[go: up one dir, main page]

WO2016188335A1 - Access control method, apparatus and system for user data - Google Patents

Access control method, apparatus and system for user data Download PDF

Info

Publication number
WO2016188335A1
WO2016188335A1 PCT/CN2016/082162 CN2016082162W WO2016188335A1 WO 2016188335 A1 WO2016188335 A1 WO 2016188335A1 CN 2016082162 W CN2016082162 W CN 2016082162W WO 2016188335 A1 WO2016188335 A1 WO 2016188335A1
Authority
WO
WIPO (PCT)
Prior art keywords
account
context information
server
access request
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2016/082162
Other languages
French (fr)
Chinese (zh)
Inventor
赵坤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Publication of WO2016188335A1 publication Critical patent/WO2016188335A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • H04L67/63Routing a service request depending on the request content or context
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6272Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Definitions

  • the system provided by the ISV is an uncontrollable third-party system
  • various human factors cannot be estimated (for example, privately allowed within the time allowed by the user's authorization).
  • the user data leakage caused by hacking or attacking, or the security of the uncontrollable third-party system is poor, making the data open environment of the data development platform and the system provided by the ISV less secure. .
  • an access control apparatus for user data including: a first receiving module, configured to receive a data access request sent by a first server, where the data access request is initiated by an account a request for including context information of the account; a forwarding module for forwarding the data access request to the data source server; and a second receiving module, configured to receive data to be accessed by the data access request returned by the data source server, wherein, when the data source The server determines, according to the context information included in the data access request, that the account that initiates the data access request is a secure access account, and the data access request is a secure access request, allowing the third-party system to access the data source according to the data access request.
  • FIG. 6 is a schematic diagram of a service flow interaction of an access control system for user data according to Embodiment 1 of the present application;
  • FIG. 7 is a schematic flowchart of a method for controlling access of user data according to Embodiment 2 of the present application.
  • a method embodiment of an access control method for user data is also provided, which needs to be said. It will be understood that the steps illustrated in the flowchart of the figures may be executed in a computer system such as a set of computer executable instructions, and, although the logical order is illustrated in the flowchart, in some cases, The steps shown or described are performed in an order different from that herein.
  • the third-party system may request to access the user data stored in the data source server by forwarding the data access request to the data source server, and then the data source server reads the user data according to the data access request.
  • the third-party system may request to access the user data stored in the data source server by forwarding the data access request to the data source server, and then the data source server reads the user data according to the data access request.
  • the third-party system involved in the present application implements related system functions for a system server provided by a software provider, and can trigger a third-party system to implement related functions by at least one of the following methods: in a browser. Enter the address to open the webpage of the above third-party system to access the corresponding system server, invoke the related functions of the third-party system, and activate the third-party system by triggering the plug-in installed on the client to access the corresponding system server.
  • the related functions of the third-party system are activated by triggering the application software installed on the client to access the corresponding system server.
  • the third-party system may include an order management system, a logistics management system, or a virtual machine server, and the data source may be generated and recorded by the account when using the Taobao and Tmall websites.
  • User data for example, for Taobao buyers, the data source may include: user avatar, user nickname, user registration time, user login information, user mobile phone number, user mailbox, user address, user history shopping information, user shopping demand, user Collection information and user payment information, etc.
  • the third-party system can access the data related to the seller's account in the data source provided by Taobao (such as product information of the order, transaction content, transaction amount and product evaluation) to obtain the user. Data, complete the order management function provided by the third-party system.
  • Taobao such as product information of the order, transaction content, transaction amount and product evaluation
  • the current account (which may be a legitimate account or a forged account impersonating the legitimate account) sends a data access request to the first server, and the first server receives each received message.
  • a data access request is verified, that is, the first server determines whether the data access request carries the account. Whether the information below, and/or the context information can pass the verification, when the verification of the data access request is passed, the first server allows the data access request to be sent to the third-party system, and the third-party system can then Access requests to access the data source.
  • the first server includes the context information of the account in determining the data access request, and/or allows the data access if the context information of the account is verified.
  • the login server can form a subset of the complete context information and return it to the client by extracting the necessary information in the complete context information.
  • the returned context information can satisfy the requirement of the first server to verify whether the context information is carried in the data access request, and/or to verify whether the included context information is correct
  • the complete context information is returned to the client.
  • a subset of methods can be effectively reduced The amount of information sent by the login server to the client. In the case that a large number of users initiate a login request to the login server in a short period of time, this method can effectively save the system resources of the login server and reduce the data transmission burden of the login server.
  • step S2014 the client receives the context information returned by the login server
  • the following implementation steps may be performed:
  • the login server does not perform the above step S2013, that is, the login server does not encrypt the account information
  • the first server may implement the first server storage by updating specific element data in the user context information stored in the first server. Legal access to identification information.
  • the foregoing steps S502 to S506 of the present application provide an alternative for the first server to verify the context information of the account.
  • the first server sends the read account context information to the context information server, and the context information server completes the matching authentication work of the context information, and if the matching is successful, determines that the context information of the account is legal information, and generates an account.
  • the legal access identification information is sent to the first server.
  • the first server implements verification of the context information of the account by receiving the legal access identifier information sent by the context information server.
  • step S207 of the present application after the third-party system receives the data access request sent by the first server, the third-party system forwards the data access request to the data source server, and the data access request is used to instruct the third-party system to request the data source. User data of the legal account stored.
  • the data source server accesses the first server or the context information server to query whether the legal access identification information of the account is available. For an account capable of querying the legal access identification information, the data source server determines that the data access request initiated by the account is a secure access request.
  • Step S209 The data source server returns data to be accessed by the data access request to the third party system.
  • step S209 of the present application after the data source server determines that the data access request is a secure access request, the data source server returns the data to be accessed by the data access request to the third party system.
  • the data source server implements the effect of determining whether the data access request is initiated by a legitimate account by querying whether the user has the legal access identification information of the account, and avoids the adverse consequences of the malicious account reading the user data by impersonating the legitimate account data access request.
  • the context information (Context information) of the above account can determine whether the third party system can obtain and can obtain the user data of multiple high privilege levels.
  • high-level data generally involves user privacy, such as user mobile phone number, home address, and even credit card information.
  • Low-level data is generally not classified, such as user nickname, user avatar information, etc., and generally can be classified according to user privacy level. . Since the context information corresponding to the account can verify whether the data access request initiated by the client account is initiated by a legitimate user, if not, the third party system cannot obtain the user data, thus effectively preventing the third party system from being hacked or artificially The reason is that the user data is maliciously read and written, and the security of the user data is greatly improved.
  • Step S2082 The data source server verifies whether the online information of the account is included in the context information
  • the first access data may include information corresponding to the second security level, for example, User's nickname information, user's avatar information, etc.
  • the risk status of the account can be divided into areas such as high security risk, suspected risk status, and trusted status.
  • Security risk status information can be generated by the login server.
  • the account security risk status information included in the account context information can enable the data source server to further control the degree of openness of the data.
  • the account is logged in to the client, and a login request is initiated to the login server.
  • the client can be a software product, such as a software such as a Taobao client or a Tmall client, or a mobile terminal device or a computer device.
  • the login server stores the account password information of the account and the complete context information of the account.
  • Taobao's sellers to implement order management functions. For example, when using a third-party system that provides order management functions, Taobao sellers first need to log in to Taobao client, Taobao seller account to login server, such as Taobao server, initiate login request, complete Taobao seller. Login of the account.
  • Step F The first server verifies whether the context information is carried in the data access request.
  • the first server verifies whether the data access request carries at least content that appears to be context information.
  • the order management function of the seller of Taobao is still implemented.
  • the data access request of the seller account received by the first server may be the punishment of the real Taobao seller by opening the order management platform, or may be a forged account. Pretending to be issued by the seller's account.
  • the first server does not know in advance whether the originating account of the received data access request is legitimate. Then, only the account that receives the login server returning context information may contain context information in the data access request it sends. At this time, the first server first verifies whether the data access request includes context information to determine the originating account of the data access request.
  • Step K Forward the data access request.
  • Step M The first server returns a legal access identifier information query result to the data source server.
  • Step S602 The client obtains context information of the account.
  • the foregoing steps provided by the present application may be implemented to determine whether an account initiating the data access request is a legitimate account by checking whether the received data access request carries context information and/or context information of the account. Judging from the kind of information contained in the above context information, the context information is data having non-fixed values and the hacker cannot steal characteristics. Therefore, it is highly credible to verify whether the account is legal based on the context information.
  • the solution of introducing the context checking mechanism in the present application can make the verification result of the account more accurate, and specifically, can effectively solve the problem that the user data is randomly accessed within the time allowed by the user authorization.
  • Step S6032 After the account is logged in to the client, a login request is initiated to the login server.
  • Step S6034 The client receives the context information returned by the login server, where the context information is a subset of the complete context information generated by the login server according to the login request.
  • step S6054 the specific step of verifying the context information of the account includes:
  • Step S60543 The first server generates legal access identification information of the account, where the legal access identification information is used to represent that the account that initiated the data access request is a legal account.
  • step S6054 the specific step of verifying the context information of the account includes:
  • the context information server matches the context information with the pre-existing local complete context information. If the matching is successful, the verification result is that the context information of the account is legal information.
  • the context information (Context information) of the above account can determine whether the third party system can obtain and can obtain the user data of multiple high privilege levels.
  • high-level data generally involves user privacy, such as user mobile phone number, home address, and even credit card information.
  • Low-level data is generally not classified, such as user nickname, user avatar information, etc., and generally can be classified according to user privacy level. . Since the context information corresponding to the account can verify whether the data access request initiated by the client account is initiated by a legitimate user, if not, the third party system cannot obtain the user data, thus effectively preventing the third party system from being hacked or artificially The reason is that the user data is maliciously read and written, and the security of the user data is greatly improved.
  • the step may further include: implementing, by the data source server, whether the context information includes the online information of the account; When the context information contains the online information of the account, the data source server executes to the third party. The step in which the system returns the data to be accessed by the data access request.
  • the security risk status information is information used to represent the current risk status of the account.
  • the second access data can only include information corresponding to the first risk state, for example, the user's nickname information, the user's avatar. Information, etc.
  • the second access data can include information corresponding to the second risk status, for example, the user's payment information, the user's mobile phone number, or User's address information, etc.
  • the first server After the current account (which may be a legitimate account or a fake account impersonates the legal account) sends a data access request to the first server, the first server will receive each received A data access request is verified, that is, the first server determines whether the data access request carries the account context information, and/or whether the context information can be verified, and when the verification of the data access request is passed, The first server allows the data access request to be sent to the third party system, and the third party system can access the data source according to the data access request.
  • the data source server determines, according to the context information included in the data access request, that the account that initiates the data access request is a secure access account, and the specific implementation steps of the data access request being a secure access request include: :
  • the first server checks each data access request received. , that is, the first server determines whether the data access request carries the account context information, and/or whether the context information can pass the verification; when the verification of the data access request passes, the first server allows the data access request to be sent to A third-party system, and then a third-party system, can access the data source based on the data access request.
  • the foregoing reading subunit 902, the matching subunit 904, and the generating subunit 906 correspond to the steps S402 to S406 in the first embodiment, and the examples and applications implemented by the three modules and corresponding steps.
  • the scene is the same, but is not limited to the content disclosed in the first embodiment.
  • the foregoing module may be implemented in the computer terminal 10 provided in the first embodiment as a part of the device, and may be implemented by software or by hardware.
  • the scene is the same, but is not limited to the content disclosed in the third embodiment above.
  • the foregoing module may be implemented in the computer terminal 10 provided in the third embodiment as a part of the device, and may be implemented by software or by using software. Hardware implementation.
  • the first server 143 is in communication with the client terminal 141, configured to transparently transmit the data access request after the authentication data access request includes the context information of the account, and/or the verification context information is the legal information;
  • the third-party system server 145 is in communication with the first server 143, and configured to receive a data access request transparently transmitted by the first server;
  • the data source server 147 is in communication with the third-party system server 145, and is configured to receive a data access request forwarded by the third-party system server, and determine, according to the context information included in the data access request, that the account that initiates the data access request is a secure access account.
  • the access data corresponding to the data access request is returned to the third-party system server.
  • the foregoing system may further include: a login server and a context information server.
  • the processor 51 may further execute the following step: the first server sends the context information to the context information server after determining that the data access request carries the context information; Receiving, by the server, the verification result of the context information by the context information server; if the verification result is that the context information of the account is legal information, the first server receives the location generated by the context information server The legal access identifier information of the account, wherein the legal access identifier information is used to represent the account of the initiated data access request as a legal account; wherein the context information server associates the context information with a pre-existing local The complete context information is matched, and if the matching is successful, the verification result is that the context information of the account is the legal information.
  • the processor 51 may further execute the following program code: the data source server generates corresponding second access data according to the security risk status information, and returns the second access data to the first Tripartite system.
  • the processor 51 may further execute the following program code: the first server does not include the context information of the account in determining the data access request, or the context information verification of the account fails. In case, the first server sends the data access request to the third-party system, or the first server prohibits sending the data access request to the third-party system, and sends an alarm message.
  • an access control scheme for user data is provided.
  • FIG. 15 is only for illustration, and the computer terminal can also be a smart phone (such as an Android mobile phone, an iOS mobile phone, etc.), a tablet computer, an applause computer, and a mobile Internet device (Mobile Internet Devices, MID). ), PAD and other terminal devices.
  • Fig. 15 does not limit the structure of the above electronic device.
  • computer terminal A may also include more or fewer components (such as a network interface, display device, etc.) than shown in FIG. 15, or have a different configuration than that shown in FIG.
  • the memory 53 can be used to store software programs and modules, such as the security vulnerability detection method and the program instruction/module corresponding to the device in the embodiment of the present application, and the processor 51 executes by executing the software program and the module stored in the memory 53.
  • Software programs and modules such as the security vulnerability detection method and the program instruction/module corresponding to the device in the embodiment of the present application
  • the processor 51 executes by executing the software program and the module stored in the memory 53.
  • Various functional applications and data processing that is, detection methods for implementing the aforementioned system vulnerability attacks.
  • Memory 53 may include high speed random access memory and may also include non-volatile memory such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory.
  • memory 53 may further include memory remotely located relative to processor 51, which may be connected to terminal A via a network. Examples of such networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.
  • the processor 51 may further execute the following program code: the first server receives an account initiated data access request; the first server verifies whether the data access request carries the context information of the account, and/or the context of the account The information is verified; the first server includes the context information of the account in determining the data access request, and/or allows the data access request to be sent to the third party system if the context information of the account is verified, so that the third party system A data access request accesses the data source.
  • the processor 51 may further execute the following program code: the data source server security risk status information generates the corresponding second access data, and returns the second access data to the third-party system.
  • the program is executed by instructing the terminal device-related hardware, and the program may be stored in a computer readable storage medium, and the storage medium may include: a flash disk, a read-only memory (ROM), a random access device ( Random Access Memory (RAM), disk or CD.
  • ROM read-only memory
  • RAM Random Access Memory
  • the memory 53 can be used to store software programs and modules, such as the security vulnerability detection method and the program instruction/module corresponding to the device in the embodiment of the present application, and the processor 51 executes by executing the software program and the module stored in the memory 53.
  • Software programs and modules such as the security vulnerability detection method and the program instruction/module corresponding to the device in the embodiment of the present application
  • the processor 51 executes by executing the software program and the module stored in the memory 53.
  • Various functional applications and data processing that is, detection methods for implementing the aforementioned system vulnerability attacks.
  • Memory 53 may include high speed random access memory and may also include non-volatile memory such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory.
  • memory 53 may further include memory remotely located relative to processor 51, which may be connected to terminal A via a network. Examples of such networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.
  • the memory 53 is configured to store preset action conditions and information of the preset rights user, and an application.
  • the processor 51 can call the information and the application stored by the memory 53 through the transmission device to perform the following steps: the third party system receives the data access request sent by the first server, wherein the data access request is an account initiated by the account. a request for context information; the third party system forwards the data access request to the data source server; the third party system receives the data to be accessed by the data access request returned by the data source server, wherein, when the data source server according to the context information included in the data access request, When the account that initiates the data access request is determined to be a secure access account, and the data access request is a secure access request, the third party system is allowed to access the data source according to the data access request.
  • the processor 51 may further execute the following program code: the first server forwards the received data access request to the third-party system, where the specific implementation step of sending the data access request to the first server includes: After logging in to the client, the login request is initiated to the login server; the client receives the context information returned by the login server, where the context information is a subset of the complete context information generated by the login server according to the login request; the client obtains the context information of the account; The client sends an account-triggered data access request to the first service. Server, wherein the data access request includes at least context information.
  • FIG. 15 is only for illustration, and the computer terminal can also be a smart phone (such as an Android mobile phone, an iOS mobile phone, etc.), a tablet computer, an applause computer, and a mobile Internet device (Mobile Internet Devices, MID). ), PAD and other terminal devices.
  • Fig. 15 does not limit the structure of the above electronic device.
  • computer terminal 15 may also include more or fewer components (such as a network interface, display device, etc.) than shown in FIG. 15, or have a different configuration than that shown in FIG.
  • the storage medium is further configured to store program code for: generating, by the data source server, corresponding first access data according to the security privacy level information, and returning the first access data to The third party system.
  • the storage medium is further configured to store program code for performing the following steps: the data source server generates the corresponding second access data by the security risk status information, and returns the second access data to the A third-party system.
  • the storage medium is configured to store program code for performing the following steps: the client obtains context information of the account; the client sends an account-triggered data access request to the first server, where the data The access request includes at least context information; the client receives the access data acquired by the first server according to the data access request; wherein the first server determines that the data access request includes context information of the account, and/or checks the context information of the account.
  • the data access request is allowed to be sent to the third party system, so that the third party system accesses the data source according to the data access request.
  • the storage medium is further configured to store program code for performing the following steps: the first server receives an account initiated data access request; the first server verifies whether the data access request carries context information of the account, and/or The context information of the account is verified; the first server includes the context information of the account in determining the data access request, and/or allows the data access request to be sent to the third party if the context information of the account is verified.
  • the system enables third-party systems to access data sources based on data access requests.
  • Embodiments of the present application also provide a storage medium.
  • the foregoing storage medium may be used to save the program code executed by the access control method of the user data provided in Embodiment 3 above.
  • the integrated unit if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium.
  • a computer readable storage medium A number of instructions are included to cause a computer device (which may be a personal computer, server or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present application.
  • the foregoing storage medium includes: a U disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk, and the like. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed are an access control method, apparatus and system for user data. The method comprises: a first server receives a data access request initiated by an account; the first server verifies whether the data access request carries context information of the account, and/or checks the context information of the account; and the first server allows sending the data access request to a third-party system when it is determined that the data access request contains the context information of the account and/or the check of the context information of the account is passed, so that the third-party system accesses a data source according to the data access request. The present application solves the technical problem of poor security of a data source due to poor security of an account initiating an access in a process in which a user accesses the data source by using a third-party system in the prior art.

Description

用户数据的访问控制方法、装置及系统User data access control method, device and system

本申请要求2015年05月22日递交的申请号为201510267072.7、发明名称为“用户数据的访问控制方法、装置及系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。The present application claims priority to Chinese Patent Application No. 20151026, 707, filed on May 22, 2015, entitled,,,,,,,,,,,,,,,,,,,,,,

技术领域Technical field

本发明涉及互联网领域,具体而言,涉及一种用户数据的访问控制方法、装置及系统。The present invention relates to the field of Internet, and in particular to a method, device and system for access control of user data.

背景技术Background technique

现有的服务提供商(例如淘宝、天猫等网站)为了更好的为用户提供服务,需要大量独立软件提供商ISV来共同为用户服务。在这种情况下,服务提供商通过建立数据开放平台来实现在数据源服务器中存储大量的对外开放的用户数据,用户可以授权第三方系统访问存储于数据源服务器中的用户数据,由此这种将大量用户数据开放给ISV提供的系统的方案,实现了一个数据开放的应用环境。Existing service providers (such as Taobao, Tmall, etc.) need to provide a large number of independent software providers ISVs to serve users in order to better serve users. In this case, the service provider realizes storing a large amount of open-ended user data in the data source server by establishing a data open platform, and the user can authorize the third-party system to access the user data stored in the data source server, thereby A solution that opens up a large amount of user data to the system provided by ISV realizes an open data application environment.

在上述数据开放的应用环境中,由于访问用户的安全性无法保证,例如黑客伪造合法用户的账户,使得伪造的账户可以替代合法用户来使用第三方系统来访问数据源,导致数据源服务器的用户数据被非法访问,造成数据泄密。In the above-mentioned open data application environment, the security of the access user cannot be guaranteed. For example, the hacker forges the account of the legitimate user, so that the forged account can replace the legitimate user to use the third-party system to access the data source, resulting in the user of the data source server. Data was illegally accessed, causing data to be compromised.

进一步的,由于ISV提供的系统是一种非可控的第三方系统,在第三方系统处理大量的用户数据的过程中,无法预估各种人为原因(例如在用户授权允许的时间内私下随意读写用户数据)或者黑客攻击而导致的用户数据泄密情况,从而非可控的第三方系统的安全性较差,使得在数据开发平台与ISV提供的系统所组成数据开放环境的安全性较差。Further, since the system provided by the ISV is an uncontrollable third-party system, in the process of processing a large amount of user data by the third-party system, various human factors cannot be estimated (for example, privately allowed within the time allowed by the user's authorization). The user data leakage caused by hacking or attacking, or the security of the uncontrollable third-party system is poor, making the data open environment of the data development platform and the system provided by the ISV less secure. .

此处需要详细说明的是,在相关技术中,通常使用类似OAuth(开放授权)协议进行授权。OAuth是一个开放标准,允许用户授权第三方系统访问用户数据,而不需要将用户名和密码提供给第三方系统,避免了密码等敏感信息泄露给第三方系统。It should be noted in detail here that in the related art, an OAuth (Open Authorization) protocol is usually used for authorization. OAuth is an open standard that allows users to authorize third-party systems to access user data without the need to provide usernames and passwords to third-party systems, and to prevent sensitive information such as passwords from being leaked to third-party systems.

由上可知,用户授权第三方系统访问用户数据时,一种可能的风险如下:第三方系统可以获得代表用户身份的临时会话令牌,该临时会话令牌和用户状态等信息无关,一般在授权时间内为固定值,如果该临时会话令牌被盗,盗用者将有可能随意读写用户数 据,造成了用户数据安全性低。而且,第三方系统良莠不齐,安全性差的第三方系统存在着被恶意控制或人为原因恶意操作的可能,在这种情况下,如果获取到了第三方系统上维护的所有用户列表和用户授权信息,也有可能使用该用户授权信息随意读写用户数据,造成了用户数据安全性低。It can be seen from the above that when a user authorizes a third-party system to access user data, a possible risk is as follows: the third-party system can obtain a temporary session token representing the user identity, and the temporary session token is independent of information such as user status, and is generally authorized. The time is a fixed value. If the temporary session token is stolen, the thief will be able to read and write the number of users at will. According to this, the user data is low in security. Moreover, third-party systems are mixed, and third-party systems with poor security may be maliciously controlled or maliciously operated by humans. In this case, if all user lists and user authorization information maintained on the third-party system are obtained, there are also The user authorization information may be used to read and write user data at random, resulting in low security of user data.

例如,当合法用户向第三方系统授权后,用户B冒充用户A发起的数据访问请求也可以送达第三方系统,在这种情况下,用户B请求访问用户A的用户数据,第三方系统无法甄别该数据访问请求是否由用户A发起,或者意外允许了用户B冒充用户A发起的数据访问请求,那么用户B就可以随意读写用户A的用户数据,同样造成了用户数据安全性低。For example, after a legitimate user authorizes a third-party system, user B can also send a data access request initiated by user A to a third-party system. In this case, user B requests access to user A's user data, and the third-party system cannot. If the data access request is initiated by the user A, or the user B is accidentally allowed to impersonate the data access request initiated by the user A, the user B can read and write the user data of the user A at will, which also causes the user data to be low in security.

针对上述现有技术在用户使用第三方系统访问数据源的过程中,由于发起访问的账户的安全性差,导致数据源数据安全性差的问题,目前尚未提出有效的解决方案。In the above prior art, in the process of the user accessing the data source by using the third-party system, due to the poor security of the account that initiated the access, the security of the data source data is poor, and no effective solution has been proposed yet.

发明内容Summary of the invention

本申请实施例提供了一种用户数据的访问控制方法、装置及系统,以至少解决现有技术在用户使用第三方系统访问数据源的过程中,由于发起访问的账户的安全性差,导致数据源数据安全性差的技术问题。The embodiment of the present application provides a method, an apparatus, and a system for controlling access of user data, so as to at least solve the problem that the data source is poor in the process of accessing the data source by the third-party system when the user accesses the data source in the prior art. Technical problems with poor data security.

根据本申请实施例的一个方面,提供了一种用户数据的访问控制方法,包括:第一服务器接收账户发起的数据访问请求;第一服务器验证数据访问请求中是否携带账户的上下文信息,和/或对账户的上下文信息进行校验;第一服务器在确定数据访问请求中包含账户的上下文信息,和/或在账户的上下文信息校验通过的情况下,允许发送数据访问请求至第三方系统,使得第三方系统根据数据访问请求访问数据源。According to an aspect of the embodiments of the present application, a method for controlling access of user data is provided, including: a first server receiving an account-initiated data access request; and a first server verifying whether the data access request carries context information of the account, and/ Or verifying the context information of the account; the first server includes the context information of the account in determining the data access request, and/or allowing the data access request to be sent to the third party system if the context information of the account is verified. Enables third-party systems to access data sources based on data access requests.

根据本申请实施例的一个方面,还提供了一种用户数据的访问控制方法,包括:客户端获取账户的上下文信息;客户端发送账户触发的数据访问请求至第一服务器,其中,数据访问请求至少包括上下文信息;客户端接收第一服务器根据数据访问请求获取到的访问数据;其中,在第一服务器确定数据访问请求中包含账户的上下文信息,和/或在账户的上下文信息校验通过的情况下,允许发送数据访问请求至第三方系统,使得第三方系统根据数据访问请求访问数据源。According to an aspect of the embodiments of the present application, an access control method for user data is further provided, including: the client obtains context information of the account; and the client sends an account-triggered data access request to the first server, where the data access request Include at least context information; the client receives the access data obtained by the first server according to the data access request; wherein the first server determines that the data access request includes the context information of the account, and/or the context information of the account is verified In this case, the data access request is allowed to be sent to the third party system, so that the third party system accesses the data source according to the data access request.

根据本申请实施例的一个方面,还提供了一种用户数据的访问控制方法,包括:第三方系统接收第一服务器发送的数据访问请求,其中,数据访问请求为由账户发起的包含了账户的上下文信息的请求;第三方系统转发数据访问请求至数据源服务器;第三方 系统接收数据源服务器返回的数据访问请求所要访问的数据,其中,当数据源服务器根据数据访问请求中包含的上下文信息,确定发起数据访问请求的账户为安全访问账户,且数据访问请求为安全访问请求时,允许第三方系统根据数据访问请求访问数据源。According to an aspect of the embodiments of the present application, an access control method for user data is provided, including: a third-party system receives a data access request sent by a first server, where the data access request is an account initiated by an account. Request for context information; third party system forwards data access request to data source server; third party The system receives data to be accessed by the data access request returned by the data source server, wherein when the data source server determines, according to the context information included in the data access request, the account that initiates the data access request is a secure access account, and the data access request is a secure access. When requested, the third-party system is allowed to access the data source based on the data access request.

根据本申请实施例的另一方面,还提供了一种用户数据的访问控制装置,包括:接收模块,用于接收账户发起的数据访问请求;校验模块,包含第一校验单元和/或第二校验单元,其中,第一校验单元用于验证数据访问请求中是否携带账户的上下文信息,第二校验单元对账户的上下文信息进行校验;控制模块,用于在校验模块校验通过的情况下,允许发送数据访问请求至第三方系统,使得第三方系统根据数据访问请求访问数据源。According to another aspect of the embodiments of the present application, an access control apparatus for user data is provided, including: a receiving module, configured to receive an account-initiated data access request; and a verification module, including a first verification unit and/or a second check unit, wherein the first check unit is configured to verify whether the context information of the account is carried in the data access request, the second check unit checks the context information of the account, and the control module is used in the check module In the case of verification pass, the data access request is allowed to be sent to the third party system, so that the third party system accesses the data source according to the data access request.

根据本申请实施例的另一方面,还提供了一种用户数据的访问控制装置,包括:获取模块,用于获取账户的上下文信息;发送模块,用于发送账户触发的数据访问请求至第一服务器,其中,数据访问请求至少包括上下文信息;接收模块,用于接收第一服务器根据数据访问请求获取到的访问数据;其中,在第一服务器确定数据访问请求中包含账户的上下文信息,和/或在账户的上下文信息校验通过的情况下,允许发送数据访问请求至第三方系统,使得第三方系统根据数据访问请求访问数据源。According to another aspect of the embodiments of the present application, an access control apparatus for user data is further provided, including: an obtaining module, configured to acquire context information of an account; and a sending module, configured to send an account-triggered data access request to the first a server, wherein the data access request includes at least context information; the receiving module is configured to receive the access data acquired by the first server according to the data access request; wherein the first server determines that the data access request includes the context information of the account, and Or, in the case that the context information of the account is verified, the data access request is allowed to be sent to the third-party system, so that the third-party system accesses the data source according to the data access request.

根据本申请实施例的另一方面,还提供了一种用户数据的访问控制装置,包括:第一接收模块,用于接收第一服务器发送的数据访问请求,其中,数据访问请求为由账户发起的包含了账户的上下文信息的请求;转发模块,用于转发数据访问请求至数据源服务器;第二接收模块,用于接收数据源服务器返回的数据访问请求所要访问的数据,其中,当数据源服务器根据数据访问请求中包含的上下文信息,确定发起数据访问请求的账户为安全访问账户,且数据访问请求为安全访问请求时,允许第三方系统根据数据访问请求访问数据源。According to another aspect of the embodiments of the present application, an access control apparatus for user data is provided, including: a first receiving module, configured to receive a data access request sent by a first server, where the data access request is initiated by an account a request for including context information of the account; a forwarding module for forwarding the data access request to the data source server; and a second receiving module, configured to receive data to be accessed by the data access request returned by the data source server, wherein, when the data source The server determines, according to the context information included in the data access request, that the account that initiates the data access request is a secure access account, and the data access request is a secure access request, allowing the third-party system to access the data source according to the data access request.

根据本申请实施例的又一方面,还提供了一种用户数据的访问控制系统,包括:客户终端,用于在账户登录之后,发起数据访问请求;第一服务器,与客户终端通信,用于在验证数据访问请求中包含了账户的上下文信息,和/或验证上下文信息为合法信息之后,透传数据访问请求;第三方系统服务器,与第一服务器通信,用于接收第一服务器透传的数据访问请求;数据源服务器,与第三方系统服务器通信,用于接收第三方系统服务器通信转发的数据访问请求,在根据数据访问请求中包含的上下文信息,确定发起数据访问请求的账户为安全访问账户,且数据访问请求为安全访问请求时,返回数据访问请求对应的访问数据至第三方系统服务器。 According to still another aspect of the embodiments of the present application, an access control system for user data is provided, including: a client terminal, configured to initiate a data access request after the account is logged in; and a first server, configured to communicate with the client terminal, for After the verification data access request includes the context information of the account, and/or the verification context information is the legal information, the data access request is transparently transmitted; the third-party system server communicates with the first server, and is configured to receive the transparent transmission of the first server. a data access request; the data source server communicates with the third-party system server, and is configured to receive a data access request forwarded by the third-party system server, and determine, according to the context information included in the data access request, the account that initiates the data access request is a secure access The account, and when the data access request is a secure access request, returns the access data corresponding to the data access request to the third-party system server.

在本申请实施例中,采用第一服务器接收账户发起的数据访问请求,验证数据访问请求中是否携带账户的上下文信息,和/或对账户的上下文信息进行校验的方式,通过第一服务器在确定数据访问请求中包含账户的上下文信息,和/或在账户的上下文信息校验通过的情况下,允许发送数据访问请求至第三方系统。由以上方案可知,当前账户(可以是合法账户或者伪造账户冒充该合法账户)发出数据访问请求到达第一服务器后,第一服务器会对接收到的每一个数据访问请求进行校验,即第一服务器会判断数据访问请求是否携带账户上下文信息,和/或上下文信息是否能够校验通过,当对数据访问请求的校验通过的情况下,第一服务器允许该数据访问请求发送至第三方系统,进而第三方系统就可以根据该数据访问请求访问数据源。在上述方案中,只有合法账户发起的数据访问请求能够通过校验,而对于冒充合法账户的恶意账户发起的数据访问请求,要么在形式上不携带账户上下文信息,要么在内容上携带的上下文信息不能通过校验。从而达到了使得第三方系统根据数据访问请求访问数据源的目的,进而实现了在第三方系统接收数据访问前就能够鉴别发送该数据访问请求的账户是否为合法账户的技术效果,解决了现有技术在用户使用第三方系统访问数据源的过程中,由于发起访问的账户的安全性差,导致数据源数据安全性差的技术问题。In the embodiment of the present application, the first server receives the data access request initiated by the account, verifies whether the data access request carries the context information of the account, and/or the manner of verifying the context information of the account, by using the first server. Determining that the data access request includes context information of the account, and/or allowing the data access request to be sent to the third party system if the context information of the account is verified. According to the above solution, after the current account (which may be a legitimate account or a forged account pretends to be the legitimate account) sends a data access request to the first server, the first server checks each received data access request, that is, the first The server determines whether the data access request carries the account context information, and/or whether the context information can pass the verification. When the verification of the data access request passes, the first server allows the data access request to be sent to the third-party system. The third party system can then access the data source based on the data access request. In the above solution, only the data access request initiated by the legal account can pass the verification, and the data access request initiated by the malicious account impersonating the legitimate account does not carry the account context information or the context information carried in the content. Can't pass the check. Therefore, the third-party system is configured to access the data source according to the data access request, thereby realizing the technical effect of identifying whether the account that sends the data access request is a legitimate account before the third-party system receives the data access, and the existing solution is solved. Technology In the process of using a third-party system to access a data source, the security of the data of the data source is poor due to the poor security of the account that initiated the access.

附图说明DRAWINGS

此处所说明的附图用来提供对本申请的进一步理解,构成本申请的一部分,本申请的示意性实施例及其说明用于解释本申请,并不构成对本申请的不当限定。在附图中:The drawings described herein are intended to provide a further understanding of the present application, and are intended to be a part of this application. In the drawing:

图1是根据本申请实施例的一种用户数据的访问控制方法的计算机终端的硬件结构框图;1 is a block diagram showing the hardware structure of a computer terminal of an access control method for user data according to an embodiment of the present application;

图2是根据本申请实施例一的用户数据的访问控制方法的流程图;2 is a flowchart of a method for controlling access of user data according to Embodiment 1 of the present application;

图3是根据本申请实施例一的一种可选的用户数据的访问控制方法的业务流程示意图;3 is a schematic diagram of a service flow of an optional access control method for user data according to Embodiment 1 of the present application;

图4是根据本申请图2所示实施例的一种可选的用户数据的访问控制方法的流程示意图;4 is a schematic flowchart of an optional access control method for user data according to the embodiment shown in FIG. 2 of the present application;

图5是根据本申请图2所示实施例的另一种可选的用户数据的访问控制方法的流程示意图;FIG. 5 is a schematic flowchart diagram of another optional access control method for user data according to the embodiment shown in FIG. 2 of the present application; FIG.

图6是根据本申请实施例一的用户数据的访问控制系统的业务流程交互示意图;6 is a schematic diagram of a service flow interaction of an access control system for user data according to Embodiment 1 of the present application;

图7是根据本申请实施例二的用户数据的访问控制方法的流程示意图; 7 is a schematic flowchart of a method for controlling access of user data according to Embodiment 2 of the present application;

图8是根据本申请实施例三的用户数据的访问控制方法的流程示意图;8 is a schematic flowchart of a method for controlling access of user data according to Embodiment 3 of the present application;

图9是根据本申请实施例四的用户数据的访问控制装置的结构示意图;9 is a schematic structural diagram of an access control apparatus for user data according to Embodiment 4 of the present application;

图10是根据本申请图9所示实施例的一种可选的第二校验单元的结构示意图;10 is a schematic structural diagram of an optional second verification unit according to the embodiment shown in FIG. 9 of the present application;

图11是根据本申请图9所示实施例的另外一种可选的第二校验单元的结构示意图;11 is a schematic structural diagram of another optional second verification unit according to the embodiment shown in FIG. 9 of the present application;

图12是根据本申请实施例五的用户数据的访问控制装置的结构示意图;12 is a schematic structural diagram of an access control apparatus for user data according to Embodiment 5 of the present application;

图13是根据本申请实施例六的用户数据的访问控制装置的结构示意图;13 is a schematic structural diagram of an access control apparatus for user data according to Embodiment 6 of the present application;

图14是根据本申请实施例七的用户数据的访问控制系统的结构示意图;14 is a schematic structural diagram of an access control system for user data according to Embodiment 7 of the present application;

图15是根据本申请实施例的一种计算机终端的结构框图。FIG. 15 is a structural block diagram of a computer terminal according to an embodiment of the present application.

具体实施方式detailed description

为了使本技术领域的人员更好地理解本申请方案,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分的实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本申请保护的范围。The technical solutions in the embodiments of the present application are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present application. It is an embodiment of the present application, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present application without departing from the inventive scope shall fall within the scope of the application.

需要说明的是,本申请的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的本申请的实施例能够以除了在这里图示或描述的那些以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。It should be noted that the terms "first", "second" and the like in the specification and claims of the present application and the above-mentioned drawings are used to distinguish similar objects, and are not necessarily used to describe a specific order or order. It is to be understood that the data so used may be interchanged where appropriate, so that the embodiments of the present application described herein can be implemented in a sequence other than those illustrated or described herein. In addition, the terms "comprises" and "comprises" and "the" and "the" are intended to cover a non-exclusive inclusion, for example, a process, method, system, product, or device that comprises a series of steps or units is not necessarily limited to Those steps or units may include other steps or units not explicitly listed or inherent to such processes, methods, products or devices.

下面对本申请涉及到的术语进行解释如下:The terms referred to in this application are explained below:

独立软件提供商(Independent Software Vendors,ISV),或称为独立软件开发商,指专门从事软件的开发、生产、销售和服务的企业。Independent Software Vendors (ISVs), or independent software developers, refer to companies that specialize in the development, production, sales, and service of software.

上下文信息,或称context信息,与账户的活动状态和活动信息相关,账户的上下文信息可以作为重要的评判标准,用以决定第三方系统是否能获取以及能获取多高权限等级的用户数据。Context information, or context information, is related to the activity status and activity information of the account. The context information of the account can be used as an important criterion to determine whether the third-party system can obtain and obtain user data with multiple high-level privilege levels.

实施例一Embodiment 1

根据本申请实施例,还提供了一种用户数据的访问控制方法的方法实施例,需要说 明的是,在附图的流程图示出的步骤可以在诸如一组计算机可执行指令的计算机系统中执行,并且,虽然在流程图中示出了逻辑顺序,但是在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤。According to an embodiment of the present application, a method embodiment of an access control method for user data is also provided, which needs to be said. It will be understood that the steps illustrated in the flowchart of the figures may be executed in a computer system such as a set of computer executable instructions, and, although the logical order is illustrated in the flowchart, in some cases, The steps shown or described are performed in an order different from that herein.

本申请实施例一所提供的方法实施例可以在移动终端、计算机终端或者类似的运算装置中执行。以运行在计算机终端上为例,图1是本申请实施例的一种用户数据的访问控制方法的计算机终端的硬件结构框图。如图1所示,计算机终端10可以包括一个或多个(图中仅示出一个)处理器102(处理器102可以包括但不限于微处理器MCU或可编程逻辑器件FPGA等的处理装置)、用于存储数据的存储器104、以及用于通信功能的传输模块106。本领域普通技术人员可以理解,图1所示的结构仅为示意,其并不对上述电子装置的结构造成限定。例如,计算机终端10还可包括比图1中所示更多或者更少的组件,或者具有与图1所示不同的配置。The method embodiment provided in Embodiment 1 of the present application can be executed in a mobile terminal, a computer terminal or the like. Taking a computer terminal as an example, FIG. 1 is a hardware structural block diagram of a computer terminal of an access control method for user data according to an embodiment of the present application. As shown in FIG. 1, computer terminal 10 may include one or more (only one shown) processor 102 (processor 102 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA) A memory 104 for storing data, and a transmission module 106 for communication functions. It will be understood by those skilled in the art that the structure shown in FIG. 1 is merely illustrative and does not limit the structure of the above electronic device. For example, computer terminal 10 may also include more or fewer components than those shown in FIG. 1, or have a different configuration than that shown in FIG.

存储器104可用于存储应用软件的软件程序以及模块,如本申请实施例中的用户数据的访问控制方法对应的程序指令/模块,处理器102通过运行存储在存储器104内的软件程序以及模块,从而执行各种功能应用以及数据处理,即实现上述的应用程序的漏洞检测方法。存储器104可包括高速随机存储器,还可包括非易失性存储器,如一个或者多个磁性存储装置、闪存、或者其他非易失性固态存储器。在一些实例中,存储器104可进一步包括相对于处理器102远程设置的存储器,这些远程存储器可以通过网络连接至计算机终端10。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。The memory 104 can be used to store software programs and modules of the application software, such as program instructions/modules corresponding to the access control method of the user data in the embodiment of the present application, and the processor 102 runs the software program and the module stored in the memory 104, thereby Perform various functional applications and data processing, that is, implement the vulnerability detection method of the above application. Memory 104 may include high speed random access memory, and may also include non-volatile memory such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory. In some examples, memory 104 may further include memory remotely located relative to processor 102, which may be coupled to computer terminal 10 via a network. Examples of such networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.

传输装置106用于经由一个网络接收或者发送数据。上述的网络具体实例可包括计算机终端10的通信供应商提供的无线网络。在一个实例中,传输装置106包括一个网络适配器(Network Interface Controller,NIC),其可通过基站与其他网络设备相连从而可与互联网进行通讯。在一个实例中,传输装置106可以为射频(Radio Frequency,RF)模块,其用于通过无线方式与互联网进行通讯。Transmission device 106 is for receiving or transmitting data via a network. The network specific examples described above may include a wireless network provided by a communication provider of the computer terminal 10. In one example, the transmission device 106 includes a Network Interface Controller (NIC) that can be connected to other network devices through a base station to communicate with the Internet. In one example, the transmission device 106 can be a Radio Frequency (RF) module for communicating with the Internet wirelessly.

在上述运行环境下,本申请提供了如图2所示的用户数据的访问控制方法。图2是根据本申请实施例一的用户数据的访问控制方法的流程图。In the above operating environment, the present application provides an access control method for user data as shown in FIG. 2. FIG. 2 is a flowchart of a method for controlling access of user data according to Embodiment 1 of the present application.

结合图1和图2可知,上述计算机终端10可以是第一服务器,如图2所示,一种可选的用户数据的访问控制方法包括如下实施步骤:As shown in FIG. 1 and FIG. 2, the computer terminal 10 may be a first server. As shown in FIG. 2, an optional access control method for user data includes the following implementation steps:

步骤S202:第一服务器接收账户发起的数据访问请求。Step S202: The first server receives an account-initiated data access request.

本申请上述步骤S202中,结合图3可知,上述账户可以是客户端注册的合法账户, 也可以是伪造后的非法账户。其中,合法账户登录的客户端可以不限于淘宝、天猫等产品,用户可以在该客户端上注册账户,每个用户使用账户登录客户端之后,可以通过使用该客户端发起上述数据访问请求。In the above step S202 of the present application, as shown in FIG. 3, the account may be a legal account registered by the client. It can also be an illegal account after forgery. The client that logs in to the legal account may not be limited to products such as Taobao and Tmall. The user may register the account on the client. After each user logs in to the client using the account, the user may initiate the data access request by using the client.

此处需要说明的是,结合图3可知,上述第一服务器可以为图3中所示的一种网关,此处的网关用于透传所述数据访问请求。一种可选方案中,上述第一服务器可以是阿里云的负载均衡服务器。It should be noted that, in conjunction with FIG. 3, the foregoing first server may be a gateway shown in FIG. 3, where the gateway is used to transparently transmit the data access request. In an optional solution, the first server may be a cloud load balancing server of Alibaba Cloud.

例如,以淘宝网的卖家实现订单管理功能为例,淘宝网可以提供该卖家的所有数据源(例如订单的产品信息、交易内容、交易金额和产品评价等信息),由于淘宝网没有提供订单管理的功能,此时淘宝网通过提供一个接口实现授权独立软件提供商提供一个可以提供订单管理功能的第三方系统,因此,当任意一个注册成功的登录账户成功登录淘宝之后,可以通过在浏览器中打开上述第三方系统的网页发起数据访问请求,来实现通过第三方系统访问淘宝的数据源来获取访问数据,进一步实现订单管理功能。For example, taking Taobao's sellers to implement the order management function, Taobao can provide all the data sources of the seller (such as product information, transaction content, transaction amount and product evaluation of the order), because Taobao does not provide order management. The function, at this time Taobao provides an interface to enable the independent software provider to provide a third-party system that can provide order management functions. Therefore, when any registered login account successfully logs in to Taobao, it can be passed in the browser. Open the webpage of the above third-party system to initiate a data access request, to access the data source of Taobao through a third-party system to obtain access data, and further implement the order management function.

步骤S204:第一服务器验证数据访问请求中是否携带账户的上下文信息,和/或对账户的上下文信息进行校验。Step S204: The first server verifies whether the data access request carries the context information of the account, and/or checks the context information of the account.

本申请上述步骤S204中涉及到的上下文信息与账户的活动状态和活动信息相关,用于表征该上下文信息对应的账户赋予第三方系统访问该账户用户数据的权限。在本申请实施例中,上下文信息可以包括但不限于账户的在线状态、账户的离线状态、账户的在线时间、账户的离线时间、账户的登录时间、账户的登录地点、账户的登录设备、账户访问用户数据的记录、账户的数据隐私安全等级、账户的常用登录设备、账户的常用登录地点、账户的账号安全状态以及账户的账号风险评估等信息。The context information involved in the above step S204 of the present application is related to the activity status and activity information of the account, and is used to represent the authority of the account corresponding to the context information to the third party system to access the account user data. In the embodiment of the present application, the context information may include, but is not limited to, the online status of the account, the offline status of the account, the online time of the account, the offline time of the account, the login time of the account, the login location of the account, the login device of the account, and the account. Access to the record of user data, the data privacy level of the account, the common login device of the account, the common login location of the account, the account security status of the account, and the account risk assessment of the account.

本申请提供的上述步骤可以实现通过对接收到的数据访问请求中是否携带有上下文信息和/或账户的上下文信息进行校验,来确定发起该数据访问请求的账户是否是合法账户。从上述上下文信息包含的信息种类来看,上下文信息是一种具有非固定值,且黑客无法盗取等特性的数据,因此,采用基于上下文信息来验证账户是否合法具有较高的可信度。本申请这种引入上下文检查机制的方案,可以使得账户的验证结果更加准确,具体的,可以有效解决在用户授权允许的时间内,用户数据被随意访问的问题。The foregoing steps provided by the present application may be implemented to determine whether an account initiating the data access request is a legitimate account by checking whether the received data access request carries context information and/or context information of the account. Judging from the kind of information contained in the above context information, the context information is data having non-fixed values and the hacker cannot steal characteristics. Therefore, it is highly credible to verify whether the account is legal based on the context information. The solution of introducing the context checking mechanism in the present application can make the verification result of the account more accurate, and specifically, can effectively solve the problem that the user data is randomly accessed within the time allowed by the user authorization.

仍旧以淘宝网的卖家实现订单管理功能为例,在淘宝网卖家通过打开提供订单管理功能的第三方系统,触发发送数据访问请求的行为后,客户端的当前登录账户会发出包含该卖家账户的上下文信息的数据访问请求,此时,如果有黑客或者恶意用户伪造该卖家账户,该伪造账户也会冒充该卖家账户并发出数据访问请求,那么卖家自己触发发送 的数据访问请求和冒充卖家发送的数据访问请求都会传送至第一服务器,此时,第一服务器可以通过验证接收到的数据访问请求是否包含上下文信息,和/或该上下文信息是否为合法信息,来分辨出伪造账户。例如图3中所示的网关,对接收到的所有数据访问请求进行上述的验证或校验,以实现对发起该数据访问请求的账户的甄别。As an example, the Taobao seller implements the order management function. After the Taobao seller opens the third party system that provides the order management function and triggers the behavior of sending the data access request, the client's current login account will issue the context containing the seller account. Data access request for information. At this time, if a hacker or a malicious user forges the seller account, the forged account will also pretend to be the seller account and issue a data access request, then the seller triggers the sending The data access request and the data access request sent by the pretending seller are transmitted to the first server. At this time, the first server can verify whether the received data access request contains context information, and/or whether the context information is legal information. To identify fake accounts. For example, the gateway shown in FIG. 3 performs the above verification or verification on all received data access requests to implement screening of the account that initiated the data access request.

步骤S206:第一服务器在确定数据访问请求中包含账户的上下文信息,和/或在账户的上下文信息校验通过的情况下,允许发送数据访问请求至第三方系统,使得第三方系统根据数据访问请求访问数据源。Step S206: The first server includes the context information of the account in determining the data access request, and/or allows the data access request to be sent to the third-party system if the context information of the account is verified, so that the third-party system accesses according to the data. Request access to the data source.

本申请上述步骤S206中,由于在数据访问请求中包含了账户的上下文信息,和/或该上下文信息是合法信息的情况下,可以确定当前的账户为安全账户,因此,第一服务器(可以是图3所示的网关)将允许安全账户发起的数据访问请求透传至第三方系统,进入第三方系统中处理该数据访问请求,即第三方系统根据接收到的数据访问请求访问数据源,向数据源请求该用户的数据。In the above step S206 of the present application, since the context information of the account is included in the data access request, and/or the context information is legal information, the current account may be determined to be a secure account, and therefore, the first server (may be The gateway shown in FIG. 3) allows the data access request initiated by the security account to be transparently transmitted to the third-party system, and enters the third-party system to process the data access request, that is, the third-party system accesses the data source according to the received data access request, The data source requests the user's data.

可选的,第三方系统可以通过向数据源服务器转发该数据访问请求的方式,请求访问存储于数据源服务器中的用户数据,然后,数据源服务器将根据该数据访问请求读取到的用户数据返回至第三方系统。Optionally, the third-party system may request to access the user data stored in the data source server by forwarding the data access request to the data source server, and then the data source server reads the user data according to the data access request. Return to a third-party system.

此处需要说明的是,本申请涉及到的第三方系统为基于软件提供商提供的系统服务器来实现相关系统功能,可以通过至少如下一种方式来触发第三方系统实现相关功能:在浏览器中输入地址来打开上述第三方系统的网页来访问对应的系统服务器,调用启动第三方系统的相关功能;通过触发安装在客户端上的插件来访问对应的系统服务器,从而启动第三方系统的相关功能、通过触发安装在客户端上的应用软件来访问对应的系统服务器,从而启动第三方系统的相关功能。It should be noted that the third-party system involved in the present application implements related system functions for a system server provided by a software provider, and can trigger a third-party system to implement related functions by at least one of the following methods: in a browser. Enter the address to open the webpage of the above third-party system to access the corresponding system server, invoke the related functions of the third-party system, and activate the third-party system by triggering the plug-in installed on the client to access the corresponding system server. The related functions of the third-party system are activated by triggering the application software installed on the client to access the corresponding system server.

由此可知,本申请提供的上述步骤可以实现第一服务器在确定数据访问请求中包含账户的上下文信息,和/或在账户的上下文信息校验通过的情况下,第一服务器认为发出该数据访问请求的账户为合法账户,并将该数据访问请求发送至第三方系统。可以看出,经过第一服务器透传至第三方系统的合法账户发出的数据访问请求,相当于给予第三方系统一个数据源访问权限,并指示了第三方系统去数据源中读取何种类型的用户数据,由此实现了分辨第三方系统接收到的数据访问请求是否由合法账户发出。It can be seen that the foregoing steps provided by the present application may enable the first server to include context information of the account in determining the data access request, and/or the first server considers to issue the data access if the context information of the account is verified. The requested account is a legitimate account and the data access request is sent to a third party system. It can be seen that the data access request sent by the first server transparently transmitted to the legal account of the third-party system is equivalent to giving the third-party system a data source access right, and instructing the third-party system to read what type in the data source. User data, thereby realizing whether the data access request received by the third-party system is sent by a legitimate account.

一种本申请涉及到的数据开放的应用环境中,用户注册得到的合法账户发起的数据访问请求中携带了该账户的上下文信息,未注册账户或者冒充注册账户发出的数据访问请求中则没有携带账户的上下文信息。在这种情况下,第一服务器通过验证数据访问请 求中是否携带账户的上下文信息就可判断该数据访问请求是否是由合法账户发起。In the open data application environment of the present application, the data access request initiated by the legal account obtained by the user carries the context information of the account, and the unregistered account or the data access request issued by the pretending account is not carried. The context information of the account. In this case, the first server authenticates by accessing the data. Whether the request carries the context information of the account can determine whether the data access request is initiated by a legitimate account.

另一种本申请涉及到的数据开放的应用环境中,用户注册得到的合法账户发起的数据访问请求中携带了该账户的上下文信息;而可能经过伪造,未注册账户或者冒充注册账户发出的数据访问请求中看起来像是携带了账户的上下文信息。由于账户的上下文信息具有账户本身的活动状态和活动信息,且该活动状态和活动信息具有可变的属性,无法被黑客获取,因此伪造的数据访问请求即便在形式上看起来携带了上下文信息,在内容上也无法与其冒充的合法账户的真实的上下文信息一致。在这种情况下,第一服务器需要对账户的上下文信息进行校验;或者第一服务器在判断出数据访问请求中是否携带账户的上下文信息后进一步的对账户的上下文信息进行校验,来判断该数据访问请求是否是由合法账户发起。In another application environment in which the data is related to the present application, the data access request initiated by the legal account obtained by the user carries the context information of the account; and may be forged, unregistered, or pretending to be the data sent by the registered account. The access request appears to be carrying the context information of the account. Since the context information of the account has the activity status and activity information of the account itself, and the activity status and the activity information have variable attributes and cannot be acquired by the hacker, the forged data access request seems to carry the context information even though it is formally. The content cannot be consistent with the true contextual information of the legitimate account that it impersonates. In this case, the first server needs to check the context information of the account; or the first server further checks the context information of the account after determining whether the data access request carries the context information of the account, to determine Whether the data access request is initiated by a legitimate account.

具体的,对于淘宝、天猫等产品,第三方系统可以是包括订单管理系统、物流管理系统或虚拟机服务器等,数据源可以是账户在使用淘宝、天猫网站时生成并被记录的各种用户数据,例如对于淘宝买家而言,数据源可以包括:用户头像、用户昵称、用户注册时间、用户登录信息、用户手机号码、用户邮箱、用户地址、用户历史购物信息、用户购物需求、用户收藏信息以及用户支付信息等等。Specifically, for products such as Taobao and Tmall, the third-party system may include an order management system, a logistics management system, or a virtual machine server, and the data source may be generated and recorded by the account when using the Taobao and Tmall websites. User data, for example, for Taobao buyers, the data source may include: user avatar, user nickname, user registration time, user login information, user mobile phone number, user mailbox, user address, user history shopping information, user shopping demand, user Collection information and user payment information, etc.

仍旧以淘宝网的卖家实现订单管理功能为例,对于黑客或者恶意用户伪造淘宝卖家账户,并通过该伪造账户冒充淘宝卖家账户发出的数据访问请求,不可能携带正确的该淘宝卖家账户的上下文信息,因此第一服务器或者验证处该数据访问请求不包含账户上下文信息,或者校验包含的账户上下文信息失败,故而第一服务器可以认定该数据访问请求不是通过合法账户发出的数据访问请求;而对于淘宝卖家自己触发第三方系统(例如订单管理系统)提供的插件发送出的数据访问请求,携带了该卖家账户的上下文信息,第一服务器经验证该数据请求包含了账户上下文信息,且携带的上下文信息校验正确,故而第一服务器可以认定该数据访问请求是通过合法账户发出的数据访问请求,进而将该数据访问请求发送至提供订单管理功能的第三方系统,提供订单管理功能的第三方系统就可以凭借该数据访问请求,访问淘宝网提供的数据源中关于该卖家账户的相关数据(例如订单的产品信息、交易内容、交易金额和产品评价等信息),以获得用户数据,完成第三方系统提供的订单管理功能。As an example, Taobao's seller implements the order management function. For a hacker or a malicious user to forge a Taobao seller account, and impersonate the data access request issued by the Taobao seller account through the forged account, it is impossible to carry the correct context information of the Taobao seller account. Therefore, the first server or the verification server does not include the account context information, or the verification of the included account context information fails, so the first server can determine that the data access request is not a data access request issued by the legitimate account; The Taobao seller triggers the data access request sent by the plug-in provided by the third-party system (such as the order management system), carries the context information of the seller account, and the first server verifies that the data request contains the account context information, and the carried context The information verification is correct, so the first server can determine that the data access request is a data access request issued by the legal account, and then send the data access request to a third-party system that provides the order management function, and provides order management. The third-party system can access the data related to the seller's account in the data source provided by Taobao (such as product information of the order, transaction content, transaction amount and product evaluation) to obtain the user. Data, complete the order management function provided by the third-party system.

由上可知,本申请上述实施例一所提供的方案中,当前账户(可以是合法账户或者伪造账户冒充该合法账户)发出数据访问请求到达第一服务器后,第一服务器会对接收到的每一个数据访问请求进行校验,即第一服务器会判断数据访问请求是否携带账户上 下文信息,和/或上下文信息是否能够校验通过,当对数据访问请求的校验通过的情况下,第一服务器允许该数据访问请求发送至第三方系统,进而第三方系统就可以根据该数据访问请求访问数据源。在上述方案中,只有合法账户发起的数据访问请求能够通过校验,而对于冒充合法账户的恶意账户发起的数据访问请求,要么在形式上不携带账户上下文信息,要么在内容上携带的上下文信息不能通过校验。通过上述方案,实现了允许具有访问权限的合法账户发起的数据访问请求发送至第三方系统,解决了现有技术在用户使用第三方系统访问数据源的过程中,由于发起访问的账户的安全性差,导致数据源数据安全性差的技术问题。As can be seen from the above, in the solution provided by the foregoing embodiment 1, the current account (which may be a legitimate account or a forged account impersonating the legitimate account) sends a data access request to the first server, and the first server receives each received message. A data access request is verified, that is, the first server determines whether the data access request carries the account. Whether the information below, and/or the context information can pass the verification, when the verification of the data access request is passed, the first server allows the data access request to be sent to the third-party system, and the third-party system can then Access requests to access the data source. In the above solution, only the data access request initiated by the legal account can pass the verification, and the data access request initiated by the malicious account impersonating the legitimate account does not carry the account context information or the context information carried in the content. Can't pass the check. Through the foregoing solution, the data access request initiated by the legal account with the access right is allowed to be sent to the third-party system, which solves the problem that the prior art uses the third-party system to access the data source, and the security of the account that initiates the access is poor. A technical problem that leads to poor security of data source data.

本申请上述实施例提供的可选方案中,在步骤S206:第一服务器在确定数据访问请求中包含账户的上下文信息,和/或在账户的上下文信息校验通过的情况下,允许该数据访问请求发送至第三方系统之后,还可以执行如下实施步骤:In the optional solution provided by the foregoing embodiment of the present application, in step S206, the first server includes the context information of the account in determining the data access request, and/or allows the data access if the context information of the account is verified. After the request is sent to a third-party system, you can also perform the following implementation steps:

第一种可选的实施步骤中,第一服务器在确定数据访问请求中没有包含账户的上下文信息,或在账户的上下文信息校验失败的情况下,第一服务器禁止发送数据访问请求至第三方系统,并发出报警信息。In the first optional implementation step, the first server does not include the context information of the account in determining the data access request, or the first server prohibits sending the data access request to the third party if the context information verification of the account fails. System and issue an alarm message.

本申请上述实施步骤中,第一服务器禁止发送未通过校验的数据访问请求至第三方系统,并发出报警信息,用于警示该数据访问请求没有包含上下文信息或者上下文信息校验失败,针对没有包含上下文信息和上下文信息校验失败这两种不同情况,还可以发出不同类型的报警信息。In the foregoing implementation steps of the present application, the first server prohibits sending the data access request that fails the verification to the third-party system, and sends an alarm message for alerting that the data access request does not include the context information or the context information verification fails, Including two different situations: context information and context information verification failure, different types of alarm information can also be issued.

通过上述第一种可选的实施步骤,只有第一服务器判断数据访问请求中携带了账户上下文信息,和/或上下文信息通过校验的数据访问请求,才可以传送至第三方系统,确保了第三方系统接收到的数据访问请求均是由合法账户发出,保证了第三方系统根据数据访问请求访问数据源时,发起该数据访问请求的账户均是合法账户,进而保证了第三方系统接收到的数据访问请求的发起账户的安全性。Through the first optional implementation step, only the first server determines that the data access request carries the account context information, and/or the context information passes the verified data access request, and can be transmitted to the third-party system, ensuring the first The data access request received by the three-party system is sent by the legal account, which ensures that when the third-party system accesses the data source according to the data access request, the account that initiates the data access request is a legitimate account, thereby ensuring the third-party system receives the The security of the originating account of the data access request.

第二种可选的实施步骤中,第一服务器在确定数据访问请求中没有包含账户的上下文信息,或在账户的上下文信息校验失败的情况下,第一服务器发送数据访问请求至第三方系统。In the second optional implementation step, the first server does not include the context information of the account in determining the data access request, or the first server sends the data access request to the third-party system if the context information verification of the account fails. .

本申请上述实施步骤中,即便第一服务器确定数据访问请求中没有包含账户的上下文信息,或账户的上下文信息校验失败,第一服务器依旧发送数据访问请求至第三方系统。此处需要说明的是,尽管第一服务器允许没有包含账户上下文信息的数据访问请求或者账户的上下文信息校验失败的数据访问请求发送至第三方系统,并不意味着第一服 务器可以不执行上述步骤S202至步骤S206提供的方案。In the foregoing implementation steps of the present application, even if the first server determines that the data access request does not include the context information of the account, or the context information verification of the account fails, the first server still sends the data access request to the third party system. It should be noted here that although the first server allows data access requests that do not contain account context information or data access requests for which the context information of the account fails to be sent to a third-party system, it does not mean that the first service The server may not perform the schemes provided in the above steps S202 to S206.

本申请上述实施例提供的一种可选方案中,在执行步骤S202:第一服务器接收账户发起的数据访问请求之前,还可以执行如下实施步骤:In an optional solution provided by the foregoing embodiment of the present application, before performing the step S202: the first server receives the data-initiated request initiated by the account, the following implementation steps may also be performed:

步骤S2012:账户登录客户端之后,向登录服务器发起登录请求。Step S2012: After the account is logged in to the client, a login request is initiated to the login server.

本申请上述步骤S2012中,客户端可以是软件产品,例如淘宝客户端、天猫客户端等软件,也可以是移动终端设备或计算机设备。在用户使用账户登录客户端时,开始向登陆服务器发起登陆请求,登陆服务器会计算生成该账户对应的完整上下文信息(即完整Context信息),同时登录服务器会存储该账户的账号密码信息和上述完整上下文信息。一种优选方案中,登录服务器接收到账户的登录请求后,可以首先判断接收到的登录请求中携带的信息与登录服务器本地存储的账户信息是否匹配,在判断匹配的情况下,允许账户登录并生成完整上下文信息,在判断不匹配的情况下,拒绝账户登录。In the above step S2012 of the present application, the client may be a software product, such as a software such as a Taobao client or a Tmall client, or may be a mobile terminal device or a computer device. When the user logs in to the client using the account, the user initiates a login request to the login server, and the login server calculates the complete context information corresponding to the account (ie, the complete context information), and the login server stores the account password information of the account and the above complete Contextual information. In a preferred solution, after the login server receives the login request of the account, it may first determine whether the information carried in the received login request matches the account information stored locally by the login server, and if the matching is determined, the account is allowed to log in. Generate complete context information and reject account login if there is no match.

仍旧以淘宝网的卖家实现订单管理功能为例,使用提供订单管理功能的第三方系统时,淘宝卖家首先需要登录淘宝客户端,淘宝卖家账户向登录服务器,例如淘宝服务器,发起登录请求,完成淘宝卖家账号的登录。As an example, Taobao's sellers implement order management functions. When using a third-party system that provides order management functions, Taobao sellers first need to log in to Taobao client, Taobao seller account to login server, such as Taobao server, initiate login request, complete Taobao. Login for the seller account.

步骤S2014:客户端接收登录服务器返回的上下文信息,其中,上下文信息为登录服务器根据登录请求生成的完整上下文信息中的子集。Step S2014: The client receives the context information returned by the login server, where the context information is a subset of the complete context information generated by the login server according to the login request.

本申请上述步骤S2014中,在登录服务器根据登录请求生成完整的上下文信息之后,登陆服务器会返回上下文信息(Context信息)到客户端,此处的Context信息可以为登陆服务器生成的完整Context信息的子集。In the above step S2014 of the present application, after the login server generates the complete context information according to the login request, the login server returns the context information (Context information) to the client, where the Context information may be the child of the complete context information generated by the login server. set.

此处需要说明的是,完整的上下文信息中可以包含指定的所有种类的账户信息。出于实际需求或登录服务器传输数据量考虑,登录服务器可以选择仅将完整上下文信息的其中一个子集返回至客户端,上下文信息包含但不限于用户的账户ID,用户信息的某种变形处理算法结果等(例如采用md5等不可逆算法,对账户信息进行变换处理,得到对应的哈希值)。对于向客户端返回的是完整上下文信息中的哪一个子集,本申请实施例不做限定。登录服务器向客户端返回的上下文信息可以采用明文传输,也可以采用密文传输。It should be noted here that the complete context information can contain all kinds of account information specified. The login server may choose to return only one subset of the complete context information to the client for actual needs or the amount of data transmitted by the login server. The context information includes but is not limited to the user's account ID, and some variant processing algorithm of the user information The result, etc. (for example, using an irreversible algorithm such as md5, the account information is transformed to obtain a corresponding hash value). The embodiment of the present application is not limited to which subset of the complete context information is returned to the client. The context information returned by the login server to the client can be transmitted in plain text or in cipher text.

通过上述步骤S2014,登录服务器可以通过提取完整上下文信息中的必要信息,形成一个完整上下文信息的子集返回至客户端。在返回的上下文信息能满足第一服务器对于数据访问请求中是否携带上下文信息进行验证、和/或对包含的上下文信息是否正确进行校验的需求的情况下,向客户端返回完整上下文信息的其中一个子集的方式能有效减 少登录服务器向客户端发送的信息量。在短时间内有大量用户向登录服务器发起登录请求的情况下,这种方式将能有效节约登录服务器的系统资源,减少登录服务器的数据传输负担。Through the above step S2014, the login server can form a subset of the complete context information and return it to the client by extracting the necessary information in the complete context information. In the case that the returned context information can satisfy the requirement of the first server to verify whether the context information is carried in the data access request, and/or to verify whether the included context information is correct, the complete context information is returned to the client. A subset of methods can be effectively reduced The amount of information sent by the login server to the client. In the case that a large number of users initiate a login request to the login server in a short period of time, this method can effectively save the system resources of the login server and reduce the data transmission burden of the login server.

仍旧以淘宝网的卖家实现订单管理功能为例,登录服务器(例如是淘宝服务器)中不仅存储了该淘宝卖家的用户名和用户密码信息,还存储了该淘宝卖家账户的例如账户的在线状态、账户的离线状态、账户的在线时间、账户的离线时间、账户的登录时间、账户的登录地点、账户的登录设备、账户访问用户数据的记录、账户的数据隐私安全等级、账户的常用登录设备、账户的常用登录地点、账户的账号安全状态以及账户的账号风险评估等信息。淘宝服务器向卖家账户返回信息时,淘宝服务器根据存储的卖家账户的信息,计算生成账户的完整上下文信息,并将生成的完整上下文信息中的其中一个子集返回至客户端。As an example, the Taobao seller implements the order management function. The login server (for example, Taobao server) stores not only the user name and user password information of the Taobao seller, but also the online status and account of the account of the Taobao seller account. Offline status, online time of account, offline time of account, login time of account, login location of account, login device of account, record of account access user data, data privacy security level of account, common login device of account, account Common login location, account security status of the account, and account risk assessment of the account. When the Taobao server returns information to the seller account, the Taobao server calculates the complete context information of the generated account according to the stored information of the seller account, and returns one of the generated complete context information to the client.

步骤S2016:客户端发送携带有上下文信息的数据访问请求至第一服务器。Step S2016: The client sends a data access request carrying the context information to the first server.

本申请上述步骤S2016提供的方案,可以实现在客户端接收到登录服务器返回的上下文信息之后,当客户端发起数据访问请求时,会将上下文信息加载至数据访问请求中,一并发送给第一服务器。由此,当登录账户触发第三方系统发起数据访问请求(例如用户在浏览器中打开第三方系统网页产生的数据访问请求),均会生成包含该上下文信息的数据访问请求。The solution provided in step S2016 of the present application may be implemented after the client receives the context information returned by the login server, and when the client initiates the data access request, the context information is loaded into the data access request and sent to the first server. Thus, when the login account triggers the third party system to initiate a data access request (eg, the user opens a data access request generated by the third party system webpage in the browser), a data access request including the context information is generated.

仍旧以淘宝网的卖家实现订单管理功能为例,当淘宝卖家在浏览器中打开提供订单管理功能的第三方系统时后,产生包含该淘宝卖家账户的数据访问请求数据访问请求,发送至第一服务器。该请求数据访问请求用于指示第三方系统访问淘宝提供的数据源服务器中该卖家账户用户数据的权限。Still taking the order management function of the seller of Taobao. For example, when the Taobao seller opens the third-party system that provides the order management function in the browser, the data access request data access request containing the Taobao seller account is generated and sent to the first server. The request data access request is used to instruct the third party system to access the user data of the seller account in the data source server provided by Taobao.

由上可知,本申请上述步骤S2012至步骤S2016提供了一种生成并将上下文信息发送至第一服务器的可选方案。基于上述步骤S2012发起登录请求,通过步骤S2014来接收由该登录请求触发后生成的上下文信息,在第三方系统需要访问数据源时,生成包含上下文信息的数据访问请求,并最终通过步骤S2016发送至第一服务器。As can be seen from the above, the above steps S2012 to S2016 of the present application provide an alternative for generating and transmitting context information to the first server. The login request is initiated based on the above step S2012, and the context information generated by the login request is received in step S2014. When the third party system needs to access the data source, the data access request including the context information is generated, and finally sent to the step S2016 to The first server.

本申请上述实施例提供的一种可选方案中,在上述步骤S2014:客户端接收登录服务器返回的上下文信息之前,还可以执行如下实施步骤:In an optional solution provided by the foregoing embodiment, before the step S2014: the client receives the context information returned by the login server, the following implementation steps may be performed:

步骤S2013:登录服务器对账户信息进行加密,并根据加密后的数据生成上下文信息。Step S2013: The login server encrypts the account information, and generates context information according to the encrypted data.

本申请上述步骤S2013中,上下文信息仍旧可以是登录服务器在生成的完整上下文 信息的子集。在生成上下文信息时,可以对用户账户信息进行加密,或者进行一次变换,例如采用MD5进行处理,根据加密后的密文信息或者变换后的数据生成上下文信息。通过上述步骤实现登录服务器与客户端之间信息的可靠传输,避免了本次用户上下文信息被窃取的可能性,同时,当加密或变换后的数据量小于原始信息的数据量时,在传输过程中还可以进一步节省系统资源,提高传输效率。例如,对上下文信息进行一次不可逆变换(比如进行md5等不可逆运算),得到对应的哈希值,由于哈希值的数据长度更小,使得登录服务器与客户端之间传输的数据不仅具有更高密级,且占用更少系统资源。In the above step S2013 of the present application, the context information may still be the complete context generated by the login server. A subset of the information. When the context information is generated, the user account information may be encrypted or transformed once, for example, by using MD5, and the context information may be generated based on the encrypted ciphertext information or the transformed data. Through the above steps, reliable transmission of information between the login server and the client is realized, thereby avoiding the possibility that the user context information is stolen, and at the same time, when the amount of data after encryption or transformation is smaller than the data amount of the original information, during the transmission process It can further save system resources and improve transmission efficiency. For example, the context information is irreversibly transformed (for example, irreversible operation such as md5), and the corresponding hash value is obtained. Since the data length of the hash value is smaller, the data transmitted between the login server and the client is not only higher. Level and take up less system resources.

本申请上述实施例提供的一种可选方案中,上述步骤S204:对账户的上下文信息进行校验可以包括如下至少两种具体的实施步骤,下面结合图4和图5,分别对两种具体的实施步骤进行介绍:In an optional solution provided by the foregoing embodiment of the present application, the step S204: verifying the context information of the account may include at least two specific implementation steps, and respectively, in combination with FIG. 4 and FIG. The implementation steps are introduced:

本申请的第一服务器可以是图3所示的网关,如图4所示,本申请上述实施例提供的一种可选方案中,上述步骤S204中:对账户的上下文信息进行校验,第一种具体的实施步骤包括如下步骤S402至步骤S406:The first server of the present application may be the gateway shown in FIG. 3, as shown in FIG. 4, in an optional solution provided by the foregoing embodiment, the foregoing step S204: verifying the context information of the account, A specific implementation step includes the following steps S402 to S406:

步骤S402:第一服务器在确定数据访问请求中携带上下文信息之后,读取数据访问请求中携带的上下文信息。Step S402: After determining that the data access request carries the context information, the first server reads the context information carried in the data access request.

本申请上述步骤S402中,第一服务器在接收到数据访问请求后,在确定数据访问请求中携带有至少看起来像是上下文信息的内容后,读取数据访问请求中携带的上下文信息。In the above step S402 of the present application, after receiving the data access request, the first server reads the context information carried in the data access request after determining that the data access request carries at least the content that appears to be the context information.

步骤S404:第一服务器将上下文信息与预存的完整上下文信息进行匹配,在匹配成功的情况下,确定账户的上下文信息为合法信息。Step S404: The first server matches the context information with the pre-stored complete context information. If the matching is successful, the context information of the account is determined to be legal information.

本申请上述步骤S404中,如本申请上述实施例中所述,合法帐户可以发出包含上下文信息的数据访问请求,伪造账户也可以冒充合法账户,发出包含看起来像是该合法账户的上下文信息的数据访问请求。因此,第一服务器在读取到上下文信息后,会将该上下文信息与预存的完整上下文信息进行匹配。预存的完整上下文信息,可以是存储的完整上下文信息,也可以是缓存的完整上下文信息。In the above step S404 of the present application, as described in the foregoing embodiment of the present application, the legal account may issue a data access request including context information, and the forged account may also impersonate a legitimate account and issue context information including what appears to be the legitimate account. Data access request. Therefore, after the context information is read by the first server, the context information is matched with the pre-stored complete context information. Pre-stored complete context information, which can be the complete context information stored or the full context information of the cache.

在一种可能的情况下,结合图4可知,由于登录服务器中有完整上下文信息,可以将完整上下文信息固定存储在登录服务器中时,待到第一服务器执行将上下文信息与预存的完整上下文信息进行匹配的步骤时,第一服务器向登录服务器发出读取该完整上下文信息的请求,并接收登录服务器返回的完整上下文信息。In a possible case, as shown in FIG. 4, when the complete context information can be fixedly stored in the login server due to the complete context information in the login server, the first server executes the context information and the pre-stored complete context information. When the matching step is performed, the first server issues a request to the login server to read the complete context information, and receives the complete context information returned by the login server.

在另一种可能的情况下,结合图4可知,尽管登录服务器中有完整上下文信息,但 是每次第一服务器执行将上下文信息与预存的完整上下文信息进行匹配的步骤时,都向登录服务器发出读取该完整上下文信息的请求,会导致登录服务器的负担过重。因此,可以将完整上下文信息仅是缓存在登录服务器中,以便降低对于登录服务器的存储量的要求。在这种情况下,在登录服务器生成上下文信息并返回给客户端时,登录服务器还可以将完整上下文信息发送至第一服务器进行存储,待到第一服务器执行将上下文信息与预存的完整上下文信息进行匹配的步骤时,第一服务器读取本地存储的完整上下文信息。至于登录服务器将完整上下文信息发送给第一服务器后,登录服务器中的完整上下文信息是否要删除,本申请实施例中不做限定。In another possible case, as can be seen in conjunction with Figure 4, although there is full context information in the login server, Each time the first server performs the step of matching the context information with the pre-stored complete context information, the request to read the complete context information to the login server causes the login server to be overburdened. Therefore, the full context information can be cached only in the login server in order to reduce the amount of storage required for the login server. In this case, when the login server generates the context information and returns to the client, the login server may also send the complete context information to the first server for storage, and wait until the first server performs the context information and the pre-stored complete context information. When the matching step is performed, the first server reads the complete context information stored locally. After the login server sends the complete context information to the first server, whether the complete context information in the login server is to be deleted is not limited in the embodiment of the present application.

在又一种可能的情况下,结合图4可知,尽管登录服务器中有完整上下文信息,但是每次第一服务器执行将上下文信息与预存的完整上下文信息进行匹配的步骤时,都向登录服务器发出读取该完整上下文信息的请求,会导致登录服务器的负担过重。因此,可以将完整上下文信息仅是缓存在登录服务器中,以便降低对于登录服务器的存储量的要求。在这种情况下,可配置上下文信息服务器,在登录服务器生成上下文信息并返回给客户端时,登录服务器还可以将完整上下文信息发送至上下文信息服务器进行存储,待到第一服务器执行将上下文信息与预存的完整上下文信息进行匹配的步骤时,第一服务器向上下文信息服务器发出读取该完整上下文信息的请求,并接收上下文信息服务器返回的完整上下文信息。至于登录服务器将完整上下文信息发送给上下文信息服务器后,登录服务器中的完整上下文信息是否要删除,本申请实施例中不做限定。In another possible case, as can be seen from FIG. 4, although the login server has complete context information, each time the first server performs the step of matching the context information with the pre-stored complete context information, the login server is issued. A request to read the full context information can be overburdened by the login server. Therefore, the full context information can be cached only in the login server in order to reduce the amount of storage required for the login server. In this case, the context information server can be configured. When the login server generates context information and returns to the client, the login server can also send the complete context information to the context information server for storage, and wait until the first server executes the context information. When the step of matching the pre-stored complete context information is performed, the first server issues a request to the context information server to read the complete context information, and receives the complete context information returned by the context information server. After the login server sends the complete context information to the context information server, whether the complete context information in the login server is to be deleted is not limited in the embodiment of the present application.

针对登录服务器不执行上述步骤S2013和登录服务器执行上述步骤S2013和两种实施方案,在本申请上述步骤S404还可包括如下两种具体步骤:The foregoing step S2013 and the login server perform the above steps S2013 and the two implementations for the login server. The foregoing step S404 of the present application may further include the following two specific steps:

在一种可选的实施方案中,登录服务器不执行上述步骤S2013,即登录服务器没有对账户信息进行加密,那么步骤S404:第一服务器将上下文信息与预存的完整上下文信息进行匹配的具体步骤还包括:第一服务器从预存的完整上下文信息提取与上下文信息对应的信息类型和数据内容,第一服务器通过判断提取到的数据与第一服务器读取到的上下文信息是否匹配,就可以得出第一服务器读取到的上下文信息与预存的完整上下文信息是否匹配的结果。In an optional implementation, the login server does not perform the above step S2013, that is, the login server does not encrypt the account information, then step S404: the specific step of the first server matching the context information with the pre-stored complete context information is further The method includes: the first server extracts the information type and the data content corresponding to the context information from the pre-stored complete context information, and the first server determines that the extracted data matches the context information read by the first server, The result of whether the context information read by the server matches the pre-stored complete context information.

在另一种可选的实施方案中,登录服务器执行上述步骤S2013,即登录服务器对账户信息进行加密或变换,并根据加密后或变换后的数据生成上下文信息;那么步骤S404:第一服务器将上下文信息与预存的完整上下文信息进行匹配的具体步骤还包括如下两种方式: In another optional implementation, the login server performs the above step S2013, that is, the login server encrypts or transforms the account information, and generates context information according to the encrypted or transformed data; then step S404: the first server will The specific steps of matching the context information with the pre-stored complete context information include the following two methods:

在第一种方式中,第一服务器从预存的完整上下文信息提取与上下文信息对应的信息类型和数据内容,并对提取后的数据进行加密,其中,第一服务器对提取后的数据进行的加密算法与步骤S2013中登录服务器所执行的加密算法相同或相应。此后,第一服务器可以通过判断加密后得到的数据与第一服务器读取到的上下文信息是否匹配,就可以得出第一服务器读取到的上下文信息与预存的完整上下文信息是否匹配的结果。In the first mode, the first server extracts the information type and the data content corresponding to the context information from the pre-stored complete context information, and encrypts the extracted data, wherein the first server encrypts the extracted data. The algorithm is the same as or corresponding to the encryption algorithm executed by the login server in step S2013. Thereafter, the first server can determine whether the context information read by the first server matches the pre-stored complete context information by determining whether the encrypted data matches the context information read by the first server.

在第二种方式中,在第一服务器执行将上下文信息与预存的完整上下文信息进行匹配的步骤时,第一服务器向上下文信息服务器发出匹配认证请求,该匹配认证请求中包含了第一服务器读取到的上下文信息;上下文信息服务器接收第一服务器发来的上下文信息,并且,上下文信息服务器从预存在本地的完整上下文信息中提取与第一服务器发来的上下文信息对应的信息类型和数据内容,并对提取后的数据进行加密。其中,上下文信息服务器对提取后的数据进行的加密算法与步骤S2013中登录服务器所执行的加密算法相同或相应。此后,上下文信息服务器可以通过判断加密后得到的数据与上下文信息服务器接收到的由第一服务器转发来的上下文信息是否匹配,就可以得出第一服务器转发来的上下文信息与预存在本地的完整上下文信息是否匹配的结果。上下文信息服务器将该结果返回给第一服务器。In the second mode, when the first server performs the step of matching the context information with the pre-stored complete context information, the first server sends a matching authentication request to the context information server, where the matching authentication request includes the first server read The context information obtained by the first server receives the context information sent by the first server, and the context information server extracts the information type and data content corresponding to the context information sent by the first server from the pre-existing local complete context information. And encrypt the extracted data. The encryption algorithm performed by the context information server on the extracted data is the same as or corresponding to the encryption algorithm executed by the login server in step S2013. Thereafter, the context information server can determine whether the context information forwarded by the first server and the pre-existing local complete are obtained by determining whether the encrypted data matches the context information forwarded by the first server received by the context information server. Whether the context information matches the result. The context information server returns the result to the first server.

步骤S406:第一服务器生成账户的合法访问标识信息,其中,合法访问标识信息用于表征发起数据访问请求的账户为合法账户。Step S406: The first server generates legal access identification information of the account, where the legal access identification information is used to represent that the account that initiated the data access request is a legal account.

本申请上述步骤S406中,合法访问标识信息由第一服务器生成,表示该数据访问请求经第一服务器验证通过。对于伪造账户冒充合法账户的情况,伪造账户冒充合法账户发出的数据访问请求无法通过第一服务器验证,即伪造账户无法被第一服务器认定为是合法账户,由于伪造账户发起的数据访问请求中没有携带上下文信息,因此,第一服务器不会透传伪造账户发出的数据访问请求,进而不会为伪造账户发起的数据访问请求生成一个合法访问标识信息。In the above step S406 of the present application, the legal access identification information is generated by the first server, indicating that the data access request is verified by the first server. In the case of a fake account impersonating a legitimate account, the data access request issued by the forged account impersonating the legitimate account cannot be verified by the first server, that is, the forged account cannot be regarded as a legitimate account by the first server, and the data access request initiated by the forged account is not The context information is carried. Therefore, the first server does not transparently transmit the data access request sent by the forged account, and thus does not generate a legal access identifier information for the data access request initiated by the forged account.

此处需要说明的是,在本申请上述实施例中,第一服务器可以仅允许通过验证的数据访问请求发送至第三方系统;第一服务器也可以允许未通过验证的数据访问请求发送至第三方系统。此时,合法访问标识信息就可以用于标识第一服务器的验证结果,具有合法访问标识信息的数据访问请求所对应的账户为合法账户。It should be noted that, in the foregoing embodiment of the present application, the first server may only allow the data access request through the verification to be sent to the third-party system; the first server may also allow the un-verified data access request to be sent to the third party. system. At this time, the legal access identification information can be used to identify the verification result of the first server, and the account corresponding to the data access request with the legal access identification information is a legal account.

此处还需要说明的是,第一服务器在确定账户的上下文信息为合法信息后,可以通过更新用户上下文信息中特定的元素数据来实现上述步骤S406,在这种情况下,更新后的元素数据可视为合法访问标识信息。 It should be noted that, after determining that the context information of the account is legal information, the first server may implement the foregoing step S406 by updating specific element data in the user context information, in this case, the updated element data. Can be considered legal access identification information.

由上可知,本申请上述步骤S402至步骤S406提供了一种第一服务器对账户的上下文信息进行校验的可选方案。第一服务器读取访问请求中包含的账户上下文信息,并判断上下文信息与预存的完整上下文信息是否匹配,在匹配成功的情况下,确定账户的上下文信息为合法信息,并生成账户的合法访问标识信息。It can be seen from the above that the above steps S402 to S406 of the present application provide an alternative scheme for the first server to verify the context information of the account. The first server reads the account context information included in the access request, and determines whether the context information matches the pre-stored complete context information. If the matching is successful, the context information of the account is determined to be legal information, and the legal access identifier of the account is generated. information.

本申请上述实施例提供的一种可选方案中,如图5所示,上述步骤S204中:对账户的上下文信息进行校验,第二种具体的实施步骤包括如下步骤S502至步骤S506:In an optional solution provided by the foregoing embodiment of the present application, as shown in FIG. 5, in step S204, the context information of the account is verified, and the second specific implementation step includes the following steps S502 to S506:

步骤S502:第一服务器在确定数据访问请求中携带上下文信息之后,发送上下文信息至上下文信息服务器。Step S502: After determining that the data access request carries the context information, the first server sends the context information to the context information server.

本申请上述步骤S502中,第一服务器在接收到数据访问请求后,在确定数据访问请求中携带有至少看起来像是上下文信息的内容后,读取数据访问请求中携带的上下文信息,并将该数据访问请求中上下文信息发送至上下文信息服务器。In the foregoing step S502 of the present application, after receiving the data access request, the first server reads the context information carried in the data access request after determining that the data access request carries at least the content that appears to be the context information, and The context information in the data access request is sent to the context information server.

步骤S504:第一服务器接收上下文信息服务器验证上下文信息的验证结果。Step S504: The first server receives the verification result of the context information server verification context information.

此处需要说明的时,在本申请上述步骤S504之前,登录服务器生成上下文信息并返回给客户端时,登录服务器还将完整上下文信息发送至上下文信息服务器进行存储。并且,上下文信息服务器将通过上述步骤S502接收到的上下文信息与预存在本地的完整上下文信息进行匹配,在匹配成功的情况下,验证结果为账户的上下文信息为合法信息,上下文信息服务器将验证结果再返回至第一服务器后,第一服务器执行上述步骤S504。When it is necessary to explain here, before the above-mentioned step S504 of the present application, when the login server generates the context information and returns it to the client, the login server also sends the complete context information to the context information server for storage. And the context information server matches the context information received by the foregoing step S502 with the pre-existing local complete context information. If the matching is successful, the verification result is that the context information of the account is legal information, and the context information server verifies the verification result. After returning to the first server, the first server performs the above step S504.

针对登录服务器不执行上述步骤S2013和登录服务器执行上述步骤S2013和两种实施方案,在本申请上下文信息服务器将上下文信息与预存在本地的完整上下文信息进行匹配的具体步骤还可包括如下两种具体步骤:The specific steps of matching the context information with the pre-existing local complete context information in the context information server of the present application may further include the following two specific steps: step:

在第一种实施方案中,登录服务器不执行上述步骤S2013,即登录服务器没有对账户信息进行加密,那么上下文信息服务器将上下文信息与预存在本地的完整上下文信息进行匹配的具体步骤包括:上下文信息服务器从预存在本地的完整上下文信息中提取与第一服务器发来的上下文信息对应的信息类型和数据内容,上下文信息服务器通过判断提取到的数据与第一服务器发来的上下文信息是否匹配,就可以得出第一服务器发来的上下文信息与预存在本地的完整上下文信息是否匹配的结果。In the first embodiment, the login server does not perform the above step S2013, that is, the login server does not encrypt the account information, and the specific steps of the context information server matching the context information with the pre-existing local complete context information include: context information The server extracts the information type and the data content corresponding to the context information sent by the first server from the pre-existing local complete context information, and the context information server determines whether the extracted data matches the context information sent by the first server, It can be concluded that the context information sent by the first server matches the pre-existing local complete context information.

在第二种实施方案中,登录服务器执行上述步骤S2013,即登录服务器对账户信息进行加密或变换,并根据加密后或变换后的数据生成上下文信息;那么第一服务器读取到的上下文信息是根据加密后的数据生成的,此时,那么上下文信息服务器将上下文信息与预存在本地的完整上下文信息进行匹配的具体步骤包括:上下文信息服务器从预存 在本地的完整上下文信息中提取与第一服务器发来的上下文信息对应的信息类型和数据内容,并对提取后的数据进行加密。其中,上下文信息服务器对提取后的数据进行的加密算法与步骤S2013中登录服务器所执行的加密算法相同或相应。此后,上下文信息服务器可以通过判断加密后得到的数据与上下文信息服务器接收到的由第一服务器转发来的上下文信息是否匹配,就可以得出第一服务器转发来的上下文信息与预存在本地的完整上下文信息是否匹配的结果。上下文信息服务器将该结果返回给第一服务器。In the second embodiment, the login server performs the above step S2013, that is, the login server encrypts or transforms the account information, and generates context information according to the encrypted or transformed data; then the context information read by the first server is According to the encrypted data, at this time, the specific steps of the context information server matching the context information with the pre-existing local complete context information include: the context information server is pre-stored Extracting the information type and data content corresponding to the context information sent by the first server in the local complete context information, and encrypting the extracted data. The encryption algorithm performed by the context information server on the extracted data is the same as or corresponding to the encryption algorithm executed by the login server in step S2013. Thereafter, the context information server can determine whether the context information forwarded by the first server and the pre-existing local complete are obtained by determining whether the encrypted data matches the context information forwarded by the first server received by the context information server. Whether the context information matches the result. The context information server returns the result to the first server.

步骤S506:在验证结果为账户的上下文信息为合法信息的情况下,第一服务器接收上下文信息服务器生成的账户的合法访问标识信息,其中,合法访问标识信息用于表征发起的数据访问请求的账户为合法账户。Step S506: In the case that the verification result is that the context information of the account is legal information, the first server receives the legal access identifier information of the account generated by the context information server, where the legal access identifier information is used to represent the account of the initiated data access request. Is a legal account.

本申请上述步骤S506中,合法访问标识信息由上下文信息服务器生成,表示该数据访问请求经上下文服务器验证通过。对于伪造账户冒充合法账户的情况,伪造账户冒充合法账户发出的数据访问请求无法通过上下文服务器的验证,即伪造账户无法被上下文服务器认定为是合法账户,伪造账户不可能具有上下文服务器生成的合法访问标识信息。上下文信息服务器将生成的合法访问标识信息发送至第一服务器,第一服务器可以根据接收到的合法访问标识信息,控制是否允许数据访问请求发送至第三方系统。In the above step S506 of the present application, the legal access identification information is generated by the context information server, indicating that the data access request is verified by the context server. In the case of a fake account impersonating a legitimate account, the data access request issued by the forged account impersonating the legitimate account cannot be verified by the context server, that is, the forged account cannot be recognized as a legitimate account by the context server, and the forged account may not have the legitimate access generated by the context server. Identification information. The context information server sends the generated legal access identifier information to the first server, and the first server may control whether to allow the data access request to be sent to the third-party system according to the received legal access identifier information.

此处需要说明的是,第一服务器在接收到上下文信息服务器发来的合法访问标识信息后,可以通过更新存储于第一服务器中的用户上下文信息中特定的元素数据,来实现第一服务器存储合法访问标识信息。It should be noted that after receiving the legal access identifier information sent by the context information server, the first server may implement the first server storage by updating specific element data in the user context information stored in the first server. Legal access to identification information.

由上可知,本申请上述步骤S502至步骤S506提供了一种第一服务器对账户的上下文信息进行校验的可选方案。第一服务器将读取到的账户上下文信息发送至上下文信息服务器,由上下文信息服务器完成上下文信息的匹配认证工作,并在匹配成功的情况下,确定账户的上下文信息为合法信息,并生成账户的合法访问标识信息发给第一服务器。第一服务器通过接收上下文信息服务器发来的合法访问标识信息,实现了第一服务器对账户的上下文信息进行校验。As can be seen from the above, the foregoing steps S502 to S506 of the present application provide an alternative for the first server to verify the context information of the account. The first server sends the read account context information to the context information server, and the context information server completes the matching authentication work of the context information, and if the matching is successful, determines that the context information of the account is legal information, and generates an account. The legal access identification information is sent to the first server. The first server implements verification of the context information of the account by receiving the legal access identifier information sent by the context information server.

由上可知,对于上述步骤S204:对账户的上下文信息进行校验包含两种具体的实施步骤,在步骤S402至步骤S406所提供的第一种具体的实施步骤中,第一服务器完成了获取数据访问请求中携带的上下文信息,并完成上下文信息与预存的完整上下文信息是否匹配的判断,并针对匹配成功的账户生成合法访问标识信息,即认定该账户为合法账户。在步骤S502至步骤S506所提供的第二种具体的实施步骤中,上下文信息服务器通过接收第一服务器获取的数据访问请求中携带的上下文信息,完成上下文信息与预存在 本地的完整上下文信息是否匹配的判断,针对匹配成功的账户生成合法访问标识信息,即认定该账户为合法账户,并将该合法访问标识信息返回至第一服务器。上述两种具体实施步骤均可以实现对账户的上下文信息进行校验,第一种具体实施步骤由第一服务器完成,在数据处理上更具便捷性,第二种具体实施步骤由上下文信息服务器完成,可以有效分担第一服务器的数据处理任务,提高数据处理效率。It can be seen from the above that, for the above step S204: verifying the context information of the account includes two specific implementation steps. In the first specific implementation step provided in steps S402 to S406, the first server completes the acquisition of the data. The context information carried in the request is accessed, and the judgment of whether the context information matches the pre-stored complete context information is completed, and the legal access identifier information is generated for the successfully matched account, that is, the account is determined to be a legitimate account. In the second specific implementation step provided by the step S502 to the step S506, the context information server completes the context information and the pre-existence by receiving the context information carried in the data access request acquired by the first server. If the local complete context information is matched, the legal access identifier information is generated for the successfully matched account, that is, the account is determined to be a legitimate account, and the legal access identifier information is returned to the first server. The above two specific implementation steps can implement verification of the context information of the account. The first specific implementation step is completed by the first server, which is more convenient in data processing, and the second specific implementation step is completed by the context information server. The data processing task of the first server can be effectively shared, and the data processing efficiency is improved.

本申请上述实施例提供的可选方案中,在步骤S206:允许发送数据访问请求至第三方系统之后,还可以包括如下实施步骤:In the optional solution provided by the foregoing embodiment of the present application, after the step S206: allowing the data access request to be sent to the third-party system, the following implementation steps may be further included:

步骤S207:数据源服务器接收第三方系统转发的数据访问请求;Step S207: The data source server receives the data access request forwarded by the third-party system.

本申请上述步骤S207中,第三方系统接收到第一服务器发送来的数据访问请求后,第三方系统将数据访问请求转发至数据源服务器,数据访问请求用于指示第三方系统请求获取数据源中存储的合法账户的用户数据。In the above step S207 of the present application, after the third-party system receives the data access request sent by the first server, the third-party system forwards the data access request to the data source server, and the data access request is used to instruct the third-party system to request the data source. User data of the legal account stored.

步骤S208:数据源服务器访问第一服务器或上下文信息服务器,如果查询得到账户的合法访问标识信息,则确定合法账户发起的数据访问请求为安全访问请求;Step S208: The data source server accesses the first server or the context information server. If the query obtains the legal access identifier information of the account, it determines that the data access request initiated by the legal account is a secure access request.

此处需要说明的时,在上述步骤S204提供的具体实施步骤中,账户的合法访问标识信息可由第一服务器生成并存储于第一服务器中,也可由上下文信息服务器生成并存储与第一服务器中,还可由上下文信息服务器生成并存储与上下文信息服务器中。因此,本申请上述步骤S208中,数据源服务器在查询账户的合法访问标识信息时,对于账户的合法访问标识信息由第一服务器生成的情况,数据源服务器访问第一服务器查询是否具有账户的合法访问标识信息;对于账户的合法访问标识信息由上下文信息服务器生成的情况,数据源服务器访问第一服务器或者上下文信息服务器查询是否具有账户的合法访问标识信息。对于能够查询到合法访问标识信息的账户,数据源服务器认定该账户发起的数据访问请求为安全访问请求。When it is required to be described herein, in the specific implementation step provided in the above step S204, the legal access identification information of the account may be generated by the first server and stored in the first server, or may be generated by the context information server and stored in the first server. Can also be generated by the context information server and stored in the context information server. Therefore, in the above step S208 of the present application, when the data source server queries the legal access identification information of the account, if the legal access identification information of the account is generated by the first server, the data source server accesses the first server to query whether the account has the legality. Accessing the identification information; if the legal access identification information of the account is generated by the context information server, the data source server accesses the first server or the context information server to query whether the legal access identification information of the account is available. For an account capable of querying the legal access identification information, the data source server determines that the data access request initiated by the account is a secure access request.

此处还需要说明的是,对于第一服务器仅允许通过校验的数据访问请求发送至第三方系统和第一服务器允许所有数据访问请求发送至第三方系统这两种情况,在步骤S208中有不同的处理方式。对于第一服务器仅允许通过校验的数据访问请求发送至第三方系统的情况,第三方系统接收并转发的数据访问请求通过了第一服务器的验证且具有合法访问标识信息,那么第一服务器就可以实现屏蔽伪造账户冒充合法账户发起的数据访问请求的技术效果。对于第一服务器允许所有数据访问请求发送至第三方系统的情况,第三方系统接收并转发的数据访问请求可能通过校验并具有合法访问标识信息,也可能没有通过校验且没有合法访问标识信息,那么数据源服务器就需要执行上述步骤S208来鉴 别发出数据访问请求的账户是否为合法账户,当查询不到合法访问标识信息时,数据源服务器可以确定该数据访问请求不是安全访问请求,并拒绝提供该数据访问请求所要访问的数据。It should also be noted here that, for the first server, only the data access request by the check is allowed to be sent to the third-party system, and the first server allows all the data access requests to be sent to the third-party system, in step S208. Different treatment methods. For the case where the first server only allows the data access request through the verification to be sent to the third-party system, the data access request received and forwarded by the third-party system passes the verification of the first server and has the legal access identification information, then the first server The technical effect of shielding the forged account from impersonating a data access request initiated by a legitimate account can be implemented. In the case that the first server allows all data access requests to be sent to the third-party system, the data access request received and forwarded by the third-party system may pass the verification and have the legal access identification information, or may not pass the verification and have no legal access identification information. , then the data source server needs to perform the above step S208 to learn Whether the account that sends the data access request is a legitimate account, when the legal access identification information is not queried, the data source server may determine that the data access request is not a secure access request, and refuse to provide the data to be accessed by the data access request.

通过本申请上述步骤S208,实现了数据源服务器识别接收到的数据访问请求是否是由合法账户发起的。并且进一步的,当第三方系统受到攻击时,第三方系统转发的数据访问请求可能被盗取,并在用户没有操作的情况下生成数据访问请求来冒充合法账户时,数据源服务器就可以向数据访问请求的源头进行追溯,通过查询第一服务器或上下文信息服务器重是否具有合法访问标识信息,来判断该数据访问请求是否由合法用户发起的。Through the above step S208 of the present application, it is implemented whether the data source server identifies whether the received data access request is initiated by a legitimate account. And further, when the third-party system is attacked, the data access request forwarded by the third-party system may be stolen, and the data source server may send data to the data when the user does not operate to generate a data access request to impersonate a legitimate account. The source of the access request is traced back to determine whether the data access request is initiated by a legitimate user by querying whether the first server or the context information server has legal access identification information.

步骤S209:数据源服务器向第三方系统返回数据访问请求所要访问的数据。Step S209: The data source server returns data to be accessed by the data access request to the third party system.

本申请上述步骤S209中,当数据源服务器确定数据访问请求为安全访问请求后,数据源服务器向第三方系统返回该数据访问请求所要访问的数据。数据源服务器通过查询是否具有账户的合法访问标识信息,实现了判断数据访问请求是否是由合法账户发起的效果,避免恶意账户通过冒充合法账户数据访问请求读取用户数据的不良后果。In the above step S209 of the present application, after the data source server determines that the data access request is a secure access request, the data source server returns the data to be accessed by the data access request to the third party system. The data source server implements the effect of determining whether the data access request is initiated by a legitimate account by querying whether the user has the legal access identification information of the account, and avoids the adverse consequences of the malicious account reading the user data by impersonating the legitimate account data access request.

由上可知,通过本申请上述实施例中步骤S207至步骤S209提供的可选方案,实现了数据源服务器对发起数据访问请求的账户进行鉴别的技术效果。进一步的,当第三方系统收到攻击时,即便第三方系统中存储的用户上下文信息被伪造账户利用,数据源服务器还可以通过查询位于第三方系统上游的第一服务器或者上下文信息服务器中是否具有账户的合法访问标识信息,有效识别数据访问请求是由合法用户发出还是由第三方系统伪造,进一步的保证了用户数据的安全。It can be seen from the above that through the optional solutions provided in steps S207 to S209 in the foregoing embodiment of the present application, the technical effect of the data source server for authenticating the account for initiating the data access request is realized. Further, when the third-party system receives the attack, even if the user context information stored in the third-party system is utilized by the forged account, the data source server can also query whether the first server or the context information server located upstream of the third-party system has The legal access identification information of the account effectively identifies whether the data access request is issued by a legitimate user or is forged by a third-party system, thereby further ensuring the security of the user data.

此处还需要说明的是,上述账户的上下文信息(Context信息)可以决定第三方系统是否能获取以及能获取多高权限等级的用户数据。其中,高等级数据一般涉及用户隐私,例如用户手机号码,家庭住址,甚至信用卡信息等,低等级数据一般不涉密,例如用户昵称,用户头像信息等,一般可以根据涉及用户隐私程度分若干等级。由于账户对应的上下文信息可以校验客户端账户发起的数据访问请求是否由合法用户发起,如果不是,第三方系统将无法获得用户数据,这样就有效的防止了当第三方系统被黑客入侵或者人为原因,用户数据被恶意读写的问题,用户数据安全性大大提高。It should also be noted here that the context information (Context information) of the above account can determine whether the third party system can obtain and can obtain the user data of multiple high privilege levels. Among them, high-level data generally involves user privacy, such as user mobile phone number, home address, and even credit card information. Low-level data is generally not classified, such as user nickname, user avatar information, etc., and generally can be classified according to user privacy level. . Since the context information corresponding to the account can verify whether the data access request initiated by the client account is initiated by a legitimate user, if not, the third party system cannot obtain the user data, thus effectively preventing the third party system from being hacked or artificially The reason is that the user data is maliciously read and written, and the security of the user data is greatly improved.

进一步地,在本申请上述实施例提供的一种可选方案中,在执行步骤S208:确定发起数据访问请求的账户为安全访问账户之后,还可以执行如下实施步骤:Further, in an optional solution provided by the foregoing embodiment of the present application, after performing step S208: determining that the account that initiates the data access request is a secure access account, the following implementation steps may also be performed:

步骤S2082:数据源服务器验证上下文信息中是否包含账户的在线信息;Step S2082: The data source server verifies whether the online information of the account is included in the context information;

本申请上述步骤S2082中,上下文信息中可以包含账户的在线信息,当通过技术手 段探测到账户在线后,生成账户在线信息,并将账户在线信息添加至上下文信息中。例如,可以通过向客户端定时发送心跳包的机制,根据客户端反馈的消息,判断账户是否在线,该判断账户是否在线的步骤可以由登录服务器执行。In the above step S2082 of the present application, the context information may include online information of the account, when passing the technical hand After the segment detects that the account is online, the account online information is generated, and the account online information is added to the context information. For example, the mechanism for periodically transmitting the heartbeat packet to the client may be used to determine whether the account is online according to the message fed back by the client, and the step of determining whether the account is online may be performed by the login server.

步骤S2084:当上下文信息中包含账户的在线信息时,数据源服务器执行向第三方系统返回数据访问请求所要访问的数据的步骤。Step S2084: When the context information includes the online information of the account, the data source server performs the step of returning data to be accessed by the data access request to the third party system.

本申请上述步骤S2084中,当上下文信息中包含账户在线信息时,意味着当前账户在线,此时数据源服务器才执行步骤S209:数据源服务器向第三方系统返回数据访问请求所要访问的数据。In the above step S2084 of the present application, when the online information of the account is included in the context information, it means that the current account is online, and the data source server performs step S209: the data source server returns data to be accessed by the data access request to the third-party system.

本申请上述实施例提供的可选方案中,根据上下文信息中还包含的其他信息,步骤S209:数据源服务器向第三方系统返回数据访问请求所要访问的数据,具体的实施步骤包括至少如下两种方式:In the optional solution provided by the foregoing embodiment of the present application, according to other information further included in the context information, step S209: the data source server returns data to be accessed by the data access request to the third-party system, and the specific implementation steps include at least the following two types. the way:

在第一种方式中,当上下文信息中还包括账户的安全隐私等级信息时,步骤S209:数据源服务器向第三方系统返回数据访问请求所要访问的数据的步骤包括:In the first mode, when the context information further includes the security privacy level information of the account, step S209: the step of the data source server returning the data to be accessed by the data access request to the third-party system includes:

步骤S2092:数据源服务器根据安全隐私等级信息生成对应的第一访问数据,并将第一访问数据返回至第三方系统。Step S2092: The data source server generates corresponding first access data according to the security privacy level information, and returns the first access data to the third party system.

本申请上述步骤S2092中,安全隐私等级信息是针对不同的第三方系统,根据对第三方系统的信任程度不同,以及用户对第三方系统的授权程度不同,可以开放给第三方系统不同隐私程度的用户数据的标识信息。例如当安全隐私等级信息指示数据访问请求具有较高安全等级,例如第一安全等级,时,第一访问数据中可以包含第一安全等级所对应的信息,例如,用户的邮箱信息、用户的手机号码、或者用户的地址信息等;当安全隐私等级信息指示数据访问请求具有较低安全等级,例如第二安全等级,时,第一访问数据中可以包含第二安全等级所对应的信息,例如,用户的昵称信息、用户的头像信息等。In the above step S2092 of the present application, the security privacy level information is for different third-party systems, and according to the degree of trust to the third-party system, and the degree of authorization of the user to the third-party system, the third-party system may be opened to different degrees of privacy. Identification information of user data. For example, when the security privacy level information indicates that the data access request has a higher security level, for example, the first security level, the first access data may include information corresponding to the first security level, for example, the user's mailbox information, the user's mobile phone. a number, or a user's address information, etc.; when the security privacy level information indicates that the data access request has a lower security level, such as a second security level, the first access data may include information corresponding to the second security level, for example, User's nickname information, user's avatar information, etc.

在第二种方式中,当上下文信息中还包括账户的安全风险状态信息时,步骤S209:数据源服务器向第三方系统返回数据访问请求所要访问的数据的步骤包括:In the second mode, when the context information further includes the security risk status information of the account, step S209: the step of the data source server returning the data to be accessed by the data access request to the third-party system includes:

步骤S2094:数据源服务器安全风险状态信息生成对应的第二访问数据,并将第二访问数据返回至第三方系统。Step S2094: The data source server security risk status information generates corresponding second access data, and returns the second access data to the third party system.

本申请上述步骤S2094中,安全风险状态信息是用于表征账户目前的风险状态的信息。例如,当安全风险状态信息指示账户处于较高风险状态时,例如第一风险状态时,第二访问数据中仅能包含第一风险状态所对应的信息,例如,用户的昵称信息、用户的 头像信息等。当安全风险状态信息指示账户处于较低风险状态时,例如第二风险状态时,第二访问数据中能包含第二风险状态所对应的信息,例如,用户的支付信息、用户的手机号码、或者用户的地址信息等。判断账户的风险状态时,可以考虑账户是否在可信地点登陆或者账户是否使用可信设备登陆等;账户的风险状态可以划分为例如:高安全风险,疑似风险状态,可信任状态等区域。安全风险状态信息可以由登录服务器生成。通过账户上下文信息中包括的账户安全风险状态信息,可以使得数据源服务器进一步控制数据的开放程度。In the above step S2094 of the present application, the security risk status information is information for characterizing the current risk status of the account. For example, when the security risk status information indicates that the account is in a higher risk state, for example, the first risk state, the second access data can only include information corresponding to the first risk state, for example, the user's nickname information, the user's Avatar information, etc. When the security risk status information indicates that the account is in a lower risk state, for example, the second risk status, the second access data can include information corresponding to the second risk status, for example, the user's payment information, the user's mobile phone number, or User's address information, etc. When judging the risk status of the account, you can consider whether the account is logged in at a trusted location or whether the account is logged in using a trusted device; the risk status of the account can be divided into areas such as high security risk, suspected risk status, and trusted status. Security risk status information can be generated by the login server. The account security risk status information included in the account context information can enable the data source server to further control the degree of openness of the data.

基于上述实施例一提供的方案可知,本申请提供的用户数据的访问控制方法关键在于在账户发起的数据访问请求中加载该账户的上下文信息,从而使得在账户使用第三方系统访问数据源时,可以保证账户为安全账户,且发起的数据访问请求也是安全请求,此处需要说明的是,本申请涉及到的第三方系统为非可控区域,第一服务器、数据源服务器、登录服务器为可控区域。Based on the solution provided in the foregoing Embodiment 1, the key to the access control method of the user data provided by the present application is that the context information of the account is loaded in the account-initiated data access request, so that when the account uses the third-party system to access the data source, The account can be a secure account, and the initiated data access request is also a security request. It should be noted that the third-party system involved in the present application is an uncontrollable area, and the first server, the data source server, and the login server are available. Control area.

下面就结合图6,将本申请的方案应用在应用场景所实现的功能进行详细描述:The following describes the function implemented by the application scenario in the application scenario in detail with reference to FIG. 6 :

步骤A:客户端发起登录请求。Step A: The client initiates a login request.

在本申请上述步骤A中,账户登录客户端,向登录服务器发起登录请求。客户端可以是软件产品,例如淘宝客户端、天猫客户端等软件,也可以是移动终端设备或计算机设备。登录服务器中存储了账户的账号密码信息和账户完整上下文信息。以淘宝网的卖家实现订单管理功能为例,使用提供订单管理功能的第三方系统时,淘宝卖家首先需要登录淘宝客户端,淘宝卖家账户向登录服务器,例如淘宝服务器,发起登录请求,完成淘宝卖家账号的登录。In the above step A of the present application, the account is logged in to the client, and a login request is initiated to the login server. The client can be a software product, such as a software such as a Taobao client or a Tmall client, or a mobile terminal device or a computer device. The login server stores the account password information of the account and the complete context information of the account. Take Taobao's sellers to implement order management functions. For example, when using a third-party system that provides order management functions, Taobao sellers first need to log in to Taobao client, Taobao seller account to login server, such as Taobao server, initiate login request, complete Taobao seller. Login of the account.

步骤B:登录服务器生成上下文信息。Step B: The login server generates context information.

在本申请上述步骤B中,上下文信息或称为context信息。登录服务器还会根据登录请求,生成完整的上下文信息。完整的上下文信息中包含了指定的所有种类的账户信息。出于实际需求或登录服务器传输数据量考虑,登录服务器可以选择仅将完整上下文信息的其中一个子集返回至客户端。仍旧以淘宝网的卖家实现订单管理功能为例,登录服务器(例如是淘宝服务器)中不仅存储了该淘宝卖家的用户名和用户密码信息,还存储了该淘宝卖家账户的例如账户的在线状态、账户的离线状态、账户的在线时间、账户的离线时间、账户的登录时间、账户的登录地点、账户的登录设备、账户访问用户数据的记录、账户的数据隐私安全等级、账户的常用登录设备、账户的常用登录地点、账户的账号安全状态以及账户的账号风险评估等信息。淘宝服务器向卖家账户返回信息时,淘宝 服务器根据存储的卖家账户的信息,计算生成账户的完整上下文信息。In the above step B of the present application, the context information is referred to as context information. The login server also generates complete context information based on the login request. The complete context information contains all kinds of account information specified. The login server may choose to return only one subset of the full context information to the client for practical reasons or for the amount of data transferred by the login server. As an example, the Taobao seller implements the order management function. The login server (for example, Taobao server) stores not only the user name and user password information of the Taobao seller, but also the online status and account of the account of the Taobao seller account. Offline status, online time of account, offline time of account, login time of account, login location of account, login device of account, record of account access user data, data privacy security level of account, common login device of account, account Common login location, account security status of the account, and account risk assessment of the account. Taobao server returns information to the seller account, Taobao The server calculates the complete context information of the generated account based on the information of the stored seller account.

步骤C:登录服务器将上下文信息返回至客户端。Step C: The login server returns the context information to the client.

在本申请上述步骤C中,仍旧以淘宝网的卖家实现订单管理功能为例,淘宝服务器在收到登录请求后生成完整上下文信息,将生成的完整上下文信息中的其中一个子集返回至客户端。In the above step C of the present application, the order management function of the seller of Taobao is still taken as an example. After receiving the login request, the Taobao server generates complete context information, and returns one of the generated complete context information to the client. .

步骤D:客户端生成包含上下文信息的数据访问请求。Step D: The client generates a data access request containing context information.

在本申请上述步骤D中,客户端接收登录服务器返回的上下文信息。账户每一次触发第三方系统,均会生成包含该上下文信息的数据访问请求。仍旧以淘宝网的卖家实现订单管理功能为例,由于淘宝网没有提供订单管理的功能,此时淘宝网通过提供一个接口实现授权独立软件提供商提供一个可以提供订单管理功能的第三方系统,因此,淘宝网的卖家账户在点击第三方系统提供的订单管理平台时,生成包含该卖家账户上下文信息的数据访问请求,用于给予该订单管理平台获取该卖家账户的用户数据的权限。卖家账户的用户数据存储于淘宝提供的数据源服务器中。In the above step D of the present application, the client receives the context information returned by the login server. Each time an account triggers a third-party system, a data access request containing the context information is generated. As an example, Taobao's sellers implement order management functions. Since Taobao does not provide order management functions, Taobao provides an interface to enable authorized independent software providers to provide a third-party system that can provide order management functions. When the seller account of the Taobao website clicks on the order management platform provided by the third-party system, a data access request containing the context information of the seller account is generated, and the order management platform is given the authority to obtain the user data of the seller account. The user data of the seller account is stored in the data source server provided by Taobao.

步骤E:客户端发送数据访问请求至第一服务器。Step E: The client sends a data access request to the first server.

步骤F:第一服务器验证数据访问请求中是否携带上下文信息;Step F: The first server verifies whether the context information is carried in the data access request.

在本申请上述步骤F中,第一服务器在接收到数据访问请求后,验证数据访问请求中是否携带有至少看起来像是上下文信息的内容。仍旧以淘宝网的卖家实现订单管理功能为例,第一服务器接收到的该卖家账户的数据访问请求,可能是该真实的淘宝网卖家通过打开订单管理平台而处罚发出的,也可能是伪造账户冒充该卖家账户发出的。第一服务器事先并不知道收到的数据访问请求的发起账户是否合法。然后,只有接收到登录服务器返回上下文信息的账户,在其发出的数据访问请求中才可能包含上下文信息。此时,第一服务器首先验证该数据访问请求中是否包含了上下文信息,来判断数据访问请求的发起账户。In the above step F of the present application, after receiving the data access request, the first server verifies whether the data access request carries at least content that appears to be context information. For example, the order management function of the seller of Taobao is still implemented. The data access request of the seller account received by the first server may be the punishment of the real Taobao seller by opening the order management platform, or may be a forged account. Pretending to be issued by the seller's account. The first server does not know in advance whether the originating account of the received data access request is legitimate. Then, only the account that receives the login server returning context information may contain context information in the data access request it sends. At this time, the first server first verifies whether the data access request includes context information to determine the originating account of the data access request.

步骤G:第一服务器发送上下文信息至上下文信息服务器。Step G: The first server sends context information to the context information server.

在本申请上述步骤F中,第一服务器验证数据访问请求中携带了上下文信息的情况下,读取数据访问请求中携带的上下文信息,并将该上下文信息发送至上下文信息服务器。第一服务器可以自己完成上下文信息是否合法的校验工作,第一服务器也可以委托上下文信息服务器来完成上下文信息是否合法的校验工作。在本交互示意图中,上下文信息服务器来完成上下文信息是否合法的校验工作。仍旧以淘宝网的卖家实现订单管理功能为例,第一服务器验证该数据访问请求中包含了上下文信息后,读取该上下文信息 的内容,并将该淘宝账户的上下文信息发送至上下文信息服务器。In the above step F of the present application, when the first server verifies that the data access request carries the context information, the context information carried in the data access request is read, and the context information is sent to the context information server. The first server can complete the verification work of whether the context information is legal. The first server can also entrust the context information server to complete the verification work of whether the context information is legal. In this interaction diagram, the context information server completes the verification of whether the context information is legal. Still taking the order management function of the seller of Taobao. For example, after the first server verifies that the data access request contains the context information, the context information is read. Content and send the context information of the Taobao account to the context information server.

步骤H:上下文信息服务器对上下文信息进行校验。Step H: The context information server verifies the context information.

在本申请上述步骤H中,上下文信息服务器将接收到的上下文信息与预存在本地的完整上下文信息进行匹配,在匹配成功的情况下,验证结果为账户的上下文信息为合法信息。上下文信息服务器中预存的完整上下文信息,是由登录服务器发送来并存储于上下文信息服务器中的信息。仍旧以淘宝网的卖家实现订单管理功能为例,上下文信息服务器对接收到的上下文信息进行校验,当上下文信息与预存在上下文信息服务器中的完整上下文信息匹配通过后,上下文信息服务器认为该上下文信息为合法信息。对于伪造账户冒充该卖家账户发出的数据访问请求,即使包含看起来像是上下文信息的数据,也无法通过上下文信息服务器的校验。In the above step H of the present application, the context information server matches the received context information with the pre-existing local complete context information. If the matching is successful, the verification result is that the context information of the account is legal information. The complete context information pre-stored in the context information server is information sent by the login server and stored in the context information server. Taking the order management function of the seller of Taobao.com as an example, the context information server verifies the received context information. When the context information matches the complete context information in the pre-existing context information server, the context information server considers the context. Information is legal information. For a fake account impersonating a data access request issued by the seller account, even if it contains data that looks like context information, it cannot pass the verification of the context information server.

步骤I:返回合法访问标识信息。Step I: Return legal access identification information.

在本申请上述步骤I中,上下文信息服务器校验上下文信息通过的情况下,生成合法访问标识信息,并将合法访问标识信息返回至第一服务器。仍旧以淘宝网的卖家实现订单管理功能为例,在上下文信息服务器认为该上下文信息为合法信息后,上下文信息服务器生成合法访问标识,表示该数据访问请求是由真实的卖家账户发起,且携带的上下文信息无误。In the foregoing step I of the present application, when the context information server verifies that the context information passes, the legal access identification information is generated, and the legal access identification information is returned to the first server. Taking the order management function of the seller of Taobao as an example, after the context information server considers the context information to be legal information, the context information server generates a legal access identifier, indicating that the data access request is initiated by the real seller account and carried The context information is correct.

步骤J:允许发送数据访问请求至第三方系统。Step J: Allow sending data access requests to third party systems.

在本申请上述步骤J中,第一服务器接收上下文信息服务器返回的合法访问标识信息,并允许将数据访问请求发送至第三方系统。仍旧以淘宝网的卖家实现订单管理功能为例,第一服务器接收到合法访问标识信息后,存储该合法访问标识信息,并且允许该数据访问请求透传至订单管理平台。In the above step J of the present application, the first server receives the legal access identification information returned by the context information server, and allows the data access request to be sent to the third party system. The order management function of the seller of Taobao is still taken as an example. After receiving the legal access identification information, the first server stores the legal access identification information, and allows the data access request to be transparently transmitted to the order management platform.

步骤K:转发数据访问请求。Step K: Forward the data access request.

在本申请上述步骤K中,第三方系统接收到第一服务器发送来的数据访问请求后,第三方系统将数据访问请求转发至数据源服务器,数据访问请求用于指示第三方系统请求获取数据源中存储的合法账户的用户数据。仍旧以淘宝网的卖家实现订单管理功能为例,当订单管理平台接收到数据访问请求后,订单管理平台就将数据访问请求转发至数据源服务器,用于向数据源服务器申请读取该数据访问请求所要指的数据。例如是该淘宝卖家在过去一个月的订单成交金额、成交对象等。In the foregoing step K of the present application, after the third-party system receives the data access request sent by the first server, the third-party system forwards the data access request to the data source server, and the data access request is used to instruct the third-party system to request the data source. User data for legitimate accounts stored in. As an example, the Taobao seller implements the order management function. When the order management platform receives the data access request, the order management platform forwards the data access request to the data source server for requesting the data source server to read the data access. Request the data to be referred to. For example, the Taobao seller's order transaction amount, transaction object, etc. in the past month.

步骤L:数据源服务器查询是否存在合法访问标识信息;Step L: The data source server queries whether the legal access identifier information exists.

在本申请上述步骤L中,账户的合法访问标识信息可由第一服务器生成并存储于第 一服务器中,也可由上下文信息服务器生成并存储与第一服务器中;数据源服务器访问第一服务器查询是否具有账户的合法访问标识信息。仍旧以淘宝网的卖家实现订单管理功能为例,如果淘宝提供的数据源服务器不对发送来的数据访问请求进行验证,去响应每一条数据访问请求,那么当第三方系统被入侵时,便难以保证存储于数据源服务器中用户数据的安全。因此,数据源服务器会再次进行验证工作,此时,验证的主要途径是查询是否存在合法访问标识信息。In the above step L of the present application, the legal access identification information of the account may be generated by the first server and stored in the first In a server, the context information server may also generate and store with the first server; the data source server accesses the first server to query whether the server has legal access identification information. For example, if Taobao's seller implements the order management function, if the data source server provided by Taobao does not verify the sent data access request and responds to each data access request, then it is difficult to guarantee when the third-party system is invaded. The security of user data stored in the data source server. Therefore, the data source server will perform the verification again. At this time, the main way of verification is to query whether there is legal access identification information.

步骤M:第一服务器向数据源服务器返回合法访问标识信息查询结果;Step M: The first server returns a legal access identifier information query result to the data source server.

步骤N:在数据源服务器查询到合法访问标识信息的情况下,确定数据访问请求为安全访问请求。Step N: When the data source server queries the legal access identifier information, determine that the data access request is a secure access request.

在本申请上述步骤N中,数据源服务器访问第一服务器或者上下文信息服务器查询是否具有账户的合法访问标识信息。对于能够查询到合法访问标识信息的账户,数据源服务器认定该账户发起的数据访问请求为安全访问请求。仍旧以淘宝网的卖家实现订单管理功能为例,当数据源服务器查询到第一服务器中具有该淘宝账户的合法访问标识信息时,可认为该淘宝账户主动发出了数据访问请求,且该数据访问请求中包含的上下文信息经校验无误,此时,数据源服务器进一步对该上下文信息是否为合法信息进行校验。此时,数据源服务器确定该数据访问请求为安全访问请求。In the above step N of the present application, the data source server accesses the first server or the context information server to query whether there is legal access identification information of the account. For an account capable of querying the legal access identification information, the data source server determines that the data access request initiated by the account is a secure access request. Taking the order management function of the seller of Taobao.com as an example, when the data source server queries the first server to have the legal access identification information of the Taobao account, the Taobao account may be deemed to have actively sent a data access request, and the data access is performed. The context information included in the request is verified. In this case, the data source server further checks whether the context information is legal information. At this point, the data source server determines that the data access request is a secure access request.

步骤O:数据源服务器向第三方系统返回数据访问请求所要访问的数据。Step O: The data source server returns data to be accessed by the data access request to the third party system.

在本申请上述步骤O中,数据源服务器在确认该数据访问请求为安全访问请求后,还可以进一步判断用户是否在线。在判断出用户在线的情况下,获取数据访问请求中可能包含的安全隐私等级或者安全风险状态,来判断能够向第三方系统返回的数据内容。仍旧以淘宝网的卖家实现订单管理功能为例,数据源服务器对于确定为安全访问请求的数据访问请求,向订单管理平台返回该数据访问请求所要求访问的数据。In the above step O of the present application, after confirming that the data access request is a secure access request, the data source server may further determine whether the user is online. When it is determined that the user is online, the security privacy level or the security risk status that may be included in the data access request is obtained to determine the data content that can be returned to the third-party system. Still taking the order management function of the seller of Taobao. For example, the data source server returns the data requested by the data access request to the order management platform for determining the data access request for the secure access request.

综上可知,本申请提供的实施例一可以实现如下技术效果:In summary, the first embodiment provided by the present application can achieve the following technical effects:

1、由于数据访问请求中携带的Context信息是一种非固定值,因此,非法的黑客无法盗取,从而避免了用户的某些固定值的授权令牌等被盗引起的数据泄密问题。1. Since the Context information carried in the data access request is a non-fixed value, an illegal hacker cannot steal, thereby avoiding the data leakage problem caused by the theft of some fixed value authorization token of the user.

2、在非法用户B尝试访问合法用户A的数据的应用场景中,由于Context信息需要账户登录客户端,登录服务器才会生成该账户的上下文信息,由于非法用户B无法在网关处以合法用户A的身份留下访问记录(访问记录可以通过生成的合法访问标识信息来表征),因此,当非法用户B通过第三方系统尝试访问合法用户A的数据的时候,数据源服务器校验Context信息后可知,由于查询不到合法用户A的访问记录,因此,系统 可以认定当前的账户以及发起的数据访问请求将会被数据源拒绝。2. In the application scenario where the illegal user B attempts to access the data of the authorized user A, since the Context information requires the account to log in to the client, the login server generates the context information of the account, because the illegal user B cannot use the legitimate user A at the gateway. The identity leaves the access record (the access record can be characterized by the generated legal access identifier information). Therefore, when the illegal user B attempts to access the data of the legitimate user A through the third-party system, the data source server verifies the context information, Since the access record of the legitimate user A is not queried, the system It can be assumed that the current account and the initiated data access request will be rejected by the data source.

3、非可控的第三方系统被恶意控制或人为原因恶意操作的场景中,虽然黑客有可能获取到第三方系统上维护的所有用户列表,甚至用户授权的信息,同样因为不满足Context信息的校验,将会被数据源拒绝掉。3. In the scenario where the uncontrollable third-party system is maliciously controlled or maliciously operated by humans, although the hacker may obtain all the user lists maintained by the third-party system, or even the information authorized by the user, also because the Context information is not satisfied. The verification will be rejected by the data source.

需要说明的是,对于前述的各方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本申请并不受所描述的动作顺序的限制,因为依据本申请,某些步骤可以采用其他顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作和模块并不一定是本申请所必须的。It should be noted that, for the foregoing method embodiments, for the sake of simple description, they are all expressed as a series of action combinations, but those skilled in the art should understand that the present application is not limited by the described action sequence. Because certain steps may be performed in other sequences or concurrently in accordance with the present application. In the following, those skilled in the art should also understand that the embodiments described in the specification are all preferred embodiments, and the actions and modules involved are not necessarily required by the present application.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到根据上述实施例的方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本申请各个实施例所述的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware, but in many cases, the former is A better implementation. Based on such understanding, the technical solution of the present application, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk, The optical disc includes a number of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the methods described in various embodiments of the present application.

实施例二Embodiment 2

根据本申请实施例,还提供了一种用户数据的访问控制方法的方法实施例,需要说明的是,在附图的流程图示出的步骤可以在诸如一组计算机可执行指令的计算机系统中执行,并且,虽然在流程图中示出了逻辑顺序,但是在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤。According to an embodiment of the present application, a method embodiment of an access control method for user data is also provided. It should be noted that the steps shown in the flowchart of the drawing may be in a computer system such as a set of computer executable instructions. The steps shown and described may be performed in a different order than the ones described herein, although the logical order is shown in the flowchart.

本申请实施例二所提供的方法实施例仍旧可以在移动终端、计算机终端或者类似的运算装置中执行。此处需要说明的是,实施例二所提供的方法实施例仍旧可以运行在图1所示的计算机终端上。The method embodiment provided by the second embodiment of the present application can still be executed in a mobile terminal, a computer terminal or the like. It should be noted that the method embodiment provided in Embodiment 2 can still be run on the computer terminal shown in FIG. 1.

以在上述运行环境下为,本申请还可以提供如图7所示的用户数据的访问控制方法。图7是根据本申请实施例二的用户数据的访问控制方法的流程示意图。如图7所示,一种可选的用户数据的访问控制方法包括如下实施步骤:In the above operating environment, the present application can also provide an access control method for user data as shown in FIG. 7. FIG. 7 is a schematic flowchart of a method for controlling access of user data according to Embodiment 2 of the present application. As shown in FIG. 7, an optional access control method for user data includes the following implementation steps:

步骤S602:客户端获取账户的上下文信息。Step S602: The client obtains context information of the account.

步骤S604:客户端发送账户触发的数据访问请求至第一服务器,其中,数据访问请求至少包括上下文信息。 Step S604: The client sends an account-triggered data access request to the first server, where the data access request includes at least context information.

本申请上述步骤S602中,账户可以是客户端注册的合法账户。其中,该合法账户登录的客户端可以不限于淘宝、天猫等产品,用户可以在该客户端上注册账户,每个用户使用账户登录客户端之后,可以通过使用该客户端发起上述数据访问请求。In the above step S602 of the present application, the account may be a legal account registered by the client. The client that is logged in to the legal account may not be limited to products such as Taobao and Tmall. The user may register the account on the client. After each user logs in to the client using the account, the user may initiate the data access request by using the client. .

此处需要说明的是,上述第一服务器可以为图3中所示的一种网关,此处的网关用于透传所述数据访问请求。一种可选方案中,上述第一服务器可以是阿里云的负载均衡服务器。It should be noted that the foregoing first server may be a gateway shown in FIG. 3, where the gateway is used to transparently transmit the data access request. In an optional solution, the first server may be a cloud load balancing server of Alibaba Cloud.

步骤S606:客户端接收第一服务器根据数据访问请求获取到的访问数据;其中,在第一服务器确定数据访问请求中包含账户的上下文信息,和/或在账户的上下文信息校验通过的情况下,允许发送数据访问请求至第三方系统,使得第三方系统根据数据访问请求访问数据源。Step S606: The client receives the access data acquired by the first server according to the data access request, where the first server determines that the data access request includes the context information of the account, and/or if the context information of the account is verified. Allows sending data access requests to third-party systems, allowing third-party systems to access data sources based on data access requests.

本申请上述步骤S606中涉及到的上下文信息与账户的活动状态和活动信息相关,用于表征该上下文信息对应的账户赋予第三方系统访问该账户用户数据的权限。在本申请实施例中,上下文信息可以包括但不限于账户的在线状态、账户的离线状态、账户的在线时间、账户的离线时间、账户的登录时间、账户的登录地点、账户的登录设备、账户访问用户数据的记录、账户的数据隐私安全等级、账户的常用登录设备、账户的常用登录地点、账户的账号安全状态以及账户的账号风险评估等信息。The context information involved in the above step S606 of the present application is related to the activity status and activity information of the account, and is used to represent the authority of the account corresponding to the context information to the third party system to access the account user data. In the embodiment of the present application, the context information may include, but is not limited to, the online status of the account, the offline status of the account, the online time of the account, the offline time of the account, the login time of the account, the login location of the account, the login device of the account, and the account. Access to the record of user data, the data privacy level of the account, the common login device of the account, the common login location of the account, the account security status of the account, and the account risk assessment of the account.

本申请提供的上述步骤可以实现通过对接收到的数据访问请求中是否携带有上下文信息和/或账户的上下文信息进行校验,来确定发起该数据访问请求的账户是否是合法账户。从上述上下文信息包含的信息种类来看,上下文信息是一种具有非固定值,且黑客无法盗取等特性的数据,因此,采用基于上下文信息来验证账户是否合法具有较高的可信度。本申请这种引入上下文检查机制的方案,可以使得账户的验证结果更加准确,具体的,可以有效解决在用户授权允许的时间内,用户数据被随意访问的问题。The foregoing steps provided by the present application may be implemented to determine whether an account initiating the data access request is a legitimate account by checking whether the received data access request carries context information and/or context information of the account. Judging from the kind of information contained in the above context information, the context information is data having non-fixed values and the hacker cannot steal characteristics. Therefore, it is highly credible to verify whether the account is legal based on the context information. The solution of introducing the context checking mechanism in the present application can make the verification result of the account more accurate, and specifically, can effectively solve the problem that the user data is randomly accessed within the time allowed by the user authorization.

由于在数据访问请求中包含了账户的上下文信息,和/或该上下文信息是合法信息的情况下,可以确定当前的账户为安全账户,因此,第一服务器(可以是图3所示的网关)将允许安全账户发起的数据访问请求透传至第三方系统,进入第三方系统中处理该数据访问请求,即第三方系统根据接收到的数据访问请求访问数据源,向数据源请求该用户的数据。Since the context information of the account is included in the data access request, and/or the context information is legal information, the current account may be determined to be a secure account, and therefore, the first server (may be the gateway shown in FIG. 3) Passing the data access request initiated by the security account to the third-party system, and entering the third-party system to process the data access request, that is, the third-party system accesses the data source according to the received data access request, and requests the data of the user from the data source. .

可选的,第三方系统可以通过向数据源服务器转发该数据访问请求的方式,请求访问存储于数据源服务器中的用户数据,然后,数据源服务器将根据该数据访问请求读取到的用户数据返回至第三方系统。 Optionally, the third-party system may request to access the user data stored in the data source server by forwarding the data access request to the data source server, and then the data source server reads the user data according to the data access request. Return to a third-party system.

由上可知,本申请上述实施例二所提供的方案中,当前账户(可以是合法账户或者伪造账户冒充该合法账户)发出数据访问请求到达第一服务器后,第一服务器会对接收到的每一个数据访问请求进行校验,即第一服务器会判断数据访问请求是否携带账户上下文信息,和/或上下文信息是否能够校验通过,当对数据访问请求的校验通过的情况下,第一服务器允许该数据访问请求发送至第三方系统,进而第三方系统就可以根据该数据访问请求访问数据源。在上述方案中,只有合法账户发起的数据访问请求能够通过校验,而对于冒充合法账户的恶意账户发起的数据访问请求,要么在形式上不携带账户上下文信息,要么在内容上携带的上下文信息不能通过校验。通过上述方案,实现了允许具有访问权限的合法账户发起的数据访问请求发送至第三方系统,解决了现有技术在用户使用第三方系统访问数据源的过程中,由于发起访问的账户的安全性差,导致数据源数据安全性差的技术问题。It can be seen from the above that, in the solution provided by the foregoing embodiment 2 of the present application, after the current account (which may be a legitimate account or a forged account impersonates the legitimate account) sends a data access request to the first server, the first server will receive each received A data access request is verified, that is, the first server determines whether the data access request carries the account context information, and/or whether the context information can be verified, and when the verification of the data access request passes, the first server The data access request is allowed to be sent to a third party system, and the third party system can access the data source according to the data access request. In the above solution, only the data access request initiated by the legal account can pass the verification, and the data access request initiated by the malicious account impersonating the legitimate account does not carry the account context information or the context information carried in the content. Can't pass the check. Through the foregoing solution, the data access request initiated by the legal account with the access right is allowed to be sent to the third-party system, which solves the problem that the prior art uses the third-party system to access the data source, and the security of the account that initiates the access is poor. A technical problem that leads to poor security of data source data.

本申请上述实施例提供的可选方案中,在步骤S602:客户端获取登录账户的上下文信息之后,还可以执行如下实施步骤:In the optional solution provided by the foregoing embodiment of the present application, after the client obtains the context information of the login account, the following implementation steps may be performed:

步骤S6032:账户登录客户端之后,向登录服务器发起登录请求。Step S6032: After the account is logged in to the client, a login request is initiated to the login server.

本申请上述步骤S6032中,客户端可以是软件产品,例如淘宝客户端、天猫客户端等软件,也可以是移动终端设备或计算机设备。在用户使用账户登录客户端是,开始向登陆服务器发起登陆请求,登陆服务器会计算生成该账户对应的完整上下文信息(即完整Context信息),同时登录服务器会存储该账户的账号密码信息和上述完整上下文信息。一种优选方案中,登录服务器接收到账户的登录请求后,可以首先判断接收到的登录请求中携带的信息与登录服务器本地存储的账户信息是否匹配,在判断匹配的情况下,允许账户登录并生成完整上下文信息,在判断不匹配的情况下,拒绝账户登录。In the above step S6032 of the present application, the client may be a software product, such as a software such as a Taobao client or a Tmall client, or may be a mobile terminal device or a computer device. When the user logs in to the client using the account, the login request is initiated to the login server, and the login server calculates the complete context information corresponding to the account (ie, the complete context information), and the login server stores the account password information of the account and the above complete Contextual information. In a preferred solution, after the login server receives the login request of the account, it may first determine whether the information carried in the received login request matches the account information stored locally by the login server, and if the matching is determined, the account is allowed to log in. Generate complete context information and reject account login if there is no match.

步骤S6034:客户端接收登录服务器返回的上下文信息,其中,上下文信息为登录服务器根据登录请求生成的完整上下文信息中的子集。Step S6034: The client receives the context information returned by the login server, where the context information is a subset of the complete context information generated by the login server according to the login request.

通过上述步骤,登录服务器可以通过提取完整上下文信息中的必要信息,形成一个完整上下文信息的子集返回至客户端。在返回的上下文信息能满足第一服务器对于数据访问请求中是否携带上下文信息进行验证、和/或对包含的上下文信息是否正确进行校验的需求的情况下,向客户端返回完整上下文信息的其中一个子集的方式能有效减少登录服务器向客户端发送的信息量。在短时间内有大量用户向登录服务器发起登录请求的情况下,这种方式将能有效节约登录服务器的系统资源,减少登录服务器的数据传输负担。Through the above steps, the login server can return a subset of the complete context information to the client by extracting the necessary information in the complete context information. In the case that the returned context information can satisfy the requirement of the first server to verify whether the context information is carried in the data access request, and/or to verify whether the included context information is correct, the complete context information is returned to the client. A subset of methods can effectively reduce the amount of information sent by the login server to the client. In the case that a large number of users initiate a login request to the login server in a short period of time, this method can effectively save the system resources of the login server and reduce the data transmission burden of the login server.

此处需要说明的是,本申请上述实施例二中步骤S6032至步骤S6034所提供的优选 实施方案与实施例一中步骤S2012到步骤S2014所提供的优选方案以及应用场景实施过程相同,但不限于实施例一所提供的方案。The preferred steps provided in step S6032 to step S6034 in the above second embodiment of the present application are described. The implementation scheme is the same as the preferred scheme and the application scenario provided in step S2012 to step S2014 in the first embodiment, but is not limited to the solution provided in the first embodiment.

本申请上述实施例提供的一种可选方案中,在步骤S6032:账户登录客户端之后,还可以包括如下实施步骤:登录服务器接收登录请求,生成发起登录请求的账户的完整上下文信息,将完整上下文信息的其中一个子集返回给客户端;并将完整上下文信息发送给第一服务器和/或上下文信息服务器。In an optional solution provided by the foregoing embodiment, after the account is logged in to the client in step S6032, the method may further include the following steps: the login server receives the login request, and generates complete context information of the account that initiates the login request, which is complete. One of the subsets of context information is returned to the client; and the full context information is sent to the first server and/or the context information server.

本申请上述实施例提供的一种可选方案中,在步骤S604:客户端发送账户触发的数据访问请求至第一服务器之后,还可以包括如下实施步骤:In an optional solution provided by the foregoing embodiment, after the client sends the account-triggered data access request to the first server, the method may further include the following implementation steps:

步骤S6052:第一服务器接收账户发起的数据访问请求。Step S6052: The first server receives an account initiated data access request.

步骤S6054:第一服务器验证数据访问请求中是否携带账户的上下文信息,和/或对账户的上下文信息进行校验。Step S6054: The first server verifies whether the data access request carries the context information of the account, and/or checks the context information of the account.

步骤S6056:第一服务器在确定数据访问请求中包含账户的上下文信息,和/或在账户的上下文信息校验通过的情况下,允许发送数据访问请求至第三方系统,使得第三方系统根据数据访问请求访问数据源。Step S6056: The first server includes the context information of the account in determining the data access request, and/or allows the data access request to be sent to the third-party system if the context information of the account is verified, so that the third-party system accesses according to the data. Request access to the data source.

另一种可选方案中,第一服务器在确定数据访问请求中没有包含账户的上下文信息,或在账户的上下文信息校验失败的情况下,第一服务器发送数据访问请求至第三方系统,或者第一服务器禁止发送数据访问请求至第三方系统,并发出报警信息。In another optional solution, the first server does not include the context information of the account in determining the data access request, or the first server sends the data access request to the third-party system if the context information verification of the account fails, or The first server prohibits sending a data access request to a third party system and issues an alarm message.

本申请上述实施例提供的可选方案中,步骤S6054:对账户的上下文信息进行校验的具体步骤包括:In the optional solution provided by the foregoing embodiment of the present application, the step S6054: the specific step of verifying the context information of the account includes:

步骤S60541:第一服务器在确定数据访问请求中携带上下文信息之后,读取数据访问请求中携带的上下文信息;Step S60541: After determining that the data access request carries the context information, the first server reads the context information carried in the data access request.

步骤S60542:第一服务器将上下文信息与预存的完整上下文信息进行匹配,在匹配成功的情况下,确定账户的上下文信息为合法信息;Step S60542: The first server matches the context information with the pre-stored complete context information, and if the matching is successful, determining that the context information of the account is legal information;

步骤S60543:第一服务器生成账户的合法访问标识信息,其中,合法访问标识信息用于表征发起数据访问请求的账户为合法账户。Step S60543: The first server generates legal access identification information of the account, where the legal access identification information is used to represent that the account that initiated the data access request is a legal account.

此处需要说明的是,本申请上述实施例二中步骤S60541至步骤S60543所提供的优选实施方案与实施例一中步骤S402到步骤S406所提供的优选方案以及应用场景实施过程相同,但不限于实施例一所提供的方案。It should be noted that the preferred embodiment provided in step S60541 to step S60543 in the foregoing embodiment 2 of the present application is the same as the preferred solution and the application scenario provided in step S402 to step S406 in the first embodiment, but is not limited thereto. The solution provided in the first embodiment.

本申请上述实施例提供的可选方案中,步骤S6054:对账户的上下文信息进行校验的具体步骤包括: In the optional solution provided by the foregoing embodiment of the present application, the step S6054: the specific step of verifying the context information of the account includes:

步骤S60545:第一服务器在确定数据访问请求中携带上下文信息之后,发送上下文信息至上下文信息服务器;Step S60545: After determining that the data access request carries the context information, the first server sends the context information to the context information server.

步骤S60546:第一服务器接收上下文信息服务器验证上下文信息的验证结果;Step S60546: The first server receives the verification result of the context information server verification context information;

步骤S60547:在验证结果为账户的上下文信息为合法信息的情况下,第一服务器接收上下文信息服务器生成的账户的合法访问标识信息,其中,合法访问标识信息用于表征发起的数据访问请求的账户为合法账户;Step S60547: In the case that the verification result is that the context information of the account is legal information, the first server receives the legal access identifier information of the account generated by the context information server, where the legal access identifier information is used to represent the account of the initiated data access request. a legal account;

其中,上下文信息服务器将上下文信息与预存在本地的完整上下文信息进行匹配,在匹配成功的情况下,验证结果为账户的上下文信息为合法信息。The context information server matches the context information with the pre-existing local complete context information. If the matching is successful, the verification result is that the context information of the account is legal information.

此处需要说明的是,本申请上述实施例二中步骤S60545至步骤S60547所提供的优选实施方案与实施例一中步骤S502到步骤S506所提供的优选方案以及应用场景实施过程相同,但不限于实施例一所提供的方案。It should be noted that the preferred embodiment provided in step S60545 to step S60547 in the foregoing embodiment 2 of the present application is the same as the preferred solution and the application scenario provided in step S502 to step S506 in the first embodiment, but is not limited thereto. The solution provided in the first embodiment.

本申请上述实施例提供的可选方案中,在步骤S6056:允许发送数据访问请求至第三方系统之后,还可以包括如下实施步骤:In the optional solution provided by the foregoing embodiment of the present application, after the step S6056: allowing the data access request to be sent to the third-party system, the following implementation steps may be further included:

步骤S60572:数据源服务器接收第三方系统转发的数据访问请求;Step S60572: The data source server receives the data access request forwarded by the third-party system;

步骤S60574:数据源服务器访问第一服务器或上下文信息服务器,如果查询得到账户的合法访问标识信息,则确定合法账户发起的数据访问请求为安全访问请求;Step S60574: The data source server accesses the first server or the context information server, and if the query obtains the legal access identifier information of the account, it determines that the data access request initiated by the legal account is a secure access request;

步骤S60576:数据源服务器向第三方系统返回数据访问请求所要访问的数据。Step S60576: The data source server returns data to be accessed by the data access request to the third party system.

此处需要说明的是,本申请上述实施例二中步骤S60572至步骤S60576所提供的优选实施方案与实施例一中步骤S207到步骤S209所提供的优选方案以及应用场景实施过程相同,但不限于实施例一所提供的方案。It should be noted that the preferred embodiment provided in step S60572 to step S60576 in the foregoing embodiment 2 of the present application is the same as the preferred solution and the application scenario provided in step S207 to step S209 in the first embodiment, but is not limited thereto. The solution provided in the first embodiment.

此处还需要说明的是,上述账户的上下文信息(Context信息)可以决定第三方系统是否能获取以及能获取多高权限等级的用户数据。其中,高等级数据一般涉及用户隐私,例如用户手机号码,家庭住址,甚至信用卡信息等,低等级数据一般不涉密,例如用户昵称,用户头像信息等,一般可以根据涉及用户隐私程度分若干等级。由于账户对应的上下文信息可以校验客户端账户发起的数据访问请求是否由合法用户发起,如果不是,第三方系统将无法获得用户数据,这样就有效的防止了当第三方系统被黑客入侵或者人为原因,用户数据被恶意读写的问题,用户数据安全性大大提高。It should also be noted here that the context information (Context information) of the above account can determine whether the third party system can obtain and can obtain the user data of multiple high privilege levels. Among them, high-level data generally involves user privacy, such as user mobile phone number, home address, and even credit card information. Low-level data is generally not classified, such as user nickname, user avatar information, etc., and generally can be classified according to user privacy level. . Since the context information corresponding to the account can verify whether the data access request initiated by the client account is initiated by a legitimate user, if not, the third party system cannot obtain the user data, thus effectively preventing the third party system from being hacked or artificially The reason is that the user data is maliciously read and written, and the security of the user data is greatly improved.

本申请上述实施例提供的可选方案中,在步骤在确定发起数据访问请求的账户为安全访问账户之后,还可以包括如下实施步骤:数据源服务器验证上下文信息中是否包含账户的在线信息;当上下文信息中包含账户的在线信息时,数据源服务器执行向第三方 系统返回数据访问请求所要访问的数据的步骤。In the optional solution provided by the foregoing embodiment, after determining that the account that initiates the data access request is a secure access account, the step may further include: implementing, by the data source server, whether the context information includes the online information of the account; When the context information contains the online information of the account, the data source server executes to the third party. The step in which the system returns the data to be accessed by the data access request.

本申请方案中,上下文信息中可以包含账户的在线信息,当通过技术手段探测到账户在线后,生成账户在线信息,并将账户在线信息添加至上下文信息中。例如,可以通过向客户端定时发送心跳包的机制,根据客户端反馈的消息,判断账户是否在线,该判断账户是否在线的步骤可以由登录服务器执行。其中,当上下文信息中包含账户在线信息时,意味着当前账户在线,此时数据源服务器才执行向第三方系统返回数据访问请求所要访问的数据。In the solution of the present application, the context information may include online information of the account. When the account is detected by the technical means, the account online information is generated, and the account online information is added to the context information. For example, the mechanism for periodically transmitting the heartbeat packet to the client may be used to determine whether the account is online according to the message fed back by the client, and the step of determining whether the account is online may be performed by the login server. Wherein, when the context information includes account online information, it means that the current account is online, and at this time, the data source server performs data to be accessed by returning the data access request to the third-party system.

本申请上述实施例提供的可选方案中,当上下文信息中还包括账户的安全隐私等级信息时,数据源服务器向第三方系统返回数据访问请求所要访问的数据的步骤包括:数据源服务器根据安全隐私等级信息生成对应的第一访问数据,并将第一访问数据返回至第三方系统。In the optional solution provided by the foregoing embodiment, when the context information further includes the security privacy level information of the account, the step of the data source server returning the data to be accessed by the data access request to the third-party system includes: the data source server according to the security The privacy level information generates corresponding first access data and returns the first access data to the third party system.

此处需要说明的是,本申请上述步骤中,安全隐私等级信息是针对不同的第三方系统,根据对第三方系统的信任程度不同,以及用户对第三方系统的授权程度不同,可以开放给第三方系统不同隐私程度的用户数据的标识信息。例如当安全隐私等级信息指示数据访问请求具有较高安全等级,例如第一安全等级,时,第一访问数据中可以包含第一安全等级所对应的信息,例如,用户的邮箱信息、用户的手机号码、或者用户的地址信息等;当安全隐私等级信息指示数据访问请求具有较低安全等级,例如第二安全等级,时,第一访问数据中可以包含第二安全等级所对应的信息,例如,用户的昵称信息、用户的头像信息等。It should be noted that, in the foregoing steps of the present application, the security privacy level information is for different third-party systems, and may be opened to the third according to the degree of trust to the third-party system and the degree of authorization of the user to the third-party system. Identification information of user data with different privacy levels of the three-party system. For example, when the security privacy level information indicates that the data access request has a higher security level, for example, the first security level, the first access data may include information corresponding to the first security level, for example, the user's mailbox information, the user's mobile phone. a number, or a user's address information, etc.; when the security privacy level information indicates that the data access request has a lower security level, such as a second security level, the first access data may include information corresponding to the second security level, for example, User's nickname information, user's avatar information, etc.

本申请上述实施例提供的可选方案中,当上下文信息中还包括账户的安全风险状态信息时,数据源服务器向第三方系统返回数据访问请求所要访问的数据的步骤包括:数据源服务器安全风险状态信息生成对应的第二访问数据,并将第二访问数据返回至第三方系统。In the optional solution provided by the foregoing embodiment, when the context information further includes the security risk status information of the account, the step of the data source server returning the data to be accessed by the data access request to the third-party system includes: the data source server security risk The status information generates corresponding second access data and returns the second access data to the third party system.

此处需要说明的是,本申请上述步骤中,安全风险状态信息是用于表征账户目前的风险状态的信息。例如,当安全风险状态信息指示账户处于较高风险状态时,例如第一风险状态时,第二访问数据中仅能包含第一风险状态所对应的信息,例如,用户的昵称信息、用户的头像信息等。当安全风险状态信息指示账户处于较低风险状态时,例如第二风险状态时,第二访问数据中能包含第二风险状态所对应的信息,例如,用户的支付信息、用户的手机号码、或者用户的地址信息等。判断账户的风险状态时,可以考虑账户是否在可信地点登陆或者账户是否使用可信设备登陆等;账户的风险状态可以划分为 例如:高安全风险,疑似风险状态,可信任状态等区域。安全风险状态信息可以由登录服务器生成。通过账户上下文信息中包括的账户安全风险状态信息,可以使得数据源服务器进一步控制数据的开放程度。It should be noted here that in the above steps of the present application, the security risk status information is information used to represent the current risk status of the account. For example, when the security risk status information indicates that the account is in a higher risk state, for example, the first risk state, the second access data can only include information corresponding to the first risk state, for example, the user's nickname information, the user's avatar. Information, etc. When the security risk status information indicates that the account is in a lower risk state, for example, the second risk status, the second access data can include information corresponding to the second risk status, for example, the user's payment information, the user's mobile phone number, or User's address information, etc. When judging the risk status of the account, you can consider whether the account is logged in at a trusted location or whether the account is logged in using a trusted device; the risk status of the account can be divided into For example: high security risks, suspected risk status, trusted status, etc. Security risk status information can be generated by the login server. The account security risk status information included in the account context information can enable the data source server to further control the degree of openness of the data.

基于上述实施例二提供的方案可知,本申请提供的用户数据的访问控制方法关键在于在账户发起的数据访问请求中加载该账户的上下文信息,从而使得在账户使用第三方系统访问数据源时,可以保证账户为安全账户,且发起的数据访问请求也是安全请求,此处需要说明的是,本申请涉及到的第三方系统为非可控区域,第一服务器、数据源服务器、登录服务器为可控区域。Based on the solution provided by the foregoing embodiment 2, the key to the access control method of the user data provided by the application is that the context information of the account is loaded in the account-initiated data access request, so that when the account uses the third-party system to access the data source, The account can be a secure account, and the initiated data access request is also a security request. It should be noted that the third-party system involved in the present application is an uncontrollable area, and the first server, the data source server, and the login server are available. Control area.

实施例三Embodiment 3

根据本申请实施例,还提供了一种用户数据的访问控制方法的方法实施例,需要说明的是,在附图的流程图示出的步骤可以在诸如一组计算机可执行指令的计算机系统中执行,并且,虽然在流程图中示出了逻辑顺序,但是在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤。According to an embodiment of the present application, a method embodiment of an access control method for user data is also provided. It should be noted that the steps shown in the flowchart of the drawing may be in a computer system such as a set of computer executable instructions. The steps shown and described may be performed in a different order than the ones described herein, although the logical order is shown in the flowchart.

本申请实施例三所提供的方法实施例仍旧可以在移动终端、计算机终端或者类似的运算装置中执行。此处需要说明的是,实施例三所提供的方法实施例仍旧可以运行在图1所示的计算机终端上。The method embodiments provided in Embodiment 3 of the present application can still be executed in a mobile terminal, a computer terminal or the like. It should be noted that the method embodiment provided in Embodiment 3 can still be run on the computer terminal shown in FIG. 1.

以在上述运行环境下为,本申请还可以提供如图8所示的用户数据的访问控制方法。图8是根据本申请实施例三的用户数据的访问控制方法的流程示意图。如图8所示,一种可选的用户数据的访问控制方法包括如下实施步骤:In the above operating environment, the present application can also provide an access control method for user data as shown in FIG. 8. FIG. 8 is a schematic flowchart of a method for controlling access of user data according to Embodiment 3 of the present application. As shown in FIG. 8, an optional access control method for user data includes the following implementation steps:

步骤S702:第三方系统接收第一服务器发送的数据访问请求,其中,数据访问请求为由账户发起的包含了账户的上下文信息的请求。Step S702: The third-party system receives the data access request sent by the first server, where the data access request is a request initiated by the account that includes context information of the account.

步骤S704:第三方系统转发数据访问请求至数据源服务器。Step S704: The third party system forwards the data access request to the data source server.

步骤S706:第三方系统接收数据源服务器返回的数据访问请求所要访问的数据,其中,当数据源服务器根据数据访问请求中包含的上下文信息,确定发起数据访问请求的账户为安全访问账户,且数据访问请求为安全访问请求时,允许第三方系统根据数据访问请求访问数据源。Step S706: The third-party system receives data to be accessed by the data access request returned by the data source server, wherein when the data source server determines, according to the context information included in the data access request, the account that initiates the data access request is a secure access account, and the data When the access request is a secure access request, the third-party system is allowed to access the data source based on the data access request.

由上可知,本申请上述实施例三所提供的方案中,当前账户(可以是合法账户或者伪造账户冒充该合法账户)发出数据访问请求到达第一服务器后,第一服务器会对接收到的每一个数据访问请求进行校验,即第一服务器会判断数据访问请求是否携带账户上下文信息,和/或上下文信息是否能够校验通过,当对数据访问请求的校验通过的情况下, 第一服务器允许该数据访问请求发送至第三方系统,进而第三方系统就可以根据该数据访问请求访问数据源。在上述方案中,只有合法账户发起的数据访问请求能够通过校验,而对于冒充合法账户的恶意账户发起的数据访问请求,要么在形式上不携带账户上下文信息,要么在内容上携带的上下文信息不能通过校验。通过上述方案,实现了允许具有访问权限的合法账户发起的数据访问请求发送至第三方系统,解决了现有技术在用户使用第三方系统访问数据源的过程中,由于发起访问的账户的安全性差,导致数据源数据安全性差的技术问题。As can be seen from the above, in the solution provided in the foregoing Embodiment 3 of the present application, after the current account (which may be a legitimate account or a fake account impersonates the legal account) sends a data access request to the first server, the first server will receive each received A data access request is verified, that is, the first server determines whether the data access request carries the account context information, and/or whether the context information can be verified, and when the verification of the data access request is passed, The first server allows the data access request to be sent to the third party system, and the third party system can access the data source according to the data access request. In the above solution, only the data access request initiated by the legal account can pass the verification, and the data access request initiated by the malicious account impersonating the legitimate account does not carry the account context information or the context information carried in the content. Can't pass the check. Through the foregoing solution, the data access request initiated by the legal account with the access right is allowed to be sent to the third-party system, which solves the problem that the prior art uses the third-party system to access the data source, and the security of the account that initiates the access is poor. A technical problem that leads to poor security of data source data.

本申请上述实施例提供的可选方案中,在步骤S702:第三方系统接收第一服务器发送的数据访问请求之前,还可以包括如下实施步骤:在第一服务器确定数据访问请求中携带账户的上下文信息,且账户的上下文信息为合法信息的情况下,生成账户的合法访问标识信息,其中,合法访问标识信息用于表征发起的数据访问请求的账户为合法账户。In the optional solution provided by the foregoing embodiment, before the third-party system receives the data access request sent by the first server, the method may further include the following steps: the first server determines the context of the account in the data access request. In the case where the information of the account is legal information, the legal access identification information of the account is generated, wherein the legal access identification information is used to represent the account of the initiated data access request as a legal account.

本申请上述实施例提供的可选方案中,在步骤S702:第三方系统接收第一服务器发送的数据访问请求之前,还可以包括如下实施步骤:In the optional solution provided by the foregoing embodiment, before the step S702: the third-party system receives the data access request sent by the first server, the method may further include the following steps:

步骤S7012:第一服务器验证数据访问请求中是否携带账户的上下文信息,和/或对账户的上下文信息进行校验;Step S7012: The first server verifies whether the data access request carries the context information of the account, and/or checks the context information of the account.

步骤S7014:第一服务器在确定数据访问请求中包含账户的上下文信息,和/或在账户的上下文信息校验通过的情况下,允许发送数据访问请求至第三方系统,使得第三方系统根据数据访问请求访问数据源;Step S7014: The first server includes the context information of the account in determining the data access request, and/or allows the data access request to be sent to the third-party system if the context information of the account is verified, so that the third-party system accesses according to the data. Request access to a data source;

步骤S7016:第一服务器在确定数据访问请求中没有包含账户的上下文信息,和/或在账户的上下文信息校验失败的情况下,第一服务器仍旧发送数据访问请求至第三方系统,或者第一服务器禁止发送数据访问请求至第三方系统,并发出报警信息。Step S7016: The first server does not include the context information of the account in determining the data access request, and/or the first server still sends the data access request to the third party system, or the first case, if the context information verification of the account fails. The server prohibits sending data access requests to third-party systems and issues alarm messages.

本申请上述实施例提供的可选方案中,数据源服务器根据数据访问请求中包含的上下文信息,确定发起数据访问请求的账户为安全访问账户,且数据访问请求为安全访问请求的具体实施步骤包括:In the optional solution provided by the foregoing embodiment, the data source server determines, according to the context information included in the data access request, that the account that initiates the data access request is a secure access account, and the specific implementation steps of the data access request being a secure access request include: :

步骤S7052:数据源服务器接收第三方系统转发的数据访问请求;Step S7052: The data source server receives the data access request forwarded by the third-party system.

步骤S7054:数据源服务器读取数据访问请求中携带的上下文信息;Step S7054: The data source server reads the context information carried in the data access request.

步骤S7056:在数据源服务器验证上下文信息为合法信息时,确定发起数据访问请求的账户为安全访问账户,且在查询得到账户具有合法访问标识信息时,确定数据访问请求为安全访问请求。Step S7056: When the data source server verifies that the context information is legal information, it is determined that the account that initiates the data access request is a secure access account, and when the query obtains the account has the legal access identifier information, determining that the data access request is a secure access request.

本申请上述实施例提供的可选方案中,在步骤S702:第三方系统接收第一服务器发 送的数据访问请求之前,还可以包括如下实施步骤:第一服务器将接收到的数据访问请求转发至第三方系统,其中,向第一服务器发送数据访问请求的具体实施步骤包括:账户登录客户端之后,向登录服务器发起登录请求;客户端接收登录服务器返回的上下文信息,其中,上下文信息为登录服务器根据登录请求生成的完整上下文信息中的子集;客户端获取账户的上下文信息;客户端发送账户触发的数据访问请求至第一服务器,其中,数据访问请求至少包括上下文信息;In the optional solution provided by the foregoing embodiment of the present application, in step S702, the third-party system receives the first server. Before the data access request is sent, the method may further include the following steps: the first server forwards the received data access request to the third-party system, where the specific implementation step of sending the data access request to the first server includes: the account login client Afterwards, the login request is initiated to the login server; the client receives the context information returned by the login server, where the context information is a subset of the complete context information generated by the login server according to the login request; the client obtains the context information of the account; the client sends the An account-triggered data access request to the first server, wherein the data access request includes at least context information;

此处需要说明的是,本申请上述实施例三所提供的优选实施方案与实施例一或实施例二所提供的可选方案以及应用场景实施过程相同,但不限于实施例一或实施例二所提供的方案。It should be noted that the preferred embodiment provided in the foregoing embodiment 3 of the present application is the same as the implementation and the application scenario provided in the first embodiment or the second embodiment, but is not limited to the first embodiment or the second embodiment. The solution provided.

实施例四Embodiment 4

根据本申请实施例,还提供了一种用于实施上述方法实施例的装置实施例,本申请上述实施例所提供的装置可以在计算机终端上运行。According to an embodiment of the present application, an apparatus embodiment for implementing the foregoing method embodiments is also provided. The apparatus provided by the foregoing embodiment of the present application may be run on a computer terminal.

图9是根据本申请实施例四的用户数据的访问控制装置的结构示意图。FIG. 9 is a schematic structural diagram of an access control apparatus for user data according to Embodiment 4 of the present application.

如图9所示,该装置包括:接收模块802、校验模块804以及控制模块806,其中,校验模块804还包括第一校验单元8042和/或第二校验单元8044。As shown in FIG. 9 , the device includes: a receiving module 802, a check module 804, and a control module 806. The check module 804 further includes a first check unit 8042 and/or a second check unit 8044.

其中,接收模块802,用于接收账户发起的数据访问请求;校验模块,包含第一校验单元和/或第二校验单元,其中,所述第一校验单元用于验证所述数据访问请求中是否携带所述账户的上下文信息,所述第二校验单元对所述账户的上下文信息进行校验;控制模块,用于在校验模块校验通过的情况下,允许发送所述数据访问请求至第三方系统,使得所述第三方系统根据所述数据访问请求访问数据源。The receiving module 802 is configured to receive an account-initiated data access request, and the verification module includes a first check unit and/or a second check unit, where the first check unit is configured to verify the data. Whether the context information of the account is carried in the access request, the second check unit checks the context information of the account, and the control module is configured to allow the sending of the check if the check module passes the check The data access request to the third party system causes the third party system to access the data source in accordance with the data access request.

由上可知,本申请实施例四所提供的方案,当合法账户或者伪造账户冒充该合法账户是发出数据访问请求到达第一服务器后,第一服务器会对接收到每一个数据访问请求进行校验,即第一服务器会判断数据访问请求是否携带账户上下文信息,和/或上下文信息是否能够校验通过;当对数据访问请求的校验通过的情况下,第一服务器允许该数据访问请求发送至第三方系统,进而第三方系统就可以根据该数据访问请求访问数据源。在上述方案中,只有合法账户发起的数据访问请求能够通过校验,而对于冒充合法账户的恶意账户发起的数据访问请求,要么在形式上不携带账户上下文信息,要么在内容上携带的上下文信息不能通过校验。通过上述方案,实现了允许具有访问权限的合法账户发起的数据访问请求发送至第三方系统,解决了现有技术在用户使用第三方系统访问数据源的过程中,由于发起访问的账户的安全性差,导致数据源数据安全性差的技术问题。 It can be seen from the above that, in the solution provided in Embodiment 4 of the present application, when a legitimate account or a forged account impersonates the legal account to send a data access request to the first server, the first server checks each data access request received. , that is, the first server determines whether the data access request carries the account context information, and/or whether the context information can pass the verification; when the verification of the data access request passes, the first server allows the data access request to be sent to A third-party system, and then a third-party system, can access the data source based on the data access request. In the above solution, only the data access request initiated by the legal account can pass the verification, and the data access request initiated by the malicious account impersonating the legitimate account does not carry the account context information or the context information carried in the content. Can't pass the check. Through the foregoing solution, the data access request initiated by the legal account with the access right is allowed to be sent to the third-party system, which solves the problem that the prior art uses the third-party system to access the data source, and the security of the account that initiates the access is poor. A technical problem that leads to poor security of data source data.

此处需要说明的是,上述接收模块802、校验模块804以及控制模块806,对应于实施例一中的步骤S202至步骤S206,三个模块与对应的步骤所实现的示例和应用场景相同,但不限于上述实施例一所公开的内容。需要说明的是,上述模块作为装置的一部分可以运行在实施例一提供的计算机终端10中,可以通过软件实现,也可以通过硬件实现。It should be noted that the foregoing receiving module 802, the checking module 804, and the control module 806 correspond to steps S202 to S206 in the first embodiment, and the three modules are the same as the examples and application scenarios implemented by the corresponding steps. However, it is not limited to the contents disclosed in the first embodiment. It should be noted that the foregoing module may be implemented in the computer terminal 10 provided in the first embodiment as a part of the device, and may be implemented by software or by hardware.

可选地,如图10所示,第二校验单元包括:读取子单元902,匹配子单元904以及生成子单元906。Optionally, as shown in FIG. 10, the second check unit includes: a read subunit 902, a matching subunit 904, and a generating subunit 906.

其中,读取子单元,用于在确定所述数据访问请求中携带所述上下文信息之后,读取所述数据访问请求中携带的所述上下文信息;匹配子单元,用于将所述上下文信息与预存的所述完整上下文信息进行匹配,在匹配成功的情况下,确定所述账户的上下文信息为合法信息;生成子单元,用于生成所述账户的合法访问标识信息,其中,所述合法访问标识信息用于表征发起所述数据访问请求的所述账户为合法账户。The reading subunit is configured to read the context information carried in the data access request after determining that the context information is carried in the data access request, and the matching subunit is configured to use the context information Matching the pre-stored complete context information, if the matching is successful, determining that the context information of the account is legal information; and generating a sub-unit, configured to generate legal access identification information of the account, where the legal The access identification information is used to characterize the account initiating the data access request as a legitimate account.

此处需要说明的是,上述读取子单元902,匹配子单元904以及生成子单元906,对应于实施例一中的步骤S402至步骤S406,三个模块与对应的步骤所实现的示例和应用场景相同,但不限于上述实施例一所公开的内容。需要说明的是,上述模块作为装置的一部分可以运行在实施例一提供的计算机终端10中,可以通过软件实现,也可以通过硬件实现。It should be noted that the foregoing reading subunit 902, the matching subunit 904, and the generating subunit 906 correspond to the steps S402 to S406 in the first embodiment, and the examples and applications implemented by the three modules and corresponding steps. The scene is the same, but is not limited to the content disclosed in the first embodiment. It should be noted that the foregoing module may be implemented in the computer terminal 10 provided in the first embodiment as a part of the device, and may be implemented by software or by hardware.

可选地,如图11所示,第二校验单元包括:发送子单元1002,第一接收子单元1004以及第二接收子单元1006。Optionally, as shown in FIG. 11, the second check unit includes: a sending subunit 1002, a first receiving subunit 1004, and a second receiving subunit 1006.

其中,发送子单元,用于在确定所述数据访问请求中携带所述上下文信息之后,发送所述上下文信息至上下文信息服务器;第一接收子单元,用于接收所述上下文信息服务器验证所述上下文信息的验证结果;第二接收子单元,用于在所述验证结果为所述账户的上下文信息为合法信息的情况下,接收所述上下文信息服务器生成的所述账户的合法访问标识信息,其中,所述合法访问标识信息用于表征发起的所述数据访问请求的所述账户为合法账户;所述上下文信息服务器将所述上下文信息与预存在本地的所述完整上下文信息进行匹配,在匹配成功的情况下,所述验证结果为所述账户的上下文信息为所述合法信息。The sending subunit is configured to send the context information to the context information server after determining that the context information is carried in the data access request, and the first receiving subunit is configured to receive the context information server to verify the a verification result of the context information, where the second receiving subunit is configured to receive the legal access identification information of the account generated by the context information server, if the verification result is that the context information of the account is legal information, The legal access identifier information is used to represent the account of the initiated data access request as a legal account; the context information server matches the context information with the pre-existing local complete context information, where If the matching is successful, the verification result is that the context information of the account is the legal information.

此处需要说明的是,上述发送子单元1002,第一接收子单元1004以及第二接收子单元1006,对应于实施例一中的步骤S502至步骤S506,三个模块与对应的步骤所实现的示例和应用场景相同,但不限于上述实施例一所公开的内容。需要说明的是,上述模块作为装置的一部分可以运行在实施例一提供的计算机终端10中,可以通过软件实现, 也可以通过硬件实现。It should be noted that the foregoing sending subunit 1002, the first receiving subunit 1004 and the second receiving subunit 1006 correspond to steps S502 to S506 in the first embodiment, and the three modules are implemented by corresponding steps. The examples and application scenarios are the same, but are not limited to the contents disclosed in the above embodiment 1. It should be noted that the foregoing module may be implemented in the computer terminal 10 provided in the first embodiment as a part of the device, and may be implemented by software. It can also be implemented in hardware.

可选地,控制模块还用于在校验单元校验不通过的情况下,发送所述数据访问请求至所述第三方系统,或者所述禁止发送所述数据访问请求至所述第三方系统,并发出报警信息。Optionally, the control module is further configured to send the data access request to the third-party system if the verification unit fails to pass the verification, or prohibit the sending the data access request to the third-party system And issue an alarm message.

本申请上述实施例四所提供的优选实施方案与实施例一所提供的方法实施例的可选方案以及应用场景实施过程相同,但不限于实施例一所提供的方案。The preferred embodiment provided by the foregoing embodiment 4 of the present application is the same as the implementation of the method embodiment and the application scenario provided by the first embodiment, but is not limited to the solution provided by the first embodiment.

实施例五Embodiment 5

根据本申请实施例,还提供了一种用于实施上述方法实施例的装置实施例,本申请上述实施例所提供的装置可以在计算机终端上运行。According to an embodiment of the present application, an apparatus embodiment for implementing the foregoing method embodiments is also provided. The apparatus provided by the foregoing embodiment of the present application may be run on a computer terminal.

图12是根据本申请实施例五的用户数据的访问控制装置的结构示意图。FIG. 12 is a schematic structural diagram of an access control apparatus for user data according to Embodiment 5 of the present application.

如图12所示,该装置包括:获取模块1102,发送模块1104以及接收模块1106。As shown in FIG. 12, the apparatus includes: an obtaining module 1102, a transmitting module 1104, and a receiving module 1106.

其中,获取模块,用于获取账户的上下文信息;发送模块,用于发送所述账户触发的数据访问请求至第一服务器,其中,所述数据访问请求至少包括所述上下文信息;接收模块,用于接收所述第一服务器根据所述数据访问请求获取到的访问数据;其中,在所述第一服务器确定所述数据访问请求中包含所述账户的上下文信息,和/或在所述账户的上下文信息校验通过的情况下,允许发送所述数据访问请求至第三方系统,使得所述第三方系统根据所述数据访问请求访问数据源。The obtaining module is configured to obtain the context information of the account, and the sending module is configured to send the data access request triggered by the account to the first server, where the data access request includes at least the context information, and the receiving module uses Receiving access data acquired by the first server according to the data access request; wherein the first server determines that the data access request includes context information of the account, and/or in the account In the case where the context information is verified, the data access request is allowed to be sent to the third party system, so that the third party system accesses the data source according to the data access request.

由上可知,本申请实施例五所提供的方案,当合法账户或者伪造账户冒充该合法账户是发出数据访问请求到达第一服务器后,第一服务器会对接收到每一个数据访问请求进行校验,即第一服务器会判断数据访问请求是否携带账户上下文信息,和/或上下文信息是否能够校验通过;当对数据访问请求的校验通过的情况下,第一服务器允许该数据访问请求发送至第三方系统,进而第三方系统就可以根据该数据访问请求访问数据源。在上述方案中,只有合法账户发起的数据访问请求能够通过校验,而对于冒充合法账户的恶意账户发起的数据访问请求,要么在形式上不携带账户上下文信息,要么在内容上携带的上下文信息不能通过校验。通过上述方案,实现了允许具有访问权限的合法账户发起的数据访问请求发送至第三方系统,解决了现有技术在用户使用第三方系统访问数据源的过程中,由于发起访问的账户的安全性差,导致数据源数据安全性差的技术问题。It can be seen from the above that, in the solution provided by the fifth embodiment of the present application, when the legal account or the forged account pretends to be the legal account and the data access request is sent to the first server, the first server checks each data access request received. That is, the first server determines whether the data access request carries the account context information, and/or whether the context information can pass the verification; when the verification of the data access request passes, the first server allows the data access request to be sent to the first The three-way system, and thus the third-party system, can access the data source based on the data access request. In the above solution, only the data access request initiated by the legal account can pass the verification, and the data access request initiated by the malicious account impersonating the legitimate account does not carry the account context information or the context information carried in the content. Can't pass the check. Through the foregoing solution, the data access request initiated by the legal account with the access right is allowed to be sent to the third-party system, which solves the problem that the prior art uses the third-party system to access the data source, and the security of the account that initiates the access is poor. A technical problem that leads to poor security of data source data.

此处需要说明的是,上述获取模块1102,发送模块1104以及接收模块1106,对应于实施例二中的步骤S602至步骤S606,三个模块与对应的步骤所实现的示例和应用场景相同,但不限于上述实施例二所公开的内容。需要说明的是,上述模块作为装置的一 部分可以运行在实施例二提供的计算机终端10中,可以通过软件实现,也可以通过硬件实现。It should be noted that the foregoing obtaining module 1102, the sending module 1104, and the receiving module 1106 correspond to steps S602 to S606 in the second embodiment, and the three modules are the same as the examples and application scenarios implemented by the corresponding steps, but It is not limited to the contents disclosed in the above second embodiment. It should be noted that the above module is used as one of the devices. The part can be run in the computer terminal 10 provided in the second embodiment, and can be implemented by software or by hardware.

此处需要说明的是,本申请上述实施例五所提供的优选实施方案与实施例二所提供的可选方案以及应用场景实施过程相同,但不限于实施例二所提供的方案。It should be noted that the preferred embodiment provided in the foregoing Embodiment 5 of the present application is the same as the implementation and the application scenario provided in Embodiment 2, but is not limited to the solution provided in Embodiment 2.

实施例六Embodiment 6

根据本申请实施例,还提供了一种用于实施上述方法实施例的装置实施例,本申请上述实施例所提供的装置可以在计算机终端上运行。According to an embodiment of the present application, an apparatus embodiment for implementing the foregoing method embodiments is also provided. The apparatus provided by the foregoing embodiment of the present application may be run on a computer terminal.

图13是根据本申请实施例六的用户数据的访问控制装置的结构示意图。FIG. 13 is a schematic structural diagram of an access control apparatus for user data according to Embodiment 6 of the present application.

如图13所示,该装置包括:第一接收模块1202,转发模块1204以及第二接收模块1206。As shown in FIG. 13, the apparatus includes: a first receiving module 1202, a forwarding module 1204, and a second receiving module 1206.

其中,第一接收模块,用于接收第一服务器发送的数据访问请求,其中,所述数据访问请求为由账户发起的包含了所述账户的上下文信息的请求;转发模块,用于转发所述数据访问请求至数据源服务器;第二接收模块,用于接收所述数据源服务器返回的所述数据访问请求所要访问的数据,其中,当所述数据源服务器根据所述数据访问请求中包含的所述上下文信息,确定发起所述数据访问请求的所述账户为安全访问账户,且所述数据访问请求为安全访问请求时,允许第三方系统根据所述数据访问请求访问数据源。The first receiving module is configured to receive a data access request sent by the first server, where the data access request is a request that is initiated by the account and includes context information of the account, and a forwarding module is configured to forward the a data access request to the data source server; a second receiving module, configured to receive data to be accessed by the data access request returned by the data source server, where the data source server is included in the data access request The context information determines that the account that initiates the data access request is a secure access account, and when the data access request is a secure access request, allows a third-party system to access the data source according to the data access request.

由上可知,本申请实施例六所提供的方案,当合法账户或者伪造账户冒充该合法账户是发出数据访问请求到达第一服务器后,第一服务器会对接收到每一个数据访问请求进行校验,即第一服务器会判断数据访问请求是否携带账户上下文信息,和/或上下文信息是否能够校验通过;当对数据访问请求的校验通过的情况下,第一服务器允许该数据访问请求发送至第三方系统,进而第三方系统就可以根据该数据访问请求访问数据源。在上述方案中,只有合法账户发起的数据访问请求能够通过校验,而对于冒充合法账户的恶意账户发起的数据访问请求,要么在形式上不携带账户上下文信息,要么在内容上携带的上下文信息不能通过校验。通过上述方案,实现了允许具有访问权限的合法账户发起的数据访问请求发送至第三方系统,解决了现有技术在用户使用第三方系统访问数据源的过程中,由于发起访问的账户的安全性差,导致数据源数据安全性差的技术问题。It can be seen from the above that, in the solution provided in Embodiment 6 of the present application, when a legitimate account or a forged account pretends to be a legitimate account to send a data access request to the first server, the first server checks each data access request received. , that is, the first server determines whether the data access request carries the account context information, and/or whether the context information can pass the verification; when the verification of the data access request passes, the first server allows the data access request to be sent to A third-party system, and then a third-party system, can access the data source based on the data access request. In the above solution, only the data access request initiated by the legal account can pass the verification, and the data access request initiated by the malicious account impersonating the legitimate account does not carry the account context information or the context information carried in the content. Can't pass the check. Through the foregoing solution, the data access request initiated by the legal account with the access right is allowed to be sent to the third-party system, which solves the problem that the prior art uses the third-party system to access the data source, and the security of the account that initiates the access is poor. A technical problem that leads to poor security of data source data.

此处需要说明的是,上述第一接收模块1202,转发模块1204以及第二接收模块1206,对应于实施例三中的步骤S702至步骤S706,三个模块与对应的步骤所实现的示例和应用场景相同,但不限于上述实施例三所公开的内容。需要说明的是,上述模块作为装置的一部分可以运行在实施例三提供的计算机终端10中,可以通过软件实现,也可以通过 硬件实现。It should be noted that the first receiving module 1202, the forwarding module 1204, and the second receiving module 1206, corresponding to the steps S702 to S706 in the third embodiment, the examples and applications implemented by the three modules and corresponding steps. The scene is the same, but is not limited to the content disclosed in the third embodiment above. It should be noted that the foregoing module may be implemented in the computer terminal 10 provided in the third embodiment as a part of the device, and may be implemented by software or by using software. Hardware implementation.

本申请上述实施例六所提供的优选实施方案与实施例三所提供的可选方案以及应用场景实施过程相同,但不限于实施例三所提供的方案。The preferred embodiment provided by the foregoing embodiment 6 of the present application is the same as the optional solution and the application scenario provided by the third embodiment, but is not limited to the solution provided by the third embodiment.

实施例七Example 7

根据本申请实施例,还提供了一种用户数据的访问控制系统,图14是根据本申请实施例七的用户数据的访问控制系统的结构示意图。An access control system for user data is provided according to the embodiment of the present application. FIG. 14 is a schematic structural diagram of an access control system for user data according to Embodiment 7 of the present application.

如图14所示,该系统包括:As shown in Figure 14, the system includes:

客户终端141,用于在账户登录之后,发起数据访问请求;The client terminal 141 is configured to initiate a data access request after the account is logged in;

第一服务器143,与客户终端141通信,用于在验证数据访问请求中包含了账户的上下文信息,和/或验证上下文信息为合法信息之后,透传数据访问请求;The first server 143 is in communication with the client terminal 141, configured to transparently transmit the data access request after the authentication data access request includes the context information of the account, and/or the verification context information is the legal information;

第三方系统服务器145,与第一服务器143通信,用于接收第一服务器透传的数据访问请求;The third-party system server 145 is in communication with the first server 143, and configured to receive a data access request transparently transmitted by the first server;

数据源服务器147,与第三方系统服务器145通信,用于接收第三方系统服务器通信转发的数据访问请求,在根据数据访问请求中包含的上下文信息,确定发起数据访问请求的账户为安全访问账户,且数据访问请求为安全访问请求时,返回数据访问请求对应的访问数据至第三方系统服务器。The data source server 147 is in communication with the third-party system server 145, and is configured to receive a data access request forwarded by the third-party system server, and determine, according to the context information included in the data access request, that the account that initiates the data access request is a secure access account. When the data access request is a secure access request, the access data corresponding to the data access request is returned to the third-party system server.

本申请上述实施例七提供了一种系统方案,可以实现当合法账户登录客户端中的141之后,合法账户可以发出数据访问请求到达第一服务器143,第一服务器143可以对接收到数据访问请求进行校验,即第一服务器会判断数据访问请求是否携带账户上下文信息,和/或上下文信息是否能够校验通过,当对数据访问请求的校验通过的情况下,第一服务器允许该数据访问请求发送至第三方系统,进而第三方系统就可以根据该数据访问请求访问数据源。在上述方案中,只有合法账户发起的数据访问请求能够通过校验,而对于冒充合法账户的恶意账户发起的数据访问请求,要么在形式上不携带账户上下文信息,要么在内容上携带的上下文信息不能通过校验。通过上述方案,实现了允许具有访问权限的合法账户发起的数据访问请求发送至第三方系统,解决了现有技术在用户使用第三方系统访问数据源的过程中,由于发起访问的账户的安全性差,导致数据源数据安全性差的技术问题。The foregoing seventh embodiment of the present application provides a system solution, which can be implemented after the legal account is logged into the client 141, the legal account can send a data access request to the first server 143, and the first server 143 can receive the data access request. Checking, that is, the first server determines whether the data access request carries the account context information, and/or whether the context information can pass the verification. When the verification of the data access request passes, the first server allows the data access. The request is sent to a third-party system, and the third-party system can access the data source based on the data access request. In the above solution, only the data access request initiated by the legal account can pass the verification, and the data access request initiated by the malicious account impersonating the legitimate account does not carry the account context information or the context information carried in the content. Can't pass the check. Through the foregoing solution, the data access request initiated by the legal account with the access right is allowed to be sent to the third-party system, which solves the problem that the prior art uses the third-party system to access the data source, and the security of the account that initiates the access is poor. A technical problem that leads to poor security of data source data.

可选的,上述系统还可以包括:登录服务器和上下文信息服务器。Optionally, the foregoing system may further include: a login server and a context information server.

其中,当账户登录客户端时,开始向登陆服务器发起登陆请求,登陆服务器会计算生成该账户对应的完整上下文信息(即完整Context信息),同时登录服务器会存储该 账户的账号密码信息和上述完整上下文信息,或者将上下文信息发送至上下文信息服务器进行保存。When the account is logged in to the client, the login request is initiated to the login server, and the login server calculates the complete context information corresponding to the account (ie, the complete context information), and the login server stores the request. The account password information of the account and the above complete context information, or the context information is sent to the context information server for storage.

本申请上述实施例七所提供的优选实施方案与实施例一至实施例三所提供的可选方案以及应用场景实施过程相同,但不限于实施例一至实施例三所提供的方案。The preferred embodiments provided in the foregoing seventh embodiment of the present application are the same as the implementations and application scenarios provided in the first embodiment to the third embodiment, but are not limited to the solutions provided in the first embodiment to the third embodiment.

实施例八Example eight

本申请的实施例可以提供一种计算机终端,该计算机终端可以是计算机终端群中的任意一个计算机终端设备。可选地,在本实施例中,上述计算机终端也可以替换为移动终端等终端设备。Embodiments of the present application may provide a computer terminal, which may be any one of computer terminal groups. Optionally, in this embodiment, the foregoing computer terminal may also be replaced with a terminal device such as a mobile terminal.

可选地,在本实施例中,上述计算机终端可以位于计算机网络的多个网络设备中的至少一个网络设备。Optionally, in this embodiment, the computer terminal may be located in at least one network device of the plurality of network devices of the computer network.

在本实施例中,上述计算机终端可以执行应用程序的漏洞检测方法中以下步骤的程序代码:第一服务器接收账户发起的数据访问请求;所述第一服务器验证所述数据访问请求中是否携带所述账户的上下文信息,和/或对所述账户的上下文信息进行校验;所述第一服务器在确定所述数据访问请求中包含所述账户的上下文信息,和/或在所述账户的上下文信息校验通过的情况下,允许发送所述数据访问请求至第三方系统,使得所述第三方系统根据所述数据访问请求访问数据源。In this embodiment, the computer terminal may execute the program code of the following steps in the vulnerability detection method of the application: the first server receives an account-initiated data access request; and the first server verifies whether the data access request carries the Determining context information of the account, and/or verifying context information of the account; the first server includes context information of the account in determining the data access request, and/or in a context of the account In the case where the information verification passes, the data access request is allowed to be sent to the third party system, so that the third party system accesses the data source according to the data access request.

可选地,图15是根据本申请实施例的一种计算机终端的结构框图。如图15所示,该计算机终端A可以包括:一个或多个(图中仅示出一个)处理器51、存储器53、以及传输装置55。Optionally, FIG. 15 is a structural block diagram of a computer terminal according to an embodiment of the present application. As shown in FIG. 15, the computer terminal A may include one or more (only one shown in the figure) processor 51, memory 53, and transmission device 55.

其中,存储器53可用于存储软件程序以及模块,如本申请实施例中的安全漏洞检测方法和装置对应的程序指令/模块,处理器51通过运行存储在存储器53内的软件程序以及模块,从而执行各种功能应用以及数据处理,即实现上述的系统漏洞攻击的检测方法。存储器53可包括高速随机存储器,还可以包括非易失性存储器,如一个或者多个磁性存储装置、闪存、或者其他非易失性固态存储器。在一些实例中,存储器53可进一步包括相对于处理器51远程设置的存储器,这些远程存储器可以通过网络连接至终端A。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。The memory 53 can be used to store software programs and modules, such as the security vulnerability detection method and the program instruction/module corresponding to the device in the embodiment of the present application, and the processor 51 executes by executing the software program and the module stored in the memory 53. Various functional applications and data processing, that is, detection methods for implementing the aforementioned system vulnerability attacks. Memory 53 may include high speed random access memory and may also include non-volatile memory such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory. In some examples, memory 53 may further include memory remotely located relative to processor 51, which may be connected to terminal A via a network. Examples of such networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.

上述的传输装置55用于经由一个网络接收或者发送数据。上述的网络具体实例可包括有线网络及无线网络。在一个实例中,传输装置55包括一个网络适配器(Network Interface Controller,NIC),其可通过网线与其他网络设备与路由器相连从而可与互联网或局域网进行通讯。在一个实例中,传输装置55为射频(Radio Frequency,RF)模块, 其用于通过无线方式与互联网进行通讯。The transmission device 55 described above is for receiving or transmitting data via a network. Specific examples of the above network may include a wired network and a wireless network. In one example, the transmission device 55 includes a Network Interface Controller (NIC) that can be connected to other network devices and routers via a network cable to communicate with the Internet or a local area network. In one example, the transmission device 55 is a radio frequency (RF) module. It is used to communicate wirelessly with the Internet.

其中,具体地,存储器53用于存储预设动作条件和预设权限用户的信息、以及应用程序。Specifically, the memory 53 is configured to store preset action conditions and information of the preset rights user, and an application.

处理器51可以通过传输装置调用存储器53存储的信息及应用程序,以执行下述步骤:第一服务器接收账户发起的数据访问请求;所述第一服务器验证所述数据访问请求中是否携带所述账户的上下文信息,和/或对所述账户的上下文信息进行校验;所述第一服务器在确定所述数据访问请求中包含所述账户的上下文信息,和/或在所述账户的上下文信息校验通过的情况下,允许发送所述数据访问请求至第三方系统,使得所述第三方系统根据所述数据访问请求访问数据源。The processor 51 may call the information and the application stored by the memory 53 through the transmission device to perform the steps of: the first server receiving an account-initiated data access request; the first server verifying whether the data access request carries the Context information of the account, and/or verification of context information of the account; the first server includes context information of the account in determining the data access request, and/or context information in the account In case the verification is passed, the data access request is allowed to be sent to the third party system, so that the third party system accesses the data source according to the data access request.

可选的,上述处理器51还可以执行如下步骤的程序代码:所述账户登录客户端之后,向登录服务器发起登录请求;所述客户端接收所述登录服务器返回的所述上下文信息,其中,所述上下文信息为所述登录服务器根据所述登录请求生成的完整上下文信息中的子集;所述客户端发送携带有所述上下文信息的所述数据访问请求至所述第一服务器。Optionally, the processor 51 may further execute the following steps: after the account is logged in to the client, the login request is initiated to the login server; the client receives the context information returned by the login server, where The context information is a subset of the complete context information generated by the login server according to the login request; the client sends the data access request carrying the context information to the first server.

可选的,上述处理器51还可以执行如下步骤的程序代码:所述第一服务器在确定所述数据访问请求中携带所述上下文信息之后,读取所述数据访问请求中携带的所述上下文信息;所述第一服务器将所述上下文信息与预存的所述完整上下文信息进行匹配,在匹配成功的情况下,确定所述账户的上下文信息为合法信息;所述第一服务器生成所述账户的合法访问标识信息,其中,所述合法访问标识信息用于表征发起所述数据访问请求的所述账户为合法账户。Optionally, the processor 51 may further execute the following step: the first server reads the context carried in the data access request after determining that the data access request carries the context information The first server matches the context information with the pre-stored complete context information, and if the matching is successful, determining that the context information of the account is legal information; the first server generates the account Legal access identification information, wherein the legal access identification information is used to represent that the account that initiated the data access request is a legitimate account.

可选的,上述处理器51还可以执行如下步骤的程序代码:所述第一服务器在确定所述数据访问请求中携带所述上下文信息之后,发送所述上下文信息至上下文信息服务器;所述第一服务器接收所述上下文信息服务器验证所述上下文信息的验证结果;在所述验证结果为所述账户的上下文信息为合法信息的情况下,所述第一服务器接收所述上下文信息服务器生成的所述账户的合法访问标识信息,其中,所述合法访问标识信息用于表征发起的所述数据访问请求的所述账户为合法账户;其中,所述上下文信息服务器将所述上下文信息与预存在本地的所述完整上下文信息进行匹配,在匹配成功的情况下,所述验证结果为所述账户的上下文信息为所述合法信息。Optionally, the processor 51 may further execute the following step: the first server sends the context information to the context information server after determining that the data access request carries the context information; Receiving, by the server, the verification result of the context information by the context information server; if the verification result is that the context information of the account is legal information, the first server receives the location generated by the context information server The legal access identifier information of the account, wherein the legal access identifier information is used to represent the account of the initiated data access request as a legal account; wherein the context information server associates the context information with a pre-existing local The complete context information is matched, and if the matching is successful, the verification result is that the context information of the account is the legal information.

可选的,上述处理器51还可以执行如下步骤的程序代码:数据源服务器接收所述第三方系统转发的所述数据访问请求;所述数据源服务器访问所述第一服务器或所述上下文信息服务器,如果查询得到所述账户的所述合法访问标识信息,则确定所述合法账户 发起的所述数据访问请求为安全访问请求;所述数据源服务器向所述第三方系统返回所述数据访问请求所要访问的数据。Optionally, the processor 51 may further execute the following steps: the data source server receives the data access request forwarded by the third-party system; and the data source server accesses the first server or the context information a server, if the query obtains the legal access identifier information of the account, determining the legal account The initiated data access request is a secure access request; the data source server returns data to be accessed by the data access request to the third party system.

可选的,上述处理器51还可以执行如下步骤的程序代码:所述数据源服务器验证所述上下文信息中是否包含所述账户的在线信息;当所述上下文信息中包含所述账户的在线信息时,所述数据源服务器执行向所述第三方系统返回所述数据访问请求所要访问的数据的步骤。Optionally, the processor 51 may further execute the following program code: the data source server verifies whether the context information includes online information of the account; and when the context information includes online information of the account The data source server performs the step of returning data to be accessed by the data access request to the third party system.

可选的,上述处理器51还可以执行如下步骤的程序代码:所述数据源服务器根据所述安全隐私等级信息生成对应的第一访问数据,并将所述第一访问数据返回至所述第三方系统。Optionally, the processor 51 may further execute the following program code: the data source server generates corresponding first access data according to the security privacy level information, and returns the first access data to the first Tripartite system.

可选的,上述处理器51还可以执行如下步骤的程序代码:所述数据源服务器根据所述安全风险状态信息生成对应的第二访问数据,并将所述第二访问数据返回至所述第三方系统。Optionally, the processor 51 may further execute the following program code: the data source server generates corresponding second access data according to the security risk status information, and returns the second access data to the first Tripartite system.

可选的,上述处理器51还可以执行如下步骤的程序代码:所述第一服务器在确定所述数据访问请求中没有包含所述账户的上下文信息,或在所述账户的上下文信息校验失败的情况下,所述第一服务器发送所述数据访问请求至所述第三方系统,或者所述第一服务器禁止发送所述数据访问请求至所述第三方系统,并发出报警信息。Optionally, the processor 51 may further execute the following program code: the first server does not include the context information of the account in determining the data access request, or the context information verification of the account fails. In case, the first server sends the data access request to the third-party system, or the first server prohibits sending the data access request to the third-party system, and sends an alarm message.

采用本申请实施例,提供了一种用户数据的访问控制方案。采用第一服务器接收账户发起的数据访问请求,验证数据访问请求中是否携带账户的上下文信息,和/或对账户的上下文信息进行校验的方式,通过第一服务器在确定数据访问请求中包含账户的上下文信息,和/或在账户的上下文信息校验通过的情况下,允许发送数据访问请求至第三方系统,达到了使得第三方系统根据数据访问请求访问数据源的目的,从而实现了在第三方系统接收数据访问前就能够鉴别发送该数据访问请求的账户是否为合法账户的技术效果,进而解决了现有技术在用户使用第三方系统访问数据源的过程中,由于发起访问的账户的安全性差,导致数据源数据安全性差的技术问题。With the embodiment of the present application, an access control scheme for user data is provided. Receiving, by the first server, the data access request initiated by the account, verifying whether the data access request carries the context information of the account, and/or verifying the context information of the account, and including the account in determining the data access request by using the first server Context information, and/or in the case that the context information of the account is verified, the data access request is allowed to be sent to the third-party system, so that the third-party system accesses the data source according to the data access request, thereby achieving the Before the three-party system receives the data access, it can identify the technical effect of whether the account that sends the data access request is a legitimate account, thereby solving the problem of the prior art in the process of the user accessing the data source by using the third-party system. Poor performance, resulting in poor technical security of data source data.

本领域普通技术人员可以理解,图15所示的结构仅为示意,计算机终端也可以是智能手机(如Android手机、iOS手机等)、平板电脑、掌声电脑以及移动互联网设备(Mobile Internet Devices,MID)、PAD等终端设备。图15其并不对上述电子装置的结构造成限定。例如,计算机终端A还可包括比图15中所示更多或者更少的组件(如网络接口、显示装置等),或者具有与图15所示不同的配置。A person skilled in the art can understand that the structure shown in FIG. 15 is only for illustration, and the computer terminal can also be a smart phone (such as an Android mobile phone, an iOS mobile phone, etc.), a tablet computer, an applause computer, and a mobile Internet device (Mobile Internet Devices, MID). ), PAD and other terminal devices. Fig. 15 does not limit the structure of the above electronic device. For example, computer terminal A may also include more or fewer components (such as a network interface, display device, etc.) than shown in FIG. 15, or have a different configuration than that shown in FIG.

本领域普通技术人员可以理解上述实施例的各种方法中的全部或部分步骤是可以通 过程序来指令终端设备相关的硬件来完成,该程序可以存储于一计算机可读存储介质中,存储介质可以包括:闪存盘、只读存储器(Read-Only Memory,ROM)、随机存取器(Random Access Memory,RAM)、磁盘或光盘等。One of ordinary skill in the art will appreciate that all or part of the various steps of the above embodiments are accessible. The program is executed by instructing the terminal device-related hardware, and the program may be stored in a computer readable storage medium, and the storage medium may include: a flash disk, a read-only memory (ROM), a random access device ( Random Access Memory (RAM), disk or CD.

实施例九Example nine

本申请的实施例可以提供一种计算机终端,该计算机终端可以是计算机终端群中的任意一个计算机终端设备。可选地,在本实施例中,上述计算机终端也可以替换为移动终端等终端设备。Embodiments of the present application may provide a computer terminal, which may be any one of computer terminal groups. Optionally, in this embodiment, the foregoing computer terminal may also be replaced with a terminal device such as a mobile terminal.

可选地,在本实施例中,上述计算机终端可以位于计算机网络的多个网络设备中的至少一个网络设备。Optionally, in this embodiment, the computer terminal may be located in at least one network device of the plurality of network devices of the computer network.

在本实施例中,上述计算机终端可以执行应用程序的漏洞检测方法中以下步骤的程序代码:客户端获取账户的上下文信息;客户端发送账户触发的数据访问请求至第一服务器,其中,数据访问请求至少包括上下文信息;客户端接收第一服务器根据数据访问请求获取到的访问数据;其中,在第一服务器确定数据访问请求中包含账户的上下文信息,和/或在账户的上下文信息校验通过的情况下,允许发送数据访问请求至第三方系统,使得第三方系统根据数据访问请求访问数据源。In this embodiment, the computer terminal may execute the program code of the following steps in the vulnerability detection method of the application: the client obtains the context information of the account; the client sends the data access request triggered by the account to the first server, where the data access The request includes at least context information; the client receives the access data obtained by the first server according to the data access request; wherein the first server determines that the data access request includes the context information of the account, and/or the context information of the account is verified In this case, the data access request is allowed to be sent to the third party system, so that the third party system accesses the data source according to the data access request.

可选地,仍旧参照图15所提供的一种计算机终端的结构框图。如图15所示,该计算机终端A可以包括:一个或多个(图中仅示出一个)处理器51、存储器53、以及传输装置55。Optionally, still a structural block diagram of a computer terminal provided with reference to FIG. As shown in FIG. 15, the computer terminal A may include one or more (only one shown in the figure) processor 51, memory 53, and transmission device 55.

其中,存储器53可用于存储软件程序以及模块,如本申请实施例中的安全漏洞检测方法和装置对应的程序指令/模块,处理器51通过运行存储在存储器53内的软件程序以及模块,从而执行各种功能应用以及数据处理,即实现上述的系统漏洞攻击的检测方法。存储器53可包括高速随机存储器,还可以包括非易失性存储器,如一个或者多个磁性存储装置、闪存、或者其他非易失性固态存储器。在一些实例中,存储器53可进一步包括相对于处理器51远程设置的存储器,这些远程存储器可以通过网络连接至终端A。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。The memory 53 can be used to store software programs and modules, such as the security vulnerability detection method and the program instruction/module corresponding to the device in the embodiment of the present application, and the processor 51 executes by executing the software program and the module stored in the memory 53. Various functional applications and data processing, that is, detection methods for implementing the aforementioned system vulnerability attacks. Memory 53 may include high speed random access memory and may also include non-volatile memory such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory. In some examples, memory 53 may further include memory remotely located relative to processor 51, which may be connected to terminal A via a network. Examples of such networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.

上述的传输装置55用于经由一个网络接收或者发送数据。上述的网络具体实例可包括有线网络及无线网络。在一个实例中,传输装置55包括一个网络适配器(Network Interface Controller,NIC),其可通过网线与其他网络设备与路由器相连从而可与互联网或局域网进行通讯。在一个实例中,传输装置55为射频(Radio Frequency,RF)模块,其用于通过无线方式与互联网进行通讯。 The transmission device 55 described above is for receiving or transmitting data via a network. Specific examples of the above network may include a wired network and a wireless network. In one example, the transmission device 55 includes a Network Interface Controller (NIC) that can be connected to other network devices and routers via a network cable to communicate with the Internet or a local area network. In one example, the transmission device 55 is a Radio Frequency (RF) module for communicating with the Internet wirelessly.

其中,具体地,存储器53用于存储预设动作条件和预设权限用户的信息、以及应用程序。Specifically, the memory 53 is configured to store preset action conditions and information of the preset rights user, and an application.

处理器51可以通过传输装置调用存储器53存储的信息及应用程序,以执行下述步骤:客户端获取账户的上下文信息;客户端发送账户触发的数据访问请求至第一服务器,其中,数据访问请求至少包括上下文信息;客户端接收第一服务器根据数据访问请求获取到的访问数据;其中,在第一服务器确定数据访问请求中包含账户的上下文信息,和/或在账户的上下文信息校验通过的情况下,允许发送数据访问请求至第三方系统,使得第三方系统根据数据访问请求访问数据源。The processor 51 can call the information and the application stored by the memory 53 through the transmission device to perform the following steps: the client obtains the context information of the account; the client sends the account-triggered data access request to the first server, where the data access request Include at least context information; the client receives the access data obtained by the first server according to the data access request; wherein the first server determines that the data access request includes the context information of the account, and/or the context information of the account is verified In this case, the data access request is allowed to be sent to the third party system, so that the third party system accesses the data source according to the data access request.

可选的,上述处理器51还可以执行如下步骤的程序代码:账户登录客户端之后,向登录服务器发起登录请求;客户端接收登录服务器返回的上下文信息,其中,上下文信息为登录服务器根据登录请求生成的完整上下文信息中的子集。Optionally, the processor 51 may further execute the following program code: after the account is logged in to the client, the login request is initiated to the login server; the client receives the context information returned by the login server, where the context information is the login server according to the login request. A subset of the generated complete context information.

可选的,上述处理器51还可以执行如下步骤的程序代码:登录服务器接收登录请求,生成发起登录请求的账户的完整上下文信息,将完整上下文信息的其中一个子集返回给客户端;并将完整上下文信息发送给第一服务器和/或上下文信息服务器。Optionally, the processor 51 may further execute the following program code: the login server receives the login request, generates complete context information of the account that initiates the login request, and returns a subset of the complete context information to the client; The complete context information is sent to the first server and/or the context information server.

可选的,上述处理器51还可以执行如下步骤的程序代码:第一服务器接收账户发起的数据访问请求;第一服务器验证数据访问请求中是否携带账户的上下文信息,和/或对账户的上下文信息进行校验;第一服务器在确定数据访问请求中包含账户的上下文信息,和/或在账户的上下文信息校验通过的情况下,允许发送数据访问请求至第三方系统,使得第三方系统根据数据访问请求访问数据源。Optionally, the processor 51 may further execute the following program code: the first server receives an account initiated data access request; the first server verifies whether the data access request carries the context information of the account, and/or the context of the account The information is verified; the first server includes the context information of the account in determining the data access request, and/or allows the data access request to be sent to the third party system if the context information of the account is verified, so that the third party system A data access request accesses the data source.

可选的,上述处理器51还可以执行如下步骤的程序代码:第一服务器在确定数据访问请求中携带上下文信息之后,读取数据访问请求中携带的上下文信息;第一服务器将上下文信息与预存的完整上下文信息进行匹配,在匹配成功的情况下,确定账户的上下文信息为合法信息;第一服务器生成账户的合法访问标识信息,其中,合法访问标识信息用于表征发起数据访问请求的账户为合法账户。Optionally, the processor 51 may further execute the following program code: after determining that the data access request carries the context information, the first server reads the context information carried in the data access request; the first server stores the context information and the pre-stored The complete context information is matched, and if the matching is successful, the context information of the account is determined to be legal information; the first server generates legal access identification information of the account, wherein the legal access identification information is used to represent the account that initiates the data access request is Legal account.

可选的,上述处理器51还可以执行如下步骤的程序代码:第一服务器在确定数据访问请求中携带上下文信息之后,发送上下文信息至上下文信息服务器;第一服务器接收上下文信息服务器验证上下文信息的验证结果;在验证结果为账户的上下文信息为合法信息的情况下,第一服务器接收上下文信息服务器生成的账户的合法访问标识信息,其中,合法访问标识信息用于表征发起的数据访问请求的账户为合法账户;其中,上下文信息服务器将上下文信息与预存在本地的完整上下文信息进行匹配,在匹配成功的情况 下,验证结果为账户的上下文信息为合法信息。Optionally, the processor 51 may further execute the following program code: after determining that the data access request carries the context information, the first server sends the context information to the context information server; and the first server receives the context information server to verify the context information. The verification result; in the case that the verification result is that the context information of the account is legal information, the first server receives the legal access identification information of the account generated by the context information server, wherein the legal access identification information is used to represent the account of the initiated data access request. Is a legal account; wherein the context information server matches the context information with the pre-existing local complete context information, in case the match is successful Next, the verification result is that the context information of the account is legal information.

可选的,上述处理器51还可以执行如下步骤的程序代码:数据源服务器接收第三方系统转发的数据访问请求;数据源服务器访问第一服务器或上下文信息服务器,如果查询得到账户的合法访问标识信息,则确定合法账户发起的数据访问请求为安全访问请求;数据源服务器向第三方系统返回数据访问请求所要访问的数据。Optionally, the processor 51 may further execute the following program code: the data source server receives the data access request forwarded by the third-party system; the data source server accesses the first server or the context information server, and if the query obtains the legal access identifier of the account The information determines that the data access request initiated by the legitimate account is a secure access request; the data source server returns the data to be accessed by the data access request to the third party system.

可选的,上述处理器51还可以执行如下步骤的程序代码:数据源服务器验证上下文信息中是否包含账户的在线信息;当上下文信息中包含账户的在线信息时,数据源服务器执行向第三方系统返回数据访问请求所要访问的数据的步骤。Optionally, the processor 51 may further execute the following program code: the data source server verifies whether the context information of the account is included in the context information; and when the context information includes the online information of the account, the data source server executes to the third-party system. The step of returning the data to be accessed by the data access request.

可选的,上述处理器51还可以执行如下步骤的程序代码:数据源服务器根据安全隐私等级信息生成对应的第一访问数据,并将第一访问数据返回至第三方系统。Optionally, the processor 51 may further execute the following program code: the data source server generates the corresponding first access data according to the security privacy level information, and returns the first access data to the third-party system.

可选的,上述处理器51还可以执行如下步骤的程序代码:数据源服务器安全风险状态信息生成对应的第二访问数据,并将第二访问数据返回至第三方系统。Optionally, the processor 51 may further execute the following program code: the data source server security risk status information generates the corresponding second access data, and returns the second access data to the third-party system.

可选的,上述处理器51还可以执行如下步骤的程序代码:第一服务器在确定数据访问请求中没有包含账户的上下文信息,或在账户的上下文信息校验失败的情况下,第一服务器发送数据访问请求至第三方系统,或者第一服务器禁止发送数据访问请求至第三方系统,并发出报警信息。Optionally, the processor 51 may further execute the following program code: the first server does not include the context information of the account in determining the data access request, or the first server sends the context information verification failure of the account. The data access request is sent to the third party system, or the first server prohibits sending the data access request to the third party system and issues an alarm message.

采用本申请实施例,提供了一种用户数据的访问控制方案。采用第一服务器接收账户发起的数据访问请求,验证数据访问请求中是否携带账户的上下文信息,和/或对账户的上下文信息进行校验的方式,通过第一服务器在确定数据访问请求中包含账户的上下文信息,和/或在账户的上下文信息校验通过的情况下,允许发送数据访问请求至第三方系统,达到了使得第三方系统根据数据访问请求访问数据源的目的,从而实现了在第三方系统接收数据访问前就能够鉴别发送该数据访问请求的账户是否为合法账户的技术效果,进而解决了现有技术在用户使用第三方系统访问数据源的过程中,由于发起访问的账户的安全性差,导致数据源数据安全性差的技术问题。With the embodiment of the present application, an access control scheme for user data is provided. Receiving, by the first server, the data access request initiated by the account, verifying whether the data access request carries the context information of the account, and/or verifying the context information of the account, and including the account in determining the data access request by using the first server Context information, and/or in the case that the context information of the account is verified, the data access request is allowed to be sent to the third-party system, so that the third-party system accesses the data source according to the data access request, thereby achieving the Before the three-party system receives the data access, it can identify the technical effect of whether the account that sends the data access request is a legitimate account, thereby solving the problem of the prior art in the process of the user accessing the data source by using the third-party system. Poor performance, resulting in poor technical security of data source data.

本领域普通技术人员可以理解,图15所示的结构仅为示意,计算机终端也可以是智能手机(如Android手机、iOS手机等)、平板电脑、掌声电脑以及移动互联网设备(Mobile Internet Devices,MID)、PAD等终端设备。图15其并不对上述电子装置的结构造成限定。例如,计算机终端A还可包括比图15中所示更多或者更少的组件(如网络接口、显示装置等),或者具有与图15所示不同的配置。A person skilled in the art can understand that the structure shown in FIG. 15 is only for illustration, and the computer terminal can also be a smart phone (such as an Android mobile phone, an iOS mobile phone, etc.), a tablet computer, an applause computer, and a mobile Internet device (Mobile Internet Devices, MID). ), PAD and other terminal devices. Fig. 15 does not limit the structure of the above electronic device. For example, computer terminal A may also include more or fewer components (such as a network interface, display device, etc.) than shown in FIG. 15, or have a different configuration than that shown in FIG.

本领域普通技术人员可以理解上述实施例的各种方法中的全部或部分步骤是可以通 过程序来指令终端设备相关的硬件来完成,该程序可以存储于一计算机可读存储介质中,存储介质可以包括:闪存盘、只读存储器(Read-Only Memory,ROM)、随机存取器(Random Access Memory,RAM)、磁盘或光盘等。One of ordinary skill in the art will appreciate that all or part of the various steps of the above embodiments are accessible. The program is executed by instructing the terminal device-related hardware, and the program may be stored in a computer readable storage medium, and the storage medium may include: a flash disk, a read-only memory (ROM), a random access device ( Random Access Memory (RAM), disk or CD.

实施例十Example ten

本申请的实施例可以提供一种计算机终端,该计算机终端可以是计算机终端群中的任意一个计算机终端设备。可选地,在本实施例中,上述计算机终端也可以替换为移动终端等终端设备。Embodiments of the present application may provide a computer terminal, which may be any one of computer terminal groups. Optionally, in this embodiment, the foregoing computer terminal may also be replaced with a terminal device such as a mobile terminal.

可选地,在本实施例中,上述计算机终端可以位于计算机网络的多个网络设备中的至少一个网络设备。Optionally, in this embodiment, the computer terminal may be located in at least one network device of the plurality of network devices of the computer network.

在本实施例中,上述计算机终端可以执行应用程序的漏洞检测方法中以下步骤的程序代码:第三方系统接收第一服务器发送的数据访问请求,其中,数据访问请求为由账户发起的包含了账户的上下文信息的请求;第三方系统转发数据访问请求至数据源服务器;第三方系统接收数据源服务器返回的数据访问请求所要访问的数据,其中,当数据源服务器根据数据访问请求中包含的上下文信息,确定发起数据访问请求的账户为安全访问账户,且数据访问请求为安全访问请求时,允许第三方系统根据数据访问请求访问数据源。In this embodiment, the computer terminal may execute the program code of the following steps in the vulnerability detection method of the application: the third-party system receives the data access request sent by the first server, where the data access request is an account initiated by the account. a request for context information; the third party system forwards the data access request to the data source server; the third party system receives the data to be accessed by the data access request returned by the data source server, wherein the data source server receives the context information included in the data access request When the account that initiates the data access request is determined to be a secure access account, and the data access request is a secure access request, the third-party system is allowed to access the data source according to the data access request.

可选地,仍旧参照图15所提供的一种计算机终端的结构框图。如图15所示,该计算机终端A可以包括:一个或多个(图中仅示出一个)处理器51、存储器53、以及传输装置55。Optionally, still a structural block diagram of a computer terminal provided with reference to FIG. As shown in FIG. 15, the computer terminal A may include one or more (only one shown in the figure) processor 51, memory 53, and transmission device 55.

其中,存储器53可用于存储软件程序以及模块,如本申请实施例中的安全漏洞检测方法和装置对应的程序指令/模块,处理器51通过运行存储在存储器53内的软件程序以及模块,从而执行各种功能应用以及数据处理,即实现上述的系统漏洞攻击的检测方法。存储器53可包括高速随机存储器,还可以包括非易失性存储器,如一个或者多个磁性存储装置、闪存、或者其他非易失性固态存储器。在一些实例中,存储器53可进一步包括相对于处理器51远程设置的存储器,这些远程存储器可以通过网络连接至终端A。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。The memory 53 can be used to store software programs and modules, such as the security vulnerability detection method and the program instruction/module corresponding to the device in the embodiment of the present application, and the processor 51 executes by executing the software program and the module stored in the memory 53. Various functional applications and data processing, that is, detection methods for implementing the aforementioned system vulnerability attacks. Memory 53 may include high speed random access memory and may also include non-volatile memory such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory. In some examples, memory 53 may further include memory remotely located relative to processor 51, which may be connected to terminal A via a network. Examples of such networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.

上述的传输装置55用于经由一个网络接收或者发送数据。上述的网络具体实例可包括有线网络及无线网络。在一个实例中,传输装置55包括一个网络适配器(Network Interface Controller,NIC),其可通过网线与其他网络设备与路由器相连从而可与互联网或局域网进行通讯。在一个实例中,传输装置55为射频(Radio Frequency,RF)模块, 其用于通过无线方式与互联网进行通讯。The transmission device 55 described above is for receiving or transmitting data via a network. Specific examples of the above network may include a wired network and a wireless network. In one example, the transmission device 55 includes a Network Interface Controller (NIC) that can be connected to other network devices and routers via a network cable to communicate with the Internet or a local area network. In one example, the transmission device 55 is a radio frequency (RF) module. It is used to communicate wirelessly with the Internet.

其中,具体地,存储器53用于存储预设动作条件和预设权限用户的信息、以及应用程序。Specifically, the memory 53 is configured to store preset action conditions and information of the preset rights user, and an application.

处理器51可以通过传输装置调用存储器53存储的信息及应用程序,以执行下述步骤:第三方系统接收第一服务器发送的数据访问请求,其中,数据访问请求为由账户发起的包含了账户的上下文信息的请求;第三方系统转发数据访问请求至数据源服务器;第三方系统接收数据源服务器返回的数据访问请求所要访问的数据,其中,当数据源服务器根据数据访问请求中包含的上下文信息,确定发起数据访问请求的账户为安全访问账户,且数据访问请求为安全访问请求时,允许第三方系统根据数据访问请求访问数据源。The processor 51 can call the information and the application stored by the memory 53 through the transmission device to perform the following steps: the third party system receives the data access request sent by the first server, wherein the data access request is an account initiated by the account. a request for context information; the third party system forwards the data access request to the data source server; the third party system receives the data to be accessed by the data access request returned by the data source server, wherein, when the data source server according to the context information included in the data access request, When the account that initiates the data access request is determined to be a secure access account, and the data access request is a secure access request, the third party system is allowed to access the data source according to the data access request.

可选的,上述处理器51还可以执行如下步骤的程序代码:在第一服务器确定数据访问请求中携带账户的上下文信息,且账户的上下文信息为合法信息的情况下,生成账户的合法访问标识信息,其中,合法访问标识信息用于表征发起的数据访问请求的账户为合法账户。Optionally, the processor 51 may further execute the following program code: when the first server determines that the data access request carries the context information of the account, and the context information of the account is legal information, the legal access identifier of the account is generated. Information, wherein the legal access identification information is used to represent the account of the initiated data access request as a legitimate account.

可选的,上述处理器51还可以执行如下步骤的程序代码:第一服务器验证数据访问请求中是否携带账户的上下文信息,和/或对账户的上下文信息进行校验;第一服务器在确定数据访问请求中包含账户的上下文信息,和/或在账户的上下文信息校验通过的情况下,允许发送数据访问请求至第三方系统,使得第三方系统根据数据访问请求访问数据源;第一服务器在确定数据访问请求中没有包含账户的上下文信息,和/或在账户的上下文信息校验失败的情况下,第一服务器仍旧发送数据访问请求至第三方系统,或者第一服务器禁止发送数据访问请求至第三方系统,并发出报警信息。Optionally, the processor 51 may further execute the following program code: the first server verifies whether the data access request carries the context information of the account, and/or checks the context information of the account; the first server determines the data. The access request includes context information of the account, and/or if the context information of the account is verified, the data access request is allowed to be sent to the third-party system, so that the third-party system accesses the data source according to the data access request; the first server is Determining that the data access request does not include context information of the account, and/or in the case that the context information verification of the account fails, the first server still sends the data access request to the third party system, or the first server prohibits sending the data access request to Third-party system and issue an alarm message.

可选的,上述处理器51还可以执行如下步骤的程序代码:数据源服务器接收第三方系统转发的数据访问请求;数据源服务器读取数据访问请求中携带的上下文信息;在数据源服务器验证上下文信息为合法信息时,确定发起数据访问请求的账户为安全访问账户,且在查询得到账户具有合法访问标识信息时,确定数据访问请求为安全访问请求。Optionally, the processor 51 may further execute the following steps: the data source server receives the data access request forwarded by the third-party system; the data source server reads the context information carried in the data access request; and the data source server verifies the context. When the information is legal information, the account that initiates the data access request is determined to be a secure access account, and when the query obtains the account with the legal access identifier information, the data access request is determined to be a secure access request.

可选的,上述处理器51还可以执行如下步骤的程序代码:第一服务器将接收到的数据访问请求转发至第三方系统,其中,向第一服务器发送数据访问请求的具体实施步骤包括:账户登录客户端之后,向登录服务器发起登录请求;客户端接收登录服务器返回的上下文信息,其中,上下文信息为登录服务器根据登录请求生成的完整上下文信息中的子集;客户端获取账户的上下文信息;客户端发送账户触发的数据访问请求至第一服 务器,其中,数据访问请求至少包括上下文信息。Optionally, the processor 51 may further execute the following program code: the first server forwards the received data access request to the third-party system, where the specific implementation step of sending the data access request to the first server includes: After logging in to the client, the login request is initiated to the login server; the client receives the context information returned by the login server, where the context information is a subset of the complete context information generated by the login server according to the login request; the client obtains the context information of the account; The client sends an account-triggered data access request to the first service. Server, wherein the data access request includes at least context information.

采用本申请实施例,提供了一种用户数据的访问控制方案。采用第一服务器接收账户发起的数据访问请求,验证数据访问请求中是否携带账户的上下文信息,和/或对账户的上下文信息进行校验的方式,通过第一服务器在确定数据访问请求中包含账户的上下文信息,和/或在账户的上下文信息校验通过的情况下,允许发送数据访问请求至第三方系统,达到了使得第三方系统根据数据访问请求访问数据源的目的,从而实现了在第三方系统接收数据访问前就能够鉴别发送该数据访问请求的账户是否为合法账户的技术效果,进而解决了现有技术在用户使用第三方系统访问数据源的过程中,由于发起访问的账户的安全性差,导致数据源数据安全性差的技术问题。With the embodiment of the present application, an access control scheme for user data is provided. Receiving, by the first server, the data access request initiated by the account, verifying whether the data access request carries the context information of the account, and/or verifying the context information of the account, and including the account in determining the data access request by using the first server Context information, and/or in the case that the context information of the account is verified, the data access request is allowed to be sent to the third-party system, so that the third-party system accesses the data source according to the data access request, thereby achieving the Before the three-party system receives the data access, it can identify the technical effect of whether the account that sends the data access request is a legitimate account, thereby solving the problem of the prior art in the process of the user accessing the data source by using the third-party system. Poor performance, resulting in poor technical security of data source data.

本领域普通技术人员可以理解,图15所示的结构仅为示意,计算机终端也可以是智能手机(如Android手机、iOS手机等)、平板电脑、掌声电脑以及移动互联网设备(Mobile Internet Devices,MID)、PAD等终端设备。图15其并不对上述电子装置的结构造成限定。例如,计算机终端15还可包括比图15中所示更多或者更少的组件(如网络接口、显示装置等),或者具有与图15所示不同的配置。A person skilled in the art can understand that the structure shown in FIG. 15 is only for illustration, and the computer terminal can also be a smart phone (such as an Android mobile phone, an iOS mobile phone, etc.), a tablet computer, an applause computer, and a mobile Internet device (Mobile Internet Devices, MID). ), PAD and other terminal devices. Fig. 15 does not limit the structure of the above electronic device. For example, computer terminal 15 may also include more or fewer components (such as a network interface, display device, etc.) than shown in FIG. 15, or have a different configuration than that shown in FIG.

本领域普通技术人员可以理解上述实施例的各种方法中的全部或部分步骤是可以通过程序来指令终端设备相关的硬件来完成,该程序可以存储于一计算机可读存储介质中,存储介质可以包括:闪存盘、只读存储器(Read-Only Memory,ROM)、随机存取器(Random Access Memory,RAM)、磁盘或光盘等。A person of ordinary skill in the art may understand that all or part of the steps of the foregoing embodiments may be completed by a program to instruct terminal device related hardware, and the program may be stored in a computer readable storage medium, and the storage medium may be Including: flash disk, read-only memory (ROM), random access memory (RAM), disk or optical disk.

实施例十一Embodiment 11

本申请的实施例还提供了一种存储介质。可选地,在本实施例中,上述存储介质可以用于保存上述实施例一所提供的用户数据的访问控制方法所执行的程序代码。Embodiments of the present application also provide a storage medium. Optionally, in this embodiment, the foregoing storage medium may be used to save the program code executed by the access control method of the user data provided in the first embodiment.

可选地,在本实施例中,上述存储介质可以位于计算机网络中计算机终端群中的任意一个计算机终端中,或者位于移动终端群中的任意一个移动终端中。Optionally, in this embodiment, the foregoing storage medium may be located in any one of the computer terminal groups in the computer network, or in any one of the mobile terminal groups.

可选地,在本实施例中,存储介质被设置为存储用于执行以下步骤的程序代码:第一服务器接收账户发起的数据访问请求;所述第一服务器验证所述数据访问请求中是否携带所述账户的上下文信息,和/或对所述账户的上下文信息进行校验;所述第一服务器在确定所述数据访问请求中包含所述账户的上下文信息,和/或在所述账户的上下文信息校验通过的情况下,允许发送所述数据访问请求至第三方系统,使得所述第三方系统根据所述数据访问请求访问数据源。Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: the first server receives an account initiated data access request; the first server verifies whether the data access request is carried Context information of the account, and/or verification of context information of the account; the first server includes context information of the account in determining the data access request, and/or in the account In the case where the context information is verified, the data access request is allowed to be sent to the third party system, so that the third party system accesses the data source according to the data access request.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:所述账户登录客 户端之后,向登录服务器发起登录请求;所述客户端接收所述登录服务器返回的所述上下文信息,其中,所述上下文信息为所述登录服务器根据所述登录请求生成的完整上下文信息中的子集;所述客户端发送携带有所述上下文信息的所述数据访问请求至所述第一服务器。Optionally, the storage medium is further configured to store program code for performing the following steps: the account login guest After the client sends a login request to the login server, the client receives the context information returned by the login server, where the context information is in the complete context information generated by the login server according to the login request. a subset; the client sends the data access request carrying the context information to the first server.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:所述第一服务器在确定所述数据访问请求中携带所述上下文信息之后,读取所述数据访问请求中携带的所述上下文信息;所述第一服务器将所述上下文信息与预存的所述完整上下文信息进行匹配,在匹配成功的情况下,确定所述账户的上下文信息为合法信息;所述第一服务器生成所述账户的合法访问标识信息,其中,所述合法访问标识信息用于表征发起所述数据访问请求的所述账户为合法账户。Optionally, the storage medium is further configured to store program code for performing the following steps: after the first server carries the context information in the determining the data access request, reading the data access request Context information: the first server matches the context information with the pre-stored complete context information, and if the matching is successful, determining that the context information of the account is legal information; the first server generates The legal access identifier information of the account, wherein the legal access identifier information is used to represent that the account that initiates the data access request is a legal account.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:所述第一服务器在确定所述数据访问请求中携带所述上下文信息之后,发送所述上下文信息至上下文信息服务器;所述第一服务器接收所述上下文信息服务器验证所述上下文信息的验证结果;在所述验证结果为所述账户的上下文信息为合法信息的情况下,所述第一服务器接收所述上下文信息服务器生成的所述账户的合法访问标识信息,其中,所述合法访问标识信息用于表征发起的所述数据访问请求的所述账户为合法账户;其中,所述上下文信息服务器将所述上下文信息与预存在本地的所述完整上下文信息进行匹配,在匹配成功的情况下,所述验证结果为所述账户的上下文信息为所述合法信息。Optionally, the storage medium is further configured to store program code for performing the following steps: after determining that the context information is carried in the data access request, the first server sends the context information to a context information server; Receiving, by the first server, the verification result of the context information by the context information server; if the verification result is that the context information of the account is legal information, the first server receives the context information server Generating the legal access identifier information of the account, wherein the legal access identifier information is used to represent the account of the initiated data access request as a legal account; wherein the context information server compares the context information with The local context information is pre-existing for matching. If the matching is successful, the verification result is that the context information of the account is the legal information.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:数据源服务器接收所述第三方系统转发的所述数据访问请求;所述数据源服务器访问所述第一服务器或所述上下文信息服务器,如果查询得到所述账户的所述合法访问标识信息,则确定所述合法账户发起的所述数据访问请求为安全访问请求;所述数据源服务器向所述第三方系统返回所述数据访问请求所要访问的数据。Optionally, the storage medium is further configured to store program code for performing: the data source server receiving the data access request forwarded by the third party system; the data source server accessing the first server or Determining, by the context information server, the legal access identifier information of the account, determining that the data access request initiated by the legal account is a secure access request; and the data source server returns to the third-party system The data to be accessed by the data access request.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:所述数据源服务器验证所述上下文信息中是否包含所述账户的在线信息;当所述上下文信息中包含所述账户的在线信息时,所述数据源服务器执行向所述第三方系统返回所述数据访问请求所要访问的数据的步骤。Optionally, the storage medium is further configured to store program code for performing: the data source server verifying whether the context information includes online information of the account; when the context information includes the account The online source server performs the step of returning data to be accessed by the data access request to the third party system.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:所述数据源服务器根据所述安全隐私等级信息生成对应的第一访问数据,并将所述第一访问数据返回至所述第三方系统。 Optionally, the storage medium is further configured to store program code for: generating, by the data source server, corresponding first access data according to the security privacy level information, and returning the first access data to The third party system.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:所述数据源服务器所述安全风险状态信息生成对应的第二访问数据,并将所述第二访问数据返回至所述第三方系统。Optionally, the storage medium is further configured to store program code for performing the following steps: the data source server generates the corresponding second access data by the security risk status information, and returns the second access data to the A third-party system.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:所述第一服务器在确定所述数据访问请求中没有包含所述账户的上下文信息,或在所述账户的上下文信息校验失败的情况下,所述第一服务器发送所述数据访问请求至所述第三方系统,或者所述第一服务器禁止发送所述数据访问请求至所述第三方系统,并发出报警信息。Optionally, the storage medium is further configured to store program code for performing: the first server does not include context information of the account in determining the data access request, or context information of the account If the verification fails, the first server sends the data access request to the third-party system, or the first server prohibits sending the data access request to the third-party system, and sends an alarm message.

此处需要说明的是,上述计算机终端群中的任意一个可以与网站服务器和扫描器建立通信关系,扫描器可以扫描计算机终端上php执行的web应用程序的值命令。It should be noted here that any one of the above computer terminal groups can establish a communication relationship with the website server and the scanner, and the scanner can scan the value command of the web application executed by php on the computer terminal.

实施例十二Example twelve

本申请的实施例还提供了一种存储介质。可选地,在本实施例中,上述存储介质可以用于保存上述实施例二所提供的用户数据的访问控制方法所执行的程序代码。Embodiments of the present application also provide a storage medium. Optionally, in this embodiment, the foregoing storage medium may be used to save the program code executed by the access control method of the user data provided in the second embodiment.

可选地,在本实施例中,上述存储介质可以位于计算机网络中计算机终端群中的任意一个计算机终端中,或者位于移动终端群中的任意一个移动终端中。Optionally, in this embodiment, the foregoing storage medium may be located in any one of the computer terminal groups in the computer network, or in any one of the mobile terminal groups.

可选地,在本实施例中,存储介质被设置为存储用于执行以下步骤的程序代码:客户端获取账户的上下文信息;客户端发送账户触发的数据访问请求至第一服务器,其中,数据访问请求至少包括上下文信息;客户端接收第一服务器根据数据访问请求获取到的访问数据;其中,在第一服务器确定数据访问请求中包含账户的上下文信息,和/或在账户的上下文信息校验通过的情况下,允许发送数据访问请求至第三方系统,使得第三方系统根据数据访问请求访问数据源。Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: the client obtains context information of the account; the client sends an account-triggered data access request to the first server, where the data The access request includes at least context information; the client receives the access data acquired by the first server according to the data access request; wherein the first server determines that the data access request includes context information of the account, and/or checks the context information of the account. In the case of passing, the data access request is allowed to be sent to the third party system, so that the third party system accesses the data source according to the data access request.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:账户登录客户端之后,向登录服务器发起登录请求;客户端接收登录服务器返回的上下文信息,其中,上下文信息为登录服务器根据登录请求生成的完整上下文信息中的子集。Optionally, the storage medium is further configured to store program code for performing the following steps: after the account is logged in to the client, the login request is initiated to the login server; the client receives the context information returned by the login server, where the context information is the login server A subset of the complete context information generated from the login request.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:登录服务器接收登录请求,生成发起登录请求的账户的完整上下文信息,将完整上下文信息的其中一个子集返回给客户端;并将完整上下文信息发送给第一服务器和/或上下文信息服务器。Optionally, the storage medium is further configured to store program code for performing the steps of: the login server receiving the login request, generating complete context information of the account initiating the login request, and returning a subset of the complete context information to the client And send the complete context information to the first server and/or the context information server.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:第一服务器接收账户发起的数据访问请求;第一服务器验证数据访问请求中是否携带账户的上下文信息,和/或对账户的上下文信息进行校验;第一服务器在确定数据访问请求中包含账户的上下文信息,和/或在账户的上下文信息校验通过的情况下,允许发送数据访问请求至第三方 系统,使得第三方系统根据数据访问请求访问数据源。Optionally, the storage medium is further configured to store program code for performing the following steps: the first server receives an account initiated data access request; the first server verifies whether the data access request carries context information of the account, and/or The context information of the account is verified; the first server includes the context information of the account in determining the data access request, and/or allows the data access request to be sent to the third party if the context information of the account is verified. The system enables third-party systems to access data sources based on data access requests.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:第一服务器在确定数据访问请求中携带上下文信息之后,读取数据访问请求中携带的上下文信息;第一服务器将上下文信息与预存的完整上下文信息进行匹配,在匹配成功的情况下,确定账户的上下文信息为合法信息;第一服务器生成账户的合法访问标识信息,其中,合法访问标识信息用于表征发起数据访问请求的账户为合法账户。Optionally, the storage medium is further configured to store program code for performing the following steps: after determining that the data access request carries the context information, the first server reads the context information carried in the data access request; the first server sets the context The information is matched with the pre-stored complete context information. If the matching is successful, the context information of the account is determined to be legal information; the first server generates legal access identification information of the account, wherein the legal access identification information is used to represent the originating data access request. The account is a legal account.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:第一服务器在确定数据访问请求中携带上下文信息之后,发送上下文信息至上下文信息服务器;第一服务器接收上下文信息服务器验证上下文信息的验证结果;在验证结果为账户的上下文信息为合法信息的情况下,第一服务器接收上下文信息服务器生成的账户的合法访问标识信息,其中,合法访问标识信息用于表征发起的数据访问请求的账户为合法账户;其中,上下文信息服务器将上下文信息与预存在本地的完整上下文信息进行匹配,在匹配成功的情况下,验证结果为账户的上下文信息为合法信息。Optionally, the storage medium is further configured to store program code for performing the following steps: the first server sends the context information to the context information server after determining that the data access request carries the context information; the first server receives the context information server verification The verification result of the context information; in the case that the verification result is that the context information of the account is legal information, the first server receives the legal access identification information of the account generated by the context information server, wherein the legal access identification information is used to represent the initiated data access. The requested account is a legal account; wherein the context information server matches the context information with the pre-existing local complete context information. If the matching is successful, the verification result is that the context information of the account is legal information.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:数据源服务器接收第三方系统转发的数据访问请求;数据源服务器访问第一服务器或上下文信息服务器,如果查询得到账户的合法访问标识信息,则确定合法账户发起的数据访问请求为安全访问请求;数据源服务器向第三方系统返回数据访问请求所要访问的数据。Optionally, the storage medium is further configured to store program code for performing the following steps: the data source server receives the data access request forwarded by the third party system; the data source server accesses the first server or the context information server, if the query obtains the account If the identification information is legally accessed, it is determined that the data access request initiated by the legal account is a secure access request; and the data source server returns the data to be accessed by the data access request to the third-party system.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:数据源服务器验证上下文信息中是否包含账户的在线信息;当上下文信息中包含账户的在线信息时,数据源服务器执行向第三方系统返回数据访问请求所要访问的数据的步骤。Optionally, the storage medium is further configured to store program code for performing the following steps: the data source server verifies whether the context information of the account is included in the context information; and when the context information includes the online information of the account, the data source server performs the The step in which the third-party system returns the data to be accessed by the data access request.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:数据源服务器根据安全隐私等级信息生成对应的第一访问数据,并将第一访问数据返回至第三方系统。Optionally, the storage medium is further configured to store program code for performing the step of: the data source server generating the corresponding first access data based on the security privacy level information and returning the first access data to the third party system.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:数据源服务器安全风险状态信息生成对应的第二访问数据,并将第二访问数据返回至第三方系统。Optionally, the storage medium is further configured to store program code for performing the steps of: the data source server security risk status information generating the corresponding second access data and returning the second access data to the third party system.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:第一服务器在确定数据访问请求中没有包含账户的上下文信息,或在账户的上下文信息校验失败的情况下,第一服务器发送数据访问请求至第三方系统,或者第一服务器禁止发送数据访问请求至第三方系统,并发出报警信息。Optionally, the storage medium is further configured to store program code for performing the following steps: the first server does not include context information of the account in determining the data access request, or in the case that the context information verification of the account fails, A server sends a data access request to a third party system, or the first server prohibits sending a data access request to a third party system and issues an alarm message.

此处需要说明的是,上述计算机终端群中的任意一个可以与网站服务器和扫描器建立通信关系,扫描器可以扫描计算机终端上php执行的web应用程序的值命令。 It should be noted here that any one of the above computer terminal groups can establish a communication relationship with the website server and the scanner, and the scanner can scan the value command of the web application executed by php on the computer terminal.

实施例十三Example thirteen

本申请的实施例还提供了一种存储介质。可选地,在本实施例中,上述存储介质可以用于保存上述实施例三所提供的用户数据的访问控制方法所执行的程序代码。Embodiments of the present application also provide a storage medium. Optionally, in this embodiment, the foregoing storage medium may be used to save the program code executed by the access control method of the user data provided in Embodiment 3 above.

可选地,在本实施例中,上述存储介质可以位于计算机网络中计算机终端群中的任意一个计算机终端中,或者位于移动终端群中的任意一个移动终端中。Optionally, in this embodiment, the foregoing storage medium may be located in any one of the computer terminal groups in the computer network, or in any one of the mobile terminal groups.

可选地,在本实施例中,存储介质被设置为存储用于执行以下步骤的程序代码:第三方系统接收第一服务器发送的数据访问请求,其中,数据访问请求为由账户发起的包含了账户的上下文信息的请求;第三方系统转发数据访问请求至数据源服务器;第三方系统接收数据源服务器返回的数据访问请求所要访问的数据,其中,当数据源服务器根据数据访问请求中包含的上下文信息,确定发起数据访问请求的账户为安全访问账户,且数据访问请求为安全访问请求时,允许第三方系统根据数据访问请求访问数据源。Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: the third party system receives the data access request sent by the first server, wherein the data access request is initiated by the account. a request for context information of the account; the third party system forwards the data access request to the data source server; the third party system receives data to be accessed by the data access request returned by the data source server, wherein the data source server according to the context included in the data access request The information is determined to be a secure access account when the data access request is initiated, and the third party system is allowed to access the data source according to the data access request when the data access request is a secure access request.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:在第一服务器确定数据访问请求中携带账户的上下文信息,且账户的上下文信息为合法信息的情况下,生成账户的合法访问标识信息,其中,合法访问标识信息用于表征发起的数据访问请求的账户为合法账户。Optionally, the storage medium is further configured to store program code for performing the following steps: in case the first server determines that the data access request carries the context information of the account, and the context information of the account is legal information, the account is generated The legal access identification information, wherein the legal access identification information is used to represent the account of the initiated data access request as a legitimate account.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:第一服务器验证数据访问请求中是否携带账户的上下文信息,和/或对账户的上下文信息进行校验;第一服务器在确定数据访问请求中包含账户的上下文信息,和/或在账户的上下文信息校验通过的情况下,允许发送数据访问请求至第三方系统,使得第三方系统根据数据访问请求访问数据源;第一服务器在确定数据访问请求中没有包含账户的上下文信息,和/或在账户的上下文信息校验失败的情况下,第一服务器仍旧发送数据访问请求至第三方系统,或者第一服务器禁止发送数据访问请求至第三方系统,并发出报警信息。Optionally, the storage medium is further configured to store program code for performing the following steps: the first server verifies whether the data access request carries context information of the account, and/or verifies the context information of the account; the first server Include context information of the account in determining the data access request, and/or, if the context information of the account is verified, allowing the data access request to be sent to the third party system, so that the third party system accesses the data source according to the data access request; The server does not include the context information of the account in determining the data access request, and/or the first server still sends the data access request to the third party system if the context information verification of the account fails, or the first server prohibits sending the data. Access requests to third-party systems and issue alert messages.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:数据源服务器接收第三方系统转发的数据访问请求;数据源服务器读取数据访问请求中携带的上下文信息;在数据源服务器验证上下文信息为合法信息时,确定发起数据访问请求的账户为安全访问账户,且在查询得到账户具有合法访问标识信息时,确定数据访问请求为安全访问请求。Optionally, the storage medium is further configured to store program code for performing the following steps: the data source server receives the data access request forwarded by the third party system; the data source server reads the context information carried in the data access request; When the server verifies that the context information is legal information, it determines that the account that initiated the data access request is a secure access account, and determines that the data access request is a secure access request when the query obtains the account with the legal access identifier information.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:第一服务器将接收到的数据访问请求转发至第三方系统,其中,向第一服务器发送数据访问请求的具体实施步骤包括:账户登录客户端之后,向登录服务器发起登录请求;客户端接收登录服 务器返回的上下文信息,其中,上下文信息为登录服务器根据登录请求生成的完整上下文信息中的子集;客户端获取账户的上下文信息;客户端发送账户触发的数据访问请求至第一服务器,其中,数据访问请求至少包括上下文信息。Optionally, the storage medium is further configured to store program code for performing the following steps: the first server forwards the received data access request to the third party system, wherein the specific implementation step of sending the data access request to the first server Including: after the account is logged in to the client, a login request is initiated to the login server; the client receives the login service The context information returned by the server, wherein the context information is a subset of the complete context information generated by the login server according to the login request; the client obtains the context information of the account; and the client sends the data access request triggered by the account to the first server, wherein The data access request includes at least context information.

上述本申请实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the embodiments of the present application are merely for the description, and do not represent the advantages and disadvantages of the embodiments.

在本申请的上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其他实施例的相关描述。In the above-mentioned embodiments of the present application, the descriptions of the various embodiments are different, and the parts that are not detailed in a certain embodiment can be referred to the related descriptions of other embodiments.

在本申请所提供的几个实施例中,应该理解到,所揭露的客户端,可通过其它的方式实现。其中,以上所描述的装置实施例仅仅是示意性的,例如所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,单元或模块的间接耦合或通信连接,可以是电性或其它的形式。In the several embodiments provided by the present application, it should be understood that the disclosed client may be implemented in other manners. The device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner. For example, multiple units or components may be combined or may be Integrate into another system, or some features can be ignored or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, unit or module, and may be electrical or otherwise.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.

另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.

所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可为个人计算机、服务器或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。The integrated unit, if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application, in essence or the contribution to the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium. A number of instructions are included to cause a computer device (which may be a personal computer, server or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present application. The foregoing storage medium includes: a U disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk, and the like. .

以上所述仅是本申请的优选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本申请原理的前提下,还可以做出若干改进和润饰,这些改进和润饰也应视为本申请的保护范围。 The above description is only a preferred embodiment of the present application, and it should be noted that those skilled in the art can also make several improvements and retouchings without departing from the principles of the present application. It should be considered as the scope of protection of this application.

Claims (23)

一种用户数据的访问控制方法,其特征在于,包括:An access control method for user data, comprising: 第一服务器接收账户发起的数据访问请求;The first server receives an account initiated data access request; 所述第一服务器验证所述数据访问请求中是否携带所述账户的上下文信息,和/或对所述账户的上下文信息进行校验;Determining, by the first server, whether the data access request carries context information of the account, and/or verifying context information of the account; 所述第一服务器在确定所述数据访问请求中包含所述账户的上下文信息,和/或在所述账户的上下文信息校验通过的情况下,允许发送所述数据访问请求至第三方系统,使得所述第三方系统根据所述数据访问请求访问数据源。The first server includes context information of the account in determining the data access request, and/or, if the context information of the account is verified, allowing the data access request to be sent to a third-party system, The third party system is caused to access the data source according to the data access request. 根据权利要求1所述的方法,其特征在于,在第一服务器接收账户发起的数据访问请求之前,所述方法还包括:The method of claim 1, wherein before the first server receives the account initiated data access request, the method further comprises: 所述账户登录客户端之后,向登录服务器发起登录请求;After logging in to the client, the account initiates a login request to the login server; 所述客户端接收所述登录服务器返回的所述上下文信息,其中,所述上下文信息为所述登录服务器根据所述登录请求生成的完整上下文信息中的子集;The client receives the context information returned by the login server, where the context information is a subset of the complete context information generated by the login server according to the login request; 所述客户端发送携带有所述上下文信息的所述数据访问请求至所述第一服务器。The client sends the data access request carrying the context information to the first server. 根据权利要求2所述的方法,其特征在于,对所述账户的上下文信息进行校验,包括:The method according to claim 2, wherein verifying the context information of the account comprises: 所述第一服务器在确定所述数据访问请求中携带所述上下文信息之后,读取所述数据访问请求中携带的所述上下文信息;After the first server carries the context information, the first server reads the context information carried in the data access request; 所述第一服务器将所述上下文信息与预存的所述完整上下文信息进行匹配,在匹配成功的情况下,确定所述账户的上下文信息为合法信息;The first server matches the context information with the pre-stored complete context information, and if the matching is successful, determining that the context information of the account is legal information; 所述第一服务器生成所述账户的合法访问标识信息,其中,所述合法访问标识信息用于表征发起所述数据访问请求的所述账户为合法账户。The first server generates legal access identifier information of the account, where the legal access identifier information is used to represent that the account that initiates the data access request is a legal account. 根据权利要求2所述的方法,其特征在于,对所述账户的上下文信息进行校验,包括:The method according to claim 2, wherein verifying the context information of the account comprises: 所述第一服务器在确定所述数据访问请求中携带所述上下文信息之后,发送所述上下文信息至上下文信息服务器;After the first server carries the context information in the data access request, the first server sends the context information to the context information server; 所述第一服务器接收所述上下文信息服务器验证所述上下文信息的验证结果;Receiving, by the first server, the verification result of the context information server to verify the context information; 在所述验证结果为所述账户的上下文信息为合法信息的情况下,所述第一服务器接收所述上下文信息服务器生成的所述账户的合法访问标识信息,其中,所述合法访问标识信息用于表征发起的所述数据访问请求的所述账户为合法账户; When the verification result is that the context information of the account is legal information, the first server receives the legal access identifier information of the account generated by the context information server, where the legal access identifier information is used. The account for characterizing the initiated data access request is a legitimate account; 其中,所述上下文信息服务器将所述上下文信息与预存在本地的所述完整上下文信息进行匹配,在匹配成功的情况下,所述验证结果为所述账户的上下文信息为所述合法信息。The context information server matches the context information with the complete context information pre-existing locally. If the matching is successful, the verification result is that the context information of the account is the legal information. 根据权利要求3或4所述的方法,其特征在于,在允许发送所述数据访问请求至第三方系统之后,所述方法还包括:The method according to claim 3 or 4, wherein after the data access request is allowed to be sent to the third party system, the method further comprises: 数据源服务器接收所述第三方系统转发的所述数据访问请求;Receiving, by the data source server, the data access request forwarded by the third-party system; 所述数据源服务器访问所述第一服务器或所述上下文信息服务器,如果查询得到所述账户的所述合法访问标识信息,则确定所述合法账户发起的所述数据访问请求为安全访问请求;The data source server accesses the first server or the context information server, and if the query obtains the legal access identifier information of the account, determining that the data access request initiated by the legal account is a secure access request; 所述数据源服务器向所述第三方系统返回所述数据访问请求所要访问的数据。The data source server returns data to be accessed by the data access request to the third party system. 根据权利要求5所述的方法,其特征在于,在确定发起所述数据访问请求的所述账户为安全访问账户之后,所述方法还包括:The method according to claim 5, wherein after determining that the account initiating the data access request is a secure access account, the method further comprises: 所述数据源服务器验证所述上下文信息中是否包含所述账户的在线信息;The data source server verifies whether the online information of the account is included in the context information; 当所述上下文信息中包含所述账户的在线信息时,所述数据源服务器执行向所述第三方系统返回所述数据访问请求所要访问的数据的步骤。When the context information includes online information of the account, the data source server performs the step of returning data to be accessed by the data access request to the third party system. 根据权利要求5所述的方法,其特征在于,当所述上下文信息中还包括所述账户的安全隐私等级信息时,所述数据源服务器向所述第三方系统返回所述数据访问请求所要访问的数据的步骤包括:所述数据源服务器根据所述安全隐私等级信息生成对应的第一访问数据,并将所述第一访问数据返回至所述第三方系统。The method according to claim 5, wherein when the context information further includes security privacy level information of the account, the data source server returns to the third party system that the data access request is to be accessed. The step of data includes: the data source server generating corresponding first access data according to the security privacy level information, and returning the first access data to the third party system. 根据权利要求5所述的方法,其特征在于,当所述上下文信息中还包括所述账户的安全风险状态信息时,所述数据源服务器向所述第三方系统返回所述数据访问请求所要访问的数据的步骤包括:所述数据源服务器所述安全风险状态信息生成对应的第二访问数据,并将所述第二访问数据返回至所述第三方系统。The method according to claim 5, wherein when the context information further includes security risk status information of the account, the data source server returns to the third-party system that the data access request is to be accessed. The step of data includes: the security risk status information of the data source server generates corresponding second access data, and returns the second access data to the third party system. 根据权利要求1所述的方法,其特征在于,所述第一服务器在确定所述数据访问请求中没有包含所述账户的上下文信息,或在所述账户的上下文信息校验失败的情况下,所述第一服务器发送所述数据访问请求至所述第三方系统,或者所述第一服务器禁止发送所述数据访问请求至所述第三方系统,并发出报警信息。The method according to claim 1, wherein the first server does not include context information of the account in determining the data access request, or if the context information verification of the account fails, The first server sends the data access request to the third party system, or the first server prohibits sending the data access request to the third party system, and sends an alarm message. 一种用户数据的访问控制方法,其特征在于,包括:An access control method for user data, comprising: 客户端获取账户的上下文信息;The client obtains context information of the account; 所述客户端发送所述账户触发的数据访问请求至第一服务器,其中,所述数据访问 请求至少包括所述上下文信息;Sending, by the client, the data access request triggered by the account to a first server, where the data access The request includes at least the context information; 所述客户端接收所述第一服务器根据所述数据访问请求获取到的访问数据;Receiving, by the client, access data acquired by the first server according to the data access request; 其中,在所述第一服务器确定所述数据访问请求中包含所述账户的上下文信息,和/或在所述账户的上下文信息校验通过的情况下,允许发送所述数据访问请求至第三方系统,使得所述第三方系统根据所述数据访问请求访问数据源。Wherein the first server determines that the data access request includes context information of the account, and/or allows the data access request to be sent to a third party if the context information of the account is verified to pass The system causes the third party system to access the data source in accordance with the data access request. 根据权利要求10所述的方法,其特征在于,客户端获取登录账户的上下文信息,包括:The method according to claim 10, wherein the client obtains context information of the login account, including: 所述账户登录所述客户端之后,向登录服务器发起登录请求;After logging in to the client, the account initiates a login request to the login server; 所述客户端接收所述登录服务器返回的所述上下文信息,其中,所述上下文信息为所述登录服务器根据所述登录请求生成的完整上下文信息中的子集。The client receives the context information returned by the login server, wherein the context information is a subset of the complete context information generated by the login server according to the login request. 一种用户数据的访问控制方法,其特征在于,包括:An access control method for user data, comprising: 第三方系统接收第一服务器发送的数据访问请求,其中,所述数据访问请求为由账户发起的包含了所述账户的上下文信息的请求;Receiving, by the third party system, a data access request sent by the first server, where the data access request is a request initiated by the account that includes context information of the account; 所述第三方系统转发所述数据访问请求至数据源服务器;Transmitting, by the third party system, the data access request to a data source server; 所述第三方系统接收所述数据源服务器返回的所述数据访问请求所要访问的数据,Receiving, by the third party system, data to be accessed by the data access request returned by the data source server, 其中,当所述数据源服务器根据所述数据访问请求中包含的所述上下文信息,确定发起所述数据访问请求的所述账户为安全访问账户,且所述数据访问请求为安全访问请求时,允许所述第三方系统根据所述数据访问请求访问数据源。When the data source server determines, according to the context information included in the data access request, that the account that initiates the data access request is a secure access account, and the data access request is a secure access request, The third party system is allowed to access the data source in accordance with the data access request. 根据权利要求12所述的方法,其特征在于,在第三方系统接收第一服务器发送的数据访问请求之前,所述方法还包括:The method according to claim 12, wherein before the third-party system receives the data access request sent by the first server, the method further includes: 在所述第一服务器确定所述数据访问请求中携带所述账户的上下文信息,且所述账户的上下文信息为合法信息的情况下,生成所述账户的合法访问标识信息,其中,所述合法访问标识信息用于表征发起的所述数据访问请求的所述账户为合法账户。And when the first server determines that the data access request carries the context information of the account, and the context information of the account is legal information, generating legal access identifier information of the account, where the legal The access identification information is used to characterize the account of the initiated data access request as a legitimate account. 根据权利要求13所述的方法,其特征在于,所述数据源服务器根据所述数据访问请求中包含的所述上下文信息,确定发起所述数据访问请求的所述账户为安全访问账户,且所述数据访问请求为安全访问请求包括:The method according to claim 13, wherein the data source server determines, according to the context information included in the data access request, that the account that initiates the data access request is a secure access account, and The data access request for the secure access request includes: 所述数据源服务器接收所述第三方系统转发的所述数据访问请求;Receiving, by the data source server, the data access request forwarded by the third-party system; 所述数据源服务器读取所述数据访问请求中携带的所述上下文信息;The data source server reads the context information carried in the data access request; 在所述数据源服务器验证所述上下文信息为合法信息时,确定发起所述数据访问请求的所述账户为安全访问账户,且在查询得到所述账户具有所述合法访问标识信息时, 确定所述数据访问请求为所述安全访问请求。When the data source server verifies that the context information is legal information, determining that the account that initiates the data access request is a secure access account, and when the query obtains that the account has the legal access identifier information, Determining that the data access request is the secure access request. 根据权利要求12所述的方法,其特征在于,在第三方系统接收第一服务器发送的所述数据访问请求之前,所述方法还包括:The method according to claim 12, wherein before the third-party system receives the data access request sent by the first server, the method further includes: 所述第一服务器验证所述数据访问请求中是否携带所述账户的上下文信息,和/或对所述账户的上下文信息进行校验;Determining, by the first server, whether the data access request carries context information of the account, and/or verifying context information of the account; 所述第一服务器在确定所述数据访问请求中包含所述账户的上下文信息,和/或在所述账户的上下文信息校验通过的情况下,允许发送所述数据访问请求至第三方系统,使得所述第三方系统根据所述数据访问请求访问数据源;The first server includes context information of the account in determining the data access request, and/or, if the context information of the account is verified, allowing the data access request to be sent to a third-party system, Causing the third party system to access the data source according to the data access request; 所述第一服务器在确定所述数据访问请求中没有包含所述账户的上下文信息,和/或在所述账户的上下文信息校验失败的情况下,所述第一服务器仍旧发送所述数据访问请求至所述第三方系统,或者所述第一服务器禁止发送所述数据访问请求至所述第三方系统,并发出报警信息。The first server does not include the context information of the account in determining the data access request, and/or the first server still sends the data access if the context information verification of the account fails. Requesting to the third party system, or the first server prohibits sending the data access request to the third party system and issuing an alarm message. 一种用户数据的访问控制装置,其特征在于,包括:An access control device for user data, comprising: 接收模块,用于接收账户发起的数据访问请求;a receiving module, configured to receive an account-initiated data access request; 校验模块,包含第一校验单元和/或第二校验单元,其中,所述第一校验单元用于验证所述数据访问请求中是否携带所述账户的上下文信息,所述第二校验单元对所述账户的上下文信息进行校验;a verification module, comprising a first verification unit and/or a second verification unit, wherein the first verification unit is configured to verify whether the data access request carries context information of the account, and the second The verification unit checks the context information of the account; 控制模块,用于在校验模块校验通过的情况下,允许发送所述数据访问请求至第三方系统,使得所述第三方系统根据所述数据访问请求访问数据源。And a control module, configured to allow the data access request to be sent to the third-party system if the verification module passes the verification, so that the third-party system accesses the data source according to the data access request. 根据权利要求16所述的装置,其特征在于,所述第二校验单元包括:The apparatus according to claim 16, wherein said second verification unit comprises: 读取子单元,用于在确定所述数据访问请求中携带所述上下文信息之后,读取所述数据访问请求中携带的所述上下文信息;a reading subunit, configured to read the context information carried in the data access request after determining that the context information is carried in the data access request; 匹配子单元,用于将所述上下文信息与预存的完整上下文信息进行匹配,在匹配成功的情况下,确定所述账户的上下文信息为合法信息;a matching subunit, configured to match the context information with pre-stored complete context information, and if the matching is successful, determining that the context information of the account is legal information; 生成子单元,用于生成所述账户的合法访问标识信息,其中,所述合法访问标识信息用于表征发起所述数据访问请求的所述账户为合法账户。And generating a sub-unit, configured to generate legal access identifier information of the account, where the legal access identifier information is used to represent that the account that initiates the data access request is a legal account. 根据权利要求16所述的装置,其特征在于,所述第二校验单元包括:The apparatus according to claim 16, wherein said second verification unit comprises: 发送子单元,用于在确定所述数据访问请求中携带所述上下文信息之后,发送所述上下文信息至上下文信息服务器;a sending subunit, configured to send the context information to the context information server after determining that the context information is carried in the data access request; 第一接收子单元,用于接收所述上下文信息服务器验证所述上下文信息的验证结 果;a first receiving subunit, configured to receive the verification result that the context information server verifies the context information fruit; 第二接收子单元,用于在所述验证结果为所述账户的上下文信息为合法信息的情况下,接收所述上下文信息服务器生成的所述账户的合法访问标识信息,其中,所述合法访问标识信息用于表征发起的所述数据访问请求的所述账户为合法账户;所述上下文信息服务器将所述上下文信息与预存在本地的完整上下文信息进行匹配,在匹配成功的情况下,所述验证结果为所述账户的上下文信息为所述合法信息。a second receiving subunit, configured to receive legal access identification information of the account generated by the context information server, where the verification result is that the context information of the account is legal information, where the legal access The identifier information is used to represent the account of the initiated data access request as a legal account; the context information server matches the context information with pre-existing local complete context information, if the matching is successful, the The verification result is that the context information of the account is the legal information. 根据权利要求16所述的装置,其特征在于,所述控制模块还用于在校验模块校验不通过的情况下,发送所述数据访问请求至所述第三方系统,或者禁止发送所述数据访问请求至所述第三方系统,并发出报警信息。The apparatus according to claim 16, wherein the control module is further configured to send the data access request to the third-party system or disable sending the check if the verification module fails to pass the verification A data access request is sent to the third party system and an alarm message is issued. 一种用户数据的访问控制装置,其特征在于,包括:An access control device for user data, comprising: 获取模块,用于获取账户的上下文信息;An obtaining module, configured to obtain context information of an account; 发送模块,用于发送所述账户触发的数据访问请求至第一服务器,其中,所述数据访问请求至少包括所述上下文信息;a sending module, configured to send the data access request triggered by the account to the first server, where the data access request includes at least the context information; 接收模块,用于接收所述第一服务器根据所述数据访问请求获取到的访问数据;a receiving module, configured to receive access data acquired by the first server according to the data access request; 其中,在所述第一服务器确定所述数据访问请求中包含所述账户的上下文信息,和/或在所述账户的上下文信息校验通过的情况下,允许发送所述数据访问请求至第三方系统,使得所述第三方系统根据所述数据访问请求访问数据源。Wherein the first server determines that the data access request includes context information of the account, and/or allows the data access request to be sent to a third party if the context information of the account is verified to pass The system causes the third party system to access the data source in accordance with the data access request. 根据权利要求20所述的装置,其特征在于,获取模块包括:The device according to claim 20, wherein the obtaining module comprises: 发送单元,用于向登录服务器发起登录请求;a sending unit, configured to initiate a login request to the login server; 接收单元,用于接收所述登录服务器返回的所述上下文信息,其中,所述上下文信息为所述登录服务器根据所述登录请求生成的完整上下文信息中的子集。And a receiving unit, configured to receive the context information returned by the login server, where the context information is a subset of the complete context information generated by the login server according to the login request. 一种用户数据的访问控制装置,其特征在于,包括:An access control device for user data, comprising: 第一接收模块,用于接收第一服务器发送的数据访问请求,其中,所述数据访问请求为由账户发起的包含了所述账户的上下文信息的请求;a first receiving module, configured to receive a data access request sent by the first server, where the data access request is a request initiated by an account that includes context information of the account; 转发模块,用于转发所述数据访问请求至数据源服务器;a forwarding module, configured to forward the data access request to a data source server; 第二接收模块,用于接收所述数据源服务器返回的所述数据访问请求所要访问的数据,a second receiving module, configured to receive data to be accessed by the data access request returned by the data source server, 其中,当所述数据源服务器根据所述数据访问请求中包含的所述上下文信息,确定发起所述数据访问请求的所述账户为安全访问账户,且所述数据访问请求为安全访问请求时,允许第三方系统根据所述数据访问请求访问数据源。 When the data source server determines, according to the context information included in the data access request, that the account that initiates the data access request is a secure access account, and the data access request is a secure access request, A third party system is allowed to access the data source based on the data access request. 一种用户数据的访问控制系统,其特征在于,包括:An access control system for user data, comprising: 客户终端,用于在账户登录之后,发起数据访问请求;a client terminal, configured to initiate a data access request after the account is logged in; 第一服务器,与所述客户终端通信,用于在验证所述数据访问请求中包含了所述账户的上下文信息,和/或验证所述上下文信息为合法信息之后,透传所述数据访问请求;a first server, configured to communicate with the client terminal, configured to transparently transmit the data access request after verifying that the data access request includes context information of the account, and/or verifying that the context information is legal information ; 第三方系统服务器,与所述第一服务器通信,用于接收所述第一服务器透传的所述数据访问请求;a third-party system server, configured to communicate with the first server, to receive the data access request transparently transmitted by the first server; 数据源服务器,与所述第三方系统服务器通信,用于接收所述第三方系统服务器通信转发的所述数据访问请求,在根据所述数据访问请求中包含的所述上下文信息,确定发起所述数据访问请求的所述账户为安全访问账户,且所述数据访问请求为安全访问请求时,返回所述数据访问请求对应的访问数据至所述第三方系统服务器。 a data source server, configured to communicate with the third-party system server, to receive the data access request forwarded by the third-party system server, and determine to initiate the according to the context information included in the data access request The account of the data access request is a secure access account, and when the data access request is a secure access request, the access data corresponding to the data access request is returned to the third-party system server.
PCT/CN2016/082162 2015-05-22 2016-05-16 Access control method, apparatus and system for user data Ceased WO2016188335A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510267072.7A CN106302332B (en) 2015-05-22 2015-05-22 User data access control method, device and system
CN201510267072.7 2015-05-22

Publications (1)

Publication Number Publication Date
WO2016188335A1 true WO2016188335A1 (en) 2016-12-01

Family

ID=57392504

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/082162 Ceased WO2016188335A1 (en) 2015-05-22 2016-05-16 Access control method, apparatus and system for user data

Country Status (2)

Country Link
CN (1) CN106302332B (en)
WO (1) WO2016188335A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112583777A (en) * 2019-09-30 2021-03-30 北京国双科技有限公司 Method and device for realizing user login

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106961435B (en) * 2017-03-22 2019-12-13 北京深思数盾科技股份有限公司 access protection method and system
CN107908538A (en) * 2017-12-12 2018-04-13 郑州云海信息技术有限公司 A kind of automated testing method and system of server system performance
CN109165353A (en) * 2018-09-25 2019-01-08 安徽灵图壹智能科技有限公司 A kind of rent a house information retrieval method and system based on block chain
CN109753778A (en) * 2018-12-30 2019-05-14 北京城市网邻信息技术有限公司 Checking method, device, equipment and the storage medium of user
CN110049031B (en) * 2019-04-08 2021-05-18 厦门网宿有限公司 Interface security authentication method, server and authentication center server
CN112448921B (en) * 2019-08-30 2024-05-24 华为技术有限公司 Method and device for detecting backdoor
CN111475523A (en) * 2020-04-10 2020-07-31 得到(天津)文化传播有限公司 Request response method, device, equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080134305A1 (en) * 2005-12-16 2008-06-05 Hinton Heather M Method and system for extending authentication methods
CN103297437A (en) * 2013-06-20 2013-09-11 中国软件与技术服务股份有限公司 Safety server access method for mobile intelligent terminal
CN104518876A (en) * 2013-09-29 2015-04-15 腾讯科技(深圳)有限公司 Service login method and device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8850554B2 (en) * 2010-02-17 2014-09-30 Nokia Corporation Method and apparatus for providing an authentication context-based session
CN102724647B (en) * 2012-06-06 2014-08-13 电子科技大学 Method and system for access capability authorization
US9245144B2 (en) * 2012-09-27 2016-01-26 Intel Corporation Secure data container for web applications

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080134305A1 (en) * 2005-12-16 2008-06-05 Hinton Heather M Method and system for extending authentication methods
CN103297437A (en) * 2013-06-20 2013-09-11 中国软件与技术服务股份有限公司 Safety server access method for mobile intelligent terminal
CN104518876A (en) * 2013-09-29 2015-04-15 腾讯科技(深圳)有限公司 Service login method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112583777A (en) * 2019-09-30 2021-03-30 北京国双科技有限公司 Method and device for realizing user login
CN112583777B (en) * 2019-09-30 2023-04-18 北京国双科技有限公司 Method and device for realizing user login

Also Published As

Publication number Publication date
CN106302332B (en) 2019-10-15
CN106302332A (en) 2017-01-04

Similar Documents

Publication Publication Date Title
JP6701364B2 (en) System and method for service-assisted mobile pairing for passwordless computer login
US20190281028A1 (en) System and method for decentralized authentication using a distributed transaction-based state machine
CN101227468B (en) Method, device and system for authenticating user to network
CN105376216B (en) A remote access method, proxy server and client
US11409861B2 (en) Passwordless authentication
US9197420B2 (en) Using information in a digital certificate to authenticate a network of a wireless access point
US9628282B2 (en) Universal anonymous cross-site authentication
CN114679293A (en) Access control method, device and storage medium based on zero trust security
CN106302332B (en) User data access control method, device and system
JP2019531567A (en) Device authentication system and method
JP6374947B2 (en) Recoverable and recoverable dynamic device identification
WO2017036310A1 (en) Authentication information update method and device
CN113678131B (en) Protecting online applications and websites using blockchain
US10834074B2 (en) Phishing attack prevention for OAuth applications
CN108574657B (en) Server access method, device and system, computing equipment and server
US10693873B2 (en) Securing remote authentication
Binu et al. A mobile based remote user authentication scheme without verifier table for cloud based services
TWI778319B (en) Method for cross-platform authorizing access to resources and authorization system thereof
Rivers et al. A Study on Cyber Attacks and Vulnerabilities in Mobile Payment Applications
Yang et al. Context-Aware Phishing-Resistant Authentication for Federated Identity in Internet of Things Platforms
US12381740B2 (en) Web browser generation of unique identifiers
CN119299237B (en) A cloud platform-based authentication system and method
US12500770B2 (en) User authentication techniques across applications on a user device
EP4651436A1 (en) System and method to mitigate storage overload during web authentication
US20220353081A1 (en) User authentication techniques across applications on a user device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16799224

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16799224

Country of ref document: EP

Kind code of ref document: A1