CN112800413A - Authority information pushing method, device, equipment and storage medium - Google Patents
Authority information pushing method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN112800413A CN112800413A CN202110220589.6A CN202110220589A CN112800413A CN 112800413 A CN112800413 A CN 112800413A CN 202110220589 A CN202110220589 A CN 202110220589A CN 112800413 A CN112800413 A CN 112800413A
- Authority
- CN
- China
- Prior art keywords
- information
- target
- abac
- authorization center
- receiving interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
- 
        - G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
 
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method, a device, equipment and a storage medium for pushing authority information. The method comprises the following steps: the ABAC authorization center receives abnormal information sent by a terminal and generates target release information according to the abnormal information; the ABAC authorization center determines a target receiving interface according to the target release information; the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface so as to enable the protected resource to be changed according to the target authority information.
    Description
Technical Field
      The embodiment of the invention relates to the technical field of computers, in particular to a method, a device, equipment and a storage medium for pushing authority information.
    Background
      The ABAC (Attribute Base Access Control) is different from a common way of associating a user with a right in some way, and performs authorization judgment by dynamically calculating one or a group of attributes to judge whether a certain condition is met (simple logic can be written).
      Attributes are generally divided into four categories: user attributes (e.g., user age, user address), environment attributes (e.g., current time), operation attributes (add, delete, change, search), object attributes (e.g., an article, also called resource attributes).
      The mode of the ABAC authority center mainly takes the protected resource to actively request the dynamic authority information, so that if the terminal is abnormal and is not operated after service access, the protected resource cannot be timely notified after ABAC dynamic decision, and the service security risk that the terminal risk is increased and the access authority of the protected resource is not changed exists.
    Disclosure of Invention
      The embodiment of the invention provides a method, a device, equipment and a storage medium for pushing authority information, which are used for realizing that an ABAC authority center actively informs protected resources under the condition of terminal abnormity.
      In a first aspect, an embodiment of the present invention provides a method for pushing permission information, including:
      the ABAC authorization center receives abnormal information sent by a terminal and generates target release information according to the abnormal information;
      the ABAC authorization center determines a target receiving interface according to the target release information;
      and the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface, so that the protected resource is changed according to the target authority information.
      Further, the ABAC authorization center determines a target receiving interface according to the target publishing information, including:
      the ABAC authorization center acquires the information type carried by the target release information;
      and the ABAC authorization center determines a target receiving interface according to the information type.
      Further, the ABAC authorization center determines a target receiving interface according to the target publishing information, including:
      after the self-checking of the ABAC authorization center is finished, judging whether the information publishing interface is subscribed or not;
      if the information publishing interface is subscribed, judging whether information is published;
      and if the target release information is detected, determining a target receiving interface according to the target release information.
      Further, the method also comprises the following steps:
      and if the information publishing interface is not subscribed, subscribing the information publishing interface.
      Further, if the information publishing interface has subscribed, determining whether there is information publishing, further comprising:
      if the release information is not detected, judging whether the receiving interface is subscribed or not;
      if the receiving interface is not subscribed, returning to execute and judging whether the information publishing interface is subscribed or not.
      In a second aspect, an embodiment of the present invention further provides an authority information pushing device, which is disposed in an ABAC authorization center, and includes:
      the receiving module is used for receiving the abnormal information sent by the terminal and generating target release information according to the abnormal information;
      the determining module is used for determining a target receiving interface according to the target issuing information;
      and the sending module is used for sending the target authority information carried by the target release information to the protected resource through the target receiving interface so as to enable the protected resource to be changed according to the target authority information.
      Further, the determining module is specifically configured to:
      the ABAC authorization center acquires the information type carried by the target release information;
      and the ABAC authorization center determines a target receiving interface according to the information type.
      Further, the determining module is specifically configured to:
      after the self-checking of the ABAC authorization center is finished, judging whether the information publishing interface is subscribed or not;
      if the information publishing interface is subscribed, judging whether information is published;
      and if the target release information is detected, determining a target receiving interface according to the target release information.
      In a third aspect, an embodiment of the present invention further provides a computer device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor, when executing the program, implements the rights information pushing method according to any one of the embodiments of the present invention.
      In a fourth aspect, the embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the rights information pushing method according to any of the embodiments of the present invention.
      The embodiment of the invention receives abnormal information sent by a terminal through an ABAC authorization center, and generates target release information according to the abnormal information; the ABAC authorization center determines a target receiving interface according to the target release information; and the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface, so that the protected resource is changed according to the target authority information, and the ABAC authorization center actively informs the protected resource under the condition that the terminal is abnormal.
    Drawings
      In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
      Fig. 1 is a flowchart of a method for pushing permission information according to a first embodiment of the present invention;
      fig. 1a is a schematic flow chart of a method for pushing permission information according to a first embodiment of the present invention;
      fig. 2 is a schematic structural diagram of a rights information pushing apparatus according to a second embodiment of the present invention;
      fig. 3 is a schematic structural diagram of a computer device in a third embodiment of the present invention.
    Detailed Description
      The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
      It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present invention, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
      Example one
      Fig. 1 is a flowchart of a method for pushing permission information according to an embodiment of the present invention, where the present embodiment is applicable to a situation of permission information pushing, and the method may be executed by a permission information pushing device according to an embodiment of the present invention, where the device may be implemented in a software and/or hardware manner, as shown in fig. 1, the method specifically includes the following steps:
      and S110, the ABAC authorization center receives the abnormal information sent by the terminal and generates target release information according to the abnormal information.
      The abnormal information may be sent in a form of a message, and may also be sent in other forms, which is not limited in this embodiment of the present invention.
      Wherein the target release information includes: information type and target rights information.
      S120, the ABAC authorization center determines a target receiving interface according to the target release information.
      The determining mode of the target receiving interface can be that the information type is determined according to the target release information, and then the target receiving interface is determined according to the information type; the determining method of the target receiving interface may also be to directly determine the target receiving interface according to the target publishing information, which is not limited in this embodiment of the present invention.
      S130, the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface, so that the protected resource is changed according to the target authority information.
      The protected resource may be an application, an operating system, or a network device, which is not limited in this embodiment of the present invention.
      The protected resource may be changed according to the target permission information in a manner that: after the protected resource receives the target authority information, original authority information is obtained, if the original authority information is different from the target authority information, the original authority information is replaced by the target authority information, if the original authority information is the same as the target authority information, no change is carried out, the original authority information is exploded and is not changed, and the mode that the protected resource is changed according to the target authority information can also be that: the protected resource directly completes the change of the authority information according to the target authority information, which is not limited in the embodiment of the invention.
      Optionally, the determining, by the ABAC authorization center, a target receiving interface according to the target publishing information includes:
      the ABAC authorization center acquires the information type carried by the target release information;
      and the ABAC authorization center determines a target receiving interface according to the information type.
      Optionally, the determining, by the ABAC authorization center, a target receiving interface according to the target publishing information includes:
      after the self-checking of the ABAC authorization center is finished, judging whether the information publishing interface is subscribed or not;
      if the information publishing interface is subscribed, judging whether information is published;
      and if the target release information is detected, determining a target receiving interface according to the target release information.
      Optionally, the method further includes:
      and if the information publishing interface is not subscribed, subscribing the information publishing interface.
      Optionally, if the information publishing interface has subscribed, determining whether there is information publishing, further including:
      if the release information is not detected, judging whether the receiving interface is subscribed or not;
      if the receiving interface is not subscribed, returning to execute and judging whether the information publishing interface is subscribed or not.
      In a specific example, the embodiment of the present invention provides an interface agent mode, which is initiated by an ABAC authorization center, and through subscribing an interface agent, a corresponding resource receives a notification of subscription information, so as to obtain a change of rights information, and avoid service sensitive information leakage and service rights safety problems caused by that a protected resource cannot acquire a change of rights information in time due to an abnormality of a network environment and a terminal.
      As shown in fig. 1a, the method comprises the following steps: (1) checking the information of the ABAC authorization center, (2) automatically subscribing an information publishing interface, (3) accepting the subscription of a receiving interface, (4) subscribing the receiving interface for the protected resource, (5) publishing the information by the ABAC authorization center, (6) verifying and matching the receiving interface, (7) pushing the authorization information, and (8) finishing the authorization information change of the protected resource.
      According to the technical scheme of the embodiment, abnormal information sent by a terminal is received through an ABAC authorization center, and target release information is generated according to the abnormal information; the ABAC authorization center determines a target receiving interface according to the target release information; and the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface, so that the protected resource is changed according to the target authority information, and the ABAC authorization center actively informs the protected resource under the condition that the terminal is abnormal.
      Example two
      Fig. 2 is a schematic structural diagram of an authority information pushing apparatus according to a second embodiment of the present invention. The present embodiment may be applicable to the case of pushing permission information, where the apparatus may be implemented in a software and/or hardware manner, and the apparatus may be integrated in any device providing a permission information pushing function, as shown in fig. 2, where the permission information pushing apparatus specifically includes: a receiving module  210, a determining module  220, and a sending module  230.
      The receiving module  210 is configured to receive abnormal information sent by a terminal, and generate target release information according to the abnormal information;
      a determining module  220, configured to determine a target receiving interface according to the target publishing information;
      a sending module  230, configured to send the target permission information carried by the target release information to the protected resource through the target receiving interface, so that the protected resource is changed according to the target permission information.
      Optionally, the determining module is specifically configured to:
      the ABAC authorization center acquires the information type carried by the target release information;
      and the ABAC authorization center determines a target receiving interface according to the information type.
      Optionally, the determining module is specifically configured to:
      after the self-checking of the ABAC authorization center is finished, judging whether the information publishing interface is subscribed or not;
      if the information publishing interface is subscribed, judging whether information is published;
      and if the target release information is detected, determining a target receiving interface according to the target release information.
      The product can execute the method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
      According to the technical scheme of the embodiment, abnormal information sent by a terminal is received through an ABAC authorization center, and target release information is generated according to the abnormal information; the ABAC authorization center determines a target receiving interface according to the target release information; and the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface, so that the protected resource is changed according to the target authority information, and the ABAC authorization center actively informs the protected resource under the condition that the terminal is abnormal.
      EXAMPLE III
      Fig. 3 is a schematic structural diagram of a computer device in a third embodiment of the present invention. FIG. 3 illustrates a block diagram of an exemplary computer device  12 suitable for use in implementing embodiments of the present invention. The computer device  12 shown in FIG. 3 is only an example and should not impose any limitation on the scope of use or functionality of embodiments of the present invention.
      As shown in FIG. 3, computer device  12 is in the form of a general purpose computing device. The components of computer device  12 may include, but are not limited to: one or more processors or processing units  16, a system memory  28, and a bus  18 that couples various system components including the system memory  28 and the processing unit  16.
      The system Memory  28 may include computer system readable media in the form of volatile Memory, such as Random Access Memory (RAM) 30 and/or cache Memory  32. Computer device  12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system  34 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 3, and commonly referred to as a "hard drive"). Although not shown in FIG. 3, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (a Compact disk-Read Only Memory (CD-ROM)), Digital Video disk (DVD-ROM), or other optical media may be provided. In these cases, each drive may be connected to bus  18 by one or more data media interfaces. Memory  28 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
      A program/utility  40 having a set (at least one) of program modules  42 may be stored, for example, in memory  28, such program modules  42 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules  42 generally carry out the functions and/or methodologies of the described embodiments of the invention.
      The processing unit  16 executes various functional applications and data processing by running programs stored in the system memory  28, for example, implementing the rights information pushing method provided by the embodiment of the present invention:
      the ABAC authorization center receives abnormal information sent by a terminal and generates target release information according to the abnormal information;
      the ABAC authorization center determines a target receiving interface according to the target release information;
      and the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface, so that the protected resource is changed according to the target authority information.
      Example four
      A fourth embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the method for pushing authority information, provided in all embodiments of the present invention:
      the ABAC authorization center receives abnormal information sent by a terminal and generates target release information according to the abnormal information;
      the ABAC authorization center determines a target receiving interface according to the target release information;
      and the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface, so that the protected resource is changed according to the target authority information.
      Any combination of one or more computer-readable media may be employed. The computer readable medium may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
      A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
      Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
      In some embodiments, the clients, servers may communicate using any currently known or future developed network Protocol, such as HTTP (Hyper Text Transfer Protocol), and may interconnect with any form or medium of digital data communication (e.g., a communications network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the Internet (e.g., the Internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed network.
      The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device.
      Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, or the like, as well as conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
      The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
      The units described in the embodiments of the present disclosure may be implemented by software or hardware. Where the name of an element does not in some cases constitute a limitation on the element itself.
      The functions described herein above may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), systems on a chip (SOCs), Complex Programmable Logic Devices (CPLDs), and the like.
      In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
      It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
    Claims (10)
1. A method for pushing authority information is characterized by comprising the following steps:
      the ABAC authorization center receives abnormal information sent by a terminal and generates target release information according to the abnormal information;
      the ABAC authorization center determines a target receiving interface according to the target release information;
      and the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface, so that the protected resource is changed according to the target authority information.
    2. The method of claim 1, wherein the ABAC authority determines a target receiving interface based on the target publication information, comprising:
      the ABAC authorization center acquires the information type carried by the target release information;
      and the ABAC authorization center determines a target receiving interface according to the information type.
    3. The method of claim 1, wherein the ABAC authority determines a target receiving interface based on the target publication information, comprising:
      after the self-checking of the ABAC authorization center is finished, judging whether the information publishing interface is subscribed or not;
      if the information publishing interface is subscribed, judging whether information is published;
      and if the target release information is detected, determining a target receiving interface according to the target release information.
    4. The method of claim 3, further comprising:
      and if the information publishing interface is not subscribed, subscribing the information publishing interface.
    5. The method of claim 3, wherein if the information publishing interface has subscribed, determining whether there is information publishing followed by further comprising:
      if the release information is not detected, judging whether the receiving interface is subscribed or not;
      if the receiving interface is not subscribed, returning to execute and judging whether the information publishing interface is subscribed or not.
    6. An authority information pushing device, which is arranged in an ABAC authorization center, the authority information pushing device comprises:
      the receiving module is used for receiving the abnormal information sent by the terminal and generating target release information according to the abnormal information;
      the determining module is used for determining a target receiving interface according to the target issuing information;
      and the sending module is used for sending the target authority information carried by the target release information to the protected resource through the target receiving interface so as to enable the protected resource to be changed according to the target authority information.
    7. The apparatus of claim 6, wherein the determining module is specifically configured to:
      the ABAC authorization center acquires the information type carried by the target release information;
      and the ABAC authorization center determines a target receiving interface according to the information type.
    8. The apparatus of claim 6, wherein the determining module is specifically configured to:
      after the self-checking of the ABAC authorization center is finished, judging whether the information publishing interface is subscribed or not;
      if the information publishing interface is subscribed, judging whether information is published;
      and if the target release information is detected, determining a target receiving interface according to the target release information.
    9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method according to any of claims 1-5 when executing the program.
    10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-5.
    Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title | 
|---|---|---|---|
| CN202110220589.6A CN112800413B (en) | 2021-02-26 | 2021-02-26 | Authority information pushing method, device, equipment and storage medium | 
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title | 
|---|---|---|---|
| CN202110220589.6A CN112800413B (en) | 2021-02-26 | 2021-02-26 | Authority information pushing method, device, equipment and storage medium | 
Publications (2)
| Publication Number | Publication Date | 
|---|---|
| CN112800413A true CN112800413A (en) | 2021-05-14 | 
| CN112800413B CN112800413B (en) | 2024-03-15 | 
Family
ID=75816060
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date | 
|---|---|---|---|
| CN202110220589.6A Active CN112800413B (en) | 2021-02-26 | 2021-02-26 | Authority information pushing method, device, equipment and storage medium | 
Country Status (1)
| Country | Link | 
|---|---|
| CN (1) | CN112800413B (en) | 
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| US20150082377A1 (en) * | 2013-09-17 | 2015-03-19 | International Business Machines Corporation | Generation of attribute based access control policy from existing authorization system | 
| CN106170772A (en) * | 2014-10-21 | 2016-11-30 | 铁网网络安全股份有限公司 | Network safety system | 
| CN106789996A (en) * | 2016-12-12 | 2017-05-31 | 墨宝股份有限公司 | A kind of smart power grid user access mandate control method | 
| CN108537011A (en) * | 2018-03-16 | 2018-09-14 | 维沃移动通信有限公司 | A kind of application permission processing method, terminal and server | 
| CN108829781A (en) * | 2018-05-31 | 2018-11-16 | 中国平安人寿保险股份有限公司 | Client information inquiry method, device, computer equipment and storage medium | 
| KR102024142B1 (en) * | 2018-06-21 | 2019-09-23 | 주식회사 넷앤드 | A access control system for detecting and controlling abnormal users by users’ pattern of server access | 
| CN110647418A (en) * | 2019-09-12 | 2020-01-03 | 努比亚技术有限公司 | Exception handling method, server and mobile terminal | 
| CN111064718A (en) * | 2019-12-09 | 2020-04-24 | 国网河北省电力有限公司信息通信分公司 | A dynamic authorization method and system based on user context and policy | 
| CN111079104A (en) * | 2019-11-21 | 2020-04-28 | 腾讯科技(深圳)有限公司 | Authority control method, device, equipment and storage medium | 
| CN111798580A (en) * | 2019-04-08 | 2020-10-20 | 珠海格力电器股份有限公司 | Authority configuration method, device, system, server, terminal and storage medium | 
| CN111832879A (en) * | 2020-04-15 | 2020-10-27 | 中国人民解放军军事科学院战争研究院 | Information resource sharing and authorization method of open enterprise-level information system | 
| CN111935131A (en) * | 2020-08-06 | 2020-11-13 | 中国工程物理研究院计算机应用研究所 | SaaS resource access control method based on resource authority tree | 
| CN111967046A (en) * | 2020-08-17 | 2020-11-20 | 中国人民解放军战略支援部队信息工程大学 | Self-adaptive access control method for big data resources | 
| US20200396222A1 (en) * | 2019-06-12 | 2020-12-17 | International Business Machines Corporation | Policy-based triggering of revision of access control information | 
- 
        2021
        - 2021-02-26 CN CN202110220589.6A patent/CN112800413B/en active Active
 
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| US20150082377A1 (en) * | 2013-09-17 | 2015-03-19 | International Business Machines Corporation | Generation of attribute based access control policy from existing authorization system | 
| CN106170772A (en) * | 2014-10-21 | 2016-11-30 | 铁网网络安全股份有限公司 | Network safety system | 
| CN106789996A (en) * | 2016-12-12 | 2017-05-31 | 墨宝股份有限公司 | A kind of smart power grid user access mandate control method | 
| CN108537011A (en) * | 2018-03-16 | 2018-09-14 | 维沃移动通信有限公司 | A kind of application permission processing method, terminal and server | 
| CN108829781A (en) * | 2018-05-31 | 2018-11-16 | 中国平安人寿保险股份有限公司 | Client information inquiry method, device, computer equipment and storage medium | 
| KR102024142B1 (en) * | 2018-06-21 | 2019-09-23 | 주식회사 넷앤드 | A access control system for detecting and controlling abnormal users by users’ pattern of server access | 
| CN111798580A (en) * | 2019-04-08 | 2020-10-20 | 珠海格力电器股份有限公司 | Authority configuration method, device, system, server, terminal and storage medium | 
| US20200396222A1 (en) * | 2019-06-12 | 2020-12-17 | International Business Machines Corporation | Policy-based triggering of revision of access control information | 
| CN110647418A (en) * | 2019-09-12 | 2020-01-03 | 努比亚技术有限公司 | Exception handling method, server and mobile terminal | 
| CN111079104A (en) * | 2019-11-21 | 2020-04-28 | 腾讯科技(深圳)有限公司 | Authority control method, device, equipment and storage medium | 
| CN111064718A (en) * | 2019-12-09 | 2020-04-24 | 国网河北省电力有限公司信息通信分公司 | A dynamic authorization method and system based on user context and policy | 
| CN111832879A (en) * | 2020-04-15 | 2020-10-27 | 中国人民解放军军事科学院战争研究院 | Information resource sharing and authorization method of open enterprise-level information system | 
| CN111935131A (en) * | 2020-08-06 | 2020-11-13 | 中国工程物理研究院计算机应用研究所 | SaaS resource access control method based on resource authority tree | 
| CN111967046A (en) * | 2020-08-17 | 2020-11-20 | 中国人民解放军战略支援部队信息工程大学 | Self-adaptive access control method for big data resources | 
Non-Patent Citations (7)
| Title | 
|---|
| MINE BLOG: "浅聊权限模型", Retrieved from the Internet <URL:https://blog.wongwongsu.com/p/permission-model/> * | 
| YUCHEN_HAARP: "ABAC - 基于属性的访问控制 - 复杂场景下访问控制解决之道", Retrieved from the Internet <URL:https://blog.csdn.net/XiaoBeiTu/article/details/100773968> * | 
| 吴良华: "多传感器图像融合算法研究", 《中国优秀硕士学位论文全文数据库》, pages 138 - 755 * | 
| 张毅等: "基于用户属性的终端安全防护系统研究与实现", 《科学技术与工程》, vol. 9, no. 18, pages 5570 - 5575 * | 
| 杨壮观: "基于安全接入的移动IT应急处置系统设计与实现", 《中国优秀硕士学位论文全文数据库》, pages 042 - 2812 * | 
| 杨阳: "危机事件下基于本体的自适应访问控制模型研究", 《中国优秀硕士学位论文全文数据库》, pages 140 - 850 * | 
| 苏铓等: "基于代理重加密的物联网云节点授权可信更新机制", 《计算机研究与发展》, vol. 55, no. 07, pages 1479 - 1487 * | 
Also Published As
| Publication number | Publication date | 
|---|---|
| CN112800413B (en) | 2024-03-15 | 
Similar Documents
| Publication | Publication Date | Title | 
|---|---|---|
| US10693972B2 (en) | Secure cross-domain session storage | |
| CN112055064B (en) | Data synchronization method, device, equipment and storage medium | |
| US8966247B2 (en) | Managing security certificates of storage devices | |
| US20200257576A1 (en) | Verifying transfer of detected sensitive data | |
| CN110287146B (en) | Method, device and computer storage medium for application download | |
| WO2024001038A1 (en) | Method for detecting private data leak | |
| US11570169B2 (en) | Multi-factor authentication via multiple devices | |
| CN110704833A (en) | Data permission configuration method, device, electronic device and storage medium | |
| CN110620806B (en) | Information generation method and device | |
| CN108388512A (en) | Data processing method and server | |
| CN111586177B (en) | Cluster session loss prevention method and system | |
| US9294372B2 (en) | Status determination in computer network-based communications system | |
| US10289864B2 (en) | Security tool to prevent sensitive data leakage | |
| CN115470432A (en) | Page rendering method and device, electronic equipment and computer readable medium | |
| CN112364268A (en) | Resource acquisition method and device, electronic equipment and storage medium | |
| CN113760503A (en) | Task migration method, apparatus, electronic device, and computer-readable medium | |
| CN112800413B (en) | Authority information pushing method, device, equipment and storage medium | |
| US20120246188A1 (en) | Automatic contact list aliasing in a collaboration system | |
| US11768902B2 (en) | System and method for providing content to a user | |
| CN111460020B (en) | Method, device, electronic equipment and medium for resolving message | |
| CN109189332A (en) | A kind of disk hanging method, device, server and storage medium | |
| CN109462604B (en) | Data transmission method, device, equipment and storage medium | |
| US9256847B2 (en) | Detection, identification and integration of office squatters | |
| CN113989029B (en) | Data processing method, device, electronic device, medium and computer program product | |
| US8935343B2 (en) | Instant messaging network resource validation | 
Legal Events
| Date | Code | Title | Description | 
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |