Nothing Special   »   [go: up one dir, main page]

CN111769956B - Service processing method, device, equipment and medium - Google Patents

Service processing method, device, equipment and medium Download PDF

Info

Publication number
CN111769956B
CN111769956B CN202010614664.2A CN202010614664A CN111769956B CN 111769956 B CN111769956 B CN 111769956B CN 202010614664 A CN202010614664 A CN 202010614664A CN 111769956 B CN111769956 B CN 111769956B
Authority
CN
China
Prior art keywords
target
user
attribute information
service
application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010614664.2A
Other languages
Chinese (zh)
Other versions
CN111769956A (en
Inventor
曹飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Saiante Technology Service Co Ltd
Original Assignee
Shenzhen Saiante Technology Service Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Saiante Technology Service Co Ltd filed Critical Shenzhen Saiante Technology Service Co Ltd
Priority to CN202010614664.2A priority Critical patent/CN111769956B/en
Publication of CN111769956A publication Critical patent/CN111769956A/en
Application granted granted Critical
Publication of CN111769956B publication Critical patent/CN111769956B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the application discloses a service processing method, a service processing device, service processing equipment and a service processing medium, relates to a cloud security technology in cloud computing, and can be applied to a block chain network. The service processing method comprises the following steps: acquiring a service request of a target user for a target application associated with a user management platform, wherein the service request comprises attribute information and a service type of the target user; determining the application type of the target application according to the service type of the target user; if the target application belongs to the external application type, verifying the attribute information of the target user by adopting an external verification strategy; and if the attribute information of the target user passes the verification, acquiring the service authority corresponding to the target user, and providing user service for the target user according to the service authority. By the method and the device, effective management of the user can be realized, and the flexibility of the user management platform is improved.

Description

Service processing method, device, equipment and medium
Technical Field
The present application relates to the field of network communication technologies, and in particular, to a method, an apparatus, a device, and a medium for processing a service.
Background
Companies and company products have a plurality of information systems and subsystems when the companies and the company products come into the market, and each system needs an independent user management system to establish authority control respectively. The user management system is repeatedly created, and resources are wasted. Moreover, users in the system need the authority of a plurality of subsystems, all the systems need to be opened, single sign-on is used, the users are opened, then the respective systems establish corresponding authorities, and management is troublesome. The system access does not have a uniform technical system, and the front end or a third party is relatively complicated to access.
Disclosure of Invention
Embodiments of the present application provide a service processing method, apparatus, device, and medium, which can implement effective management on a user and improve flexibility of a user management platform.
In a first aspect, an embodiment of the present application provides a service processing method, where the method includes:
acquiring a service request of a target user for a target application associated with a user management platform, wherein the service request comprises attribute information and a service type of the target user;
determining the application type of the target application according to the service type of the target user;
if the target application belongs to the external application type, verifying the attribute information of the target user by adopting an external verification strategy, wherein the external verification strategy is a strategy for verifying the attribute information of the target user by service equipment corresponding to the target application;
and if the attribute information of the target user passes the verification, acquiring the service authority corresponding to the target user, and providing user service for the target user according to the service authority.
Wherein, the verifying the attribute information of the target user by adopting an external verification strategy comprises:
encrypting the attribute information of the target user to obtain encrypted attribute information;
sending the encrypted attribute information to service equipment corresponding to the target application, so that the service equipment decrypts the encrypted attribute information by adopting a private key corresponding to the target application to obtain the attribute information of the target user, and verifying the attribute information of the target user;
and receiving a verification result returned by the service equipment, wherein the verification result comprises that the attribute information of the target user passes verification or that the attribute information of the target user fails verification.
The encrypting the attribute information of the target user to obtain the encrypted attribute information includes:
acquiring attribute information of the target application;
generating a public key corresponding to the target application according to the attribute information of the target application, wherein the attribute information of the target application comprises at least one of the association time of the target application and the user management platform, the version number of the target application and the name of the target application;
and encrypting the attribute information of the target user by adopting the public key corresponding to the target application to obtain the encrypted attribute information.
Wherein the generating a public key corresponding to the target application according to the attribute information of the target application includes:
generating a key random number according to the attribute information of the target application;
and generating a key pair corresponding to the target application by adopting the key random number, wherein the key pair comprises a public key corresponding to the target application.
Wherein the method further comprises:
and if the target application belongs to the internal application type, verifying the attribute information of the target user by adopting an internal verification strategy, wherein the internal verification strategy is a strategy for verifying the attribute information of the target user by the user management platform.
Wherein, the verifying the attribute information of the target user by adopting the internal verification strategy comprises:
generating a user password by adopting the attribute information of the target user;
acquiring attribute information of the user password, wherein the attribute information of the user password comprises at least one of the length of the user password, the generation time of the user password and the format of the user password;
and if the attribute information of the user password meets the user password generation condition, determining that the attribute information of the target user passes verification.
Wherein, the determining the application type of the target application according to the service type of the target user comprises:
acquiring a corresponding relation between the service type of the target user and a mechanism;
determining a target mechanism corresponding to the service type of the target user according to the corresponding relation;
and determining the application type of the target application according to the target mechanism.
In a second aspect, an embodiment of the present application provides a service processing apparatus, where the apparatus includes:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring a service request of a target user for a target application associated with a user management platform, and the service request comprises attribute information and a service type of the target user;
the determining module is used for determining the application type of the target application according to the service type of the target user;
the first verification module is used for verifying the attribute information of the target user by adopting an external verification strategy if the target application belongs to an external application type, wherein the external verification strategy is a strategy for verifying the attribute information of the target user by service equipment corresponding to the target application;
and the second acquisition module is used for acquiring the service authority corresponding to the target user if the attribute information of the target user passes the verification, and providing user service for the target user according to the service authority.
Wherein the first authentication module comprises:
the encryption unit is used for encrypting the attribute information of the target user to obtain the encrypted attribute information;
a sending unit, configured to send the encrypted attribute information to a service device corresponding to the target application, so that the service device decrypts the encrypted attribute information by using a private key corresponding to the target application to obtain the attribute information of the target user, and verifies the attribute information of the target user;
and the receiving unit is used for receiving a verification result returned by the service equipment, wherein the verification result comprises that the attribute information of the target user passes verification or that the attribute information of the target user fails verification.
Wherein the encryption unit is specifically configured to:
acquiring attribute information of the target application;
generating a public key corresponding to the target application according to the attribute information of the target application, wherein the attribute information of the target application comprises at least one of the association time of the target application and the user management platform, the version number of the target application and the name of the target application;
and encrypting the attribute information of the target user by adopting the public key corresponding to the target application to obtain the encrypted attribute information.
Wherein the generating a public key corresponding to the target application according to the attribute information of the target application includes:
generating a key random number according to the attribute information of the target application;
and generating a key pair corresponding to the target application by adopting the key random number, wherein the key pair comprises a public key corresponding to the target application.
Wherein the apparatus further comprises:
and the second verification module is used for verifying the attribute information of the target user by adopting an internal verification strategy if the target application belongs to an internal application type, wherein the internal verification strategy is a strategy for verifying the attribute information of the target user by the user management platform.
Wherein the second authentication module comprises:
a generating unit, configured to generate a user password using the attribute information of the target user;
a first obtaining unit, configured to obtain attribute information of the user password, where the attribute information of the user password includes at least one of a length of the user password, a generation time of the user password, and a format of the user password;
and the first determining unit is used for determining that the attribute information of the target user passes the verification if the attribute information of the user password meets the user password generation condition.
Wherein the determining module comprises:
a second obtaining unit, configured to obtain a correspondence between a service type of the target user and an organization;
a second determining unit, configured to determine, according to the correspondence, a target mechanism corresponding to the service type of the target user;
and the third determining unit is used for determining the application type of the target application according to the target mechanism.
In a third aspect, an embodiment of the present application provides an electronic device, which includes a processor adapted to implement one or more instructions; and the number of the first and second groups,
a computer storage medium storing one or more instructions adapted to be loaded by the processor and to perform the steps of:
acquiring a service request of a target user for a target application associated with a user management platform, wherein the service request comprises attribute information and a service type of the target user;
determining the application type of the target application according to the service type of the target user;
if the target application belongs to the external application type, verifying the attribute information of the target user by adopting an external verification strategy, wherein the external verification strategy is a strategy for verifying the attribute information of the target user by service equipment corresponding to the target application;
and if the attribute information of the target user passes the verification, acquiring the service authority corresponding to the target user, and providing user service for the target user according to the service authority.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, including: the computer storage medium stores one or more instructions adapted to be loaded by a processor and perform the steps of:
acquiring a service request of a target user for a target application associated with a user management platform, wherein the service request comprises attribute information and a service type of the target user;
determining the application type of the target application according to the service type of the target user;
if the target application belongs to the external application type, verifying the attribute information of the target user by adopting an external verification strategy, wherein the external verification strategy is a strategy for verifying the attribute information of the target user by service equipment corresponding to the target application;
and if the attribute information of the target user passes the verification, acquiring the service authority corresponding to the target user, and providing user service for the target user according to the service authority.
The embodiment of the application discloses a service processing method, a device, equipment and a storage medium, wherein the service processing method comprises the following steps: acquiring a service request of a target user for a target application associated with a user management platform, wherein the service request comprises attribute information and a service type of the target user; determining the application type of the target application according to the service type of the target user; if the target application belongs to the external application type, verifying the attribute information of the target user by adopting an external verification strategy; and if the attribute information of the target user passes the verification, acquiring the service authority corresponding to the target user, and providing user service for the target user according to the service authority. By adopting the method and the device, the attribute information of the target user is verified by adopting different verification strategies according to the application types of the target applications corresponding to different target users, and after the verification is passed, the user service is provided for the target user according to the service authority corresponding to the target user, so that the effective management of the user is realized, and the waste of resources is avoided; if the target application belongs to the external application type, the attribute information of the target user is verified according to the service equipment corresponding to the target application, the user can be completely verified without acquiring the account and the password of the user belonging to the external application type by the user management platform, and the safety of user information can be improved; in addition, different target users provide different service authorities, and the flexibility of the user management platform for managing the users is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic flowchart of a service processing method according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a user management platform according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an object model corresponding to a user service provided in an embodiment of the present application;
fig. 4 is a schematic diagram illustrating verification of attribute information of a target user by using an external verification policy according to an embodiment of the present application
Fig. 5 is a schematic flowchart of another service processing method provided in the embodiment of the present application;
fig. 6 is a schematic structural diagram of a service processing apparatus according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of an electronic device according to another embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, of the embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Cloud computing (cloud computing) is a computing model that distributes computing tasks over a pool of resources formed by a large number of computers, enabling various application systems to obtain computing power, storage space, and information services as needed. The network that provides the resources is referred to as the "cloud". Resources in the "cloud" appear to the user as being infinitely expandable and available at any time, available on demand, expandable at any time, and paid for on-demand. Cloud computing mainly includes technologies such as Cloud storage, Cloud Security, big data and the like, wherein Cloud Security refers to a generic term of Security software, hardware, users, organizations and Security Cloud platforms applied based on a Cloud computing business model. The cloud security integrates emerging technologies and concepts such as parallel processing, grid computing and unknown virus behavior judgment, abnormal monitoring of software behaviors in the network is achieved through a large number of meshed clients, the latest information of trojans and malicious programs in the internet is obtained and sent to the server for automatic analysis and processing, and then the virus and trojan solution is distributed to each client.
The main research directions of cloud security include: 1. the cloud computing security mainly researches how to guarantee the security of the cloud and various applications on the cloud, including the security of a cloud computer system, the security storage and isolation of user data, user access authentication, information transmission security, network attack protection, compliance audit and the like; 2. the cloud of the security infrastructure mainly researches how to adopt cloud computing to newly build and integrate security infrastructure resources and optimize a security protection mechanism, and comprises the steps of constructing a super-large-scale security event and an information acquisition and processing platform through a cloud computing technology, realizing the acquisition and correlation analysis of mass information, and improving the handling control capability and the risk control capability of the security event of the whole network; 3. the cloud security service mainly researches various security services, such as anti-virus services and the like, provided for users based on a cloud computing platform. The application mainly relates to the aspect of user access authentication in the cloud security technology, and the access security can be improved by verifying the user attribute information of a scheme user management platform.
Please refer to fig. 1, which is a flowchart illustrating a service processing method according to an embodiment of the present application, where the service processing method is executed by an electronic device, and the service processing method includes the following steps S101 to S104.
S101, acquiring a service request of a target user for a target application associated with a user management platform, wherein the service request comprises attribute information and a service type of the target user.
In this embodiment of the application, the user management platform includes a plurality of applications, the application types of the plurality of applications in the user management platform include an external application type and an internal application type, and a target application corresponding to a target user is any one of the plurality of applications in the user management platform. The target user can send out a service request aiming at the target application associated with the user management platform, wherein the service request comprises the attribute information of the target user and the service type. The attribute information of the target user includes a user identification of the target user, a login password of the target user, and the like. The service types of the target users include internal service types and external service types, the internal service can be an internal service necessary for the operation of the company, and services with higher importance, such as financial management service, project management service, file storage service and the like, and the external service can be an external service which is complementary to the operation of the company, such as attendance service, communication management service and the like of the company.
As shown in fig. 2, a schematic structural diagram of a user management platform provided in an embodiment of the present application is shown, and as shown in fig. 2, the user management platform is implemented based on a micro service architecture, and a unified user service part is composed of three parts, that is, an internal gateway (gateway), an external gateway (openapi), and a user service. The internal gateway is a gateway accessed by an internal product or an internal system user layer and is realized by logging in based on a user account password; the external gateway is a gateway accessed by an external system; user services manage the work tenants, organization departments, users, subsystems, menu/application interface APIs, roles, user permissions, user authentication, and the like. And after the target users in the business application and the third-party application are verified and authenticated in the unified user service, the user service sends the business request of the target users to the business service, and the business service provides the user service for the target users according to the business authority of the target users. Through the three parts of the internal gateway, the external gateway and the user service, the management of a plurality of systems and a plurality of users can be realized, and flexible data control and authority management are provided for the subsystems. The user management platform includes a plurality of business applications and a plurality of third party applications. The plurality of service applications may be internal applications in the user management platform, the application type of the service application is an internal application type, the plurality of third-party applications are external applications in the user management platform, and the application type of the third-party applications is an external application type.
In addition, a third-party application can be added to the user management platform, and an internal gateway (gateway) and an external gateway (openapi) can provide a simple, effective and unified API route management mode for the micro-service architecture. Based on the technology of an internal gateway (gateway) and an external gateway (openapi), the subsystem added to the registry can be automatically identified. And dynamically configuring the routing of the internal gateway (gateway) and the external gateway (openapi) for accessing the micro-service for the newly added third party application through the configuration center. Wherein, the configuration center can be a configuration management platform apollo and the like. And adding subsystem and corresponding menu/api authority information and adding modification role information in user service.
As shown in fig. 3, the object model provided in the embodiment of the present application is a schematic diagram, and as shown in fig. 3, the object model includes six parts, namely, a tenant, an organization, a user, a subsystem, a menu/application interface (API), and a role, and can implement user service and user right management for a user in a user management platform according to the object model. The tenant can distinguish different user subjects, such as different companies, one company being a tenant. All service data of a service system accessed to the user management platform must be taken to the tenants, the service data of different tenants are isolated, and the same application function is provided for all the tenants in the user management platform. A tenant comprises a plurality of mechanisms which can form mechanism groups, a plurality of users in the tenant can be divided, for example, different employees of a company are divided into different mechanisms or mechanism groups according to different services and functions, so that a personnel organization structure system is established, a user management platform can isolate mechanism data on the basis of data isolation of the tenant according to the association among the mechanisms, and for example, after the data of each company is isolated, the department number of each department in China of each company is isolated. A tenant comprises a plurality of users, and a user may belong to a plurality of organizations or organization groups and is a specific operator of the service system. If a plurality of employees are needed in a company, each employee can play a plurality of roles and belong to members of a plurality of departments. Each accessed system in the user management platform corresponds to a subsystem. The menu is used for returning to a menu displayed by a front end after a target user logs in, and an application interface (API) is in a form of { METHD } @ URI, such as GET @/user/info/{ userCode }, corresponding to the API request each time. A user may have multiple roles and a role may have the authority of multiple menus/APIs for more than one subsystem. Based on the object model, flexible organization architecture and service data permission isolation can be established through a tenant and a mechanism, and then service permission of each user is effectively managed through the relation of a subsystem and a menu/application interface (API) under the corresponding role of the user. When the target user accesses, the authority which the target user can access can be known according to the relationship between the tenant and the mechanism of the target user, the subsystem of the corresponding role and a menu/application interface (API), and the complex data and the authority can be effectively managed through the data isolation and the authority control of the object model.
S102, determining the application type of the target application according to the service type of the target user.
After the user management platform obtains the service request of the target user for the target application associated with the user management platform, the application type of the target application can be determined according to the service type of the target user. If the service type of the target user is an internal service type, the application type of the target application corresponding to the target user can be an internal application type; if the service type of the target user is an external service type, the application type of the target application corresponding to the target user may be an internal application type.
Optionally, a corresponding relationship between the service type of the target user and the mechanism may be obtained, the target mechanism corresponding to the service type of the target user is determined according to the corresponding relationship between the service type and the mechanism, and the application type of the target application is determined according to the target mechanism.
The corresponding relation between each mechanism and the service type of each target user can be obtained, the target mechanism corresponding to the service type of the target user is determined according to the corresponding relation between the service type and the mechanism, and whether the target mechanism belongs to the mechanism inside the company or not is judged. If the target organization belongs to an internal organization of the company, the application type of the target application is an internal application type; if the target organization does not belong to an organization inside the company, the application type of the target application is an external application type. If the service type of the target user is the financial management service, determining that the target institution corresponding to the financial management service is the financial department and the institution in the company according to the corresponding relation between the service type and the institution, and determining that the target application corresponding to the target user is the internal application type. And if the service type of the target user is the attendance management service, determining that the target mechanism corresponding to the attendance management service belongs to the mechanism of the third-party application according to the corresponding relation between the service type and the mechanism, and determining that the target application corresponding to the target user is the external application type.
S103, if the target application belongs to the external application type, verifying the attribute information of the target user by adopting an external verification strategy.
And if the target application belongs to the external application type, verifying the attribute information of the target user by adopting an external verification strategy, wherein the external verification strategy is a strategy for verifying the attribute information of the target user by service equipment corresponding to the target application.
As shown in fig. 4, the schematic diagram is a schematic diagram of verifying attribute information of a target user by using an external verification policy according to an embodiment of the present application, and as shown in fig. 4, a method for verifying attribute information of a target user by using an external verification policy according to an embodiment of the present application includes steps S21-S23.
S21, encrypting the attribute information of the target user to obtain the encrypted attribute information;
in the embodiment of the application, a plurality of users accessed by the external application can be created in the background of the user management platform, and a public key (appkey) and a corresponding private key (appkey) corresponding to the external application are generated in the user management platform, and the public key (appkey) corresponding to the external application can mark the authority of the user. And then the public key (appkey) corresponding to the external application is provided for the external application through a offline mode. When a target user in a target application requests to access a service in a user management platform, acquiring attribute information of the target user, wherein the target user is any one of a plurality of users accessed by an external application. And then encrypting the attribute information of the target user to obtain the encrypted attribute information. The attribute information of the target user includes service request information of the target user, public key information corresponding to the target application, signature information corresponding to the target user, and timestamp information currently accessed by the target user, and the attribute information of the target user is encrypted according to the public key corresponding to the target application and in an alphabetical ordering order, where the encryption algorithm may be md5 encryption algorithm.
Optionally, the attribute information of the target application may be obtained, and a public key corresponding to the target application is generated according to the attribute information of the target application, where the attribute information of the target application includes at least one of association time of the target application and the user management platform, a version number of the target application, and a name of the target application, and the public key corresponding to the target application is used to encrypt the attribute information of the target user, so as to obtain the encrypted attribute information.
Attribute information of the target application can be acquired, and the attribute parameters of the target application include at least one of association time of the target application and the user management platform, a version number of the target application, and a name of the target application. And generating a public key of the target application according to at least one of the association time of the target application and the user management platform, the version number of the target application and the name of the target application, and encrypting the attribute information of the target user by adopting the public key corresponding to the target application to obtain the encrypted attribute information.
Optionally, a key random number may be generated according to the attribute information of the target application, and a key pair corresponding to the target application is generated by using the key random number, where the key pair includes a public key corresponding to the target application. The key random number may be generated according to at least one of an association time of the target application with the user management platform, a version number of the target application, and a name of the target application.
S22, sending the encrypted attribute information to the service equipment corresponding to the target application, so that the service equipment decrypts the encrypted attribute information by using a private key corresponding to the target application to obtain the attribute information of the target user, and verifying the attribute information of the target user;
and after the encrypted attribute information corresponding to the target user is obtained, sending the encrypted attribute information to the service equipment corresponding to the target application. And the service equipment corresponding to the target application decrypts the encrypted attribute information according to the private key corresponding to the target application to obtain the attribute information of the target user, and verifies the attribute information of the target user. And after the encrypted attribute information is decrypted, the signature information in the attribute information of the target user is obtained, the signature information in the attribute information is verified, and whether the signature information of the currently accessed target user is correct or not is determined. If the signature information of the currently accessed target user is correct, the target user is indicated to be a registered target user in the user management platform, and the attribute information of the target user passes verification; if the signature information of the currently accessed target user is incorrect, the target user is not the target user registered in the user management platform, and the attribute information of the target user is failed.
And S23, receiving a verification result returned by the service equipment, wherein the verification result comprises that the attribute information of the target user passes the verification, or that the attribute information of the target user fails the verification.
And after the service equipment corresponding to the target application verifies the attribute information of the currently accessed target user, the verification result that the attribute information of the target user passes the verification or the attribute information of the target user fails to pass the verification is sent to the user management platform.
Optionally, the electronic device in the present application may refer to any node device in a block chain, where the block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission (P2P transmission), a consensus mechanism, and an encryption algorithm, and is essentially a decentralized database; the blockchain can be composed of a plurality of serial transaction records (also called blocks) which are connected in series by cryptography and protect the contents, and the distributed accounts connected in series by the blockchain can effectively record the transactions by multiple parties and can permanently check the transactions (can not be tampered). The consensus mechanism is a mathematical algorithm for establishing trust and obtaining rights and interests among different nodes in the block chain network; that is, the consensus mechanism is a mathematical algorithm that is commonly agreed upon by the network nodes of the blockchain. According to the method and the device, the user attribute information of the target user can be verified by utilizing a consensus mechanism of the block chains, and the accuracy of verifying the attribute information of the target user can be improved.
For example, each node device in the block chain verifies the attribute information for the target by using an external verification policy to obtain a verification result, and if the verification results corresponding to most node devices (51% of node devices) in the block chain are all verified, it is determined that the attribute information of the target user is verified, and then step S104 is executed; and if the verification results corresponding to most node devices (51% of the node devices) in the block chain are verification failures, determining that the attribute information of the target user is verification failures, and rejecting the service request of the target user.
And S104, if the attribute information of the target user passes the verification, acquiring the service authority corresponding to the target user, and providing user service for the target user according to the service authority.
And if the attribute information of the target user passes the verification, acquiring the service authority of the target user stored in the user management platform, and acquiring the id of the target application which the target user can have access to and the id of the target user according to the service authority of the target user. And verifying whether the target user has the right to access the target application according to the service authority of the target user, if the target user has the right to access the target application according to the service authority of the target user, sending the attribute information and the service authority of the target user to a service in a user management platform, and providing user service for the target user according to the attribute information and the service authority of the target user by the service.
The embodiment of the application discloses a service processing method, a device, equipment and a storage medium, wherein the service processing method comprises the following steps: acquiring a service request of a target user for a target application associated with a user management platform, wherein the service request comprises attribute information and a service type of the target user; determining the application type of the target application according to the service type of the target user; if the target application belongs to the external application type, verifying the attribute information of the target user by adopting an external verification strategy; and if the attribute information of the target user passes the verification, acquiring the service authority corresponding to the target user, and providing user service for the target user according to the service authority. By adopting the method and the device, different verification strategies are adopted to verify the attribute information of the target user according to the application types of the target applications corresponding to different target users. After the verification is passed, providing user service for the target user according to the service authority corresponding to the target user, thereby realizing effective management of the user and avoiding waste of resources; if the target application belongs to the external application type, the attribute information of the target user is verified according to the service equipment corresponding to the target application, the user can be completely verified without acquiring the account and the password of the user belonging to the external application type, and the safety of user information can be improved; in addition, the users in the user management platform are managed through the object model, different target users provide different service authorities, and the flexibility of the user management platform for managing the users is improved.
Please refer to fig. 5, which is a flowchart illustrating another service processing method provided in the embodiment of the present application, where the embodiment of the present application is executed by an electronic device, the another service processing method includes the following steps S201 to S205.
S201, acquiring a service request of a target user for a target application associated with a user management platform, wherein the service request comprises attribute information and a service type of the target user;
s202, determining the application type of the target application according to the service type of the target user;
s203, if the target application belongs to the external application type, verifying the attribute information of the target user by adopting an external verification strategy, wherein the external verification strategy is a strategy for verifying the attribute information of the target user by service equipment corresponding to the target application;
in the embodiment of the present application, the contents of steps S201 to S203 refer to the contents illustrated in fig. 1, and will not be described in detail here.
S204, if the target application belongs to the internal application type, verifying the attribute information of the target user by adopting an internal verification strategy, wherein the internal verification strategy is a strategy for verifying the attribute information of the target user by the user management platform.
If the target application belongs to an internal application type, wherein the internal application type refers to an application in the user management platform, an internal verification strategy is adopted to verify the attribute information of the target user, and the internal verification strategy can complete verification of the attribute information of the target user in the user management platform.
Optionally, the attribute information of the target user is used to generate a user password, and the attribute information of the user password is obtained, where the attribute information of the user password includes at least one of a length of the user password, a generation time of the user password, and a format of the user password, and if the attribute information of the user password satisfies a user password generation condition, it is determined that the attribute information of the target user passes verification.
The user password (token) may be generated according to the id of the target user and the id of the target application in the attribute information of the target user. Acquiring attribute information of the user password, wherein the attribute information of the user password comprises the length of the user password, the generation time of the user password and the format of the user password, verifying the degree of the user password, the generation time of the user password and the format of the user password in a user management platform, and determining whether a generation condition is met to determine whether the attribute information of a target user passes verification. If the length of the user password is verified to meet the target length, if the length of the user password meets the target length, the generation condition is met; if the generation time of the user password is verified to meet the target time range, if the generation time of the target user password is within the target time range, the user password corresponding to the target user is not expired, and then the generation condition is met; if the format of the user password meets the target condition, the format of the user password generated according to the attribute information of the target user meets the target condition, and then the generation condition is met.
S205, if the attribute information of the target user passes the verification, acquiring the service authority corresponding to the target user and providing user service for the target user according to the service authority.
And if the attribute information of the target user passes, acquiring the id of the target user and the id of the target application according to the attribute information of the target user. And verifying whether the target user has the right to access the current target application in the user service of the user management platform according to the id of the target user and the id of the target application, wherein if the authority which can be accessed by the target user is stored in the user management platform, the authentication is successful, and the target user can access the target application. And after the authentication is successful, the service request of the target user is sent to the service in the user management platform, and the service in the user management platform provides the service for the target user according to the service request of the target user.
The embodiment of the application discloses a service processing method, a device, equipment and a storage medium, wherein the service processing method comprises the following steps: acquiring a service request of a target user for a target application associated with a user management platform, wherein the service request comprises attribute information and a service type of the target user; determining the application type of the target application according to the service type of the target user; if the target application belongs to the external application type, verifying the attribute information of the target user by adopting an external verification strategy; if the target application belongs to the internal application type, verifying the attribute information of the target user by adopting an internal verification strategy; and if the attribute information of the target user passes the verification, acquiring the service authority corresponding to the target user, and providing user service for the target user according to the service authority. By adopting the method and the device, different verification strategies are adopted to verify the attribute information of the target user according to the application types of the target applications corresponding to different target users, namely the target user corresponding to the external application type is verified by adopting the external verification strategy, and the target user corresponding to the internal application type is verified by adopting the internal verification strategy. After the verification is passed, providing user service for the target user according to the service authority corresponding to the target user, thereby realizing effective management of the user and avoiding waste of resources; if the target application belongs to the external application type, the attribute information of the target user is verified according to the service equipment corresponding to the target application, the user can be completely verified without acquiring the account and the password of the user belonging to the external application type, and the safety of user information can be improved; in addition, the users in the user management platform are managed through the object model, different target users provide different service authorities, and the flexibility of the user management platform for managing the users is improved.
Please refer to fig. 6, which is a schematic structural diagram of a service processing apparatus provided in an embodiment of the present application, and as shown in fig. 6, the service apparatus in the embodiment includes:
a first obtaining module 11, configured to obtain a service request of a target user for a target application associated with a user management platform, where the service request includes attribute information and a service type of the target user;
a determining module 12, configured to determine an application type of the target application according to the service type of the target user;
wherein, the determining module comprises: the device comprises a second acquisition unit, a second determination unit and a third determination unit.
A second obtaining unit, configured to obtain a correspondence between a service type of the target user and an organization;
a second determining unit, configured to determine, according to the correspondence, a target mechanism corresponding to the service type of the target user;
and the third determining unit is used for determining the application type of the target application according to the target mechanism.
A first verification module 13, configured to verify, if the target application belongs to an external application type, the attribute information of the target user by using an external verification policy, where the external verification policy is a policy for verifying, by a service device corresponding to the target application, the attribute information of the target user;
wherein the first authentication module 13 comprises: encryption unit, sending unit, receiving unit.
The encryption unit is used for encrypting the attribute information of the target user to obtain the encrypted attribute information;
a sending unit, configured to send the encrypted attribute information to a service device corresponding to the target application, so that the service device decrypts the encrypted attribute information by using a private key corresponding to the target application, obtains attribute information of the target user, and verifies the attribute information of the target user;
and the receiving unit is used for receiving a verification result returned by the service equipment, wherein the verification result comprises that the attribute information of the target user passes verification or that the attribute information of the target user fails verification.
Wherein the encryption unit is specifically configured to:
acquiring attribute information of the target application;
generating a public key corresponding to the target application according to the attribute information of the target application, wherein the attribute information of the target application comprises at least one of the association time of the target application and the user management platform, the version number of the target application and the name of the target application;
and encrypting the attribute information of the target user by adopting the public key corresponding to the target application to obtain the encrypted attribute information.
Wherein the generating a public key corresponding to the target application according to the attribute information of the target application includes:
generating a key random number according to the attribute information of the target application;
and generating a key pair corresponding to the target application by adopting the key random number, wherein the key pair comprises a public key corresponding to the target application.
A second obtaining module 14, configured to obtain a service right corresponding to the target user if the attribute information of the target user passes verification, and provide user service for the target user according to the service right.
Wherein, above-mentioned device still includes:
and the second verification module is used for verifying the attribute information of the target user by adopting an internal verification strategy if the target application belongs to an internal application type, wherein the internal verification strategy is a strategy for verifying the attribute information of the target user by the user management platform.
Wherein the second authentication module comprises: the device comprises a generating unit, a first acquiring unit and a first determining unit.
The generating unit is used for generating a user password by adopting the attribute information of the target user;
a first obtaining unit, configured to obtain attribute information of the user password, where the attribute information of the user password includes at least one of a length of the user password, a generation time of the user password, and a format of the user password;
a first determining unit, configured to determine that the attribute information of the target user passes verification if the attribute information of the user password satisfies a user password generation condition.
The embodiment of the application discloses a service processing method, a device, equipment and a storage medium, wherein the service processing method comprises the following steps: acquiring a service request of a target user for a target application associated with a user management platform, wherein the service request comprises attribute information and a service type of the target user; determining the application type of the target application according to the service type of the target user; if the target application belongs to the external application type, verifying the attribute information of the target user by adopting an external verification strategy; and if the attribute information of the target user passes the verification, acquiring the service authority corresponding to the target user, and providing user service for the target user according to the service authority. By adopting the method and the device, different verification strategies are adopted to verify the attribute information of the target user according to the application types of the target applications corresponding to different target users. After the verification is passed, providing user service for the target user according to the service authority corresponding to the target user, thereby realizing effective management of the user and avoiding waste of resources; if the target application belongs to the external application type, the attribute information of the target user is verified according to the service equipment corresponding to the target application, the user can be completely verified without acquiring the account and the password of the user belonging to the external application type, and the safety of user information can be improved; in addition, the users in the user management platform are managed through the object model, different target users provide different service authorities, and the flexibility of the user management platform for managing the users is improved.
Please refer to fig. 7, which is a schematic structural diagram of an electronic device provided in an embodiment of the present application, where the electronic device in the embodiment shown in fig. 7 may include: one or more processors 21; one or more input devices 22, one or more output devices 23, and a memory 24. The processor 21, the input device 22, the output device 23, and the memory 24 are connected by a bus 25.
The Processor 21 may be a Central Processing Unit (CPU), and may be other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The input device 22 may include a touch pad, a fingerprint sensor (for collecting fingerprint information of a user and direction information of a fingerprint), a microphone, etc., the output device 23 may include a display (LCD, etc.), a speaker, etc., and the output device 23 may output the data table after the correction processing.
The memory 24 may include both read-only memory and random access memory and provides instructions and data to the processor 21. A portion of the memory 24 may also include a non-volatile random access memory, the memory 24 for storing a computer program comprising program instructions, the processor 21 for executing the program instructions stored by the memory 24 for performing a presentation generation method for performing the following operations:
acquiring a service request of a target user for a target application associated with a user management platform, wherein the service request comprises attribute information and a service type of the target user;
determining the application type of the target application according to the service type of the target user;
if the target application belongs to the external application type, verifying the attribute information of the target user by adopting an external verification strategy, wherein the external verification strategy is a strategy for verifying the attribute information of the target user by service equipment corresponding to the target application;
and if the attribute information of the target user passes the verification, acquiring the service authority corresponding to the target user, and providing user service for the target user according to the service authority.
Optionally, the processor 21 is configured to execute program instructions stored in the memory 24 for performing the following operations:
encrypting the attribute information of the target user to obtain encrypted attribute information;
sending the encrypted attribute information to service equipment corresponding to the target application, so that the service equipment decrypts the encrypted attribute information by adopting a private key corresponding to the target application to obtain the attribute information of the target user, and verifying the attribute information of the target user;
and receiving a verification result returned by the service equipment, wherein the verification result comprises that the attribute information of the target user passes verification or that the attribute information of the target user fails verification.
Optionally, the processor 21 is configured to execute program instructions stored in the memory 24 for performing the following operations:
acquiring attribute information of the target application;
generating a public key corresponding to the target application according to the attribute information of the target application, wherein the attribute information of the target application comprises at least one of the association time of the target application and the user management platform, the version number of the target application and the name of the target application;
and encrypting the attribute information of the target user by adopting the public key corresponding to the target application to obtain the encrypted attribute information.
Optionally, the processor 21 is configured to execute program instructions stored in the memory 24 for performing the following operations:
generating a key random number according to the attribute information of the target application;
and generating a key pair corresponding to the target application by adopting the key random number, wherein the key pair comprises a public key corresponding to the target application.
Optionally, the processor 21 is configured to execute program instructions stored in the memory 24 for performing the following operations:
and if the target application belongs to the internal application type, verifying the attribute information of the target user by adopting an internal verification strategy, wherein the internal verification strategy is a strategy for verifying the attribute information of the target user by the user management platform.
Optionally, the processor 21 is configured to execute program instructions stored in the memory 24 for performing the following operations:
generating a user password by adopting the attribute information of the target user;
acquiring attribute information of the user password, wherein the attribute information of the user password comprises at least one of the length of the user password, the generation time of the user password and the format of the user password;
and if the attribute information of the user password meets the user password generation condition, determining that the attribute information of the target user passes the verification.
Optionally, the processor 21 is configured to execute program instructions stored in the memory 24 for performing the following operations:
acquiring a corresponding relation between the service type of the target user and a mechanism;
determining a target mechanism corresponding to the service type of the target user according to the corresponding relation;
and determining the application type of the target application according to the target mechanism.
The processor 21, the input device 22, and the output device 23 described in this embodiment of the present application may execute the implementation manners described in the first embodiment and the second embodiment of the service processing method provided in this embodiment of the present application, and may also execute the implementation manners of the electronic device described in this embodiment of the present application, which is not described herein again.
The embodiment of the application discloses a service processing method, a device, equipment and a storage medium, wherein the service processing method comprises the following steps: acquiring a service request of a target user for a target application associated with a user management platform, wherein the service request comprises attribute information and a service type of the target user; determining the application type of the target application according to the service type of the target user; if the target application belongs to the external application type, verifying the attribute information of the target user by adopting an external verification strategy; and if the attribute information of the target user passes the verification, acquiring the service authority corresponding to the target user, and providing user service for the target user according to the service authority. By adopting the method and the device, different verification strategies are adopted to verify the attribute information of the target user according to the application types of the target applications corresponding to different target users. After the verification is passed, providing user service for the target user according to the service authority corresponding to the target user, thereby realizing effective management of the user and avoiding waste of resources; if the target application belongs to the external application type, the attribute information of the target user is verified according to the service equipment corresponding to the target application, the user can be completely verified without acquiring the account and the password of the user belonging to the external application type, and the safety of user information can be improved; in addition, the users in the user management platform are managed through the object model, different target users provide different service authorities, and the flexibility of the user management platform for managing the users is improved.
A computer-readable storage medium is further provided in the embodiments of the present application, where the computer-readable storage medium stores a computer program, where the computer program includes program instructions, and the program instructions, when executed by a processor, implement the business process generating method shown in the embodiments of fig. 1 and fig. 5.
The computer readable storage medium may be an internal storage unit of the electronic device according to any of the foregoing embodiments, for example, a hard disk or a memory of the control device. The computer-readable storage medium may also be an external storage device of the control device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a flash memory Card (FlashCard), and the like, provided on the control device. Further, the computer-readable storage medium may also include both an internal storage unit and an external storage device of the control device. The computer-readable storage medium is used to store the computer program and other programs and data required by the control device. The computer readable storage medium may also be used to temporarily store data that has been output or is to be output.
As an example, the computer-readable storage medium described above may be deployed to be executed on one computer device or on multiple computer devices located at one site, or distributed across multiple sites and interconnected by a communication network, and the multiple computer devices distributed across the multiple sites and interconnected by the communication network may constitute a blockchain network.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application. It can be clearly understood by those skilled in the art that, for convenience and simplicity of description, the specific working processes of the control device and the unit described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed control device and method may be implemented in other ways. For example, the above-described apparatus embodiments are illustrative, and for example, the division of the units may be a logical division, and in actual implementation, there may be another division, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think of various equivalent modifications or substitutions within the technical scope of the present application, and these modifications or substitutions should be covered within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (9)

1. A method for processing a service, comprising:
acquiring a service request of a target user for a target application associated with a user management platform, wherein the service request comprises attribute information and a service type of the target user;
determining the application type of the target application according to the service type of the target user; the application types comprise external application types and internal application types, the target application with the external application types is used for processing the service with the service importance degree smaller than the degree threshold value in the mechanism associated with the user management platform, and the target application with the internal application types is used for processing the service with the service importance degree larger than or equal to the degree threshold value in the mechanism associated with the user management platform;
if the target application belongs to the external application type, verifying the attribute information of the target user by adopting an external verification strategy, wherein the external verification strategy is a strategy for verifying the attribute information of the target user by service equipment corresponding to the target application, and the service equipment corresponding to the target application comprises each node equipment in a block chain network;
if the target application belongs to the internal application type, verifying the attribute information of the target user by adopting an internal verification strategy, wherein the internal verification strategy is a strategy for verifying the attribute information of the target user by the user management platform;
when the verification result of the target number indicates that the attribute information of the target user passes the verification, determining that the attribute information of the target user passes the verification; the verification result is obtained by verifying the attribute information of the target user by each node device in the blockchain network, the number of the verification results is multiple, one node device corresponds to one verification result, and the target number is determined according to the number of each node device in the blockchain network;
when the attribute information of the target user passes verification, acquiring an object model, and determining a tenant to which the target user belongs according to the object model and the attribute information of the target user, wherein the object model is used for managing service authority corresponding to the target user, and the tenant comprises one or more mechanisms;
and determining a target mechanism to which the target user belongs from the one or more mechanisms, determining a service authority corresponding to the target user according to the target mechanism, and providing user service for the target user according to the service authority.
2. The method of claim 1, wherein the verifying the attribute information of the target user by using an external verification policy comprises:
encrypting the attribute information of the target user to obtain encrypted attribute information;
sending the encrypted attribute information to service equipment corresponding to the target application, so that the service equipment decrypts the encrypted attribute information by adopting a private key corresponding to the target application to obtain the attribute information of the target user, and verifying the attribute information of the target user;
and receiving a verification result returned by the service equipment, wherein the verification result comprises that the attribute information of the target user passes verification or that the attribute information of the target user fails verification.
3. The method according to claim 2, wherein the encrypting the attribute information of the target user to obtain the encrypted attribute information comprises:
acquiring attribute information of the target application;
generating a public key corresponding to the target application according to the attribute information of the target application, wherein the attribute information of the target application comprises at least one of the association time of the target application and the user management platform, the version number of the target application and the name of the target application;
and encrypting the attribute information of the target user by adopting the public key corresponding to the target application to obtain the encrypted attribute information.
4. The method according to claim 3, wherein the generating a public key corresponding to the target application according to the attribute information of the target application comprises:
generating a key random number according to the attribute information of the target application;
and generating a key pair corresponding to the target application by adopting the key random number, wherein the key pair comprises a public key corresponding to the target application.
5. The method of claim 1, wherein the verifying the attribute information of the target user by using the internal verification policy comprises:
generating a user password by adopting the attribute information of the target user;
acquiring attribute information of the user password, wherein the attribute information of the user password comprises at least one of the length of the user password, the generation time of the user password and the format of the user password;
and if the attribute information of the user password meets the user password generation condition, determining that the attribute information of the target user passes the verification.
6. The method of claim 1, wherein the determining the application type of the target application according to the service type of the target user comprises:
acquiring a corresponding relation between the service type of the target user and a mechanism;
determining a target mechanism corresponding to the service type of the target user according to the corresponding relation;
and determining the application type of the target application according to the target mechanism.
7. A traffic processing apparatus, comprising:
the system comprises a first acquisition module, a first management module and a second acquisition module, wherein the first acquisition module is used for acquiring a service request of a target user for a target application associated with a user management platform, and the service request comprises attribute information and a service type of the target user;
the determining module is used for determining the application type of the target application according to the service type of the target user; the application types comprise external application types and internal application types, the target application with the external application types is used for processing the service with the service importance degree smaller than the degree threshold value in the mechanism associated with the user management platform, and the target application with the internal application types is used for processing the service with the service importance degree larger than or equal to the degree threshold value in the mechanism associated with the user management platform;
a first verification module, configured to verify, if the target application belongs to the external application type, attribute information of the target user by using an external verification policy, where the external verification policy is a policy for verifying, by a service device corresponding to the target application, the attribute information of the target user, and the service device corresponding to the target application includes each node device in a blockchain network;
a second verification module, configured to verify, if the target application belongs to the internal application type, attribute information of the target user by using an internal verification policy, where the internal verification policy is a policy for verifying the attribute information of the target user by the user management platform;
the verification determining module is used for determining that the attribute information of the target user passes the verification when the verification results of the target number indicate that the attribute information of the target user passes the verification; the verification result is obtained by verifying the attribute information of the target user by each node device in the blockchain network, the number of the verification results is multiple, one node device corresponds to one verification result, and the target number is determined according to the number of each node device in the blockchain network;
the information determining module is used for acquiring an object model when the attribute information of the target user passes verification, and determining a tenant to which the target user belongs according to the object model and the attribute information of the target user, wherein the object model is used for managing service authority corresponding to the target user, and the tenant comprises one or more mechanisms;
and the second acquisition module is used for determining a target mechanism to which the target user belongs from the one or more mechanisms, determining the service authority corresponding to the target user according to the target mechanism, and providing user service for the target user according to the service authority.
8. An electronic device, comprising:
a processor adapted to implement one or more instructions; and the number of the first and second groups,
a computer-readable storage medium having stored thereon one or more instructions adapted to be loaded by the processor and to execute the business process method of any of claims 1-6.
9. A computer-readable storage medium having stored thereon one or more instructions adapted to be loaded by a processor and to perform a business process method according to any of claims 1-6.
CN202010614664.2A 2020-06-30 2020-06-30 Service processing method, device, equipment and medium Active CN111769956B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010614664.2A CN111769956B (en) 2020-06-30 2020-06-30 Service processing method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010614664.2A CN111769956B (en) 2020-06-30 2020-06-30 Service processing method, device, equipment and medium

Publications (2)

Publication Number Publication Date
CN111769956A CN111769956A (en) 2020-10-13
CN111769956B true CN111769956B (en) 2022-09-23

Family

ID=72723126

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010614664.2A Active CN111769956B (en) 2020-06-30 2020-06-30 Service processing method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN111769956B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112668744A (en) * 2020-12-30 2021-04-16 车主邦(北京)科技有限公司 Data processing method and device
CN113223687B (en) * 2021-05-31 2024-07-09 康键信息技术(深圳)有限公司 Service access method, device, equipment and storage medium based on login platform
CN114862414A (en) * 2022-03-31 2022-08-05 中国海洋石油集团有限公司 Service determination method and device, electronic equipment and storage medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110597832A (en) * 2019-09-12 2019-12-20 腾讯云计算(北京)有限责任公司 Government affair information processing method and device based on block chain network, electronic equipment and storage medium

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8914636B2 (en) * 2011-06-28 2014-12-16 Interdigital Patent Holdings, Inc. Automated negotiation and selection of authentication protocols
CN105719140A (en) * 2014-12-05 2016-06-29 阿里巴巴集团控股有限公司 Method and device for user information verification
US10834096B2 (en) * 2018-06-05 2020-11-10 The Toronto-Dominion Bank Methods and systems for controlling access to a protected resource
CN110598446B (en) * 2019-09-16 2024-06-28 腾讯科技(深圳)有限公司 Block chain-based test method, device, storage medium and computer equipment
CN110708335A (en) * 2019-10-29 2020-01-17 深圳市融壹买信息科技有限公司 Access authentication method and device and terminal equipment

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110597832A (en) * 2019-09-12 2019-12-20 腾讯云计算(北京)有限责任公司 Government affair information processing method and device based on block chain network, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN111769956A (en) 2020-10-13

Similar Documents

Publication Publication Date Title
US11784823B2 (en) Object signing within a cloud-based architecture
Megouache et al. Ensuring user authentication and data integrity in multi-cloud environment
US11170092B1 (en) Document authentication certification with blockchain and distributed ledger techniques
US20200119904A1 (en) Tamper-proof privileged user access system logs
CN109274652B (en) Identity information verification system, method and device and computer storage medium
CN111147255B (en) Data security service system, method and computer readable storage medium
US11121876B2 (en) Distributed access control
Aguiar et al. An overview of issues and recent developments in cloud computing and storage security
CN111769956B (en) Service processing method, device, equipment and medium
US20140050317A1 (en) Cloud Key Management System
Ahmad et al. Secure and transparent audit logs with BlockAudit
JP2012518330A (en) Reliable cloud computing and cloud service framework
CN110908786A (en) Intelligent contract calling method, device and medium
CN113271207A (en) Escrow key using method and system based on mobile electronic signature, computer equipment and storage medium
Yang et al. Improved lightweight cloud storage auditing protocol for shared medical data
CN110851837A (en) Self-service equipment based on trusted computing, and security management system and method thereof
CN113869901B (en) Key generation method, key generation device, computer-readable storage medium and computer equipment
Tiwari et al. Design and Implementation of Enhanced Security Algorithm for Hybrid Cloud using Kerberos
Zawawi et al. Realization of a data traceability and recovery service for a trusted authority service co-ordination within a Cloud environment
Tiwari et al. Cloud virtual image security for medical data processing
Kaushik et al. Cloud computing security: attacks, threats, risk and solutions
Vanitha et al. Data sharing: Efficient distributed accountability in cloud using third party auditor
George et al. Safest Secure and Consistent Data Services in the Storage of Cloud Computing
de Carvalho et al. How to improve monitoring and auditing security properties in cloud storage?
Reddy et al. Enhancing Secure and Reliable Data Transfer through Robust Integrity

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20210129

Address after: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.)

Applicant after: Shenzhen saiante Technology Service Co.,Ltd.

Address before: 1-34 / F, Qianhai free trade building, 3048 Xinghai Avenue, Mawan, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong 518000

Applicant before: Ping An International Smart City Technology Co.,Ltd.

SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant