CN109040123A - A kind of user's operation supervisory systems - Google Patents
A kind of user's operation supervisory systems Download PDFInfo
- Publication number
- CN109040123A CN109040123A CN201811075536.4A CN201811075536A CN109040123A CN 109040123 A CN109040123 A CN 109040123A CN 201811075536 A CN201811075536 A CN 201811075536A CN 109040123 A CN109040123 A CN 109040123A
- Authority
- CN
- China
- Prior art keywords
- user
- list
- server
- account
- monitoring equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention relates to a kind of user's operation supervisory systems, comprising: monitoring equipment, user terminal, server and third party's security server;The monitoring equipment can prescribe a time limit in the operation requests of user beyond registration rights, it whether is that high-risk operation and sensitive operation judge to the operation, the action value of temporary Authorization certificate and user account is introduced simultaneously, it is achieved in the judgement to operation license, simultaneously for the different certificate of authority of different user settings and validity period, and the judgement to account action value, the tedious steps that user applies for permission have not only been saved, and the treatment effeciency of request is improved, improve user experience.
Description
Technical field
The present invention relates to the communications fields, and in particular to a kind of user's operation supervisory systems.
Background technique
With the development of communication technology, it has been to the operation of database, storage system and equipment by network implementations
Present mainstream way to manage.User can be managed control to corresponding resource, equipment by logging in oneself account.
In order to improve the efficiency of management, in the prior art, permissions usually different to different user settings, i.e. user can only carry out permission
Operation, although social progress, the development of network, the demand of user can also change therewith, rely solely on the power of user
Limit carries out operation permissive judgement, is no longer satisfied the demand of user, the supervision for needing to provide a kind of user's operation thus is set
It sets, to improve the experience of user.
Summary of the invention
The present invention provides a kind of user's operation supervisory systems, to overcome the operation of user in the prior art to permit to expire
Sufficient user demand technical problem.
In order to solve the above-mentioned technical problems, the present invention provides a kind of user's operation supervisory systems, comprising: monitoring equipment,
User terminal, server and third party's security server;Wherein the monitoring equipment provides a user the portal of login service device,
And the operation requests of user are obtained from user terminal;The monitoring equipment is also adjacent with server and third party's security server,
To obtain user right list from server according to the log-on message of user;And the monitoring equipment is further adapted for pacifying from third party
Full server obtains temporary Authorization certificate.
Further, the monitoring equipment includes: login module: for providing the portal of login service device for user;First
Obtain module: for obtaining user right list from server according to the log-on message of user;Second obtains module: for obtaining
The operation requests of user;Judgment module: judge whether the operation requests of user are legal according to user right list;If legal
Allow to operate, otherwise, refusal operation;Wherein, user right list include: user's registration permissions list, it is high-risk operating list, quick
Feel operating list.
Further, the judgment module is suitable for judging whether operation requests close according to the registration permissions list of user first
Method determines whether operation requests are high-risk operation according to high-risk operating list, if it is, to user's if illegal
Account is inquired, and whether check has temporary Authorization certificate in user account, if so, then allowing to operate, if it is not, refusing
Absolutely.
Further, if it is determined that it is high-risk operation that module, which judges operation requests not, then judge to grasp according to sensitive operation list
It opposes as if no if it is, the account level to user judges checks whether the action value of account reaches for sensitive resource
To the thresholding of above-mentioned sensitive operation is executed, if it is, allowing to operate, if it is not, then refusal.
Further, if it is determined that module judges operation requests neither high-risk operation is also not sensitive operation, then allow to use
Family operation.
Further, before obtaining operation requests, the monitoring equipment is suitable for receiving user from third party's security server
The temporary Authorization certificate of acquisition;Third party's security server realizes the management to user right.
Further, user right list is stored in the server in the form of ciphertext, and according to user account and/or access
The address of terminal carries out partitioned storage.
Further, the judgment module is checked in user account when whether having temporary Authorization certificate, is further adapted for checking described
Whether temporary Authorization certificate is in validity period.
The invention has the advantages that user's operation supervisory systems provided by the invention can be super in the operation requests of user
Whether registration rights are prescribed a time limit out, be that high-risk operation and sensitive operation judge, while introducing temporary Authorization certificate to the operation
And the action value of user account, it is achieved in the judgement to operation license, further improves user experience.
Detailed description of the invention
Present invention will be further explained below with reference to the attached drawings and examples.
Fig. 1 is the functional block diagram of user's operation supervisory systems of the invention.
Specific embodiment
In conjunction with the accompanying drawings, the present invention is further explained in detail.These attached drawings are simplified schematic diagram, only with
Illustration illustrates basic structure of the invention, therefore it only shows the composition relevant to the invention.
Embodiment
As shown in Figure 1, present embodiments providing a kind of user's operation supervisory systems, comprising: monitoring equipment, the user are whole
End, server and third party's security server;Wherein the monitoring equipment provides a user the portal of login service device, and from
The operation requests of family terminal acquisition user;The monitoring equipment is also adjacent with server and third party's security server, with basis
The log-on message of user obtains user right list from server;And the monitoring equipment is further adapted for from third party's security service
Device obtains temporary Authorization certificate.
Specifically, the monitoring equipment specifically includes in order to improve the supervision to user's operation: login module: for for
The portal of user's offer login service device;First obtains module: for the log-on message login service device according to user, and from clothes
Business device obtains user right list;Second obtains module: for obtaining the operation requests of user;Judgment module: it is weighed according to user
Limit list judges whether the operation requests of user are legal;Allow to operate if legal, otherwise, refusal operation;Wherein, Yong Huquan
Limit list specifically includes: user's registration permissions list, high-risk operating list, sensitive operation list.Different operations is divided
Class can judge the permissive of operation according to the practical operation of user, rather than depend only on original permission, to improve
The experience of user.
Wherein, judgment module is further used for: judging whether operation requests close according to the registration permissions list of user first
Method determines whether operation requests are high-risk operation according to high-risk operating list, if it is, to user's if illegal
Account is inquired, and whether check has temporary Authorization certificate in user account, if so, then allowing to operate, if it is not, refusing
Absolutely.
Preferably, when checking temporary Authorization certificate, it is also necessary to check whether the certificate is in validity period, if be in
In validity period, then effectively, allow the operation requests of user, otherwise, refuses operation requests.
If it is determined that operation requests are not high-risk operations, then judge whether operation object is sensitive according to sensitive operation list
Resource checks whether the action value of account reaches and executes above-mentioned sensitive behaviour if it is, the account level to user judges
The thresholding of work, if it is, allowing to operate, if it is not, then refusal.
Preferably, the action value of account can be weighted consideration according to the growth of user, contribution etc., can at long value
To be indicated according to the account of user rank of growing up, contribution aspect can according to user to contribution in server there are object,
Such as when operation object is file, its tribute can be determined according to adopt situation of the user to the opinions or suggestions that file modification proposes
Degree of offering;The action value that user account is determined according to the growth of user, contribution situation, thus judges its operating rights to sensitive resource
Limit, can not only save the cumbersome process that user re-starts authority application, additionally it is possible to improve the treatment effeciency of request, improve and use
The experience at family.
If when aforesaid operations request neither high-risk operation is nor sensitive operation, allows user's operation.
Wherein, before obtaining operation requests, the equipment reception user obtains interim from third party's security server
The certificate of authority;Preferably, when issuing temporary Authorization certificate, while the information such as effective deadline for indicating the certificate, so as to
Judge the validity of certificate.Preferably, the permanent certificate of authority can also be issued for specific user, i.e., according to the reality of user
Situation provides different authorization scenes for user, meets the different demands of different user.
Wherein, third party's security server realizes the management to user right.Third party's security server further may be used
To provide user right list for server.User registers in third party's security server, registration permission is obtained, with realization pair
The operating right of the object of object or server admin in server, while third party's security server is for different money
Source, operation carry out the division of type, to determine the sensitive operation and high-risk operation except user's registration permission, and store it in
In the corresponding storage region of server.
Wherein, user right list is stored in the form of ciphertext in the server, according to user account and/or access terminal
Address carry out partitioned storage;Partitioned storage is more easily implemented the management to information, can directly obtain after user's logon account
Take corresponding information.
The user's operation supervisory systems of the present embodiment can prescribe a time limit in the operation requests of user beyond registration rights, to the operation
It whether is that high-risk operation and sensitive operation are judged, while introducing the action value of temporary Authorization certificate and user account,
It is achieved in the judgement to operation license, simultaneously for the different certificate of authority of different user settings and validity period and right
The judgement of account action value has not only saved user and has applied for the tedious steps of permission, but also improved the treatment effeciency of request, mentions
High user experience.
Taking the above-mentioned ideal embodiment according to the present invention as inspiration, through the above description, relevant staff is complete
Various changes and amendments can be carried out without departing from the scope of the technological thought of the present invention' entirely.The technology of this invention
Property range is not limited to the contents of the specification, it is necessary to which the technical scope thereof is determined according to the scope of the claim.
Claims (8)
1. a kind of user's operation supervises subsystem characterized by comprising
Monitoring equipment, user terminal, server and third party's security server;Wherein
The monitoring equipment provides a user the portal of login service device, and the operation requests of user are obtained from user terminal;
The monitoring equipment is also adjacent with server and third party's security server, with according to the log-on message of user from server
Obtain user right list;And
The monitoring equipment is further adapted for obtaining temporary Authorization certificate from third party's security server.
2. environment inside car regulating system according to claim 1, it is characterised in that
The monitoring equipment includes:
Login module: for providing the portal of login service device for user;
First obtains module: for obtaining user right list from server according to the log-on message of user;
Second obtains module: for obtaining the operation requests of user;
Judgment module: judge whether the operation requests of user are legal according to user right list;Allow to operate if legal, it is no
Then, refusal operation;
Wherein, user right list includes: user's registration permissions list, high-risk operating list, sensitive operation list.
3. environment inside car regulating system according to claim 2, which is characterized in that
Whether the judgment module is suitable for judging operation requests according to the registration permissions list of user first legal, if do not conformed to
Method then determines whether operation requests are high-risk operation according to high-risk operating list, if it is, the account to user is looked into
It askes, whether in user account have temporary Authorization certificate, if so, then allowing to operate, if it is not, refusal if checking.
4. environment inside car regulating system according to claim 3, which is characterized in that
If it is determined that it is high-risk operation that module, which judges operation requests not, then according to sensitive operation list judge operation object whether be
It is above-mentioned quick to check whether the action value of account reaches execution if it is, the account level to user judges for sensitive resource
The thresholding of operation is felt, if it is, allowing to operate, if it is not, then refusal.
5. according to the described in any item environment inside car regulating systems of claim 2-4, which is characterized in that
If it is determined that module judges operation requests neither high-risk operation is also not sensitive operation, then allow user's operation.
6. environment inside car regulating system according to claim 5, which is characterized in that
Before obtaining operation requests, the monitoring equipment is temporarily awarded suitable for what reception user obtained from third party's security server
Warrant book;
Third party's security server realizes the management to user right.
7. environment inside car regulating system according to claim 6, which is characterized in that
User right list is stored in the server in the form of ciphertext, and according to user account and/or the address of access terminal
Carry out partitioned storage.
8. environment inside car regulating system according to claim 5, which is characterized in that
When the judgment module checks in user account whether there is temporary Authorization certificate, it is further adapted for checking the temporary Authorization certificate
Whether within the validity period.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811075536.4A CN109040123A (en) | 2018-09-14 | 2018-09-14 | A kind of user's operation supervisory systems |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811075536.4A CN109040123A (en) | 2018-09-14 | 2018-09-14 | A kind of user's operation supervisory systems |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109040123A true CN109040123A (en) | 2018-12-18 |
Family
ID=64622281
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811075536.4A Withdrawn CN109040123A (en) | 2018-09-14 | 2018-09-14 | A kind of user's operation supervisory systems |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109040123A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103731434A (en) * | 2014-01-21 | 2014-04-16 | 国家电网公司 | Security protection method specific to unauthorized access |
CN106027462A (en) * | 2016-01-21 | 2016-10-12 | 李明 | Operation request control method and device |
CN106230818A (en) * | 2016-08-01 | 2016-12-14 | 浪潮(苏州)金融技术服务有限公司 | A kind of resource authorization method of information management system |
US20180234586A1 (en) * | 2014-08-14 | 2018-08-16 | Fuji Xerox Co., Ltd. | Image processing apparatus, image processing method, and non-transitory computer readable mediumse |
-
2018
- 2018-09-14 CN CN201811075536.4A patent/CN109040123A/en not_active Withdrawn
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103731434A (en) * | 2014-01-21 | 2014-04-16 | 国家电网公司 | Security protection method specific to unauthorized access |
US20180234586A1 (en) * | 2014-08-14 | 2018-08-16 | Fuji Xerox Co., Ltd. | Image processing apparatus, image processing method, and non-transitory computer readable mediumse |
CN106027462A (en) * | 2016-01-21 | 2016-10-12 | 李明 | Operation request control method and device |
CN106230818A (en) * | 2016-08-01 | 2016-12-14 | 浪潮(苏州)金融技术服务有限公司 | A kind of resource authorization method of information management system |
Non-Patent Citations (1)
Title |
---|
景志刚,胡艳军,顾建新: "基于Web 的***权限管理实现方法", 《计算机工程》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10055561B2 (en) | Identity risk score generation and implementation | |
CN105072135B (en) | A kind of the authorization method for authenticating and system of cloud file-sharing | |
CA3087858C (en) | Authentication and authorization using tokens with action identification | |
CN104811465B (en) | The decision-making technique and equipment of a kind of access control | |
EP2620893B1 (en) | Role-based access control permissions | |
CN108200050A (en) | Single logging-on server, method and computer readable storage medium | |
CN109643242A (en) | Safe design and framework for multi-tenant HADOOP cluster | |
CN107104931A (en) | A kind of access control method and platform | |
US20060242294A1 (en) | Router-host logging | |
CN108259422A (en) | A kind of multi-tenant access control method and device | |
CN107682285A (en) | A kind of isomery cloud platform unified resource authorization method | |
CN102111407B (en) | Access control privacy protection method using user as center | |
CN101547202B (en) | Method and device for processing security level of device on the net | |
CN103178969B (en) | A kind of service authentication method and system | |
CN103415847B (en) | System and method for accessing service | |
CN111062028A (en) | Authority management method and device, storage medium and electronic equipment | |
CN112187725A (en) | Cloud computing resource access method and device, service line service and gateway | |
WO2016134482A1 (en) | License management for device management system | |
CN106487770B (en) | Method for authenticating and authentication device | |
CN103248485B (en) | A kind of electric power secondary system access control method based on safety label and system | |
CN109040123A (en) | A kind of user's operation supervisory systems | |
CN116566614A (en) | Access control enforcement architecture for dynamic manufacturing systems | |
CN106503493B (en) | Application authority management method and system | |
CN109309686A (en) | Multi-tenant management method and device | |
CN108462685A (en) | Based on binary electric vehicle data interconnection intercommunication authority control method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20181218 |
|
WW01 | Invention patent application withdrawn after publication |