709833B (en) Data processing method, data processing device, and computer-readable recording medium
CN111914101A (en) Abnormal identification method and device for file association relationship and computer equipment
CN109299613B (en) Database partition authority setting method and terminal equipment
CN114610581B (en) Data processing system for acquiring application software
CN113360729A (en) Big data based information security monitoring method and system and cloud platform
CN114595456A (en) Abnormal application software acquisition system based on active behavior of application software
CN114021200A (en) Data processing system for pkg fuzzification
CN113704266A (en) Asset information processing method and device, electronic equipment and storage medium
CN108073447A (en) Based on the asynchronous insurance task processing method and device under more applying
CN111475466A (en) Nuclear power work ticket query method and device, computer equipment and storage medium
CN106251044B (en) Buehler method for product shelf life evaluation under multi-batch success-failure test
CN111611397A (en) Information matching method and device, computer equipment and storage medium
CN115640369B (en) Piece information base data storage method applying star-shaped data model
CN116820384B (en) Data processing system for determining data processing sequence

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant