CN108171390A - A kind of secrecy department devices account informationization dynamic management system - Google Patents

A kind of secrecy department devices account informationization dynamic management system Download PDF

Info

Publication number
CN108171390A
CN108171390A CN201611115902.5A CN201611115902A CN108171390A CN 108171390 A CN108171390 A CN 108171390A CN 201611115902 A CN201611115902 A CN 201611115902A CN 108171390 A CN108171390 A CN 108171390A
Authority
CN
China
Prior art keywords
account
information
role
user
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611115902.5A
Other languages
Chinese (zh)
Inventor
孙德馨
金玉奇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dalian Institute of Chemical Physics of CAS
Original Assignee
Dalian Institute of Chemical Physics of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dalian Institute of Chemical Physics of CAS filed Critical Dalian Institute of Chemical Physics of CAS
Priority to CN201611115902.5A priority Critical patent/CN108171390A/en
Publication of CN108171390A publication Critical patent/CN108171390A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Strategic Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Economics (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Game Theory and Decision Science (AREA)
  • Development Economics (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Educational Administration (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention relates to a kind of secrecy department devices account informationization dynamic management systems, are connected including system application server with user terminal by the network equipment, carry out communications access.The present invention allows every concerning security matters personnel in the daily course of work by information-based means, can efficiently and hommization be responsible for the equipment account management of oneself, it is handled via the mode that level is audited with confirming account alteration, final dynamic formation total account information accurate in real time, and all operation informations can trace, can safer accurate and real-time dynamic response go out the equipment account information of current concerning security matters department.So as to be effectively facilitated the standardization of concerning security matters department account management work and procedure, and increase substantially the efficiency and level of account scientific management.

Description

A kind of secrecy department devices account informationization dynamic management system
Technical field
The present invention relates to equipment account informationization dynamic management domain, specifically a kind of secrecy department devices account letter Breathization dynamic management system.
Background technology
For secret unit or department, equipment account can substantially be divided into concerning security matters account and non-two major class of concerning security matters account, wherein Concerning security matters account mainly includes:Relating computer account, concerning security matters notebook account, confidential media account, concerning security matters peripheral equipment account, Board account etc. among concerning security matters, the non-concerning security matters account of department may include:Non- close intermediate board account, non-close working computer account, Non- close online computer, non-close medium account, non-close peripheral equipment account etc., even if the unit that concerning security matters personnel are less, concerning security matters Account is also rather numerous and diverse, and still more concerning security matters mechanism is larger, and the numerous unit of personnel is related to all concerning security matters and non-classified information The account information accurate in detail such as number, level of confidentiality, person liable, location status of equipment, management difficulty and complexity higher, always Total account of unit and department can be caused to divide account, department divides account and the accuracy of practical real information and goodness of fit consistency It is not high.The equipment account of current major part unit is all using the management method for periodically concentrating collect statistics, time-consuming and laborious and remittance The accuracy of total account later can die down over time and gradually again, always can not real-time display and reflection current time account The accurate picture of information, the account management level of department are urgently effectively solved and are improved with management method.
Invention content
In view of the deficiencies of the prior art, the present invention provides a kind of secrecy department devices account informationization dynamic management system, The account management level for solving secrecy department is relatively low, can not real-time display and reflection current time account information accurate picture Problem.
Present invention technical solution used for the above purpose is:
Department devices account informationization dynamic management system, is set including system application server and user terminal by network Standby connection, carries out communications access.
Server includes authentication access control module 101, account information inquiry module 102, account information change mould Block 103, new account model customization module 104, workflow auditing module 105, subscriber information management module 106, audit group personnel Management module 107, log information enquiry module 108, system background data base 109 and account entry rank management module 110;
Authentication access control module 101 for judging the identity information of user terminal access, limits user account Access rights;
Account information inquiry module 102, for feeding back corresponding equipment account information under the user account to user terminal, And provide the inquiry of all affiliated account information under different accounts;
Account information changes module 103, and the platform in equipment account under corresponding role-security is changed for different user role Account information;
New account template formulates module 104, for carrying out self-defined account template under system manager's permission;
Workflow auditing module 105, for when hierarchy of users role apply change be more than the account entry rank when, by phase The hierarchy of users role of permission or higher permission is answered to be audited.
Subscriber information management module 106, for carrying out subscriber identity information audit typing to user by account administrator, together Hierarchy of users role belonging to Shi Dingyi user;
Audit group personal management module 107 corresponds to account levels of entries for distributing different user level role it The power of examination and approval and range;And relatively low hierarchy of users role and special account information processing are audited;Relatively low is according to different Hierarchy of users from high to low for, such as:Lowest hierarchical level is general user, relatively a height of custodian and group leader, then a height of room again Account administrator.
Log information enquiry module 108, for recording the log information of user terminal operations behavior, and in system manager It is inquired under permission;
Database system 109 is run in system application server, for storing account information, user right letter Breath and user terminal operations user behaviors log;
Account entry rank management module 110, for the corresponding entry rank of difference entry in account to be configured.
Account template includes:
Device category account title is defined, increases the entry class title in equipment account, defines belonging to each entry class Account levels of entries, configuration starts change and reminds window, and the reminded contents text information of self-defined window.
Subscriber identity information is stated to include:Address name information, IP address information, group information, security information;
The hierarchy of users role includes:Generic End-User level role, custodian's hierarchy of users role, group leader user Level role, room account administrator's level role and chief of the office hierarchy of users role.
Terminal includes several user computer terminals.
Its affiliated level role is inquired and/or less than affiliated level Role Users group by account information inquiry module 102 The account information of group.
Module 103 is changed by account information and changes its affiliated level role and/or less than affiliated level Role Users Account information;
For user after account information is changed, workflow auditing module (105) is selected above its affiliated account entry rank Level role examines change, completes the change of account information.
Account information changes or account information is changed in approval process, if the entry rank of the account information has been turned on becoming Window is more reminded, change user will be reminded to point out information accordingly.
The invention has the advantages that and advantage:
Clearly defining responsibilities positioning of the present invention, every concerning security matters personnel are allowed in the daily course of work by information-based means, can It is efficient and hommization to be responsible for the equipment account management of oneself, it is handled via the mode that level is audited with confirming that account changes feelings Condition, final dynamic formation total account information accurate in real time, and all operation informations can trace, it can be safer accurate and dynamic in real time State reflects the equipment account information of current concerning security matters department, so as to be effectively facilitated the rule of concerning security matters department account management work Generalized and procedure, and increase substantially the efficiency and level of account scientific management.
Description of the drawings
Fig. 1 is the system construction drawing of the present invention.
Specific embodiment
The present invention is described in further detail with reference to the accompanying drawings and embodiments.
The present invention is by a system application server and user terminal, the network equipment connection communication through security work Intranet It accesses, which is used to receive the access request of each end user computer, and according to equipment account manager Method decision sends respective feedback information data.
The system application server A includes authentication access control module, account information inquiry module, account information Change module, new account model customization module, workflow auditing module, subscriber information management module, audit group personal management mould Block, account entry rank management module, log information enquiry module, database system, account information, workflow remind mould Block, user right information and operation behavior daily record.
Certification access control module, for judging the identity information of user terminal access, limiting user account can only be at it Login system in the end user computer being responsible for.
Information inquiry module can inquire not for equipment account information corresponding under the feedback user terminal user account With all affiliated account information under account.
Information change module is used to that different user role to be supported to change the account letter under corresponding role-security in equipment account Breath.
Account entry rank management module, for the corresponding entry rank of difference entry in account to be configured;Entry rank 1 is right Generic End-User level role is answered, entry rank 2 corresponds to custodian's hierarchy of users role and group leader hierarchy of users role, entry 3 respective chamber/chambers account administrator's level role of rank and chief of the office hierarchy of users role.
New account template formulates module and refers to carry out customized account template under system manager's permission, including definition New device category account title, the entry class title in equipment account of increasing define account item belonging to each entry class Whether mesh grade starts change prompting window and reminded contents information configuration etc..
When workflow auditing module is used to change the account entry of higher level compared with bottom hierarchy of users role, need it is corresponding or Higher hierarchy of users role audit pass through or audit not by approval process.
Subscriber information management module refers to carry out user by account administrator identity information audit typing, including user's surname Name information, IP address information, group information, security information etc.;The hierarchy of users role belonging to user is defined simultaneously, is such as included general Logical terminal user's level role, custodian's hierarchy of users role, group leader's hierarchy of users role, room account administrator's level angle Color and chief of the office hierarchy of users role etc..
Audit group personal management module refers to the different user level role to being divided via subscriber information management module, right It distributes the power of examination and approval of corresponding account levels of entries and range and the audit to the relatively low hierarchy of users role power of examination and approval Process and the review process to special account information processing.
Log information enquiry module refers to can only be by all additions, change, examination & approval for being inquired under system manager's permission etc. Terminal operation flow log information;The log information can not be deleted, and inquiry and part is supported to export.
Database system refers to run in system application server A, storage account information, user right information and The database of operation behavior daily record.
Account information refers to be stored in the equipment account information of all kinds in database system.
User right information refers to be stored in all different levels Role Users classifications in database system and its Corresponding account entry examination & approval grade and corresponding user account information.
Operation behavior daily record refers to be stored in the terminal operations streams such as all additions in system background data, change, examination & approval Journey log information.
Terminal user can log in the end user computer of he or she by the user account that it has been authorized.
Different level Role Users can inquire he or she or it is responsible for the affiliated lower-level Role Users group of audit All account information of group, such as:Ordinary terminal level Role Users can inquire all account information that its people is responsible for;Group Long and custodian's level Role Users can also inquire all accounts letter in its this group in addition to it can inquire its people's account information Breath;Room account administrator and chief of the office's level Role Users can also inquire full room institute in addition to it can inquire its people's account information There is account information.
He or she can be changed without level Role Users or it is responsible for the affiliated lower-level user account entry of audit Information can not change the corresponding higher levels of entries account information of its hierarchy of users role, such as:Ordinary terminal level role uses Family can change corresponding account levels of entries information in the responsible account of its people institute;Group leader and custodian's level Role Users remove It changes outside its corresponding account levels of entries information, also changes the account letter of relatively low account levels of entries in its review scope Breath.
After changing account information without level Role Users, last layer grade Role Users or higher in its affiliated group are needed The examination & approval of level Role Users can actually change the completion of account information, as ordinary terminal level Role Users can change account It is needed to correspond to the group leader of last layer grade role or custodian's examination & approval or the room account administrator by more high-level role after information Account can be actually changed after being examined with chief of the office;Wherein, not needing to examination & approval for highest level user change account can be complete Into the practical change of account, change process can accomplish look into and can trace via operation behavior daily record.
During the change of account information, window is reminded as the levels of entries of the account information has been turned on change, is become reminding More user points out information accordingly, such as active user's notice is reminded to change this account entry information needs which kind of is fulfiled in advance Wastepaper with characters written or printed on it examination and approval procedures etc..
In account information change approval process, window is reminded as the levels of entries of the account information has been turned on change, will be carried The examination & approval user that wakes up points out information accordingly.Such as remind current examination & approval user that should first check that applicant changes this account entry letter Breath should fulfil which kind of wastepaper with characters written or printed on it examination and approval procedures etc. in advance.
He or she or its affiliated lower-level Role Users group range can be selectively exported without level Role Users Interior all or part of account information.
The alternative batch of highest level Role Users imports the account classification information of other text formattings.

Claims (9)

1. a kind of secrecy department devices account informationization dynamic management system, which is characterized in that including system application server and User terminal is connected by the network equipment, carries out communications access.
2. secrecy department devices account informationization dynamic management system according to claim 1, it is characterised in that:It is described to answer Include authentication access control module (101), account information inquiry module (102), account information change module with server (103), new account model customization module (104), workflow auditing module (105), subscriber information management module (106), audit Group personal management module (107), log information enquiry module (108), system background data base (109) and account entry rank management Module (110);
Authentication access control module (101) for judging the identity information of user terminal access, limits the visit of user account Ask permission;
Account information inquiry module (102), for feeding back corresponding equipment account information under the user account to user terminal, and The inquiry of all affiliated account information under different accounts is provided;
Account information change module (103) changes the account in equipment account under corresponding role-security for different user role Information;
New account template formulates module (104), for carrying out self-defined account template under system manager's permission;
Workflow auditing module (105), for when hierarchy of users role apply change be more than the account entry rank when, by corresponding The hierarchy of users role of permission or higher permission is audited.
Subscriber information management module (106), for carrying out subscriber identity information audit typing to user by account administrator, simultaneously Define the hierarchy of users role belonging to user;
Audit group personal management module (107) is examined for distributing different user level role its correspondence account levels of entries Criticize permission and range;And relatively low hierarchy of users role and special account information processing are audited;
Log information enquiry module (108) for recording the log information of user terminal operations behavior, and is weighed in system manager It is inquired under limit;
Database system (109), runs in system application server, for storing account information, user right information With user terminal operations user behaviors log;
Account entry rank management module (110), for the corresponding entry rank of difference entry in account to be configured.
3. secrecy department devices account informationization dynamic management system according to claim 2, it is characterised in that:It is described from Account template is defined to include:
Device category account title is defined, increases the entry class title in equipment account, defines the platform belonging to each entry class Account levels of entries, configuration start change and remind window, and the reminded contents text information of self-defined window.
4. secrecy department devices account informationization dynamic management system according to claim 2, it is characterised in that:
The subscriber identity information includes:Address name information, IP address information, group information, security information;
The hierarchy of users role includes:Generic End-User level role, custodian's hierarchy of users role, group leader's hierarchy of users Role, room account administrator's level role and chief of the office hierarchy of users role.
5. secrecy department devices account informationization dynamic management system according to claim 1, it is characterised in that:The use Family terminal includes several user computer terminals.
6. secrecy department devices account informationization dynamic management system according to claim 2, it is characterised in that:User can To inquire its affiliated level role and/or less than affiliated level Role Users group by account information inquiry module (102) Account information.
7. secrecy department devices account informationization dynamic management system according to claim 1, it is characterised in that:User can Its affiliated level role and/or the account less than affiliated level Role Users are changed to change module (103) by account information Information;
For user after account information is changed, workflow auditing module (105) is selected above the level of its affiliated account entry rank Role examines change, completes the change of account information.
8. secrecy department devices account informationization dynamic management system according to claim 7, it is characterised in that:Account is believed It, will if the entry rank of the account information has been turned on change and reminds window in breath change or account information change approval process Change user is reminded to point out information accordingly.
9. the secrecy department devices account informationization dynamic management system stated according to claim 2, it is characterised in that:It is described relatively low Hierarchy of users role be according to different user level from high to low, low-level is comparably relatively low hierarchy of users role with high-level.
CN201611115902.5A 2016-12-07 2016-12-07 A kind of secrecy department devices account informationization dynamic management system Pending CN108171390A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611115902.5A CN108171390A (en) 2016-12-07 2016-12-07 A kind of secrecy department devices account informationization dynamic management system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611115902.5A CN108171390A (en) 2016-12-07 2016-12-07 A kind of secrecy department devices account informationization dynamic management system

Publications (1)

Publication Number Publication Date
CN108171390A true CN108171390A (en) 2018-06-15

Family

ID=62526184

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611115902.5A Pending CN108171390A (en) 2016-12-07 2016-12-07 A kind of secrecy department devices account informationization dynamic management system

Country Status (1)

Country Link
CN (1) CN108171390A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112560797A (en) * 2020-12-30 2021-03-26 国网四川省电力公司泸州供电公司 Substation equipment standing book administers auxiliary system
CN115146297A (en) * 2022-09-02 2022-10-04 江苏荣泽信息科技股份有限公司 Authority management method and device for enterprise-level account

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102521704A (en) * 2011-07-12 2012-06-27 武汉华工安鼎信息技术有限责任公司 RFID-based confidential carrier intelligent monitoring system and monitoring method of the same
CA2879735A1 (en) * 2012-07-25 2014-01-30 Financial Services/Information Sharing & Analysis Center Method and system for secure authentication and information sharing and analysis
CN104392293A (en) * 2014-10-08 2015-03-04 西安电子工程研究所 Confidentiality computer machine account management system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102521704A (en) * 2011-07-12 2012-06-27 武汉华工安鼎信息技术有限责任公司 RFID-based confidential carrier intelligent monitoring system and monitoring method of the same
CA2879735A1 (en) * 2012-07-25 2014-01-30 Financial Services/Information Sharing & Analysis Center Method and system for secure authentication and information sharing and analysis
CN104392293A (en) * 2014-10-08 2015-03-04 西安电子工程研究所 Confidentiality computer machine account management system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
刘佳音: ""涉密人员及载体的安全保密管理信息系统的设计与实现"", 《中国优秀硕士学位论文全文库信息科技辑》 *
吴凌霄: ""军工单位保密管理系统的开发与使用"", 《保密科学技术》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112560797A (en) * 2020-12-30 2021-03-26 国网四川省电力公司泸州供电公司 Substation equipment standing book administers auxiliary system
CN115146297A (en) * 2022-09-02 2022-10-04 江苏荣泽信息科技股份有限公司 Authority management method and device for enterprise-level account

Similar Documents

Publication Publication Date Title
US10754932B2 (en) Centralized consent management
CN112364377B (en) Data classification grading safety protection system suitable for power industry
Berlack Software configuration management
US20200089895A1 (en) Proof of ticket consensus processing on a confidential blockchain network
CN101256605B (en) Enterprise entitlement framework
EP1826703B1 (en) An access control system, a rule engine adaptor, a rule-based enforcement platform and a method for performing access control
CN103745304A (en) Digitalized archival data management method
US20120240194A1 (en) Systems and Methods for Controlling Access to Electronic Data
US11669571B2 (en) Predicted data use obligation match using data differentiators
US11755768B2 (en) Methods, apparatuses, and systems for data rights tracking
CN109102199A (en) laboratory information management system
US11238408B2 (en) Interactive electronic employee feedback systems and methods
CN103507450A (en) Method and system for managing seal
CN102402658A (en) Classified printing control method based on virtual printing, intelligent card and information system
CN107633342A (en) A kind of legal advice management system and its management method
CN111198878A (en) Basic information investigation system and method
CN112150122A (en) Agile network resource positioning and decision-making system
CN112035438A (en) Government affair big data platform system
CN1744638B (en) Advertising issueing system and method for issueing advertising
CN108171390A (en) A kind of secrecy department devices account informationization dynamic management system
CN202736110U (en) Stamp management system
US20060032912A1 (en) Contact information management system and method
Chiu et al. Privacy and access control issues in financial enterprise content management
Yu et al. A university fixed asset database information management system based on internet of things
EP3480821B1 (en) Clinical trial support network data security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180615

RJ01 Rejection of invention patent application after publication