Search

CN-114186253-B - Authority management method and device based on double verification and electronic equipment

CN114186253BCN 114186253 BCN114186253 BCN 114186253BCN-114186253-B

Abstract

The invention relates to the technical field of computers, in particular to a permission management method, a permission management device and electronic equipment based on double verification, which comprise the steps of obtaining a request of a user for accessing security data; the method comprises the steps of carrying out functional authority verification on a request of safety data to obtain a first verification result, carrying out data keyword verification on the request of the safety data to obtain a second verification result, and authorizing a user to access the authority and loading safety data corresponding to the request of the safety data when the first verification result and the second verification result are verified successfully. The invention improves the safety of accessing the safety data by carrying out double verification on the functional authority and the data key words, and avoids the problem that the safety system is single in authority authentication.

Inventors

  • GUO JIA
  • WU YECHAO
  • LIU FANGZHOU
  • Ren Tianyue
  • LIU HUIYAO
  • LI SHANSHAN
  • LI BING

Assignees

  • 上海淇玥信息技术有限公司

Dates

Publication Date
20260512
Application Date
20211210

Claims (6)

  1. 1. A rights management method based on dual authentication, comprising: Acquiring a request of a user for accessing the security data; performing functional authority verification on the request of the safety data to obtain a first verification result, wherein the functional authority adopts a role to perform authority authorization, and a user realizes minimum authority of the user and data isolation by inheriting the role authority, so that the users are mutually independent; The method comprises the steps of obtaining a plurality of pieces of safety data from a safety database, carrying out keyword identification on each piece of safety data to obtain identification safety data so as to facilitate division of data authority, authorizing a data keyword corresponding to the identification safety data to a user, wherein each piece of safety data is provided with one or more identifications of the data keyword; performing data keyword verification on the request of the safety data to obtain a second verification result, wherein the data keyword verification comprises the steps of judging whether the data keyword authorized to a user exists in the request of the safety data or not; And when the first verification result and the second verification result are verified successfully, the matched identification security data corresponding to the data keywords in the request of the security data are matched based on the user access rights, and the matched identification security data are loaded, so that different data rights are matched for different users through the double verification authorization of the functional rights and the data rights, and the security protection of the security data is realized.
  2. 2. The dual authentication-based rights management method of claim 1, wherein obtaining the second authentication result comprises: Judging whether the data key words exist in the request of the safety data or not; and when the data key word exists in the request of the safety data, the second verification result is verification success.
  3. 3. A rights management apparatus based on double authentication, comprising: the request acquisition module is used for acquiring a request of a user for accessing the security data; the system comprises a first verification module, a second verification module and a third verification module, wherein the first verification module is used for verifying the function authority of the request of the safety data to obtain a first verification result, the function authority adopts a role to carry out authority authorization, and a user realizes minimum authority of the user by inheriting the authority of the role and realizes data isolation so that the users are mutually independent; The data acquisition module is used for acquiring a plurality of pieces of safety data from the safety database; The key word identification module is used for carrying out key word identification on each piece of safety data to obtain identification safety data so as to facilitate the division of the data authority, and authorizing the data key words corresponding to the identification safety data to a user, wherein each piece of safety data is provided with one or more identifications of the data key words; The second verification module is used for carrying out data keyword verification on the request of the safety data to obtain a second verification result, wherein the data keyword verification comprises the steps of judging whether the data keyword authorized to a user exists in the request of the safety data or not; And the data reading module is used for loading the matched identification safety data based on the user access authority to match the identification safety data corresponding to the data keywords in the request of the safety data when the first verification result and the second verification result are verified successfully, so that different data authorities are matched for different users through the double verification authority of the functional authority and the data authority, and safety protection of the safety data is realized.
  4. 4. A dual authentication-based rights management unit as defined in claim 3, wherein said second authentication module comprises: a judging unit, configured to judge whether the data key exists in the request for the security data; And the verification unit is used for verifying the second verification result to be successful when the data key word exists in the request of the safety data.
  5. 5. An electronic device, wherein the electronic device comprises: Processor, and Memory storing a computer executable program which, when executed, causes the processor to perform the method according to any one of claims 1-2.
  6. 6. A computer readable storage medium, wherein the computer readable storage medium stores one or more programs which, when executed by a processor, implement the method of any of claims 1-2.

Description

Authority management method and device based on double verification and electronic equipment Technical Field The present invention relates to the field of computer technologies, and in particular, to a rights management method and apparatus based on dual verification, and an electronic device. Background The security system is mainly represented by an application system for verifying the identity and the authority of a user and managing the authority. The requirements of authority authentication and management on a security system are strict, the existing authority management verification mechanism is too single and is complex to use, and the authority allocation of the function module is usually carried out on the operation side of the function module, or the specific operation allocation is added on the function module, as shown in fig. 1. The security system is only dependent on the authority design and verification of functions and operations, and cannot meet the requirements of the security system, because the security system needs to strictly authorize and divide specific data content, the existing security system has a single authentication mode and low security, which is a problem to be solved. Disclosure of Invention The invention provides a rights management method, a rights management device and electronic equipment based on double verification, which are used for improving the security of access to secure data and guaranteeing the data security of a security system. The embodiment of the specification provides a rights management method based on double verification, which comprises the following steps: Acquiring a request of a user for accessing the security data; Performing functional authority verification on the request of the safety data to obtain a first verification result; performing data keyword verification on the request of the security data to obtain a second verification result; And when the first verification result and the second verification result are verified successfully, authorizing the user to access the permission and loading the security data corresponding to the request of the security data. Preferably, before the data key verification is performed on the request for the security data, the method includes: acquiring a plurality of pieces of security data from a security database; carrying out keyword identification on each piece of safety data to obtain identification safety data; And authorizing the data key words corresponding to the identification safety data to the target user. Preferably, the obtaining the second verification result includes: Judging whether the data key words exist in the request of the safety data or not; and when the data key word exists in the request of the safety data, the second verification result is verification success. Preferably, the authorizing the user to access the authority and loading the security data corresponding to the request for reading the security data includes: and based on the access authority of the user, matching the identification security data corresponding to the data keywords in the request of the security data, and loading the matched identification security data. Preferably, the function authority adopts a role to authorize the authority, and the user belongs to a role and inherits the authority of the role. Preferably, each piece of said security data has an identification of one or more of said data keys. The embodiment of the specification also provides a rights management device based on double verification, which comprises: the request acquisition module is used for acquiring a request of a user for accessing the security data; The first verification module is used for performing functional authority verification on the request of the safety data to obtain a first verification result; the second verification module is used for carrying out data keyword verification on the request of the safety data to obtain a second verification result; And the data reading module is used for authorizing the user to access the permission and loading the security data corresponding to the request of the security data when the first verification result and the second verification result are verified successfully. Preferably, the apparatus further comprises: The data acquisition module is used for acquiring a plurality of pieces of safety data from the safety database; the keyword identification module is used for carrying out keyword identification on each piece of safety data to obtain identification safety data; And the authorization module is used for authorizing the data keywords corresponding to the identification safety data to the target user. Preferably, the second verification module includes: a judging unit, configured to judge whether the data key exists in the request for the security data; And the verification unit is used for verifying the second verification result to be successful when the data key word exists in