CN101217368A - A network logging on system and the corresponding configuration method and methods for logging on the application system - Google Patents

A network logging on system and the corresponding configuration method and methods for logging on the application system Download PDF

Info

Publication number
CN101217368A
CN101217368A CNA2007103084210A CN200710308421A CN101217368A CN 101217368 A CN101217368 A CN 101217368A CN A2007103084210 A CNA2007103084210 A CN A2007103084210A CN 200710308421 A CN200710308421 A CN 200710308421A CN 101217368 A CN101217368 A CN 101217368A
Authority
CN
China
Prior art keywords
application system
access
login
user
account
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2007103084210A
Other languages
Chinese (zh)
Inventor
陈艽
廖武峰
李啸峰
褚兴国
杨硕
杨勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
YIYANG SAFETY TECHNOLOGY Co Ltd
Bright Oceans Security Technology Co Ltd
Original Assignee
YIYANG SAFETY TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by YIYANG SAFETY TECHNOLOGY Co Ltd filed Critical YIYANG SAFETY TECHNOLOGY Co Ltd
Priority to CNA2007103084210A priority Critical patent/CN101217368A/en
Publication of CN101217368A publication Critical patent/CN101217368A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention relates to the technical field of network security and discloses a login system which comprises an application access platform and an identity and access management platform; wherein, the application access platform is used for installing and issuing an application system so as to lead users to login the application access platform and realize the logging in the application system which can pre-arrange and store related information of the application system; the identity and access management platform is used for obtaining the logging information and resource information of the application system from the application access platform, arranging the relatively accessible resource content and corresponding relations of network users and the users logging the application system, receiving the logging and making authentication of the network users. After the network users login the identity and access management platform with the application of the system disclosed by the invention, the identity and access management platform accesses the resource of the application system as legal users of the application system without leading the users directly to access the application system and the invention is high in access security and simple in the login operation of users.

Description

The method of a kind of network entry system and collocation method thereof and login application system
Technical field
The present invention relates to the network security technology field, the method for particularly a kind of network entry system and collocation method thereof and login application system.
Background technology
Be accompanied by the continuous development of growing maturation of network technology and enterprise network business, the quantity of the application software system of various business events is on the increase, number of users increases, the application software of client/server (C/S) structure not only is confined to use in the local area network (LAN), telecommunication network login user demand in wide area network is urgent day by day, and the network security problem of the enterprise application software that is caused is subjected to enterprise customer's attention further thus.The user logins the business event net and visits various application software, must adopt certain network security solution, guarantees the safety of network entry, can not reveal with the information that prevents application software.For the network security management demand of described application software, the security control solution that has the application system of visiting at the network user now mainly is divided into two classes:
First kind of scheme is the Identity Management mechanism that provides unified in enterprise network, and the login account of each service application software support system of enterprises is managed.Described unified Identity Management mechanism is in the resource (as environmental variance, client software etc.) that the target complete application system all need be installed on each client terminal under the general situation.In this case, need described client terminal must with the resource compatibility of described target complete application system, simultaneously, resource between each target application system of being installed also must be compatible, if incompatible situation occurs, then must be by incompatible system resource is installed on different client terminals, to realize visit to different application systems.Simultaneously, if described target application system need upgrade, the client terminal that then may relate to enormous amount all needs to upgrade, so the maintenance workload of client terminal is very heavy.
Second kind of scheme is the user entry server that provides unified in enterprise network, also promptly based on server computing architecture (Application Serving, the A/S framework) application access platform, the client software of the target application system of all user captures is all installed concentratedly and is deployed on the described user entry server (group), the user visits described user entry server by remote application agreement or RDP, visits each target application system by the client software of target application system on the described server again.The user no longer is subjected to the restriction of client and switching performance, any time, any place, any equipment, any internetwork connection mode, application program and the keystone resources on the access server (group) efficiently and safely.Though this scheme has solved every software maintenance pressure that client upgrading target application system is brought in first kind of scheme, but can not realize user's access rights control.Described unified user entry server can not provide different system resource according to the user's who logins the target application system difference; Simultaneously, manage voluntarily and import by each user because the user signs in to the number of the account and the password of target application system, the trouble that the labor management mode that this number of the account is disperseed promptly brings number of the account to upgrade causes password to lose and leakage again easily, bring hidden danger for the fail safe of application system, do not meet the needs of safety management.
Summary of the invention
The present invention is based on above second kind of scheme, to be solved is to overcome the security hidden trouble that current labor management number of the account is brought, for the long-distance user provides the number of the account of the many application systems of login and the unified management of authority, realization is to the control of user capture application system authority, to improve the safety management level of application system.
For addressing the above problem, the embodiment of the invention provides a kind of network entry system, comprise and use access platform and identity and Access Management Access platform, wherein, described application access platform is used to install application system and issues described application system, the user can sign in to use and realizes on the access platform using the login of system, and described application access platform can pre-configured validated user be visited log-on message and the resource information and the storage of described application system;
Described identity and Access Management Access platform are used for obtaining from described application access platform the log-on message and the resource information of described application system, configuration network user and the user's of described login application system corresponding relation and corresponding addressable resource content, receive the network user's login and authentication, determine that the network user is to using the accessible resource content of system.
Between described application access platform and described identity and the Access Management Access platform by supporting identical communications protocol to carry out the mutual of the log-on message of described application system and resource information.
Preferably, described application access platform comprises:
The application system release unit is used to issue described application system;
Communication unit, be used to realize identity Access Management Access platform and use information communication between the access platform, sign from the target application system that identity Access Management Access platform reception active user selectes, the resource content of login account and password and selected access application system, be saved in the shared memory cell of using access platform, realization sends to identity Access Management Access platform with the log-on message and the resource information of the validated user access application system that preserves in the shared memory cell, and will whether successful with the pairing application system of this login account login banner, perhaps whether successful feedback information is given identity and Access Management Access platform to the resource of access application system;
Intercept the login unit, be used for getting access to after the current network user logins sign, number of the account and the password of target application system when shared memory cell, described number of the account and password are sent to the corresponding target application system of sign, realize automatic login described target application system;
Shared memory cell is used to preserve log-on message and the resource information that validated user is visited described application system, and the memory communicating unit with intercept active user's data that the login unit is shared.
Preferably, described identity and Access Management Access platform comprise:
The application system information acquisition unit, be used for from using legal log-on message, resource information and the storage that access platform gets access to the target application system execute file path of the target application system client software that described legal log-on message comprises the sign of the application system of installing and issuing, legal number of the account, password, installed and the resource information of target application system;
The login configurations unit, be used for sign to the target application system that gets access to from described application system information acquisition unit, the user disposes the execute file path of system client software corresponding, so that can have access to application system by this execute file path with it;
Granted unit, be used for from the log-on message and the resource information of the validated user of application system information acquisition unit acquisition, the authority carried out of authorizing its access application system to network user's number of the account of the described identity Access Management Access of current login platform, comprise the corresponding relation between the validated user account number of network entry user account and application system, and the network entry user account is to the access rights of the resource content of using system;
The network entry unit, be used for authentication to the described identity Access Management Access of network user login platform, if validated user, then present its application system of having the right to visit and resource content thereof to described user by the resource display unit, and according to user-selected fixed target application system banner, get access to described target application system's number of the account and password from the application system information acquisition unit, be sent to described application access platform.
Preferably, described identity and Access Management Access platform also comprise:
The resource display unit is used for presenting its application system of having the right to visit and resource thereof to the legitimate network user account number by identity Access Management Access platform authentication.
Correspondingly, the embodiment of the invention also provides the network collocating method of a kind of network entry system, comprising:
Use the application system that the access platform issue needs login;
The log-on message and the resource information of identity and the described announced application system of Access Management Access platform configuration;
Described identity and Access Management Access platform are authorized the authority of the described application system of login according to the log-on message and the resource information of described application system for network user's number of the account.
Preferably, the log-on message and the resource information of described identity and the described application system of Access Management Access platform configuration specifically comprise:
From using the log-on message that access platform obtains described application system, described log-on message comprises login user number of the account, the password of the sign of application system, described application system, and the executable file path of described application system client software;
Obtain described application system resource information from using access platform, described resource information comprise application system can be accessed resource;
Store the log-on message and the resource information of described application system.
Preferably, described identity and Access Management Access platform are according to the log-on message of described application system, and the authority of authorizing the described application system of login for network user's number of the account specifically comprises:
The network user's access role is set, and described access role is the identity that the described network user can access application system specific resources;
Number of the account, the password of described identity of network user login and Access Management Access platform are set;
Set up the corresponding relation between the validated user number of the account of described network user's number of the account and the described application system of login, and the network entry user account is to the access rights of the resource content of using system.
Correspondingly, the embodiment of the invention also provides a kind of login application system method, comprising:
With network user's number of the account login identity and Access Management Access platform;
Described identity and Access Management Access platform confirm according to the logon rights of described network user's number of the account whether described login user number of the account is legal;
Described identity and Access Management Access platform present application system and the resource content thereof that described network user's number of the account has access rights to legal network user account;
The network user is in described identity and Access Management Access platform selected target application system, according to the number of the account authority of himself, obtains the validated user login account and the password of pre-configured described target application system;
Described identity and Access Management Access platform send the validated user login account of described target application system and password to using access platform, described login account and password are inserted the login frame of described target application system, realize automatic login described target application system.
Compared with prior art, the present invention has realized the safety management problem of a plurality of application systems of a plurality of user captures on the network, only need to distribute an account and password just can reach the purpose of visiting a plurality of application systems safely for each user, avoid the past and directly managed and used the account of each application system and the security hidden trouble that password brings by the user, because identity in the technical solution of the present invention and Access Management Access platform provide the number of the account of logining many application systems and the unified management mechanism of authority, after with network user login identity and Access Management Access platform, automatically obtain the validated user identity of application system by identity and Access Management Access platform, the user is not being known under the account password situation of application system, can visit and sign in to application system, like this, user login operation is simple, but also has improved the fail safe of application system on network greatly.
Description of drawings
Fig. 1 is based on the login application system schematic diagram of using access platform in the prior art;
Fig. 2 is the structure chart of embodiment of the invention network entry system;
Fig. 3 is the collocation method flow chart of embodiment of the invention network entry system;
Fig. 4 is the method flow diagram of embodiment of the invention login application system.
Embodiment
Below in conjunction with drawings and Examples the present invention is done detailed explanation.
Structural representation based on the application access platform of A/S sees also shown in Figure 1 in the prior art.Wherein use access platform and be used to install application system and issue described application system, the user can sign in to the login that realizes on the application access platform the application system; This application access platform can be visited the log-on message and the resource information of described application system by pre-configured validated user, and store described validated user can accessed resources information.
Carry out the unified management of the number of the account and the authority of each target application system when the long-distance user being provided a plurality of target application of login system, realization is to the control of user capture application system authority, the present invention is on existing application access platform basis based on the A/S framework, the network entry system that forms the new many application systems of visit towards the long-distance user in conjunction with an identity and Access Management Access platform, for making this network entry system reach purpose of the present invention, need corresponding login configurations method, then, the user will realize signing in to application system according to corresponding network entry method.Described identity and Access Management Access platform are the management platforms that is used for providing to a plurality of network users a plurality of application systems of visit, for the described network user provides unified login management towards many application systems, for the different network users is provided with different access rights with different application systems, realize user's access rights control.
See also the network entry system construction drawing that Figure 2 shows that the embodiment of the invention, comprise and use access platform 201 and identity and Access Management Access platform 202, wherein,
Described application access platform 201 is used to install application system and issues described application system, the user can sign in to use and realizes on the access platform using the login of system, and described application access platform can pre-configured validated user be visited log-on message and the resource information and the storage of described application system;
Described identity and Access Management Access platform 202 are used for obtaining from described application access platform the log-on message and the resource information of described application system, configuration network user and the user's of described login application system corresponding relation and corresponding addressable resource content, receive the network user's login and authentication, determine that the network user is to using the accessible resource content of system.
Between described application access platform 201 and described identity and the Access Management Access platform 202 by supporting identical communications protocol to carry out the mutual of the log-on message of described application system and resource information.
Described application access platform 201 comprises application system release unit 2011, is used to issue the application system that will login;
Communication unit 2012, be used to realize identity Access Management Access platform and use information communication between the access platform, sign from the target application system that identity Access Management Access platform reception active user selectes, the resource content of login account and password and selected access application system, be saved in the shared memory cell 2014 of using access platform, realization sends to identity Access Management Access platform 202 with the log-on message and the resource information of the validated user access application system of preservation in the shared memory cell 2014, and will whether successful with the pairing application system of this login account login banner, perhaps whether successful feedback information is given identity and Access Management Access platform 202 to the resource of access application system;
Intercept login unit 2013, be used for getting access to after the current network user logins sign, number of the account and the password of target application system when shared memory cell, described number of the account and password are sent to the corresponding target application system of sign, realization is to the automatic login of described target application system, this unit Hook technology, to self hang in the target application system, when target application system start-up, then intercept login unit 2013 and start automatically;
Shared memory cell 2014 is used to preserve log-on message and the resource information that validated user is visited described application system, and memory communicating unit 2012 with intercept active user's data that the login unit is shared.
It is as shown in the table that validated user is visited the log-on message of described application system:
User account number User cipher The application system title Application system execute file path
?A1 ?A2 Network management system 1 ?A3
?B1 ?B2 Network management system 2 ?B3
?C1 ?C2 Network management system 3 ?C3
It is as shown in the table that validated user is visited the resource information of described application system:
User account number The application system title The application system resource
A1 Network management system 1 Alarm data inquiry subsystem
A1 Network management system 1 Performance data inquiry subsystem
B1 Network management system 2 Group financial statements inquiry subsystem
Described identity and Access Management Access platform 202 comprise application system information acquisition unit 2021, be used for from using legal log-on message, resource information and the storage that access platform gets access to the target application system execute file path of the target application system client software that described legal log-on message comprises the sign of the application system of installing and issuing, legal number of the account, password, installed and the resource information of target application system;
Log-on message dispensing unit 2022, be used for sign to the target application system that gets access to from described application system information acquisition unit, the user disposes the execute file path of system client software corresponding, so that can have access to application system by this execute file path with it;
Granted unit 2023, be used for from the log-on message and the resource information of the validated user of application system information acquisition unit acquisition, the authority carried out of authorizing its access application system to network user's number of the account of the described identity Access Management Access of current login platform, comprise the corresponding relation between the validated user account number of network entry user account and application system, and the network entry user account is to the access rights of the resource content of using system;
Network entry unit 2024, be used for authentication to the described identity Access Management Access of network user login platform, if validated user, then present its application system of having the right to visit and resource content thereof to described user by the resource display unit, and according to user-selected fixed target application system banner, get access to described target application system's number of the account and password from the application system information acquisition unit, be sent to described application access platform;
Resource display unit 2025 is used for presenting its application system of having the right to visit and resource thereof to the legitimate network user account number by identity Access Management Access platform authentication.
Use the system that the embodiment of the invention provided, network user's number of the account of having passed through identity and Access Management Access platform authentication has the authority of logining application system, by the described network user's number of the account of login on described identity and Access Management Access platform, be chosen in the application system link that is presented on described identity and the Access Management Access platform, can realize logining described application system.
The method that the login system that the embodiment of the invention provided is configured sees also shown in Figure 3, comprises step:
Step S301: use the application system that the access platform issue needs login;
Use access platform and define only sign for the client software of each application system, described only sign can make according to the only sign of the appointment client to described application system and conduct interviews, generally corresponding to the title of described application system; Use access platform and set up hyperlink with the only sign of application software as index, the application client place that can connect described issue is used the reference address of access platform and is started the file path of carrying out the client software executive program.
Step S302: the log-on message and the resource information of identity and the described announced application system of Access Management Access platform configuration;
Described log-on message comprises login user number of the account, the password of the sign of application system, described application system, and the executable file path of described application system client software; Described resource information comprise application system can be accessed resource.
The log-on message and the resource information of described application system are stored.
Step S303: described identity and Access Management Access platform are authorized the authority of the described application system of login according to the log-on message and the resource information of described application system for network user's number of the account.
Before the described log-on message of configuration, described application access platform is issued the application system of needs login, and the resource information of configuration application system.
Identity and Access Management Access platform with the support of B/S pattern are example, after using access platform and getting access to the access path of described announced application client, described identity and Access Management Access platform all are provided with number of the account, password and the access rights that they visit each application system for each network user, and with the hyperlink form access path that the described network user visits each application system client software are set.Passed through the login authentication of described identity and Access Management Access software platform as the described network user after, will see the tabulation of the application system in himself access authority range, the all corresponding hyperlink address of each application system, the described network user clicks hyperlink address, can realize visiting described application system.In this case, the described network user does not need to know the number of the account and the password of described application system, just can visit the application system of its needed visit.
In embodiments of the present invention, described identity and Access Management Access platform can obtain the log-on message and the resource information of described application system by different modes, first kind of scheme is at described identity and the Access Management Access platform list structure according to predefined application system number of the account of described application access platform and password, the number of the account and the password of described application system are mapped to described identity and Access Management Access platform, and are stored in described identity and Access Management Access platform; Second kind of scheme is according to the application system number of the account of storage and the excel form of password, the number of the account and the password of described application system imported described identity and Access Management Access platform, and store; If described application system does not exist above-mentioned mapping table structure or excel form, then directly login described identity and Access Management Access platform with keeper's identity, input the number of the account and the password of described application system, and store.Can this section be removed? not quite after log-on message that has disposed described application system and resource information, described identity and Access Management Access platform need be set the accessible role of the described application system of visit to use.Different roles has different access attributes, can implement the rights management of different role for the network user.
After setting the accessible role of described identity and the described application system of Access Management Access platform access, described identity and Access Management Access platform also need user account is carried out Authorized operation.The process of authorizing promptly is the corresponding relation of setting up between the login user number of the account (from number of the account) of network user's number of the account (primary account number) of identity and Access Management Access platform and application system.Described identity and Access Management Access platform develop and manage the mapping table between user account and the application system number of the account, according to the authentication of this table realization to the described network user.
Use the login system collocation method that the embodiment of the invention provided, network user's number of the account at identity and Access Management Access platform has the authority of logining application system, by logining described network user's number of the account in described identity and Access Management Access platform, be chosen in the application system link that is presented on described identity and the Access Management Access platform, can realize logining described application system.
Correspondingly, the embodiment of the invention also provides a kind of method of logining application system, specifically sees also shown in Figure 4ly, comprises step:
Step S401: with network user's number of the account login identity and Access Management Access platform;
Step S402: described identity and Access Management Access platform confirm according to the logon rights of described network user's number of the account whether described login user number of the account is legal;
Step S403: described identity and Access Management Access platform present application system and the resource content thereof that described network user's number of the account has access rights to validated user;
Step S404: the network user is in described identity and Access Management Access platform selecting target application system, according to the number of the account authority of himself, obtains the validated user login account and the password of pre-configured described target application system;
Step S405: described identity and Access Management Access platform send the validated user login account of described target application system and password to using access platform, described login account and password are inserted the login frame of described target application system, realize automatic login described target application system.
In the embodiment of described login application system method, based on the login system that the embodiment of the invention provided, the user signs in to described identity and Access Management Access platform 202 with network user's number of the account, the login user number of the account and the password of the described target application system that the hyperlink address of select target application system, described identity and Access Management Access platform 202 will configure are sent to described application access platform 201.
Suppose that some users user information corresponding in whole system is as follows:
A, at network user's number of the account, the password of identity and Access Management Access platform 202: user0, password0;
B, at login user number of the account, the password of target application system: user1, password1;
C, the application identities of target application system on described application access platform 201: Appid
In the present embodiment, identity and Access Management Access platform will carry out the information interaction communication with the application access platform as the client-side interface of using access platform.
The idiographic flow that the present invention logins the method embodiment of application system comprises step:
With network user's number of the account and password user0, password0 login identity and Access Management Access platform 202, described network entry unit 2024 pairs of network user's numbers of the account user0 carries out authentication; If determine that described user0 is legal, then, present the application system that to visit to described user user0 according to the authority of the described user0 login application system that sets in advance.
Described user user0 selects specific target application system, gets access to login user number of the account and password user1, the password1 of described target application system, and the Appid of described target application system, is sent to and uses access platform 201.The communication unit 2012 of described application access platform 201 receives described user1, password1 and Appid, is recorded in described shared memory cell 2014, and replys acknowledge message to described access and Access Management Access platform 202; Intercept the information that login unit 2013 listens to the described target application of described shared memory cell 2014 storages system, then the information of described target application system is sent to described target application system, insert login account and password in described target application system, realize login described target application system.
The method of the login application system that the application embodiment of the invention provides with network user's number of the account login identity and Access Management Access platform, can realize logining the application system using the access platform issue, and realization is logined simple, and fail safe is higher.
The above only is a preferred implementation of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.

Claims (8)

1. a network entry system is characterized in that, described system comprises application access platform and identity and Access Management Access platform, wherein,
Described application access platform is used to install application system and issues described application system, the user can sign in to use and realizes on the access platform using the login of system, and described application access platform can pre-configured validated user be visited log-on message and the resource information and the storage of described application system;
Described identity and Access Management Access platform are used for obtaining from described application access platform the log-on message and the resource information of described application system, configuration network user and the user's of described login application system corresponding relation and corresponding addressable resource content, receive the network user's login and authentication, determine that the network user is to using the accessible resource content of system;
Between described application access platform and described identity and the Access Management Access platform by supporting identical communications protocol to carry out the mutual of the log-on message of described application system and resource information.
2. system according to claim 1 is characterized in that, described application access platform comprises:
The application system release unit is used to issue described application system;
Communication unit, be used to realize identity Access Management Access platform and use information communication between the access platform, sign from the target application system that identity Access Management Access platform reception active user selectes, the resource content of login account and password and selected access application system, be saved in the shared memory cell of using access platform, realization sends to identity Access Management Access platform with the log-on message and the resource information of the validated user access application system that preserves in the shared memory cell, and will whether successful with the pairing application system of this login account login banner, perhaps whether successful feedback information is given identity and Access Management Access platform to the resource of access application system;
Intercept the login unit, be used for getting access to after the current network user logins sign, number of the account and the password of target application system when shared memory cell, described number of the account and password are sent to the corresponding target application system of sign, realize automatic login described target application system;
Shared memory cell is used to preserve log-on message and the resource information that validated user is visited described application system, and the memory communicating unit with intercept active user's data that the login unit is shared.
3. system according to claim 1 is characterized in that, described identity and Access Management Access platform comprise:
The application system information acquisition unit, be used for from using legal log-on message, resource information and the storage that access platform gets access to the target application system execute file path of the target application system client software that described legal log-on message comprises the sign of the application system of installing and issuing, legal number of the account, password, installed and the resource information of target application system;
The login configurations unit, be used for sign to the target application system that gets access to from described application system information acquisition unit, the user disposes the execute file path of system client software corresponding, so that can have access to application system by this execute file path with it;
Granted unit, be used for from the log-on message and the resource information of the validated user of application system information acquisition unit acquisition, the authority carried out of authorizing its access application system to network user's number of the account of the described identity Access Management Access of current login platform, comprise the corresponding relation between the validated user account number of network entry user account and application system, and the network entry user account is to the access rights of the resource content of using system;
The network entry unit, be used for authentication to the described identity Access Management Access of network user login platform, if validated user, then present its application system of having the right to visit and resource content thereof to described user by the resource display unit, and according to user-selected fixed target application system banner, get access to described target application system's number of the account and password from the application system information acquisition unit, be sent to described application access platform.
4. according to each described system of claim 1-3, it is characterized in that described identity and Access Management Access platform also comprise:
The resource display unit is used for presenting its application system of having the right to visit and resource thereof to the legitimate network user account number by identity Access Management Access platform authentication.
5. the collocation method of a network entry system is characterized in that, comprising:
Use the application system that the access platform issue needs login;
The log-on message and the resource information of identity and the described announced application system of Access Management Access platform configuration;
Described identity and Access Management Access platform are authorized the authority of the described application system of login according to the log-on message and the resource information of described application system for network user's number of the account.
6. method according to claim 5 is characterized in that, the log-on message and the resource information of described identity and the described application system of Access Management Access platform configuration specifically comprise:
From using the log-on message that access platform obtains described application system, described log-on message comprises login user number of the account, the password of the sign of application system, described application system, and the executable file path of described application system client software;
Obtain described application system resource information from using access platform, described resource information comprise application system can be accessed resource;
Store the log-on message and the resource information of described application system.
7. method according to claim 6 is characterized in that, described identity and Access Management Access platform are according to the log-on message of described application system, and the authority of authorizing the described application system of login for network user's number of the account specifically comprises:
The network user's access role is set, and described access role is the identity that the described network user can access application system specific resources;
Number of the account, the password of described identity of network user login and Access Management Access platform are set;
Set up the corresponding relation between the validated user number of the account of described network user's number of the account and the described application system of login, and the network entry user account is to the access rights of the resource content of using system.
8. a login application system method is characterized in that, comprising:
With network user's number of the account login identity and Access Management Access platform;
Described identity and Access Management Access platform confirm according to the logon rights of described network user's number of the account whether described login user number of the account is legal;
Described identity and Access Management Access platform present application system and the resource content thereof that described network user's number of the account has access rights to legal network user account;
The network user is in described identity and Access Management Access platform selected target application system, according to the number of the account authority of himself, obtains the validated user login account and the password of pre-configured described target application system;
Described identity and Access Management Access platform send the validated user login account of described target application system and password to using access platform, described login account and password are inserted the login frame of described target application system, realize automatic login described target application system.
CNA2007103084210A 2007-12-29 2007-12-29 A network logging on system and the corresponding configuration method and methods for logging on the application system Pending CN101217368A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNA2007103084210A CN101217368A (en) 2007-12-29 2007-12-29 A network logging on system and the corresponding configuration method and methods for logging on the application system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNA2007103084210A CN101217368A (en) 2007-12-29 2007-12-29 A network logging on system and the corresponding configuration method and methods for logging on the application system

Publications (1)

Publication Number Publication Date
CN101217368A true CN101217368A (en) 2008-07-09

Family

ID=39623735

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2007103084210A Pending CN101217368A (en) 2007-12-29 2007-12-29 A network logging on system and the corresponding configuration method and methods for logging on the application system

Country Status (1)

Country Link
CN (1) CN101217368A (en)

Cited By (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101917461A (en) * 2010-07-22 2010-12-15 朱建华 Interface simulation system of mobile terminal and method
CN102299945A (en) * 2010-06-28 2011-12-28 中国联合网络通信集团有限公司 Gateway configuration page registration method, system thereof and portal certificate server
CN102456039A (en) * 2010-10-29 2012-05-16 镇江雅迅软件有限责任公司 Data transfer backup method in document management software
CN102523197A (en) * 2011-11-23 2012-06-27 何伦 Social information interaction method for enterprises, server and enterprise social network system
CN102546788A (en) * 2011-12-29 2012-07-04 北京新媒传信科技有限公司 Cloud platform management method and cloud platform
CN102546642A (en) * 2012-01-16 2012-07-04 深圳市深信服电子科技有限公司 Remote login method and device
CN102546575A (en) * 2010-12-31 2012-07-04 上海博泰悦臻电子设备制造有限公司 Single sign-on method and system
CN103188221A (en) * 2011-12-28 2013-07-03 腾讯科技(深圳)有限公司 Application login method, application login device and mobile terminal
CN103188249A (en) * 2011-12-31 2013-07-03 北京亿阳信通科技有限公司 Concentration permission management system, authorization method and authentication method thereof
CN103312673A (en) * 2012-03-13 2013-09-18 金蝶软件(中国)有限公司 Enterprise mobile application system and application method
CN103379105A (en) * 2012-04-23 2013-10-30 金蝶软件(中国)有限公司 Access method and system for enterprise information system in application platform
CN103609090A (en) * 2013-06-19 2014-02-26 华为技术有限公司 Method and device for identity login
CN103916366A (en) * 2012-12-31 2014-07-09 中国移动通信集团公司 Login method, maintenance terminal, data management service equipment and login system
CN104301502A (en) * 2013-07-17 2015-01-21 腾讯科技(深圳)有限公司 User information exchange and device
CN104462950A (en) * 2014-12-17 2015-03-25 中国人民解放军国防科学技术大学 Application program executing permission control method used for operating system
CN104598777A (en) * 2013-10-31 2015-05-06 南京思润软件有限公司 Rights management method based on B/S framework
CN104753672A (en) * 2013-12-30 2015-07-01 腾讯科技(深圳)有限公司 Account authentication method, account authentication device and terminal
CN105187401A (en) * 2015-08-13 2015-12-23 浪潮(北京)电子信息产业有限公司 Method and system for unified login of multiple systems
CN105554025A (en) * 2016-01-19 2016-05-04 四川长虹电器股份有限公司 Management method for unifying users by open platform and management system thereof
CN105577677A (en) * 2015-12-31 2016-05-11 亿阳安全技术有限公司 Remote login method and system based on J2EE
CN105704094A (en) * 2014-11-25 2016-06-22 杭州华三通信技术有限公司 Application access authority control method and device
CN105991613A (en) * 2015-03-03 2016-10-05 北京神州泰岳信息安全技术有限公司 Resource remote login method and system
CN106104690A (en) * 2015-01-15 2016-11-09 华为技术有限公司 A kind of method and device splitting audio content
CN106797390A (en) * 2016-02-18 2017-05-31 任少华 The system and method for authentication center
CN106843526A (en) * 2017-01-16 2017-06-13 上海斐讯数据通信技术有限公司 A kind of Account Administration system and its application method based on input method
CN106936759A (en) * 2015-12-29 2017-07-07 航天信息股份有限公司 A kind of single-point logging method, server and client
CN107634958A (en) * 2017-09-30 2018-01-26 河南职业技术学院 Computer security login method and computer security entering device
CN107835161A (en) * 2017-10-23 2018-03-23 中国石油天然气股份有限公司北京信息技术服务中心 Method, system and the computer-readable storage medium of inside and outside user's unified management
CN108200147A (en) * 2017-12-28 2018-06-22 珠海华发新科技投资控股有限公司 Enterprises Integrated Service System and method
CN109558711A (en) * 2018-11-09 2019-04-02 平安科技(深圳)有限公司 The page login method and device of big data component
CN109698844A (en) * 2017-10-23 2019-04-30 镇江雅迅软件有限责任公司 A kind of media asset management system
CN110191122A (en) * 2019-05-28 2019-08-30 广东艾科智泊科技股份有限公司 A kind of parking lot management platform and its right management method and storage medium
CN110602076A (en) * 2019-08-15 2019-12-20 中国人民银行数字货币研究所 Identity using method, device and system based on master identity multiple authentication
CN111079129A (en) * 2019-12-11 2020-04-28 中国电子科技集团公司第三十八研究所 Smart city integrated management command system
CN113765866A (en) * 2020-07-31 2021-12-07 北京沃东天骏信息技术有限公司 Method and device for logging in remote host

Cited By (45)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102299945A (en) * 2010-06-28 2011-12-28 中国联合网络通信集团有限公司 Gateway configuration page registration method, system thereof and portal certificate server
CN101917461A (en) * 2010-07-22 2010-12-15 朱建华 Interface simulation system of mobile terminal and method
CN101917461B (en) * 2010-07-22 2016-04-20 朱建华 A kind of interface simulation system of mobile terminal and method
CN102456039A (en) * 2010-10-29 2012-05-16 镇江雅迅软件有限责任公司 Data transfer backup method in document management software
CN102546575A (en) * 2010-12-31 2012-07-04 上海博泰悦臻电子设备制造有限公司 Single sign-on method and system
CN102523197A (en) * 2011-11-23 2012-06-27 何伦 Social information interaction method for enterprises, server and enterprise social network system
CN102523197B (en) * 2011-11-23 2015-09-02 何伦 Enterprise's social information exchange method, server and enterprise's social networking system
CN103188221A (en) * 2011-12-28 2013-07-03 腾讯科技(深圳)有限公司 Application login method, application login device and mobile terminal
CN103188221B (en) * 2011-12-28 2018-01-30 腾讯科技(深圳)有限公司 application program login method, device and mobile terminal
CN102546788A (en) * 2011-12-29 2012-07-04 北京新媒传信科技有限公司 Cloud platform management method and cloud platform
CN102546788B (en) * 2011-12-29 2014-11-12 北京新媒传信科技有限公司 Cloud platform management method and cloud platform
CN103188249A (en) * 2011-12-31 2013-07-03 北京亿阳信通科技有限公司 Concentration permission management system, authorization method and authentication method thereof
CN102546642B (en) * 2012-01-16 2015-08-05 深圳市深信服电子科技有限公司 The method of Telnet and device
CN102546642A (en) * 2012-01-16 2012-07-04 深圳市深信服电子科技有限公司 Remote login method and device
CN103312673B (en) * 2012-03-13 2018-04-17 金蝶软件(中国)有限公司 Enterprise mobile application system and its application process
CN103312673A (en) * 2012-03-13 2013-09-18 金蝶软件(中国)有限公司 Enterprise mobile application system and application method
CN103379105A (en) * 2012-04-23 2013-10-30 金蝶软件(中国)有限公司 Access method and system for enterprise information system in application platform
CN103916366A (en) * 2012-12-31 2014-07-09 中国移动通信集团公司 Login method, maintenance terminal, data management service equipment and login system
CN103609090A (en) * 2013-06-19 2014-02-26 华为技术有限公司 Method and device for identity login
CN104301502A (en) * 2013-07-17 2015-01-21 腾讯科技(深圳)有限公司 User information exchange and device
CN104598777A (en) * 2013-10-31 2015-05-06 南京思润软件有限公司 Rights management method based on B/S framework
CN104753672B (en) * 2013-12-30 2019-01-22 腾讯科技(深圳)有限公司 The method, apparatus and terminal of account authorization
CN104753672A (en) * 2013-12-30 2015-07-01 腾讯科技(深圳)有限公司 Account authentication method, account authentication device and terminal
CN105704094B (en) * 2014-11-25 2019-09-17 新华三技术有限公司 Application access authority control method and device
CN105704094A (en) * 2014-11-25 2016-06-22 杭州华三通信技术有限公司 Application access authority control method and device
CN104462950A (en) * 2014-12-17 2015-03-25 中国人民解放军国防科学技术大学 Application program executing permission control method used for operating system
US10460745B2 (en) 2015-01-15 2019-10-29 Huawei Technologies Co., Ltd. Audio content segmentation method and apparatus
CN106104690A (en) * 2015-01-15 2016-11-09 华为技术有限公司 A kind of method and device splitting audio content
CN105991613A (en) * 2015-03-03 2016-10-05 北京神州泰岳信息安全技术有限公司 Resource remote login method and system
CN105187401A (en) * 2015-08-13 2015-12-23 浪潮(北京)电子信息产业有限公司 Method and system for unified login of multiple systems
CN106936759A (en) * 2015-12-29 2017-07-07 航天信息股份有限公司 A kind of single-point logging method, server and client
CN105577677A (en) * 2015-12-31 2016-05-11 亿阳安全技术有限公司 Remote login method and system based on J2EE
CN105554025A (en) * 2016-01-19 2016-05-04 四川长虹电器股份有限公司 Management method for unifying users by open platform and management system thereof
CN106797390A (en) * 2016-02-18 2017-05-31 任少华 The system and method for authentication center
CN106843526A (en) * 2017-01-16 2017-06-13 上海斐讯数据通信技术有限公司 A kind of Account Administration system and its application method based on input method
CN107634958A (en) * 2017-09-30 2018-01-26 河南职业技术学院 Computer security login method and computer security entering device
CN109698844A (en) * 2017-10-23 2019-04-30 镇江雅迅软件有限责任公司 A kind of media asset management system
CN107835161A (en) * 2017-10-23 2018-03-23 中国石油天然气股份有限公司北京信息技术服务中心 Method, system and the computer-readable storage medium of inside and outside user's unified management
CN108200147A (en) * 2017-12-28 2018-06-22 珠海华发新科技投资控股有限公司 Enterprises Integrated Service System and method
CN109558711A (en) * 2018-11-09 2019-04-02 平安科技(深圳)有限公司 The page login method and device of big data component
CN110191122A (en) * 2019-05-28 2019-08-30 广东艾科智泊科技股份有限公司 A kind of parking lot management platform and its right management method and storage medium
CN110602076A (en) * 2019-08-15 2019-12-20 中国人民银行数字货币研究所 Identity using method, device and system based on master identity multiple authentication
CN111079129A (en) * 2019-12-11 2020-04-28 中国电子科技集团公司第三十八研究所 Smart city integrated management command system
CN113765866A (en) * 2020-07-31 2021-12-07 北京沃东天骏信息技术有限公司 Method and device for logging in remote host
CN113765866B (en) * 2020-07-31 2023-09-05 北京沃东天骏信息技术有限公司 Method and device for logging in remote host

Similar Documents

Publication Publication Date Title
CN101217368A (en) A network logging on system and the corresponding configuration method and methods for logging on the application system
CN102947797B (en) The online service using directory feature extending transversely accesses and controls
CN100574194C (en) A kind of method of safety management maintenance equipment and device
CN101605030B (en) Active Directory-based uniform authentication realizing method applied to TV station
EP1168752A1 (en) Access control in client-sever systems
CN110287709A (en) User's operation authority control method, device, equipment and medium
CN110324338B (en) Data interaction method, device, fort machine and computer readable storage medium
US20030069848A1 (en) A User interface for computer network management
CN1874223B (en) Access control method for implementing binding MAC/IP of network device
CN101621408B (en) Method for monitoring events in a communication network
CA2632763A1 (en) Service management framework
CN101072129A (en) JMX based network service management method and its application system
CN112260863B (en) Organization-level network device connection management method and device and computer device
CN101488857B (en) Authenticated service virtualization
CN101821992A (en) System and method for enforcing network device provisioning policy
CN101360129B (en) Mobile phone short message sending method for network video monitoring system
CN101951366A (en) Single-point logon method and system based on character terminal
CN101540757A (en) Method and system for identifying network and identification equipment
US20130247031A1 (en) Method and System for Configuring and Managing Third Party Software, and Management Server
CN110896506B (en) Techniques for secure partitioning of an optical transmission system to provide multi-client management access and network management systems implementing the same
CN101378329B (en) Distributed business operation support system and method for implementing distributed business
CN103402195A (en) Application processing method of enterprise-level mobile terminal and enterprise-level mobile application platform
CN105071965B (en) A kind of management system of the network equipment
CN110881039B (en) Cloud security management system
CN103179080A (en) Cloud computer system for internet users and cloud computer connection method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Open date: 20080709