WO2021114925A1 - Access control method and access control apparatus - Google Patents

Access control method and access control apparatus Download PDF

Info

Publication number
WO2021114925A1
WO2021114925A1 PCT/CN2020/124392 CN2020124392W WO2021114925A1 WO 2021114925 A1 WO2021114925 A1 WO 2021114925A1 CN 2020124392 W CN2020124392 W CN 2020124392W WO 2021114925 A1 WO2021114925 A1 WO 2021114925A1
Authority
WO
WIPO (PCT)
Prior art keywords
merchant
access
merchant device
identity verification
user
Prior art date
Application number
PCT/CN2020/124392
Other languages
French (fr)
Chinese (zh)
Inventor
邓圆
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2021114925A1 publication Critical patent/WO2021114925A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Definitions

  • This specification relates to the field of computer technology, in particular to an access control method and an access control device.
  • the merchant's data access calling behavior is mainly controlled based on the merchant's account and key.
  • the embodiments of the present specification provide an access control method and an access control device, aiming to solve the problem of high leakage risk of existing access methods to member private data.
  • an embodiment of this specification provides an access control method, the method includes: if an access request from a merchant device is received, acquiring device identity information of the merchant device, and the access request carries the merchant device Corresponding user account authentication information; based on the target public key certificate corresponding to the merchant device and the device identity information, perform device identity verification on the merchant device; when the device identity verification is passed, authenticate based on the user account The information performs user identity verification on the user corresponding to the merchant device; after the user identity verification is passed, verify whether the merchant device is a trusted execution environment; determine the access control strategy of the merchant device, and based on the access control strategy Access the private data of the target member corresponding to the access request.
  • an embodiment of this specification provides an access control device, the device includes: an acquisition module, configured to obtain the device identity information of the merchant device if an access request of the merchant device is received, in the access request Carrying user account authentication information corresponding to the merchant device; a first verification module, configured to perform device identity verification on the merchant device based on the target public key certificate corresponding to the merchant device and the device identity information; second The verification module is used to verify the user identity of the user corresponding to the merchant device based on the user account authentication information after the device identity verification is passed; the third verification module is used to verify the user identity after the user identity verification is passed Whether the merchant equipment is a trusted execution environment; the control module is used to determine the access control policy of the merchant equipment, and access the private data of the target member corresponding to the access request based on the access control policy.
  • an embodiment of this specification provides an electronic device, including: a processor; and a memory arranged to store computer-executable instructions, which when executed, cause the processor to perform the following operations: Upon receiving the access request of the merchant device, the device identity information of the merchant device is obtained, and the access request carries the user account authentication information corresponding to the merchant device; based on the target public key certificate corresponding to the merchant device and all The device identity information is to perform device identity verification on the merchant device; when the device identity verification is passed, the user identity verification is performed on the user corresponding to the merchant device based on the user account authentication information; when the user identity verification is passed, Verify whether the merchant device is a trusted execution environment; determine an access control policy of the merchant device, and access the private data of the target member corresponding to the access request based on the access control policy.
  • embodiments of this specification provide a computer-readable storage medium that stores one or more programs, and when the one or more programs are executed by an electronic device that includes multiple application programs , The electronic device is caused to perform the following operations: if an access request of the merchant device is received, the device identity information of the merchant device is obtained, and the access request carries the user account authentication information corresponding to the merchant device; The target public key certificate corresponding to the merchant device and the device identity information are used to perform device identity verification on the merchant device; when the device identity verification is passed, the user corresponding to the merchant device is performed based on the user account authentication information User identity verification; after the user identity verification is passed, verify whether the merchant device is a trusted execution environment;
  • the above-mentioned at least one technical solution adopted in the embodiment of this specification achieves the following technical effects:
  • the embodiment of this specification provides a zero-trust-based access control solution to the private data of each member stored in the privacy data system, specifically in the receiving When requesting an access to a merchant device, the device identity corresponding to the merchant device and the user identity of the merchant or user corresponding to the merchant device need to be verified layer by layer to improve the security of access to private data.
  • the device identity of the merchant device it is necessary to first verify the device identity of the merchant device based on the device identity information of the merchant device and its corresponding and unique target public key certificate to determine whether the merchant device is a merchant device pre-associated with the privacy data system; After the first device identity verification is passed, the corresponding merchant's user identity verification is performed based on the user account authentication information corresponding to the merchant device. After the user identity verification is passed, the device identity of the merchant device needs to be verified a second time to determine the Whether the merchant equipment is a trusted execution environment for the private data of the target member of the system.
  • the access control policy of the merchant device After performing the corresponding layer-by-layer identity verification on the merchant device, it is necessary to further determine the access control policy of the merchant device to the private data of the target member corresponding to the access request based on the specific situation of the current visit. In this way, it is not only necessary to perform zero-trust-based identity verification on merchant devices for data access, but also to further match specific access control policies to strengthen the control of merchant devices’ access to private data and avoid malicious or improper data access.
  • the operation caused the leakage of private data of members, reduces the risk of leakage of private data, and improves the security of data access.
  • FIG. 1 is a schematic flowchart of an access control method provided by an embodiment of this specification
  • FIG. 2 is a schematic diagram of the composition of an access control system provided by an embodiment of this specification.
  • FIG. 3 is a schematic structural diagram of an access control device provided by an embodiment of this specification.
  • FIG. 4 is a schematic structural diagram of an electronic device provided by an embodiment of this specification.
  • the embodiments of this specification provide a zero-trust-based data access control solution to achieve Strengthen the purpose of controlling access to merchants to avoid the leakage of members' private data due to malicious or improper operations of visiting merchants.
  • an embodiment of this specification provides an access control method, and the method may specifically include step 101 to step 109.
  • Step 101 If an access request from a merchant device is received, the device identity information of the merchant device is obtained, and the access request carries user account authentication information corresponding to the merchant device.
  • the aforementioned merchant's access request may specifically include, but is not limited to, a file access request, a database access request, and an Application Programming Interface (API) access request.
  • API Application Programming Interface
  • the corresponding private data can be accessed correspondingly.
  • the device identity information of the above-mentioned merchant device may specifically include, but is not limited to, the network media access control (MAC) address, Internet Protocol (IP) address, domain name, and host/host (Host) of the merchant device. )Wait.
  • MAC network media access control
  • IP Internet Protocol
  • Host host/host
  • Step 103 Perform device identity verification on the merchant device based on the target public key certificate and device identity information corresponding to the merchant device.
  • the above-mentioned target public key certificate can be calculated and generated based on a certain encryption algorithm on the device identity information of the merchant's device, and used to uniquely identify the identity of the merchant's device.
  • the above-mentioned device identity information of the merchant's device can be updated and maintained on the system side.
  • the device identity information of each merchant device is dynamically updated based on the merchant device's registration information, real-time online and offline information, etc., and the corresponding public key certificate is updated based on the latest device identity information.
  • the target public key certificate may have a certain validity period. Specifically, it may be updated every period of time, or it may be updated when the device identity information of the merchant device changes, so as to ensure that the target public key certificate can be unique based on the target public key certificate. , Accurately identify the merchant’s equipment.
  • this step 103 may be specifically executed as the following content: generate a verification certificate of the merchant device based on the device identity information; if the verification certificate is the same as the target public key certificate, it is determined that the device identity verification is passed.
  • the merchant device's attribute information that is, device identity information
  • the same encryption algorithm used to generate the target public key certificate is further used to obtain the corresponding verification certificate to be verified.
  • the currently generated verification certificate to be verified is the same as the target public key certificate of the merchant device carried in the access request, it can be considered that the first identity verification of the merchant device has passed. If it is confirmed that the currently generated verification certificate to be verified is different from the target public key certificate of the merchant device carried in the access request, it is considered that the first identity verification of the merchant device has failed.
  • Step 105 After the device identity verification is passed, perform user identity verification on the user corresponding to the merchant device based on the user account authentication information.
  • this step 105 can be specifically executed as follows: determine whether the user account authentication information contains the target token value; if the user account authentication information contains the target token value and the target token value is valid, then determine the user The identity verification is passed; if the user account authentication information contains the target token value and the target token value is invalid, or if the user account authentication information does not contain the target token value, it will be based on the account and the account contained in the user account authentication information.
  • the key performs user identity verification on the user corresponding to the merchant's device.
  • the corresponding account and key can be entered for verification during one login, and the corresponding target token token value can be generated after verification. Further, if the target token value is carried in subsequent access requests, then It can be directly confirmed that the user's identity verification has passed, and if it is not carried, the user's account and key need to be entered for user identity verification.
  • the target token value has a one-to-one correspondence with the user's account and key corresponding to the merchant device, and is unique. Further, the target token value may also have a certain effective time limit, and the token value is updated regularly to avoid the leakage of the user's account and secret information, which may lead to the leakage of private data in the system.
  • the number of users corresponding to the above-mentioned merchant equipment may be one or more, and there is a binding or association relationship between the merchant equipment and the corresponding users.
  • Step 107 After the user identity verification is passed, verify whether the merchant's equipment is a trusted execution environment.
  • Step 109 Determine the access control policy of the merchant equipment, and access the private data of the target member corresponding to the access request based on the access control policy.
  • the embodiments of this specification provide a zero-trust-based access control solution to the private data of each member stored in the privacy data system. Specifically, when an access request from a merchant device is received, the device identity corresponding to the merchant device and The user identity of the merchant corresponding to the merchant device, that is, the user, is verified layer by layer to improve the security of access to private data. Specifically, it is necessary to first verify the device identity of the merchant device based on the device identity information of the merchant device and its corresponding and unique target public key certificate to determine whether the merchant device is a merchant device pre-associated with the privacy data system; After the first device identity verification is passed, the corresponding merchant's user identity verification is performed based on the user account authentication information corresponding to the merchant device.
  • the device identity of the merchant device needs to be verified a second time to determine the Whether the merchant equipment is a trusted execution environment for the private data of the target member of the system.
  • the access control policy of the merchant device After performing the corresponding layer-by-layer identity verification on the merchant device, it is necessary to further determine the access control policy of the merchant device to the private data of the target member corresponding to the access request based on the specific situation of the current visit. In this way, it is not only necessary to perform zero-trust-based identity verification on merchant devices for data access, but also to further match specific access control policies to strengthen the control of merchant devices’ access to private data and avoid malicious or improper data access.
  • the operation caused the leakage of private data of members, reduces the risk of leakage of private data, and improves the security of data access.
  • the verification information is based on the user account authentication information. If the user corresponding to the merchant device fails the user identity verification, the merchant device's access request can be directly rejected.
  • the historical devices that have visited the system can also be managed in the form of a historical access device list. Furthermore, when the above step 107 is performed, after the user's identity verification is passed, the historical access device list can be obtained first to verify whether the currently visited merchant device matches the historical access device list, and then the merchant device is determined based on the matching result. The specific method for the second verification of the equipment identity.
  • the above-mentioned access request may also carry the device digital certificate of the merchant device and the digital signature of the target device associated with the device digital certificate.
  • the merchant’s equipment identity can be verified a second time based on the aforementioned equipment digital certificate and the digital signature of the target equipment associated with the equipment digital certificate, that is, the merchant equipment is verified. Whether it is a trusted execution environment.
  • the foregoing step 107 may be specifically executed as the following content: obtaining a list of historically accessed devices; if the merchant's device is not in the list of historically accessed devices, verifying whether the merchant's device is a trusted execution environment based on the device digital certificate and the digital signature of the target device.
  • the step of verifying whether the merchant’s equipment is a trusted execution environment based on the equipment digital certificate and the digital signature of the target equipment can be specifically executed as follows: Obtain the historical equipment digital signature corresponding to the pre-stored equipment digital certificate; If the signature is the same as the digital signature of the target device, it is determined that the merchant device is a trusted execution environment; if the historical device digital certificate is different from the digital signature of the target device, it is determined that the merchant device is an untrusted execution environment.
  • the digital signature corresponding to the digital certificate of the merchant's device is stored and maintained in the privacy data system. If the digital certificate reported by the merchant device during access does not match the digital certificate pre-stored in the system, it means that the merchant device is an untrusted execution environment, and if it matches, it is a trusted execution environment.
  • the access control method of the embodiment of the present specification may further include the following content: adding the merchant's equipment to the historical access equipment list.
  • the historical access device list is updated to record the merchant device's access status in the list.
  • the merchant's device is a trusted execution environment, for example, if it is a trusted execution environment, it is recorded in the effective device list, if it is an untrusted execution environment, then it is recorded in the effective device list.
  • the black equipment can specifically be equipment that fails the equipment authentication due to the leakage of the merchant’s account and secret information; further, it is also possible to set a clearing strategy for the merchant equipment maintained in the historical access equipment list , Such as: regularly clear a batch of devices with the earlier loading time or clear all, or decide whether to remove them from the list in time according to the frequency of visits to the merchant’s devices, so as to improve the use value of the historical access device list. Set a certain validity period for merchants’ devices as valid devices or black devices stored in the historical device access list to avoid misjudgment during identity verification due to the failure to update the status of the device in time, causing privacy data leakage or affecting access to privacy data user experience.
  • the merchant device in the case where the merchant device is included in the aforementioned historical access device list, it can be efficiently and accurately determined whether it is a trusted execution environment based on whether it has a label of a trusted execution environment.
  • the above step 107 can be specifically executed as the following content: obtain a list of historical access equipment; if the merchant device is in the list of historical access equipment, obtain the historical behavior identifier corresponding to the merchant device, and verify whether the merchant device is available based on the historical behavior identifier. Trust the execution environment.
  • the above step of verifying whether the merchant's equipment is a trusted execution environment based on the historical behavior identification can be specifically executed as follows: if the historical behavior identification indicates that the merchant's equipment is a historically trusted device, it is determined that the merchant's equipment is a trusted execution environment; If the historical behavior identifier indicates that the merchant device is a historical black device, it is determined that the merchant device is an untrusted execution environment.
  • the merchant equipment in the historical equipment access list has the label of whether it is a trusted execution environment, that is, the historical behavior identifier indicates that it is a historically trusted equipment, it means that when the merchant equipment belongs to the ranks of valid equipment, it is directly determined to be available.
  • Trusted execution environment and if the merchant’s device in the historical device access list has a label of whether it is a trusted execution environment, that is, the historical behavior identifier indicates that it is a historical black device, it means that when the merchant’s device is classified as a black device, it is directly determined to be Untrusted execution environment.
  • the above step 109 may specifically include the following content: based on the access request, obtaining the attribute information of the target member and the access authority information of the user corresponding to the merchant device; and according to the identity verification result At least one of attribute information and access authority information determines the access control strategy.
  • the aforementioned identity verification result may specifically include a device identity verification result for verifying whether the merchant's device is a trusted execution environment.
  • the above step 109 can also be specifically expressed as: determining the access control policy of the merchant equipment based on the identity verification result or the device identity verification result of whether the merchant equipment is a trusted execution environment, and accessing the corresponding access request based on the access control policy The private data of the target member.
  • the above step of determining the access control strategy of the merchant device based on the identity verification result or the device identity verification result of whether the merchant device is a trusted execution environment can be specifically executed as follows: obtaining the attribute information of the target member based on the access request And the access authority information of the user corresponding to the merchant device; determine the access control policy based on at least one of the identity verification result of whether the merchant device is a trusted execution environment or the device identity verification result, attribute information, and access permission information.
  • determining the access control policy according to at least one of the identity verification result, the attribute information, and the access authority information may specifically include: determining the access control policy of the merchant device only based on the identity verification result.
  • the merchant device can be directly rejected Access request.
  • the merchant device is verified as a trusted execution environment, that is, the result of the secondary device identity verification on the merchant device is passed, and the target corresponding to the access request of the merchant device can be called
  • the member’s private data is provided to the merchant’s device for the user to view, etc.
  • the merchant’s device After verifying that the merchant’s device is a trusted execution environment, in addition to directly calling the target member’s private data corresponding to the merchant’s device’s access request and feeding it back to the merchant’s device’s access control method, it is also necessary to further combine the above-mentioned target member’s private data At least one of the attribute information and the access authority information of the user corresponding to the merchant device determines the access control policy.
  • the merchant’s equipment can be restricted from accessing the target member’s private data. access. If the obtained access authority information corresponding to the merchant device is temporarily restricted from accessing the member's private data after all the layers of identity verification of the merchant device are passed, the merchant device's access request can be directly rejected.
  • the above attribute information includes member registration information, member time limit information, membership level, and member sensitivity level; the above access authority information includes whether there is permission to access private data, such as whether access to member private data is temporarily restricted.
  • the specific composition of the system for controlling access to private data will be described in detail below in conjunction with FIG. 2. Specifically, it includes: a merchant request receiving module 201, a unified identity management module 203, an authentication and authorization module 205, an authentication and authorization auxiliary module 207, and a member merchant service module 209.
  • the merchant request receiving module 201 is mainly responsible for receiving merchant access requests, such as API access requests, database access requests, file access requests, and so on. Among them, the merchant equipment digital certificate and the merchant equipment digital signature need to be passed in in the merchant access request.
  • the unified identity management module 203 includes two sub-modules, a unified identity management module and a unique identity recognition module.
  • the unified identity management module is responsible for using the unique public key certificate to identify the merchant's device identity, and dynamically update the merchant's access device library based on the merchant's device registration, online and offline information, to ensure that the public key certificate can uniquely and accurately identify the merchant's device .
  • the merchant equipment information it is responsible for collecting includes, but is not limited to: the network MAC address, IP address, domain name, host, etc. of the merchant equipment.
  • the unique identification module is responsible for verifying the identity information of the merchants’ incoming devices based on the merchant’s device information collected by the unified identity management module, using the same calculation method corresponding to the unique public key certificate, that is, using the same calculation method to collect the unified identity management module
  • the information of the merchant device that initiated the access request is calculated to obtain the corresponding certificate, and the calculated certificate is matched with the public key certificate of the merchant device managed by the unified identity management module to complete the device identity verification work.
  • the authentication and authorization module 205 includes three sub-modules of single sign-on, access proxy, and access control engine.
  • the authentication and authorization module 205 is mainly responsible for authenticating and authorizing merchant access, and authorizing access requests that comply with the authentication.
  • the single sign-on sub-module is used to ensure that the merchant does not need to log in repeatedly during multiple visits, but only needs to log in with an account and a key when logging in for the first time.
  • the token value obtained when logging in for the first time is required. Further, the token value has uniqueness and a certain life cycle.
  • the access agent sub-module is responsible for performing secondary verification on the identity of the merchant's device according to the merchant's device digital certificate and the merchant's device digital signature to determine whether the merchant's device is a trusted execution environment.
  • the access control engine sub-module is used to perform access control on the access request of the merchant equipment based on the information in the authentication and authorization auxiliary module 207 according to the verification result of the access agent sub-module.
  • the specific control strategy comes from the merchant access strategy in the authentication and authorization auxiliary module 207.
  • the authentication and authorization auxiliary module 207 mainly provides necessary auxiliary information for the authentication and authorization module 205, and includes four sub-modules: merchant access equipment list service, member attributes, merchant/merchant group database, and merchant access strategy.
  • the merchant access equipment list service sub-module mainly records the historical access equipment list of the merchant, and can be further divided into information such as the effective equipment list and the merchant's black equipment list.
  • the merchant device identity verification is performed in the visit agent submodule, the merchant device needs to be matched with the merchant's historical access device list to determine whether the merchant device is the historical access device of the system, and if so, it can be further determined to which the merchant device belongs
  • the specific list that is, the list of valid equipment or the list of black merchant equipment.
  • For historically visited devices perform historical behavior identification, such as historically trusted devices, historically black devices, historical access conditions, etc.; for devices that have no historically accessed devices, they are identified as new access devices.
  • Merchant/merchant group database sub-module used to record the binding or association relationship between the merchant and the merchant device or the merchant group and the merchant device, and continuously update the latest relationship between the merchant/merchant group and the merchant device according to the merchant application/update status .
  • the corresponding merchant/merchant group needs to be backfilled into the request.
  • the member attribute sub-module is used to record the attribute information of the member, such as the member level, the sensitivity level of the member, the effective attribute of the member, and the time of member registration.
  • the member attribute sub-module When receiving the merchant device access request, the member attribute sub-module will be called to obtain the member attribute information corresponding to the merchant device's current access request.
  • the merchant access strategy sub-module is used to specify the corresponding access control strategy based on the merchant device identity authentication result, the merchant access device list, the merchant/business group access authority, and the member attribute information. For example, when the access agent sub-module fails to verify the identity of the merchant's equipment, that is, when the merchant's equipment is in an untrusted execution environment, the access request is rejected.
  • a secondary verification of the merchant device identity is required, that is, the device identity verification is performed based on the merchant device digital certificate and the merchant device digital signature.
  • the access request is rejected.
  • the access to the private data information of the member is restricted.
  • the member merchant service module 209 only outputs the requested member privacy data information in accordance with the merchant access control policy for the access request passed through the access control engine sub-module.
  • multi-level and multi-combination access control policies are formulated based on the comprehensive authentication of the identity and device status, that is, when there is a system access request, the user and device identity and device
  • the operation status information is authenticated to realize multi-level identity authentication.
  • identity-centered zero-trust dynamic access control realize the comprehensive identity of merchant equipment and corresponding users, etc., and based on this comprehensive identity, it is the physical identity of the people, equipment, applications, systems, etc. of the zero-trust network.
  • the entity establishes a unified digital identity and governance process, builds a dynamic access control system, extends the security boundary to the identity entity, realizes the advancement of the security architecture, and improves the security of data access.
  • the device may specifically include: an obtaining module 301, configured to obtain the device identity information of the merchant device if the access request of the merchant device is received, and the access request It carries the user account authentication information corresponding to the merchant device; the first verification module 303 is used to verify the device identity of the merchant device based on the target public key certificate and device identity information corresponding to the merchant device; the second verification module 305 is used to After the device identity verification is passed, user identity verification is performed on the user corresponding to the merchant device based on the user account authentication information; the third verification module 307 is used to verify whether the merchant device is a trusted execution environment after the user identity verification is passed; The module 309 is used to determine the access control policy of the merchant equipment, and access the private data of the target member corresponding to the access request based on the access control policy.
  • an obtaining module 301 configured to obtain the device identity information of the merchant device if the access request of the merchant device is received, and the access request It carries the user account authentication information corresponding to the merchant device
  • the access request also carries the device digital certificate of the merchant device and the digital signature of the target device associated with the device digital certificate; wherein, the third verification module 307 may specifically Used to: obtain a list of historically visited devices; if the merchant's device is not in the list of historically visited devices, verify whether the merchant's device is a trusted execution environment based on the device digital certificate and the digital signature of the target device.
  • the third verification module 307 may be specifically used to: obtain the digital signature of the historical device corresponding to the pre-stored digital certificate of the device; if the digital signature of the historical device corresponds to the target device If the digital signatures are the same, the merchant's equipment is determined to be a trusted execution environment; if the historical device digital certificate is different from the target device's digital signature, the merchant's equipment is determined to be an untrusted execution environment.
  • the access control device of the embodiment of the present specification may further include: an update module for adding merchant equipment to the historical access equipment list.
  • the third verification module 307 may be specifically used to: obtain a list of historically accessed equipment; if the merchant's equipment is in the historically accessed equipment list, obtain the history corresponding to the merchant's equipment Behavior identification, and verify whether the merchant’s device is a trusted execution environment based on the historical behavior identification.
  • the third verification module 307 may be specifically used to: if the historical behavior identifier indicates that the merchant device is a historically trusted device, determine that the merchant device is a trusted execution environment ; If the historical behavior identifier indicates that the merchant's device is a historically black device, the merchant's device is determined to be an untrusted execution environment.
  • control module 309 can be specifically used to: obtain the attribute information of the target member and the access authority information of the user corresponding to the merchant device based on the access request; and according to the identity verification result At least one of attribute information and access authority information determines the access control strategy.
  • the above attribute information includes member registration information, member time limit information, membership level, and member sensitivity level; the above access authority information includes whether there is authority to access private data.
  • the above-mentioned first verification module 303 may be specifically used to: generate a verification certificate of the merchant device based on the device identity information; if the verification certificate is the same as the target public key certificate, It is determined that the device identity verification is passed.
  • the second verification module 305 may be specifically used to determine whether the user account authentication information includes the target token value; if the user account authentication information includes the target token value; If the token value and the target token value are valid, the user identity verification is determined to be passed; if the user account authentication information contains the target token value and the target token value is invalid, or if the user account authentication information does not contain the target token value , The user identity verification is performed on the user corresponding to the merchant device based on the account and key contained in the user account authentication information.
  • the access control device provided in the embodiment of this specification can implement the access control method provided in the foregoing embodiment, and the relevant explanations about the access control method are applicable to the access control device, and will not be repeated here.
  • the embodiments of this specification provide a zero-trust-based access control solution to the private data of each member stored in the privacy data system. Specifically, when an access request from a merchant device is received, the device identity corresponding to the merchant device and The user identity of the merchant corresponding to the merchant device, that is, the user, is verified layer by layer to improve the security of access to private data. Specifically, it is necessary to first verify the device identity of the merchant device based on the device identity information of the merchant device and its corresponding and unique target public key certificate to determine whether the merchant device is a merchant device pre-associated with the privacy data system; After the first device identity verification is passed, the corresponding merchant's user identity verification is performed based on the user account authentication information corresponding to the merchant device.
  • the device identity of the merchant device needs to be verified a second time to determine the Whether the merchant equipment is a trusted execution environment for the private data of the target member of the system.
  • the access control policy of the merchant device After performing the corresponding layer-by-layer identity verification on the merchant device, it is necessary to further determine the access control policy of the merchant device to the private data of the target member corresponding to the access request based on the specific situation of the current visit. In this way, it is not only necessary to perform zero-trust-based identity verification on merchant devices for data access, but also to further match specific access control policies to strengthen the control of merchant devices’ access to private data and avoid malicious or improper data access.
  • the operation caused the leakage of private data of members, reduces the risk of leakage of private data, and improves the security of data access.
  • Fig. 4 is a schematic diagram of the structure of an electronic device according to an embodiment of the specification.
  • the electronic device includes a processor, and optionally an internal bus, a network interface, and a memory.
  • the memory may include memory, such as high-speed random access memory (Random-Access Memory, RAM), or may also include non-volatile memory (non-volatile memory), such as at least one disk storage.
  • RAM random access memory
  • non-volatile memory such as at least one disk storage.
  • the electronic device may also include hardware required by other services.
  • the processor, network interface, and memory can be connected to each other through an internal bus, which can be an industry standard architecture (ISA) bus, a peripheral component interconnect standard (Peripheral Component Interconnect, PCI) bus, or an extended industry standard Structure (Extended Industry Standard Architecture, EISA) bus, etc.
  • ISA industry standard architecture
  • PCI peripheral component interconnect standard
  • EISA Extended Industry Standard Architecture
  • the bus can be divided into address bus, data bus, control bus and so on. For ease of presentation, only one bidirectional arrow is used to indicate in FIG. 4, but it does not mean that there is only one bus or one type of bus.
  • the program may include program code, and the program code includes computer operation instructions.
  • the memory may include memory and non-volatile memory, and provide instructions and data to the processor.
  • the processor reads the corresponding computer program from the non-volatile memory to the memory and then runs, forming an access control device on the logical level.
  • the processor executes the program stored in the memory, and is specifically configured to perform the following operations: if an access request of the merchant device is received, the device identity information of the merchant device is obtained, and the access request carries user account authentication information corresponding to the merchant device; Based on the target public key certificate and device identity information corresponding to the merchant device, the device identity verification is performed on the merchant device; when the device identity verification is passed, the user corresponding to the merchant device is verified based on the user account authentication information; when the user identity verification After passing, verify whether the merchant device is a trusted execution environment; determine the access control policy of the merchant device, and access the private data of the target member corresponding to the access request based on the access control policy.
  • the embodiments of this specification provide a zero-trust-based access control solution to the private data of each member stored in the privacy data system. Specifically, when an access request from a merchant device is received, the device identity corresponding to the merchant device and The user identity of the merchant corresponding to the merchant device, that is, the user, is verified layer by layer to improve the security of access to private data. Specifically, it is necessary to first verify the device identity of the merchant device based on the device identity information of the merchant device and its corresponding and unique target public key certificate to determine whether the merchant device is a merchant device pre-associated with the privacy data system; After the first device identity verification is passed, the corresponding merchant's user identity verification is performed based on the user account authentication information corresponding to the merchant device.
  • the device identity of the merchant device needs to be verified a second time to determine the Whether the merchant equipment is a trusted execution environment for the private data of the target member of the system.
  • the access control policy of the merchant device After performing the corresponding layer-by-layer identity verification on the merchant device, it is necessary to further determine the access control policy of the merchant device to the private data of the target member corresponding to the access request based on the specific situation of the current visit. In this way, it is not only necessary to perform zero-trust-based identity verification on merchant devices for data access, but also to further match specific access control policies to strengthen the control of merchant devices’ access to private data and avoid malicious or improper data access.
  • the operation caused the leakage of private data of members, reduces the risk of leakage of private data, and improves the security of data access.
  • the foregoing method executed by the access control apparatus disclosed in the embodiment shown in FIG. 1 of this specification may be applied to or implemented by the processor.
  • the processor may be an integrated circuit chip with signal processing capabilities.
  • each step of the above method can be completed by an integrated logic circuit of hardware in the processor or instructions in the form of software.
  • the above-mentioned processor may be a general-purpose processor, including a central processing unit (CPU), a network processor (Network Processor, NP), etc.; it may also be a digital signal processor (DSP), a dedicated integrated Circuit (Application Specific Integrated Circuit, ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components.
  • CPU central processing unit
  • NP Network Processor
  • DSP digital signal processor
  • ASIC Application Specific Integrated Circuit
  • FPGA Field-Programmable Gate Array
  • the methods, steps, and logical block diagrams disclosed in the embodiments of this specification can be implemented or executed.
  • the general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like.
  • the steps of the method disclosed in the embodiments of this specification can be directly embodied as being executed and completed by a hardware decoding processor, or executed and completed by a combination of hardware and software modules in the decoding processor.
  • the software module can be located in a mature storage medium in the field, such as random access memory, flash memory, read-only memory, programmable read-only memory, or electrically erasable programmable memory, registers.
  • the storage medium is located in the memory, and the processor reads the information in the memory and completes the steps of the above method in combination with its hardware.
  • the electronic device can also execute the method executed by the access control device in FIG. 1 and realize the functions of the embodiment of the access control device shown in FIG. 1, which will not be repeated here in the embodiment of this specification.
  • the embodiment of this specification also proposes a computer-readable storage medium, the computer-readable storage medium stores one or more programs, the one or more programs include instructions, when the instructions are executed by an electronic device that includes multiple application programs When the electronic device is able to execute the method executed by the access control device in the embodiment shown in FIG.
  • the access request carries The user account authentication information corresponding to the merchant device; based on the target public key certificate and device identity information corresponding to the merchant device, the device identity verification is performed on the merchant device; when the device identity verification is passed, the merchant device corresponding to the merchant device based on the user account authentication information The user conducts user identity verification; after the user identity verification is passed, verify whether the merchant device is a trusted execution environment; determine the access control policy of the merchant device, and access the private data of the target member corresponding to the access request based on the access control policy.
  • the embodiments of this specification provide a zero-trust-based access control solution to the private data of each member stored in the privacy data system. Specifically, when an access request from a merchant device is received, the device identity corresponding to the merchant device and The user identity of the merchant corresponding to the merchant device, that is, the user, is verified layer by layer to improve the security of access to private data. Specifically, it is necessary to first verify the device identity of the merchant device based on the device identity information of the merchant device and its corresponding and unique target public key certificate to determine whether the merchant device is a merchant device pre-associated with the privacy data system; After the first device identity verification is passed, the corresponding merchant's user identity verification is performed based on the user account authentication information corresponding to the merchant device.
  • the device identity of the merchant device needs to be verified a second time to determine the Whether the merchant equipment is a trusted execution environment for the private data of the target member of the system.
  • the access control policy of the merchant device After performing the corresponding layer-by-layer identity verification on the merchant device, it is necessary to further determine the access control policy of the merchant device to the private data of the target member corresponding to the access request based on the specific situation of the current visit. In this way, it is not only necessary to perform zero-trust-based identity verification on merchant devices for data access, but also to further match specific access control policies to strengthen the control of merchant devices’ access to private data and avoid malicious or improper The operation caused the leakage of members’ private data, reduced the risk of private data leakage, and improved the security of data access.
  • the embodiments of this specification can be provided as a method, a system, or a computer program product. Therefore, the embodiments of this specification may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, the embodiments of this specification may adopt the form of computer program products implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • These computer program instructions can be provided to the processor of a general-purpose computer, a special-purpose computer, an embedded processor, or other programmable data processing equipment to generate a machine, so that the instructions executed by the processor of the computer or other programmable data processing equipment are generated It is a device that realizes the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device.
  • the device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment.
  • the instructions provide steps for implementing the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • the computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
  • processors CPUs
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-permanent memory in computer readable media, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash memory
  • Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology.
  • the information can be computer-readable instructions, data structures, program modules, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Finance (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

An access control method and an access control apparatus. The access control method comprises: if an access request of a merchant device is received, acquiring device identity information of the merchant device, wherein the access request carries user account authentication information corresponding to the merchant device; on the basis of a target public key certificate and device identity information corresponding to the merchant device, performing device identity verification on the merchant device; when the device identity verification is passed, on the basis of the user account authentication information, performing user identity verification on a user corresponding to the merchant device; when the user identity verification is passed, verifying whether the merchant device is a trusted execution environment; and determining an access control policy of the merchant device, and on the basis of the access control policy, accessing private data of a target member corresponding to the access request.

Description

访问控制方法和访问控制装置Access control method and access control device 技术领域Technical field
本说明书涉及计算机技术领域,尤其涉及一种访问控制方法和访问控制装置。This specification relates to the field of computer technology, in particular to an access control method and an access control device.
背景技术Background technique
目前,对于现有的隐私数据访问系统,主要根据商户的账户、密钥来对商户的数据访问调用行为进行控制。At present, for the existing private data access system, the merchant's data access calling behavior is mainly controlled based on the merchant's account and key.
但是,由于存在商户系统的安全访问机制出现故障或商户数据泄露等情况,这可能会导致商户的账户、密钥存在被泄露的风险,一旦商户的账密信息被泄漏,则恶意人员即可以根据账户、密钥通过用户身份验证后非法盗取大量的会员隐私数据。However, due to the failure of the security access mechanism of the merchant system or the leakage of merchant data, this may lead to the risk of the merchant’s account and key being leaked. Once the merchant’s account and secret information is leaked, the malicious person can follow After the account and key pass the user identity verification, a large amount of member private data is illegally stolen.
因此,需要对传统的会员隐私数据的访问控制方式进行改进,以降低隐私数据泄漏的风险。Therefore, it is necessary to improve the traditional access control method of member private data to reduce the risk of private data leakage.
发明内容Summary of the invention
本说明书实施例提供一种访问控制方法和访问控制装置,旨在解决现有的对会员隐私数据的访问方式泄漏风险大的问题。The embodiments of the present specification provide an access control method and an access control device, aiming to solve the problem of high leakage risk of existing access methods to member private data.
本说明书实施例采用下述技术方案。The embodiments of this specification adopt the following technical solutions.
第一方面,本说明书实施例提供一种访问控制方法,所述方法包括:若接收到商户设备的访问请求,则获取所述商户设备的设备身份信息,所述访问请求中携带所述商户设备对应的用户账户鉴权信息;基于所述商户设备对应的目标公钥证书和所述设备身份信息,对所述商户设备进行设备身份核验;当设备身份核验通过后,基于所述用户账户鉴权信息对所述商户设备对应的用户进行用户身份核验;当用户身份核验通过后,验证所述商户设备是否为可信执行环境;确定所述商户设备的访问控制策略,并基于所述访问控制策略访问所述访问请求对应的目标会员的隐私数据。In the first aspect, an embodiment of this specification provides an access control method, the method includes: if an access request from a merchant device is received, acquiring device identity information of the merchant device, and the access request carries the merchant device Corresponding user account authentication information; based on the target public key certificate corresponding to the merchant device and the device identity information, perform device identity verification on the merchant device; when the device identity verification is passed, authenticate based on the user account The information performs user identity verification on the user corresponding to the merchant device; after the user identity verification is passed, verify whether the merchant device is a trusted execution environment; determine the access control strategy of the merchant device, and based on the access control strategy Access the private data of the target member corresponding to the access request.
第二方面,本说明书实施例提供一种访问控制装置,所述装置包括:获取模块,用于若接收到商户设备的访问请求,则获取所述商户设备的设备身份信息,所述访问请求中携带所述商户设备对应的用户账户鉴权信息;第一验证模块,用于基于所述商户设备对应的目标公钥证书和所述设备身份信息,对所述商户设备进行设备身份核验;第二 验证模块,用于当设备身份核验通过后,基于所述用户账户鉴权信息对所述商户设备对应的用户进行用户身份核验;第三验证模块,用于当用户身份核验通过后,验证所述商户设备是否为可信执行环境;控制模块,用于确定所述商户设备的访问控制策略,并基于所述访问控制策略访问所述访问请求对应的目标会员的隐私数据。In a second aspect, an embodiment of this specification provides an access control device, the device includes: an acquisition module, configured to obtain the device identity information of the merchant device if an access request of the merchant device is received, in the access request Carrying user account authentication information corresponding to the merchant device; a first verification module, configured to perform device identity verification on the merchant device based on the target public key certificate corresponding to the merchant device and the device identity information; second The verification module is used to verify the user identity of the user corresponding to the merchant device based on the user account authentication information after the device identity verification is passed; the third verification module is used to verify the user identity after the user identity verification is passed Whether the merchant equipment is a trusted execution environment; the control module is used to determine the access control policy of the merchant equipment, and access the private data of the target member corresponding to the access request based on the access control policy.
第三方面,本说明书实施例提供一种电子设备,包括:处理器;以及被安排成存储计算机可执行指令的存储器,所述可执行指令在被执行时使所述处理器执行以下操作:若接收到商户设备的访问请求,则获取所述商户设备的设备身份信息,所述访问请求中携带所述商户设备对应的用户账户鉴权信息;基于所述商户设备对应的目标公钥证书和所述设备身份信息,对所述商户设备进行设备身份核验;当设备身份核验通过后,基于所述用户账户鉴权信息对所述商户设备对应的用户进行用户身份核验;当用户身份核验通过后,验证所述商户设备是否为可信执行环境;确定所述商户设备的访问控制策略,并基于所述访问控制策略访问所述访问请求对应的目标会员的隐私数据。In a third aspect, an embodiment of this specification provides an electronic device, including: a processor; and a memory arranged to store computer-executable instructions, which when executed, cause the processor to perform the following operations: Upon receiving the access request of the merchant device, the device identity information of the merchant device is obtained, and the access request carries the user account authentication information corresponding to the merchant device; based on the target public key certificate corresponding to the merchant device and all The device identity information is to perform device identity verification on the merchant device; when the device identity verification is passed, the user identity verification is performed on the user corresponding to the merchant device based on the user account authentication information; when the user identity verification is passed, Verify whether the merchant device is a trusted execution environment; determine an access control policy of the merchant device, and access the private data of the target member corresponding to the access request based on the access control policy.
第四方面,本说明书实施例提供一种计算机可读存储介质,所述计算机可读存储介质存储一个或多个程序,所述一个或多个程序当被包括多个应用程序的电子设备执行时,使得所述电子设备执行以下操作:若接收到商户设备的访问请求,则获取所述商户设备的设备身份信息,所述访问请求中携带所述商户设备对应的用户账户鉴权信息;基于所述商户设备对应的目标公钥证书和所述设备身份信息,对所述商户设备进行设备身份核验;当设备身份核验通过后,基于所述用户账户鉴权信息对所述商户设备对应的用户进行用户身份核验;当用户身份核验通过后,验证所述商户设备是否为可信执行环境;In a fourth aspect, embodiments of this specification provide a computer-readable storage medium that stores one or more programs, and when the one or more programs are executed by an electronic device that includes multiple application programs , The electronic device is caused to perform the following operations: if an access request of the merchant device is received, the device identity information of the merchant device is obtained, and the access request carries the user account authentication information corresponding to the merchant device; The target public key certificate corresponding to the merchant device and the device identity information are used to perform device identity verification on the merchant device; when the device identity verification is passed, the user corresponding to the merchant device is performed based on the user account authentication information User identity verification; after the user identity verification is passed, verify whether the merchant device is a trusted execution environment;
确定所述商户设备的访问控制策略,并基于所述访问控制策略访问所述访问请求对应的目标会员的隐私数据。Determine the access control policy of the merchant equipment, and access the private data of the target member corresponding to the access request based on the access control policy.
本说明书实施例采用的上述至少一个技术方案实现了以下技术效果:本说明书实施例,提供了一种基于零信任的对隐私数据系统中存储的各会员的隐私数据的访问控制方案,具体在接收到商户设备的访问请求时,需要对商户设备对应的设备身份以及商户设备对应的商户即用户的用户身份进行层层核验,以提高对隐私数据访问的安全性。具体的,首先需要基于商户设备的设备身份信息及其对应且唯一的目标公钥证书对商户设备的设备身份进行首次核验,以确定该商户设备是否为与隐私数据系统预先关联的商户设备;在首次设备身份核验通过后,基于商户设备对应的用户账户鉴权信息对相应的商户进行用户身份核验,进一步在用户身份核验通过后,还需要对商户设备的设备身份进行二次核验,以确定该商户设备对于该系统的目标会员的隐私数据而言是否为可信执行 环境。而在对商户设备进行相应的层层身份核验后,还需进一步依据当前访问的具体情况确定该商户设备对访问请求对应的目标会员的隐私数据的访问控制策略。如此,不仅需要对进行数据访问的商户设备进行基于零信任的层层身份核验,还需要进一步为其匹配具体的访问控制策略,以加强对商户设备访问隐私数据的控制,避免由于一些恶意或不当的操作,造成会员的隐私数据的泄漏,降低隐私数据泄漏的风险,提高数据访问的安全性。The above-mentioned at least one technical solution adopted in the embodiment of this specification achieves the following technical effects: The embodiment of this specification provides a zero-trust-based access control solution to the private data of each member stored in the privacy data system, specifically in the receiving When requesting an access to a merchant device, the device identity corresponding to the merchant device and the user identity of the merchant or user corresponding to the merchant device need to be verified layer by layer to improve the security of access to private data. Specifically, it is necessary to first verify the device identity of the merchant device based on the device identity information of the merchant device and its corresponding and unique target public key certificate to determine whether the merchant device is a merchant device pre-associated with the privacy data system; After the first device identity verification is passed, the corresponding merchant's user identity verification is performed based on the user account authentication information corresponding to the merchant device. After the user identity verification is passed, the device identity of the merchant device needs to be verified a second time to determine the Whether the merchant equipment is a trusted execution environment for the private data of the target member of the system. After performing the corresponding layer-by-layer identity verification on the merchant device, it is necessary to further determine the access control policy of the merchant device to the private data of the target member corresponding to the access request based on the specific situation of the current visit. In this way, it is not only necessary to perform zero-trust-based identity verification on merchant devices for data access, but also to further match specific access control policies to strengthen the control of merchant devices’ access to private data and avoid malicious or improper data access. The operation caused the leakage of private data of members, reduces the risk of leakage of private data, and improves the security of data access.
附图说明Description of the drawings
此处所说明的附图用来提供对本说明书实施例的进一步理解,构成本说明书实施例的一部分,本说明书的示意性实施例及其说明用于解释本说明书,并不构成对本说明书的不当限定。在附图中:The drawings described here are used to provide a further understanding of the embodiments of this specification, and constitute a part of the embodiments of this specification. The exemplary embodiments and descriptions of this specification are used to explain this specification, and do not constitute an improper limitation of this specification. In the attached picture:
图1为本说明书实施例提供的访问控制方法的流程示意图;FIG. 1 is a schematic flowchart of an access control method provided by an embodiment of this specification;
图2为本说明书实施例提供的访问控制系统的组成示意图;Figure 2 is a schematic diagram of the composition of an access control system provided by an embodiment of this specification;
图3为本说明书实施例提供的访问控制装置的结构示意图;FIG. 3 is a schematic structural diagram of an access control device provided by an embodiment of this specification;
图4为本说明书实施例提供的电子设备的结构示意图。FIG. 4 is a schematic structural diagram of an electronic device provided by an embodiment of this specification.
具体实施方式Detailed ways
为使本说明书的目的、技术方案和优点更加清楚,下面将结合本说明书具体实施例及相应的附图对本说明书技术方案进行清楚、完整地描述。显然,所描述的实施例仅是本说明书一部分实施例,而不是全部的实施例。基于本说明书中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本说明书保护的范围。In order to make the purpose, technical solutions and advantages of this specification clearer, the technical solutions of this specification will be clearly and completely described below in conjunction with specific embodiments of this specification and the corresponding drawings. Obviously, the described embodiments are only a part of the embodiments in this specification, rather than all the embodiments. Based on the embodiments in this specification, all other embodiments obtained by a person of ordinary skill in the art without creative work shall fall within the protection scope of this specification.
对于背景技术部分陈述的现有的数据访问控制方式可能会因商户的账密信息泄露而导致大量的会员隐私数据泄露的问题,本说明书实施例提供一种基于零信任的数据访问控制方案,达到加强对商户访问的控制的目,以避免由于访问商户的恶意或不当的操作,造成会员的隐私数据的泄露。Regarding the problem that the existing data access control methods stated in the background art may cause a large number of members’ privacy data leakage due to the leakage of merchant’s account and secret information, the embodiments of this specification provide a zero-trust-based data access control solution to achieve Strengthen the purpose of controlling access to merchants to avoid the leakage of members' private data due to malicious or improper operations of visiting merchants.
以下结合附图,详细说明本说明书各实施例提供的技术方案。The technical solutions provided by the embodiments of this specification will be described in detail below with reference to the accompanying drawings.
参见图1所示,本说明书实施例提供一种访问控制方法,该方法具体可包括步骤101~步骤109。As shown in FIG. 1, an embodiment of this specification provides an access control method, and the method may specifically include step 101 to step 109.
步骤101:若接收到商户设备的访问请求,则获取商户设备的设备身份信息,访问请求中携带商户设备对应的用户账户鉴权信息。Step 101: If an access request from a merchant device is received, the device identity information of the merchant device is obtained, and the access request carries user account authentication information corresponding to the merchant device.
可选的,上述商户的访问请求可以具体包括但不限于文件访问请求、数据库访问请求、应用程序接口(Application Programming Interface,API)访问请求。针对不同类型的访问请求可以对应请求访问对应的隐私数据。Optionally, the aforementioned merchant's access request may specifically include, but is not limited to, a file access request, a database access request, and an Application Programming Interface (API) access request. For different types of access requests, the corresponding private data can be accessed correspondingly.
可选的,上述商户设备的设备身份信息可以具体包括但不限于商户设备的网络媒体访问控制(Media Access Control,MAC)地址、网络协议(Internet Protocol,IP)地址、域名、宿主/主机(Host)等。Optionally, the device identity information of the above-mentioned merchant device may specifically include, but is not limited to, the network media access control (MAC) address, Internet Protocol (IP) address, domain name, and host/host (Host) of the merchant device. )Wait.
步骤103:基于商户设备对应的目标公钥证书和设备身份信息,对商户设备进行设备身份核验。Step 103: Perform device identity verification on the merchant device based on the target public key certificate and device identity information corresponding to the merchant device.
其中,上述目标公钥证书可以基于一定的加密算法对商户设备的设备身份信息进行运算生成,用于唯一标识商户设备身份,具体地,可以在系统侧对商户设备的上述设备身份信息进行更新维护,比如根据商户设备的注册信息、实时的上、下线信息等动态更新各商户设备的设备身份信息,并基于最新的设备身份信息更新相应的公钥证书。Among them, the above-mentioned target public key certificate can be calculated and generated based on a certain encryption algorithm on the device identity information of the merchant's device, and used to uniquely identify the identity of the merchant's device. Specifically, the above-mentioned device identity information of the merchant's device can be updated and maintained on the system side. For example, the device identity information of each merchant device is dynamically updated based on the merchant device's registration information, real-time online and offline information, etc., and the corresponding public key certificate is updated based on the latest device identity information.
可选的,该目标公钥证书可以具有一定的有效期限,具体可以每间隔一段时间更新一次,也可以在商户设备的设备身份信息发生变化时进行更新,以确保能够基于该目标公钥证书唯一、准确地标识该商户设备。Optionally, the target public key certificate may have a certain validity period. Specifically, it may be updated every period of time, or it may be updated when the device identity information of the merchant device changes, so as to ensure that the target public key certificate can be unique based on the target public key certificate. , Accurately identify the merchant’s equipment.
可选的,该步骤103具体可以执行为如下内容:基于设备身份信息生成商户设备的待核验证书;若待核验证书与目标公钥证书相同,则确定设备身份核验通过。Optionally, this step 103 may be specifically executed as the following content: generate a verification certificate of the merchant device based on the device identity information; if the verification certificate is the same as the target public key certificate, it is determined that the device identity verification is passed.
可以理解,在接收到商户设备的访问请求时,可以主动采集获取该商户设备的属性信息即设备身份信息,并进一步采用生成目标公钥证书的相同加密算法得到对应的待核验证书。如此,则可以在确认当前生成的待核验证书与访问请求中携带的商户设备的目标公钥证书相同时,认为对商户设备的首次身份核验通过。而如果在确认当前生成的待核验证书与访问请求中携带的商户设备的目标公钥证书不同时,则认为对商户设备的首次身份核验失败。It can be understood that when receiving an access request from a merchant device, the merchant device's attribute information, that is, device identity information, can be actively collected, and the same encryption algorithm used to generate the target public key certificate is further used to obtain the corresponding verification certificate to be verified. In this way, when it is confirmed that the currently generated verification certificate to be verified is the same as the target public key certificate of the merchant device carried in the access request, it can be considered that the first identity verification of the merchant device has passed. If it is confirmed that the currently generated verification certificate to be verified is different from the target public key certificate of the merchant device carried in the access request, it is considered that the first identity verification of the merchant device has failed.
步骤105:当设备身份核验通过后,基于用户账户鉴权信息对商户设备对应的用户进行用户身份核验。Step 105: After the device identity verification is passed, perform user identity verification on the user corresponding to the merchant device based on the user account authentication information.
可选的,该步骤105具体可以执行为如下内容:确定用户账户鉴权信息中是否包含目标令牌值;若用户账户鉴权信息中包含目标令牌值且目标令牌值有效,则确定用户 身份核验通过;若用户账户鉴权信息中包含目标令牌值且目标令牌值无效、或者若用户账户鉴权信息中未包含目标令牌值,则基于用户账户鉴权信息中包含的账户和密钥对商户设备对应的用户进行用户身份核验。Optionally, this step 105 can be specifically executed as follows: determine whether the user account authentication information contains the target token value; if the user account authentication information contains the target token value and the target token value is valid, then determine the user The identity verification is passed; if the user account authentication information contains the target token value and the target token value is invalid, or if the user account authentication information does not contain the target token value, it will be based on the account and the account contained in the user account authentication information. The key performs user identity verification on the user corresponding to the merchant's device.
可以理解,在对商户设备对应的用户即商户进行用户身份核验时,为了确保商户在访问系统时的用户体验,可以在对用户进行用户身份核验时无需多次重复输入账户和密钥,达到一键快捷登录的效果。具体的,可以在一次登录时输入相应的账户和密钥进行核验,并在验证通过生成相应的目标令牌token值,进一步地,若在以后的访问请求中携带有该目标令牌值,则可以直接确认用户身份核验通过,而如果没有携带,则需要输入用户的账户和密钥进行用户身份核验。其中,该目标令牌值与商户设备对应的用户的账户和密钥一一对应,具有唯一性。进一步地,该目标令牌值还可以具有一定的有效时限,通过定期更新该令牌值,以避免由于用户的账密信息泄露,导致系统中的隐私数据的泄露。It is understandable that when performing user identity verification on the user corresponding to the merchant’s device, that is, the merchant, in order to ensure the merchant’s user experience when accessing the system, there is no need to repeatedly enter the account and key when verifying the user’s user identity. The effect of key shortcut login. Specifically, the corresponding account and key can be entered for verification during one login, and the corresponding target token token value can be generated after verification. Further, if the target token value is carried in subsequent access requests, then It can be directly confirmed that the user's identity verification has passed, and if it is not carried, the user's account and key need to be entered for user identity verification. Wherein, the target token value has a one-to-one correspondence with the user's account and key corresponding to the merchant device, and is unique. Further, the target token value may also have a certain effective time limit, and the token value is updated regularly to avoid the leakage of the user's account and secret information, which may lead to the leakage of private data in the system.
可选的,上述商户设备对应的用户的数量可以为一个也可以为多个,商户设备及其对应的用户之间具有绑定或者关联关系。Optionally, the number of users corresponding to the above-mentioned merchant equipment may be one or more, and there is a binding or association relationship between the merchant equipment and the corresponding users.
步骤107:当用户身份核验通过后,验证商户设备是否为可信执行环境。Step 107: After the user identity verification is passed, verify whether the merchant's equipment is a trusted execution environment.
步骤109:确定商户设备的访问控制策略,并基于访问控制策略访问访问请求对应的目标会员的隐私数据。Step 109: Determine the access control policy of the merchant equipment, and access the private data of the target member corresponding to the access request based on the access control policy.
本说明书实施例,提供了一种基于零信任的对隐私数据系统中存储的各会员的隐私数据的访问控制方案,具体在接收到商户设备的访问请求时,需要对商户设备对应的设备身份以及商户设备对应的商户即用户的用户身份进行层层核验,以提高对隐私数据访问的安全性。具体的,首先需要基于商户设备的设备身份信息及其对应且唯一的目标公钥证书对商户设备的设备身份进行首次核验,以确定该商户设备是否为与隐私数据系统预先关联的商户设备;在首次设备身份核验通过后,基于商户设备对应的用户账户鉴权信息对相应的商户进行用户身份核验,进一步在用户身份核验通过后,还需要对商户设备的设备身份进行二次核验,以确定该商户设备对于该系统的目标会员的隐私数据而言是否为可信执行环境。而在对商户设备进行相应的层层身份核验后,还需进一步依据当前访问的具体情况确定该商户设备对访问请求对应的目标会员的隐私数据的访问控制策略。如此,不仅需要对进行数据访问的商户设备进行基于零信任的层层身份核验,还需要进一步为其匹配具体的访问控制策略,以加强对商户设备访问隐私数据的控制,避免由于一些恶意或不当的操作,造成会员的隐私数据的泄漏,降低隐私数据泄漏的风 险,提高数据访问的安全性。The embodiments of this specification provide a zero-trust-based access control solution to the private data of each member stored in the privacy data system. Specifically, when an access request from a merchant device is received, the device identity corresponding to the merchant device and The user identity of the merchant corresponding to the merchant device, that is, the user, is verified layer by layer to improve the security of access to private data. Specifically, it is necessary to first verify the device identity of the merchant device based on the device identity information of the merchant device and its corresponding and unique target public key certificate to determine whether the merchant device is a merchant device pre-associated with the privacy data system; After the first device identity verification is passed, the corresponding merchant's user identity verification is performed based on the user account authentication information corresponding to the merchant device. After the user identity verification is passed, the device identity of the merchant device needs to be verified a second time to determine the Whether the merchant equipment is a trusted execution environment for the private data of the target member of the system. After performing the corresponding layer-by-layer identity verification on the merchant device, it is necessary to further determine the access control policy of the merchant device to the private data of the target member corresponding to the access request based on the specific situation of the current visit. In this way, it is not only necessary to perform zero-trust-based identity verification on merchant devices for data access, but also to further match specific access control policies to strengthen the control of merchant devices’ access to private data and avoid malicious or improper data access. The operation caused the leakage of private data of members, reduces the risk of leakage of private data, and improves the security of data access.
进一步需要说明的是,在本说明书实施例的访问控制方法中,若基于商户设备对应的目标公钥证书和设备身份信息,对商户设备进行设备身份核验即首次设备身份核验的结果为未通过,则可以直接拒绝商户设备的访问请求。It should be further noted that, in the access control method of the embodiment of this specification, if the device identity verification is performed on the merchant device based on the target public key certificate and device identity information corresponding to the merchant device, that is, the result of the first device identity verification is not passed, You can directly reject the merchant's device access request.
进一步地,在基于商户设备对应的目标公钥证书和设备身份信息,对商户设备进行设备身份核验通过后,若在基于目标公钥证书的首次设备身份核验通过后,基于用户账户鉴权信息对商户设备对应的用户进行用户身份核验的结果为未通过,则可以直接拒绝商户设备的访问请求。Further, after the device identity verification of the merchant device is passed based on the target public key certificate and device identity information corresponding to the merchant device, if the device identity verification based on the target public key certificate is passed for the first time, the verification information is based on the user account authentication information. If the user corresponding to the merchant device fails the user identity verification, the merchant device's access request can be directly rejected.
可选的,在本说明书实施例的访问控制方法中,还可以对访问过系统的历史设备以历史访问设备清单的形式进行管理。进而在执行上述步骤107时,在用户身份核验通过后,可以首先获取该历史访问设备清单,以核验该当前进行访问的商户设备是否与该历史访问设备清单相匹配,进而基于匹配结果确定对商户设备身份进行二次核验的具体方式。Optionally, in the access control method of the embodiment of this specification, the historical devices that have visited the system can also be managed in the form of a historical access device list. Furthermore, when the above step 107 is performed, after the user's identity verification is passed, the historical access device list can be obtained first to verify whether the currently visited merchant device matches the historical access device list, and then the merchant device is determined based on the matching result. The specific method for the second verification of the equipment identity.
进一步地,在本说明书实施例的访问控制方法中,上述访问请求中还可以携带商户设备的设备数字证书以及与设备数字证书关联的目标设备数字签名。Further, in the access control method of the embodiment of the present specification, the above-mentioned access request may also carry the device digital certificate of the merchant device and the digital signature of the target device associated with the device digital certificate.
如此,在上述历史访问设备清单中未包含该商户设备的情况下,可以基于上述设备数字证书以及与设备数字证书关联的目标设备数字签名,对商户设备身份进行二次核验,即验证该商户设备是否为可信执行环境。具体地,上述步骤107可以具体执行为如下内容:获取历史访问设备清单;若商户设备未位于历史访问设备清单中,则基于设备数字证书和目标设备数字签名验证商户设备是否为可信执行环境。In this way, if the merchant equipment is not included in the aforementioned historical access equipment list, the merchant’s equipment identity can be verified a second time based on the aforementioned equipment digital certificate and the digital signature of the target equipment associated with the equipment digital certificate, that is, the merchant equipment is verified. Whether it is a trusted execution environment. Specifically, the foregoing step 107 may be specifically executed as the following content: obtaining a list of historically accessed devices; if the merchant's device is not in the list of historically accessed devices, verifying whether the merchant's device is a trusted execution environment based on the device digital certificate and the digital signature of the target device.
进一步地,上述基于设备数字证书和目标设备数字签名验证商户设备是否为可信执行环境的步骤,具体可以执行为如下内容:获取预先存储的设备数字证书对应的历史设备数字签名;若历史设备数字签名与目标设备数字签名相同,则确定商户设备为可信执行环境;若历史设备数字证书与目标设备数字签名不同,则确定商户设备为非可信执行环境。Further, the step of verifying whether the merchant’s equipment is a trusted execution environment based on the equipment digital certificate and the digital signature of the target equipment can be specifically executed as follows: Obtain the historical equipment digital signature corresponding to the pre-stored equipment digital certificate; If the signature is the same as the digital signature of the target device, it is determined that the merchant device is a trusted execution environment; if the historical device digital certificate is different from the digital signature of the target device, it is determined that the merchant device is an untrusted execution environment.
可以理解,在隐私数据系统中存储并维护商户设备的数字证书对应的数字签名。若商户设备在访问时上报的数字证书与其在系统中预存储的数字证书不相符,则说明商户设备为非可信执行环境,而若相符则为可信执行环境。It can be understood that the digital signature corresponding to the digital certificate of the merchant's device is stored and maintained in the privacy data system. If the digital certificate reported by the merchant device during access does not match the digital certificate pre-stored in the system, it means that the merchant device is an untrusted execution environment, and if it matches, it is a trusted execution environment.
进一步可选的,本说明书实施例的访问控制方法,还可以包括以下内容:将商户 设备加入历史访问设备清单。Further optionally, the access control method of the embodiment of the present specification may further include the following content: adding the merchant's equipment to the historical access equipment list.
可以理解,在基于商户设备的设备数字证书及其对应的设备数字签名完成对其设备身份的核验后,对历史访问设备清单进行更新,以将该商户设备的访问情况记录在清单中。It can be understood that after the verification of the device identity based on the device digital certificate of the merchant device and its corresponding device digital signature is completed, the historical access device list is updated to record the merchant device's access status in the list.
进一步地,在上述历史访问设备清单中,还可以为商户设备设置是否为可信执行环境的标签,比如,若为可信执行环境则记录在有效设备清单中,若为非可信执行环境则记录在黑设备清单中,其中,黑设备具体可以为由于商户的账密信息泄露导致的设备身份验证未通过的设备;进一步地,还可设置对历史访问设备清单中维护的商户设备的清除策略,比如:定期清除一批载入时间靠前的设备或者清除全部,或者根据商户设备访问的频次等决定是否将其从清单中及时移除,以在提高历史访问设备清单的使用价值的同时,为商户设备作为有效设备或者黑设备存储在历史设备访问清单中的情况设置一定的有效期限,避免由于对设备的状态更新不及时导致身份核验时误判,造成隐私数据泄露或者影响访问隐私数据的用户体验。Further, in the aforementioned historical access device list, it is also possible to set a label for whether the merchant's device is a trusted execution environment, for example, if it is a trusted execution environment, it is recorded in the effective device list, if it is an untrusted execution environment, then it is recorded in the effective device list. Recorded in the list of black equipment, where the black equipment can specifically be equipment that fails the equipment authentication due to the leakage of the merchant’s account and secret information; further, it is also possible to set a clearing strategy for the merchant equipment maintained in the historical access equipment list , Such as: regularly clear a batch of devices with the earlier loading time or clear all, or decide whether to remove them from the list in time according to the frequency of visits to the merchant’s devices, so as to improve the use value of the historical access device list. Set a certain validity period for merchants’ devices as valid devices or black devices stored in the historical device access list to avoid misjudgment during identity verification due to the failure to update the status of the device in time, causing privacy data leakage or affecting access to privacy data user experience.
那么,在上述历史访问设备清单中包含该商户设备的情况下,则可以基于其所具有的是否为可信执行环境的标签,高效且准确地确定其是否为可信执行环境。具体地,上述步骤107可以具体执行为如下内容:获取历史访问设备清单;若商户设备位于历史访问设备清单中,则获取商户设备对应的历史行为标识,并基于历史行为标识验证商户设备是否为可信执行环境。Then, in the case where the merchant device is included in the aforementioned historical access device list, it can be efficiently and accurately determined whether it is a trusted execution environment based on whether it has a label of a trusted execution environment. Specifically, the above step 107 can be specifically executed as the following content: obtain a list of historical access equipment; if the merchant device is in the list of historical access equipment, obtain the historical behavior identifier corresponding to the merchant device, and verify whether the merchant device is available based on the historical behavior identifier. Trust the execution environment.
进一步地,上述基于历史行为标识验证商户设备是否为可信执行环境的步骤,具体可以执行为如下内容:若历史行为标识指示商户设备为历史可信设备,则确定商户设备为可信执行环境;若历史行为标识指示商户设备为历史黑设备,则确定商户设备为非可信执行环境。Further, the above step of verifying whether the merchant's equipment is a trusted execution environment based on the historical behavior identification can be specifically executed as follows: if the historical behavior identification indicates that the merchant's equipment is a historically trusted device, it is determined that the merchant's equipment is a trusted execution environment; If the historical behavior identifier indicates that the merchant device is a historical black device, it is determined that the merchant device is an untrusted execution environment.
可以理解,若商户设备在历史设备访问清单所具有的是否为可信执行环境的标签即历史行为标识指示其为历史可信设备,即说明该商户设备属于有效设备行列时,直接确定其为可信执行环境;以及若商户设备在历史设备访问清单所具有的是否为可信执行环境的标签即历史行为标识指示其为历史黑设备,即说明该商户设备属于黑设备行列时,直接确定其为非可信执行环境。It is understandable that if the merchant equipment in the historical equipment access list has the label of whether it is a trusted execution environment, that is, the historical behavior identifier indicates that it is a historically trusted equipment, it means that when the merchant equipment belongs to the ranks of valid equipment, it is directly determined to be available. Trusted execution environment; and if the merchant’s device in the historical device access list has a label of whether it is a trusted execution environment, that is, the historical behavior identifier indicates that it is a historical black device, it means that when the merchant’s device is classified as a black device, it is directly determined to be Untrusted execution environment.
可选的,在本说明书实施例的访问控制方法中,上述步骤109,具体可以包括以下内容:基于访问请求,获取目标会员的属性信息以及商户设备对应的用户的访问权限信 息;根据身份核验结果、属性信息和访问权限信息中的至少一个,确定访问控制策略。Optionally, in the access control method of the embodiment of this specification, the above step 109 may specifically include the following content: based on the access request, obtaining the attribute information of the target member and the access authority information of the user corresponding to the merchant device; and according to the identity verification result At least one of attribute information and access authority information determines the access control strategy.
可以理解,在对商户设备的进行层层身份核验后,可以进一步基于对应的身份核验结果、商户设备当前所要访问的目标会员的基本情况及与其具有绑定或关联关系的用户的最新的访问权限情况,确定相匹配的访问控制策略,以控制其对会员的隐私数据的访问。It can be understood that, after performing layer-by-layer identity verification on the merchant device, it can be further based on the corresponding identity verification result, the basic information of the target member currently to be accessed by the merchant device, and the latest access authority of the user with which the merchant device is bound or associated. Circumstances, determine the matching access control policy to control its access to members’ private data.
其中,上述身份核验结果具体可以包括验证商户设备是否可信执行环境的设备身份核验结果。换言之,上述步骤109,具体还可以表示为:根据对商户设备是否为可信执行环境的身份核验结果或设备身份核验结果,确定商户设备的访问控制策略,并基于访问控制策略访问访问请求对应的目标会员的隐私数据。Wherein, the aforementioned identity verification result may specifically include a device identity verification result for verifying whether the merchant's device is a trusted execution environment. In other words, the above step 109 can also be specifically expressed as: determining the access control policy of the merchant equipment based on the identity verification result or the device identity verification result of whether the merchant equipment is a trusted execution environment, and accessing the corresponding access request based on the access control policy The private data of the target member.
进一步地,上述根据对商户设备是否为可信执行环境的身份核验结果或设备身份核验结果,确定商户设备的访问控制策略的步骤,具体还可以执行为:基于访问请求,获取目标会员的属性信息以及商户设备对应的用户的访问权限信息;根据对商户设备是否为可信执行环境的身份核验结果或设备身份核验结果、属性信息和访问权限信息中的至少一个,确定访问控制策略。Further, the above step of determining the access control strategy of the merchant device based on the identity verification result or the device identity verification result of whether the merchant device is a trusted execution environment can be specifically executed as follows: obtaining the attribute information of the target member based on the access request And the access authority information of the user corresponding to the merchant device; determine the access control policy based on at least one of the identity verification result of whether the merchant device is a trusted execution environment or the device identity verification result, attribute information, and access permission information.
进一步地,根据身份核验结果、属性信息和访问权限信息中的至少一个,确定访问控制策略,可以具体包括:仅根据身份核验结果,确定商户设备的访问控制策略。Further, determining the access control policy according to at least one of the identity verification result, the attribute information, and the access authority information may specifically include: determining the access control policy of the merchant device only based on the identity verification result.
进一步具体的,可以执行为:根据验证商户设备是否可信执行环境的设备身份核验结果,确定商户设备的访问控制策略。More specifically, it may be executed as follows: determining the access control policy of the merchant's equipment according to the device identity verification result of verifying whether the merchant's equipment is a trusted execution environment.
进一步具体的,若在首次设备身份核验和用户身份核验均通过后,验证商户设备为非可信执行环境,即对商户设备的二次设备身份核验的结果为未通过,则可以直接拒绝商户设备的访问请求。而在首次设备身份核验和用户身份核验均通过后,验证商户设备为可信执行环境,即对商户设备的二次设备身份核验的结果为通过,则可以调用与商户设备的访问请求对应的目标会员的隐私数据,以提供至商户设备供用户查看等。More specifically, if the merchant device is verified as an untrusted execution environment after both the first device identity verification and the user identity verification are passed, that is, the result of the secondary device identity verification on the merchant device is not passed, the merchant device can be directly rejected Access request. After both the first device identity verification and user identity verification are passed, the merchant device is verified as a trusted execution environment, that is, the result of the secondary device identity verification on the merchant device is passed, and the target corresponding to the access request of the merchant device can be called The member’s private data is provided to the merchant’s device for the user to view, etc.
进一步地,在验证商户设备为可信执行环境后,除了可以直接调用与商户设备的访问请求对应的目标会员的隐私数据并反馈至商户设备的访问控制方式外,还需要进一步结合上述目标会员的属性信息和商户设备对应的用户的访问权限信息中的至少一个,确定访问控制策略。Further, after verifying that the merchant’s device is a trusted execution environment, in addition to directly calling the target member’s private data corresponding to the merchant’s device’s access request and feeding it back to the merchant’s device’s access control method, it is also necessary to further combine the above-mentioned target member’s private data At least one of the attribute information and the access authority information of the user corresponding to the merchant device determines the access control policy.
进一步具体的,若在对商户设备的层层身份核验均通过后,获取到的目标会员的属性信息为高级会员且敏高等级较高时,则可以限制商户设备对该目标会员的隐私数据 的访问。若在对商户设备的层层身份核验均通过后,获取到的商户设备对应的访问权限信息为暂时限制访问会员隐私数据时,则可以直接拒绝商户设备的访问请求。To be more specific, if the target member’s attribute information obtained is a senior member and has a high sensitivity level after all the levels of identity verification on the merchant’s equipment are passed, the merchant’s equipment can be restricted from accessing the target member’s private data. access. If the obtained access authority information corresponding to the merchant device is temporarily restricted from accessing the member's private data after all the layers of identity verification of the merchant device are passed, the merchant device's access request can be directly rejected.
需要说明的是,上述访问控制策略仅为部分具体示例,其他能够基于对商户设备的身份核验结果、目标会员的属性信息和商户设备对应的用户的访问权限信息中至少一个可以确定的对会员隐私数据的访问控制策略,均在本说明书实施例的保护范围内。It should be noted that the above access control policies are only some specific examples. Others can be determined based on at least one of the identity verification results of the merchant device, the attribute information of the target member, and the access authority information of the user corresponding to the merchant device. Data access control strategies are all within the protection scope of the embodiments of this specification.
可选的,上述属性信息包括会员注册信息、会员时限信息、会员等级和会员敏感等级;上述访问权限信息包括是否有权限访问隐私数据,比如当前是否暂时被限制访问会员隐私数据。Optionally, the above attribute information includes member registration information, member time limit information, membership level, and member sensitivity level; the above access authority information includes whether there is permission to access private data, such as whether access to member private data is temporarily restricted.
下面结合图2对本说明书实施例的用于控制对隐私数据访问的系统的具体组成进行详细说明。具体包括:商户请求接收模块201、统一身份识别管理模块203、认证授权模块205、认证授权辅助模块207以及会员商户服务模块209。The specific composition of the system for controlling access to private data according to an embodiment of the present specification will be described in detail below in conjunction with FIG. 2. Specifically, it includes: a merchant request receiving module 201, a unified identity management module 203, an authentication and authorization module 205, an authentication and authorization auxiliary module 207, and a member merchant service module 209.
该商户请求接收模块201主要负责接收商户访问请求,如API访问请求、数据库访问请求、文件访问请求等。其中,商户访问请求中需要传入商户设备数字证书、商户设备数字签名。The merchant request receiving module 201 is mainly responsible for receiving merchant access requests, such as API access requests, database access requests, file access requests, and so on. Among them, the merchant equipment digital certificate and the merchant equipment digital signature need to be passed in in the merchant access request.
统一身份识别管理模块203,包括统一身份管理模块和唯一身份识别模块两个子模块。The unified identity management module 203 includes two sub-modules, a unified identity management module and a unique identity recognition module.
其中,统一身份管理模块负责使用唯一公钥证书标识商户设备身份,并根据商户设备注册、上下线等信息,动态更新商户访问设备库,以确保该公钥证书能够唯一且准确地标识该商户设备。其所负责收集的商户设备信息包括但不限于:商户设备的网络MAC地址、IP地址、域名、host等。Among them, the unified identity management module is responsible for using the unique public key certificate to identify the merchant's device identity, and dynamically update the merchant's access device library based on the merchant's device registration, online and offline information, to ensure that the public key certificate can uniquely and accurately identify the merchant's device . The merchant equipment information it is responsible for collecting includes, but is not limited to: the network MAC address, IP address, domain name, host, etc. of the merchant equipment.
唯一身份识别模块负责根据统一身份管理模块收集的商户设备信息,采用与唯一公钥证书对应的相同计算方式,对商户传入设备身份信息进行核验,即采用相同的计算方式对统一身份管理模块收集的发起访问请求的商户设备信息进行计算得到对应的证书,并将计算得到的证书与统一身份管理模块管理的商户设备的公钥证书进行匹配,以完成设备身份核验工作。The unique identification module is responsible for verifying the identity information of the merchants’ incoming devices based on the merchant’s device information collected by the unified identity management module, using the same calculation method corresponding to the unique public key certificate, that is, using the same calculation method to collect the unified identity management module The information of the merchant device that initiated the access request is calculated to obtain the corresponding certificate, and the calculated certificate is matched with the public key certificate of the merchant device managed by the unified identity management module to complete the device identity verification work.
认证授权模块205,包括单点登录、访问代理、访问控制引擎三个子模块,该认证授权模块205主要负责对商户访问进行认证和授权,对符合认证的访问请求进行授权。The authentication and authorization module 205 includes three sub-modules of single sign-on, access proxy, and access control engine. The authentication and authorization module 205 is mainly responsible for authenticating and authorizing merchant access, and authorizing access requests that comply with the authentication.
其中,单点登录子模块,用于确保商户在多次访问过程中无需多次重复登录,只需要在首次登录时,采用账户、密钥登录。在之后的访问请求中,均需带上首次登录时 获取的token值。进一步地,该token值具有唯一性和一定的生命周期。Among them, the single sign-on sub-module is used to ensure that the merchant does not need to log in repeatedly during multiple visits, but only needs to log in with an account and a key when logging in for the first time. In subsequent access requests, the token value obtained when logging in for the first time is required. Further, the token value has uniqueness and a certain life cycle.
访问代理子模块,负责根据商户设备数字证书、商户设备数字签名对商户设备身份进行二次验证,以确定商户设备是否为可信执行环境。The access agent sub-module is responsible for performing secondary verification on the identity of the merchant's device according to the merchant's device digital certificate and the merchant's device digital signature to determine whether the merchant's device is a trusted execution environment.
访问控制引擎子模块,用于根据访问代理子模块的验证结果,基于认证授权辅助模块207中的信息,对商户设备的访问请求进行访问控制。其中,具体的控制策略来源于认证授权辅助模块207中的商户访问策略。The access control engine sub-module is used to perform access control on the access request of the merchant equipment based on the information in the authentication and authorization auxiliary module 207 according to the verification result of the access agent sub-module. Among them, the specific control strategy comes from the merchant access strategy in the authentication and authorization auxiliary module 207.
认证授权辅助模块207,主要为认证授权模块205提供必要的辅助信息,其包含了商户访问设备清单服务、会员属性、商户/商户组数据库以及商户访问策略四个子模块。The authentication and authorization auxiliary module 207 mainly provides necessary auxiliary information for the authentication and authorization module 205, and includes four sub-modules: merchant access equipment list service, member attributes, merchant/merchant group database, and merchant access strategy.
其中,商户访问设备清单服务子模块,主要记录商户历史访问设备清单,进一步可以分为有效设备清单以及商户黑设备清单等信息。当在访问代理子模块中进行商户设备身份验证时,需要对商户设备首先匹配商户历史访问设备清单,以确定商户设备是否为系统的历史访问设备,若是,则进一步可以确定该商户设备所归属的具体清单,即有效设备清单或商户黑设备清单。对历史访问过设备,进行历史行为标识,如历史可信设备、历史黑设备、历史访问情况等;对无历史访问设备,则标识为新访问设备。Among them, the merchant access equipment list service sub-module mainly records the historical access equipment list of the merchant, and can be further divided into information such as the effective equipment list and the merchant's black equipment list. When the merchant device identity verification is performed in the visit agent submodule, the merchant device needs to be matched with the merchant's historical access device list to determine whether the merchant device is the historical access device of the system, and if so, it can be further determined to which the merchant device belongs The specific list, that is, the list of valid equipment or the list of black merchant equipment. For historically visited devices, perform historical behavior identification, such as historically trusted devices, historically black devices, historical access conditions, etc.; for devices that have no historically accessed devices, they are identified as new access devices.
商户/商户组数据库子模块,用于记录商户同商户设备或商户组同商户设备之间的绑定或关联关系,并根据商户申请/更新状况持续更新商户/商户组与商户设备间的最新关系。在接收到商户设备访问请求时,需将其对应的商户/商户组回填到请求中。Merchant/merchant group database sub-module, used to record the binding or association relationship between the merchant and the merchant device or the merchant group and the merchant device, and continuously update the latest relationship between the merchant/merchant group and the merchant device according to the merchant application/update status . When receiving a merchant device access request, the corresponding merchant/merchant group needs to be backfilled into the request.
会员属性子模块,用于记录会员的属性信息,如会员等级、会员敏感等级、会员有效属性、会员注册时间等信息。在接收商户设备访问请求时,将调用会员属性子模块,获取商户设备本次的访问请求对应的会员属性信息。The member attribute sub-module is used to record the attribute information of the member, such as the member level, the sensitivity level of the member, the effective attribute of the member, and the time of member registration. When receiving the merchant device access request, the member attribute sub-module will be called to obtain the member attribute information corresponding to the merchant device's current access request.
商户访问策略子模块,用于根据商户设备身份认证结果、商户访问设备清单、商户/商户组的访问权限、会员属性信息指定相应的访问控制策略。比如:当访问代理子模块验证商户设备身份不通过时,即商户设备为非可信执行环境时,拒绝本次访问请求。The merchant access strategy sub-module is used to specify the corresponding access control strategy based on the merchant device identity authentication result, the merchant access device list, the merchant/business group access authority, and the member attribute information. For example, when the access agent sub-module fails to verify the identity of the merchant's equipment, that is, when the merchant's equipment is in an untrusted execution environment, the access request is rejected.
当检测到商户设备为历史无访问设备时,要求对商户设备身份进行二次校验,即基于商户设备数字证书和商户设备数字签名进行设备身份核验。When it is detected that the merchant device is a historically non-accessed device, a secondary verification of the merchant device identity is required, that is, the device identity verification is performed based on the merchant device digital certificate and the merchant device digital signature.
当检测到商户设备对应的商户/商户组为暂时限制访问时,则拒绝本次访问请求。When it is detected that the merchant/merchant group corresponding to the merchant device is temporarily restricted from accessing, the access request is rejected.
当检测到商户本次访问会员为高级且敏感会员时,则限制访问会员的隐私数据信息。When it is detected that the current visiting member of the merchant is a senior and sensitive member, the access to the private data information of the member is restricted.
会员商户服务模块209仅对访问控制引擎子模块通过的访问请求,按照商户访问控制策略,输出请求的会员隐私数据信息。The member merchant service module 209 only outputs the requested member privacy data information in accordance with the merchant access control policy for the access request passed through the access control engine sub-module.
综上可知,在本说明书实施例中,依据对身份和设备状态的综合认证情况,制定多层次和多组合的访问控制策略,即在有系统接入请求时,通过对用户和设备身份以及设备运行状态信息进行认证,实现多层级的身份认证。实现了以身份为中心进行零信任的动态访问控制,实现对商户设备及其对应的用户等的全面身份化,并基于该全面身份化,为零信任网络的人、设备、应用、系统等物理实体建立统一的数字身份标识和治理流程,构筑动态访问控制体系,将安全边界延伸至身份实体,实现安全架构的关口前移,提高了数据访问的安全性。In summary, in the embodiments of this specification, multi-level and multi-combination access control policies are formulated based on the comprehensive authentication of the identity and device status, that is, when there is a system access request, the user and device identity and device The operation status information is authenticated to realize multi-level identity authentication. Realize identity-centered zero-trust dynamic access control, realize the comprehensive identity of merchant equipment and corresponding users, etc., and based on this comprehensive identity, it is the physical identity of the people, equipment, applications, systems, etc. of the zero-trust network. The entity establishes a unified digital identity and governance process, builds a dynamic access control system, extends the security boundary to the identity entity, realizes the advancement of the security architecture, and improves the security of data access.
本说明书实施例还提供一种访问控制装置,参见图3所示,该装置可具体包括:获取模块301,用于若接收到商户设备的访问请求,则获取商户设备的设备身份信息,访问请求中携带商户设备对应的用户账户鉴权信息;第一验证模块303,用于基于商户设备对应的目标公钥证书和设备身份信息,对商户设备进行设备身份核验;第二验证模块305,用于当设备身份核验通过后,基于用户账户鉴权信息对商户设备对应的用户进行用户身份核验;第三验证模块307,用于当用户身份核验通过后,验证商户设备是否为可信执行环境;控制模块309,用于确定商户设备的访问控制策略,并基于访问控制策略访问访问请求对应的目标会员的隐私数据。The embodiment of this specification also provides an access control device. As shown in FIG. 3, the device may specifically include: an obtaining module 301, configured to obtain the device identity information of the merchant device if the access request of the merchant device is received, and the access request It carries the user account authentication information corresponding to the merchant device; the first verification module 303 is used to verify the device identity of the merchant device based on the target public key certificate and device identity information corresponding to the merchant device; the second verification module 305 is used to After the device identity verification is passed, user identity verification is performed on the user corresponding to the merchant device based on the user account authentication information; the third verification module 307 is used to verify whether the merchant device is a trusted execution environment after the user identity verification is passed; The module 309 is used to determine the access control policy of the merchant equipment, and access the private data of the target member corresponding to the access request based on the access control policy.
可选的,在本说明书实施例的访问控制装置中,上述访问请求中还携带商户设备的设备数字证书以及与设备数字证书关联的目标设备数字签名;其中,上述第三验证模块307,具体可以用于:获取历史访问设备清单;若商户设备未位于历史访问设备清单中,则基于设备数字证书和目标设备数字签名验证商户设备是否为可信执行环境。Optionally, in the access control apparatus of the embodiment of this specification, the access request also carries the device digital certificate of the merchant device and the digital signature of the target device associated with the device digital certificate; wherein, the third verification module 307 may specifically Used to: obtain a list of historically visited devices; if the merchant's device is not in the list of historically visited devices, verify whether the merchant's device is a trusted execution environment based on the device digital certificate and the digital signature of the target device.
可选的,在本说明书实施例的访问控制装置中,上述第三验证模块307,具体还可以用于:获取预先存储的设备数字证书对应的历史设备数字签名;若历史设备数字签名与目标设备数字签名相同,则确定商户设备为可信执行环境;若历史设备数字证书与目标设备数字签名不同,则确定商户设备为非可信执行环境。Optionally, in the access control apparatus of the embodiment of the present specification, the third verification module 307 may be specifically used to: obtain the digital signature of the historical device corresponding to the pre-stored digital certificate of the device; if the digital signature of the historical device corresponds to the target device If the digital signatures are the same, the merchant's equipment is determined to be a trusted execution environment; if the historical device digital certificate is different from the target device's digital signature, the merchant's equipment is determined to be an untrusted execution environment.
可选的,本说明书实施例的访问控制装置,还可以包括:更新模块,用于将商户设备加入历史访问设备清单。Optionally, the access control device of the embodiment of the present specification may further include: an update module for adding merchant equipment to the historical access equipment list.
可选的,在本说明书实施例的访问控制装置中,上述第三验证模块307,具体可以用于:获取历史访问设备清单;若商户设备位于历史访问设备清单中,则获取商户设备 对应的历史行为标识,并基于历史行为标识验证商户设备是否为可信执行环境。Optionally, in the access control apparatus of the embodiment of the present specification, the third verification module 307 may be specifically used to: obtain a list of historically accessed equipment; if the merchant's equipment is in the historically accessed equipment list, obtain the history corresponding to the merchant's equipment Behavior identification, and verify whether the merchant’s device is a trusted execution environment based on the historical behavior identification.
可选的,在本说明书实施例的访问控制装置中,上述第三验证模块307,具体还可以用于:若历史行为标识指示商户设备为历史可信设备,则确定商户设备为可信执行环境;若历史行为标识指示商户设备为历史黑设备,则确定商户设备为非可信执行环境。Optionally, in the access control apparatus of the embodiment of the present specification, the third verification module 307 may be specifically used to: if the historical behavior identifier indicates that the merchant device is a historically trusted device, determine that the merchant device is a trusted execution environment ; If the historical behavior identifier indicates that the merchant's device is a historically black device, the merchant's device is determined to be an untrusted execution environment.
可选的,在本说明书实施例的访问控制装置中,上述控制模块309,具体可以用于:基于访问请求,获取目标会员的属性信息以及商户设备对应的用户的访问权限信息;根据身份核验结果、属性信息和访问权限信息中的至少一个,确定访问控制策略。Optionally, in the access control device of the embodiment of the present specification, the above-mentioned control module 309 can be specifically used to: obtain the attribute information of the target member and the access authority information of the user corresponding to the merchant device based on the access request; and according to the identity verification result At least one of attribute information and access authority information determines the access control strategy.
可选的,在本说明书实施例的访问控制装置中,上述属性信息包括会员注册信息、会员时限信息、会员等级和会员敏感等级;上述访问权限信息包括是否有权限访问隐私数据。Optionally, in the access control device of the embodiment of this specification, the above attribute information includes member registration information, member time limit information, membership level, and member sensitivity level; the above access authority information includes whether there is authority to access private data.
可选的,在本说明书实施例的访问控制装置中,上述第一验证模块303,具体可以用于:基于设备身份信息生成商户设备的待核验证书;若待核验证书与目标公钥证书相同,则确定设备身份核验通过。Optionally, in the access control apparatus of the embodiment of this specification, the above-mentioned first verification module 303 may be specifically used to: generate a verification certificate of the merchant device based on the device identity information; if the verification certificate is the same as the target public key certificate, It is determined that the device identity verification is passed.
可选的,在本说明书实施例的访问控制装置中,上述第二验证模块305,具体可以用于:确定用户账户鉴权信息中是否包含目标令牌值;若用户账户鉴权信息中包含目标令牌值且目标令牌值有效,则确定用户身份核验通过;若用户账户鉴权信息中包含目标令牌值且目标令牌值无效、或者若用户账户鉴权信息中未包含目标令牌值,则基于用户账户鉴权信息中包含的账户和密钥对商户设备对应的用户进行用户身份核验。Optionally, in the access control apparatus of the embodiment of the present specification, the second verification module 305 may be specifically used to determine whether the user account authentication information includes the target token value; if the user account authentication information includes the target token value; If the token value and the target token value are valid, the user identity verification is determined to be passed; if the user account authentication information contains the target token value and the target token value is invalid, or if the user account authentication information does not contain the target token value , The user identity verification is performed on the user corresponding to the merchant device based on the account and key contained in the user account authentication information.
能够理解,本说明书实施例提供的访问控制装置,能够实现前述实施例中提供的访问控制方法,关于访问控制方法的相关阐释均适用于访问控制装置,此处不再赘述。It can be understood that the access control device provided in the embodiment of this specification can implement the access control method provided in the foregoing embodiment, and the relevant explanations about the access control method are applicable to the access control device, and will not be repeated here.
本说明书实施例,提供了一种基于零信任的对隐私数据系统中存储的各会员的隐私数据的访问控制方案,具体在接收到商户设备的访问请求时,需要对商户设备对应的设备身份以及商户设备对应的商户即用户的用户身份进行层层核验,以提高对隐私数据访问的安全性。具体的,首先需要基于商户设备的设备身份信息及其对应且唯一的目标公钥证书对商户设备的设备身份进行首次核验,以确定该商户设备是否为与隐私数据系统预先关联的商户设备;在首次设备身份核验通过后,基于商户设备对应的用户账户鉴权信息对相应的商户进行用户身份核验,进一步在用户身份核验通过后,还需要对商户设备的设备身份进行二次核验,以确定该商户设备对于该系统的目标会员的隐私数据而言是否为可信执行环境。而在对商户设备进行相应的层层身份核验后,还需进一步依据 当前访问的具体情况确定该商户设备对访问请求对应的目标会员的隐私数据的访问控制策略。如此,不仅需要对进行数据访问的商户设备进行基于零信任的层层身份核验,还需要进一步为其匹配具体的访问控制策略,以加强对商户设备访问隐私数据的控制,避免由于一些恶意或不当的操作,造成会员的隐私数据的泄漏,降低隐私数据泄漏的风险,提高数据访问的安全性。The embodiments of this specification provide a zero-trust-based access control solution to the private data of each member stored in the privacy data system. Specifically, when an access request from a merchant device is received, the device identity corresponding to the merchant device and The user identity of the merchant corresponding to the merchant device, that is, the user, is verified layer by layer to improve the security of access to private data. Specifically, it is necessary to first verify the device identity of the merchant device based on the device identity information of the merchant device and its corresponding and unique target public key certificate to determine whether the merchant device is a merchant device pre-associated with the privacy data system; After the first device identity verification is passed, the corresponding merchant's user identity verification is performed based on the user account authentication information corresponding to the merchant device. After the user identity verification is passed, the device identity of the merchant device needs to be verified a second time to determine the Whether the merchant equipment is a trusted execution environment for the private data of the target member of the system. After performing the corresponding layer-by-layer identity verification on the merchant device, it is necessary to further determine the access control policy of the merchant device to the private data of the target member corresponding to the access request based on the specific situation of the current visit. In this way, it is not only necessary to perform zero-trust-based identity verification on merchant devices for data access, but also to further match specific access control policies to strengthen the control of merchant devices’ access to private data and avoid malicious or improper data access. The operation caused the leakage of private data of members, reduces the risk of leakage of private data, and improves the security of data access.
图4是本说明书的一个实施例电子设备的结构示意图。请参考图4,在硬件层面,该电子设备包括处理器,可选地还包括内部总线、网络接口、存储器。其中,存储器可能包含内存,例如高速随机存取存储器(Random-Access Memory,RAM),也可能还包括非易失性存储器(non-volatile memory),例如至少1个磁盘存储器等。当然,该电子设备还可能包括其他业务所需要的硬件。Fig. 4 is a schematic diagram of the structure of an electronic device according to an embodiment of the specification. Please refer to FIG. 4, at the hardware level, the electronic device includes a processor, and optionally an internal bus, a network interface, and a memory. Among them, the memory may include memory, such as high-speed random access memory (Random-Access Memory, RAM), or may also include non-volatile memory (non-volatile memory), such as at least one disk storage. Of course, the electronic device may also include hardware required by other services.
处理器、网络接口和存储器可以通过内部总线相互连接,该内部总线可以是工业标准体系结构(Industry Standard Architecture,ISA)总线、外设部件互连标准(Peripheral Component Interconnect,PCI)总线或扩展工业标准结构(Extended Industry Standard Architecture,EISA)总线等。总线可以分为地址总线、数据总线、控制总线等。为便于表示,图4中仅用一个双向箭头表示,但并不表示仅有一根总线或一种类型的总线。The processor, network interface, and memory can be connected to each other through an internal bus, which can be an industry standard architecture (ISA) bus, a peripheral component interconnect standard (Peripheral Component Interconnect, PCI) bus, or an extended industry standard Structure (Extended Industry Standard Architecture, EISA) bus, etc. The bus can be divided into address bus, data bus, control bus and so on. For ease of presentation, only one bidirectional arrow is used to indicate in FIG. 4, but it does not mean that there is only one bus or one type of bus.
存储器,用于存放程序。具体地,程序可以包括程序代码,程序代码包括计算机操作指令。存储器可以包括内存和非易失性存储器,并向处理器提供指令和数据。Memory, used to store programs. Specifically, the program may include program code, and the program code includes computer operation instructions. The memory may include memory and non-volatile memory, and provide instructions and data to the processor.
处理器从非易失性存储器中读取对应的计算机程序到内存中然后运行,在逻辑层面上形成访问控制装置。处理器,执行存储器所存放的程序,并具体用于执行以下操作:若接收到商户设备的访问请求,则获取商户设备的设备身份信息,访问请求中携带商户设备对应的用户账户鉴权信息;基于商户设备对应的目标公钥证书和设备身份信息,对商户设备进行设备身份核验;当设备身份核验通过后,基于用户账户鉴权信息对商户设备对应的用户进行用户身份核验;当用户身份核验通过后,验证商户设备是否为可信执行环境;确定商户设备的访问控制策略,并基于访问控制策略访问访问请求对应的目标会员的隐私数据。The processor reads the corresponding computer program from the non-volatile memory to the memory and then runs, forming an access control device on the logical level. The processor executes the program stored in the memory, and is specifically configured to perform the following operations: if an access request of the merchant device is received, the device identity information of the merchant device is obtained, and the access request carries user account authentication information corresponding to the merchant device; Based on the target public key certificate and device identity information corresponding to the merchant device, the device identity verification is performed on the merchant device; when the device identity verification is passed, the user corresponding to the merchant device is verified based on the user account authentication information; when the user identity verification After passing, verify whether the merchant device is a trusted execution environment; determine the access control policy of the merchant device, and access the private data of the target member corresponding to the access request based on the access control policy.
本说明书实施例,提供了一种基于零信任的对隐私数据系统中存储的各会员的隐私数据的访问控制方案,具体在接收到商户设备的访问请求时,需要对商户设备对应的设备身份以及商户设备对应的商户即用户的用户身份进行层层核验,以提高对隐私数据访问的安全性。具体的,首先需要基于商户设备的设备身份信息及其对应且唯一的目标公钥证书对商户设备的设备身份进行首次核验,以确定该商户设备是否为与隐私数据系 统预先关联的商户设备;在首次设备身份核验通过后,基于商户设备对应的用户账户鉴权信息对相应的商户进行用户身份核验,进一步在用户身份核验通过后,还需要对商户设备的设备身份进行二次核验,以确定该商户设备对于该系统的目标会员的隐私数据而言是否为可信执行环境。而在对商户设备进行相应的层层身份核验后,还需进一步依据当前访问的具体情况确定该商户设备对访问请求对应的目标会员的隐私数据的访问控制策略。如此,不仅需要对进行数据访问的商户设备进行基于零信任的层层身份核验,还需要进一步为其匹配具体的访问控制策略,以加强对商户设备访问隐私数据的控制,避免由于一些恶意或不当的操作,造成会员的隐私数据的泄漏,降低隐私数据泄漏的风险,提高数据访问的安全性。The embodiments of this specification provide a zero-trust-based access control solution to the private data of each member stored in the privacy data system. Specifically, when an access request from a merchant device is received, the device identity corresponding to the merchant device and The user identity of the merchant corresponding to the merchant device, that is, the user, is verified layer by layer to improve the security of access to private data. Specifically, it is necessary to first verify the device identity of the merchant device based on the device identity information of the merchant device and its corresponding and unique target public key certificate to determine whether the merchant device is a merchant device pre-associated with the privacy data system; After the first device identity verification is passed, the corresponding merchant's user identity verification is performed based on the user account authentication information corresponding to the merchant device. After the user identity verification is passed, the device identity of the merchant device needs to be verified a second time to determine the Whether the merchant equipment is a trusted execution environment for the private data of the target member of the system. After performing the corresponding layer-by-layer identity verification on the merchant device, it is necessary to further determine the access control policy of the merchant device to the private data of the target member corresponding to the access request based on the specific situation of the current visit. In this way, it is not only necessary to perform zero-trust-based identity verification on merchant devices for data access, but also to further match specific access control policies to strengthen the control of merchant devices’ access to private data and avoid malicious or improper data access. The operation caused the leakage of private data of members, reduces the risk of leakage of private data, and improves the security of data access.
上述如本说明书图1所示实施例揭示的访问控制装置执行的方法可以应用于处理器中,或者由处理器实现。处理器可能是一种集成电路芯片,具有信号的处理能力。在实现过程中,上述方法的各步骤可以通过处理器中的硬件的集成逻辑电路或者软件形式的指令完成。上述的处理器可以是通用处理器,包括中央处理器(Central Processing Unit,CPU)、网络处理器(Network Processor,NP)等;还可以是数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。可以实现或者执行本说明书实施例中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。结合本说明书实施例所公开的方法的步骤可以直接体现为硬件译码处理器执行完成,或者用译码处理器中的硬件及软件模块组合执行完成。软件模块可以位于随机存储器,闪存、只读存储器,可编程只读存储器或者电可擦写可编程存储器、寄存器等本领域成熟的存储介质中。该存储介质位于存储器,处理器读取存储器中的信息,结合其硬件完成上述方法的步骤。The foregoing method executed by the access control apparatus disclosed in the embodiment shown in FIG. 1 of this specification may be applied to or implemented by the processor. The processor may be an integrated circuit chip with signal processing capabilities. In the implementation process, each step of the above method can be completed by an integrated logic circuit of hardware in the processor or instructions in the form of software. The above-mentioned processor may be a general-purpose processor, including a central processing unit (CPU), a network processor (Network Processor, NP), etc.; it may also be a digital signal processor (DSP), a dedicated integrated Circuit (Application Specific Integrated Circuit, ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components. The methods, steps, and logical block diagrams disclosed in the embodiments of this specification can be implemented or executed. The general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like. The steps of the method disclosed in the embodiments of this specification can be directly embodied as being executed and completed by a hardware decoding processor, or executed and completed by a combination of hardware and software modules in the decoding processor. The software module can be located in a mature storage medium in the field, such as random access memory, flash memory, read-only memory, programmable read-only memory, or electrically erasable programmable memory, registers. The storage medium is located in the memory, and the processor reads the information in the memory and completes the steps of the above method in combination with its hardware.
该电子设备还可执行图1中访问控制装置执行的方法,并实现访问控制装置在图1所示实施例的功能,本说明书实施例在此不再赘述。The electronic device can also execute the method executed by the access control device in FIG. 1 and realize the functions of the embodiment of the access control device shown in FIG. 1, which will not be repeated here in the embodiment of this specification.
本说明书实施例还提出了一种计算机可读存储介质,该计算机可读存储介质存储一个或多个程序,该一个或多个程序包括指令,该指令当被包括多个应用程序的电子设备执行时,能够使该电子设备执行图1所示实施例中访问控制装置执行的方法,并具体用于执行:若接收到商户设备的访问请求,则获取商户设备的设备身份信息,访问请求中携带商户设备对应的用户账户鉴权信息;基于商户设备对应的目标公钥证书和设备身份信息,对商户设备进行设备身份核验;当设备身份核验通过后,基于用户账户鉴权信 息对商户设备对应的用户进行用户身份核验;当用户身份核验通过后,验证商户设备是否为可信执行环境;确定商户设备的访问控制策略,并基于访问控制策略访问访问请求对应的目标会员的隐私数据。The embodiment of this specification also proposes a computer-readable storage medium, the computer-readable storage medium stores one or more programs, the one or more programs include instructions, when the instructions are executed by an electronic device that includes multiple application programs When the electronic device is able to execute the method executed by the access control device in the embodiment shown in FIG. 1, and is specifically used to execute: if an access request from a merchant device is received, the device identity information of the merchant device is obtained, and the access request carries The user account authentication information corresponding to the merchant device; based on the target public key certificate and device identity information corresponding to the merchant device, the device identity verification is performed on the merchant device; when the device identity verification is passed, the merchant device corresponding to the merchant device based on the user account authentication information The user conducts user identity verification; after the user identity verification is passed, verify whether the merchant device is a trusted execution environment; determine the access control policy of the merchant device, and access the private data of the target member corresponding to the access request based on the access control policy.
本说明书实施例,提供了一种基于零信任的对隐私数据系统中存储的各会员的隐私数据的访问控制方案,具体在接收到商户设备的访问请求时,需要对商户设备对应的设备身份以及商户设备对应的商户即用户的用户身份进行层层核验,以提高对隐私数据访问的安全性。具体的,首先需要基于商户设备的设备身份信息及其对应且唯一的目标公钥证书对商户设备的设备身份进行首次核验,以确定该商户设备是否为与隐私数据系统预先关联的商户设备;在首次设备身份核验通过后,基于商户设备对应的用户账户鉴权信息对相应的商户进行用户身份核验,进一步在用户身份核验通过后,还需要对商户设备的设备身份进行二次核验,以确定该商户设备对于该系统的目标会员的隐私数据而言是否为可信执行环境。而在对商户设备进行相应的层层身份核验后,还需进一步依据当前访问的具体情况确定该商户设备对访问请求对应的目标会员的隐私数据的访问控制策略。如此,不仅需要对进行数据访问的商户设备进行基于零信任的层层身份核验,还需要进一步为其匹配具体的访问控制策略,以加强对商户设备访问隐私数据的控制,避免由于一些恶意或不当的操作,造成会员的隐私数据的泄漏,降低隐私数据泄漏的风险,提高数据访问的安全性。The embodiments of this specification provide a zero-trust-based access control solution to the private data of each member stored in the privacy data system. Specifically, when an access request from a merchant device is received, the device identity corresponding to the merchant device and The user identity of the merchant corresponding to the merchant device, that is, the user, is verified layer by layer to improve the security of access to private data. Specifically, it is necessary to first verify the device identity of the merchant device based on the device identity information of the merchant device and its corresponding and unique target public key certificate to determine whether the merchant device is a merchant device pre-associated with the privacy data system; After the first device identity verification is passed, the corresponding merchant's user identity verification is performed based on the user account authentication information corresponding to the merchant device. After the user identity verification is passed, the device identity of the merchant device needs to be verified a second time to determine the Whether the merchant equipment is a trusted execution environment for the private data of the target member of the system. After performing the corresponding layer-by-layer identity verification on the merchant device, it is necessary to further determine the access control policy of the merchant device to the private data of the target member corresponding to the access request based on the specific situation of the current visit. In this way, it is not only necessary to perform zero-trust-based identity verification on merchant devices for data access, but also to further match specific access control policies to strengthen the control of merchant devices’ access to private data and avoid malicious or improper The operation caused the leakage of members’ private data, reduced the risk of private data leakage, and improved the security of data access.
本领域内的技术人员应明白,本说明书实施例可提供为方法、系统、或计算机程序产品。因此,本说明书的实施例可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本说明书实施例可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of this specification can be provided as a method, a system, or a computer program product. Therefore, the embodiments of this specification may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, the embodiments of this specification may adopt the form of computer program products implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.
本说明书实施例的技术方案是参照本说明书实施例对应的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The technical solutions of the embodiments of this specification are described with reference to the flowcharts and/or block diagrams of the methods, equipment (systems), and computer program products corresponding to the embodiments of this specification. It should be understood that each process and/or block in the flowchart and/or block diagram, and the combination of processes and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions can be provided to the processor of a general-purpose computer, a special-purpose computer, an embedded processor, or other programmable data processing equipment to generate a machine, so that the instructions executed by the processor of the computer or other programmable data processing equipment are generated It is a device that realizes the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框 或多个方框中指定的功能。These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device. The device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment. The instructions provide steps for implementing the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
在一个典型的配置中,计算设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, the computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。The memory may include non-permanent memory in computer readable media, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology. The information can be computer-readable instructions, data structures, program modules, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, commodity or equipment including a series of elements not only includes those elements, but also includes Other elements that are not explicitly listed, or also include elements inherent to such processes, methods, commodities, or equipment. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, method, commodity, or equipment that includes the element.
以上所述仅为本说明书的实施例而已,并不用于限制本说明书实施例。对于本领域技术人员来说,本说明书实施例可以有各种更改和变化。凡在本说明书实施例的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在本说明书实施例的权利要求范围之内。The above descriptions are only the embodiments of this specification, and are not used to limit the embodiments of this specification. For those skilled in the art, various modifications and changes can be made to the embodiments of this specification. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the embodiment of the specification should be included in the scope of the claims of the embodiment of the specification.

Claims (13)

  1. 一种访问控制方法,所述方法包括:An access control method, the method includes:
    若接收到商户设备的访问请求,则获取所述商户设备的设备身份信息,所述访问请求中携带所述商户设备对应的用户账户鉴权信息;If an access request of the merchant device is received, obtain the device identity information of the merchant device, and the access request carries the user account authentication information corresponding to the merchant device;
    基于所述商户设备对应的目标公钥证书和所述设备身份信息,对所述商户设备进行设备身份核验;Performing device identity verification on the merchant device based on the target public key certificate corresponding to the merchant device and the device identity information;
    当设备身份核验通过后,基于所述用户账户鉴权信息对所述商户设备对应的用户进行用户身份核验;After the device identity verification is passed, perform user identity verification on the user corresponding to the merchant device based on the user account authentication information;
    当用户身份核验通过后,验证所述商户设备是否为可信执行环境;After the user identity verification is passed, verify whether the merchant device is a trusted execution environment;
    确定所述商户设备的访问控制策略,并基于所述访问控制策略访问所述访问请求对应的目标会员的隐私数据。Determine the access control policy of the merchant equipment, and access the private data of the target member corresponding to the access request based on the access control policy.
  2. 根据权利要求1所述的方法,所述访问请求中还携带所述商户设备的设备数字证书以及与所述设备数字证书关联的目标设备数字签名;The method according to claim 1, wherein the access request also carries the device digital certificate of the merchant device and the digital signature of the target device associated with the device digital certificate;
    其中,所述验证所述商户设备是否为可信执行环境,包括:Wherein, the verifying whether the merchant equipment is a trusted execution environment includes:
    获取历史访问设备清单;Obtain a list of historical access devices;
    若所述商户设备未位于所述历史访问设备清单中,则基于所述设备数字证书和所述目标设备数字签名验证所述商户设备是否为可信执行环境。If the merchant's device is not in the list of historically accessed devices, verify whether the merchant's device is a trusted execution environment based on the device digital certificate and the digital signature of the target device.
  3. 根据权利要求2所述的方法,所述基于所述设备数字证书和所述目标设备数字签名验证所述商户设备是否为可信执行环境,包括:The method according to claim 2, wherein the verifying whether the merchant device is a trusted execution environment based on the device digital certificate and the target device digital signature includes:
    获取预先存储的所述设备数字证书对应的历史设备数字签名;Obtaining a digital signature of a historical device corresponding to the device digital certificate stored in advance;
    若所述历史设备数字签名与所述目标设备数字签名相同,则确定所述商户设备为可信执行环境;If the digital signature of the historical device is the same as the digital signature of the target device, determining that the merchant device is a trusted execution environment;
    若所述历史设备数字证书与所述目标设备数字签名不同,则确定所述商户设备为非可信执行环境。If the historical device digital certificate is different from the target device digital signature, it is determined that the merchant device is an untrusted execution environment.
  4. 根据权利要求2所述的方法,所述方法还包括:The method according to claim 2, further comprising:
    将所述商户设备加入所述历史访问设备清单。Adding the merchant equipment to the historical access equipment list.
  5. 根据权利要求1所述的方法,所述验证所述商户设备是否为可信执行环境,包括:The method according to claim 1, wherein the verifying whether the merchant's equipment is a trusted execution environment comprises:
    获取历史访问设备清单;Obtain a list of historical access devices;
    若所述商户设备位于历史访问设备清单中,则获取所述商户设备对应的历史行为标识,并基于所述历史行为标识验证所述商户设备是否为可信执行环境。If the merchant device is in the list of historically accessed devices, obtain the historical behavior identifier corresponding to the merchant device, and verify whether the merchant device is a trusted execution environment based on the historical behavior identifier.
  6. 根据权利要求5所述的方法,所述基于所述历史行为标识验证所述商户设备是否为可信执行环境,包括:The method according to claim 5, wherein said verifying whether said merchant's equipment is a trusted execution environment based on said historical behavior identification comprises:
    若所述历史行为标识指示所述商户设备为历史可信设备,则确定所述商户设备为可信执行环境;If the historical behavior identifier indicates that the merchant device is a historically trusted device, determining that the merchant device is a trusted execution environment;
    若所述历史行为标识指示所述商户设备为历史黑设备,则确定所述商户设备为非可信执行环境。If the historical behavior identifier indicates that the merchant device is a historically black device, it is determined that the merchant device is an untrusted execution environment.
  7. 根据权利要求1~6中任一项所述的方法,所述确定所述商户设备的访问控制策略,包括:The method according to any one of claims 1 to 6, wherein the determining an access control policy of the merchant device includes:
    基于所述访问请求,获取所述目标会员的属性信息以及所述商户设备对应的用户的访问权限信息;Obtaining the attribute information of the target member and the access authority information of the user corresponding to the merchant device based on the access request;
    根据身份核验结果、所述属性信息和所述访问权限信息中的至少一个,确定所述访问控制策略。The access control policy is determined according to at least one of the identity verification result, the attribute information, and the access authority information.
  8. 根据权利要求7所述的方法,所述属性信息包括会员注册信息、会员时限信息、会员等级和会员敏感等级;The method according to claim 7, wherein the attribute information includes member registration information, member time limit information, member level, and member sensitivity level;
    所述访问权限信息包括是否有权限访问所述隐私数据。The access authority information includes whether there is authority to access the private data.
  9. 根据权利要求1所述的方法,所述基于所述商户设备对应的目标公钥证书和所述设备身份信息,对所述商户设备进行设备身份核验,包括:The method according to claim 1, wherein the performing device identity verification on the merchant device based on the target public key certificate corresponding to the merchant device and the device identity information includes:
    基于所述设备身份信息生成所述商户设备的待核验证书;Generating a verification certificate to be verified of the merchant device based on the device identity information;
    若所述待核验证书与所述目标公钥证书相同,则确定设备身份核验通过。If the verification certificate to be verified is the same as the target public key certificate, it is determined that the device identity verification is passed.
  10. 根据权利要求1所述的方法,所述当设备身份核验通过后,基于所述用户账户鉴权信息对所述商户设备对应的用户进行用户身份核验,包括:The method according to claim 1, wherein after the device identity verification is passed, performing user identity verification on the user corresponding to the merchant device based on the user account authentication information includes:
    确定所述用户账户鉴权信息中是否包含目标令牌值;Determining whether the user account authentication information contains the target token value;
    若所述用户账户鉴权信息中包含所述目标令牌值且所述目标令牌值有效,则确定用户身份核验通过;If the user account authentication information includes the target token value and the target token value is valid, it is determined that the user identity verification is passed;
    若所述用户账户鉴权信息中包含所述目标令牌值且所述目标令牌值无效、或者若所述用户账户鉴权信息中未包含所述目标令牌值,则基于所述用户账户鉴权信息中包含的账户和密钥对所述商户设备对应的用户进行用户身份核验。If the user account authentication information includes the target token value and the target token value is invalid, or if the user account authentication information does not include the target token value, then based on the user account The account and key included in the authentication information perform user identity verification on the user corresponding to the merchant device.
  11. 一种访问控制装置,所述装置包括:An access control device, the device includes:
    获取模块,用于若接收到商户设备的访问请求,则获取所述商户设备的设备身份信息,所述访问请求中携带所述商户设备对应的用户账户鉴权信息;The obtaining module is configured to obtain the device identity information of the merchant device if an access request of the merchant device is received, and the access request carries the user account authentication information corresponding to the merchant device;
    第一验证模块,用于基于所述商户设备对应的目标公钥证书和所述设备身份信息,对所述商户设备进行设备身份核验;The first verification module is configured to perform device identity verification on the merchant device based on the target public key certificate corresponding to the merchant device and the device identity information;
    第二验证模块,用于当设备身份核验通过后,基于所述用户账户鉴权信息对所述商户设备对应的用户进行用户身份核验;The second verification module is configured to perform user identity verification on the user corresponding to the merchant device based on the user account authentication information after the device identity verification is passed;
    第三验证模块,用于当用户身份核验通过后,验证所述商户设备是否为可信执行环 境;The third verification module is used to verify whether the merchant device is a trusted execution environment after the user identity verification is passed;
    控制模块,用于确定所述商户设备的访问控制策略,并基于所述访问控制策略访问所述访问请求对应的目标会员的隐私数据。The control module is used to determine the access control policy of the merchant equipment, and access the private data of the target member corresponding to the access request based on the access control policy.
  12. 一种电子设备,包括:An electronic device including:
    处理器;以及Processor; and
    被安排成存储计算机可执行指令的存储器,所述可执行指令在被执行时使所述处理器执行以下操作:A memory arranged to store computer-executable instructions that, when executed, cause the processor to perform the following operations:
    若接收到商户设备的访问请求,则获取所述商户设备的设备身份信息,所述访问请求中携带所述商户设备对应的用户账户鉴权信息;If an access request of the merchant device is received, obtain the device identity information of the merchant device, and the access request carries the user account authentication information corresponding to the merchant device;
    基于所述商户设备对应的目标公钥证书和所述设备身份信息,对所述商户设备进行设备身份核验;Performing device identity verification on the merchant device based on the target public key certificate corresponding to the merchant device and the device identity information;
    当设备身份核验通过后,基于所述用户账户鉴权信息对所述商户设备对应的用户进行用户身份核验;After the device identity verification is passed, perform user identity verification on the user corresponding to the merchant device based on the user account authentication information;
    当用户身份核验通过后,验证所述商户设备是否为可信执行环境;After the user identity verification is passed, verify whether the merchant device is a trusted execution environment;
    确定所述商户设备的访问控制策略,并基于所述访问控制策略访问所述访问请求对应的目标会员的隐私数据。Determine the access control policy of the merchant equipment, and access the private data of the target member corresponding to the access request based on the access control policy.
  13. 一种计算机可读存储介质,所述计算机可读存储介质存储一个或多个程序,所述一个或多个程序当被包括多个应用程序的电子设备执行时,使得所述电子设备执行以下操作:A computer-readable storage medium that stores one or more programs that, when executed by an electronic device including multiple application programs, cause the electronic device to perform the following operations :
    若接收到商户设备的访问请求,则获取所述商户设备的设备身份信息,所述访问请求中携带所述商户设备对应的用户账户鉴权信息;If an access request of the merchant device is received, obtain the device identity information of the merchant device, and the access request carries the user account authentication information corresponding to the merchant device;
    基于所述商户设备对应的目标公钥证书和所述设备身份信息,对所述商户设备进行设备身份核验;Performing device identity verification on the merchant device based on the target public key certificate corresponding to the merchant device and the device identity information;
    当设备身份核验通过后,基于所述用户账户鉴权信息对所述商户设备对应的用户进行用户身份核验;After the device identity verification is passed, perform user identity verification on the user corresponding to the merchant device based on the user account authentication information;
    当用户身份核验通过后,验证所述商户设备是否为可信执行环境;After the user identity verification is passed, verify whether the merchant device is a trusted execution environment;
    确定所述商户设备的访问控制策略,并基于所述访问控制策略访问所述访问请求对应的目标会员的隐私数据。Determine the access control policy of the merchant equipment, and access the private data of the target member corresponding to the access request based on the access control policy.
PCT/CN2020/124392 2019-12-13 2020-10-28 Access control method and access control apparatus WO2021114925A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201911281808.0 2019-12-13
CN201911281808.0A CN111143793B (en) 2019-12-13 2019-12-13 Access control method and access control device

Publications (1)

Publication Number Publication Date
WO2021114925A1 true WO2021114925A1 (en) 2021-06-17

Family

ID=70518217

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/124392 WO2021114925A1 (en) 2019-12-13 2020-10-28 Access control method and access control apparatus

Country Status (3)

Country Link
CN (1) CN111143793B (en)
TW (1) TWI762926B (en)
WO (1) WO2021114925A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113505389A (en) * 2021-07-05 2021-10-15 北京明略软件系统有限公司 Data authority management method, electronic device, server and readable storage medium
CN115913696A (en) * 2022-11-10 2023-04-04 国网四川省电力公司电力科学研究院 Virtual network zero trust access control method, device, equipment and medium
CN116208426A (en) * 2023-04-26 2023-06-02 浙江达古科技有限公司 Data hierarchical authorization query control system and method
CN116488820A (en) * 2022-09-07 2023-07-25 厦门市兴百邦科技有限公司 Electronic data security method based on data acquisition analysis
CN117202193A (en) * 2023-11-08 2023-12-08 中国电子科技集团公司第三十研究所 Communication module safety protection method and assembly based on host terminal connection authentication
US12003512B2 (en) 2021-10-21 2024-06-04 Cisco Technology, Inc. Limiting discovery of a protected resource in a zero trust access model

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111143793B (en) * 2019-12-13 2021-05-28 支付宝(杭州)信息技术有限公司 Access control method and access control device
CN111737717B (en) * 2020-06-28 2024-04-09 深信服科技股份有限公司 Authority management and control method, system, equipment and computer readable storage medium
CN112165461A (en) * 2020-09-10 2021-01-01 杭州安恒信息技术股份有限公司 Zero-trust dynamic authorization method and device and computer equipment
CN112100675B (en) * 2020-11-05 2021-02-12 南京云信达科技有限公司 Zero-trust data storage access method and system
CN114598489B (en) * 2020-11-20 2023-07-11 华为技术有限公司 Method and related device for determining trust terminal
EP4242886A1 (en) * 2020-11-20 2023-09-13 Huawei Technologies Co., Ltd. Trusted terminal determination method and related device
CN112738047B (en) * 2020-12-24 2023-08-25 贝壳技术有限公司 Access control method of service system and zero trust system
CN114615030B (en) * 2022-02-27 2023-09-19 江苏欧软信息科技有限公司 Identity authentication method and system based on industrial Internet platform
CN115964687A (en) * 2022-12-14 2023-04-14 武汉卓讯互动信息科技有限公司 Block chain-based enterprise unified account authentication method and platform
CN117278329B (en) * 2023-11-21 2024-01-16 大连凌一科技发展有限公司 Application resource dynamic control access method based on zero trust gateway

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106778342A (en) * 2016-12-09 2017-05-31 北京洋浦伟业科技发展有限公司 Credible performing environment safety certifying method and device and equipment
CN110417776A (en) * 2019-07-29 2019-11-05 大唐高鸿信安(浙江)信息科技有限公司 A kind of identity identifying method and device
CN110445769A (en) * 2019-07-18 2019-11-12 阿里巴巴集团控股有限公司 The access method and device of operation system
CN111143793A (en) * 2019-12-13 2020-05-12 支付宝(杭州)信息技术有限公司 Access control method and access control device

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6006533B2 (en) * 2012-05-25 2016-10-12 キヤノン株式会社 Authorization server and client device, server linkage system, and token management method
CN104376237B (en) * 2013-08-13 2017-09-26 中国科学院沈阳自动化研究所 A kind of method of controlling security and system for being directed to information in production process
CN104834839B (en) * 2014-02-11 2019-08-23 阿里巴巴集团控股有限公司 A kind of code generating method, method for authenticating and associated terminal based on bar code
JP2016220174A (en) * 2015-05-26 2016-12-22 株式会社東芝 Home appliance control method and home appliance controller
CN105939484B (en) * 2016-06-14 2019-02-26 深圳创维数字技术有限公司 A kind of the encryption playback method and its system of audio-video
CN107508804A (en) * 2017-08-10 2017-12-22 山东渔翁信息技术股份有限公司 The method, device and mobile terminal of key and certificate in a kind of protection mobile terminal
CN109063438A (en) * 2018-08-06 2018-12-21 中钞信用卡产业发展有限公司杭州区块链技术研究院 A kind of data access method, device, local data secure access equipment and terminal
CN110138726B (en) * 2019-03-27 2021-11-12 珍岛信息技术(上海)股份有限公司 Method and system for intelligently and optimally managing cloud information

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106778342A (en) * 2016-12-09 2017-05-31 北京洋浦伟业科技发展有限公司 Credible performing environment safety certifying method and device and equipment
CN110445769A (en) * 2019-07-18 2019-11-12 阿里巴巴集团控股有限公司 The access method and device of operation system
CN110417776A (en) * 2019-07-29 2019-11-05 大唐高鸿信安(浙江)信息科技有限公司 A kind of identity identifying method and device
CN111143793A (en) * 2019-12-13 2020-05-12 支付宝(杭州)信息技术有限公司 Access control method and access control device

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113505389A (en) * 2021-07-05 2021-10-15 北京明略软件系统有限公司 Data authority management method, electronic device, server and readable storage medium
US12003512B2 (en) 2021-10-21 2024-06-04 Cisco Technology, Inc. Limiting discovery of a protected resource in a zero trust access model
CN116488820A (en) * 2022-09-07 2023-07-25 厦门市兴百邦科技有限公司 Electronic data security method based on data acquisition analysis
CN116488820B (en) * 2022-09-07 2024-01-30 厦门市兴百邦科技有限公司 Electronic data security method based on data acquisition analysis
CN115913696A (en) * 2022-11-10 2023-04-04 国网四川省电力公司电力科学研究院 Virtual network zero trust access control method, device, equipment and medium
CN115913696B (en) * 2022-11-10 2024-04-26 国网四川省电力公司电力科学研究院 Virtual network zero trust access control method, device, equipment and medium
CN116208426A (en) * 2023-04-26 2023-06-02 浙江达古科技有限公司 Data hierarchical authorization query control system and method
CN117202193A (en) * 2023-11-08 2023-12-08 中国电子科技集团公司第三十研究所 Communication module safety protection method and assembly based on host terminal connection authentication
CN117202193B (en) * 2023-11-08 2024-01-05 中国电子科技集团公司第三十研究所 Communication module safety protection method and assembly based on host terminal connection authentication

Also Published As

Publication number Publication date
CN111143793A (en) 2020-05-12
CN111143793B (en) 2021-05-28
TW202123036A (en) 2021-06-16
TWI762926B (en) 2022-05-01

Similar Documents

Publication Publication Date Title
WO2021114925A1 (en) Access control method and access control apparatus
KR102281558B1 (en) Consensus verification method and device
US9166966B2 (en) Apparatus and method for handling transaction tokens
US9639678B2 (en) Identity risk score generation and implementation
US8171287B2 (en) Access control system for information services based on a hardware and software signature of a requesting device
US8572689B2 (en) Apparatus and method for making access decision using exceptions
KR102037160B1 (en) Data security operations with expectations
JP6574168B2 (en) Terminal identification method, and method, system, and apparatus for registering machine identification code
US8572686B2 (en) Method and apparatus for object transaction session validation
US8572714B2 (en) Apparatus and method for determining subject assurance level
US8752123B2 (en) Apparatus and method for performing data tokenization
US8752124B2 (en) Apparatus and method for performing real-time authentication using subject token combinations
US8806602B2 (en) Apparatus and method for performing end-to-end encryption
US8752157B2 (en) Method and apparatus for third party session validation
US8726341B2 (en) Apparatus and method for determining resource trust levels
US8572690B2 (en) Apparatus and method for performing session validation to access confidential resources
US20230042508A1 (en) Securely communicating service status in a distributed network environment
US8572724B2 (en) Method and apparatus for network session validation
US8584202B2 (en) Apparatus and method for determining environment integrity levels
US8572688B2 (en) Method and apparatus for session validation to access third party resources
US8584201B2 (en) Method and apparatus for session validation to access from uncontrolled devices
US9159065B2 (en) Method and apparatus for object security session validation
CN114978677A (en) Asset access control method, device, electronic equipment and computer readable medium
US8726340B2 (en) Apparatus and method for expert decisioning
US8601541B2 (en) Method and apparatus for session validation to access mainframe resources

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20900291

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20900291

Country of ref document: EP

Kind code of ref document: A1