CN113536243B - Enterprise internal software use management system based on authority analysis - Google Patents

Enterprise internal software use management system based on authority analysis Download PDF

Info

Publication number
CN113536243B
CN113536243B CN202110782423.3A CN202110782423A CN113536243B CN 113536243 B CN113536243 B CN 113536243B CN 202110782423 A CN202110782423 A CN 202110782423A CN 113536243 B CN113536243 B CN 113536243B
Authority
CN
China
Prior art keywords
software
user
authority
login
enterprise
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110782423.3A
Other languages
Chinese (zh)
Other versions
CN113536243A (en
Inventor
马斌
曾喻双
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yishi Information Technology Hangzhou Co ltd
Original Assignee
Yishi Information Technology Hangzhou Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yishi Information Technology Hangzhou Co ltd filed Critical Yishi Information Technology Hangzhou Co ltd
Priority to CN202110782423.3A priority Critical patent/CN113536243B/en
Publication of CN113536243A publication Critical patent/CN113536243A/en
Application granted granted Critical
Publication of CN113536243B publication Critical patent/CN113536243B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/103Workflow collaboration or project management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Computer Security & Cryptography (AREA)
  • Strategic Management (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Data Mining & Analysis (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses an enterprise internal software use management system based on authority analysis, which relates to the technical field of software use management and solves the technical problem that the load of software accessed by a user cannot be controlled because the authority of the user cannot be set in the prior art; the software can be safely checked, different authorities can be set for different users in an enterprise at the same time, the convenience of software management and use is improved, the increase of software load caused by poor software limiting capacity is prevented, and the use quality of the software by the users is indirectly improved; in addition, the access records of the users are opened or kept secret according to the authority of the users, so that the risk caused by a large number of access of the users is reduced, and the convenience of software management of a user administrator is improved.

Description

Enterprise internal software use management system based on authority analysis
Technical Field
The invention relates to the technical field of software use management, in particular to an enterprise internal software use management system based on authority analysis.
Background
The authority management is an indispensable important component in an application management system, the authority control can realize the difference of resources possessed by different identities after login verification, once the user authority is not properly distributed or managed, the system is bound to be brought with potential threats, even unpredictable losses are caused, under the large environment of rapid economic development, the operation of an enterprise can be assisted by various types of software, and the use management of the auxiliary software is also crucial;
the patent with the application number of CN2016108463405 discloses a market-level enterprise software versioning management system, a versioning verification module can perform versioning verification on software used in an enterprise docking terminal server, verification information is uploaded to a central processing unit through a data acquisition module, the central processing unit sends information data to a remote verification server, whether the software used by an enterprise is the versioning software is judged, the versioning software claimed by an enterprise is checked and rechecked, and the use condition of the enterprise versioning software is better known;
although the use efficiency of the software is improved by auditing the software in the patent, the user permission still cannot be set, so that the load of the software cannot be controlled, unnecessary cost loss is caused, and the privacy of the software is reduced; secondly, when the user accesses the software, the access records of the user cannot be processed separately, so that the management of the user on the software is more complicated;
in view of the above technical drawbacks, a solution is proposed.
Disclosure of Invention
The invention aims to provide an enterprise internal software use management system based on authority analysis, which can carry out safety analysis on running software, so that the information safety of users can be protected to the greatest extent only when the software safety performance is high; the software can be safely checked, different authorities can be set for different users in an enterprise at the same time, the convenience of software management and use is improved, the increase of software load caused by poor software limiting capacity is prevented, and the use quality of the software by the users is indirectly improved; in addition, according to the method and the system, the access records of the users are published or kept secret according to the permissions of the users, the risk caused by a large number of access of the users is reduced, and the convenience of software management of a user administrator is improved.
The purpose of the invention can be realized by the following technical scheme:
the enterprise internal software use management system based on the authority analysis comprises a user login front end and a management platform;
the user login front end is used for acquiring login user information in real time and sending the login user information acquired in real time to the management platform;
the management platform is used for managing and setting the real-time login user and the software use authority in the corresponding enterprise, receiving login user information acquired in real time and sending the real-time login user information to the server through the data transmission unit; after receiving the information of the real-time login user, the server acquires the software operated by the corresponding enterprise through the name of the enterprise to which the real-time login user belongs, and the type division unit acquires the software permission type according to the software operated by the enterprise correspondingly;
after the software authority type is obtained, the software correspondingly operated by the enterprise is subjected to security analysis through a security analysis unit, the software is divided into security software and risk software after the security analysis, the security software is sent to a server and an intercommunication connection unit, and the security software is authorized and bound through the intercommunication connection unit; after binding, carrying out authority distribution on the security software in the server and the users of the same enterprise stored in the user login front end through an authority setting unit; and after the distribution of the user authority is finished, the login monitoring unit is used for monitoring the login of the user.
As a preferred embodiment of the present invention, the management platform includes:
and the data transmission unit is used for receiving the real-time login user information sent by the user login front end and sending the real-time login user information to the server.
As a preferred embodiment of the present invention, the management platform includes:
the type dividing unit is used for acquiring a software permission type according to software correspondingly operated by an enterprise, wherein the software permission type comprises a position permission, an access permission and a control permission; and after acquiring the authority types of the corresponding software of the enterprise to which the real-time login user belongs, sending the corresponding software of the enterprise to which the real-time login user belongs to the safety analysis unit.
As a preferred embodiment of the present invention, the management platform includes:
the safety analysis unit is used for carrying out safety analysis on the operating software of the enterprise corresponding to the real-time login user; acquiring interval duration between the research and development time of the enterprise operation software and the current time, and marking the interval duration between the research and development time of the enterprise operation software and the current time as SCi; dividing the interval duration between the software development time and the current time into a software development time period and a software operation time period by taking the release moment as a node, collecting the loophole times appearing in the software development time period and the software operation time period, performing difference calculation on the loophole times appearing in the software development time period and the software operation time period, and marking the difference as CZi if the difference is positive; if the difference is negative, directly judging that the running software is unqualified in safety performance;
collecting the growth speed and the maximum growth number of users registered by the software in the running time period, and respectively marking the growth speed and the maximum growth number of the users registered by the software in the running time period as ZVi and SVi; obtaining a safety analysis coefficient Xi of the enterprise operating software through analysis; comparing the safety analysis coefficient Xi of the enterprise operation software with a safety analysis coefficient threshold value: if the safety analysis coefficient Xi of the enterprise operation software is larger than or equal to the safety analysis coefficient threshold value, judging that the safety analysis of the corresponding enterprise operation software is normal, marking the safety analysis as safety software, and sending the safety software to the server and the intercommunication connection unit; and if the safety analysis coefficient Xi of the enterprise operating software is less than the safety analysis coefficient threshold value, judging that the safety analysis of the corresponding enterprise operating software is abnormal, marking the safety analysis as risk software, generating a risk signal and sending the risk signal to the user login front end.
As a preferred embodiment of the present invention, the management platform includes:
the intercommunication connecting unit is used for receiving the security software, analyzing the security software and binding the security software in an authorized manner; acquiring security software and marking the security software as o, o is 1, 2, …, m is a positive integer; acquiring the information required by the security software for authorizing the user to register, and acquiring the type of each security software corresponding to the information required by the user to authorize the user to register, wherein the information required by the user to register is represented by the user information required by the software before authorizing the user, the type of the information required by the user to register comprises a real-name information type and a real-time information type, and the real-name information type is represented by unchangeable information of the user, such as the age of the user; the real-time information type is represented as information which can be changed by a user in real time, such as the occupation of the user;
if the types of the user registration requirement information of the two pieces of security software are the same, authorization binding is carried out on the two pieces of security software corresponding to the two pieces of security software, and the two pieces of security software after authorization binding are intercommunicated and selected, namely, the quantity of the user registration requirement information of the same type corresponding to the two pieces of security software after authorization binding is counted, in the security software after authorization binding, the security software with a large information quantity is marked as bidirectional authorization software, the security software with a low information quantity is marked as unidirectional authorization software, namely, after the bidirectional authorization software authorizes the user, the unidirectional authorization software authorizes the same user; if the one-way authorization software authorizes the user, the two-way authorization software needs to authorize and register the same user; and sending the two-way authorization software and the one-way authorization software to a server, and storing the two-way authorization software and the one-way authorization software after the server receives the two-way authorization software and the one-way authorization software.
As a preferred embodiment of the present invention, the management platform includes:
the authority setting unit is used for distributing the authority of the security software in the server and the authority of the user of the same enterprise stored in the user login front end; collecting the ratio of the time length of each user using the corresponding safety software in the enterprise to the whole working time length, marking the ratio as a service time length coefficient, and comparing the service time length coefficient with a service time length coefficient threshold value: if the using time length coefficient is larger than or equal to the using time length coefficient threshold value, marking the corresponding user as an authority user, and setting access authorities for all the authority users; if the using time length coefficient is less than the using time length coefficient threshold value, marking the corresponding user as a non-authority user, and setting no authority for the non-authority user; sorting the authority users according to the time length of using the corresponding safety software all day, setting control authority for the first three sorted authority users, and marking the corresponding authority users as control authority users; the access authority is used for the authority of the user to access the security software, and the control authority is used for the authority of the user to modify the information in the security software;
setting footprint privacy authority for a control authority user, and keeping the historical access record and the historical modification record of the control authority user secret; setting footprint disclosure authority for the authority user, and disclosing the historical access record of the authority user; the method has the advantages that historical records of the authorized users are disclosed, the safety performance of the software is prevented from being reduced due to the fact that the number of the authorized users is large, the historical records of the authorized users are kept secret, the privacy of the software is improved, and meanwhile the authorized users are convenient to control and manage the software.
As a preferred embodiment of the present invention, the management platform includes:
the login monitoring unit is used for monitoring login of the authority user and the control authority user after receiving the login monitoring signal through the login monitoring unit; the method comprises the following steps of marking an authority user and a control authority user as authorized users, collecting the software login duration and the login password input times of the authorized users, and comparing the software login duration and the login password input times of the authorized users with corresponding thresholds respectively: if the software login duration of the authorized user is within the login duration threshold range and the login password input times are smaller than the login password input time threshold, judging that the authorized user who logs in real time is qualified; otherwise, judging that the authorized user who logs in real time is unqualified.
Compared with the prior art, the invention has the beneficial effects that:
1. in the invention, the safety analysis unit is used for carrying out safety analysis on the running software of the enterprise corresponding to the real-time login user; the safety analysis is carried out on the running software, the information safety of a user can be protected to the maximum extent only when the software safety performance is high, and the software safety is the basis for setting the authority use of the software;
2. according to the invention, the security software is authorized and bound through the intercommunication connecting unit, so that the intelligence of the security software is improved, the enterprise software to which the user belongs is divided, the phenomenon that the user needs to authorize and authenticate all the software of the enterprise is prevented, the time for the user to authorize and authenticate is reduced on the premise of not influencing the security performance, and the use quality of the user is improved;
3. in the invention, the security software in the server and the users of the same enterprise stored in the user login front end are subjected to authority distribution through an authority setting unit; different authorities are set for different users in an enterprise, so that the convenience of software management and use is improved, and the problems that the load of software is increased due to poor software limiting capability, the running effect of the software is seriously influenced, and the use quality of the users is reduced are prevented;
the method has the advantages that historical records of the authorized users are disclosed, the safety performance of the software is prevented from being reduced due to the fact that the number of the authorized users is large, the historical records of the authorized users are kept secret, the privacy of the software is improved, and meanwhile the authorized users are convenient to control and manage the software.
Drawings
In order to facilitate understanding for those skilled in the art, the present invention will be further described with reference to the accompanying drawings;
FIG. 1 is an overall system block diagram of the present invention;
FIG. 2 is a block diagram of a user login front-end system according to the present invention.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The following formulas are all numerical calculations by removing dimensions and taking values, the formula is a formula which obtains the latest real situation by acquiring a large amount of data and performing software simulation, and the preset parameters in the formula are set by the technical personnel in the field according to the actual situation.
Example 1:
as shown in FIG. 1, the enterprise internal software usage management system based on authority analysis comprises a user login front end and a management platform; the user login front end is represented as a smart phone or a smart computer, and is in bidirectional communication connection with the management platform;
the management platform comprises a server, a data transmission unit, a type division unit, an authority setting unit, a login monitoring unit, a safety analysis unit and an intercommunication connection unit; the server is in bidirectional communication connection with the data transmission unit, the type division unit, the authority setting unit, the login monitoring unit, the safety analysis unit and the intercommunication connection unit;
the data transmission unit receives real-time login user information sent by a user login front end and sends the real-time login user information to the server; the real-time login user information comprises an account number, a name, a right and a name of an enterprise to which the user belongs;
after receiving the information of the real-time login user, the server acquires the software operated by the corresponding enterprise through the name of the enterprise to which the real-time login user belongs, and marks the software operated by the corresponding enterprise as i, wherein i is 1, 2, …, and n is a positive integer;
after acquiring software correspondingly operated by an enterprise, generating a type division signal and sending the type division signal to a type division unit; after receiving the type division signal, the type division unit acquires a software permission type according to software correspondingly operated by enterprises, wherein the software permission type comprises a position permission, an access permission and a control permission, the types of the software operated by the enterprises are different, and if the corresponding permission of the software correspondingly operated by the enterprises has no position permission, the position permission in the correspondingly operated software is marked as a position general permission;
after acquiring the authority types of the corresponding software of the enterprise to which the real-time login user belongs, sending the corresponding software of the enterprise to which the real-time login user belongs to a safety analysis unit, wherein the safety analysis unit is used for carrying out safety analysis on the running software of the enterprise to which the real-time login user corresponds and carrying out safety analysis on the running software, the software has high safety performance and can protect the information safety of the user to the maximum extent, the software safety is the basis for the use of the software setting authority, and the specific analysis process is as follows:
step SS 1: acquiring interval duration between the research and development time of the enterprise operation software and the current time, and marking the interval duration between the research and development time of the enterprise operation software and the current time as SCi; dividing the interval duration between the software development time and the current time into a software development time period and a software operation time period by taking the release moment as a node, collecting the loophole times appearing in the software development time period and the software operation time period, performing difference calculation on the loophole times appearing in the software development time period and the software operation time period, and marking the difference as CZi if the difference is positive; if the difference is negative, directly judging that the running software is unqualified in safety performance;
step SS 2: collecting the growth speed and the maximum growth number of users registered by the software in the running time period, and respectively marking the growth speed and the maximum growth number of the users registered by the software in the running time period as ZVi and SVi;
step SS 3: by the formula
Figure BDA0003156464100000081
Obtaining safety analysis coefficients Xi of enterprise operation software, wherein values of a1, a2, a3 and a4 are 0.8, 1.3, 2.1 and 1.2 respectively; the safety analysis coefficient is a numerical value for evaluating the safety performance of the enterprise operation software obtained by normalizing the parameters of the enterprise operation software; the larger the vulnerability frequency difference, the growth speed and the maximum growth number are obtained through a formula, the larger the safety analysis coefficient of the running software is, and the better the safety performance of the running software is represented;
step SS 4: comparing the safety analysis coefficient Xi of the enterprise operation software with a safety analysis coefficient threshold value: if the safety analysis coefficient Xi of the enterprise operating software is larger than or equal to the safety analysis coefficient threshold value, judging that the safety analysis of the corresponding enterprise operating software is normal, and marking the safety analysis as safety software; if the safety analysis coefficient Xi of the enterprise operating software is smaller than the safety analysis coefficient threshold value, judging that the safety analysis of the corresponding enterprise operating software is abnormal, marking the safety analysis as risk software, generating a risk signal and sending the risk signal to a user login front end;
step SS 4: sending the security software to the server and the interworking connection unit;
after receiving the security software, the intercommunication connection unit analyzes the security software and authorizes and binds the security software, namely authorizes and binds two security software, wherein one security software sets an access right to a real-time user, and the other security software automatically identifies the user and sets the access right; the intelligence of the security software is improved, the time of user authorization is reduced, the use quality of the software by the user is improved, and the specific analysis and binding process is as follows:
step S1: acquiring security software and marking the security software as o, o is 1, 2, …, m is a positive integer; acquiring the information required by the security software for authorizing the user to register, and acquiring the type of each security software corresponding to the information required by the user to authorize the user to register, wherein the information required by the user to register is represented by the user information required by the software before authorizing the user, the type of the information required by the user to register comprises a real-name information type and a real-time information type, and the real-name information type is represented by unchangeable information of the user, such as the age of the user; the real-time information type is represented as information which can be changed by a user in real time, such as the occupation of the user;
step S2: if the types of the user registration requirement information of the two pieces of security software are the same, authorization binding is carried out on the two pieces of security software corresponding to the two pieces of security software, and the two pieces of security software after authorization binding are intercommunicated and selected, namely, the quantity of the user registration requirement information of the same type corresponding to the two pieces of security software after authorization binding is counted, in the security software after authorization binding, the security software with a large information quantity is marked as bidirectional authorization software, the security software with a low information quantity is marked as unidirectional authorization software, namely, after the bidirectional authorization software authorizes the user, the unidirectional authorization software authorizes the same user; if the one-way authorization software authorizes the user, the two-way authorization software needs to authorize and register the same user;
step S3: the bidirectional authorization software and the unidirectional authorization software are sent to a server, and the server stores the bidirectional authorization software and the unidirectional authorization software after receiving the bidirectional authorization software and the unidirectional authorization software; enterprise software to which a user belongs is divided, so that the phenomenon that the user needs to authorize and authenticate all the software of an enterprise is prevented, the time for the user to authorize and authenticate is shortened on the premise of not influencing the safety performance, and the use quality of the user is improved;
the permission setting unit is used for carrying out permission allocation on the safety software in the server and the user of the same enterprise stored in the user login front end, different permissions are set for different users in the enterprise, the convenience of software management and use is improved, the load increase of the software caused by poor software limiting capacity is prevented, the operation effect of the software is seriously influenced, the use quality of the user is reduced, and the specific allocation process is as follows:
collecting the ratio of the time length of each user using the corresponding safety software in the enterprise to the whole working time length, marking the ratio as a service time length coefficient, and comparing the service time length coefficient with a service time length coefficient threshold value: if the using time length coefficient is larger than or equal to the using time length coefficient threshold value, marking the corresponding user as an authority user, and setting access authorities for all the authority users; if the using time length coefficient is less than the using time length coefficient threshold value, marking the corresponding user as a non-authority user, and setting no authority for the non-authority user;
sorting the authority users according to the time length of using the corresponding safety software all day, setting control authority for the first three sorted authority users, and marking the corresponding authority users as control authority users; the access authority is used for the authority of the user to access the security software, and the control authority is used for the authority of the user to modify the information in the security software;
setting footprint privacy authority for a control authority user, and keeping the historical access record and the historical modification record of the control authority user secret; setting footprint disclosure authority for the authority user, and disclosing the historical access record of the authority user; history record is carried out on the authority users, so that the safety performance of the software is prevented from being reduced due to the fact that the number of the authority users is large, the history record is carried out on the control authority users to be secret, the privacy of the software is improved, and the control authority users can conveniently control and manage the software;
the method comprises the steps that an authority user and a control authority user are sent to a server, the server receives the authority user and the control authority user, generates login monitoring signals and sends the login monitoring signals to a login monitoring unit;
after the login monitoring unit receives the login monitoring signal, login monitoring is carried out on the authority user and the control authority user, the software safety performance reduction caused by user information leakage is prevented, and the specific monitoring process is as follows:
the method comprises the following steps of marking an authority user and a control authority user as authorized users, collecting the software login duration and the login password input times of the authorized users, and comparing the software login duration and the login password input times of the authorized users with corresponding thresholds respectively:
if the software login duration of the authorized user is within the login duration threshold range and the login password input times are smaller than the login password input time threshold, judging that the authorized user who logs in real time is qualified; otherwise, judging that the authorized user who logs in real time is unqualified;
example 2:
the user login front end comprises an account setting unit, an information acquisition unit, a database and an information analysis unit, wherein the database is in bidirectional communication connection with the account setting unit, the information acquisition unit and the information analysis unit;
the information acquisition unit acquires user registration information in real time and sends the acquired user registration information to the database, after the database receives the user registration information, a plurality of sub-repositories are arranged in the database and correspond to each enterprise one by one, the user registration information of the same enterprise is stored in the same sub-repository, an account setting signal is generated, and the account setting signal is sent to the account setting unit;
the method comprises the steps that an account setting unit sets a main account and sub-accounts for corresponding software in an enterprise, the main account corresponds to the software one by one, the login software logs in through the main account, the sub-accounts are in communication connection with the main account and are bound with real-time registered users one by one, namely, the number of the sub-accounts is consistent with that of the real-time registered users, the users who successfully register in real time are connected with the main account through the sub-accounts, information detection is carried out on the users in the connection process of the sub-accounts and the main account, if the detection is successful, the connection of the sub-accounts and the main account is successfully established, and the corresponding users of the sub-accounts log in the software through the main account; if the detection is unsuccessful, the connection establishment between the sub-account and the primary account fails, and the user corresponding to the sub-account cannot log in the software; the method has the advantages that each user is logged in separately, the account number of the user is prevented from being directly connected with the database, the safety performance of the database is effectively improved by setting the primary account number, and the user is prevented from directly entering the database after the account number of the user is leaked, so that information of other users is prevented from being leaked;
the user information which is successfully registered in real time is sent to an information analysis unit, after the information analysis unit receives the user information which is successfully registered in real time, the user information is synchronized in real time and periodically managed, namely the user information stored in a database is synchronized with the current information of the user in real time, and after the user information is synchronized in real time, the corresponding synchronization time is marked as a synchronization starting point;
setting an information detection period, taking a synchronization starting point as a starting point, if the user information stored in the database is not synchronized in the information detection period, judging that the user information is abnormally stored, and synchronizing the information of the corresponding user; if the user information stored in the database is synchronized in the information detection period, judging that the user information is normally stored; the registration information of the user is detected and synchronized, so that the condition that the sub-account number of the user is not updated for a long time, the activity of the sub-account number of the user is low, information leakage is easy to cause, and the safety performance of the database is reduced is prevented.
When the management platform works, the login user information is collected in real time through the user login front end, and the login user information collected in real time is sent to the management platform; the management platform is used for managing and setting the real-time login user and the software use authority in the corresponding enterprise, receiving login user information acquired in real time and sending the real-time login user information to the server through the data transmission unit; after receiving the information of the real-time login user, the server acquires the software operated by the corresponding enterprise through the name of the enterprise to which the real-time login user belongs, and the type division unit acquires the software permission type according to the software operated by the enterprise correspondingly.
The preferred embodiments of the invention disclosed above are intended to be illustrative only. The preferred embodiments are not intended to be exhaustive or to limit the invention to the precise forms disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, to thereby enable others skilled in the art to best utilize the invention. The invention is limited only by the claims and their full scope and equivalents.

Claims (6)

1. The enterprise internal software use management system based on the authority analysis is characterized by comprising a user login front end and a management platform;
the user login front end is used for acquiring login user information in real time and sending the login user information acquired in real time to the management platform;
the management platform is used for managing and setting the real-time login user and the software use authority in the corresponding enterprise, receiving login user information acquired in real time and sending the real-time login user information to the server through the data transmission unit; after receiving the information of the real-time login user, the server acquires the software operated by the corresponding enterprise through the name of the enterprise to which the real-time login user belongs, and the type division unit acquires the software permission type according to the software operated by the enterprise correspondingly;
after the software authority type is obtained, the software correspondingly operated by the enterprise is subjected to security analysis through a security analysis unit, the software is divided into security software and risk software after the security analysis, the security software is sent to a server and an intercommunication connection unit, and the security software is authorized and bound through the intercommunication connection unit; after binding, carrying out authority distribution on the security software in the server and the users of the same enterprise stored in the user login front end through an authority setting unit; after the distribution of each user authority is finished, the login monitoring unit is used for monitoring the login of the user;
the management platform comprises:
the intercommunication connecting unit is used for receiving the security software, analyzing the security software and binding the security software in an authorized manner; acquiring security software and marking the security software as o, o is 1, 2, …, m is a positive integer; acquiring user authorization registration requirement information corresponding to the security software, and acquiring the type in the user authorization registration requirement information corresponding to each security software, wherein the registration requirement information represents user information required by registration of the software before authorization of the user, the type of the user authorization registration requirement information comprises a real-name information type and a real-time information type, the real-name information type represents user unchangeable information, and the user unchangeable information comprises the age of the user; the real-time information type is represented as information changeable by the user in real time, and the information changeable by the user in real time comprises the occupation of the user;
if the types of the user authorization registration requirement information of the two pieces of security software are the same, authorization binding is carried out on the two pieces of security software corresponding to the two pieces of security software, and the two pieces of security software after authorization binding are intercommunicated and selected, namely, the quantity of the user authorization registration requirement information of the same type corresponding to the two pieces of security software after authorization binding is counted, in the security software after authorization binding, the security software with a large information quantity is marked as bidirectional authorization software, the security software with a low information quantity is marked as unidirectional authorization software, namely, the unidirectional authorization software authorizes the same user after the bidirectional authorization software authorizes the user; if the one-way authorization software authorizes the user, the two-way authorization software needs to authorize and register the same user; and sending the two-way authorization software and the one-way authorization software to a server, and storing the two-way authorization software and the one-way authorization software after the server receives the two-way authorization software and the one-way authorization software.
2. The privilege analysis-based enterprise internal software usage management system as claimed in claim 1, wherein the management platform comprises:
and the data transmission unit is used for receiving the real-time login user information sent by the user login front end and sending the real-time login user information to the server.
3. The privilege analysis-based enterprise internal software usage management system as claimed in claim 1, wherein the management platform comprises:
the type dividing unit is used for acquiring a software permission type according to software correspondingly operated by an enterprise, wherein the software permission type comprises a position permission, an access permission and a control permission; and after acquiring the authority types of the corresponding software of the enterprise to which the real-time login user belongs, sending the corresponding software of the enterprise to which the real-time login user belongs to the safety analysis unit.
4. The privilege analysis-based enterprise internal software usage management system as claimed in claim 1, wherein the management platform comprises:
the safety analysis unit is used for carrying out safety analysis on the operating software of the enterprise corresponding to the real-time login user; acquiring interval duration between the research and development time of the enterprise operation software and the current time, and marking the interval duration between the research and development time of the enterprise operation software and the current time as SCi; dividing the interval duration between the software development time and the current time into a software development time period and a software operation time period by taking the release moment as a node, collecting the loophole times appearing in the software development time period and the software operation time period, performing difference calculation on the loophole times appearing in the software development time period and the software operation time period, and marking the difference as CZi if the difference is positive; if the difference is negative, directly judging that the running software is unqualified in safety performance;
collecting the growth speed and the maximum growth number of users registered by the software in the running time period, and respectively marking the growth speed and the maximum growth number of the users registered by the software in the running time period as ZVi and SVi; obtaining a safety analysis coefficient Xi of the enterprise operating software through analysis; comparing the safety analysis coefficient Xi of the enterprise operation software with a safety analysis coefficient threshold value: if the safety analysis coefficient Xi of the enterprise operation software is larger than or equal to the safety analysis coefficient threshold value, judging that the safety analysis of the corresponding enterprise operation software is normal, marking the safety analysis as safety software, and sending the safety software to the server and the intercommunication connection unit; and if the safety analysis coefficient Xi of the enterprise operating software is less than the safety analysis coefficient threshold value, judging that the safety analysis of the corresponding enterprise operating software is abnormal, marking the safety analysis as risk software, generating a risk signal and sending the risk signal to the user login front end.
5. The privilege analysis-based enterprise internal software usage management system as claimed in claim 1, wherein the management platform comprises:
the authority setting unit is used for distributing the authority of the security software in the server and the authority of the user of the same enterprise stored in the user login front end; collecting the ratio of the time length of each user using the corresponding safety software in the enterprise to the whole working time length, marking the ratio as a service time length coefficient, and comparing the service time length coefficient with a service time length coefficient threshold value: if the using time length coefficient is larger than or equal to the using time length coefficient threshold value, marking the corresponding user as an authority user, and setting access authorities for all the authority users; if the using time length coefficient is less than the using time length coefficient threshold value, marking the corresponding user as a non-authority user, and setting no authority for the non-authority user; sorting the authority users according to the time length of using the corresponding safety software all day, setting control authority for the first three sorted authority users, and marking the corresponding authority users as control authority users; the access authority is used for the authority of the user to access the security software, and the control authority is used for the authority of the user to modify the information in the security software;
setting footprint privacy authority for a control authority user, and keeping the historical access record and the historical modification record of the control authority user secret; setting footprint disclosure authority for the authority user, and disclosing the historical access record of the authority user; the method has the advantages that historical records of the authorized users are disclosed, the safety performance of the software is prevented from being reduced due to the fact that the number of the authorized users is large, the historical records of the authorized users are kept secret, the privacy of the software is improved, and meanwhile the authorized users are convenient to control and manage the software.
6. The privilege analysis-based enterprise internal software usage management system as claimed in claim 1, wherein the management platform comprises:
the login monitoring unit is used for monitoring login of the authority user and the control authority user after receiving the login monitoring signal through the login monitoring unit; the method comprises the following steps of marking an authority user and a control authority user as authorized users, collecting the software login duration and the login password input times of the authorized users, and comparing the software login duration and the login password input times of the authorized users with corresponding thresholds respectively: if the software login duration of the authorized user is within the login duration threshold range and the login password input times are smaller than the login password input time threshold, judging that the authorized user who logs in real time is qualified; otherwise, judging that the authorized user who logs in real time is unqualified.
CN202110782423.3A 2021-07-09 2021-07-09 Enterprise internal software use management system based on authority analysis Active CN113536243B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110782423.3A CN113536243B (en) 2021-07-09 2021-07-09 Enterprise internal software use management system based on authority analysis

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110782423.3A CN113536243B (en) 2021-07-09 2021-07-09 Enterprise internal software use management system based on authority analysis

Publications (2)

Publication Number Publication Date
CN113536243A CN113536243A (en) 2021-10-22
CN113536243B true CN113536243B (en) 2022-03-25

Family

ID=78098418

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110782423.3A Active CN113536243B (en) 2021-07-09 2021-07-09 Enterprise internal software use management system based on authority analysis

Country Status (1)

Country Link
CN (1) CN113536243B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113779095B (en) * 2021-11-11 2022-04-01 江苏荣泽信息科技股份有限公司 Job title rating electronic certificate supervision system based on block chain technology
CN114003943B (en) * 2021-12-31 2022-11-08 北京国信网联科技有限公司 Safe double-control management platform for computer room trusteeship management
CN114785720B (en) * 2022-04-08 2023-04-14 北京国信网联科技有限公司 Internet surfing behavior supervision platform for enterprise local area network
CN117369850B (en) * 2023-10-27 2024-05-07 全拓科技(杭州)股份有限公司 Enterprise information security management method and system based on big data

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102467642A (en) * 2010-11-17 2012-05-23 北大方正集团有限公司 Permission control method and device for application software
CN103677935A (en) * 2013-12-23 2014-03-26 北京奇虎科技有限公司 Installation and control method, system and device for application programs
CN104820791A (en) * 2015-05-19 2015-08-05 新华瑞德(北京)网络科技有限公司 Application software authority control method and system
WO2020190966A1 (en) * 2019-03-18 2020-09-24 Servicenow, Inc. Systems and methods for license analysis
CN112464215A (en) * 2020-12-15 2021-03-09 深圳市中博科创信息技术有限公司 Identity authentication and control method for enterprise service system
CN112685729A (en) * 2020-12-25 2021-04-20 中国科学院信息工程研究所 Special mandatory access control method, system, electronic equipment and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111143784A (en) * 2019-12-12 2020-05-12 合肥大唐存储科技有限公司 Copyright protection realization method and copyright protection storage device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102467642A (en) * 2010-11-17 2012-05-23 北大方正集团有限公司 Permission control method and device for application software
CN103677935A (en) * 2013-12-23 2014-03-26 北京奇虎科技有限公司 Installation and control method, system and device for application programs
CN104820791A (en) * 2015-05-19 2015-08-05 新华瑞德(北京)网络科技有限公司 Application software authority control method and system
WO2020190966A1 (en) * 2019-03-18 2020-09-24 Servicenow, Inc. Systems and methods for license analysis
CN112464215A (en) * 2020-12-15 2021-03-09 深圳市中博科创信息技术有限公司 Identity authentication and control method for enterprise service system
CN112685729A (en) * 2020-12-25 2021-04-20 中国科学院信息工程研究所 Special mandatory access control method, system, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN113536243A (en) 2021-10-22

Similar Documents

Publication Publication Date Title
CN113536243B (en) Enterprise internal software use management system based on authority analysis
CN110943990B (en) Big data-based data analysis system for communication security management and control
CN109388971B (en) Cloud-based big data platform mobile office system
CN111046415A (en) Intelligent grading early warning system and method for confidential files
CN113704830A (en) Intelligent website data tamper-proof system and method
CN114338105A (en) Bastion creating bastion machine system based on zero trust
CN112511484B (en) U shield safety control management system
CN101408955A (en) Method and system determining obligation base on tactic
CN115086091B (en) Network interaction system and method based on government affair extranet and internet resources
CN116506206A (en) Big data behavior analysis method and system based on zero trust network user
CN111221802A (en) Digital asset risk management and control system and method based on big data
CN115643573A (en) Privileged account authentication method and system based on dynamic security environment
CN116170199A (en) Equipment access verification system based on gateway of Internet of things
CN113824739B (en) User authority management method and system of cloud management platform
CN113709311B (en) User legalization operation service platform of virtual operator value-added service
CN112632592B (en) Block chain credible privacy computing power improving system based on TEE technology
CN109873836A (en) A kind of methods of risk assessment and device of data
CN116846555A (en) Data access method and device
CN113010865A (en) Big data basic component safety management method and system of intelligent education platform
CN116167025A (en) Multi-factor user identity dynamic authentication system and method thereof
CN104428819A (en) Identity based ticketing
CN112966235A (en) Big data component access control method and system of intelligent education platform
CN106888199B (en) Role-driven demand response secure access method in smart grid
CN109409059A (en) A kind of block chain right management method
CN210155748U (en) Central authentication device for access control system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant