CN101834878A - Multiuser system privilege management method and instant messaging system applying same - Google Patents
Multiuser system privilege management method and instant messaging system applying same Download PDFInfo
- Publication number
- CN101834878A CN101834878A CN201010300927A CN201010300927A CN101834878A CN 101834878 A CN101834878 A CN 101834878A CN 201010300927 A CN201010300927 A CN 201010300927A CN 201010300927 A CN201010300927 A CN 201010300927A CN 101834878 A CN101834878 A CN 101834878A
- Authority
- CN
- China
- Prior art keywords
- account
- son
- login
- female
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a multiuser system privilege management method which comprises the following steps of: 1, establishing a login account into a mother account; and incorporating the login account except for the mother account by the mother account to enable the login account to be a child account, designating the permission of a holding end of the child account and resources inherited from the holding end of the mother account by the holding end of the mother account. The invention also relates to an instant messaging system for managing function permission and resources of an instant messaging client by applying the multiuser system privilege management method, an instant messaging system which is capable of carrying out inside network communication, outside network communication, private account communication and automatic calling and switching of a communication module according to a sensed network connect state, and a login method for automatically controlling child account, mother account and private account independent login or child account, mother account and private account combined login in a mode of verifying a login device hardware code, a local area network IP address and a special login permission.
Description
Technical field
The present invention relates to a kind of right management method, especially a kind of method of multi-user system being carried out rights management and resource-sharing by female number-sub number method;
The invention still further relates to a kind of instantaneous communication system, especially a kind ofly use the instantaneous communication system that above-mentioned multi-user system right management method manages the function privilege and the resource of instant communication client;
The invention still further relates to a kind of instantaneous communication system, especially a kind ofly can carry out Intranet communication, outer net communication, private number of the account communication, and communicate the instantaneous communication system that module is called automatically and switched according to the network connection state that detects;
In addition, the invention still further relates to a kind of login method of above-mentioned instantaneous communication system, especially a kind of mode by checking logging device hardware sign indicating number, LAN IP address, special login permission control automatically son number, female number, private number of the account separately login or son number, combine the login method of logining with private account number female number.
Background technology
Information safety protection is crucial for enterprise; for a enterprise, the upper management layer is effectively controlled with the resource that can grasp the authority of subordinate's management level do not had solution preferably all the time with multiple levels of management framework.
At present; some enterprise inserts by the control outer net and protects enterprise information security; adopt special-purpose Intranet JICQ to carry out during enterprise internal communication; the employee carries out the right of outer net instant messaging and is fully deprived; transfer to and adopt the phone communication to wait other modes to remedy this deficiency; this has no doubt been avoided leaking of internal system resources to a certain extent; but which client enterprise can communicate with for the employee; the time that communicates with particular customer and content etc. can not directly be controlled and understand; also can't realize sharing of the communication information between the member of team; be a kind ofly to obtain the method for information security to a certain degree, can not satisfy modern enterprise for information security to reduce operating efficiency and supervision; the requirement of Team Management.
For the company that those open outer nets insert, the upper management layer more needs communicating by letter between employee and client supervised, and for this reason, some company adopts the mode that all correspondence with foreign country data are write down, but this must be accused of invading employee's personal communication privacy; Some company's employing Intranet JICQ and outer net JICQ and the mode of depositing, the employee need open and login two JICQs simultaneously, very bother, and, enterprise both can't effectively manage employee's communication, also employee's work communication information data and privacy communication's information data can't be distinguished storage, exist the employee deliberately or accidentally intra-company's confidential information and data to be leaked to danger on the public network.
Summary of the invention
The present invention is for solving the problem that the existing enterprise of prior art can't effectively manage multi-user system, proposed a kind of be based upon on the female number-son manufacturing basis to multi-user authority with obtain the multi-user system right management method that resource manages.
The present invention is that the existing instantaneous communication system of solution can't be realized the authority to a plurality of account numbers in the certain limit, the resource that can obtain, and instant messaging information is effectively managed, can't realize that the collaborative of instant messaging information between a plurality of systems account number share, can't realize local area network (LAN) simultaneously, outer net, private account number is in system client problem such as online communication simultaneously, proposed a kind ofly to have account number and hold the end control of authority, inherit resource control function, can the instant messaging information of the account number of particular range be gathered, can realize simultaneously that intranet and extranet communication communicates by letter with private account number, and in conjunction with the method for network detecting and client access judgement inner confidential information and data are carried out the instantaneous communication system of security control and the account number login method of this system on this basis.
Above-mentioned technical problem of the present invention is mainly solved by following technical proposals:
First technical scheme of the present invention relates to a kind of multi-user system right management method, and it comprises the steps:
(1) a login account number is established as female number;
(2) the login account number of incorporating into own forces except that self for female number makes its son that becomes it number, and female number the end of holding is specified the authority of holding end of son number and can be held the resource that end is inherited from female number.
By sub number and mother's mechanism, make the interior a plurality of system user numbers of the account of certain limit can set up the incidence relation of multilayer level according to actual conditions, as, set up senior manager in the enterprise (female number) to the association between its subordinate's the multiple management department head (son number), and related between each director of administrative department (female number) and its subordinate employee (son number), female number the authority of incorporating a plurality of sons number under it into own forces had absolute control with the resource that can inherit.In the environment that the authority that the incidence relation of above-mentioned mother number-son number can also be applied in the equipment with mother authority and all the other son equipment of being incorporated into own forces by this mother's equipment and the resource that can inherit manage.。
Technique scheme can also be further perfect, as preferably, all authorities that son number is held end number are held end by the mother under it and are specified, and hold end in addition for female number and also its son of incorporating into own forces number are isolated, and regain son and number hold the logon rights of end and the resource of succession.
As preferably, hold authority that end specifies son number to hold end for female number and comprise and be specific to the one or more special authority of holding end for female number.
As preferably, that holds that authority that end specifies son number to hold end comprises also that son number holds that end incorporates that the breeding function of the following straton number that belongs to it and son number hold end into own forces for female number can be to the quantity of the level of lower floor's breeding, son that each lower floor's level can be incorporated into own forces number.
As preferably, hold end for female number and also set and monitor son and number hold the time that end has authority and inherits resource.
Second technical scheme of the present invention relates to a kind of instantaneous communication system, and it comprises:
Communication module;
Registering modules is used for registration and generates an independent login account number;
Set up module female number, receive the upgrade request of the independent login account number of having registered generation, after the empirical tests, setting up independent login account number is female number;
Account number is incorporated module into own forces, and holding that end incorporates the selected independent login account number to be incorporated into own forces of module into own forces and it is incorporated into own forces by account number for female number is son number;
Authority is incorporated module into own forces, holds end for female number and incorporates module into own forces by authority and specify the authority of holding end of the son of incorporating into own forces for female number number and can hold the resource that end is inherited from female number; With
The data summarizing module is used to gather the instant messaging information that son number is held end and held end for female number, and the query requests that the mother's that incorporates son number into own forces number the son of holding end or having an authority number is held end is made response.
Incorporating into own forces of mother's antithetical phrase number mainly comprises dual mode, a kind of for incorporating the son that existed number for female number into own forces, another kind is to generate a new son number by Registering modules female number, and it is incorporated into own forces, for the son of having incorporated into own forces number, hold that end incorporates by authority that module number is held end specified right (as the authority that communicates with particular contact etc.) for son into own forces for female number and the resource that can inherit (with a certain specific communications contact person's communications records, the a certain people's that writes to each other relevant information etc.), this assignment procedure can carry out after the son quilt is incorporated into own forces immediately, also can specify successively according to the practical application needs subsequently or regain before appointment; Female number and carried out record by the unification of data summarizing module in instant communication process by the communication information that its son of incorporating into own forces number produces, like this, hold end for female number and just can know and inquire about the Content of Communication of the son number of its management of incorporating into own forces in real time, realized that the communication information between multi-user's account number is synchronous; In addition, for the open son that respective queries authority (as the communications records of inquiry with the specific communications contact person) arranged number, also can in authority, inquire about corresponding communication information.
Technique scheme can also be further perfect, and as preferably, son number is held end can comprise the instant messaging information that is generated by the data summarizing module of holding the end appointment for female number from holding resource that end inherits for female number.
As preferably, hold end for female number and be assigned to son and number hold the authority of end and comprise the authority of carrying out instant messaging with given client.
As preferably, hold end for female number and be assigned to son and number hold the authority of end and also be included as class and number hold the default configuration authority of hold appointment, be that a son number is held end and specified personalized authority, is specific to the special authority that mother number holds end.
As preferably, communication module comprises:
Communicator module in the local area network (LAN) realizes the communication between the login account number in the local area network (LAN);
Outer net communicator module, realize with outer network communication system between communicate by letter;
Private number of the account communicator module is integrated with a plurality of instant messaging agreements, realizes being bundled in the communication function of the private account number in the system.
As preferably, it also comprises an intranet and extranet control module, is used to detect network connection state and calls separately or make up according to network connection state call communicator module in the local area network (LAN), outer net communicator module or private number of the account communicator module.
As preferably, the number of the account of holding the outer network communication system that son that end can incorporate into own forces with it number communicates for female number is assigned to each son number.
As preferably, the data summarizing module gathers the instant messaging information that communicator module in the local area network (LAN), outer net communicator module generate.
As preferably, hold end for female number and specify the function privilege of number being held the private number of the account submodule of end by its son of incorporating into own forces.
As preferably, it also comprises the login authentication module, is used to extract the hardware sign indicating number and the LAN IP address of the equipment that uses son number or the login of independent account number and sends it to female number hold end.
The instantaneous communication system involved in the present invention that is arranged so that of communication module has been realized Intranet, outer net, three kinds of communication functions of private account number simultaneously, wherein the information of Intranet communication generation all is stored in the interior network server, the account number that only has a specified permission holds that end can read and partial information is published to outer net announces on the server, sacrificial vessel has the account number that reads the relevant information authority to hold end to read the fail safe of the information that has produced when fully having guaranteed Intranet communication.Gathering of the communication information that only its son of incorporating into own forces number is generated when the Intranet communicator module of calling and outer net communicator module communicate for female number; and the communication information that private account number produces is isolated, guaranteed that promptly information security protected private account number holder's privacy again.Have the ability of authority of specifying its son of incorporating into own forces number and the resource that can inherit for female number, realized that multilayer inter-stage higher level further, has realized that the communication information between multi-user's account number is shared to the Control on Communication of subordinate in the tissue.On this basis, by the login authentication module, the logging device of antithetical phrase number and login place are controlled, and have further guaranteed information security.
The 3rd technical scheme of the present invention relates to a kind of instantaneous communication system, and it comprises:
The interior communication module of local area network (LAN) realizes the communication between the login account number in the local area network (LAN), and login account is meant female number or sub number;
The outer net communication module, realize with outer network communication system between communicate by letter;
Private number of the account communication module is integrated with a plurality of instant messaging agreements, realizes being bundled in the communication function of holding the private account number on the end of login account.
Above-mentioned communication system can realize three kinds of communication functions simultaneously, be respectively the communicating by letter between communicating by letter between communication (as the communication between the enterprises employee) between the number of the account, female number or son number and outer network communication system (number holding communicating by letter between the particular contact of holding with the access public network as female number or son), private number of the account and outer network communication system of landing in the local area network (LAN), promptly be bundled in female number or son number on the communication of private number of the account, like this, the user does not just need to open a plurality of communication softwares with reply and the local area network communication private account number three kinds of situations of communicating by letter of communicating by letter with, outer net.Meanwhile, fully guaranteed private account number holder's the right of privacy.
Technique scheme can also be further perfect, as preferably, it also comprises an intranet and extranet control module, is used to detect network connection state and calls separately or make up according to network connection state call communication module in the local area network (LAN), outer net communication module or private number of the account communication module.
The 4th technical scheme of the present invention relates to a kind of login method of account number of instantaneous communication system, and it comprises the steps:
(1) server is received the logging request of using son number or female number;
(2) the login authentication module is obtained the hardware sign indicating number of logging device, and the higher level who sends it to the number of the account of sending logging request holds end for female number and verify, passes through then hardware sign indicating number successful matching if hold the end checking for female number;
(3) the login authentication module is also obtained the LAN IP address of logging device, and the higher level who sends it to the number of the account of sending logging request holds end for female number and verifies that pass through if hold the end checking for female number, then the local area network (LAN) checking is passed through;
(4) if then sub at least number or female number login system success on logging device are passed through in successful matching of hardware sign indicating number and local area network (LAN) checking.
Above-mentioned login mechanism has guaranteed the internal system server and has been arranged on security of stored information in the system external server in the public networking, wherein, the checking of device hardware sign indicating number is in order to guarantee the equipment of employed equipment for register and obtain to allow in advance when using the number of the account login system, promptly obtain the equipment of the login permission of mother's appointment, LAN IP address checking is that employed equipment is positioned at the particular network scope when guaranteeing that the user logins, so that gather mode according to corresponding data server of the residing network selecting of logging device and data, the combination of above-mentioned two kinds of checkings has guaranteed the information security of Intranet.
Technique scheme can also be further perfect, as preferably,
If hardware sign indicating number pairing failure, but the local area network (LAN) checking passes through, then number of the account and be bundled in private account number on the account number by the failure of logging device login system;
If hardware sign indicating number pairing failure and also failure of local area network (LAN) checking, then private account number is by the logging device login system;
If the successful matching of hardware sign indicating number but local area network (LAN) authentication failed, the higher level who then sends the number of the account of logging request holds end for female number and needs also to judge that login account holds end and whether hold special login permission, if the judgment is Yes, and then number of the account login system success on logging device, otherwise, login failure.
As preferably, the higher level of receiving equipment hardware sign indicating number, LAN IP address, special login permission holds end for female number and number holds end for a highest-ranking mother.
Because the employing of technique scheme, the present invention has the following advantages:
The present invention is by setting up female number-son mechanism, system's account number is held the authority of end and carried out Multistage Control effectively with the resource that can obtain, guarantee the Information Security of multi-user system inside, and can realize gathering and sharing of the communication information between a plurality of systems account number;
Simultaneously, the present invention has also realized Intranet communication, outer net communication, three kinds of functions of private account number communication simultaneously in an instantaneous communication system, in conjunction with above-mentioned mother and sons' administrative mechanism, accounting checking signal communication authority, the communication object information that can obtain manage, and are that a kind of enterprise immediate communication simple, that fail safe is very high is managed implementation;
And the present invention has also set login authentication mechanism and the intranet and extranet detecting is machine-processed, controlled effectively can connecting system equipment, further protected the information security of enterprise.
Description of drawings
Fig. 1 is a kind of login account right graph of a relation of instantaneous communication system related in the embodiment of the invention.
Embodiment
Below by embodiment, and in conjunction with the accompanying drawings, technical scheme of the present invention is described in further detail.
Embodiment:
Instantaneous communication system with four layers of mechanism is an example below, the present invention will be described, need to prove that the present invention can also be useful in the applied environments such as business administration cooperative system, individual many equipment collaborations system, but is not limited in above-mentioned and the expressed applied environment of Fig. 1.First level of setting this instantaneous communication system have the highest weight limit the first order female number hold end;
Second level comprise three these roles of representative department manager that belong to female number of the first order son number hold end, be respectively that the son be responsible for of primary sector number is held son that end, secondary sector be responsible for and number held the end and the person in charge's of the third sector son and number hold end;
On the 3rd level, primary sector is responsible for as the end of holding that further comprises two next stage number for female number, the son that representative belongs to the employee A that primary sector is responsible for number is held the son of end and employee B and number is held end, secondary sector is responsible for as female number and further comprises two next stage number, the son that representative belongs to the employee C that secondary sector is responsible for number is held the son of end and employee D and number is held end, the third sector is responsible for as further comprising two next stage number for female number, and the son that representative belongs to the employee E that the third sector is responsible for number is held the son of end and employee F and number held end;
On the 4th level, employee A further comprises two next stage number as female number, be respectively mobile phone and the household PC of employee A, employee C further comprises two next stage number as female number, the representative son that belongs to the employee G of employee C of number holding end and employee H number is held end respectively, employee E further comprises two next stage number as female number, is respectively mobile phone and the notebook computer of employee E.
By foregoing description as can be known, in this instantaneous communication system, that only plays the part of female bugle look has only the first order female number, only play the part of the mobile phone that comprises employee A of sub-bugle look and mobile phone and the notebook computer of household PC, employee B, D, F, G, H and employee E, the son that primary sector is responsible for, secondary sector is responsible for, the third sector is responsible for, employee A, C, E had then both formed its upper level female number number, constitute its next stage again and incorporate the mother number of son number into own forces, have dual role.
In addition, at second, third, on the 4th level, each account number can also be selected different logging device login systems, but the hardware sign indicating number of this logging device must and be verified when logining and pass through through female number registration of the first order, simultaneously, also need by LAN IP address checking or special login License Authentication, can insert Intranet and use authority and the data resource that is assigned to account.
Instantaneous communication system comprises a Registering modules, is used for registration and generates an independent login account number.
This instantaneous communication system adopts following method to the rights management of a plurality of user sides:
(1) a login account number is established as female number, be responsible for the mother held number as the primary sector in the instantaneous communication system, in the present embodiment, this mother's number foundation is to incorporate the first order of account female number into own forces number to set up module and realize by calling a mother, set up module female number and receive the upgrade request of having registered the independent login of generation account number, if agree this upgrade request, then it is upgraded to female number, distribute corresponding authority; And for example, employee C need set up a project team as the project leader, leader employee G and employee H, then employee C need be to female number of upper level, be that the mother that is responsible for of secondary sector number holds the end application and upgrades to female number, obtain certain mother's authority, with the function privilege of the account number of employee G and employee H being held end with can hold the resource that end inherits from the account number of employee C and manage; The independent login account number that can also select directly to register generation upgrades to female number, is about to corresponding mother's right assignment and independently logins account number for this, and in the present embodiment, this method is promptly adopted in the establishment that the first order is female number; In addition, female number foundation also can realize after the higher level of an account number female number is spontaneously to its specified right.
(2) the login account number of incorporating into own forces except that self for female number makes its son that becomes it number, and female number the end of holding is incorporated module into own forces by authority and specified the authority of holding end of son number and can hold the resource that end is inherited from female number.
The function of incorporating into own forces of holding end for female number is to incorporate module into own forces and realize by calling an account number, and holding that end incorporates the selected independent login account number to be incorporated into own forces of module into own forces and it is incorporated into own forces by account number for female number is son number.In the present embodiment, independent login account number can be existed except that the female number login account number self; Also can be to hold end for female number to generate a new login account number, will login account number again and distribute to specific holder and client, it be incorporated into own forces be mother's number son number according to the son number number of the building rule of female number definition.
Hold end the incorporating into own forces of login account number that has existed comprised the steps: for female number
(1) holding end for female number will incorporate login account number solicited message into own forces and be sent to system server;
(2) system server sends and incorporates the hold end of information to login account number to be incorporated into own forces into own forces;
(3) if the end of holding of login account number to be incorporated into own forces returns and agrees to incorporate information into own forces, then the form information of update system server database is incorporated into own forces and is operated successfully.
Hold end for female number and realize the self-defined of the son number number of building rule by calling the number of a building administration module, as define 1234567.0001 and be first son of female number 1234567 number, and the like, definition 1234567.0002~1234567.000x be its second to x sub number, after the son number number of building rule is set up, when holding end female number and need create a son, system will generate a son number automatically according to this rule.In addition, also the title of its son of incorporating into own forces number is managed for female number by calling this number of building administration module, comprise the son set up according to the son number number of building rule number and not managing of incorporating into own forces for female number according to the title of son that number number of building rule is set up number, as, change sub number 1234567.0001 title into " Zhang San ", or change the title of " 7890 " into " Li Si ".
All authorities that son number is held end number are held end by the mother under it and are incorporated module into own forces by authority and specify, and in the present embodiment, the process of incorporating into own forces comprises the steps:
(1) holding end for female number calls authority and incorporates module into own forces;
(2) extract by its sub-list of numbers of incorporating into own forces and the function privilege tabulation that can be assigned to sub-number;
(3) one or more function privileges are assigned to a selected sub-number, simultaneously, upgrade local data base;
(4) authority is incorporated module upgrade into own forces or is upgraded the function privilege of holding end for sub number.
In the present embodiment, hold that end can be assigned to that son number holds that the authority of end comprises the default configuration authority of hold appointment to holding of same class number, is that a son number holds that end is specified personalized authority, is specific to the special authority of holding end for female number for female number, son number holds the quantity etc. that end is further incorporated down the breeding function of straton number into own forces and held the level that can breed to lower floor of end, son that each lower floor's level can be incorporated into own forces number for sub number.Wherein:
Same class number can be same functional department a plurality of son users (as incorporate into own forces in primary sector and be responsible for employee A and employee B under female number), participate in a plurality of project team member users in the project etc., at first incorporate module settings one class user's authority into own forces by authority, when incorporating into own forces for female number after a user account number number adds category attribute for son number and for this son, authority is incorporated then default configuration authority of classification under the son of newly incorporating into own forces is opened it automatically of module into own forces;
Because each height user's power and responsibility is also incomplete same, so need be equipped with special function privilege according to each height user's power and responsibility branch, specific function authority configuration to as if all son number, comprise the son number that carried out the appointment of default configuration authority, in the present embodiment, this specific function can be the authority of carrying out instant messaging with given client, concrete, the authority that the number sets that number forms to a son number or a plurality of son for female number open and one or more clients of appointment communicate, simultaneously, hold end for female number and also set and monitor son and number hold the time that end has authority and inherits resource, said here resource comprises client's Business Name, position, name, liaison method etc.;
Be specific to the special authority of holding end for female number, as hardware verification administration authority, functional configuration administration authority etc., the appointment of this authority is applicable to that son number holds end and carry out situations such as subordinate's son number expansion to next stage, but this also means that holding end female number loses these special authorities, similarly, hold for female number and hold also antithetical phrase number to hold the time that end has this authority and inherit resource to set and monitor;
Son number is incorporated into own forces next stage number, need be based upon female number number opens under the prerequisite of breeding function authority to its son of incorporating into own forces, in the present embodiment, next stage number can be same user use the different terminal equipment logging device accession number (as cell phone apparatus terminal and the household PC device end of employee A, and for example the cell phone apparatus terminal of employee E and notebook computer terminal), also can be controlled by son number a plurality of next stage number hold end (number hold to hold and the son of employee H number is held end as the son of the next stage employee G of employee C), meanwhile, holding end for female number also specifies son number to hold the quantity of the son that can incorporate into own forces to level and each lower floor's level of lower floor's breeding number of end, be responsible for as secondary sector that to specify its son number to hold the level that end (employee C) can breed to lower floor be 1 as holding end for female number, the quantity of the every layer of son that can incorporate into own forces number is 2, then employee C is merely able to 1 layer of breeding downwards, the account number that is employee G and employee H is held the layer of holding the place, and, can only incorporate two account numbers into own forces is its sub number, and employee D is not owing to obtain and the same authority of employee C, so, can't breed to lower floor;
Hold end for female number and also isolate administration module its son of incorporating into own forces number is isolated, regain son and number hold the logon rights of end and the resource of succession by one.All authorities that son number is held end are held end by female number and specified, and are same, hold end for female number and also are recoverable to son and number hold the part or all of authority of end and can hold the resource that end is inherited from female number.Wherein, logon rights is that son number is held the basis that end obtains other authorities, when holding end for female number and regain son and number hold the logon rights of end, hold end and also just lost the ability that obtains other authorities for sub number, for instance, hold the end antithetical phrase for female number and number hold the specific user that end can visit and isolate, that is, regain son and number hold the authority that end uses son number and particular customer to communicate.
On the basis of said mechanism, this instantaneous communication system also comprises:
A data summarizing module is used to gather the instant messaging information that son number is held end and held end for female number, and the query requests that the mother's that incorporates son number into own forces number the son of holding end or having an authority number is held end is made response;
A communication module, this communication module further comprises:
Communicator module in the local area network (LAN) realizes the communication between the login account number in the local area network (LAN), uses instant messaging information stores that this communication module produces in local area network (LAN) in the server;
Outer net communicator module, realize with outer network communication system between communicate by letter, use instant messaging information stores that this submodule produces in local area network (LAN) in the server and in the external server, the number of the account of holding the outer network communication system that son that end can incorporate into own forces with it number communicates for female number is assigned to each described son number;
Private number of the account communicator module is integrated with a plurality of instant messaging agreements, realizes being bundled in the communication function of the private account number in the described system, and the communication data of this submodule is stored in the external server.
For above-mentioned three communicator modules, the data summarizing module only gathers the instant messaging information of communicator module in the local area network (LAN), the generation of outer net communicator module, and the instant messaging information of private account number communicator module is isolated with the data information related with it.Is to hold the function privilege of private number of the account submodule to realize by specifying by holding of its son of incorporating into own forces number and hold end for female number for the management that is bundled in the private account number in the system, as limit private account number service time or period, control of video and voice communication, qualification data method such as download and upload, the data summarizing module does not gather the instant messaging information that private account number signal post produces.
Incorporate into own forces with authority by account number and to specify, make the employee to obtain the authority got in touch with particular customer from upper management person, upper management person also can hide sensitive information to the employee of subordinate, selectively indivedual employees are closed dangerous function, i.e. control of authority by the multilayer level makes information Control more fair and more sensible, more efficient.
Instantaneous communication system further comprises:
The intranet and extranet control module is used to detect network connection state and calls separately or make up according to network connection state and calls communicator module in the local area network (LAN), outer net communicator module or private number of the account communicator module;
The login authentication module, be used to extract the hardware sign indicating number and the LAN IP address of the equipment that uses son number or the login of independent account number and send it to the higher level and hold end for female number and verify, in the present embodiment, the higher level that setting has device hardware sign indicating number checking, a LAN IP address checking holds end for female number and number holds end for a highest-ranking mother in the system, and promptly the first order is female number.
The hardware sign indicating number of the said equipment and the proof procedure of LAN IP address are as described below:
(1) server is received the logging request of using son number or female number;
(2) the login authentication module is obtained the hardware sign indicating number of logging device, and the higher level who sends it to the number of the account of sending logging request holds end for female number and verifies, pass through if hold the end checking for female number, then hardware sign indicating number successful matching, judgement logging device are the legitimate device through putting on record;
(3) the login authentication module is also obtained the LAN IP address of logging device, and the higher level who sends it to the number of the account of sending logging request holds end for female number and verifies that pass through if hold the end checking for female number, then the local area network (LAN) checking is passed through, judge the logging device access to LAN, but not external network;
(4) if successful matching of hardware sign indicating number and local area network (LAN) checking are passed through, then sub at least number or female number login system success on logging device, that is to say, the hardware sign indicating number that equipment can must be arranged to female number registration of the first order by the logging device of above-mentioned two checkings in advance, and the necessary access to LAN of the client of system, in addition, system also is provided with a login option, verify under the prerequisite of passing through in successful matching of hardware sign indicating number and local area network (LAN), also can select to adopt the independent login system of private account number;
If hardware sign indicating number pairing failure, but the local area network (LAN) checking is passed through, then system's number of the account is failed by the logging device login system with the private account number that is bundled on system's account number, for instance, if employee F uses the notebook personal computer to insert corporate lan, but the hardware sign indicating number of this notebook computer is not held the end place female number the higher level in advance and is registered, promptly obtain to hold for female number the permission of end, then can't use this notebook computer to realize the login of employee F number, employee F promptly can't call Intranet communicator module, outer net communicator module also can't be called privacy communication's submodule; Again such as, the notebook computer of employee E is held end for female number the higher level in advance and is registered, employee E has set up sub number of the next stage that an individual who belongs to him logins sub number obtaining to incorporate into own forces under the prerequisite of son authority to its notebook computer, and opened this notebook computer and logined sub number the authority that reads employee E data message, like this, employee E not only can pass through the notebook computer login system, can also obtain the data message of employee E, comprise instant messaging information, also just realized working in coordination with between the many equipment of a people;
If hardware sign indicating number pairing failure and also failure of local area network (LAN) checking, then private account number are by the logging device login system, for instance, employee F uses the notebook personal computer to insert external network, and then system client can only call private account communicator module;
If the successful matching of hardware sign indicating number but local area network (LAN) authentication failed, the higher level who then sends the number of the account of logging request holds end for female number and needs also to judge that login account holds end and whether hold special login permission, if the judgment is Yes, then number of the account login system success on logging device, otherwise, login failure, in the present embodiment, here the higher level of indication holds end for female number and is meant also in the system that a highest-ranking mother number holds end, for instance, employee E obtained one go out special login permission and to the hardware sign indicating number of personal mobile phone equipment under the prerequisite of in advance registering, just can pass through personal mobile phone device logs system, the login account number can be sub number of the login of employee E, or the son with employee E of the authority of incorporating into own forces number is held next stage that end sets up for cell phone apparatus is special number, the difference of the two is, when the higher level holds end for female number and registers, needs to set up the corresponding relations that set sub number of hardware sign indicating number and different logins.
The above-mentioned setting can be controlled the phenomenon that the employee arbitrarily logins built-in system confusedly effectively, reduces the risk that internal data leaks.Concrete, by identification (the personal device hardware sign indicating number of company's device hardware sign indicating number, registration, intranet and extranet IP etc.) to communication environment, realized that not only the individual can free communication under the situation that condition is fit to, also can make equipment when inserting company's Intranet, be subjected to higher level's female number monitoring and control, avoided on uncontrolled equipment, communicating, caused leaking and running off of internal information, the communication information.
Simultaneously, above-mentioned setting has promptly been protected employee's individual privacy, has been guaranteed the data security of company's communication again.Intranet and extranet can use simultaneously, also can independently use, realized the isolation of internal data and external network to a certain extent, owing to have safer data and save mechanism from damage, make that Intranet instrument and outer net instrument need be installed respectively becomes past tense to carry out the surf the Net method of control of employee.
By above-mentioned instantaneous communication system, can also tackle the behaviour in service of the many numbers of a people, promptly (as mobile phone, computer etc.) are logined simultaneously and are used chat tool, sharing data resources on a plurality of equipment.
Claims (20)
1. a multi-user system right management method is characterized in that it comprises the steps:
(1) a login account number is established as female number;
(2) described mother number incorporates login account number except that self into own forces and makes its son that becomes it number, and described mother's number the end of holding is specified the authority of holding end of described son number and can number be held the resource that end is inherited from described mother.
2. multi-user system right management method according to claim 1, it is characterized in that, all authorities that son number is held end number are held end by the mother under it and are specified, in addition, described mother number holds end and also its son of incorporating into own forces number is isolated, and regains described son and number holds the logon rights of end and the resource of succession.
3. multi-user system right management method according to claim 2 is characterized in that, described mother number holds authority that end specifies described son number to hold end and comprises and be specific to the one or more special authority that described mother number holds end.
4. multi-user system right management method according to claim 3 is characterized in that: what described mother number held that authority that end specifies described son number to hold end comprises also that described son number holds that end incorporates that the breeding function of the following straton number that belongs to it and described son number hold end into own forces can be to the quantity of the level of lower floor's breeding, son that each lower floor's level can be incorporated into own forces number.
5. according to any described multi-user system right management method in the claim 1~4, it is characterized in that described mother number holds end and also sets and monitor described son and number hold the time that end has described authority and inherits described resource.
6. instantaneous communication system is characterized in that it comprises:
Communication module;
Registering modules is used for registration and generates an independent login account number;
Set up module female number, be used for described independent login account number is created as female number;
Account number is incorporated module into own forces, and holding that end incorporates the selected independent login account number to be incorporated into own forces of module into own forces and it is incorporated into own forces by described account number for female number is son number;
Authority is incorporated module into own forces, holds end for female number and incorporates module into own forces by described authority and specify the authority of holding end of son that described mother number incorporates into own forces number and can number hold the resource that end is inherited from described mother; With
The data summarizing module is used to gather the instant messaging information that son number is held end and held end for female number, and the query requests that the mother's that incorporates described son number into own forces number the son of holding end or having an authority number is held end is made response.
7. instantaneous communication system according to claim 6 is characterized in that: described son number is held end and can number be held resource that end inherits from described mother and comprise that described mother number holds the instant messaging information that is generated by described data summarizing module of end appointment.
8. instantaneous communication system according to claim 6 is characterized in that: described mother number holds end and is assigned to son and number holds the authority of end and comprise the authority of carrying out instant messaging with given client.
9. according to claim 6 or 8 described instantaneous communication systems, it is characterized in that: described mother number holds end and is assigned to son and number holds the authority of end and also comprise the default configuration authority of hold appointment to holding of the described son of same class number, be that a described son number is held the personalized authority of end appointment, is specific to the special authority that described mother number holds end.
10. instantaneous communication system according to claim 6 is characterized in that, described communication module comprises:
Communicator module in the local area network (LAN) realizes the communication between the login account number in the local area network (LAN);
Outer net communicator module, realize with outer network communication system between communicate by letter;
Private number of the account communicator module is integrated with a plurality of instant messaging agreements, realizes being bundled in the communication function of the private account number in the described system.
11. instantaneous communication system according to claim 10, it is characterized in that, it also comprises an intranet and extranet control module, is used to detect network connection state and calls separately or make up according to described network connection state call communicator module in the described local area network (LAN), outer net communicator module or private number of the account communicator module.
12. instantaneous communication system according to claim 11 is characterized in that, the number of the account of holding the described outer network communication system that son that end can incorporate into own forces with it number communicates for female number is assigned to each described son number.
13. instantaneous communication system according to claim 12 is characterized in that, described data summarizing module gathers the instant messaging information of communicator module in the described local area network (LAN), the generation of outer net communicator module.
14. instantaneous communication system according to claim 13 is characterized in that, holds end for female number and specifies the function privilege of number being held the described private number of the account submodule of end by its son of incorporating into own forces.
15. instantaneous communication system according to claim 10, it is characterized in that, it also comprises the login authentication module, is used to extract the hardware sign indicating number and the LAN IP address of the equipment that uses son number or the login of independent account number and sends it to the higher level hold end for female number and verify.
16. an instantaneous communication system is characterized in that it comprises:
The interior communication module of local area network (LAN) realizes the communication between the login account number in the local area network (LAN), and described login account is meant female number or sub number;
The outer net communication module, realize with outer network communication system between communicate by letter;
Private number of the account communication module is integrated with a plurality of instant messaging agreements, realizes being bundled in the communication function of holding the private account number on the end of described login account.
17. instantaneous communication system according to claim 16, it is characterized in that, it also comprises an intranet and extranet control module, is used to detect network connection state and calls separately or make up according to described network connection state call communication module in the described local area network (LAN), outer net communication module or private number of the account communication module.
18. the login method as the account number of claim 6 or 16 described instantaneous communication systems is characterized in that it comprises the steps:
(1) server is received the logging request of using son number or female number;
(2) the login authentication module is obtained the hardware sign indicating number of logging device, and the higher level who sends it to the number of the account of sending described logging request holds end for female number and verify, if described mother number holds the end checking and passes through then hardware sign indicating number successful matching;
(3) described login authentication module is also obtained the LAN IP address of logging device, and the higher level who sends it to the number of the account of sending described logging request holds end for female number and verify, if described mother number holds the end checking and passes through, then the local area network (LAN) checking is passed through;
(4) if then described at least son number or female number login system success on described logging device are passed through in the checking of the successful matching of described hardware sign indicating number and described local area network (LAN).
19. login method according to claim 18 is characterized in that,
If described hardware sign indicating number pairing failure, but the checking of described local area network (LAN) passes through, and then described number of the account and the private account number that is bundled on the described account number are failed by described logging device login system;
If described hardware sign indicating number pairing failure and also failure of described local area network (LAN) checking, then described private account number is by described logging device login system;
If the successful matching of described hardware sign indicating number but described local area network (LAN) authentication failed, the higher level who then sends the number of the account of described logging request holds end for female number and needs also to judge that described login account holds end and whether hold special login permission, if the judgment is Yes, then described number of the account is the login system success on described logging device, otherwise, login failure.
20., it is characterized in that the described higher level who receives described device hardware sign indicating number, LAN IP address, special login permission holds end for female number and number holds end for a highest-ranking mother according to claim 18 or 19 described login methods.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010103009279A CN101834878B (en) | 2010-01-29 | 2010-01-29 | Multiuser system privilege management method and instant messaging system applying same |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010103009279A CN101834878B (en) | 2010-01-29 | 2010-01-29 | Multiuser system privilege management method and instant messaging system applying same |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101834878A true CN101834878A (en) | 2010-09-15 |
| CN101834878B CN101834878B (en) | 2012-08-29 |
Family
ID=42718807
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010103009279A Active CN101834878B (en) | 2010-01-29 | 2010-01-29 | Multiuser system privilege management method and instant messaging system applying same |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101834878B (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546589A (en) * | 2011-11-30 | 2012-07-04 | 珠海金山办公软件有限公司 | Method and system for logging in real-time network hard disk server through instant messaging software |
| CN102801717A (en) * | 2012-08-03 | 2012-11-28 | 苏州迈科网络安全技术股份有限公司 | Login verifying method and system |
| CN103391240A (en) * | 2013-06-28 | 2013-11-13 | 腾讯科技(深圳)有限公司 | Instant messaging achieving method and device |
| CN103473499A (en) * | 2013-09-16 | 2013-12-25 | 笔笔发信息技术(上海)有限公司 | Acquisition device and data authorization method thereof |
| CN103945268A (en) * | 2014-03-17 | 2014-07-23 | 深圳创维-Rgb电子有限公司 | Control processing method and system based on multiple accounts and multiple target devices |
| CN104468986A (en) * | 2014-11-20 | 2015-03-25 | 深圳市世纪安软信息技术有限公司 | Multi-user operation mode managing method and system for mobile phone |
| CN104883342A (en) * | 2014-02-28 | 2015-09-02 | 腾讯科技(深圳)有限公司 | Account authority management system, account authority management method and device thereof |
| CN105022939A (en) * | 2014-04-25 | 2015-11-04 | 腾讯科技(深圳)有限公司 | Information verification method and device |
| CN106453336A (en) * | 2016-10-20 | 2017-02-22 | 杭州孚嘉科技有限公司 | Method for actively providing extranet host invoking service by intranet |
| CN107566241A (en) * | 2016-09-14 | 2018-01-09 | 中国移动通信集团广东有限公司 | A kind of E-mail address scheme based on Authority and Domain Based Management thought |
| CN107770173A (en) * | 2017-10-20 | 2018-03-06 | 国信嘉宁数据技术有限公司 | Subscriber Management System, related identification information creation method and request method of calibration |
| CN108418747A (en) * | 2018-02-23 | 2018-08-17 | 平安科技(深圳)有限公司 | Method for sending information, device, equipment based on instant messaging and storage medium |
| CN109062489A (en) * | 2018-07-19 | 2018-12-21 | 腾讯科技(深圳)有限公司 | Message treatment method, device, storage medium and electronic device |
| CN109104358A (en) * | 2017-07-28 | 2018-12-28 | 成都牵牛草信息技术有限公司 | The authorization method of Email Accounts and instant messaging account content operation permission in system |
| CN109309669A (en) * | 2018-09-07 | 2019-02-05 | 南京南瑞继保电气有限公司 | A kind of method that enterprise software management tool carries out domain user's checking |
| CN109510758A (en) * | 2019-02-14 | 2019-03-22 | 紫光云数科技有限公司 | Session establishing method, terminal, third-party application server and system |
| CN109688086A (en) * | 2017-10-19 | 2019-04-26 | 北京京东尚科信息技术有限公司 | Authority control method and device for terminal device |
| CN111079130A (en) * | 2019-12-19 | 2020-04-28 | 朱倩缘 | User authority management system and method based on data analysis |
| CN111490931A (en) * | 2020-04-14 | 2020-08-04 | 腾讯科技(深圳)有限公司 | Session management method, device, session management equipment and storage medium |
| CN114362966A (en) * | 2022-02-28 | 2022-04-15 | 携程商旅信息服务(上海)有限公司 | Pseudo test login method, system, electronic device and medium |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1605965A (en) * | 2004-03-29 | 2005-04-13 | 梁振宇 | Network financial user management system |
| CN101068224B (en) * | 2007-06-18 | 2010-07-28 | 北京亿企通信息技术有限公司 | Information monitoring method in instant messaging system |
| CN100563176C (en) * | 2007-08-23 | 2009-11-25 | 华为技术有限公司 | A kind of generation of authority relation data and method of adjustment and management system |
-
2010
- 2010-01-29 CN CN2010103009279A patent/CN101834878B/en active Active
Cited By (31)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546589A (en) * | 2011-11-30 | 2012-07-04 | 珠海金山办公软件有限公司 | Method and system for logging in real-time network hard disk server through instant messaging software |
| CN102546589B (en) * | 2011-11-30 | 2016-01-20 | 北京金山软件有限公司 | The method and system of real-time network hard disk server are logged in by instant communication software |
| CN102801717A (en) * | 2012-08-03 | 2012-11-28 | 苏州迈科网络安全技术股份有限公司 | Login verifying method and system |
| CN103391240A (en) * | 2013-06-28 | 2013-11-13 | 腾讯科技(深圳)有限公司 | Instant messaging achieving method and device |
| CN103391240B (en) * | 2013-06-28 | 2015-07-01 | 腾讯科技(深圳)有限公司 | Instant messaging achieving method and device |
| CN103473499A (en) * | 2013-09-16 | 2013-12-25 | 笔笔发信息技术(上海)有限公司 | Acquisition device and data authorization method thereof |
| CN104883342A (en) * | 2014-02-28 | 2015-09-02 | 腾讯科技(深圳)有限公司 | Account authority management system, account authority management method and device thereof |
| CN104883342B (en) * | 2014-02-28 | 2018-09-04 | 腾讯科技(深圳)有限公司 | A kind of account right management system, method and device |
| CN103945268A (en) * | 2014-03-17 | 2014-07-23 | 深圳创维-Rgb电子有限公司 | Control processing method and system based on multiple accounts and multiple target devices |
| CN103945268B (en) * | 2014-03-17 | 2017-10-27 | 深圳创维-Rgb电子有限公司 | A kind of control process method and system based on many account numbers Yu multiple target equipment |
| CN105022939B (en) * | 2014-04-25 | 2018-10-30 | 腾讯科技(深圳)有限公司 | Information Authentication method and device |
| CN105022939A (en) * | 2014-04-25 | 2015-11-04 | 腾讯科技(深圳)有限公司 | Information verification method and device |
| CN104468986A (en) * | 2014-11-20 | 2015-03-25 | 深圳市世纪安软信息技术有限公司 | Multi-user operation mode managing method and system for mobile phone |
| CN107566241A (en) * | 2016-09-14 | 2018-01-09 | 中国移动通信集团广东有限公司 | A kind of E-mail address scheme based on Authority and Domain Based Management thought |
| CN106453336A (en) * | 2016-10-20 | 2017-02-22 | 杭州孚嘉科技有限公司 | Method for actively providing extranet host invoking service by intranet |
| CN109104358A (en) * | 2017-07-28 | 2018-12-28 | 成都牵牛草信息技术有限公司 | The authorization method of Email Accounts and instant messaging account content operation permission in system |
| WO2019020120A1 (en) * | 2017-07-28 | 2019-01-31 | 成都牵牛草信息技术有限公司 | Method for authorizing permission to operate content of mailbox account and instant messaging account in system |
| US11303650B2 (en) | 2017-07-28 | 2022-04-12 | Chengdu Qianniucao Information Technology Co., Ltd. | Method for authorizing permission to operate content of mailbox account and instant messaging account in system |
| CN109104358B (en) * | 2017-07-28 | 2021-12-07 | 成都牵牛草信息技术有限公司 | Method for authorizing content operation authority of mailbox account and instant messaging account in system |
| CN109688086A (en) * | 2017-10-19 | 2019-04-26 | 北京京东尚科信息技术有限公司 | Authority control method and device for terminal device |
| US11588822B2 (en) | 2017-10-19 | 2023-02-21 | Beijing Jingdong Shangke Information Technology Co., Ltd. | Right control method and apparatus for terminal device |
| CN107770173A (en) * | 2017-10-20 | 2018-03-06 | 国信嘉宁数据技术有限公司 | Subscriber Management System, related identification information creation method and request method of calibration |
| CN108418747A (en) * | 2018-02-23 | 2018-08-17 | 平安科技(深圳)有限公司 | Method for sending information, device, equipment based on instant messaging and storage medium |
| CN109062489A (en) * | 2018-07-19 | 2018-12-21 | 腾讯科技(深圳)有限公司 | Message treatment method, device, storage medium and electronic device |
| CN109309669A (en) * | 2018-09-07 | 2019-02-05 | 南京南瑞继保电气有限公司 | A kind of method that enterprise software management tool carries out domain user's checking |
| CN109510758B (en) * | 2019-02-14 | 2019-05-17 | 紫光云数科技有限公司 | Session establishing method, terminal and system |
| CN109510758A (en) * | 2019-02-14 | 2019-03-22 | 紫光云数科技有限公司 | Session establishing method, terminal, third-party application server and system |
| CN111079130A (en) * | 2019-12-19 | 2020-04-28 | 朱倩缘 | User authority management system and method based on data analysis |
| CN111490931A (en) * | 2020-04-14 | 2020-08-04 | 腾讯科技(深圳)有限公司 | Session management method, device, session management equipment and storage medium |
| CN111490931B (en) * | 2020-04-14 | 2021-10-15 | 腾讯科技(深圳)有限公司 | Session management method, device, session management equipment and storage medium |
| CN114362966A (en) * | 2022-02-28 | 2022-04-15 | 携程商旅信息服务(上海)有限公司 | Pseudo test login method, system, electronic device and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101834878B (en) | 2012-08-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101834878B (en) | Multiuser system privilege management method and instant messaging system applying same | |
| US20190188993A1 (en) | Integrated physical and logical security management via a portable device | |
| US7640324B2 (en) | Small-scale secured computer network group without centralized management | |
| CN103400067B (en) | Right management method, system and server | |
| CN106411857B (en) | A kind of private clound GIS service access control method based on virtual isolation mech isolation test | |
| CN103516514B (en) | The establishing method of account access rights and control device | |
| CN106131167A (en) | For managing the method and system of Internet of Things user and equipment | |
| CN103379109B (en) | Method and control device, the network equipment and the communications platform of the network equipment are set | |
| CN102045337A (en) | Apparatus and methods for managing network resources | |
| CN102195991A (en) | Terminal security management and authentication method and system | |
| CN101453357B (en) | Network management control method and network management control system | |
| WO2009045607A1 (en) | Methods and systems for user authorization | |
| CN108111473A (en) | Mixed cloud Explore of Unified Management Ideas, device and system | |
| CN110519306A (en) | A kind of the equipment access control method and device of Internet of Things | |
| CN110417820A (en) | Processing method, device and the readable storage medium storing program for executing of single-node login system | |
| CN110021092A (en) | A kind of lessee's access permission control method based on openid | |
| CN109413080B (en) | Cross-domain dynamic authority control method and system | |
| CN110021086A (en) | A method of the temporary Authorization opening gate based on openid | |
| CN108966216A (en) | A kind of method of mobile communication and device applied to power distribution network | |
| CN103188249A (en) | Concentration permission management system, authorization method and authentication method thereof | |
| CN109819053A (en) | Applied to the springboard machine system and its control method under mixing cloud environment | |
| CN103516674B (en) | Quickly and the method for network device online and control device | |
| CN106302425A (en) | A kind of virtualization system communication method between nodes and virtualization system thereof | |
| CN105933300A (en) | Safety management method and device | |
| KR102142045B1 (en) | A server auditing system in a multi cloud environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |