CN118797668A - Terminal authority configuration method, device, equipment and storage medium - Google Patents
Terminal authority configuration method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN118797668A CN118797668A CN202311329535.9A CN202311329535A CN118797668A CN 118797668 A CN118797668 A CN 118797668A CN 202311329535 A CN202311329535 A CN 202311329535A CN 118797668 A CN118797668 A CN 118797668A
- Authority
- CN
- China
- Prior art keywords
- terminal
- permission
- authority
- preset
- terminals
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Automation & Control Theory (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
本申请公开了一种终端权限配置方法、装置、设备及存储介质,属于安全技术领域。本申请通过在同一账号对应的至少一个终端处于在线状态的情况下,将预配置的不同访问范围的权限对应分配至不同的终端,以供所述不同的终端根据所述不同的访问范围显示不同的内容,即通过对同一账号对应的不同终端的权限进行预配置,从而保证多个终端所配置的权限差异,限制不同终端所能浏览到的信息的范围,进而避免多个终端共用一个账号时,不同的终端对该账号造成相应信息的损失的情况,即通过控制同一账号的多个终端所配置的权限问题,保证了该账号内的信息的安全性。
The present application discloses a terminal authority configuration method, device, equipment and storage medium, belonging to the field of security technology. The present application allocates pre-configured permissions of different access ranges to different terminals when at least one terminal corresponding to the same account is online, so that the different terminals can display different contents according to the different access ranges, that is, by pre-configuring permissions of different terminals corresponding to the same account, thereby ensuring the difference in permissions configured by multiple terminals, limiting the scope of information that can be browsed by different terminals, and thus avoiding the situation where different terminals cause the loss of corresponding information to the account when multiple terminals share the same account, that is, by controlling the permission problem configured by multiple terminals of the same account, the security of the information in the account is guaranteed.
Description
技术领域Technical Field
本申请涉及安全技术领域,尤其涉及一种终端权限配置方法、装置、设备及存储介质。The present application relates to the field of security technology, and in particular to a terminal authority configuration method, device, equipment and storage medium.
背景技术Background Art
随着网络技术的快速发展,用户的账号可同时在多个终端登录同一客户端,在每个终端中,均可以基于该账号进行相应的操作,以实现用户在多个终端中的互联互通操作。With the rapid development of network technology, a user's account can log in to the same client on multiple terminals at the same time. In each terminal, corresponding operations can be performed based on the account to achieve interconnection and interoperability of users in multiple terminals.
具体的,用户A可在终端A和终端B上同时登录自己的账号,并在两个终端上浏览信息,并可同时在两个终端上完成相同权限的操作(例如,对该账号内的信息进行浏览或修改),而在终端非用户A本人使用的情况下,例如,用户B使用用户A的账号登录相应客户端,但是在用户B使用该账号时,用户B的部分操作行为可能会对该账号对应的信息资料造成一定程度的损坏,比如说,用户B删除信息资料或随意更改信息资料等。Specifically, user A can log in to his account on terminal A and terminal B at the same time, browse information on both terminals, and complete operations with the same permissions on both terminals (for example, browse or modify information in the account). In the case where the terminal is not used by user A himself, for example, user B uses user A's account to log in to the corresponding client, but when user B uses the account, some of user B's operations may cause a certain degree of damage to the information corresponding to the account, for example, user B deletes information or changes information at will.
因此,上述同一账号在多个终端中使用场景下,用户B的操作行为可能会给用户A带来相应损失,导致用户A的账号存在一定的安全隐患问题。Therefore, in the above scenario where the same account is used in multiple terminals, the operation behavior of user B may cause corresponding losses to user A, resulting in certain security risks for user A's account.
申请内容Application Contents
本申请的主要目的在于提供一种终端权限配置方法、装置、设备及存储介质,旨在解决同一账号在多终端中使用的场景下,该账号内的信息资料存在安全隐患的技术问题。The main purpose of this application is to provide a terminal permission configuration method, device, equipment and storage medium, aiming to solve the technical problem that when the same account is used in multiple terminals, there are security risks in the information data in the account.
为实现上述目的,本申请提供一种终端权限配置方法,所述终端权限配置方法包括以下步骤:To achieve the above purpose, the present application provides a terminal authority configuration method, which comprises the following steps:
在同一账号对应的至少一个终端处于在线状态的情况下,将预配置的不同访问范围的权限对应分配至不同的终端,以供所述不同的终端根据所述不同的访问范围显示不同的内容。When at least one terminal corresponding to the same account is online, pre-configured permissions of different access ranges are allocated to different terminals, so that the different terminals can display different contents according to the different access ranges.
可选地,所述在同一账号对应的至少一个终端处于在线状态的情况下,将预配置的不同访问范围的权限对应分配至不同的终端的步骤之后,所述方法还包括:Optionally, after the step of assigning pre-configured permissions of different access ranges to different terminals when at least one terminal corresponding to the same account is online, the method further includes:
在同一账号对应的至少一个副终端处于在线状态的情况下,若接收到所述副终端发起的权限调整请求,则确定发起所述权限调整请求的副终端的数量;When at least one sub-terminal corresponding to the same account is in an online state, if a permission adjustment request initiated by the sub-terminal is received, determining the number of sub-terminals that initiate the permission adjustment request;
若所述数量小于等于预设阈值,则对所述副终端的操作行为进行安全性验证;If the number is less than or equal to a preset threshold, performing security verification on the operation behavior of the secondary terminal;
若安全性验证的结果为安全,则调整所述终端预配置的权限;If the result of the security verification is safe, adjusting the pre-configured permissions of the terminal;
或,or,
在同一账号对应的至少一个副终端处于在线状态的情况下,若接收到所述副终端发起的权限调整请求,则确定发起所述权限调整请求的副终端的数量;When at least one sub-terminal corresponding to the same account is in an online state, if a permission adjustment request initiated by the sub-terminal is received, determining the number of sub-terminals that initiate the permission adjustment request;
若所述数量大于预设阈值,则对所述副终端的身份信息进行安全性验证;If the number is greater than a preset threshold, performing security verification on the identity information of the secondary terminal;
若安全性验证的结果为安全,则调整所述终端预配置的权限。If the result of the security verification is safe, the pre-configured permissions of the terminal are adjusted.
可选地,所述若所述数量小于等于预设阈值,则对所述副终端的操作行为进行安全性验证的步骤,包括:Optionally, if the number is less than or equal to a preset threshold, the step of performing security verification on the operation behavior of the secondary terminal includes:
若所述数量小于等于预设阈值,则确定所述副终端在预设时长内的操作行为的可靠性指数;If the number is less than or equal to a preset threshold, determining a reliability index of the operation behavior of the secondary terminal within a preset time period;
若所述可靠性指数介于预设指数范围内,则确定安全性验证的结果为安全;If the reliability index is within a preset index range, the result of the safety verification is determined to be safe;
若所述可靠性指数未介于预设指数范围内,则反馈权限申请失败信息至所述副终端,以供所述副终端显示所述权限申请失败信息的内容至相应用户。If the reliability index is not within the preset index range, permission application failure information is fed back to the secondary terminal, so that the secondary terminal displays the content of the permission application failure information to the corresponding user.
可选地,所述确定所述副终端在预设时长内的操作行为的可靠性指数的步骤,包括:Optionally, the step of determining the reliability index of the operation behavior of the secondary terminal within a preset time period includes:
获取所述副终端在预设时长内的操作行为数据、登录行为数据和异常行为数据;Acquiring operation behavior data, login behavior data and abnormal behavior data of the secondary terminal within a preset time period;
根据所述操作行为数据、所述登录行为数据和所述异常行为数据,更新所述副终端预配置的安全系数;updating a safety factor pre-configured on the secondary terminal according to the operation behavior data, the login behavior data and the abnormal behavior data;
根据更新后的安全系数,确定所述副终端在预设时长内的操作行为的可靠性指数。According to the updated safety factor, a reliability index of the operation behavior of the secondary terminal within a preset time period is determined.
可选地,所述若所述数量大于预设阈值,则对所述副终端的身份信息进行安全性验证的步骤,还包括:Optionally, if the number is greater than a preset threshold, the step of performing security verification on the identity information of the secondary terminal further includes:
若所述数量大于预设阈值,则根据所述副终端的权限相关数据,生成权限编码;If the number is greater than a preset threshold, generating a permission code according to the permission-related data of the secondary terminal;
将所述权限编码发送至所述副终端,以供所述副终端根据所述权限编码和所述副终端所对应的权限,生成用于进行身份验证的私钥;sending the permission code to the secondary terminal, so that the secondary terminal can generate a private key for identity authentication according to the permission code and the permission corresponding to the secondary terminal;
从所述副终端处接收所述私钥,并根据所述私钥,对所述副终端进行身份验证,并在验证通过时,将安全性验证的结果所涉及的权限相关信息反馈至所述副终端。The private key is received from the secondary terminal, and identity verification is performed on the secondary terminal according to the private key. When the verification is successful, permission-related information involved in the result of the security verification is fed back to the secondary terminal.
可选地,所述根据所述私钥,对所述副终端进行身份验证的步骤,包括:Optionally, the step of authenticating the secondary terminal according to the private key includes:
将所述私钥中包含的所述副终端的权限和预设的权限进行一致性比对,并将所述私钥中包含的权限编码和最初生成的权限编码进行一致性比对;Comparing the permissions of the secondary terminal contained in the private key with the preset permissions for consistency, and comparing the permissions code contained in the private key with the initially generated permissions code for consistency;
若一致性比对的结果均为一致,则验证通过。If the results of the consistency comparison are all consistent, the verification is passed.
可选的,所述同一账号对应预设置有一个主终端和若干个副终端,所述在同一账号对应的至少一个终端处于在线状态的情况下,若接收到所述终端发起的权限调整请求,则对所述终端进行安全性验证的步骤,还包括:Optionally, the same account is pre-set with a main terminal and a plurality of sub-terminals, and when at least one terminal corresponding to the same account is online, if a permission adjustment request initiated by the terminal is received, the step of performing security verification on the terminal further includes:
在所述同一账号对应的主终端和至少一个副终端处于在线状态的情况下,若接收到所述终端发起的权限调整请求,则将所述权限调整请求转发至所述主终端;When the main terminal and at least one secondary terminal corresponding to the same account are online, if a permission adjustment request initiated by the terminal is received, forwarding the permission adjustment request to the main terminal;
通过所述主终端显示所述权限调整请求的具体内容,以供所述主终端的用户根据所述权限调整请求,确定是否调整所述副终端预配置的权限。The specific content of the permission adjustment request is displayed by the main terminal, so that the user of the main terminal can determine whether to adjust the permission pre-configured by the secondary terminal according to the permission adjustment request.
此外,为实现上述目的,本申请还提供一种终端权限配置装置,所述终端权限配置装置包括:In addition, to achieve the above purpose, the present application also provides a terminal authority configuration device, the terminal authority configuration device comprising:
配置模块,用于在同一账号对应的至少一个终端处于在线状态的情况下,将预配置的不同访问范围的权限对应分配至不同的终端,以供所述不同的终端根据所述不同的访问范围显示不同的内容。The configuration module is used to allocate pre-configured permissions of different access ranges to different terminals when at least one terminal corresponding to the same account is online, so that the different terminals can display different contents according to the different access ranges.
此外,为实现上述目的,本申请还提供一种设备,所述设备包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的终端权限配置程序,所述终端权限配置程序配置为实现如上所述的终端权限配置方法的步骤。In addition, to achieve the above-mentioned purpose, the present application also provides a device, which includes: a memory, a processor, and a terminal permission configuration program stored in the memory and executable on the processor, wherein the terminal permission configuration program is configured to implement the steps of the terminal permission configuration method as described above.
此外,为实现上述目的,本申请还提供一种计算机可读存储介质,所述计算机可读存储介质上存储有终端权限配置程序,所述终端权限配置程序被处理器执行时实现如上所述的终端权限配置方法的步骤。In addition, to achieve the above-mentioned purpose, the present application also provides a computer-readable storage medium, on which a terminal authority configuration program is stored, and when the terminal authority configuration program is executed by a processor, the steps of the terminal authority configuration method described above are implemented.
本申请通过在同一账号对应的至少一个终端处于在线状态的情况下,将预配置的不同访问范围的权限对应分配至不同的终端,以供所述不同的终端根据所述不同的访问范围显示不同的内容,即通过对同一账号对应的不同终端的权限进行预配置,从而保证多个终端所配置的权限差异,限制不同终端所能浏览到的信息的范围,进而避免多个终端共用一个账号时,不同的终端对该账号造成相应信息的损失的情况,即通过控制同一账号的多个终端所配置的权限问题,保证了该账号内的信息的安全性。The present application distributes pre-configured permissions of different access ranges to different terminals when at least one terminal corresponding to the same account is online, so that the different terminals can display different content according to the different access ranges. That is, by pre-configuring permissions of different terminals corresponding to the same account, the permissions configured for multiple terminals are different, and the scope of information that can be browsed by different terminals is limited, thereby avoiding the situation where different terminals cause loss of corresponding information of the account when multiple terminals share the same account. That is, by controlling the permissions configured for multiple terminals of the same account, the security of the information in the account is guaranteed.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
图1为本申请终端权限配置方法第一实施例的流程示意图;FIG1 is a schematic diagram of a flow chart of a first embodiment of a method for configuring terminal permissions in the present application;
图2为本申请实施例中同一账号对应多个终端的关系示意图;FIG2 is a schematic diagram showing the relationship between the same account and multiple terminals in an embodiment of the present application;
图3为本申请终端权限配置方法第二实施例的流程示意图;FIG3 is a flow chart of a second embodiment of the terminal authority configuration method of the present application;
图4为本申请终端权限配置方法第三实施例的流程示意图;FIG4 is a schematic diagram of a flow chart of a third embodiment of a method for configuring terminal permissions in the present application;
图5为本申请终端权限配置装置一实施例的结构框图;FIG5 is a structural block diagram of an embodiment of a terminal authority configuration device of the present application;
图6是本申请实施例方案涉及的硬件运行环境的设备结构示意图。FIG. 6 is a schematic diagram of the device structure of the hardware operating environment involved in the embodiment of the present application.
本申请目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The realization of the purpose, functional features and advantages of this application will be further explained in conjunction with embodiments and with reference to the accompanying drawings.
具体实施方式DETAILED DESCRIPTION
应当理解,此处所描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。It should be understood that the specific embodiments described herein are only used to explain the present application and are not used to limit the present application.
参照图1,图1为本申请终端权限配置方法第一实施例的流程示意图。Refer to Figure 1, which is a flowchart of the first embodiment of the terminal authority configuration method of the present application.
在第一实施例中,所述终端权限配置方法包括以下步骤:In a first embodiment, the terminal authority configuration method includes the following steps:
S10,在同一账号对应的至少一个终端处于在线状态的情况下,将预配置的不同访问范围的权限对应分配至不同的终端,以供所述不同的终端根据所述不同的访问范围显示不同的内容。S10, when at least one terminal corresponding to the same account is in an online state, pre-configured permissions of different access ranges are allocated to different terminals, so that the different terminals can display different contents according to the different access ranges.
可理解的是,随着网络技术的不断发展,同一账号可在不同的终端上针对同一个客户端进行登录、访问和操作等,例如,同一个账号分别可在电脑端、手机端和平板端上分别登录。It is understandable that with the continuous development of network technology, the same account can be used to log in, access and operate the same client on different terminals. For example, the same account can be logged in on a computer, mobile phone and tablet respectively.
应理解的是,在不同的终端上登录同一个账号时,可能由该账号所属的用户进行相应访问和操作,也可能由不同的用户进行相应访问和操作,例如,家庭成员之间借用彼此账号登录不同的终端,具体的,可由用户A将其账号借给用户B使用,用户A和用户B可同时通过不同的终端(例如,手机和电脑)或相同的终端(例如,两个不同的手机)执行相应的浏览访问、更改信息等操作。It should be understood that when logging into the same account on different terminals, the corresponding access and operations may be performed by the user to which the account belongs, or by different users. For example, family members borrow each other's accounts to log in to different terminals. Specifically, user A can lend his account to user B for use, and user A and user B can simultaneously perform corresponding browsing access, information change and other operations through different terminals (for example, a mobile phone and a computer) or the same terminal (for example, two different mobile phones).
具体的,可参照图2,根据图2可知,可将用户A的账号同时登录用户A的主终端、用户A的副终端、用户B的副终端和用户C的副终端等,其中,主终端仅指的是用户A的账号的常用登录终端,副终端即为用户A的其余登录终端和其余用户的登录终端。Specifically, reference may be made to FIG2 . According to FIG2 , user A's account may be simultaneously logged into user A's main terminal, user A's sub-terminal, user B's sub-terminal, user C's sub-terminal, etc., wherein the main terminal refers only to the commonly used login terminal for user A's account, and the sub-terminals are the remaining login terminals of user A and the login terminals of other users.
需要说明的是,在不同用户使用同一个账号时,该账号归属者以外的用户可能会对该账号内的一些访问记录、收藏的数据资源或其他信息进行删除、篡改或清除等操作,从而造成相应的账号内的信息资料的损失。It should be noted that when different users use the same account, users other than the account owner may delete, tamper with or clear some access records, favorite data resources or other information in the account, thereby causing the loss of information and data in the corresponding account.
因此,为了避免上述的损失情况,在本实施例中,针对同一账号的不同终端分配不同的权限范围,限制相应的终端执行造成信息资料损失的操作,看考虑给同一账号多对应的各终端配置不同访问范围的权限,从而实现限制各终端访问范围不同,避免将重要信息暴露给其他终端的情况。Therefore, in order to avoid the above-mentioned losses, in this embodiment, different permission ranges are allocated to different terminals of the same account, and the corresponding terminals are restricted from executing operations that cause information loss. Consideration is given to configuring permissions with different access ranges for multiple terminals corresponding to the same account, thereby limiting the access range of each terminal to different levels and avoiding the exposure of important information to other terminals.
可理解的是,在相关的技术中,访问范围的权限通常指的是不同账号在登录同一平台时,不同账号所能浏览内容和其所能访问的信息的范围不同,具体的,在平台中可设置有不同等级所对应的信息内容,不同账号根据其所享有的权限内容,可分别浏览不同的内容,例如,娱乐软件平台,每个用户享有一个账号,该账号可开通vip特权,以享受比普通用户更多的可操作权限(听会员专属歌曲,查看会员专属文档等),而在本实施例中,特指的是同一个账号绑定多个终端,且给每一个终端分配不同的权限,具体的,以终端A为该账号主要用户所使用的终端,以B终端为该账号的其他用户所使用的终端为例,为了保证主要用户的信息资源的安全性,可在终端A上赋予全部的访问范围的权限,即可在终端A上通过该账号浏览全部内容,而在终端B上仅能访问到非vip账号所能浏览的内容,使得终端A和终端B配置不同的权限情况,以避免其他用户直接通过终端B随意更改信息或窃取信息的情况。It is understandable that in the relevant technology, the permission of the access scope usually refers to the different scopes of content that different accounts can browse and the information that they can access when logging into the same platform. Specifically, information content corresponding to different levels can be set in the platform, and different accounts can browse different content according to the permission content they enjoy. For example, in an entertainment software platform, each user enjoys an account, and the account can open VIP privileges to enjoy more operational permissions than ordinary users (listen to member-exclusive songs, view member-exclusive documents, etc.). In this embodiment, it specifically refers to binding multiple terminals to the same account, and assigning different permissions to each terminal. Specifically, taking terminal A as the terminal used by the main user of the account and terminal B as the terminal used by other users of the account as an example, in order to ensure the security of the information resources of the main user, the permission of the entire access scope can be granted on terminal A, that is, all content can be browsed through the account on terminal A, and only content that can be browsed by non-VIP accounts can be accessed on terminal B, so that terminal A and terminal B are configured with different permissions to avoid other users directly changing or stealing information at will through terminal B.
需要说明的是,本实施例中的权限配置的方案与相关技术中最大的区别在于账号和终端之间的对应匹配关系,即同一账号对应多个可登录该账号的终端,以控制不同终端所配置的权限的情况,相当于控制使用同一账号的多个用户分别享受不同的权限,例如,用户A使用终端A,用户B使用终端B,用户A作为账号的归属者,终端A可配置全部的权限,用户B作为账号的借用者,终端B可配置部分的权限。It should be noted that the biggest difference between the permission configuration scheme in this embodiment and the related art lies in the corresponding matching relationship between the account and the terminal, that is, the same account corresponds to multiple terminals that can log in to the account, so as to control the permissions configured for different terminals, which is equivalent to controlling multiple users using the same account to enjoy different permissions respectively. For example, user A uses terminal A, and user B uses terminal B. User A is the owner of the account, and terminal A can configure all permissions. User B is the borrower of the account, and terminal B can configure part of the permissions.
进一步可理解的是,在不同的终端配置有不同的权限的情况下,不同的终端可根据其获取到的访问范围的权限,显示不同的内容,以账号是视频网站的会员账号为例,终端A显示全部的历史浏览记录和全部的操作信息,以及享受该视频网站的全部的会员的权益,终端B可仅显示部分标记为待观看的视频内容,或享受该视频网站的部分的会员权益等(例如,会员生日该视频网站工作人员邮寄账号的归属者一份实体礼物等,该权益终端B对应的用户无法享受)。It is further understandable that, when different terminals are configured with different permissions, different terminals can display different content according to the access permissions they obtain. Taking the account as a member account of a video website as an example, terminal A displays all historical browsing records and all operation information, and enjoys all the member rights and interests of the video website. Terminal B may only display part of the video content marked as to be watched, or enjoy part of the member rights and interests of the video website (for example, on the member's birthday, the video website staff will mail a physical gift to the owner of the account, etc., and the user corresponding to terminal B cannot enjoy this right).
此外,在控制不同终端显示不同访问范围的权限的内容时,还可通过限制不同终端享有不同的操作权限内容,例如,终端A可享受全部的修改操作(删除、修改、复制和下载等),终端B仅能享受到浏览,而无法对账号内的数据或信息资源进行修改操作。In addition, when controlling different terminals to display content with different access permissions, different terminals can also be restricted to enjoy different operating permissions. For example, terminal A can enjoy all modification operations (delete, modify, copy and download, etc.), and terminal B can only enjoy browsing, but cannot modify the data or information resources in the account.
本实施例,通过在同一账号对应的至少一个终端处于在线状态的情况下,将预配置的不同访问范围的权限对应分配至不同的终端,以供所述不同的终端根据所述不同的访问范围显示不同的内容,即通过对同一账号对应的不同终端的权限进行预配置,从而保证多个终端所配置的权限差异,限制不同终端所能浏览到的信息的范围,进而避免多个终端共用一个账号时,不同的终端对该账号造成相应信息的损失的情况,即通过控制同一账号的多个终端所配置的权限问题,保证了该账号内的信息的安全性。In this embodiment, when at least one terminal corresponding to the same account is online, pre-configured permissions of different access ranges are allocated to different terminals, so that the different terminals can display different content according to the different access ranges. That is, permissions of different terminals corresponding to the same account are pre-configured, thereby ensuring differences in permissions configured for multiple terminals, limiting the scope of information that can be browsed by different terminals, and thus avoiding the situation where different terminals cause loss of corresponding information to the account when multiple terminals share the same account. That is, by controlling the permissions configured for multiple terminals of the same account, the security of the information in the account is guaranteed.
如图3所示,基于第一实施例提出本申请终端权限配置方法第二实施例,本实施例中,步骤S10具体包括:As shown in FIG3 , a second embodiment of the terminal authority configuration method of the present application is proposed based on the first embodiment. In this embodiment, step S10 specifically includes:
S110,在同一账号对应的至少一个副终端处于在线状态的情况下,若接收到所述副终端发起的权限调整请求,则确定发起所述权限调整请求的副终端的数量。S110, when at least one sub-terminal corresponding to the same account is in an online state, if a permission adjustment request initiated by the sub-terminal is received, determine the number of sub-terminals that initiate the permission adjustment request.
需要说明的是,同一账号可对应多个终端,该同一账号所对应的终端包括一个主终端和多个副终端,其中,该主终端指的是该账号归属者主要使用的终端,而副终端指的是该账号归属者使用的其他终端,或其他用户使用的终端等。It should be noted that the same account can correspond to multiple terminals, and the terminals corresponding to the same account include a main terminal and multiple sub-terminals, where the main terminal refers to the terminal mainly used by the account owner, and the sub-terminal refers to other terminals used by the account owner, or terminals used by other users, etc.
例如,账号归属者可同时使用电脑、手机和平板登录该账号,其中,手机作为该账号的主终端,电脑和平板作为该账号的副终端,而除了归属者之外的任一用户的任意终端均作为副终端。For example, the account owner can use a computer, mobile phone and tablet to log in to the account at the same time, where the mobile phone serves as the main terminal of the account, the computer and tablet serve as the secondary terminals of the account, and any terminal of any user except the owner serves as a secondary terminal.
可理解的是,在副终端在线时,可能产生相应的权限调整问题,例如,副终端需要申请更多的浏览权限,或申请对账号内数据进行修改的权限,因此,在本实施例中,当判断有至少一个副终端处于在线时,需要监测是否存在需要更改权限的副终端,而数量即指的是发起权限调整请求的副终端的数量。It is understandable that when the sub-terminal is online, corresponding permission adjustment issues may arise. For example, the sub-terminal needs to apply for more browsing permissions, or apply for permissions to modify data in the account. Therefore, in this embodiment, when it is determined that at least one sub-terminal is online, it is necessary to monitor whether there are sub-terminals that need to change permissions, and the number refers to the number of sub-terminals that initiate permission adjustment requests.
需要说明的是,副终端的数量影响着对副终端进行安全性验证的情况,例如,数量较大时,可能存在部分非法终端与正常已授予权限的副终端以同时申请权限的方式,混淆账号归属者的认知,使得非法终端剽窃到该账号的权限,因此,在该数量较大时,需要对大数量的需要调整权限的终端进行更加严格的安全性验证,而在该数量较小时,则可降低安全性验证的强度和标准。It should be noted that the number of sub-terminals affects the security verification of the sub-terminals. For example, when the number is large, some illegal terminals may apply for permissions at the same time as the normal sub-terminals that have been granted permissions, confusing the account owner's cognition and allowing the illegal terminals to steal the permissions of the account. Therefore, when the number is large, it is necessary to perform more stringent security verification on a large number of terminals that need to adjust permissions, while when the number is small, the intensity and standards of the security verification can be reduced.
具体的,为了实现对终端的权限灵活的配置效果,需要先对每一个终端的情况做出实时监测,通过相应的服务器端,对同一账号对应的多个终端的在线情况进行监控,这一过程中可通过服务器端监测同一账号的登录情况,以及登录该账号的IP地址情况,或直接监控登录该账号的设备属性,从而确定同一账号对应的多个终端的在线情况,并在此类终端处于在线状态,且该终端发起了权限调整请求时,确定该终端申请权限调整,为了避免直接调整该终端的权限情况,避免该终端对应的使用者对该账号的信息资料造成破坏的情况,需要先对该发起权限调整请求的终端进行安全性验证。Specifically, in order to achieve flexible configuration of terminal permissions, it is necessary to first monitor the situation of each terminal in real time, and monitor the online situation of multiple terminals corresponding to the same account through the corresponding server. In this process, the login situation of the same account and the IP address of the account can be monitored through the server, or the device properties of the account can be directly monitored to determine the online situation of multiple terminals corresponding to the same account, and when such terminal is online and the terminal initiates a permission adjustment request, determine that the terminal applies for permission adjustment. In order to avoid directly adjusting the permission of the terminal and avoiding the user corresponding to the terminal from damaging the information of the account, it is necessary to first perform security verification on the terminal that initiates the permission adjustment request.
可理解的是,权限调整请求即终端对应的使用者,通过该终端使用本实施例中所限定的同一个账号所发起的请求,该请求主要包括调整在该终端上能够实现的访问权限和/或操作权限等权限范围,例如,该同一账号的归属者给终端A配置可以浏览全部内容的权限,给终端B配置了可以浏览一半内容的权限,终端B可能在部分场景中想要浏览超过其权限范围的内容,则需要通过终端B申请相应的权限。It is understandable that the permission adjustment request is a request initiated by the user corresponding to the terminal through the terminal using the same account defined in this embodiment. The request mainly includes adjusting the scope of permissions such as access permissions and/or operation permissions that can be achieved on the terminal. For example, the owner of the same account configures terminal A with the permission to browse all content, and configures terminal B with the permission to browse half of the content. Terminal B may want to browse content that exceeds its permission scope in some scenarios, and it needs to apply for corresponding permissions through terminal B.
可理解的是,安全性验证即对发起权限调整请求的终端进行安全性评估的验证环节,其主要在于判断增加终端的权限,是否可能造成相应的信息资料的损失,例如,安全性验证判断终端A为安全的,即可给终端A调整权限,安全性验证判断终端B为不安全的,即可不给终端B调整权限。It is understandable that security verification is the verification step of conducting security assessment on the terminal that initiates the permission adjustment request. Its main purpose is to determine whether increasing the terminal's permissions may cause the loss of corresponding information and data. For example, if the security verification determines that terminal A is safe, the permissions of terminal A can be adjusted. If the security verification determines that terminal B is unsafe, the permissions of terminal B will not be adjusted.
应理解的是,该安全性验证可根据不同终端的历史信息综合给不同的终端进行安全性打分,也可对终端的历史操作行为进行评估等不同方式,只需能够满足对不同的终端进行安全性判断即可。It should be understood that the security verification can be performed by comprehensively scoring the security of different terminals based on their historical information, or by evaluating the historical operating behaviors of the terminals, etc., as long as it can satisfy the security judgment of different terminals.
S121,若所述数量小于等于预设阈值,则对所述副终端的操作行为进行安全性验证。S121: If the number is less than or equal to a preset threshold, perform security verification on the operation behavior of the secondary terminal.
可理解的是,在该数量小于等于预设阈值时,可选择安全认证级别较低的验证方式,例如,可通过对副终端的历史操作的操作行为进行安全性统计和验证,抽取该副终端以往的历史记录,正常操作、登录频次或异常操作等进行统计,并综合上述特征,确定该副终端是否可信。It is understandable that when the number is less than or equal to the preset threshold, a verification method with a lower security authentication level can be selected. For example, the security statistics and verification of the historical operation behaviors of the sub-terminal can be carried out, the previous historical records of the sub-terminal can be extracted, and the normal operation, login frequency or abnormal operation can be counted, and the above characteristics can be combined to determine whether the sub-terminal is trustworthy.
其中,该预设阈值可设置为较小的数值,例如,考虑到账号的归属者可能同时使用三种终端(手机、电脑和平板),可将该预设阈值设置为2,也可直接将该预设阈值设置为1等,具体不作限定。Among them, the preset threshold can be set to a smaller value. For example, considering that the owner of the account may use three terminals (mobile phone, computer and tablet) at the same time, the preset threshold can be set to 2, or the preset threshold can be directly set to 1, etc., without specific limitation.
具体的,在该数量小于预设阈值时,需要对该副终端进行操作行为方面的安全性验证,以此,可通过确定该副终端在预设时长内的操作行为的可靠性指数,并判断该可靠性指数的大小是否介于预设指数范围内,若所述可靠性指数介于预设指数范围内,则确定安全性验证的结果为安全,同样的,若所述可靠性指数未介于预设指数范围内,则反馈权限申请失败信息至所述副终端,以供所述副终端显示所述权限申请失败信息的内容至相应用户。Specifically, when the number is less than a preset threshold, it is necessary to perform security verification on the operating behavior of the sub-terminal. To this end, the reliability index of the operating behavior of the sub-terminal within a preset time period can be determined, and it can be judged whether the size of the reliability index is within the preset index range. If the reliability index is within the preset index range, the result of the security verification is determined to be safe. Similarly, if the reliability index is not within the preset index range, the permission application failure information is fed back to the sub-terminal, so that the sub-terminal can display the content of the permission application failure information to the corresponding user.
可理解的是,操作行为即指的是副终端以往的历史操作行为,因此,可从历史操作行为中抽取部分操作行为作为评判该副终端的可靠性指数的依据,可利用预设时长作为抽取标准,例如,该预设时长为一个月,在从历史操作行为中抽取操作行为时,即可将该副终端最近一个月以来的相应操作行为抽取出来。It is understandable that the operation behavior refers to the previous historical operation behavior of the sub-terminal. Therefore, some operation behaviors can be extracted from the historical operation behaviors as the basis for judging the reliability index of the sub-terminal, and the preset time length can be used as the extraction standard. For example, the preset time length is one month. When extracting the operation behavior from the historical operation behavior, the corresponding operation behavior of the sub-terminal in the past month can be extracted.
可理解的是,该可靠性指数指的是对副终端的操作行为的可靠性进行评估所得到的指数,该指数的大小可用于评判该副终端是否作为可信的终端。It is understandable that the reliability index refers to an index obtained by evaluating the reliability of the operation behavior of the secondary terminal, and the size of the index can be used to judge whether the secondary terminal is a trustworthy terminal.
其中,该可靠性指数可预先设定相应的求取公式,该公式主要依托与该副终端的操作行为的数据,并根据操作行为,计算得到该可靠性指数。The reliability index may be obtained by presetting a corresponding formula, which mainly relies on data on the operation behavior of the secondary terminal, and calculates the reliability index based on the operation behavior.
可理解的是,该预设指数范围指的是判断该可靠性指数的预设的指数区间,例如,该预设指数范围可为1-10或5-20等,在此不作具体限定,该预设指数范围仅用于对可靠性指数所表现的副终端的可靠性进行判断。It is understandable that the preset index range refers to the preset index interval for judging the reliability index. For example, the preset index range may be 1-10 or 5-20, etc., and is not specifically limited here. The preset index range is only used to judge the reliability of the secondary terminal represented by the reliability index.
应理解的是,在可靠性指数介于该预设指数范围内,即可证明该副终端可靠,且可以信任,因此,服务器可在一定限度内响应该副终端的权限调整请求,其中,该一定限度指的是账号归属者预先给该副终端划定的最大权限。It should be understood that when the reliability index is within the preset index range, it can be proved that the sub-terminal is reliable and trustworthy. Therefore, the server can respond to the permission adjustment request of the sub-terminal within a certain limit, wherein the certain limit refers to the maximum permission pre-defined by the account owner for the sub-terminal.
应理解的是,在可靠性指数未介于该预设指数范围内,即可证明该副终端补可靠,且不可以信任,因此,服务器可直接不响应该副终端的权限调整请求,同时将反馈权限申请失败信息至副终端,以供该副终端显示相应权限申请失败信息的内容给该副终端的用户。It should be understood that when the reliability index is not within the preset index range, it can be proved that the sub-terminal is unreliable and cannot be trusted. Therefore, the server can directly not respond to the permission adjustment request of the sub-terminal, and at the same time feedback the permission application failure information to the sub-terminal, so that the sub-terminal can display the content of the corresponding permission application failure information to the user of the sub-terminal.
需要说明的是,在确定该副终端的可靠性指数时,需要先获取到相应的操作行为的数据,具体的,可获取所述副终端在预设时长内的操作行为数据、登录行为数据和异常行为数据,并根据所述操作行为数据、所述登录行为数据和所述异常行为数据,更新所述副终端预配置的安全系数,从而使用该更新后的安全系数,确定所述副终端在预设时长内的操作行为的可靠性指数。It should be noted that when determining the reliability index of the sub-terminal, it is necessary to first obtain the corresponding operation behavior data. Specifically, the operation behavior data, login behavior data and abnormal behavior data of the sub-terminal within a preset time period can be obtained, and the pre-configured safety factor of the sub-terminal is updated according to the operation behavior data, the login behavior data and the abnormal behavior data, so as to use the updated safety factor to determine the reliability index of the operation behavior of the sub-terminal within the preset time period.
其中,操作行为应包括多种行为,例如,访问浏览行为、更改信息行为或登录行为等。Among them, operation behavior should include multiple behaviors, such as access browsing behavior, information change behavior or login behavior, etc.
具体的,该操作行为数据指的是对账号内信息资料进行修改操作或访问浏览的行为,例如,删除信息、修改信息内容等,该登录行为数据可指的是副终端登录该账号的行为,具体为登录时间、登录频次和登录地点等,该异常行为可指的是副终端频繁申请权限,或异常地点登录等。Specifically, the operation behavior data refers to the behavior of modifying or accessing the information in the account, such as deleting information, modifying the content of information, etc. The login behavior data may refer to the behavior of the sub-terminal logging into the account, specifically the login time, login frequency and login location, etc. The abnormal behavior may refer to the sub-terminal frequently applying for permissions, or logging in from an abnormal location, etc.
可理解的是,根据上述的行为的不同,可对相应预配置的安全系数进行更新,该更新主要目的在于影响计算可靠性指数时的公式的系数。It is understandable that, according to the above-mentioned different behaviors, the corresponding pre-configured safety factor can be updated, and the main purpose of the update is to affect the coefficient of the formula when calculating the reliability index.
具体的,为了更好的说明,将账号的归属者作为主用户,其余使用该账号的用户作为副用户,当仅有1个终端设备在线,且终端设备为副终端,可认为主终端为离线状态,在该状态下,副用户仅能浏览主用户先预设好的可浏览的信息,并且,用户仅有浏览账号下信息的权限。Specifically, for better explanation, the owner of the account is regarded as the main user, and the other users using the account are regarded as secondary users. When there is only one terminal device online, and the terminal device is a secondary terminal, the main terminal can be considered to be offline. In this state, the secondary user can only browse the information preset by the main user, and the user only has the authority to browse the information under the account.
若副终端对应的副用户希望获取更多的权限,则需要向服务器发送鉴权令牌请求(权限调整请求),以得到访问令牌,使副终端获得更多的访问权限。If the secondary user corresponding to the secondary terminal wishes to obtain more permissions, it is necessary to send an authentication token request (permission adjustment request) to the server to obtain an access token so that the secondary terminal can obtain more access permissions.
其中,安全性验证过程如下:The security verification process is as follows:
副终端向服务器发送T1时间段(预设时长)内,该副终端的可靠性指数P,该数值是基于该副终端初始的安全系数、账号的安全系数,以及用户对该副终端的信任指数、终端的稳定时长等维度进行计算。The secondary terminal sends the reliability index P of the secondary terminal to the server within the T1 time period (preset duration). The value is calculated based on the initial security factor of the secondary terminal, the security factor of the account, the user's trust index of the secondary terminal, the stability time of the terminal and other dimensions.
该可靠性指数的计算公式具体如下:The calculation formula of the reliability index is as follows:
P=(1/ɑ)U+ILβ;P = (1/ɑ)U + ILβ;
其中,ɑ为副终端的安全系数,该系数越小,该副终端越安全,同时,该安全系数并不随着副终端所享有的权限的更改而更改,而是当该副终端发生安全事件后,重新触发计算,即在安全性验证环节重新计算。Among them, ɑ is the security factor of the sub-terminal. The smaller the factor is, the more secure the sub-terminal is. At the same time, the security factor does not change with the change of the permissions enjoyed by the sub-terminal. Instead, when a security incident occurs in the sub-terminal, the calculation is re-triggered, that is, it is recalculated in the security verification link.
其中,U为账号的安全系数,该系数越大,账号越安全。该安全系数与账号的活跃度、数据权限复杂度有关:Among them, U is the security factor of the account. The larger the coefficient, the safer the account. The security factor is related to the activity of the account and the complexity of data permissions:
该安全系数的计算公式具体如下:The calculation formula of the safety factor is as follows:
其中,H表示该账号在该副终端的登录频率,ξ(bi,di)表示该账号权限的复杂度及敏感度,M表示该账号关联的终端数量。Wherein, H represents the login frequency of the account in the secondary terminal, ξ(b i ,d i ) represents the complexity and sensitivity of the account authority, and M represents the number of terminals associated with the account.
其中,I是该终端的信任指数,为副终端与主终端的可访问信息与操作权限相似得分,其中权限依据安全级别进行顺序离散化。假设(b0,d0)、(b1,d1)分别为用户主终端和副终端可访问的数据和对应的操作权限集合,该指数越高表示用户对该设备的信任程度越高。Among them, I is the trust index of the terminal, which is the similarity score of the accessible information and operation permissions of the secondary terminal and the main terminal, where the permissions are discretized in order according to the security level. Assume that (b0, d0) and (b1, d1) are the data accessible to the user's main terminal and secondary terminal and the corresponding operation permission set, respectively. The higher the index, the higher the user's trust in the device.
该信任指数的计算公式具体如下:The calculation formula of the trust index is as follows:
其中,L是终端B2请求额外权限的成功率,其计算公式具体如下:Where L is the success rate of terminal B2 requesting additional permissions, and its calculation formula is as follows:
其中,λ表示该权限的敏感程度,w表示申请的操作权限的安全级别,i表示请求的额外权限标记,j表示请求通过的额外权限标记。Among them, λ represents the sensitivity of the permission, w represents the security level of the requested operation permission, i represents the additional permission tag requested, and j represents the additional permission tag approved by the request.
其中,β为未出现异常时间的天数,其中,β初始值为0,当天数越高时,β值越大,若出现了异常事件,β=β-X,X为用户根据经验设定。Among them, β is the number of days without abnormal time, wherein the initial value of β is 0, and the higher the number of days, the larger the β value. If an abnormal event occurs, β=β-X, where X is set by the user based on experience.
若副终端的可靠性评估值在预设范围内,且,该副终端的IP登录地址为常用登录地址(在一定时间内频繁登录的地址),则服务器给予副终端可浏览所有信息的权限,以及不可对信息执行删除等不可逆的修改操作的令牌。If the reliability evaluation value of the secondary terminal is within the preset range, and the IP login address of the secondary terminal is a frequently used login address (an address frequently logged in within a certain period of time), the server grants the secondary terminal the authority to browse all information and a token that does not allow it to perform irreversible modification operations such as deletion on the information.
而若副终端的可靠性指数未介于预设指数范围内,则服务器不响应副终端的请求,并反馈给副终端一个申请权限失败信息。If the reliability index of the secondary terminal is not within the preset index range, the server does not respond to the request of the secondary terminal, and feeds back a permission application failure message to the secondary terminal.
S122,若所述数量大于预设阈值,则对所述副终端的身份信息进行安全性验证。S122: If the number is greater than a preset threshold, perform security verification on the identity information of the secondary terminal.
可理解的是,在数量大于预设阈值时,则需要对副终端的安全性验证提高验证等级,在数量为1时,仅判断该副终端是否可靠即可,而在该数量为10或其他数量时,可能存在部分非法终端入侵的情况,因此,需要对副终端的身份信息进行安全性验证,以提高最终调整权限时的安全性保障。It is understandable that when the number is greater than the preset threshold, it is necessary to increase the verification level of the security verification of the sub-terminal. When the number is 1, it is only necessary to determine whether the sub-terminal is reliable. When the number is 10 or other numbers, there may be some illegal terminal intrusions. Therefore, it is necessary to perform security verification on the identity information of the sub-terminal to improve the security protection when the authority is finally adjusted.
具体的,在数量大于预设阈值时,根据所述副终端的权限相关数据,生成权限编码,并将所述权限编码发送至所述副终端,以供所述副终端根据所述权限编码和所述副终端所对应的权限,生成用于进行身份验证的私钥,从而该副终端可将该私钥反馈至服务器,并在该服务器从所述副终端处接收所述私钥时,根据所述私钥,对所述副终端进行身份验证,并在验证通过时,将安全性验证的结果所涉及的权限相关信息反馈至所述副终端。Specifically, when the number is greater than a preset threshold, a permission code is generated according to the permission-related data of the sub-terminal, and the permission code is sent to the sub-terminal, so that the sub-terminal can generate a private key for identity authentication according to the permission code and the permission corresponding to the sub-terminal, so that the sub-terminal can feed back the private key to the server, and when the server receives the private key from the sub-terminal, the sub-terminal is authenticated according to the private key, and when the verification is passed, the permission-related information involved in the result of the security verification is fed back to the sub-terminal.
其中,在进行身份验证时,主要验证内容包括两部分,一方面将所述私钥中包含的所述副终端的权限和预设的权限进行一致性比对,另一方面将所述私钥中包含的权限编码和最初生成的权限编码进行一致性比对,在上述两方面的一致性比对的结果均为一致,则验证通过,证明当前的副终端为安全的。Among them, when performing identity authentication, the main verification content includes two parts. On the one hand, the permissions of the sub-terminal contained in the private key are compared with the preset permissions for consistency. On the other hand, the permission code contained in the private key is compared with the initially generated permission code for consistency. If the results of the consistency comparison in the above two aspects are consistent, the verification is passed, proving that the current sub-terminal is safe.
此外,还需要说明的是,权限包括操作权限和访问权限,在上述身份验证时,需要应对不同的副终端所生成的不同的私钥进行不同权限的验证。In addition, it should be noted that permissions include operation permissions and access permissions. During the above identity authentication, different permissions need to be verified for different private keys generated by different sub-terminals.
具体的,服务器生成权限编码设置为Bsk,该权限编码Bsk的具体公式如下:Specifically, the server generates a permission code set to Bsk, and the specific formula of the permission code Bsk is as follows:
Bsk(b,d)=(bn,dn)×(b1,d1)·(b2,d2)/Tn×φ;Bsk(b,d)=(bn,dn)×(b1,d1)·(b2,d2)/Tn×φ;
其中,(bn,dn)为副终端可访问的数据权限和对应的操作权限集合,(b1,d1)为主用户预设的可访问的信息和可操作权限信息范围,(b2,d2)则代表副用户历史范围最大可访问的信息和可操作权限信息,Tn为用于解密对当前副用户隐藏的信息的数据集对应的公钥,φ为副用户最近一次可访问对象的属性集合。Among them, (bn, dn) is the data permission and corresponding operation permission set accessible to the sub-terminal, (b1, d1) is the accessible information and operation permission information range preset by the main user, (b2, d2) represents the maximum accessible information and operation permission information in the sub-user's historical range, Tn is the public key corresponding to the data set used to decrypt the information hidden from the current sub-user, and φ is the attribute set of the object most recently accessible to the sub-user.
在服务器将权限编码Bsk发送给各个需要申请额外访问权限的副终端后,各个副终端会根据该权限编码Bsk,生成对应的私钥Re1,该私钥Re1的具体公式如下:After the server sends the permission code Bsk to each sub-terminal that needs to apply for additional access rights, each sub-terminal will generate a corresponding private key Re1 based on the permission code Bsk. The specific formula of the private key Re1 is as follows:
其中,为副用户当前能够访问的所有信息节点集合;in, It is the set of all information nodes that the secondary user can currently access;
其中,Q1为副用户本次申请浏览的属性信息,即属性范围集合,例如,用户要访问图像、文字,则本次访问的属性集为{k(数据存放位置),1(文字),2(图像)}。Among them, Q1 is the attribute information that the secondary user applies to browse this time, that is, the attribute range set. For example, if the user wants to access images and texts, the attribute set for this access is {k (data storage location), 1 (text), 2 (image)}.
在服务器将权限编码Bsk发送给各个需要申请额外操作权限的副终端,以让副终端生成对应的私钥Re2,该私钥Re2的具体公式如下:The server sends the permission code Bsk to each secondary terminal that needs to apply for additional operation permissions, so that the secondary terminal generates the corresponding private key Re2. The specific formula of the private key Re2 is as follows:
其中,Q2为副用户本次申请操作的权限信息范围集合,例如,{1(修改权限),2(删除权限)}。Among them, Q2 is the permission information range set of the secondary user's current application operation, for example, {1 (modify permission), 2 (delete permission)}.
将副终端的访问权限和操作权限整合,以得到Re,同时可将该Re反馈给服务器,该Re的具体公式如下:The access rights and operation rights of the secondary terminal are integrated to obtain Re, which can be fed back to the server. The specific formula of Re is as follows:
Re=(Re1,Re2);Re=(Re1, Re2);
而在服务器接收到副终端发送来的私钥信息Re,对该私钥进行认证,并将对应的访问和操作权限与私钥Re绑定,反馈给用户;When the server receives the private key information Re sent by the secondary terminal, it authenticates the private key, binds the corresponding access and operation permissions to the private key Re, and feeds back to the user;
其中,认证操作为:比对副用户发送给服务器的当前访问和操作权限与副用户在服务器中实际存留的初始访问和操作权限是否一致,并确定该私钥中包含的Bsk(b,d)与服务器中存留的是否一致,若上述两个条件均一致,则认为验证通过。Among them, the authentication operation is: compare whether the current access and operation permissions sent by the secondary user to the server are consistent with the initial access and operation permissions actually retained by the secondary user in the server, and determine whether the Bsk(b, d) contained in the private key is consistent with that retained in the server. If the above two conditions are consistent, the verification is considered to be successful.
其中,绑定权限后的秘钥G为:G={Z}/Re·Bsk(b,d);Among them, the secret key G after binding authority is: G = {Z}/Re·Bsk(b, d);
其中,Z代表系统结合主用户预设的访问权限范围E和副用户申请的用户权限范围集合Q2进行取交集后,给出的操作权限集。Among them, Z represents the operation permission set given by the system after taking the intersection of the access permission range E preset by the primary user and the user permission range set Q2 applied for by the secondary user.
需要说明的是,在权限认证后的调整过程中存在一个潜在条件,该潜在条件具体为,在安全性验证后,服务器会满足用户申请的访问权限,并为该用户开放对应的访问范围,但对于用户申请的操作权限而言,服务器会在不超过主用户预设的权限范围内,为副用户终端开放对应的操作权限。It should be noted that there is a potential condition in the adjustment process after authority authentication. Specifically, after security verification, the server will meet the access rights requested by the user and open the corresponding access range for the user. However, for the operation rights applied by the user, the server will open the corresponding operation rights for the secondary user terminal within the authority range preset by the main user.
最后,服务器会将秘钥G发送给副用户终端,副用户的副终端基于服务器发来的秘钥G,发起相应的访问请求,并访问对应的账号下的数据,以及执行权限范围内的操作。Finally, the server will send the secret key G to the secondary user terminal. Based on the secret key G sent by the server, the secondary user's secondary terminal will initiate a corresponding access request, access the data under the corresponding account, and perform operations within the scope of authority.
此外,在所述同一账号对应的主终端处于在线状态的情况下,则配置全部的权限至所述主终端。In addition, when the main terminal corresponding to the same account is online, all permissions are configured to the main terminal.
可理解的是,主终端作为账号归属者的终端,应具备对该账号使用的全部权限,因此,服务器会将该账号的全部操作权限、访问权限等全部权限配置给该主终端,以保证主终端的正常使用。It is understandable that the master terminal, as the terminal of the account owner, should have full authority to use the account. Therefore, the server will configure all operating permissions, access permissions and other permissions of the account to the master terminal to ensure the normal use of the master terminal.
本实施例,在主终端在线状态下,直接配置全部的权限至该主终端,保证了主终端对应的用户使用账号时的权限。In this embodiment, when the master terminal is online, all permissions are directly configured to the master terminal, thereby ensuring the permissions of the user corresponding to the master terminal when using the account.
S130,若安全性验证的结果为安全,则调整所述终端预配置的权限。S130: If the result of the security verification is safe, adjust the pre-configured permissions of the terminal.
可理解的是,在安全性验证的结果为安全时,即可判断当前的终端满足调整权限的条件,因此,可对该终端预配置的权限进行调整。It is understandable that when the result of the security verification is safe, it can be determined that the current terminal meets the conditions for adjusting permissions, and therefore, the permissions pre-configured for the terminal can be adjusted.
需要说明的是,该预配置的权限即指的是该终端登录该账号时,所预先配置有的权限,例如,用户A为账号的归属者,用户B想要借用该账号,并通过与用户A的沟通,用户A允许使用该账号,并会预设用户B所使用的终端B,并限制该终端B的最大权限,以该最大权限为浏览账号中全部信息内容为例,服务器会将该最大权限下任一权限范围作为预配置的权限,以与配置的权限为浏览一半信息内容为例,即用户B在通过终端B登录该账号时,可根据该预配置的权限,浏览该账号中一半信息内容,而该终端B享有的最大权限为浏览全部信息内容,因此,可对终端B的预配置的权限进行调整,其权限调整的范围即在该最大权限内。It should be noted that the pre-configured permissions refer to the permissions pre-configured when the terminal logs in to the account. For example, user A is the owner of the account, and user B wants to borrow the account. Through communication with user A, user A allows the use of the account, and will preset terminal B used by user B, and limit the maximum permissions of terminal B. Taking the maximum permission of browsing all information content in the account as an example, the server will use any permission range under the maximum permission as the pre-configured permission. Taking the configured permission of browsing half of the information content as an example, when user B logs in to the account through terminal B, he can browse half of the information content in the account according to the pre-configured permissions, and the maximum permission enjoyed by terminal B is browsing all information content. Therefore, the pre-configured permissions of terminal B can be adjusted, and the range of permission adjustment is within the maximum permission.
需要说明的是,该预配置的权限可理解为服务器给终端配置的权限,该预配置的权限对应的权限范围小于等于账号归属者所配置的最大权限的权限范围。It should be noted that the pre-configured permissions can be understood as permissions configured by the server for the terminal, and the permission range corresponding to the pre-configured permissions is less than or equal to the permission range of the maximum permission configured by the account owner.
本实施例,通过对发起权限调整请求的副终端的数量进行判断,从而根据该数量的不同,选择不同的安全性验证的方式,分别对数量小于等于预设阈值的副终端进行操作行为的安全性验证,对数量大于预设阈值的副终端的身份信息进行安全性验证,从而实现针对不同的应用场景,采用不同安全性验证方式,以保证调整副终端的权限时的调整操作的可靠性和安全性。In this embodiment, the number of sub-terminals that initiate permission adjustment requests is determined, and different security verification methods are selected according to the number. The security verification of the operation behavior is performed on the sub-terminals whose number is less than or equal to the preset threshold, and the security verification is performed on the identity information of the sub-terminals whose number is greater than the preset threshold. This allows different security verification methods to be used for different application scenarios to ensure the reliability and security of the adjustment operation when adjusting the permissions of the sub-terminals.
如图4所示,基于第一实施例提出本申请终端权限配置方法第三实施例,本实施例中,所述方法还包括:As shown in FIG4 , a third embodiment of the terminal authority configuration method of the present application is proposed based on the first embodiment. In this embodiment, the method further includes:
S41,在所述同一账号对应的主终端和至少一个副终端处于在线状态的情况下,若接收到所述终端发起的权限调整请求,则将所述权限调整请求转发至所述主终端。S41, when the main terminal and at least one secondary terminal corresponding to the same account are in an online state, if a permission adjustment request initiated by the terminal is received, the permission adjustment request is forwarded to the main terminal.
可理解的是,主终端作为账号归属者的终端,应具备对该账号使用的全部权限,其账号归属者应享有任意支配各副终端的享有权限的权利,因此,在本实施例中,若处于在线状态的终端包括主终端和副终端,则无需服务器参与相应的安全性验证和动态调整副终端的权限的操作,可直接通过服务器将副终端所发起的权限调整请求发送至主终端,通过该主终端的归属者配置相应副终端的权限即可。It is understandable that the main terminal, as the terminal of the account owner, should have all the permissions to use the account, and the account owner should have the right to arbitrarily control the permissions of each sub-terminal. Therefore, in this embodiment, if the terminals in the online state include the main terminal and the sub-terminal, there is no need for the server to participate in the corresponding security verification and dynamic adjustment of the permissions of the sub-terminal. The permission adjustment request initiated by the sub-terminal can be directly sent to the main terminal through the server, and the permissions of the corresponding sub-terminal can be configured by the owner of the main terminal.
S42,通过所述主终端显示所述权限调整请求的具体内容,以供所述主终端的用户根据所述权限调整请求,确定是否调整所述副终端预配置的权限。S42, displaying the specific content of the permission adjustment request through the main terminal, so that the user of the main terminal can determine whether to adjust the permission pre-configured by the secondary terminal according to the permission adjustment request.
可理解的是,在主终端接收到服务器转发的权限调整请求后,可将该权限调整请求以询问的方式或权限配置信息表的方式,通过该主终端的显示单元进行显示,其权限调整请求的具体内容可包括副终端所需要的权限情况,例如,副终端想要申请浏览账号内全部信息的权限,从而主终端的用户(账号归属者)可根据在主终端上显示的具体内容,确定是否调整副终端预配置的权限,若是,则通过服务器,调整该副终端的权限,若否,则通过服务器反馈该副终端权限申请失败的信息,并不对该副终端发起的权限调整申请进行响应。It is understandable that after the main terminal receives the permission adjustment request forwarded by the server, the permission adjustment request can be displayed through the display unit of the main terminal in the form of an inquiry or a permission configuration information table. The specific content of the permission adjustment request may include the permission required by the sub-terminal. For example, the sub-terminal wants to apply for the permission to browse all information in the account, so that the user of the main terminal (account owner) can determine whether to adjust the pre-configured permissions of the sub-terminal according to the specific content displayed on the main terminal. If so, the permissions of the sub-terminal are adjusted through the server. If not, the server will feedback the information that the permission application of the sub-terminal failed, and will not respond to the permission adjustment application initiated by the sub-terminal.
本实施例,在主终端和副终端均在线,且副终端发起相应的权限调整请求时,将该权限调整请求直接转发至主终端,从而实现主终端对应的用户实时对该权限调整请求进行实时调整的效果,同时,可通过此方式,直接依托主终端对应用户的主观想法,保证对副终端权限配置的精准性。In this embodiment, when both the main terminal and the sub-terminal are online and the sub-terminal initiates a corresponding permission adjustment request, the permission adjustment request is directly forwarded to the main terminal, so that the user corresponding to the main terminal can make real-time adjustments to the permission adjustment request. At the same time, in this way, the accuracy of the permission configuration of the sub-terminal can be guaranteed by directly relying on the subjective ideas of the user corresponding to the main terminal.
此外,本申请实施例还提出一种终端权限配置装置,参照图5,所述终端权限配置装置包括:In addition, the embodiment of the present application also proposes a terminal authority configuration device. Referring to FIG. 5 , the terminal authority configuration device includes:
配置模块10,用于在同一账号对应的至少一个终端处于在线状态的情况下,将预配置的不同访问范围的权限对应分配至不同的终端,以供所述不同的终端根据所述不同的访问范围显示不同的内容。The configuration module 10 is used to allocate pre-configured permissions of different access ranges to different terminals when at least one terminal corresponding to the same account is online, so that the different terminals can display different contents according to the different access ranges.
本实施例通过在同一账号对应的至少一个终端处于在线状态的情况下,将预配置的不同访问范围的权限对应分配至不同的终端,以供所述不同的终端根据所述不同的访问范围显示不同的内容,即通过对同一账号对应的不同终端的权限进行预配置,从而保证多个终端所配置的权限差异,限制不同终端所能浏览到的信息的范围,进而避免多个终端共用一个账号时,不同的终端对该账号造成相应信息的损失的情况,即通过控制同一账号的多个终端所配置的权限问题,保证了该账号内的信息的安全性。This embodiment distributes pre-configured permissions of different access ranges to different terminals when at least one terminal corresponding to the same account is online, so that the different terminals can display different content according to the different access ranges. That is, permissions of different terminals corresponding to the same account are pre-configured to ensure differences in permissions configured for multiple terminals, limit the scope of information that can be browsed by different terminals, and avoid the situation where different terminals cause loss of corresponding information of the account when multiple terminals share the same account. That is, the security of information in the account is guaranteed by controlling the permissions configured for multiple terminals of the same account.
需要说明的是,上述装置中的各模块可用于实现上述方法中的各个步骤,同时达到相应的技术效果,本实施例在此不再赘述。It should be noted that each module in the above-mentioned device can be used to implement each step in the above-mentioned method and achieve corresponding technical effects, which will not be described in detail in this embodiment.
参照图6,图6为本申请实施例方案涉及的硬件运行环境的设备的结构示意图。Refer to Figure 6, which is a schematic diagram of the structure of the device of the hardware operating environment involved in the embodiment of the present application.
如图6所示,该设备可以包括:处理器1001,例如CPU,通信总线1002、用户接口1003,网络接口1004,存储器1005。其中,通信总线1002用于实现这些组件之间的连接通信。用户接口1003可以包括显示屏(Display)、输入单元比如键盘(Keyboard),可选用户接口1003还可以包括标准的有线接口、无线接口。网络接口1004可选的可以包括标准的有线接口、无线接口(如WI-FI接口)。存储器1005可以是高速RAM存储器,也可以是稳定的存储器(non-volatile memory),例如磁盘存储器。存储器1005可选的还可以是独立于前述处理器1001的存储装置。As shown in Figure 6, the device may include: a processor 1001, such as a CPU, a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Among them, the communication bus 1002 is used to realize the connection and communication between these components. The user interface 1003 may include a display screen (Display), an input unit such as a keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface and a wireless interface. The network interface 1004 may optionally include a standard wired interface and a wireless interface (such as a WI-FI interface). The memory 1005 may be a high-speed RAM memory, or a stable memory (non-volatile memory), such as a disk memory. The memory 1005 may also be a storage device independent of the aforementioned processor 1001.
本领域技术人员可以理解,图6中示出的结构并不构成对设备的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。Those skilled in the art will appreciate that the structure shown in FIG. 6 does not constitute a limitation on the device, and may include more or fewer components than shown in the figure, or a combination of certain components, or a different arrangement of components.
如图6所示,作为一种计算机存储介质的存储器1005中可以包括操作系统、网络通信模块、用户接口模块以及终端权限配置程序。As shown in FIG. 6 , the memory 1005 as a computer storage medium may include an operating system, a network communication module, a user interface module, and a terminal authority configuration program.
在图6所示的设备中,网络接口1004主要用于与外部网络进行数据通信;用户接口1003主要用于接收用户的输入指令;所述设备通过处理器1001调用存储器1005中存储的终端权限配置程序,并执行以下操作:In the device shown in FIG6 , the network interface 1004 is mainly used for data communication with an external network; the user interface 1003 is mainly used for receiving input instructions from a user; the device calls the terminal authority configuration program stored in the memory 1005 through the processor 1001, and performs the following operations:
在同一账号对应的至少一个终端处于在线状态的情况下,将预配置的不同访问范围的权限对应分配至不同的终端,以供所述不同的终端根据所述不同的访问范围显示不同的内容。When at least one terminal corresponding to the same account is online, pre-configured permissions of different access ranges are allocated to different terminals, so that the different terminals can display different contents according to the different access ranges.
进一步地,处理器1001可以调用存储器1005中存储的终端权限配置程序,还执行以下操作:Further, the processor 1001 may call the terminal authority configuration program stored in the memory 1005, and further perform the following operations:
在同一账号对应的至少一个副终端处于在线状态的情况下,若接收到所述副终端发起的权限调整请求,则确定发起所述权限调整请求的副终端的数量;When at least one sub-terminal corresponding to the same account is in an online state, if a permission adjustment request initiated by the sub-terminal is received, determining the number of sub-terminals that initiate the permission adjustment request;
若所述数量小于等于预设阈值,则对所述副终端的操作行为进行安全性验证;If the number is less than or equal to a preset threshold, performing security verification on the operation behavior of the secondary terminal;
若安全性验证的结果为安全,则调整所述终端预配置的权限;If the result of the security verification is safe, adjusting the pre-configured permissions of the terminal;
或,or,
在同一账号对应的至少一个副终端处于在线状态的情况下,若接收到所述副终端发起的权限调整请求,则确定发起所述权限调整请求的副终端的数量;When at least one sub-terminal corresponding to the same account is in an online state, if a permission adjustment request initiated by the sub-terminal is received, determining the number of sub-terminals that initiate the permission adjustment request;
若所述数量大于预设阈值,则对所述副终端的身份信息进行安全性验证;If the number is greater than a preset threshold, performing security verification on the identity information of the secondary terminal;
若安全性验证的结果为安全,则调整所述终端预配置的权限。If the result of the security verification is safe, the pre-configured permissions of the terminal are adjusted.
进一步地,处理器1001可以调用存储器1005中存储的终端权限配置程序,还执行以下操作:Further, the processor 1001 may call the terminal authority configuration program stored in the memory 1005, and further perform the following operations:
若所述数量小于等于预设阈值,则确定所述副终端在预设时长内的操作行为的可靠性指数;If the number is less than or equal to a preset threshold, determining a reliability index of the operation behavior of the secondary terminal within a preset time period;
若所述可靠性指数介于预设指数范围内,则确定安全性验证的结果为安全;If the reliability index is within a preset index range, the result of the safety verification is determined to be safe;
若所述可靠性指数未介于预设指数范围内,则反馈权限申请失败信息至所述副终端,以供所述副终端显示所述权限申请失败信息的内容至相应用户。If the reliability index is not within the preset index range, permission application failure information is fed back to the secondary terminal, so that the secondary terminal displays the content of the permission application failure information to the corresponding user.
进一步地,处理器1001可以调用存储器1005中存储的终端权限配置程序,还执行以下操作:Further, the processor 1001 may call the terminal authority configuration program stored in the memory 1005, and further perform the following operations:
获取所述副终端在预设时长内的操作行为数据、登录行为数据和异常行为数据;Acquiring operation behavior data, login behavior data and abnormal behavior data of the secondary terminal within a preset time period;
根据所述操作行为数据、所述登录行为数据和所述异常行为数据,更新所述副终端预配置的安全系数;updating a safety factor pre-configured on the secondary terminal according to the operation behavior data, the login behavior data and the abnormal behavior data;
根据更新后的安全系数,确定所述副终端在预设时长内的操作行为的可靠性指数。According to the updated safety factor, a reliability index of the operation behavior of the secondary terminal within a preset time period is determined.
进一步地,处理器1001可以调用存储器1005中存储的终端权限配置程序,还执行以下操作:Further, the processor 1001 may call the terminal authority configuration program stored in the memory 1005, and further perform the following operations:
若所述数量大于预设阈值,则根据所述副终端的权限相关数据,生成权限编码;If the number is greater than a preset threshold, generating a permission code according to the permission-related data of the secondary terminal;
将所述权限编码发送至所述副终端,以供所述副终端根据所述权限编码和所述副终端所对应的权限,生成用于进行身份验证的私钥;sending the permission code to the secondary terminal, so that the secondary terminal can generate a private key for identity authentication according to the permission code and the permission corresponding to the secondary terminal;
从所述副终端处接收所述私钥,并根据所述私钥,对所述副终端进行身份验证,并在验证通过时,将安全性验证的结果所涉及的权限相关信息反馈至所述副终端。The private key is received from the secondary terminal, and identity verification is performed on the secondary terminal according to the private key. When the verification is successful, permission-related information involved in the result of the security verification is fed back to the secondary terminal.
进一步地,处理器1001可以调用存储器1005中存储的终端权限配置程序,还执行以下操作:Further, the processor 1001 may call the terminal authority configuration program stored in the memory 1005, and further perform the following operations:
将所述私钥中包含的所述副终端的权限和预设的权限进行一致性比对,并将所述私钥中包含的权限编码和最初生成的权限编码进行一致性比对;Comparing the permissions of the secondary terminal contained in the private key with the preset permissions for consistency, and comparing the permissions code contained in the private key with the initially generated permissions code for consistency;
若一致性比对的结果均为一致,则验证通过。If the results of the consistency comparison are all consistent, the verification is passed.
进一步地,处理器1001可以调用存储器1005中存储的终端权限配置程序,还执行以下操作:Further, the processor 1001 may call the terminal authority configuration program stored in the memory 1005, and further perform the following operations:
在所述同一账号对应的主终端和至少一个副终端处于在线状态的情况下,若接收到所述终端发起的权限调整请求,则将所述权限调整请求转发至所述主终端;When the main terminal and at least one secondary terminal corresponding to the same account are online, if a permission adjustment request initiated by the terminal is received, forwarding the permission adjustment request to the main terminal;
通过所述主终端显示所述权限调整请求的具体内容,以供所述主终端的用户根据所述权限调整请求,确定是否调整所述副终端预配置的权限。The specific content of the permission adjustment request is displayed by the main terminal, so that the user of the main terminal can determine whether to adjust the permission pre-configured by the secondary terminal according to the permission adjustment request.
本实施例通过在同一账号对应的至少一个终端处于在线状态的情况下,将预配置的不同访问范围的权限对应分配至不同的终端,以供所述不同的终端根据所述不同的访问范围显示不同的内容,即通过对同一账号对应的不同终端的权限进行预配置,从而保证多个终端所配置的权限差异,限制不同终端所能浏览到的信息的范围,进而避免多个终端共用一个账号时,不同的终端对该账号造成相应信息的损失的情况,即通过控制同一账号的多个终端所配置的权限问题,保证了该账号内的信息的安全性。This embodiment distributes pre-configured permissions of different access ranges to different terminals when at least one terminal corresponding to the same account is online, so that the different terminals can display different content according to the different access ranges. That is, permissions of different terminals corresponding to the same account are pre-configured to ensure differences in permissions configured for multiple terminals, limit the scope of information that can be browsed by different terminals, and avoid the situation where different terminals cause loss of corresponding information of the account when multiple terminals share the same account. That is, the security of information in the account is guaranteed by controlling the permissions configured for multiple terminals of the same account.
此外,本申请实施例还提出一种计算机可读存储介质,所述计算机可读存储介质上存储有终端权限配置程序,所述终端权限配置程序被处理器执行时实现如下操作:In addition, the embodiment of the present application further proposes a computer-readable storage medium, on which a terminal authority configuration program is stored, and when the terminal authority configuration program is executed by a processor, the following operations are implemented:
在同一账号对应的至少一个终端处于在线状态的情况下,将预配置的不同访问范围的权限对应分配至不同的终端,以供所述不同的终端根据所述不同的访问范围显示不同的内容。When at least one terminal corresponding to the same account is online, pre-configured permissions of different access ranges are allocated to different terminals, so that the different terminals can display different contents according to the different access ranges.
本实施例通过在同一账号对应的至少一个终端处于在线状态的情况下,将预配置的不同访问范围的权限对应分配至不同的终端,以供所述不同的终端根据所述不同的访问范围显示不同的内容,即通过对同一账号对应的不同终端的权限进行预配置,从而保证多个终端所配置的权限差异,限制不同终端所能浏览到的信息的范围,进而避免多个终端共用一个账号时,不同的终端对该账号造成相应信息的损失的情况,即通过控制同一账号的多个终端所配置的权限问题,保证了该账号内的信息的安全性。This embodiment distributes pre-configured permissions of different access ranges to different terminals when at least one terminal corresponding to the same account is online, so that the different terminals can display different content according to the different access ranges. That is, permissions of different terminals corresponding to the same account are pre-configured to ensure differences in permissions configured for multiple terminals, limit the scope of information that can be browsed by different terminals, and avoid the situation where different terminals cause loss of corresponding information of the account when multiple terminals share the same account. That is, the security of information in the account is guaranteed by controlling the permissions configured for multiple terminals of the same account.
需要说明的是,上述计算机可读存储介质被处理器执行时还可实现上述方法中的各个步骤,同时达到相应的技术效果,本实施例在此不再赘述。It should be noted that when the above-mentioned computer-readable storage medium is executed by a processor, it can also implement the various steps in the above-mentioned method and achieve the corresponding technical effects, which will not be described in detail in this embodiment.
需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者系统不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者系统所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者系统中还存在另外的相同要素。It should be noted that, in this article, the terms "include", "comprises" or any other variations thereof are intended to cover non-exclusive inclusion, so that a process, method, article or system including a series of elements includes not only those elements, but also other elements not explicitly listed, or also includes elements inherent to such process, method, article or system. In the absence of further restrictions, an element defined by the sentence "comprises a ..." does not exclude the existence of other identical elements in the process, method, article or system including the element.
上述本申请实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the above-mentioned embodiments of the present application are for description only and do not represent the advantages or disadvantages of the embodiments.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在如上所述的一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本申请各个实施例所述的方法。Through the description of the above implementation methods, those skilled in the art can clearly understand that the above-mentioned embodiment methods can be implemented by means of software plus a necessary general hardware platform, and of course by hardware, but in many cases the former is a better implementation method. Based on such an understanding, the technical solution of the present application is essentially or the part that contributes to the prior art can be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) as described above, and includes a number of instructions for a terminal device (which can be a mobile phone, computer, server, air conditioner, or network device, etc.) to execute the methods described in each embodiment of the present application.
以上仅为本申请的优选实施例,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本申请的专利保护范围内。The above are only preferred embodiments of the present application, and are not intended to limit the patent scope of the present application. Any equivalent structure or equivalent process transformation made using the contents of the present application specification and drawings, or directly or indirectly applied in other related technical fields, are also included in the patent protection scope of the present application.
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311329535.9A CN118797668A (en) | 2023-10-13 | 2023-10-13 | Terminal authority configuration method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311329535.9A CN118797668A (en) | 2023-10-13 | 2023-10-13 | Terminal authority configuration method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118797668A true CN118797668A (en) | 2024-10-18 |
Family
ID=93026515
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311329535.9A Pending CN118797668A (en) | 2023-10-13 | 2023-10-13 | Terminal authority configuration method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118797668A (en) |
-
2023
- 2023-10-13 CN CN202311329535.9A patent/CN118797668A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9473505B1 (en) | Management of third party access privileges to web services | |
| US11537752B2 (en) | Unified system for authentication and authorization | |
| KR102313859B1 (en) | Authority transfer system, control method therefor, and client | |
| US20220173891A1 (en) | Apparatus and method for managing personal information | |
| CN109428947B (en) | Authority transfer system, control method thereof and storage medium | |
| US20250232046A1 (en) | Method for accessing application and apparatus, electronic device, and storage medium | |
| KR101718277B1 (en) | Surveillance online identity | |
| JP5509334B2 (en) | Method for managing access to protected resources in a computer network, and physical entity and computer program therefor | |
| CN101589361B (en) | Methods for controlling the distribution and use of digital identity representations | |
| WO2021169107A1 (en) | Internet identity protection method and apparatus, electronic device, and storage medium | |
| CN112380511B (en) | Account control method, device, equipment and computer readable storage medium | |
| EP1645971B1 (en) | Database access control method, database access controller, agent processing server, database access control program, and medium recording the program | |
| US20100100950A1 (en) | Context-based adaptive authentication for data and services access in a network | |
| US12132717B2 (en) | Identity information linking | |
| US10902107B2 (en) | Information processing system, information processing device, server device, method of controlling information processing system, and program | |
| US20130019295A1 (en) | Method and system for open authentication | |
| US20020049912A1 (en) | Access control method | |
| CA3051066A1 (en) | Dynamic implementation and management of hash-based consent and permissioning protocols | |
| CN105659558A (en) | Multiple resource servers with single, flexible, pluggable OAuth server and OAuth-protected RESTful OAuth consent management service, and mobile application single sign on OAuth service | |
| CN111355726A (en) | Identity authorization login method and device, electronic equipment and storage medium | |
| CN115022090B (en) | A data sharing method, system, electronic device and computer storage medium | |
| CN102571874B (en) | On-line audit method and device in distributed system | |
| US20080148349A1 (en) | Authorization to use content | |
| CN116915493A (en) | Secure login methods, devices, systems, computer equipment and storage media | |
| US8516602B2 (en) | Methods, apparatuses, and computer program products for providing distributed access rights management using access rights filters |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |