CN109040123A - A kind of user's operation supervisory systems - Google Patents

A kind of user's operation supervisory systems Download PDF

Info

Publication number
CN109040123A
CN109040123A CN201811075536.4A CN201811075536A CN109040123A CN 109040123 A CN109040123 A CN 109040123A CN 201811075536 A CN201811075536 A CN 201811075536A CN 109040123 A CN109040123 A CN 109040123A
Authority
CN
China
Prior art keywords
user
list
server
account
monitoring equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201811075536.4A
Other languages
Chinese (zh)
Inventor
王应静
孙伟明
吕大为
蔡阿芳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NANJING LIGONG TECHNOLOGY TRANSFER CENTER Co Ltd
Original Assignee
NANJING LIGONG TECHNOLOGY TRANSFER CENTER Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NANJING LIGONG TECHNOLOGY TRANSFER CENTER Co Ltd filed Critical NANJING LIGONG TECHNOLOGY TRANSFER CENTER Co Ltd
Priority to CN201811075536.4A priority Critical patent/CN109040123A/en
Publication of CN109040123A publication Critical patent/CN109040123A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention relates to a kind of user's operation supervisory systems, comprising: monitoring equipment, user terminal, server and third party's security server;The monitoring equipment can prescribe a time limit in the operation requests of user beyond registration rights, it whether is that high-risk operation and sensitive operation judge to the operation, the action value of temporary Authorization certificate and user account is introduced simultaneously, it is achieved in the judgement to operation license, simultaneously for the different certificate of authority of different user settings and validity period, and the judgement to account action value, the tedious steps that user applies for permission have not only been saved, and the treatment effeciency of request is improved, improve user experience.

Description

A kind of user's operation supervisory systems
Technical field
The present invention relates to the communications fields, and in particular to a kind of user's operation supervisory systems.
Background technique
With the development of communication technology, it has been to the operation of database, storage system and equipment by network implementations Present mainstream way to manage.User can be managed control to corresponding resource, equipment by logging in oneself account. In order to improve the efficiency of management, in the prior art, permissions usually different to different user settings, i.e. user can only carry out permission Operation, although social progress, the development of network, the demand of user can also change therewith, rely solely on the power of user Limit carries out operation permissive judgement, is no longer satisfied the demand of user, the supervision for needing to provide a kind of user's operation thus is set It sets, to improve the experience of user.
Summary of the invention
The present invention provides a kind of user's operation supervisory systems, to overcome the operation of user in the prior art to permit to expire Sufficient user demand technical problem.
In order to solve the above-mentioned technical problems, the present invention provides a kind of user's operation supervisory systems, comprising: monitoring equipment, User terminal, server and third party's security server;Wherein the monitoring equipment provides a user the portal of login service device, And the operation requests of user are obtained from user terminal;The monitoring equipment is also adjacent with server and third party's security server, To obtain user right list from server according to the log-on message of user;And the monitoring equipment is further adapted for pacifying from third party Full server obtains temporary Authorization certificate.
Further, the monitoring equipment includes: login module: for providing the portal of login service device for user;First Obtain module: for obtaining user right list from server according to the log-on message of user;Second obtains module: for obtaining The operation requests of user;Judgment module: judge whether the operation requests of user are legal according to user right list;If legal Allow to operate, otherwise, refusal operation;Wherein, user right list include: user's registration permissions list, it is high-risk operating list, quick Feel operating list.
Further, the judgment module is suitable for judging whether operation requests close according to the registration permissions list of user first Method determines whether operation requests are high-risk operation according to high-risk operating list, if it is, to user's if illegal Account is inquired, and whether check has temporary Authorization certificate in user account, if so, then allowing to operate, if it is not, refusing Absolutely.
Further, if it is determined that it is high-risk operation that module, which judges operation requests not, then judge to grasp according to sensitive operation list It opposes as if no if it is, the account level to user judges checks whether the action value of account reaches for sensitive resource To the thresholding of above-mentioned sensitive operation is executed, if it is, allowing to operate, if it is not, then refusal.
Further, if it is determined that module judges operation requests neither high-risk operation is also not sensitive operation, then allow to use Family operation.
Further, before obtaining operation requests, the monitoring equipment is suitable for receiving user from third party's security server The temporary Authorization certificate of acquisition;Third party's security server realizes the management to user right.
Further, user right list is stored in the server in the form of ciphertext, and according to user account and/or access The address of terminal carries out partitioned storage.
Further, the judgment module is checked in user account when whether having temporary Authorization certificate, is further adapted for checking described Whether temporary Authorization certificate is in validity period.
The invention has the advantages that user's operation supervisory systems provided by the invention can be super in the operation requests of user Whether registration rights are prescribed a time limit out, be that high-risk operation and sensitive operation judge, while introducing temporary Authorization certificate to the operation And the action value of user account, it is achieved in the judgement to operation license, further improves user experience.
Detailed description of the invention
Present invention will be further explained below with reference to the attached drawings and examples.
Fig. 1 is the functional block diagram of user's operation supervisory systems of the invention.
Specific embodiment
In conjunction with the accompanying drawings, the present invention is further explained in detail.These attached drawings are simplified schematic diagram, only with Illustration illustrates basic structure of the invention, therefore it only shows the composition relevant to the invention.
Embodiment
As shown in Figure 1, present embodiments providing a kind of user's operation supervisory systems, comprising: monitoring equipment, the user are whole End, server and third party's security server;Wherein the monitoring equipment provides a user the portal of login service device, and from The operation requests of family terminal acquisition user;The monitoring equipment is also adjacent with server and third party's security server, with basis The log-on message of user obtains user right list from server;And the monitoring equipment is further adapted for from third party's security service Device obtains temporary Authorization certificate.
Specifically, the monitoring equipment specifically includes in order to improve the supervision to user's operation: login module: for for The portal of user's offer login service device;First obtains module: for the log-on message login service device according to user, and from clothes Business device obtains user right list;Second obtains module: for obtaining the operation requests of user;Judgment module: it is weighed according to user Limit list judges whether the operation requests of user are legal;Allow to operate if legal, otherwise, refusal operation;Wherein, Yong Huquan Limit list specifically includes: user's registration permissions list, high-risk operating list, sensitive operation list.Different operations is divided Class can judge the permissive of operation according to the practical operation of user, rather than depend only on original permission, to improve The experience of user.
Wherein, judgment module is further used for: judging whether operation requests close according to the registration permissions list of user first Method determines whether operation requests are high-risk operation according to high-risk operating list, if it is, to user's if illegal Account is inquired, and whether check has temporary Authorization certificate in user account, if so, then allowing to operate, if it is not, refusing Absolutely.
Preferably, when checking temporary Authorization certificate, it is also necessary to check whether the certificate is in validity period, if be in In validity period, then effectively, allow the operation requests of user, otherwise, refuses operation requests.
If it is determined that operation requests are not high-risk operations, then judge whether operation object is sensitive according to sensitive operation list Resource checks whether the action value of account reaches and executes above-mentioned sensitive behaviour if it is, the account level to user judges The thresholding of work, if it is, allowing to operate, if it is not, then refusal.
Preferably, the action value of account can be weighted consideration according to the growth of user, contribution etc., can at long value To be indicated according to the account of user rank of growing up, contribution aspect can according to user to contribution in server there are object, Such as when operation object is file, its tribute can be determined according to adopt situation of the user to the opinions or suggestions that file modification proposes Degree of offering;The action value that user account is determined according to the growth of user, contribution situation, thus judges its operating rights to sensitive resource Limit, can not only save the cumbersome process that user re-starts authority application, additionally it is possible to improve the treatment effeciency of request, improve and use The experience at family.
If when aforesaid operations request neither high-risk operation is nor sensitive operation, allows user's operation.
Wherein, before obtaining operation requests, the equipment reception user obtains interim from third party's security server The certificate of authority;Preferably, when issuing temporary Authorization certificate, while the information such as effective deadline for indicating the certificate, so as to Judge the validity of certificate.Preferably, the permanent certificate of authority can also be issued for specific user, i.e., according to the reality of user Situation provides different authorization scenes for user, meets the different demands of different user.
Wherein, third party's security server realizes the management to user right.Third party's security server further may be used To provide user right list for server.User registers in third party's security server, registration permission is obtained, with realization pair The operating right of the object of object or server admin in server, while third party's security server is for different money Source, operation carry out the division of type, to determine the sensitive operation and high-risk operation except user's registration permission, and store it in In the corresponding storage region of server.
Wherein, user right list is stored in the form of ciphertext in the server, according to user account and/or access terminal Address carry out partitioned storage;Partitioned storage is more easily implemented the management to information, can directly obtain after user's logon account Take corresponding information.
The user's operation supervisory systems of the present embodiment can prescribe a time limit in the operation requests of user beyond registration rights, to the operation It whether is that high-risk operation and sensitive operation are judged, while introducing the action value of temporary Authorization certificate and user account, It is achieved in the judgement to operation license, simultaneously for the different certificate of authority of different user settings and validity period and right The judgement of account action value has not only saved user and has applied for the tedious steps of permission, but also improved the treatment effeciency of request, mentions High user experience.
Taking the above-mentioned ideal embodiment according to the present invention as inspiration, through the above description, relevant staff is complete Various changes and amendments can be carried out without departing from the scope of the technological thought of the present invention' entirely.The technology of this invention Property range is not limited to the contents of the specification, it is necessary to which the technical scope thereof is determined according to the scope of the claim.

Claims (8)

1. a kind of user's operation supervises subsystem characterized by comprising
Monitoring equipment, user terminal, server and third party's security server;Wherein
The monitoring equipment provides a user the portal of login service device, and the operation requests of user are obtained from user terminal;
The monitoring equipment is also adjacent with server and third party's security server, with according to the log-on message of user from server Obtain user right list;And
The monitoring equipment is further adapted for obtaining temporary Authorization certificate from third party's security server.
2. environment inside car regulating system according to claim 1, it is characterised in that
The monitoring equipment includes:
Login module: for providing the portal of login service device for user;
First obtains module: for obtaining user right list from server according to the log-on message of user;
Second obtains module: for obtaining the operation requests of user;
Judgment module: judge whether the operation requests of user are legal according to user right list;Allow to operate if legal, it is no Then, refusal operation;
Wherein, user right list includes: user's registration permissions list, high-risk operating list, sensitive operation list.
3. environment inside car regulating system according to claim 2, which is characterized in that
Whether the judgment module is suitable for judging operation requests according to the registration permissions list of user first legal, if do not conformed to Method then determines whether operation requests are high-risk operation according to high-risk operating list, if it is, the account to user is looked into It askes, whether in user account have temporary Authorization certificate, if so, then allowing to operate, if it is not, refusal if checking.
4. environment inside car regulating system according to claim 3, which is characterized in that
If it is determined that it is high-risk operation that module, which judges operation requests not, then according to sensitive operation list judge operation object whether be It is above-mentioned quick to check whether the action value of account reaches execution if it is, the account level to user judges for sensitive resource The thresholding of operation is felt, if it is, allowing to operate, if it is not, then refusal.
5. according to the described in any item environment inside car regulating systems of claim 2-4, which is characterized in that
If it is determined that module judges operation requests neither high-risk operation is also not sensitive operation, then allow user's operation.
6. environment inside car regulating system according to claim 5, which is characterized in that
Before obtaining operation requests, the monitoring equipment is temporarily awarded suitable for what reception user obtained from third party's security server Warrant book;
Third party's security server realizes the management to user right.
7. environment inside car regulating system according to claim 6, which is characterized in that
User right list is stored in the server in the form of ciphertext, and according to user account and/or the address of access terminal Carry out partitioned storage.
8. environment inside car regulating system according to claim 5, which is characterized in that
When the judgment module checks in user account whether there is temporary Authorization certificate, it is further adapted for checking the temporary Authorization certificate Whether within the validity period.
CN201811075536.4A 2018-09-14 2018-09-14 A kind of user's operation supervisory systems Withdrawn CN109040123A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811075536.4A CN109040123A (en) 2018-09-14 2018-09-14 A kind of user's operation supervisory systems

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811075536.4A CN109040123A (en) 2018-09-14 2018-09-14 A kind of user's operation supervisory systems

Publications (1)

Publication Number Publication Date
CN109040123A true CN109040123A (en) 2018-12-18

Family

ID=64622281

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811075536.4A Withdrawn CN109040123A (en) 2018-09-14 2018-09-14 A kind of user's operation supervisory systems

Country Status (1)

Country Link
CN (1) CN109040123A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103731434A (en) * 2014-01-21 2014-04-16 国家电网公司 Security protection method specific to unauthorized access
CN106027462A (en) * 2016-01-21 2016-10-12 李明 Operation request control method and device
CN106230818A (en) * 2016-08-01 2016-12-14 浪潮(苏州)金融技术服务有限公司 A kind of resource authorization method of information management system
US20180234586A1 (en) * 2014-08-14 2018-08-16 Fuji Xerox Co., Ltd. Image processing apparatus, image processing method, and non-transitory computer readable mediumse

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103731434A (en) * 2014-01-21 2014-04-16 国家电网公司 Security protection method specific to unauthorized access
US20180234586A1 (en) * 2014-08-14 2018-08-16 Fuji Xerox Co., Ltd. Image processing apparatus, image processing method, and non-transitory computer readable mediumse
CN106027462A (en) * 2016-01-21 2016-10-12 李明 Operation request control method and device
CN106230818A (en) * 2016-08-01 2016-12-14 浪潮(苏州)金融技术服务有限公司 A kind of resource authorization method of information management system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
景志刚,胡艳军,顾建新: "基于Web 的***权限管理实现方法", 《计算机工程》 *

Similar Documents

Publication Publication Date Title
US10055561B2 (en) Identity risk score generation and implementation
CN105072135B (en) A kind of the authorization method for authenticating and system of cloud file-sharing
CA3087858C (en) Authentication and authorization using tokens with action identification
CN104811465B (en) The decision-making technique and equipment of a kind of access control
EP2620893B1 (en) Role-based access control permissions
CN108200050A (en) Single logging-on server, method and computer readable storage medium
CN109643242A (en) Safe design and framework for multi-tenant HADOOP cluster
CN107104931A (en) A kind of access control method and platform
US20060242294A1 (en) Router-host logging
CN108259422A (en) A kind of multi-tenant access control method and device
CN107682285A (en) A kind of isomery cloud platform unified resource authorization method
CN102111407B (en) Access control privacy protection method using user as center
CN101547202B (en) Method and device for processing security level of device on the net
CN103178969B (en) A kind of service authentication method and system
CN103415847B (en) System and method for accessing service
CN111062028A (en) Authority management method and device, storage medium and electronic equipment
CN112187725A (en) Cloud computing resource access method and device, service line service and gateway
WO2016134482A1 (en) License management for device management system
CN106487770B (en) Method for authenticating and authentication device
CN103248485B (en) A kind of electric power secondary system access control method based on safety label and system
CN109040123A (en) A kind of user's operation supervisory systems
CN116566614A (en) Access control enforcement architecture for dynamic manufacturing systems
CN106503493B (en) Application authority management method and system
CN109309686A (en) Multi-tenant management method and device
CN108462685A (en) Based on binary electric vehicle data interconnection intercommunication authority control method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20181218

WW01 Invention patent application withdrawn after publication