CN117852078A - Authority authentication method, electronic equipment, storage medium and device - Google Patents
Authority authentication method, electronic equipment, storage medium and device Download PDFInfo
- Publication number
- CN117852078A CN117852078A CN202311855522.5A CN202311855522A CN117852078A CN 117852078 A CN117852078 A CN 117852078A CN 202311855522 A CN202311855522 A CN 202311855522A CN 117852078 A CN117852078 A CN 117852078A
- Authority
- CN
- China
- Prior art keywords
- user
- function
- authority data
- verification
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 238000012795 verification Methods 0.000 claims abstract description 110
- 230000006870 function Effects 0.000 claims description 129
- 238000012545 processing Methods 0.000 claims description 5
- 230000004044 response Effects 0.000 claims description 2
- 230000008569 process Effects 0.000 abstract description 11
- 230000005540 biological transmission Effects 0.000 abstract description 4
- 238000013500 data storage Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Abstract
The invention discloses a permission authentication method, electronic equipment, storage medium and device. The method comprises the following steps: responding to a user function opening request sent by a client, storing corresponding function authority data into a database and uploading the data to a blockchain for storage; after a user logs in a client, responding to a function authority verification request sent by the client, sending corresponding function authority data to the client, and verifying the function authority of the user once by the client according to the function authority data; when a user logs in a client for the first time, responding to the current authority data of the user sent by the client, and carrying out secondary verification on the current authority data of the user based on a database; and after the secondary verification is passed, performing three times of verification based on the block chain. By three times of verification of the three-party authority data, the invention effectively avoids interception and tampering of the authority data in the data transmission and storage processes, and ensures the accuracy and safety of the user authority information.
Description
Technical Field
The invention belongs to the technical field of internet, and in particular relates to a permission authentication method, electronic equipment, storage medium and device.
Background
In the information age of today, web software systems have penetrated into various fields. Particularly in the environment of a cloud platform, the running and management of the software system are more efficient and flexible. However, as the complexity of software systems and the diversity of user rights increase, rights verification and rights management become more and more important. When a user logs in, the user rights are acquired from a server through HTTP, the rights data are analyzed by a client, the rights are verified, and if the rights are verified, the rights are verified only once by opening the corresponding functional modules. The accuracy of the user authority in the whole software using process cannot be ensured by single verification, and the authority information can be maliciously tampered in the information transmission or database storage process, so that the software is used in an unauthorized manner.
Therefore, how to ensure the accuracy and the security of the user authority in the software system is a problem to be solved in the current technical field.
The information disclosed in the background section of the invention is only for enhancement of understanding of the general background of the invention and should not be taken as an acknowledgement or any form of suggestion that this information forms the prior art already known to a person skilled in the art.
Disclosure of Invention
The invention aims to provide a permission authentication method, electronic equipment, storage medium and device, which realize multiple verification of user permission, ensure the accuracy and the safety of user permission information and avoid interception and tampering of the user permission information in the process of transferring or data storage.
In order to achieve the above object, the present invention provides a rights authentication method, an electronic device, a storage medium, and an apparatus.
According to a first aspect of the present invention, there is provided a rights authentication method, including:
responding to a user function opening request sent by a client, storing corresponding function authority data into a database and uploading the data to a blockchain for storage;
after a user logs in the client, responding to a function authority verification request sent by the client, sending corresponding function authority data to the client, and verifying the function authority of the user once by the client according to the function authority data;
when the user logs in the function module for the first time, responding to the current authority data of the user sent by the client, and carrying out secondary verification on the current authority data of the user based on the database;
and after the secondary verification is passed, performing three times of verification based on the block chain.
Optionally, after uploading the function authority data to the blockchain, returning the function authority data to the client, and analyzing the function authority data by the client and displaying a corresponding function module to the user according to the analyzed function authority data.
Optionally, the one-time verification includes:
and the client performs authority verification on the opened function of the user according to the function authority data, and displays a corresponding function module to the user after the verification is passed.
Optionally, the secondary verification includes:
the first authority data of the user is called from the database based on the ID of the user, the first authority data is compared with the current authority data, and if the first authority data and the current authority data are consistent, the second verification is passed; if the two are inconsistent, the secondary verification fails, and verification failure information is returned to the client.
Optionally, the three-time verification includes:
the second authority data of the user is called from the blockchain based on the ID of the user, the second authority data is compared with the first authority data, and if the second authority data and the first authority data are consistent, the third verification is passed; if the three verification failures are inconsistent, generating a verification failure record and notifying a technician of processing.
According to a second aspect of the present invention, there is provided a rights authentication method including:
responding to an opening function request of a user, sending the opening function request to a server, and storing corresponding function authority data into a database and uploading the data to a blockchain for storage by the server in response to the opening function request;
responding to the login operation of the user, sending a function authority verification request to the server, receiving the function authority data sent by the server, and verifying the function authority of the user once according to the function authority data;
responding to a first use function module request of the user login, sending current authority data of the user to the server, and performing secondary verification on the current authority data of the user by the server based on the database;
after the secondary verification is passed, the server performs three verifications based on the blockchain.
Optionally, after uploading the function authority data to the blockchain, the server receives and analyzes the function authority data returned by the server, and displays a corresponding function module to the user according to the analyzed function authority data.
According to a third aspect of the present invention, there is provided a rights authentication apparatus comprising:
the client is used for responding to an opening function request of a user and sending the opening function request to the server; responding to the login operation of the user, sending a function authority verification request to the server, receiving the function authority data sent by the server, and verifying the function authority of the user once according to the function authority data;
the server is used for responding to a user function opening request sent by the client, storing corresponding function authority data into a database and uploading the corresponding function authority data to the blockchain for storage; after a user logs in the client, responding to a function authority verification request sent by the client, and sending corresponding function authority data to the client; when the user logs in the function module for the first time, responding to the current authority data of the user sent by the client, and carrying out secondary verification on the current authority data of the user based on the database; after the secondary verification is passed, performing tertiary verification based on the block chain;
the database is used for storing the function authority data;
and the block chain is used for storing the functional permission data.
According to a fourth aspect of the present invention, there is provided an electronic device comprising:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the rights authentication method of any one of the first aspects.
According to a fifth aspect of the present invention, a non-transitory computer-readable storage medium is presented, characterized in that the non-transitory computer-readable storage medium stores computer instructions for causing a computer to perform the rights authentication method according to any one of the first aspects.
The invention has the beneficial effects that: according to the invention, the authority data is stored in the blockchain, and the accuracy and the safety of the user authority information are ensured by utilizing the characteristics of decentralization, distribution and non-falsification of the blockchain technology; after a user logs in a client, the client analyzes and performs one-time authority verification by acquiring authority data from a server, and opens a corresponding authority function after the verification is passed; when a user logs in a client side for the first time, the client side transmits current authority data of the user to a server, and the server performs secondary verification based on a database, so that interception and tampering when the front end acquires the data can be effectively avoided; after the secondary verification is passed, the server acquires the user right data from the blockchain to perform the tertiary verification, and the user right data acquired from the blockchain does not pass through the browser, so that the user right data cannot be intercepted, and the problem of interception in the data transmission and storage process is completely avoided. Three times of verification of the three-party authority data effectively avoid interception and tampering of the authority data in the data transmission and storage processes, and ensure accuracy and safety of user authority information.
The system of the present invention has other features and advantages which will be apparent from or are set forth in detail in the accompanying drawings and the following detailed description, which are incorporated herein, and which together serve to explain certain principles of the invention.
Drawings
The foregoing and other objects, features and advantages of the invention will be apparent from the following more particular descriptions of exemplary embodiments of the invention as illustrated in the accompanying drawings wherein like reference numbers generally represent like parts throughout the exemplary embodiments of the invention.
Fig. 1 shows a flow chart of the steps of a rights authentication method according to the invention.
Fig. 2 shows a flowchart of the steps of a rights authentication method according to embodiment 1 of the present invention.
Fig. 3 shows a schematic diagram of a rights authentication apparatus according to embodiment 2 of the present invention.
Detailed Description
The invention will be described in more detail below with reference to the accompanying drawings. While the preferred embodiments of the present invention are illustrated in the drawings, it should be understood that the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
As shown in fig. 1, a rights authentication method according to the present invention includes:
responding to a user function opening request sent by a client, storing corresponding function authority data into a database and uploading the data to a blockchain for storage;
after a user logs in a client, responding to a function authority verification request sent by the client, sending corresponding function authority data to the client, and verifying the function authority of the user once by the client according to the function authority data;
when a user logs in a client for the first time, responding to the current authority data of the user sent by the client, and carrying out secondary verification on the current authority data of the user based on a database;
and after the secondary verification is passed, performing three times of verification based on the block chain.
Specifically, the server responds to a user function opening request sent by the client, stores corresponding function authority data into a database and uploads the corresponding function authority data to a blockchain for storage, and ensures the accuracy and the safety of user authority information by utilizing the characteristics of decentralization, distribution and non-falsification of a blockchain technology; after a user logs in a client, a server responds to a function authority verification request sent by the client, sends corresponding function authority data to the client, the client verifies the function authority of the user logged in at this time according to the function authority data for once to verify whether the user is related to the function authority, namely, the client verifies the authority of the function opened by the user logged in at this time according to the function authority data, the corresponding function module is displayed for the user to use after verification, when the user uses a certain function module for the first time in the login process, the server responds to the current authority data of the user sent by the client, performs secondary verification on the current authority data of the user based on a database, prevents the authority data from being intercepted and tampered when the client requests the authority data, namely, the server invokes the authority data of the user from the database based on the ID of the user, compares the authority data with the current authority data, and passes the secondary verification if the authority data are consistent with the authority data; if the two are inconsistent, the secondary verification fails, verification failure information is returned to the client, and the client displays the verification failure information to the user; after the secondary verification is passed, the server performs three times of verification based on the blockchain to prevent the database from being intercepted and tampered due to leakage, namely, the server invokes the authority data of the user from the blockchain based on the ID of the user, compares the authority data with the authority data of the user in the database, and if the authority data are consistent, the three times of verification are passed; if the two are inconsistent, three times of verification fail, a verification failure record is generated and the technician is informed to process, and the technician checks the database operation loophole, replaces the password and the like.
In one example, after uploading the functional rights data to the blockchain, the functional rights data is returned to the client, and the client parses the functional rights data and presents the corresponding functional modules to the user according to the parsed functional rights data.
In one example, one verification includes:
and the client performs authority verification on the function opened by the user according to the function authority data, and displays the corresponding function module to the user after the verification is passed.
In one example, the secondary verification includes:
the first authority data of the user is called from the database based on the ID of the user, the first authority data is compared with the current authority data, and if the first authority data and the current authority data are consistent, the second verification is passed; if the two are inconsistent, the secondary verification fails, and verification failure information is returned to the client.
In one example, the three verifications include:
retrieving second authority data of the user from the blockchain based on the ID of the user, comparing the second authority data with the first authority data, and if the second authority data and the first authority data are consistent, passing three times of verification; if the two are inconsistent, three times of verification fail, a verification failure record is generated and a technician is notified to process.
The invention is further described below with reference to the drawings and specific examples, which are not intended to be limiting. It should be noted that, without conflict, the embodiments of the present invention and features of the embodiments may be combined with each other.
Example 1
As shown in fig. 2, the present embodiment provides a rights verification method, including:
step 1: and the user logs in through the front end of the Web software, and if the function authority is not opened, the user applies to the rear end of the Web software to open the function authority of a certain module.
Step 2: the method comprises the steps that the rear end of Web software responds to an opening module function authority request sent by the front end of the Web software, authority data are written into a database, then the authority data are uplink through a blockchain, and finally the data are returned to the front end of the Web software.
Step 3: the front end of the Web software receives and analyzes the authority data sent by the rear end of the Web software, and displays the corresponding functional modules to the user according to the analyzed authority data.
Step 4: after the user logs in through the front end of the Web software, if a certain function authority is opened, the front end of the Web software requests to acquire the function authority data from the rear end of the Web software for one-time verification.
Step 5: the Web software back end responds to the request of the Web software front end for acquiring the function authority data, and returns the function authority data to the Web software front end.
Step 6: the front end of the Web software receives and analyzes the authority data returned by the rear end of the Web software, verifies the user function authority according to the analyzed authority data, and displays the corresponding function module after verification.
Step 7: when the user uses the function module for the first time in the login process, the front end of the Web software sends the current function authority data of the user to the rear end of the Web software, the rear end of the Web software responds to the front end function authority verification request to carry out secondary verification, firstly, the authority data of the user is obtained from a database according to a user id, then the authority data is compared with the current function authority of the user, and if the authority data are consistent with the current function authority of the user, the verification is passed, and step 8 is carried out; if the two are inconsistent, the authentication failure informs the front end of the Web software, and the front end of the Web software informs the user of unauthorized operation and exits the functional module. The reasons for the failure of the secondary verification include that the authority data may be intercepted and tampered in the process of requesting the authority data at the front end of the Web software, and the problem can be solved by replacing a secret key or an encryption algorithm for checking by technicians.
Step 8: the Web software back end acquires the authority data of the user from the blockchain through the user ID to perform three times of verification, compares the authority data of the user in the blockchain with the authority data of the user in the database, and if the authority data of the user and the authority data of the user are consistent, the verification is successful; if the two are inconsistent, the verification fails; if the verification fails, the relevant data is recorded, the technician is notified, and step 9 is performed.
Step 9: technicians check database operation holes, change passwords, and the like.
Example 2
As shown in fig. 3, the present embodiment provides a rights authentication apparatus, including:
web software front end: the method is generally called a client, provides software service for the client through a browser, acquires related data from a Web software back end through an HTTP request, and a Web software front end is used for responding to an opening function request of a user and sending the opening function request to a server; responding to the login operation of the user, sending a function authority verification request to a server, receiving function authority data sent by the server, and verifying the function authority of the user once according to the function authority data;
web software backend: the system is generally called a server and is used for responding to a user function opening request sent by a client, storing corresponding function authority data into a database and uploading the data to a blockchain for storage; after a user logs in a client, responding to a function authority verification request sent by the client, and sending corresponding function authority data to the client; when a user logs in a client for the first time, responding to the current authority data of the user sent by the client, and carrying out secondary verification on the current authority data of the user based on a database; after the secondary verification is passed, performing tertiary verification based on the block chain;
web software database: the system is used for providing data storage service and storing functional authority data;
web software blockchain: for providing a data storage service, storing functional rights data.
Example 3
The present embodiment provides an electronic device including:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the rights authentication method of embodiment 1.
An electronic device according to an embodiment of the present disclosure includes a memory for storing non-transitory computer-readable instructions and a processor. In particular, the memory may include one or more computer program products, which may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. The volatile memory may include, for example, random Access Memory (RAM) and/or cache memory (cache), and the like. The non-volatile memory may include, for example, read Only Memory (ROM), hard disk, flash memory, and the like.
The processor may be a Central Processing Unit (CPU) or other form of processing unit having data processing and/or instruction execution capabilities, and may control other components in the electronic device to perform the desired functions. In one embodiment of the present disclosure, the processor is configured to execute the computer readable instructions stored in the memory.
It should be understood by those skilled in the art that, in order to solve the technical problem of how to obtain a good user experience effect, the present embodiment may also include well-known structures such as a communication bus, an interface, and the like, and these well-known structures are also included in the protection scope of the present disclosure.
The detailed description of the present embodiment may refer to the corresponding description in the foregoing embodiments, and will not be repeated herein.
Example 4
The present embodiment provides a non-transitory computer-readable storage medium storing computer instructions for causing a computer to execute the authority authentication method in embodiment 1.
A computer-readable storage medium according to an embodiment of the present disclosure has stored thereon non-transitory computer-readable instructions. When executed by a processor, perform all or part of the steps of the methods of embodiments of the present disclosure described above.
The computer-readable storage medium described above includes, but is not limited to: optical storage media (e.g., CD-ROM and DVD), magneto-optical storage media (e.g., MO), magnetic storage media (e.g., magnetic tape or removable hard disk), media with built-in rewritable non-volatile memory (e.g., memory card), and media with built-in ROM (e.g., ROM cartridge).
The foregoing description of embodiments of the invention has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the various embodiments described.
Claims (10)
1. A rights verification method, comprising:
responding to a user function opening request sent by a client, storing corresponding function authority data into a database and uploading the data to a blockchain for storage;
after a user logs in the client, responding to a function authority verification request sent by the client, sending corresponding function authority data to the client, and verifying the function authority of the user once by the client according to the function authority data;
when the user logs in the function module for the first time, responding to the current authority data of the user sent by the client, and carrying out secondary verification on the current authority data of the user based on the database;
and after the secondary verification is passed, performing three times of verification based on the block chain.
2. The authority verification method according to claim 1, wherein after uploading the function authority data to the blockchain, the function authority data is returned to the client, and the client parses the function authority data and displays a corresponding function module to the user according to the parsed function authority data.
3. The rights verification method of claim 1, wherein the one-time verification includes:
and the client performs authority verification on the opened function of the user according to the function authority data, and displays a corresponding function module to the user after the verification is passed.
4. The rights verification method of claim 1, wherein the secondary verification comprises:
the first authority data of the user is called from the database based on the ID of the user, the first authority data is compared with the current authority data, and if the first authority data and the current authority data are consistent, the second verification is passed; if the two are inconsistent, the secondary verification fails, and verification failure information is returned to the client.
5. The rights verification method of claim 1, wherein the three verifications include:
the second authority data of the user is called from the blockchain based on the ID of the user, the second authority data is compared with the first authority data, and if the second authority data and the first authority data are consistent, the third verification is passed; if the three verification failures are inconsistent, generating a verification failure record and notifying a technician of processing.
6. A rights authentication method, comprising:
responding to an opening function request of a user, sending the opening function request to a server, and storing corresponding function authority data into a database and uploading the data to a blockchain for storage by the server in response to the opening function request;
responding to the login operation of the user, sending a function authority verification request to the server, receiving the function authority data sent by the server, and verifying the function authority of the user once according to the function authority data;
responding to a first use function module request of the user login, sending current authority data of the user to the server, and performing secondary verification on the current authority data of the user by the server based on the database;
after the secondary verification is passed, the server performs three verifications based on the blockchain.
7. The authority authentication method according to claim 1, wherein after the server uploads the function authority data to the blockchain, the function authority data returned by the server is received and analyzed, and a corresponding function module is displayed to the user according to the analyzed function authority data.
8. An electronic device, the electronic device comprising:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the rights authentication method of any one of claims 1-7.
9. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the rights authentication method of any one of claims 1-7.
10. A rights authentication device, characterized by comprising:
the client is used for responding to an opening function request of a user and sending the opening function request to the server; responding to the login operation of the user, sending a function authority verification request to the server, receiving the function authority data sent by the server, and verifying the function authority of the user once according to the function authority data;
the server is used for responding to a user function opening request sent by the client, storing corresponding function authority data into a database and uploading the corresponding function authority data to the blockchain for storage; after a user logs in the client, responding to a function authority verification request sent by the client, and sending corresponding function authority data to the client; when the user logs in the function module for the first time, responding to the current authority data of the user sent by the client, and carrying out secondary verification on the current authority data of the user based on the database; after the secondary verification is passed, performing tertiary verification based on the block chain;
the database is used for storing the function authority data;
and the block chain is used for storing the functional permission data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311855522.5A CN117852078A (en) | 2023-12-29 | 2023-12-29 | Authority authentication method, electronic equipment, storage medium and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311855522.5A CN117852078A (en) | 2023-12-29 | 2023-12-29 | Authority authentication method, electronic equipment, storage medium and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117852078A true CN117852078A (en) | 2024-04-09 |
Family
ID=90547682
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311855522.5A Pending CN117852078A (en) | 2023-12-29 | 2023-12-29 | Authority authentication method, electronic equipment, storage medium and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117852078A (en) |
-
2023
- 2023-12-29 CN CN202311855522.5A patent/CN117852078A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10587604B2 (en) | Device verification method and apparatus | |
| Stuttard et al. | The web application hacker's handbook: Finding and exploiting security flaws | |
| CN107077410B (en) | Analyzing client application behavior to detect anomalies and prevent access | |
| EP2795460B1 (en) | Application security framework | |
| CN108604262B (en) | Protecting web pages, web applications, and applications | |
| CN106790183A (en) | Logging on authentication method of calibration, device | |
| US11444936B2 (en) | Managing security credentials | |
| CN111143822A (en) | Application system access method and device | |
| CN111241555A (en) | Access method and device for simulating user login, computer equipment and storage medium | |
| US10880302B2 (en) | Systems and methods for biometric authentication of certificate signing request processing | |
| CN110166471A (en) | A kind of portal authentication method and device | |
| CN110301127A (en) | Device and method for predictive token authentication | |
| CN106557682B (en) | The authority checking method and device of softdog | |
| CN111030816A (en) | Authentication method and device for access platform of evidence obtaining equipment and storage medium | |
| CN117852078A (en) | Authority authentication method, electronic equipment, storage medium and device | |
| CN104009963B (en) | The security authentication mechanism of remote password | |
| CN113992353B (en) | Login certificate processing method and device, electronic equipment and storage medium | |
| US20230109731A1 (en) | User management system for computing support | |
| CN106130996A (en) | A kind of website attack protection checking system and method | |
| CN107948126A (en) | A kind of report inspection method and equipment | |
| CN112579998A (en) | Webpage access method, management system and electronic equipment in information interaction platform | |
| CN112929391B (en) | Method for realizing cross-platform identity authentication based on single sign-on | |
| KR20190049177A (en) | Web browser based FIDO authentication method and apparatus | |
| CN110071903A (en) | The processing method and processing device that single-sign-on repeatedly authenticates | |
| Rivera-Dourado | DebAuthn: a Relying Party Implementation as a WebAuthn Authenticator Debugging Tool |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |