CN110222531A - A kind of method, system and equipment accessing database - Google Patents

A kind of method, system and equipment accessing database Download PDF

Info

Publication number
CN110222531A
CN110222531A CN201910467315.XA CN201910467315A CN110222531A CN 110222531 A CN110222531 A CN 110222531A CN 201910467315 A CN201910467315 A CN 201910467315A CN 110222531 A CN110222531 A CN 110222531A
Authority
CN
China
Prior art keywords
access
database
information
registration
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910467315.XA
Other languages
Chinese (zh)
Other versions
CN110222531B (en
Inventor
肖磊
张园超
姚兴
李婷婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Advantageous New Technologies Co Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201910467315.XA priority Critical patent/CN110222531B/en
Publication of CN110222531A publication Critical patent/CN110222531A/en
Application granted granted Critical
Publication of CN110222531B publication Critical patent/CN110222531B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

This application discloses a kind of method, system and equipment for accessing database.In the method for one embodiment of this specification, the method for accessing database includes: to obtain the registration credential information from deployment platform;Registration information is generated according to the registration credential information, registration verifying is initiated to access control platform based on the registration information;Receive the access verification information from the access control platform, wherein, the access verification information could obtain after the registration is proved to be successful, and the access verification information includes the database instance information of Internet access, and the database instance information includes corresponding database password;Access request is initiated to database host based on the access verification information, the access request includes the database password.

Description

A kind of method, system and equipment accessing database
Technical field
This specification is related to field of computer technology more particularly to a kind of method, system and equipment for accessing database.
Background technique
Database is the warehouse for coming tissue, storage and management data according to data structure.In general, stored in database Data are not open for owner.Therefore, it at user accesses data library, needs to authenticate user, confirmation is used The database instance of family Internet access prevents unauthorized access.
In the prior art, database password realization is typically based on to the authentication of database accessor.That is, for access The visitor of permission issues corresponding database password.In Accessor Access's database, its database password having is verified, So that it is determined that whether it has access authority.However, Database Systems scale and complexity increase, this makes as enterprise grows The management for obtaining database password becomes abnormal difficult, and the hair of mistake, database password leakage is issued so as to cause database password Raw probability greatly increases, so that database is dragged the risk in library to be obviously improved.
Summary of the invention
In view of this, this specification embodiment provides a kind of method, system and equipment for accessing database, for solving In the prior art the problem of database password management process.
This specification embodiment adopts the following technical solutions:
This specification embodiment provides a kind of method for accessing database, which comprises
Obtain the registration credential information from deployment platform;
Registration information is generated according to the registration credential information, initiates to infuse to access control platform based on the registration information Volume verifying;
Receive the access verification information from the access control platform, wherein the access verification information is in the note Volume could obtain after being proved to be successful, and the access verification information includes the database instance information of Internet access, the database Example information includes corresponding database password;
Access request is initiated to database host based on the access verification information, the access request includes the data Library password.
In one embodiment of this specification:
Obtain the registration credential information, wherein the registration credential information includes binding with the first legal identity information Registration voucher;
Registration information is generated according to the registration credential information, wherein the registration information includes the registration voucher.
In one embodiment of this specification, the access verification information further includes the body with the binding of the second legal identity information Part verification information.
In one embodiment of this specification, visited using with the mutually independent database of the business process of database access request side It asks that module is realized to generate the registration information, and/or initiate the registration verifying, and/or initiate the access request.
In one embodiment of this specification, registration credential information is obtained, comprising:
The encryption information from deployment platform is received using the database access module, wherein the encryption information Decruption key is built in the database access module;
The encryption information is decrypted using the database access module, obtains the registration credential information.
In one embodiment of this specification, the method also includes:
Start the database access module, wherein the database access module is by the deployment platform with independent appearance Device or process initiation.
In one embodiment of this specification, access request, packet are initiated to database host based on the access verification information It includes:
The database access module is regarded as database local agent, from business process to the database access module Initiate SQL connection;
The connection of TLS database is initiated from the database access module to the database host.
In one embodiment of this specification, the database access module is constructed using database Sidecar module.
In one embodiment of this specification, access request is initiated to database host based on the access verification information, In, access request is initiated to the database host based on recently received access verification information.
This specification embodiment also provides a kind of method for disposing database-access rights, which comprises
Carry out registration verifying, wherein receive and register letter as described in the registration information as described in this specification embodiment and verifying Breath;
When registration is proved to be successful, the access verification information as described in this specification embodiment, the access verifying are created The identities match of information and registration verifying initiator;
To the registration, verifying initiator sends the access verification information.
In one embodiment of this specification, receives and registered as described in the registration information as described in this specification embodiment and verifying Information, in which:
Receive the registration information with the binding of the first legal identity information;
Verify whether the first legal identity information matches with registration verifying initiator.
In one embodiment of this specification, the method also includes:
The verification request from database host is received, it is described to verify the identity mark that request includes access request initiator Know;
Accessible database list is returned into the database host, wherein the accessible database list is institute State the addressable Database Lists of access request initiator.
In one embodiment of this specification, the method also includes:
Strategy will be intercepted and be sent to database host.
In one embodiment of this specification, the method also includes:
Update the access verification information created, wherein update database password;
The corresponding registration verifying initiator is sent by updated access verification information;
Monitor the database access connection being currently currently being used;
What the access verification information before existing in the database access connection being currently currently being used based on update was established When database access connects, maintain the access verification information before updating effective;
Access verification information before being not present in the database access connection being currently currently being used based on update is established Database access connection when, destroy update before access verification information.
This specification embodiment also provides a kind of method of validation database access authority, which comprises
Receive the access request as described in this specification embodiment;
Verify the access request;
When the access request passes through verifying, access request initiator is allowed to access database.
In one embodiment of this specification:
Receive the access request, wherein the access request includes testing with the identity of the second legal identity information binding Demonstrate,prove information;
The access request is verified, including, verifying the second legal identity information with the access request initiator is No matching.
In one embodiment of this specification, the access request is verified, further includes:
It generates and verifies request, it is described to verify the identity that request includes the access request initiator;
Access control platform is sent by verification request;
Receive the accessible database list from the access control platform, wherein the accessible database list For the addressable Database Lists of access request initiator;
According to access request described in the accessible database list verification, wherein it is corresponding to verify the access request Whether target database is in the accessible database list.
This specification embodiment also provides a kind of system for accessing database, the system comprises:
Deployment information obtains module, is used to obtain the registration credential information from deployment platform;
Registration verifying initiation module, is used to generate registration information according to the registration credential information, is based on the registration Information initiates registration verifying to access control platform;
It accesses verification information and obtains module, be used to receive the access verification information from the access control platform, In, the access verification information could obtain after the registration is proved to be successful, and the access verification information includes Internet access Database instance information, the database instance information include corresponding database password;
Database access module is used to initiate access request, institute to database host based on the access verification information Stating access request includes the database password.
This specification embodiment also provides a kind of system for disposing database-access rights, the system comprises:
Authentication module is registered, is used to carry out registration verifying, wherein receives the registration letter as described in this specification embodiment It ceases and verifies the registration information;
Verification information creation module is accessed, is used for when registration is proved to be successful, is created as described in this specification embodiment Access verification information, it is described access verification information and registration verifying initiator identities match;
Verification information sending module is accessed, is used to verify initiator's transmission access verification information to the registration.
This specification embodiment also provides a kind of system of validation database access authority, the system comprises:
Access request obtains module, is used to receive the access request as described in this specification embodiment;
Access request authentication module is used to verify the access request, when the access request passes through verifying, allows Access request initiator accesses database.
The application also proposed a kind of equipment for handling in user equipment client information, which includes based on storing The memory of calculation machine program instruction and processor for executing program instructions, wherein when the computer program instructions are by this When managing device execution, triggers the equipment and execute method described in system described in this specification embodiment.
At least one above-mentioned technical solution that this specification embodiment uses can reach following the utility model has the advantages that according to this theory The method of bright book embodiment, deployment platform do not issue database password directly, but issue for identification access person's legitimacy Credential information is registered, verifying registration credential information is first had to when access control platform issues database password, after being verified Database password is issued again;Compared to the prior art, database can be greatly reduced according to the method for this specification embodiment A possibility that password is mistaken, revealed improves the safety of Database Systems, greatly reduces the risk that database is dragged library.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present application, constitutes part of this application, this Shen Illustrative embodiments and their description please are not constituted an undue limitation on the present application for explaining the application.In the accompanying drawings:
Fig. 1, Fig. 3, Fig. 5 and Fig. 9 are the flow chart of the operation method of application program in this specification embodiment;
Fig. 7 and Fig. 8 is the partial process view of the operation method of application program in this specification embodiment;
Fig. 2, Fig. 4, Fig. 6, Fig. 8 and Figure 10~12 are the structural block diagram of system in this specification embodiment.
Specific embodiment
To keep the purposes, technical schemes and advantages of the application clearer, below in conjunction with the application specific embodiment and Technical scheme is clearly and completely described in corresponding attached drawing.Obviously, described embodiment is only the application one Section Example, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not doing Every other embodiment obtained under the premise of creative work out, shall fall in the protection scope of this application.
In the prior art, database password realization is typically based on to the authentication of database accessor.That is, for access The visitor of permission issues corresponding database password.In Accessor Access's database, its database password having is verified, So that it is determined that whether it has access authority.However, Database Systems scale and complexity increase, this makes as enterprise grows The management for obtaining database password becomes abnormal difficult, and the hair of mistake, database password leakage is issued so as to cause database password Raw probability greatly increases, so that database is dragged the risk in library to be obviously improved.
In view of the above-mentioned problems, this specification embodiment proposes a kind of method for accessing database.According to this specification reality The method for applying example, deployment platform do not issue database password directly, but issue registration for identification access person's legitimacy with Information is demonstrate,proved, verifying registration credential information is first had to when access control platform issues database password, is issued again after being verified Database password;Compared to the prior art, database password mistake can be greatly reduced according to the method for this specification embodiment A possibility that hair, leakage, the safety of Database Systems is improved, the risk that database is dragged library is greatly reduced.
Below in conjunction with attached drawing, the technical solution that each embodiment of this specification provides is described in detail.
In one embodiment of this specification, as shown in Figure 1, the method for access database includes:
S110 obtains the registration credential information from deployment platform;
S120, generates registration information according to registration credential information, initiates to register to access control platform based on registration information Verifying;
S130, receive the access verification information from access control platform, wherein access verification information registration verifying at It could be obtained after function, access verification information includes the database instance information of Internet access, which includes pair The database password answered;
S140 initiates access request to database host based on access verification information, which includes database mouth It enables.
Further, the method for the access database based on this specification embodiment, this specification embodiment also proposed A kind of system accessing database.As shown in Fig. 2, the system of access database includes:
Deployment information obtains module 210, is used to obtain the registration credential information from deployment platform;
Registration verifying initiation module 220, be used for according to registration credential information generate registration information, based on registration information to Access control platform initiates registration verifying;
It accesses verification information and obtains module 230, be used to receive the access verification information from access control platform, In, access verification information could obtain after registration is proved to be successful, and access verification information includes the database instance of Internet access Information, database instance information include corresponding database password;
Database access module 240 is used to initiate access request, access to database host based on access verification information Request includes the database password.
Specifically, the system for accessing database is built into operation system in one embodiment of this specification.
Further, the method for the access database based on this specification embodiment, this specification embodiment also proposed A method of deployment database-access rights.As shown in figure 3, in one embodiment of this specification, deployment database access power The method of limit includes:
S310 carries out registration verifying, wherein receives registration information described in this specification embodiment and verifies registration letter Breath;
S320 creates the access verification information as described in this specification embodiment when registration is proved to be successful, which tests Demonstrate,prove the identities match of information and registration verifying initiator;
S330, to registration, verifying initiator sends access verification information.
Further, in the method for the deployment database-access rights of one embodiment of this specification, in creation such as this theory After access verification information described in bright book embodiment, also the related data (for example, database password) for accessing verification information is sent out It is sent to database host.
Specifically, in the method for the deployment database-access rights of one embodiment of this specification, in creation for registration When verifying the access verification information of initiator (operation system), for the number of registration verifying initiator (operation system) Internet access According to library example creation database account (database account includes database password).Initiator (operation system) is being verified to registration When sending access verification information, the database account of the database instance of its Internet access is sent.
Further, the method for the deployment database-access rights based on this specification embodiment, this specification embodiment It also proposed a kind of system (access control platform) for disposing database-access rights.As shown in figure 4, deployment database access power The system of limit includes:
Authentication module 410 is registered, is used to carry out registration verifying, wherein receives the note as described in this specification embodiment Volume information simultaneously verifies the registration information;
Verification information creation module 420 is accessed, is used for when registration is proved to be successful, is created such as this specification embodiment institute The access verification information stated, the identities match of access verification information and registration verifying initiator;
Verification information sending module 430 is accessed, is used to send access verification information to registration verifying initiator.
Further, the method for the access database based on this specification embodiment, this specification embodiment also proposed A kind of method of validation database access authority.As shown in figure 5, in one embodiment of this specification, validation database access right The method of limit includes:
S510 receives the access request as described in this specification embodiment;
S520 verifies the access request;
S530 allows access request initiator to access database when access request passes through verifying.
Further, the method for the validation database access authority based on this specification embodiment, this specification embodiment The system that also proposed a kind of validation database access authority.As shown in fig. 6, the system of validation database access authority includes:
Access request obtains module 610, is used to receive the access request as described in this specification embodiment;
Access request authentication module 620 is used for authentication-access request, when access request passes through verifying, allows to access Request originator accesses database.
Specifically, the system of validation database access authority is built into database master in one embodiment of this specification In machine.
Further, a possibility that mistaking, reveal to reduce database password, in one embodiment of this specification, When issuing database password, using registration voucher and the scheme of registrant's identity double verification.
Specifically, obtaining the registration credential information in the method for the access database of one embodiment of this specification When, the registration credential information of acquisition includes the registration voucher with the binding of the first legal identity information;According to registration credential information During generating registration information, registration information includes the registration voucher with the binding of the first legal identity information.
It is corresponding, in the method for the deployment database-access rights of one embodiment of this specification, receiving registration information When, receive the registration information with the binding of the first legal identity information;During verifying registration information, the first legal body is verified Whether part information matches with registration verifying initiator.
Specifically, deployment system verifies initiator's sending application private key voucher to registration in one embodiment of this specification, The voucher and Lawful access person identity (the first legal identity information) binding.Registration verifying is initiated direction access control platform and is initiated When registration verifying, requested using the application private key voucher signature enrolling from deployment system.Access control platform carries out registration and tests When card, verifies the signature of registration request and verify the Lawful access person the identity one whether source of registration request binds with it simultaneously It causes.
Further, in order to avoid revealing the unauthorized access of bring database by database password the occurrence of, at this In one embodiment of specification, when verifying is comprising being the access request of database password, database password and visitor are used The scheme of identity double verification.
Specifically, the access of creation is verified in the method for the deployment database-access rights of one embodiment of this specification Information further includes the authentication information with the binding of the second legal identity information, and the second legal identity information is access verification information The identity information of corresponding visitor.
Corresponding, in the method for the access database of one embodiment of this specification, what is received is flat from access control The access verification information of platform further includes the authentication information with the binding of the second legal identity information.
It is corresponding, in the method for the validation database access authority of one embodiment of this specification, receiving access request When, which includes the authentication information with the binding of the second legal identity information;During authentication-access request, Verify whether the second legal identity information matches with access request initiator.
Specifically, when access control platform carries out registration verifying and is proved to be successful, being visited in one embodiment of this specification Ask control platform to registration verifying initiator return using Internet access database instance information (including database password) with And the certificate and private key (certificate and application identity binding, and certificate includes Apply Names) of mark application identity.When registration is tested When card initiates direction database host initiation access request, the application identity certificate and data that are returned using access control platform Library password establishes database access connection to database host initiation.Database host is also tested while validation database password Application identity bound in card application identity certificate establishes whether the source side that database access is connect matches with initiation.
Further, in order to further avoid by database password reveal bring database unauthorized access situation hair It is raw, the corresponding access authority of also direct authentication-access person identity.Specifically, confirming its Internet access according to visitor's identity Whether Database Lists, the access object for verifying current access request are comprised in the Database Lists.
Specifically, in the method for the validation database access authority of one embodiment of this specification, as shown in fig. 7, testing During demonstrate,proving access request:
S710 is generated and is verified request, and verification request includes the identity of access request initiator;
S720 will verify request and be sent to access control platform;
S730 receives the accessible database list from access control platform, wherein accessible database list is to visit Ask request originator addressable Database Lists;
S740, according to accessible database list verification access request, wherein authentication-access requests corresponding target data Whether library is in accessible database list.
It is corresponding, in the method for the deployment database-access rights of one embodiment of this specification, as shown in figure 8, method Further include:
S810, receives the verification request from database host, and verification request includes the identity of access request initiator Mark;
Accessible database list is returned to database host by S820, wherein the accessible database list is to correspond to Verify the addressable Database Lists of access request initiator of request.
Specifically, in the application scenarios of one embodiment of this specification, as shown in Figure 9:
S900, deployment platform is issued to operation system (registration verifying initiator/database access request initiator) and industry Private key voucher is applied in application identity of being engaged in binding;
S911, operation system receive the application private key voucher for being bundled with service application identity;
S912 is requested using application private key voucher signature enrolling;
S913 initiates registration verifying to access control platform;
S921, the service application identity of the signature of access control platform validation registration request and simultaneously verifying and signature binding Whether matched with the identity of operation system;
S922, after registration is verified, the database that access control platform needle returns to its Internet access to operation system is real Example information (including database password) and certificate and private key (certificate and the application identity binding, and certificate for identifying application identity Include Apply Names);
S914, operation system receive the database instance information of its Internet access and identify certificate and the private of application identity Key;
S915 is based on application identity certificate and database password to data when operation system needs to access database Library host initiates access request;
S931, database host receive access request;
S932, database host verify application identity and access request bound in application identity certificate initiator whether Unanimously;
S933, database host send the Apply Names of the initiator of access request to access control platform;
S923, the database column for initiator's Internet access that access control platform is requested to database host backward reference Table;
S934, database host authentication-access request whether corresponding target database has the right in the initiator of access request In the Database Lists of access;
S935, database host validation database password.
Further, in order to further increase the safety of database access, in the deployment number of one embodiment of this specification In method according to library access authority, method further include: strategy will be intercepted and be sent to database host.In this way, database host exists It was found that when unauthorized access is requested, so that it may make effective intercept according to the interception strategy received and operate, avoid illegal user Access database.
Further, it is contemplated that identical database password is used for a long time, the risk that database password is leaked can be increased. Therefore, in the method for the deployment database-access rights of one embodiment of this specification, method further include: update the visit created Ask verification information, wherein update database password;Corresponding registration verifying is sent by updated access verification information to initiate Side's (operation system).
Further, it in the method for the deployment database-access rights of one embodiment of this specification, is tested updating access After demonstrate,proving information, number also is sent by the related data (for example, updated database password) of updated access verification information According to library host.
Further, after access verification information is updated, if the access verification information before updating is still effective, that is just Lose the meaning for updating access verification information.But if directly destroying the access verification information before (invalid) update, so that it may The case where database access connection currently in use is interrupted halfway can occur, operation system run-time error or data is caused to be lost It loses.Therefore, in the method for the deployment database-access rights of one embodiment of this specification, after updating access verification information: Monitor the database access connection being currently currently being used;Exist in the database access connection being currently currently being used and is based on When the database access connection that the access verification information before update is established, maintain the access verification information before updating effective;Working as Before be currently being used database access connection in there is no based on before update access verification information foundation database access Access verification information when connection, before destroying (invalid) update.
It is corresponding, in the method for the access database of one embodiment of this specification, tested based on recently received access It demonstrate,proves information and initiates access request to database host.
Specifically, in the method for the deployment database-access rights of one embodiment of this specification, in creation for registration When verifying the access verification information of initiator (operation system), for the number of registration verifying initiator (operation system) Internet access According to library example creation database account (database account includes database password).Initiator (operation system) is being verified to registration When sending access verification information, the database account of the database instance of its Internet access is sent.Verification information is accessed updating When, new database account number (different from the password of old debts number) is created to specified data library example, then by new account and mouth It enables and is pushed to registration verifying initiator (operation system) for having permission to access the database instance and new account is sent to data Library host.When enabling registration verifying initiator (operation system) creation new database connection, new account number creation connection (data are used Library host carries out legitimate verification also based on new account).The database connection number that old debts number creates in monitoring data library, connection number When being reduced to 0, invalid old debts number (old debts number on destruction database host).
Specifically, as shown in Figure 10, (1) access control platform 101 creates new database in one embodiment of this specification New database account is sent database host 102 by account;(2) access control platform 101 pushes newly to operation system 100 Database account;(3) operation system 100 is connected to database host 102 using new database account newdata library;(4) it visits It asks control platform 101 monitoring data library host 102, monitors old account linking number amount, when old account linking number amount is reduced to 0, pin Ruin the old debts number on database host 102.
Further, it in order to avoid operation system is cracked, is let out so as to cause database password and/or other validating documents Dew utilizes the business process phase with database access request side in the method for the access database of one embodiment of this specification Independent database access module (system of access database) realize generate registration information, and/or initiate registration verifying and/ Or initiate access request.
Specifically, one embodiment of this specification access database method in, using with database access request side The mutually independent database access module of the business process system of database (access) realize it is flat with deployment platform, access control Data interaction between the business process of platform, database host and database access request side (operation system).
Specifically, as shown in figure 11, operation system 110 includes database access module in one embodiment of this specification 111, database access module 111 and the business process 112 of operation system 110 are mutually indepedent.Database access module 111 connects To deployment platform 120, access control platform 130 and database host 140.
Further, in the method for the access database of one embodiment of this specification, registration credential information is being obtained In the process: receiving the encryption information from deployment platform using database access module, wherein the decruption key of the encryption information It is built in database access module;Encryption information is decrypted using database access module, obtains registration credential information.
Further, in the method for the access database of one embodiment of this specification, the decruption key of encryption information is only It is built in database access module.
Further, in the method for the access database of one embodiment of this specification, method further include: log-on data library Access modules, wherein database access module is by deployment platform with autonomous container or process initiation.
Further, in the method for the access database of one embodiment of this specification, based on access verifying letter It ceases during initiating access request to database host: database access module being regarded as database local agent, by business Process initiates SQL connection to database access module;TLS database is initiated to database host from database access module to connect It connects.Specifically, database access module is regarded as counting by the business process of operation system when operation system needs to access database According to library local agent, SQL connection is initiated to database access module;Database access module initiates TLS number to database host It is connected according to library.
Further, in the method for the access database of one embodiment of this specification, database Sidecar module is utilized Construct database access module.It is corresponding, in the method for the deployment database-access rights of one embodiment of this specification, utilize Database Sidecar module constructs access control platform (systems of deployment database-access rights).It is corresponding, in this specification In the method for the validation database access authority of one embodiment, the visit of database Sidecar module building database host is utilized Ask requests verification module (system of validation database access authority).
Specifically, in one embodiment of this specification, as shown in figure 12, business host 1210 include business process 1211 with And Sidecar module 1212 (database access module).When 1220 issuing service system of deployment platform can with autonomous container or into Cheng Qidong Sidecar module 1212, at the same transmit only have 1212 built-in key of Sidecar module could decrypt application private key with Card, the voucher and service application identity binding.
(https request) is registered to Sidecar control platform 1230 when Sidecar module 1212 starts, with answering for acquisition With private key voucher signature access request.Sidecar control platform 1230 examines signature while whether adding signature verification source IP For the service application claimed of signing.When passed the verification, Sidecar control platform 1230 is answered to the return of Sidecar module 1212 With the database instance information (including database password) of Internet access and the certificate and private key (certificate of mark application identity It is bound with application identity, and certificate includes Apply Names).
Sidecar module 1212 is regarded as database local agent when business process 1211 is run, initiates SQL connection. The application identity certificate and database password that Sidecar module 1212 is returned using Sidecar control platform 1230 are to database The Sidecar module 1241 of host 1240 establishes the connection of TLS database.
The certificate identification that the Sidecar module 1241 of database requests from opposite end TLS and (comes from Sidecar module 1212) is asked Source Apply Names are sought, calls Sidecar control platform 1230 to obtain source and applies addressable Database Lists, if access It requests the target database of corresponding database connection not in it may have access to list, disconnects.The Sidecar module of database 1241 when access request is legal, initiates SQL connection to database process 1242.
Further, the Sidecar module 1241 that Sidecar control platform 1230 is pushed to database intercepts strategy, carefully Granularity drags library behavior to intercept hemostasis invasion.
Further, based on method of the invention, the invention also provides one kind in the processing of user equipment client information Equipment, which includes the memory for storing computer program instructions and the processor for executing program instructions, In, when the computer program instructions are executed by the processor, triggers the equipment and execute method of the present invention.
In the 1990s, the improvement of a technology can be distinguished clearly be on hardware improvement (for example, Improvement to circuit structures such as diode, transistor, switches) or software on improvement (improvement for method flow).So And with the development of technology, the improvement of current many method flows can be considered as directly improving for hardware circuit. Designer nearly all obtains corresponding hardware circuit by the way that improved method flow to be programmed into hardware circuit.Cause This, it cannot be said that the improvement of a method flow cannot be realized with hardware entities module.For example, programmable logic device (Programmable Logic Device, PLD) (such as field programmable gate array (Field Programmable Gate Array, FPGA)) it is exactly such a integrated circuit, logic function determines device programming by user.By designer Voluntarily programming comes a digital display circuit " integrated " on a piece of PLD, designs and makes without asking chip maker Dedicated IC chip.Moreover, nowadays, substitution manually makes IC chip, this programming is also used instead mostly " is patrolled Volume compiler (logic compiler) " software realizes that software compiler used is similar when it writes with program development, And the source code before compiling also write by handy specific programming language, this is referred to as hardware description language (Hardware Description Language, HDL), and HDL is also not only a kind of, but there are many kind, such as ABEL (Advanced Boolean Expression Language)、AHDL(Altera Hardware Description Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL (Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby Hardware Description Language) etc., VHDL (Very-High-Speed is most generally used at present Integrated Circuit Hardware Description Language) and Verilog.Those skilled in the art also answer This understands, it is only necessary to method flow slightly programming in logic and is programmed into integrated circuit with above-mentioned several hardware description languages, The hardware circuit for realizing the logical method process can be readily available.
Controller can be implemented in any suitable manner, for example, controller can take such as microprocessor or processing The computer for the computer readable program code (such as software or firmware) that device and storage can be executed by (micro-) processor can Read medium, logic gate, switch, specific integrated circuit (Application Specific Integrated Circuit, ASIC), the form of programmable logic controller (PLC) and insertion microcontroller, the example of controller includes but is not limited to following microcontroller Device: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicone Labs C8051F320 are deposited Memory controller is also implemented as a part of the control logic of memory.It is also known in the art that in addition to Pure computer readable program code mode is realized other than controller, can be made completely by the way that method and step is carried out programming in logic Controller is obtained to come in fact in the form of logic gate, switch, specific integrated circuit, programmable logic controller (PLC) and insertion microcontroller etc. Existing identical function.Therefore this controller is considered a kind of hardware component, and to including for realizing various in it The device of function can also be considered as the structure in hardware component.Or even, it can will be regarded for realizing the device of various functions For either the software module of implementation method can be the structure in hardware component again.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity, Or it is realized by the product with certain function.It is a kind of typically to realize that equipment is computer.Specifically, computer for example may be used Think personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play It is any in device, navigation equipment, electronic mail equipment, game console, tablet computer, wearable device or these equipment The combination of equipment.
For convenience of description, it is divided into various units when description apparatus above with function to describe respectively.Certainly, implementing this The function of each unit can be realized in the same or multiple software and or hardware when application.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more, The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces The form of product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.
In a typical configuration, calculating equipment includes one or more processors (CPU), input/output interface, net Network interface and memory.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data. The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM), Digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or other magnetic storage devices Or any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, it calculates Machine readable medium does not include temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.
It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described want There is also other identical elements in the process, method of element, commodity or equipment.
The application can describe in the general context of computer-executable instructions executed by a computer, such as program Module.Generally, program module includes routines performing specific tasks or implementing specific abstract data types, programs, objects, group Part, data structure etc..The application can also be practiced in a distributed computing environment, in these distributed computing environments, by Task is executed by the connected remote processing devices of communication network.In a distributed computing environment, program module can be with In the local and remote computer storage media including storage equipment.
All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for system reality For applying example, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to embodiment of the method Part explanation.
The above description is only an example of the present application, is not intended to limit this application.For those skilled in the art For, various changes and changes are possible in this application.All any modifications made within the spirit and principles of the present application are equal Replacement, improvement etc., should be included within the scope of the claims of this application.

Claims (21)

1. a kind of method for accessing database, which comprises
Obtain the registration credential information from deployment platform;
Registration information is generated according to the registration credential information, registration is initiated to access control platform based on the registration information and is tested Card;
Receive the access verification information from the access control platform, wherein the access verification information is tested in the registration It could be obtained after demonstrate,proving successfully, the access verification information includes the database instance information of Internet access, the database instance Information includes corresponding database password;
Access request is initiated to database host based on the access verification information, the access request includes the database mouth It enables.
2. according to the method for claim 1:
Obtain the registration credential information, wherein the registration credential information includes the note with the binding of the first legal identity information Volume voucher;
Registration information is generated according to the registration credential information, wherein the registration information includes the registration voucher.
3. method according to claim 1 or 2, the access verification information further includes binding with the second legal identity information Authentication information.
4. method described in any one of claim 1 to 3, using mutually only with the business process of database access request side Vertical database access module, which is realized, to be generated the registration information, and/or initiates the registration verifying, and/or initiate the visit Ask request.
5. according to the method described in claim 4, obtaining registration credential information, comprising:
The encryption information from deployment platform is received using the database access module, wherein the decryption of the encryption information Key is built in the database access module;
The encryption information is decrypted using the database access module, obtains the registration credential information.
6. method according to claim 5 or 6, the method also includes:
Start the database access module, wherein the database access module by the deployment platform with autonomous container or Process initiation.
7. the method according to any one of claim 4~6 is initiated based on the access verification information to database host Access request, comprising:
The database access module is regarded as database local agent, is initiated from business process to the database access module SQL connection;
The connection of TLS database is initiated from the database access module to the database host.
8. the method according to any one of claim 4~7 constructs the database using database Sidecar module Access modules.
9. method described according to claim 1~any one of 8 is initiated based on the access verification information to database host Access request, wherein access request is initiated to the database host based on recently received access verification information.
10. a kind of method for disposing database-access rights, which comprises
Carry out registration verifying, wherein receive and register such as described in registration information according to any one of claims 1 to 9 and verifying Information;
When registration is proved to be successful, creation such as access verification information according to any one of claims 1 to 9, the access are tested Demonstrate,prove the identities match of information and registration verifying initiator;
To the registration, verifying initiator sends the access verification information.
11. according to the method described in claim 10, receiving such as registration information according to any one of claims 1 to 9 and testing Demonstrate,prove the registration information, in which:
Receive the registration information with the binding of the first legal identity information;
Verify whether the first legal identity information matches with registration verifying initiator.
12. method described in 0 or 11 according to claim 1, the method also includes:
The verification request from database host is received, it is described to verify the identity that request includes access request initiator;
Accessible database list is returned into the database host, wherein the accessible database list is the visit Ask request originator addressable Database Lists.
13. method described in any one of 0~12 according to claim 1, the method also includes:
Strategy will be intercepted and be sent to database host.
14. method described in any one of 0~13 according to claim 1, the method also includes:
Update the access verification information created, wherein update database password;
The corresponding registration verifying initiator is sent by updated access verification information;
Monitor the database access connection being currently currently being used;
The data that access verification information before existing in the database access connection being currently currently being used based on update is established When the access connection of library, maintain the access verification information before updating effective;
The number that access verification information before being not present in the database access connection being currently currently being used based on update is established When accessing connection according to library, the access verification information before updating is destroyed.
15. a kind of method of validation database access authority, which comprises
Receive such as the described in any item access requests of claim 1~9;
Verify the access request;
When the access request passes through verifying, access request initiator is allowed to access database.
16. according to the method for claim 15:
Receive the access request, wherein the access request includes believing with the authentication of the second legal identity information binding Breath;
Verify the access request, including, verify the second legal identity information and the access request initiator whether Match.
17. method according to claim 15 or 16 verifies the access request, further includes:
It generates and verifies request, it is described to verify the identity that request includes the access request initiator;
Access control platform is sent by verification request;
Receive the accessible database list from the access control platform, wherein the accessible database list is institute State the addressable Database Lists of access request initiator;
According to access request described in the accessible database list verification, wherein verify the corresponding target of the access request Whether database is in the accessible database list.
18. a kind of system for accessing database, the system comprises:
Deployment information obtains module, is used to obtain the registration credential information from deployment platform;
Registration verifying initiation module, is used to generate registration information according to the registration credential information, is based on the registration information Registration verifying is initiated to access control platform;
It accesses verification information and obtains module, be used to receive the access verification information from the access control platform, wherein institute Stating access verification information could obtain after the registration is proved to be successful, and the access verification information includes the data of Internet access Library example information, the database instance information include corresponding database password;
Database access module is used to initiate access request, the visit to database host based on the access verification information Ask that request includes the database password.
19. a kind of system for disposing database-access rights, the system comprises:
Authentication module is registered, is used to carry out registration verifying, wherein receives such as registration according to any one of claims 1 to 9 Information simultaneously verifies the registration information;
Verification information creation module is accessed, is used for when registration is proved to be successful, is created such as any one of claim 1~9 institute The access verification information stated, the identities match of the access verification information and registration verifying initiator;
Verification information sending module is accessed, is used to verify initiator's transmission access verification information to the registration.
20. a kind of system of validation database access authority, the system comprises:
Access request obtains module, is used to receive such as the described in any item access requests of claim 1~9;
Access request authentication module is used to verify the access request, when the access request passes through verifying, allows to access Request originator accesses database.
21. a kind of equipment for handling in user equipment client information, the equipment include for storing computer program instructions Memory and processor for executing program instructions, wherein when the computer program instructions are executed by the processor, triggering Method described in any one of equipment perform claim requirement 1 to 17.
CN201910467315.XA 2019-05-31 2019-05-31 Method, system and equipment for accessing database Active CN110222531B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910467315.XA CN110222531B (en) 2019-05-31 2019-05-31 Method, system and equipment for accessing database

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910467315.XA CN110222531B (en) 2019-05-31 2019-05-31 Method, system and equipment for accessing database

Publications (2)

Publication Number Publication Date
CN110222531A true CN110222531A (en) 2019-09-10
CN110222531B CN110222531B (en) 2023-07-07

Family

ID=67818862

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910467315.XA Active CN110222531B (en) 2019-05-31 2019-05-31 Method, system and equipment for accessing database

Country Status (1)

Country Link
CN (1) CN110222531B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111708610A (en) * 2020-06-19 2020-09-25 北京神州泰岳软件股份有限公司 Database client construction method and database operation method
CN112383548A (en) * 2020-11-13 2021-02-19 杭州弗兰科信息安全科技有限公司 Database access method, transmitting device, receiving device and terminal host
WO2021048698A1 (en) * 2019-09-11 2021-03-18 International Business Machines Corporation Maintenance of access for security enablement on host system
CN112800463A (en) * 2021-02-02 2021-05-14 天津五八到家货运服务有限公司 Information processing method, device and system
US11188658B2 (en) 2019-09-11 2021-11-30 International Business Machines Corporation Concurrent enablement of encryption on an operational path at a storage port
US11188659B2 (en) 2019-09-11 2021-11-30 International Business Machines Corporation Concurrent enablement of encryption on an operational path at a host port
CN114238889A (en) * 2021-12-13 2022-03-25 北京天融信网络安全技术有限公司 Database login method and device
US11308243B2 (en) 2019-09-11 2022-04-19 International Business Machines Corporation Maintenance of access for security enablement in a storage device
CN114745431A (en) * 2022-03-18 2022-07-12 上海道客网络科技有限公司 Side car technology-based non-invasive authority authentication method, system, medium and equipment
CN116204543A (en) * 2023-05-04 2023-06-02 天津金城银行股份有限公司 Method, system, computer and readable storage medium for keeping bill alive

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080178273A1 (en) * 2007-01-23 2008-07-24 Elmar Weber Automated Authentication Process for Application Clients
US20120144457A1 (en) * 2010-12-06 2012-06-07 Verizon Patent And Licensing Inc. Method and system for providing registration of an application instance
CN102664903A (en) * 2012-05-16 2012-09-12 李明 Network user identifying method and system
CN104391690A (en) * 2014-11-04 2015-03-04 中国石油天然气股份有限公司 Application development system and method
CN105577665A (en) * 2015-12-24 2016-05-11 西安电子科技大学 Identity and access control and management system and method in cloud environment
CN105897663A (en) * 2015-01-26 2016-08-24 阿里巴巴集团控股有限公司 Method for determining access authority, device and equipment
CN106302502A (en) * 2016-04-03 2017-01-04 北京动石科技有限公司 A kind of secure access authentication method, user terminal and service end
CN107196909A (en) * 2017-04-14 2017-09-22 阿里巴巴集团控股有限公司 Invitation registration method and device
CN108449315A (en) * 2018-02-05 2018-08-24 平安科技(深圳)有限公司 Ask calibration equipment, method and the computer readable storage medium of legitimacy
CN108734017A (en) * 2018-05-20 2018-11-02 深圳市图灵奇点智能科技有限公司 Driving data sharing method and device, system and computer storage media
CN109039880A (en) * 2018-09-05 2018-12-18 四川长虹电器股份有限公司 A method of simple authentication authorization is realized using API gateway

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080178273A1 (en) * 2007-01-23 2008-07-24 Elmar Weber Automated Authentication Process for Application Clients
US20120144457A1 (en) * 2010-12-06 2012-06-07 Verizon Patent And Licensing Inc. Method and system for providing registration of an application instance
CN102664903A (en) * 2012-05-16 2012-09-12 李明 Network user identifying method and system
CN104391690A (en) * 2014-11-04 2015-03-04 中国石油天然气股份有限公司 Application development system and method
CN105897663A (en) * 2015-01-26 2016-08-24 阿里巴巴集团控股有限公司 Method for determining access authority, device and equipment
CN105577665A (en) * 2015-12-24 2016-05-11 西安电子科技大学 Identity and access control and management system and method in cloud environment
CN106302502A (en) * 2016-04-03 2017-01-04 北京动石科技有限公司 A kind of secure access authentication method, user terminal and service end
CN107196909A (en) * 2017-04-14 2017-09-22 阿里巴巴集团控股有限公司 Invitation registration method and device
CN108449315A (en) * 2018-02-05 2018-08-24 平安科技(深圳)有限公司 Ask calibration equipment, method and the computer readable storage medium of legitimacy
CN108734017A (en) * 2018-05-20 2018-11-02 深圳市图灵奇点智能科技有限公司 Driving data sharing method and device, system and computer storage media
CN109039880A (en) * 2018-09-05 2018-12-18 四川长虹电器股份有限公司 A method of simple authentication authorization is realized using API gateway

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
SRIYA MAHANKALI: "Identification of illegal garbage dumping with video analytics", IEEE, pages 2403 - 2407 *
刘雷燕: "基于全同态加密的电子投票方案设计", 中国优秀硕士学位论文全文数据库, pages 138 - 78 *

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2601461A (en) * 2019-09-11 2022-06-01 Ibm Maintenance of access for security enablement on host system
GB2601461B (en) * 2019-09-11 2022-11-02 Ibm Maintenance of access for security enablement on host system
WO2021048698A1 (en) * 2019-09-11 2021-03-18 International Business Machines Corporation Maintenance of access for security enablement on host system
US11188659B2 (en) 2019-09-11 2021-11-30 International Business Machines Corporation Concurrent enablement of encryption on an operational path at a host port
US11308243B2 (en) 2019-09-11 2022-04-19 International Business Machines Corporation Maintenance of access for security enablement in a storage device
US11188658B2 (en) 2019-09-11 2021-11-30 International Business Machines Corporation Concurrent enablement of encryption on an operational path at a storage port
US11354455B2 (en) 2019-09-11 2022-06-07 International Business Machines Corporation Maintenance of access for security enablement on a host system
CN111708610A (en) * 2020-06-19 2020-09-25 北京神州泰岳软件股份有限公司 Database client construction method and database operation method
CN111708610B (en) * 2020-06-19 2024-02-27 北京神州泰岳软件股份有限公司 Database client construction method and database operation method
CN112383548A (en) * 2020-11-13 2021-02-19 杭州弗兰科信息安全科技有限公司 Database access method, transmitting device, receiving device and terminal host
CN112800463A (en) * 2021-02-02 2021-05-14 天津五八到家货运服务有限公司 Information processing method, device and system
CN114238889A (en) * 2021-12-13 2022-03-25 北京天融信网络安全技术有限公司 Database login method and device
CN114745431B (en) * 2022-03-18 2023-09-29 上海道客网络科技有限公司 Non-invasive authority authentication method, system, medium and equipment based on side car technology
CN114745431A (en) * 2022-03-18 2022-07-12 上海道客网络科技有限公司 Side car technology-based non-invasive authority authentication method, system, medium and equipment
CN116204543A (en) * 2023-05-04 2023-06-02 天津金城银行股份有限公司 Method, system, computer and readable storage medium for keeping bill alive
CN116204543B (en) * 2023-05-04 2023-08-08 天津金城银行股份有限公司 Method, system, computer and readable storage medium for keeping bill alive

Also Published As

Publication number Publication date
CN110222531B (en) 2023-07-07

Similar Documents

Publication Publication Date Title
CN110222531A (en) A kind of method, system and equipment accessing database
CN111680305B (en) Data processing method, device and equipment based on block chain
WO2021239104A1 (en) Blockchain-based service processing
CN113012008B (en) Identity management method, device and equipment based on trusted hardware
US11258591B2 (en) Cryptographic key management based on identity information
TW201923640A (en) Service authorization method, apparatus and device
CN113010870B (en) Service processing method, device and equipment based on digital certificate
EP3206329B1 (en) Security check method, device, terminal and server
TWI724684B (en) Method, system and device for performing cryptographic operations subject to identity verification
CN109831435B (en) Database operation method, system, proxy server and storage medium
TWI728587B (en) Computer-implemented methods, systems, apparatus for securely performing cryptographic operations
KR102071438B1 (en) Payment authentication method and apparatus of mobile terminal and mobile terminal
CN113239853B (en) Biological identification method, device and equipment based on privacy protection
CN113472521A (en) Block chain-based real-name digital identity management method, signature device and verification device
TWI724681B (en) Managing cryptographic keys based on identity information
Abraham et al. SSI Strong Authentication using a Mobile-phone based Identity Wallet Reaching a High Level of Assurance.
CN111932261A (en) Asset data management method and device based on verifiable statement
US8745375B2 (en) Handling of the usage of software in a disconnected computing environment
Bratli Document Verification System on iOS with Face ID/Touch ID
TWI543015B (en) Near Field Communication Authentication System and Method Applied to Cloud Computing Environment
CN117436875A (en) Service execution method and device, storage medium and electronic equipment
CN116318981A (en) Method and user equipment for issuing verifiable statement
Lindemann UAF Authenticator Commands

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20201009

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant after: Innovative advanced technology Co.,Ltd.

Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant before: Advanced innovation technology Co.,Ltd.

Effective date of registration: 20201009

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant after: Advanced innovation technology Co.,Ltd.

Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands

Applicant before: Alibaba Group Holding Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant