Disclosure of Invention
The invention aims to provide a big data component access control method of an intelligent education platform, which starts with access link control through fine component access control to strengthen the security of a basic component.
The big data component access control method of the intelligent education platform provided by the embodiment of the invention comprises the following steps:
determining an authorization code of the user through an authorization module;
When a component access request of a user is received, the component access request is analyzed, and a target component of the user is obtained;
acquiring a verification strategy of a target component;
based on the verification policy and the authorization code, the component access request is verified, and when the verification passes, the user is permitted to access the target component.
Preferably, determining, by the authorization module, the authorization code of the user includes:
acquiring authority information and/or current login information of a user;
inputting the authority information and/or the login information into a preset neural network model to obtain an authorization code;
Or alternatively, the first and second heat exchangers may be,
Constructing an acquisition vector based on the authority information and/or the login information;
acquiring a preset authorization library, matching the acquired vector with an authorization vector in the authorization library, and acquiring an authorization code corresponding to the authorization vector matched with the acquired vector;
the obtained vector is matched with the authorization vector in the authorization library, and the matching formula is as follows:
Wherein Pi is the matching value of the acquired vector and the ith authorization vector in the authorization library; xj is the parameter value of the j-th dimension in the acquired vector; yi,j is the parameter value of the j-th dimension in the i-th authorization vector; n is the dimension of the acquisition vector or authorization vector.
Preferably, the login information includes: one or more of a user login mode, a password input mode, a login position and a login time are combined.
Preferably, verifying the component access request based on the verification policy and the authorization code includes:
acquiring an authorization list, a rejection exclusion list and an authorization exclusion list corresponding to the target component;
when the authorization code of the user is in the authorization list, and/or the authorization code of the user is in the rejection list, and/or the authorization code of the user is not in the authorization rejection list, and/or the authorization code of the user is not in the rejection list, the verification is passed;
wherein the authorization list comprises: an authorization code that allows access to the target data; the reject list includes: refusing to access the authorization code of the target data; the reject list includes: authorization codes that are not within the range of denied access; the authorization exclusion list includes: authorization codes that are not within the allowed access range.
Preferably, the big data component access control method of the intelligent education platform further comprises the following steps:
in the process of accessing the target component by the user, sending verification requirements to the user at intervals of preset time corresponding to the target component; the verification requirement is generated based on a verification library of the user;
receiving verification information input by a user through an intelligent pen;
matching the verification information with the verification information in the verification library, and allowing the user to continuously access the target component when the verification information is matched with the verification information, otherwise, refusing the user to access the target component;
wherein, the checking library is established in advance, and the checking library establishment steps are as follows:
When a user registers, extracting a preset number of check words from a preset standard library and displaying the check words to the user; the user writes the check word for many times through the intelligent pen;
sampling a check word written by a user, and determining the stroke order of the check word, the writing strength and writing time of each stroke in the stroke order;
and taking the check words, the stroke order, the writing force and the writing time as check information in a check library.
Preferably, the writing strength determining method is as follows:
Wherein Fk is the writing strength of the kth stroke written by the user in the determined verification library; n is the total number of times the user writes the check word; fi,k is the writing strength of the kth stroke when the user writes the check word for the ith time, and fj,k is the writing strength of the kth stroke when the user writes the check word for the jth time; when the writing force of the kth stroke written by the user falls onThe probability of (2) is greater thanWhen m is 1, otherwise, the value is 0; gamma is a preset first correction coefficient;
the writing time is determined as follows:
Wherein, Tk is the writing time of the kth stroke written by the user in the determined verification library; ti,k is the writing time of the kth stroke when the user writes the check word for the ith time, and tj,k is the writing time of the kth stroke when the user writes the check word for the jth time; when the writing time of the user writing the kth stroke falls withinThe probability of (2) is greater thanWhen M is 1, otherwise, the value is 0; θ is a preset second correction coefficient.
Preferably, before determining the authorization code of the user by the authorization module, the big data base component security management method of the intelligent education platform further comprises:
acquiring a first connection condition of login equipment of a user, wherein the first connection condition comprises the following steps: first device information of a first device connected to the login device;
when the first device information of the first device connected with the login device is in a preset trust list, determining an authorization code of a user through an authorization module;
when first equipment information of any first equipment connected with the login equipment is in a preset untrusted list, determining an authorization code of a user without an authorization module;
When the first device connected with the login device is in the trust list and the non-trust list, acquiring a second connection condition of the first device in the trust list and the non-trust list; determining a trust value of the first device which is neither in the trust list nor in the untrusted list based on the second connection condition, and determining an authorization code of the user through the authorization module when the trust value is greater than a preset value;
Wherein determining a trust value for the first device that is neither in the trust list nor in the untrusted list based on the second connection condition comprises:
analyzing the second connection condition to obtain second equipment connected with the first equipment;
Inquiring a preset trust value configuration table, and determining the trust value of each second device;
Based on the trust value of the second device, the trust value of the first device is calculated according to the following calculation formula:
Wherein DI is a trust value of the first device; dl is a trust value configured for a first second device connected to the first device; mul is a transfer coefficient of a trust value configured by the second device corresponding to the first device, and N is the total number of the second devices connected with the first device.
The invention also provides a big data component access control system of the intelligent education platform, which comprises:
an authorization module for determining an authorization code of the user;
the analysis module is used for analyzing the component access request to acquire a target component of the user when the component access request of the user is received;
The acquisition module is used for acquiring the verification strategy of the target component;
And the verification module is used for verifying the component access request based on the verification policy and the authorization code, and permitting the user to access the target component when the verification passes.
Preferably, determining, by the authorization module, the authorization code of the user includes:
acquiring authority information and/or current login information of a user;
inputting the authority information and/or the login information into a preset neural network model to obtain an authorization code;
Or alternatively, the first and second heat exchangers may be,
Constructing an acquisition vector based on the authority information and/or the login information;
acquiring a preset authorization library, matching the acquired vector with an authorization vector in the authorization library, and acquiring an authorization code corresponding to the authorization vector matched with the acquired vector;
the obtained vector is matched with the authorization vector in the authorization library, and the matching formula is as follows:
Wherein Pi is the matching value of the acquired vector and the ith authorization vector in the authorization library; xj is the parameter value of the j-th dimension in the acquired vector; yi,j is the parameter value of the j-th dimension in the i-th authorization vector; n is the dimension of the acquisition vector or authorization vector.
Preferably, the login information includes: one or more of a user login mode, a password input mode, a login position and a login time are combined.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims thereof as well as the appended drawings.
The technical scheme of the invention is further described in detail through the drawings and the embodiments.
Detailed Description
The preferred embodiments of the present invention will be described below with reference to the accompanying drawings, it being understood that the preferred embodiments described herein are for illustration and explanation of the present invention only, and are not intended to limit the present invention.
The embodiment of the invention provides a big data component access control method of an intelligent education platform, which is shown in figure 1 and comprises the following steps:
step S1: determining an authorization code of the user through an authorization module;
step S2: when a component access request of a user is received, the component access request is analyzed, and a target component of the user is obtained;
step S3: acquiring a verification strategy of a target component;
Step S4: based on the verification policy and the authorization code, the component access request is verified, and when the verification passes, the user is permitted to access the target component.
The working principle and the beneficial effects of the technical scheme are as follows:
before the user accesses the components, an authorization code is provided for the user through an authorization module, the authorization code is a unified pass verification code for each component to access and judge, a target component is extracted according to the component access request of the user, a verification strategy is extracted from the code of the target component, the authorization code is judged according to the verification strategy, the verification of the component access request is completed, and when the verification passes the permission of the user for access, otherwise, the verification is refused.
According to the big data component access control method of the intelligent education platform, fine component access control is achieved through the verification strategy and the authorization module, and security of the basic component is enhanced from access link control.
In one embodiment, as shown in fig. 2 and 3, determining, by the authorization module, an authorization code for a user includes:
step S11: acquiring authority information and/or current login information of a user;
Step S12: inputting the authority information and/or the login information into a preset neural network model to obtain an authorization code;
Or alternatively, the first and second heat exchangers may be,
Step S21: constructing an acquisition vector based on the authority information and/or the login information;
step S22: acquiring a preset authorization library, matching the acquired vector with an authorization vector in the authorization library, and acquiring an authorization code corresponding to the authorization vector matched with the acquired vector;
the obtained vector is matched with the authorization vector in the authorization library, and the matching formula is as follows:
Wherein Pi is the matching value of the acquired vector and the ith authorization vector in the authorization library; xj is the parameter value of the j-th dimension in the acquired vector; yi,j is the parameter value of the j-th dimension in the i-th authorization vector; n is the dimension of the acquisition vector or authorization vector.
Preferably, the login information includes: one or more of a user login mode, a password input mode, a login position and a login time are combined.
The working principle and the beneficial effects of the technical scheme are as follows:
The authorization code is determined mainly according to the authority information of the user and the login information; the login information comprises a login mode, a password input mode, a login position and login time adopted by a user; for example: when the login information shows that the user logs in by adopting a password input mode of the intelligent pen, the acquired authorization code is higher in level; the login position is the common position of the user, the obtained authorization code is higher in level, and the obtained authorization code is higher in level when the login time is the common login time of the user.
In one embodiment, authenticating the component access request based on the authentication policy and the authorization code includes:
acquiring an authorization list, a rejection exclusion list and an authorization exclusion list corresponding to the target component;
when the authorization code of the user is in the authorization list, and/or the authorization code of the user is in the rejection list, and/or the authorization code of the user is not in the authorization rejection list, and/or the authorization code of the user is not in the rejection list, the verification is passed;
wherein the authorization list comprises: an authorization code that allows access to the target data; the reject list includes: refusing to access the authorization code of the target data; the reject list includes: authorization codes that are not within the range of denied access; the authorization exclusion list includes: authorization codes that are not within the allowed access range.
The working principle and the beneficial effects of the technical scheme are as follows:
the verification policy is to verify the authorization code through one or more of an authorization list, a rejection list, and an authorization list, so as to determine whether the user can access the target component.
In one embodiment, the big data component access control method of the intelligent education platform further comprises:
in the process of accessing the target component by the user, sending verification requirements to the user at intervals of preset time corresponding to the target component; the verification requirement is generated based on a verification library of the user;
receiving verification information input by a user through an intelligent pen;
matching the verification information with the verification information in the verification library, and allowing the user to continuously access the target component when the verification information is matched with the verification information, otherwise, refusing the user to access the target component;
wherein, the checking library is established in advance, and the checking library establishment steps are as follows:
When a user registers, extracting a preset number of check words from a preset standard library and displaying the check words to the user; the user writes the check word for many times through the intelligent pen;
sampling a check word written by a user, and determining the stroke order of the check word, the writing strength and writing time of each stroke in the stroke order;
and taking the check words, the stroke order, the writing force and the writing time as check information in a check library.
The working principle and the beneficial effects of the technical scheme are as follows:
The check words written by the user during registration are taken as the establishment basis of a check library, so that the check words have relatively high representativeness, and the user identity is inquired in the user access process, so that the condition of the user can be effectively tracked and accessed, and the safety of the basic component is improved.
In one embodiment, the writing strength determination method is as follows:
Wherein Fk is the writing strength of the kth stroke written by the user in the determined verification library; n is the total number of times the user writes the check word; fi,k is the writing strength of the kth stroke when the user writes the check word for the ith time, and fj,k is the writing strength of the kth stroke when the user writes the check word for the jth time; when the writing force of the kth stroke written by the user falls onThe probability of (2) is greater thanWhen m is 1, otherwise, the value is 0; gamma is a preset first correction coefficient;
the writing time is determined as follows:
Wherein, Tk is the writing time of the kth stroke written by the user in the determined verification library; ti,k is the writing time of the kth stroke when the user writes the check word for the ith time, and tj,k is the writing time of the kth stroke when the user writes the check word for the jth time; when the writing time of the user writing the kth stroke falls withinThe probability of (2) is greater thanWhen M is 1, otherwise, the value is 0; θ is a preset second correction coefficient.
The working principle and the beneficial effects of the technical scheme are as follows:
The writing force and the writing time are extracted on the basis of a certain amount of data, a standard which takes the writing force and the writing time as verification is established, the accuracy of the standard is ensured, and the accuracy of verification is further improved. During verification, the similarity between the reference and the data in the currently input verification information can be used as judgment of verification passing, and when the similarity is larger than a preset judgment value, the verification is passed. In addition, the judgment threshold value can be further determined according to the first information and the second information on the basis of the standard, and the threshold value can be half of the maximum deviation of writing force or writing time, namely, the difference between the data in the currently input verification information and the standard is within the threshold value range, namely, the verification is passed.
In one embodiment, the big data base component security management method of the intelligent education platform further comprises, before determining the authorization code of the user by the authorization module:
acquiring a first connection condition of login equipment of a user, wherein the first connection condition comprises the following steps: first device information of a first device connected to the login device;
when the first device information of the first device connected with the login device is in a preset trust list, determining an authorization code of a user through an authorization module;
when first equipment information of any first equipment connected with the login equipment is in a preset untrusted list, determining an authorization code of a user without an authorization module;
When the first device connected with the login device is in the trust list and the non-trust list, acquiring a second connection condition of the first device in the trust list and the non-trust list; determining a trust value of the first device which is neither in the trust list nor in the untrusted list based on the second connection condition, and determining an authorization code of the user through the authorization module when the trust value is greater than a preset value;
Wherein determining a trust value for the first device that is neither in the trust list nor in the untrusted list based on the second connection condition comprises:
analyzing the second connection condition to obtain second equipment connected with the first equipment;
Inquiring a preset trust value configuration table, and determining the trust value of each second device;
Based on the trust value of the second device, the trust value of the first device is calculated according to the following calculation formula:
Wherein DI is a trust value of the first device; dl is a trust value configured for a first second device connected to the first device; mul is a transfer coefficient of a trust value configured by the second device corresponding to the first device, and N is the total number of the second devices connected with the first device.
The working principle and the beneficial effects of the technical scheme are as follows:
Before determining the authorization code of the user, determining the connection condition of the login equipment of the user, and guaranteeing the credibility of the equipment connected to the intelligent education platform, so that malicious users are prevented from indirectly accessing the basic component through the login equipment connected to the user with access rights, the safety of the login equipment environment is guaranteed, and the safety of the basic component is improved.
The invention also provides a big data component access control system of the intelligent education platform, as shown in figure 4, comprising:
an authorization module 11 for determining an authorization code of the user;
the parsing module 12 is configured to parse the component access request to obtain a target component of the user when receiving the component access request of the user;
an obtaining module 13, configured to obtain a verification policy of the target component;
the verification module 14 is configured to verify the component access request based on the verification policy and the authorization code, and when the verification passes, grant the user access to the target component.
The working principle and the beneficial effects of the technical scheme are as follows:
before the user accesses the components, an authorization code is provided for the user through an authorization module, the authorization code is a unified pass verification code for each component to access and judge, a target component is extracted according to the component access request of the user, a verification strategy is extracted from the code of the target component, the authorization code is judged according to the verification strategy, the verification of the component access request is completed, and when the verification passes the permission of the user for access, otherwise, the verification is refused.
According to the big data component access control system of the intelligent education platform, fine component access control is achieved through the verification strategy and the authorization module, and security of a basic component is enhanced from access link control.
In one embodiment, determining, by the authorization module, an authorization code for the user includes:
acquiring authority information and/or current login information of a user;
inputting the authority information and/or the login information into a preset neural network model to obtain an authorization code;
Or alternatively, the first and second heat exchangers may be,
Constructing an acquisition vector based on the authority information and/or the login information;
acquiring a preset authorization library, matching the acquired vector with an authorization vector in the authorization library, and acquiring an authorization code corresponding to the authorization vector matched with the acquired vector;
the obtained vector is matched with the authorization vector in the authorization library, and the matching formula is as follows:
Wherein Pi is the matching value of the acquired vector and the ith authorization vector in the authorization library; xj is the parameter value of the j-th dimension in the acquired vector; yi,j is the parameter value of the j-th dimension in the i-th authorization vector; n is the dimension of the acquisition vector or authorization vector.
Preferably, the login information includes: one or more of a user login mode, a password input mode, a login position and a login time are combined.
The working principle and the beneficial effects of the technical scheme are as follows:
The authorization code is determined mainly according to the authority information of the user and the login information; the login information comprises a login mode, a password input mode, a login position and login time adopted by a user; for example: when the login information shows that the user logs in by adopting a password input mode of the intelligent pen, the acquired authorization code is higher in level; the login position is the common position of the user, the obtained authorization code is higher in level, and the obtained authorization code is higher in level when the login time is the common login time of the user.
In one embodiment, authenticating the component access request based on the authentication policy and the authorization code includes:
acquiring an authorization list, a rejection exclusion list and an authorization exclusion list corresponding to the target component;
when the authorization code of the user is in the authorization list, and/or the authorization code of the user is in the rejection list, and/or the authorization code of the user is not in the authorization rejection list, and/or the authorization code of the user is not in the rejection list, the verification is passed;
wherein the authorization list comprises: an authorization code that allows access to the target data; the reject list includes: refusing to access the authorization code of the target data; the reject list includes: authorization codes that are not within the range of denied access; the authorization exclusion list includes: authorization codes that are not within the allowed access range.
The working principle and the beneficial effects of the technical scheme are as follows:
the verification policy is to verify the authorization code through one or more of an authorization list, a rejection list, and an authorization list, so as to determine whether the user can access the target component.
In one embodiment, the big data component access control method of the intelligent education platform further comprises:
in the process of accessing the target component by the user, sending verification requirements to the user at intervals of preset time corresponding to the target component; the verification requirement is generated based on a verification library of the user;
receiving verification information input by a user through an intelligent pen;
matching the verification information with the verification information in the verification library, and allowing the user to continuously access the target component when the verification information is matched with the verification information, otherwise, refusing the user to access the target component;
wherein, the checking library is established in advance, and the checking library establishment steps are as follows:
When a user registers, extracting a preset number of check words from a preset standard library and displaying the check words to the user; the user writes the check word for many times through the intelligent pen;
sampling a check word written by a user, and determining the stroke order of the check word, the writing strength and writing time of each stroke in the stroke order;
and taking the check words, the stroke order, the writing force and the writing time as check information in a check library.
The working principle and the beneficial effects of the technical scheme are as follows:
The check words written by the user during registration are taken as the establishment basis of a check library, so that the check words have relatively high representativeness, and the user identity is inquired in the user access process, so that the condition of the user can be effectively tracked and accessed, and the safety of the basic component is improved.
In one embodiment, the writing strength determination method is as follows:
Wherein Fk is the writing strength of the kth stroke written by the user in the determined verification library; n is the total number of times the user writes the check word; fi,k is the writing strength of the kth stroke when the user writes the check word for the ith time, and fj,k is the writing strength of the kth stroke when the user writes the check word for the jth time; when the writing force of the kth stroke written by the user falls onThe probability of (2) is greater thanWhen m is 1, otherwise, the value is 0; gamma is a preset first correction coefficient;
the writing time is determined as follows:
Wherein, Tk is the writing time of the kth stroke written by the user in the determined verification library; ti,k is the writing time of the kth stroke when the user writes the check word for the ith time, and tj,k is the writing time of the kth stroke when the user writes the check word for the jth time; when the writing time of the user writing the kth stroke falls withinThe probability of (2) is greater thanWhen M is 1, otherwise, the value is 0; θ is a preset second correction coefficient.
The working principle and the beneficial effects of the technical scheme are as follows:
The writing force and the writing time are extracted on the basis of a certain amount of data, a standard which takes the writing force and the writing time as verification is established, the accuracy of the standard is ensured, and the accuracy of verification is further improved. During verification, the similarity between the reference and the data in the currently input verification information can be used as judgment of verification passing, and when the similarity is larger than a preset judgment value, the verification is passed. In addition, the judgment threshold value can be further determined according to the first information and the second information on the basis of the standard, and the threshold value can be half of the maximum deviation of writing force or writing time, namely, the difference between the data in the currently input verification information and the standard is within the threshold value range, namely, the verification is passed.
In one embodiment, the big data base component security management method of the intelligent education platform further comprises, before determining the authorization code of the user by the authorization module:
acquiring a first connection condition of login equipment of a user, wherein the first connection condition comprises the following steps: first device information of a first device connected to the login device;
when the first device information of the first device connected with the login device is in a preset trust list, determining an authorization code of a user through an authorization module;
when first equipment information of any first equipment connected with the login equipment is in a preset untrusted list, determining an authorization code of a user without an authorization module;
When the first device connected with the login device is in the trust list and the non-trust list, acquiring a second connection condition of the first device in the trust list and the non-trust list; determining a trust value of the first device which is neither in the trust list nor in the untrusted list based on the second connection condition, and determining an authorization code of the user through the authorization module when the trust value is greater than a preset value;
Wherein determining a trust value for the first device that is neither in the trust list nor in the untrusted list based on the second connection condition comprises:
analyzing the second connection condition to obtain second equipment connected with the first equipment;
Inquiring a preset trust value configuration table, and determining the trust value of each second device;
Based on the trust value of the second device, the trust value of the first device is calculated according to the following calculation formula:
Wherein DI is a trust value of the first device; dl is a trust value configured for a first second device connected to the first device; mul is a transfer coefficient of a trust value configured by the second device corresponding to the first device, and N is the total number of the second devices connected with the first device.
The working principle and the beneficial effects of the technical scheme are as follows:
Before determining the authorization code of the user, determining the connection condition of the login equipment of the user, and guaranteeing the credibility of the equipment connected to the intelligent education platform, so that malicious users are prevented from indirectly accessing the basic component through the login equipment connected to the user with access rights, the safety of the login equipment environment is guaranteed, and the safety of the basic component is improved.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.