CN117972787A - Large model knowledge base access control method and system based on JWT - Google Patents
Large model knowledge base access control method and system based on JWT Download PDFInfo
- Publication number
- CN117972787A CN117972787A CN202410203711.2A CN202410203711A CN117972787A CN 117972787 A CN117972787 A CN 117972787A CN 202410203711 A CN202410203711 A CN 202410203711A CN 117972787 A CN117972787 A CN 117972787A
- Authority
- CN
- China
- Prior art keywords
- jwt
- knowledge base
- user
- large model
- model knowledge
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 230000008569 process Effects 0.000 claims abstract description 13
- 238000012795 verification Methods 0.000 claims description 25
- 230000004044 response Effects 0.000 claims description 10
- 238000004321 preservation Methods 0.000 claims description 4
- 238000013473 artificial intelligence Methods 0.000 description 11
- 230000006872 improvement Effects 0.000 description 9
- 238000013475 authorization Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000003058 natural language processing Methods 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000007792 addition Methods 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 235000014510 cooky Nutrition 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a large model knowledge base access control method and system based on JWT, relating to the technical field of computer security, comprising the following steps: the user sends a login request to the front-end application, and the front-end application sends login information to the back-end server; the back-end server and the MySQL database interactively verify login information, and a JWT is generated for transmitting user storage; the user initiates a large model knowledge base access request to the front-end application, wherein the access request carries the JWT; the back-end server verifies the JWT, and if the JWT is valid, the authority of the user is judged through a MySQL database; if the user has the authority of the requested knowledge base, the back-end server processes the access request, the large model knowledge base answers, the large model knowledge base returns an answer to the back-end server, the back-end server forwards the answer of the large model knowledge base to the front-end application, and the front-end application displays the answer to the user. The invention realizes that only authorized users can access the corresponding knowledge base and ask questions of the large model service.
Description
Technical Field
The invention relates to the technical field of computer security, in particular to a large model knowledge base access control method and system based on JWT.
Background
In the present digital age, artificial Intelligence (AI) has made tremendous progress in applications in various fields. A question-answering system is an important application in the field of Natural Language Processing (NLP) that aims to enable a computer to understand and answer natural language questions posed by a user. In recent years, AI question and answer systems have been widely used in the fields of search engines, virtual assistants, customer support, knowledge base management, and the like.
With the continued development and upscaling of AI models, large AI models deployed offline are becoming increasingly popular. These large models can provide more accurate and natural answers, but also require processing of sensitive information and confidential data, so security and authentication becomes critical. In the offline deployment of large AI models, ensuring that only authorized users can access the corresponding knowledge base and invoke the model for questioning is a challenging task.
Currently, there are some common techniques and methods in the authentication and access control of large models of AI deployed offline, but they are accompanied by some problems, especially in artificial intelligence applications. For example: (1) OAuth and OpenID Connect, working principle: OAuth and OpenID Connect are open standards for single sign-on and authorization. The user may use a third party identity provider for authentication. The problems are that: although OAuth and OpenID Connect provide some security, their implementation in an AI large model deployed offline becomes complex, requires adaptation, and is not specifically designed for this purpose. (2) based on the verification of the API key, the working principle: the user obtains an API key for accessing the protected resource. The problems are that: the management and distribution of API keys is not secure enough, is vulnerable to malicious attacks and key disclosure, and lacks flexibility and fine control in terms of user authentication. (3) non-JWT authentication, working principle: instead of JWTs, custom tokens or authentication schemes are used. The problems are that: non-JWT authentication methods lack standardization and widespread adoption and therefore have limited interoperability between different applications and services. Furthermore, non-JWT authentication is insufficient to provide advanced security features such as token expiration and authorization of claims.
There is also a common method for protecting a security-related interface, JSON Web Token (JWT), which is a compact, self-contained security Token used to verify the identity of a user. However, AI large models deployed offline often require management of the user's identity rights and isolation from plug-ins and knowledge bases present in the system, requiring deeper integration and customization to ensure security and performance.
Therefore, how to provide an identity verification and access control method that is more efficient, safer, and more suitable for large AI models is a problem to be solved.
Disclosure of Invention
Aiming at the problems, the invention provides a JWT-based large model knowledge base access control method and a JSON-based large model knowledge base access control system, which are used for creatively integrating JSON Web Token (JWT) into an AI large model deployed offline so as to realize better user identity verification and access control.
In order to achieve the above object, the present invention provides a large model knowledge base access control method based on JWT, including:
The user sends a login request to a front-end application, wherein the login request comprises credential information, and the front-end application sends the credential information to a back-end server;
The back-end server interactively verifies the credential information with a MySQL database, generates a JWT according to a verification result, and sends user preservation, including encrypted user identity information;
A user initiates a large model knowledge base access request to the front-end application, wherein the access request carries the JWT;
The back-end server receives and verifies the JWT, and if the JWT is effective, the MySQL database judges whether the user has the authority of the requested knowledge base or not;
if the user has the authority of the requested knowledge base, the back-end server processes the access request and requests the large model knowledge base to answer, the large model knowledge base returns an answer to the back-end server, the back-end server forwards the answer of the large model knowledge base to the front-end application, and the front-end application displays the answer to the user.
As a further improvement of the invention, if the user does not have the authority of the requested knowledge base, the back-end server returns an unauthorized response to the front-end application, and the front-end application displays unauthorized information to the user.
As a further improvement of the present invention, if the JWT is not valid, the backend server returns an authentication failure to the front-end application, and the front-end application displays a re-login prompt message to the user.
As a further improvement of the present invention, the JWT invalid cases include expired and tampered;
the front-end application presents a re-login prompt to the user to guide the user to acquire a new JWT.
As a further improvement of the present invention, the credential information includes a user name and a password.
As a further improvement of the invention, the user identity information comprises a user ID.
As a further improvement of the present invention, generating a JWT transmission user save according to the verification result includes:
the backend server sends the JWTs to the front-end application, which delivers the JWTs to the user and directs the user to store the JWTs in a secure location.
As a further improvement of the present invention, the backend server accepts and validates the JWT, and if the JWT is valid, determines, via the MySQL database, whether the user has the authority of the requested knowledge base; comprising the following steps:
the back-end server firstly analyzes the JWT and then verifies the effectiveness of the JWT;
if the JWT is effective, the back-end server interacts with a MySQL database to inquire about authority information of the user;
Based on the rights information, it is checked whether the user has access to the requested knowledge base.
As a further improvement of the present invention, the MySQL database manages and stores authority information of each user.
The invention also provides a large model knowledge base access control system based on the JWT, which comprises: the system comprises a user login module, a JWT generation module, a large model knowledge base request access module, a JWT and authority verification module and a large model knowledge base response module;
The user login module is used for:
The user sends a login request to a front-end application, wherein the login request comprises credential information, and the front-end application sends the credential information to a back-end server;
The JWT generation module is configured to:
The back-end server interactively verifies the credential information with a MySQL database, generates a JWT according to a verification result, and sends user preservation, including encrypted user identity information;
The large model knowledge base request access module is used for:
A user initiates a large model knowledge base access request to the front-end application, wherein the access request carries the JWT;
the JWT and the authority verification module are used for:
The back-end server receives and verifies the JWT, and if the JWT is effective, the MySQL database judges whether the user has the authority of the requested knowledge base or not;
the large model knowledge base response module is used for:
if the user has the authority of the requested knowledge base, the back-end server processes the access request and requests the large model knowledge base to answer, the large model knowledge base returns an answer to the back-end server, the back-end server forwards the answer of the large model knowledge base to the front-end application, and the front-end application displays the answer to the user.
Compared with the prior art, the invention has the beneficial effects that:
The invention realizes the accurate management of the access right of the large model knowledge base based on the combination of JSON Web Token (JWT) and MySQL database; specifically, by using JWT for authentication, it can be ensured that only authenticated users can access the large model knowledge base; meanwhile, the encryption characteristic of the JWT protects the user identity information from leakage and prevents unauthorized data access; by combining with the MySQL database, the access to the specific knowledge base can be controlled according to different roles and authorities of the user; meanwhile, the JWT is obtained during login, so that the identity verification and permission query process is fast and efficient during access request, the waiting time of a user is reduced, and the user experience is improved.
The invention has significant advantages in protecting user privacy and safety. The introduction of the JWT provides a safe and efficient verification mode for accessing the large model knowledge base, and enhances the defending capability of the large model knowledge base against emerging security threats.
Drawings
FIG. 1 is a schematic diagram of a JWT-based large model knowledge base access control process in accordance with an embodiment of the invention;
fig. 2 is a schematic diagram of a JWT-based large model knowledge base access control system according to an embodiment of the invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The invention is described in further detail below with reference to the attached drawing figures:
As shown in fig. 1, the method for controlling access to a large model knowledge base based on JWT provided by the invention comprises the following steps:
s1, a user sends a login request to a front-end application, wherein the login request comprises credential information, and the front-end application sends the credential information to a back-end server;
Wherein,
The credential information includes a user name and a password.
S2, the back-end server and the MySQL database interact to verify the credential information, and generate a JWT according to the verification result, and send the user to save, wherein the JWT comprises encrypted user identity information;
Wherein,
The user identity information includes a user ID;
The encrypted user identity information can ensure the security of the user identity information.
Further, the method comprises the steps of,
After successfully generating the JWT, the backend server sends the JWT to the front-end application, which delivers the JWT to the user and directs the user to store the JWT in a secure location, such as: HTTP Only Cookie or in the browser's local store. The process ensures the safety verification of the user identity and establishes a basis for the subsequent authority verification process.
S3, a user initiates a large model knowledge base access request to the front-end application, wherein the access request carries the JWT;
Wherein,
When users attempt to access a protected resource or large model knowledge base, they need to initiate a request through the front-end application; in this process, the user's request will carry the previously stored JWT as credentials for identity and rights.
S4, the back-end server receives and verifies the JWT, and if the JWT is effective, the MySQL database is used for judging whether the user has the authority of the requested knowledge base;
Wherein,
After the back-end server receives this request, it needs to confirm the validity of the user identity and whether it is authorized.
Firstly, analyzing the JWT, and then verifying the effectiveness of the JWT;
if the JWT is effective, the back-end server interacts with the MySQL database to inquire the authority information of the user;
based on the rights information, it is checked whether the user has access to the requested knowledge base.
Further, the method comprises the steps of,
If the JWT is invalid, the back-end server returns authentication failure to the front-end application, and the front-end application displays re-login prompt information to the user.
Still further, the method comprises the steps of,
Cases where JWT is invalid include expired and tampered;
the front-end application presents a re-login prompt to the user to guide the user to acquire a new JWT.
In particular, the method comprises the steps of,
This step is the core of the present invention, and involves the logic of authentication and rights management, ensuring that only users with corresponding rights can access a particular large model knowledge base or data.
And S5, if the user has the authority of the requested knowledge base, the back-end server processes the access request, requests the large model knowledge base to answer, the large model knowledge base returns an answer to the back-end server, the back-end server forwards the answer of the large model knowledge base to the front-end application, and the front-end application displays the answer to the user.
Wherein,
If the user does not have the authority of the requested knowledge base, the back-end server returns an error or no authority response to the front-end application, and after receiving such a response, the front-end application presents error or no authority information, such as "no authority access" or "authentication failure", to the user, and may require the user to log in again to obtain a new JWT.
This step ensures the security and proper access control of resources and data in the large model knowledge base, preventing unauthorized access.
In the invention, the MySQL database carries out fine-grained management and storage on the authority information of each user, and a system administrator can easily manage the user authority, including the addition, modification and deletion of the authority. It also means that the system can control access to a particular knowledge base in a large model according to the different roles and rights of the user. This rights management mechanism is highly flexible and configurable, being suitable for a variety of scenarios.
As shown in fig. 2, the present invention further provides a JWT-based large model knowledge base access control system, including: the system comprises a user login module, a JWT generation module, a large model knowledge base request access module, a JWT and authority verification module and a large model knowledge base response module;
A user login module for:
the user sends a login request to a front-end application, wherein the login request comprises credential information, and the front-end application sends the credential information to a back-end server;
a JWT generation module for:
the back-end server interacts with the MySQL database to verify the credential information, generates a JWT according to the verification result, and sends the user to save the user, including encrypted user identity information;
The large model knowledge base request access module is used for:
the user initiates a large model knowledge base access request to the front-end application, wherein the access request carries the JWT;
JWT and entitlement verification module for:
The back-end server receives and verifies the JWT, and if the JWT is effective, the user is judged whether to have the authority of the requested knowledge base through the MySQL database;
And the large model knowledge base response module is used for:
if the user has the authority of the requested knowledge base, the back-end server processes the access request, requests the large model knowledge base to answer, the large model knowledge base returns an answer to the back-end server, the back-end server forwards the answer of the large model knowledge base to the front-end application, and the front-end application displays the answer to the user.
The technical scheme of the invention allows flexible deployment under different application scenes and environments, and simultaneously, due to the modularized design, the system functions can be easily expanded as required, including adding a new knowledge base, updating a verification mechanism and the like.
The invention has the advantages that:
The invention realizes the accurate management of the access right of the large model knowledge base based on the combination of JSON Web Token (JWT) and MySQL database; specifically, by using JWT for authentication, it can be ensured that only authenticated users can access the large model knowledge base; meanwhile, the encryption characteristic of the JWT protects the user identity information from leakage and prevents unauthorized data access; by combining with the MySQL database, the access to the specific knowledge base can be controlled according to different roles and authorities of the user; meanwhile, the JWT is obtained during login, so that the identity verification and permission query process is fast and efficient during access request, the waiting time of a user is reduced, and the user experience is improved.
The invention realizes the safe access and management of the large model knowledge base, and has obvious advantages in the aspects of protecting the privacy and safety of users. The introduction of the JWT provides a safe and efficient verification mode for accessing the large model knowledge base, and enhances the defending capability of the large model knowledge base against emerging security threats.
The method uses the JWT as a medium for user authentication and permission transfer, and has remarkable advantages in the aspects of protecting the privacy and the safety of users. The introduction of JWT provides a safe and efficient way of verification for accessing large model knowledge bases. And the MySQL database is utilized to realize fine-grained control of the user authority, including the access authority to the specific knowledge base. This approach makes rights management more flexible and configurable. The authority of the user is directly related to the access authority of the specific knowledge base, so that only the authorized user can access the corresponding large model knowledge base. In short, the use of JWT and MySQL databases for authentication and authorization control is a practice that meets modern security standards, which not only improves the overall security of the system, but also increases the defenses of the system against emerging security threats.
The above is only a preferred embodiment of the present invention, and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A JWT-based large model knowledge base access control method, comprising:
The user sends a login request to a front-end application, wherein the login request comprises credential information, and the front-end application sends the credential information to a back-end server;
The back-end server interactively verifies the credential information with a MySQL database, generates a JWT according to a verification result, and sends user preservation, including encrypted user identity information;
A user initiates a large model knowledge base access request to the front-end application, wherein the access request carries the JWT;
The back-end server receives and verifies the JWT, and if the JWT is effective, the MySQL database judges whether the user has the authority of the requested knowledge base or not;
if the user has the authority of the requested knowledge base, the back-end server processes the access request and requests the large model knowledge base to answer, the large model knowledge base returns an answer to the back-end server, the back-end server forwards the answer of the large model knowledge base to the front-end application, and the front-end application displays the answer to the user.
2. The JWT-based large model knowledge base access control method of claim 1, wherein: and if the user does not have the authority of the requested knowledge base, the back-end server returns an unauthorized response to the front-end application, and the front-end application displays unauthorized information to the user.
3. The JWT-based large model knowledge base access control method of claim 1, wherein: if the JWT is invalid, the back-end server returns authentication failure to the front-end application, and the front-end application displays re-login prompt information to a user.
4. The JWT-based large model knowledge base access control method of claim 3, wherein: the JWT invalid cases include expired and tampered;
the front-end application presents a re-login prompt to the user to guide the user to acquire a new JWT.
5. The JWT-based large model knowledge base access control method of claim 1, wherein: the credential information includes a user name and a password.
6. The JWT-based large model knowledge base access control method of claim 1, wherein: the user identity information includes a user ID.
7. The JWT-based large model knowledge base access control method of claim 1, wherein: generating a JWT sending user according to the verification result for storage, including:
the backend server sends the JWTs to the front-end application, which delivers the JWTs to the user and directs the user to store the JWTs in a secure location.
8. The JWT-based large model knowledge base access control method of claim 1, wherein: the back-end server receives and verifies the JWT, and if the JWT is effective, the MySQL database judges whether the user has the authority of the requested knowledge base or not; comprising the following steps:
the back-end server firstly analyzes the JWT and then verifies the effectiveness of the JWT;
if the JWT is effective, the back-end server interacts with a MySQL database to inquire about authority information of the user;
Based on the rights information, it is checked whether the user has access to the requested knowledge base.
9. The JWT-based large model knowledge base access control method of claim 1, wherein: and the MySQL database manages and stores the authority information of each user.
10. A JWT-based large model knowledge base access control system implementing the JWT-based large model knowledge base access control method of any of claims 1-9, comprising: the system comprises a user login module, a JWT generation module, a large model knowledge base request access module, a JWT and authority verification module and a large model knowledge base response module;
The user login module is used for:
The user sends a login request to a front-end application, wherein the login request comprises credential information, and the front-end application sends the credential information to a back-end server;
The JWT generation module is configured to:
The back-end server interactively verifies the credential information with a MySQL database, generates a JWT according to a verification result, and sends user preservation, including encrypted user identity information;
The large model knowledge base request access module is used for:
A user initiates a large model knowledge base access request to the front-end application, wherein the access request carries the JWT;
the JWT and the authority verification module are used for:
The back-end server receives and verifies the JWT, and if the JWT is effective, the MySQL database judges whether the user has the authority of the requested knowledge base or not;
the large model knowledge base response module is used for:
if the user has the authority of the requested knowledge base, the back-end server processes the access request and requests the large model knowledge base to answer, the large model knowledge base returns an answer to the back-end server, the back-end server forwards the answer of the large model knowledge base to the front-end application, and the front-end application displays the answer to the user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410203711.2A CN117972787A (en) | 2024-02-23 | 2024-02-23 | Large model knowledge base access control method and system based on JWT |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410203711.2A CN117972787A (en) | 2024-02-23 | 2024-02-23 | Large model knowledge base access control method and system based on JWT |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117972787A true CN117972787A (en) | 2024-05-03 |
Family
ID=90864654
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410203711.2A Pending CN117972787A (en) | 2024-02-23 | 2024-02-23 | Large model knowledge base access control method and system based on JWT |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117972787A (en) |
-
2024
- 2024-02-23 CN CN202410203711.2A patent/CN117972787A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102217277B (en) | Method and system for token-based authentication | |
| US8341707B2 (en) | Near real-time multi-party task authorization access control | |
| CN106537403B (en) | System for accessing data from multiple devices | |
| EP1427160B1 (en) | Methods and systems for authentication of a user for sub-locations of a network location | |
| US20080148046A1 (en) | Real-Time Checking of Online Digital Certificates | |
| JPH0652110A (en) | Single-time log-on means for distributed computer system and method therefor | |
| CN111954211B (en) | Novel authentication key negotiation system of mobile terminal | |
| US20210234850A1 (en) | System and method for accessing encrypted data remotely | |
| CN1973518A (en) | Authentication of untrusted gateway without disclosure of private information | |
| DK2414983T3 (en) | Secure computer system | |
| KR102402705B1 (en) | Method and server for verifying multifactor security of mobile remote control based on zero trust model in separated netwrok environment | |
| CN115333840B (en) | Resource access method, system, equipment and storage medium | |
| KR102058283B1 (en) | Secure Interoperability Framework between diverse IoT Service Platforms and Apparatus | |
| CN117972787A (en) | Large model knowledge base access control method and system based on JWT | |
| CN111682941B (en) | Centralized identity management, distributed authentication and authorization method based on cryptography | |
| Jayasri et al. | Verification of oauth 2.0 using uppaal | |
| CN114024682A (en) | Cross-domain single sign-on method, service equipment and authentication equipment | |
| CN115544468A (en) | User privacy authorization method, device and storage medium | |
| KR20220122224A (en) | Integrated user authentication method based on decentralized identity in user device and server | |
| KR20050070381A (en) | Authentication system based on one-time password | |
| CN111538973A (en) | Personal authorization access control system based on state cryptographic algorithm | |
| KR101924610B1 (en) | Method and system for safety 2 channel authentication based on personal user equipment | |
| KR102542840B1 (en) | Method and system for providing finance authentication service based on open api | |
| RU2778216C1 (en) | Computerized user authentication and data protection method (options), user authentication and data protection system (options) and machine-readable media | |
| CN109284615B (en) | Mobile equipment digital resource safety management method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication |