CN102571873A - Bidirectional security audit method and device in distributed system - Google Patents
Bidirectional security audit method and device in distributed system Download PDFInfo
- Publication number
- CN102571873A CN102571873A CN2010106192897A CN201010619289A CN102571873A CN 102571873 A CN102571873 A CN 102571873A CN 2010106192897 A CN2010106192897 A CN 2010106192897A CN 201010619289 A CN201010619289 A CN 201010619289A CN 102571873 A CN102571873 A CN 102571873A
- Authority
- CN
- China
- Prior art keywords
- controlled end
- distributed system
- authority
- service
- role
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012550 audit Methods 0.000 title claims abstract description 78
- 238000000034 method Methods 0.000 title claims abstract description 51
- 230000002457 bidirectional effect Effects 0.000 title claims abstract description 30
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 claims description 14
- 235000016936 Dendrocalamus strictus Nutrition 0.000 claims description 6
- 230000006872 improvement Effects 0.000 description 23
- 230000008569 process Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 230000008901 benefit Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000000368 destabilizing effect Effects 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses a bidirectional security audit method and a device in a distributed system. A controlled end (which at least comprises a client side accessed into the distributed system and a server in the distributed system) in the distributed system passes an identity authentication. After a user logs in the distributed system, the operation information of the user is audited by referring to authority information corresponding to the current role of the controlled end when the operation is executed each time; if the authority information comprises the operation authority, the controlled end is permitted to execute the operation, and otherwise, the controlled end is forbidden to execute the operation; therefore, the identity and the authority in operation are guaranteed to be legal and effective after a user, an application program, a server and various legal roles in a system application scene in the distributed system log in the system, and the safety of the system is guaranteed to the maximum extent.
Description
Technical field
The present invention relates to the safety control technology in a kind of distributed system
Background technology
Distributed platform is a technology based on middleware, and middleware is a kind of independently systems soft ware or service routine, and distributed platform is through this technology shared resource between different servers, and unified management is distributed in the service and the resource of different server.When the user uses service or resource at needs; Send the request of required service/resource to distributed platform through client; And by distributed platform user institute requested service/resource is positioned, find the server at this service/resource place, this request is sent to corresponding server handles; After server process finished, the result that draws still fed back to this client through this distributed platform.
In distributed system,, must in the whole system running, adopt safe precaution measure, i.e. safety certifying method in order to prevent security threat.Specifically, at first be in the user of client for each, this system all carries out authentication to it, and the checking through after issue digital certificate and Attribute certificate.The user can identify that when client is landed only in its legal identity of proof and after defining the competence, the request that it proposed just can meet with a response to certificate and key that it provided.This process is exactly to confirm that entity is his own stated own and has the legal and valid access rights.Using the authentication of digital certificate is a kind of strong factor authentication.Digital certificate is that the just issuing organization of third party authority is signed and issued, so he can confirm that another entity is himself really to an entity.
In the prior art, security service is only carried out identity and Authority Verification when login, just assert that it is in legal identity and effective right assignment always in running time subsequently.This has stayed hidden danger for the fail safe of whole system, for malicious attacker provides chance, and to the audit module normal execution brought destabilizing factor.Particularly to the visit of some essential industry data, when carrying out renewal, deletion and copy operation, the access control of only the main consuming body being carried out " one-time authentication passes through, effectively forever " is unreasonable, unreliable and halfway.
In addition, inventor of the present invention finds that user, client and application process all possess the digital certificate and the key of authenticating identity in existing distributed network system (DNS).System carries out authentication through digital certificate and key to it, for it provides service.And as providing the server of service side not possess appraisable authentication; Also have no digital certificate and key; The legitimacy of the operation of absolutely wrong server is audited, and can't guarantee that such service that server provided is legal, and whether the data of also can't identification obtaining are effective.Although the background server crowd is in the internal lan of relatively isolating, security threat is less, can't get rid of fully also to divulge a secret in inside or people such as inner hacker is behavior.Mutual communication between server and the server can't ensure the demand for security of data; This level of security influences less for common internet system; But for the industry internet that requires high security, be not enough, in case illegal act takes place, the consequence that is caused is also even more serious.Thus it is clear that, be one of key that ensures the distributed system fail safe for distributed platform provides a kind of more efficiently bidirectional safe auditing method.
Summary of the invention
The technical problem that the present invention mainly solves provides bidirectional safe auditing method and the device in a kind of distributed system; Guarantee that identity and authority in the operation of various legal role after login system in user in the distributed system, application program, server and the system applies scene are legal effectively, at utmost safeguards system safety.
In order to solve the problems of the technologies described above, the invention provides the bidirectional safe auditing method in a kind of distributed system, it is one of following that audit log comprises at least: operating time, data source, safe class and access result, and comprise following steps:
Each controlled end comprises an identity authentication module in the distributed system, the corresponding authority information of digital certificate, Role Information and role of this controlled end of storage in this authentication module;
Controlled end is logined said distributed system after using said digital certificate through authentication;
During the each executable operations of the controlled end after login; With reference to the pairing authority information of the current role of this controlled end its operation information is audited; If comprise said operation permission in this authority information; Then allow this controlled end to carry out said operation, otherwise forbid that then this controlled end carries out said operation;
This controlled end comprises the client that inserts said distributed system and the server in the said distributed system at least.
As the improvement of technique scheme, when the each executable operations of controlled end, also comprise following steps:
The controlled end digital certificate is verified, after checking is passed through, its operation information is audited with reference to the pairing authority information of the current role of this controlled end.
As the improvement of technique scheme, before the step that the user's of this client digital certificate is verified, user's key is verified.
As the improvement of technique scheme, if at least two roles of controlled end correspondence, the then corresponding Role Information authority information corresponding that comprises each role in the authentication module of this controlled end with each role;
Controlled end is selected the role of current use when the said distributed system of login.
Improvement as technique scheme; Authentication module is an external connection module; In the step of the step of digital certificate checking and the audit of said operation information; Obtain the digital certificate and the pairing authority information of current role of controlled end from this external authentication module, is connected if controlled end is broken off with external authentication module, then this digital certificate checking or operation information audit are failed.
As the improvement of technique scheme, it is one of following that the operation that controlled end is carried out comprises at least: obtain service, access system resources, visit back-end data.
As the improvement of technique scheme, digital certificate is based on the digital certificate of standard X.509;
The corresponding authority information of role is kept in this extended field based on the digital certificate of standard X.509.
As the improvement of technique scheme, the corresponding authority credentials of sorts of systems resource and back-end data difference in the distributed system, each service in this distributed system is a corresponding service codes respectively;
The authority information of authentication module storage comprises an accessible services tabulation and an authority credentials;
The mode of its operation information being audited with reference to the pairing authority information of the current role of controlled end is:
If corresponding current role's in service codes and the authentication module thereof in its request accessible services tabulation is then read in controlled end acquisition request service, if this service codes corresponding authority in this tabulation then allows this controlled end to obtain said service for allowing; If instead the corresponding authority of this service codes, forbids then that this controlled end obtains said service for forbidding;
If controlled end request access system resources or back-end data; Then will this system resource to be visited or the authority credentials of back-end data compare with the authority credentials of this controlled end; If the controlled end authority credentials is greater than or equal to the authority credentials of system resource or back-end data to be visited, then allow this controlled end to visit said system resource or back-end data; Otherwise, forbid that then this controlled end visits said system resource or back-end data.
As the improvement of technique scheme, the accessible services tabulation is a character string, corresponding service of each bit in the character string, and this controlled end of the value representation of this bit allows or bans use of this service.
As the improvement of technique scheme,, preserve audit log for the executable operations of the high safety grade in the preset range;
It is one of following that audit log comprises at least: operating time, data source, safe class and access result.
The present invention also provides the audit device of the bidirectional safe in a kind of distributed system, also comprises:
Each controlled end comprises an identity authentication module in the distributed system, the corresponding authority information of digital certificate, Role Information and role of this controlled end of storage in this authentication module, and this device comprises:
Authentication module is used for the controlled end digital certificate is verified, after checking is passed through, allows this client to login said distributed system;
Authority audit module; Be used for when the each executable operations of controlled end; With reference to the pairing authority information of the current role of this controlled end its operation information is audited; If comprise said operation permission in this authority information, then allow this controlled end to carry out said operation, otherwise forbid that then this controlled end carries out said operation;
Controlled end comprises the client that inserts said distributed system and the server in the said distributed system at least.
Improvement as technique scheme also comprises:
Identity audit module is used for when the each executable operations of controlled end, this controlled end digital certificate being verified, after checking was passed through, indication authority audit module was audited to operation information.
As the improvement of technique scheme, for client, identity audit module is also verified the user's that uses this client key.
As the improvement of technique scheme, if at least two roles of controlled end correspondence, the then corresponding Role Information authority information corresponding that comprises each role in the authentication module of this controlled end with each role;
Controlled end is selected the role of current use when the said distributed system of login.
Improvement as technique scheme; Authentication module is an external connection module; Authority audit module and identity audit module are obtained the digital certificate and the pairing authority information of current role of controlled end from this external authentication module; If breaking off with external authentication module, controlled end is connected, then digital certificate checking or said operation information audit failure.
As the improvement of technique scheme, it is one of following that the operation that controlled end is carried out comprises at least: obtain service, access system resources, visit back-end data;
The corresponding authority credentials of sorts of systems resource and back-end data difference in the distributed system, each service in this distributed system is a corresponding service codes respectively; The authority information of authentication module storage comprises an accessible services tabulation and an authority credentials;
The mode that authority audit module is audited to operation information is:
If corresponding current role's in service codes and the authentication module thereof in its request accessible services tabulation is then read in controlled end acquisition request service, if this service codes corresponding authority in this tabulation then allows this controlled end to obtain said service for allowing; If instead the corresponding authority of this service codes, forbids then that this controlled end obtains said service for forbidding;
If controlled end request access system resources or back-end data; Then will this system resource to be visited or the authority credentials of back-end data compare with the authority credentials of this controlled end; If the controlled end authority credentials is greater than or equal to the authority credentials of system resource or back-end data to be visited, then allow this controlled end to visit said system resource or back-end data; Otherwise, forbid that then this controlled end visits said system resource or back-end data.
As the improvement of technique scheme, the accessible services tabulation is a character string, corresponding service of each bit in the character string, and this controlled end of the value representation of this bit allows or bans use of this service.
Improvement as technique scheme also comprises:
The audit log module for the executable operations of the high safety grade in the preset range, is preserved audit log;
It is one of following that audit log comprises at least: operating time, data source, safe class and access result.
Embodiment of the present invention compared with prior art; The main distinction and effect thereof are: controlled end in distributed system (comprising the client that inserts distributed system and the server in the distributed system at least) is through authentication; After the login distributed system; During each executable operations, with reference to the pairing authority information of the current role of this controlled end its operation information is audited, if comprise this operation permission in this authority information; Then allow this controlled end to carry out this operation, otherwise then forbid this this operation of controlled end execution; Thereby guarantee that identity and authority in the operation of various legal role after login system in user in the distributed system, application program, server and the system applies scene are legal effectively, at utmost safeguards system safety.
When the each executable operations of controlled end, also this controlled end password and digital certificate are verified, promptly carry out the identity audit, after the identity audit is passed through, its operation information is audited with reference to the pairing authority information of the current role of this controlled end.Thereby prevent that effectively the operator from leaving under the situation temporarily, illegal person usurps situation, further guarantees system security.
This authentication module is an external connection module; In the step of the step of authentication and operation information audit; All obtain the digital certificate and the pairing authority information of current role of controlled end, be connected in case controlled end is broken off with external authentication module, then authentication or operation information audit failure from this external authentication module; Controlled end can't be carried out any operation, has ensured security of system.
For safe class higher resource access and executable operations, all can stay the audit log of information such as comprising time, data source, safe class and access result, in order to statistics and tracking from now on, find suspicious situation at any time.
Description of drawings
Below in conjunction with accompanying drawing and embodiment the present invention is done further explain.
Fig. 1 is the audit flow chart of user side in the bidirectional safe auditing method in the distributed system of first embodiment of the invention;
Fig. 2 is the X.509 letter of identity structural representation in the first embodiment of the invention;
Fig. 3 is the audit flow chart of server side in the bidirectional safe auditing method in the distributed system of first embodiment of the invention.
Embodiment
For making the object of the invention, technical scheme and advantage clearer, embodiment of the present invention is done to describe in detail further below in conjunction with accompanying drawing.
First embodiment of the invention relates to the bidirectional safe auditing method in a kind of distributed system; In this execution mode; Abandon that server is defaulted as safe idea in traditional system; Before the each executable operations of client in distributed system and server, all to carry out the audit of identity authentication and authority, promptly carry out and resource is enjoyed the identity authentication of carrying out and authority audit are all arranged for user or data in server visit each time, operation to it.Wherein, operation is carried out and is generally comprised the service of obtaining, access system resources, visit back-end data etc.And, also carry out track record for the executable operations of the high safety grade in the preset range, generate log information, so that system produces off-line statistics and Audit Report in view of the above in the future.
In this execution mode, the user sends the request of landing to distributed platform, and inputs corresponding password.If when user related two or above role, then need on log-in interface, to select corresponding role.At this moment, distributed platform is verified digital certificate in conjunction with key.After the distributed platform checking is passed through, return and this user-selected role and the corresponding user interface of authority thereof.If the user need carry out an operation; Need to submit corresponding operation information to distributed platform; As system resource sign of asking the service codes of serving or asking visit or back-end data sign etc., carry out the dual audit of identity and authority by distributed platform, and note corresponding audit log.
Concrete bidirectional safe auditing method is as shown in Figure 1, and in step 101, the user sends the request of landing through client to distributed platform, an external identity authentication module on client, and input corresponding password in client.In this step,, also need select the role of current login if when this user related two or above role.The Role Information and the corresponding authority information of role that comprise the corresponding role of digital certificate, this user of this user in this authentication module.For the user who comprises a plurality of roles, comprise each Role Information in this authentication module respectively, and the corresponding authority information of each role.
In the step 102, distributed platform combines user's key that its digital certificate is verified.
Obtain user's digital certificate from this external authentication module, be connected if the client that the user uses is broken off with external authentication module, then authentication is failed.
Wherein, digital certificate adopts based on standard X.509, and user role and the corresponding authority information of role are kept in the extended field of this digital certificate, and is as shown in Figure 2.
In the step 103, return the checking result to the user.If checking is passed through, then return the corresponding user interface of this role and authority, get into step 104.If, then do not return login failure information, process ends through checking.
In the step 104, the user submits required executable operations request to distributed platform.The operation that the user need carry out generally comprises: obtain service, access system resources, visit back-end data etc.
In the step 105; After distributed platform is received the request of this executable operations, earlier the user is carried out authentication, after authentication is passed through; With reference to the pairing authority information of the current role of this user its operation information is audited; Confirm whether this user has the authority of carrying out corresponding operating, if this operation permission of execution is arranged then get into step 106, if not then get into step 107.
Wherein, the mode of authentication is verified digital certificate in conjunction with user's key with step 102.Promptly require the user to input password, this user's password and digital certificate are verified respectively.
The mode of with reference to the pairing authority information of the current role of this user its operation information being audited specifically, is following:
Each service in the distributed system is a corresponding service codes respectively; The corresponding authority credentials of sorts of systems resource and back-end data difference in the distributed system.The authority information of user's authentication module storage comprises an accessible services tabulation and an authority credentials.
Wherein, the accessible services tabulation is a character string, totally 128 bits.Corresponding service of each bit in the character string, the value of this bit are that 1 expression allows this user to use this service, and the value of this bit is that 0 mark expression bans use of this service, and is as shown in table 1.
Table 1
If the user asks the service of obtaining that is operating as carried out; Then read corresponding current role's in service codes and the authentication module thereof in its request accessible services tabulation; If this service codes corresponding authority in this tabulation is to allow, then allow this user to obtain this service; If instead the authority of this service codes correspondence forbids then that for forbidding this user obtains this service.A is an example with service; The user should when service in the needs acquisition request, in its operation requests, comprises service codes 28, and distributed platform finds corresponding bit in this user's the accessible services tabulation according to this service codes; This bit is 0, explains and forbids that this user obtains this service.
If the user asks access system resources or back-end data; Then will this system resource to be visited or the authority credentials of back-end data compare with this user's authority credentials; If the user right value is greater than or equal to the authority credentials of system resource or back-end data to be visited, then allow this user capture system resource or back-end data; Otherwise, then forbid this user capture system resource or back-end data.For example, the user hopes to visit the A resource, then in its operation requests, comprises institute's requested resource sign; After distributed platform is received this request; Confirm the authority credentials of A resource according to this resource identification, the authority credentials of storing in this authority credentials and the authentication module is compared, if the authority credentials in the authenticating user identification module is lower than the authority credentials of A resource; Then forbid this user capture A resource, otherwise then allow this user capture A resource.
Through combining tabulation of 128 bit service and authority credentials to carry out the authority audit, it is more convenient to make that the authority audit implements, and audit speed is faster, and the system that do not influence normally uses.
In the step 106, the relevant position of the addressable tabulation that the current role of contrast user is corresponding is 1 o'clock at the bit of correspondence position, and this user has this operation permission of execution, returns service object's interface to this user.The user obtains required information according to service object's interface to corresponding server, comprises the required service of user, user capture system resource or back-end data etc.
In the step 107, obtain this user in the authority audit and do not have this operation permission of execution, the information of return request failure.
In this execution mode, server when carrying out any operation, need be audited after startup equally.Specifically, server need call other services, access system resources or back-end data equally providing for the user in the process of service; When server carries out aforesaid operations; Platform is audited to it equally, after audit is passed through, returns corresponding service object's interface.
Idiographic flow is as shown in Figure 3, in step 301, lands distributed platform during startup of server.Identical with the user, need an external identity authentication module during server log equally, the digital certificate of this server of storage, Role Information and corresponding authority information in this authentication module.Wherein Role Information is fixing, i.e. role server.Server needs password equally when login, use for ease, and its login password can directly be kept in this server program.
In the step 302, distributed platform combines the password of server that its digital certificate is verified.
Obtain the digital certificate of server from this external authentication module, is connected if server breaks off with external authentication module, then authentication is failed.
Digital certificate is same to be adopted based on standard X.509, and role server (static character) and corresponding authority information are kept in the extended field of this digital certificate, as shown in Figure 2.
In the step 303, platform returns the checking result to server.If checking is passed through, then allow this server log distributed platform, get into step 304.If, then do not return login failure information, process ends through checking.
In the step 304, when demand was arranged, server was submitted required executable operations request to distributed platform.Generally comprise: obtain other services, access system resources, visit back-end data etc.
In the step 305; After distributed platform is received the request of this executable operations, earlier server is carried out authentication, after authentication is passed through; Authority information with reference to this server is current is audited to its operation information; Confirm whether this server has the authority of carrying out corresponding operating, if this operation permission of execution is arranged then get into step 306, if not then get into step 307.
Wherein, the mode of authentication is verified digital certificate in conjunction with the key of server with step 302.Promptly the password and the digital certificate of this server are verified respectively.
Similar in mode of its operation information being audited with reference to the current authority information of this server and the step 105; Be operating as the service of obtaining if server requests is carried out; Then read service codes and the tabulation of the accessible services in the authentication module thereof in its request; If this service codes corresponding authority in this tabulation is to allow, then allow this server to obtain this service; If instead the authority of this service codes correspondence forbids then that for forbidding this server obtains this service.
If server requests access system resources or back-end data; Then will this system resource to be visited or the authority credentials of back-end data compare with the authority credentials of this server; If the server authority credentials is greater than or equal to the authority credentials of system resource or back-end data to be visited, then allow this server access system resource or back-end data; Otherwise, then forbid this server access system resource or back-end data.
In the step 306, the operation requests of this server is through audit, and distributed platform returns service object's interface to this server.Server obtains required information according to service object's interface to corresponding server, comprises the required service of server, server access system resource or back-end data etc.
In the step 307, obtain this server in the authority audit and do not have this operation permission of execution, the information of return request failure.
In sum; After adopting above-mentioned two-way audit technique; Any user in the distributed system and server are carrying out each time service call, data call each time, each time during resource access, all need carry out identity audit and authority audit, thereby guarantee that various legal role in user in the distributed system, application program, server and the system applies scene is in login system afterwards during executable operations; Its identity and authority are legal effective, at utmost safeguards system safety.And,, all can stay the audit log of information such as comprising time, data source, safe class and access result, in order to statistics and tracking from now on for safe class higher resource access and executable operations.Thereby further safeguards system safety.
And, before the authority information of user or server is audited, earlier this controlled end password and digital certificate are verified; Promptly carry out the identity audit; Thereby prevent that effectively the operator from leaving under the situation temporarily, illegal person usurps situation, further guarantees system security.
Second embodiment of the invention relates to the bidirectional safe audit device in a kind of distributed system; Comprise: each controlled end comprises an identity authentication module in the distributed system; The corresponding authority information of digital certificate, Role Information and role of this controlled end of storage in this authentication module, this device comprises: authentication module is used for the controlled end digital certificate is verified; After checking is passed through, allow this client login distributed system; Authority audit module; Be used for when the each executable operations of controlled end; With reference to the pairing authority information of the current role of this controlled end its operation information is audited; If comprise this operation permission in this authority information, then allow this controlled end to carry out this operation, otherwise then forbid this this operation of controlled end execution; Controlled end comprises the client that inserts distributed system and the server in the distributed system at least.
As the improvement of technique scheme, can also comprise in this device: identity audit module is used for when the each executable operations of controlled end, this controlled end digital certificate being verified that after checking was passed through, indication authority audit module was audited to operation information.
As the improvement of technique scheme, for client, this identity audit module is also verified the user's that uses this client key.
As the improvement of technique scheme, if at least two roles of controlled end correspondence, the then corresponding Role Information authority information corresponding that comprises each role in the authentication module of this controlled end with each role; Controlled end is selected the role of current use when the login distributed system.
Improvement as technique scheme; Authentication module is an external connection module; Authority audit module and identity audit module are obtained the digital certificate and the pairing authority information of current role of controlled end from this external authentication module; If breaking off with external authentication module, controlled end is connected, then digital certificate checking or this operation information audit failure.
As the improvement of technique scheme, it is one of following that the operation that controlled end is carried out comprises at least: obtain service, access system resources, visit back-end data; The corresponding authority credentials of sorts of systems resource and back-end data difference in the distributed system, each service in this distributed system is a corresponding service codes respectively; The authority information of authentication module storage comprises an accessible services tabulation and an authority credentials;
The mode that authority audit module is audited to operation information is: if the service of controlled end acquisition request; Then read corresponding current role's in service codes and the authentication module thereof in its request accessible services tabulation; If this service codes corresponding authority in this tabulation is to allow, then allow this controlled end to obtain this service; If instead the corresponding authority of this service codes, forbids then that this controlled end obtains this service for forbidding;
If controlled end request access system resources or back-end data; Then will this system resource to be visited or the authority credentials of back-end data compare with the authority credentials of this controlled end; If the controlled end authority credentials is greater than or equal to the authority credentials of system resource or back-end data to be visited, then allow this controlled end this system resource of visit or back-end data; Otherwise, then forbid this controlled end this system resource of visit or back-end data.
As the improvement of technique scheme, the accessible services tabulation is a character string, corresponding service of each bit in the character string, and this controlled end of the value representation of this bit allows or bans use of this service.
As the improvement of technique scheme, this device can also comprise: the audit log module, for the executable operations of the high safety grade in the preset range, preserve audit log; It is one of following that audit log comprises at least: operating time, data source, safe class and access result.
Through this execution mode, can guarantee that identity and the authority in the operation of various legal role after login system in user in the distributed system, application program, server and the system applies scene is legal effectively, at utmost safeguards system safety.
Though through reference some preferred implementation of the present invention; The present invention is illustrated and describes; But those of ordinary skill in the art should be understood that and can do various changes to it in form with on the details, and without departing from the spirit and scope of the present invention.
Claims (18)
1. the bidirectional safe auditing method in the distributed system is characterized in that, comprises following steps:
Each controlled end comprises an identity authentication module in the said distributed system, the corresponding authority information of digital certificate, Role Information and role of this controlled end of storage in this authentication module;
Said controlled end is logined said distributed system after using said digital certificate through authentication;
During the each executable operations of controlled end after said login; With reference to the pairing authority information of the current role of this controlled end its operation information is audited; If comprise said operation permission in this authority information; Then allow this controlled end to carry out said operation, otherwise forbid that then this controlled end carries out said operation;
Said controlled end comprises the client that inserts said distributed system and the server in the said distributed system at least.
2. the bidirectional safe auditing method in the distributed system according to claim 1 is characterized in that, when the each executable operations of said controlled end, also comprises following steps:
Said controlled end digital certificate is verified, after checking is passed through, its operation information is audited with reference to the pairing authority information of the current role of this controlled end.
3. the bidirectional safe auditing method in the distributed system according to claim 2 is characterized in that, for client, before the step that the user's of this client digital certificate is verified, also comprises following steps:
Key to said user is verified.
4. the bidirectional safe auditing method in the distributed system according to claim 2; It is characterized in that; If at least two roles of said controlled end correspondence, the then corresponding Role Information authority information corresponding that comprises each role in the authentication module of this controlled end with each role;
Said controlled end is selected the role of current use when the said distributed system of login.
5. the bidirectional safe auditing method in the distributed system according to claim 2; It is characterized in that; Said authentication module is an external connection module, in the step of the step of said digital certificate checking and the audit of said operation information, obtains the digital certificate and the pairing authority information of current role of controlled end from this external authentication module;, said controlled end is connected then said digital certificate checking or said operation information audit failure if breaking off with said external authentication module.
6. the bidirectional safe auditing method in the distributed system according to claim 1 is characterized in that, it is one of following that the operation that said controlled end is carried out comprises at least: obtain service, access system resources, visit back-end data.
7. the bidirectional safe auditing method in the distributed system according to claim 6 is characterized in that, said digital certificate is based on the digital certificate of standard X.509;
The corresponding authority information of said role is kept in this extended field based on the digital certificate of standard X.509.
8. the bidirectional safe auditing method in the distributed system according to claim 7; It is characterized in that; The corresponding authority credentials of sorts of systems resource and back-end data difference in the said distributed system, each service in the said distributed system is a corresponding service codes respectively;
The authority information of said authentication module storage comprises an accessible services tabulation and an authority credentials;
Said mode of its operation information being audited with reference to the pairing authority information of the current role of controlled end is:
If said controlled end acquisition request service; Then read corresponding current role's in service codes and the authentication module thereof in its request accessible services tabulation; If this service codes corresponding authority in this tabulation is to allow, then allow this controlled end to obtain said service; If instead the corresponding authority of this service codes, forbids then that this controlled end obtains said service for forbidding;
If said controlled end request access system resources or back-end data; Then will this system resource to be visited or the authority credentials of back-end data compare with the authority credentials of this controlled end; If the controlled end authority credentials is greater than or equal to the authority credentials of system resource or back-end data to be visited, then allow this controlled end to visit said system resource or back-end data; Otherwise, forbid that then this controlled end visits said system resource or back-end data.
9. the bidirectional safe auditing method in the distributed system according to claim 8; It is characterized in that; Said accessible services tabulation is a character string, corresponding service of each bit in the character string, and this controlled end of the value representation of this bit allows or bans use of this service.
10. according to the bidirectional safe auditing method in any described distributed system in the claim 1 to 9, it is characterized in that,, preserve audit log for the executable operations of the high safety grade in the preset range;
It is one of following that said audit log comprises at least: operating time, data source, safe class and access result.
11. the bidirectional safe audit device in the distributed system; It is characterized in that; Each controlled end comprises an identity authentication module in the said distributed system, the corresponding authority information of digital certificate, Role Information and role of this controlled end of storage in this authentication module, and this device comprises:
Authentication module is used for said controlled end digital certificate is verified, after checking is passed through, allows this client to login said distributed system;
Authority audit module; Be used for when the each executable operations of controlled end; With reference to the pairing authority information of the current role of this controlled end its operation information is audited; If comprise said operation permission in this authority information, then allow this controlled end to carry out said operation, otherwise forbid that then this controlled end carries out said operation;
Said controlled end comprises the client that inserts said distributed system and the server in the said distributed system at least.
12. the bidirectional safe audit device in the distributed system according to claim 11; It is characterized in that; Also comprise: identity audit module is used for when the each executable operations of said controlled end, said controlled end digital certificate being verified; After checking is passed through, indicate said authority audit module that operation information is audited.
13. the bidirectional safe audit device in the distributed system according to claim 12 is characterized in that, for client, said identity audit module is also verified the user's that uses this client key.
14. the bidirectional safe audit device in the distributed system according to claim 12; It is characterized in that; If at least two roles of said controlled end correspondence, the then corresponding Role Information authority information corresponding that comprises each role in the authentication module of this controlled end with each role;
Said controlled end is selected the role of current use when the said distributed system of login.
15. the bidirectional safe audit device in the distributed system according to claim 12; It is characterized in that; Said authentication module is an external connection module; Said authority audit module and said identity audit module are obtained the digital certificate and the pairing authority information of current role of controlled end from this external authentication module, are connected if said controlled end is broken off with said external authentication module, and then said digital certificate checking or said operation information are audited and failed.
16. the bidirectional safe audit device in the distributed system according to claim 12 is characterized in that, it is one of following that the operation that said controlled end is carried out comprises at least: obtain service, access system resources, visit back-end data;
The corresponding authority credentials of sorts of systems resource and back-end data difference in the said distributed system, each service in the said distributed system is a corresponding service codes respectively; The authority information of said authentication module storage comprises an accessible services tabulation and an authority credentials;
The mode that said authority audit module is audited to operation information is:
If said controlled end acquisition request service; Then read corresponding current role's in service codes and the authentication module thereof in its request accessible services tabulation; If this service codes corresponding authority in this tabulation is to allow, then allow this controlled end to obtain said service; If instead the corresponding authority of this service codes, forbids then that this controlled end obtains said service for forbidding;
If said controlled end request access system resources or back-end data; Then will this system resource to be visited or the authority credentials of back-end data compare with the authority credentials of this controlled end; If the controlled end authority credentials is greater than or equal to the authority credentials of system resource or back-end data to be visited, then allow this controlled end to visit said system resource or back-end data; Otherwise, forbid that then this controlled end visits said system resource or back-end data.
17. the bidirectional safe audit device in the distributed system according to claim 16; It is characterized in that; Said accessible services tabulation is a character string, corresponding service of each bit in the character string, and this controlled end of the value representation of this bit allows or bans use of this service.
18. the bidirectional safe audit device according in any described distributed system in the claim 11 to 17 is characterized in that, also comprises:
The audit log module for the executable operations of the high safety grade in the preset range, is preserved audit log;
It is one of following that said audit log comprises at least: operating time, data source, safe class and access result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010619289.7A CN102571873B (en) | 2010-12-31 | 2010-12-31 | Bidirectional security audit method and device in distributed system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010619289.7A CN102571873B (en) | 2010-12-31 | 2010-12-31 | Bidirectional security audit method and device in distributed system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102571873A true CN102571873A (en) | 2012-07-11 |
| CN102571873B CN102571873B (en) | 2015-01-28 |
Family
ID=46416344
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010619289.7A Active CN102571873B (en) | 2010-12-31 | 2010-12-31 | Bidirectional security audit method and device in distributed system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102571873B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105095792A (en) * | 2015-08-12 | 2015-11-25 | 浪潮(北京)电子信息产业有限公司 | Storage resource management method and system based on multi-user rights |
| CN106027498A (en) * | 2016-05-05 | 2016-10-12 | 北京元心科技有限公司 | Method and device for improving email security of enterprise mobile management (EMM) system |
| CN106612250A (en) * | 2015-10-21 | 2017-05-03 | 腾讯科技(深圳)有限公司 | Resource utilization authority judgment system and method |
| CN107872439A (en) * | 2016-09-28 | 2018-04-03 | 腾讯科技(深圳)有限公司 | A kind of personal identification method, apparatus and system |
| CN109344600A (en) * | 2018-10-09 | 2019-02-15 | 象翌微链科技发展有限公司 | A kind of distributed system and the data processing method based on the system |
| CN109587101A (en) * | 2017-09-29 | 2019-04-05 | 腾讯科技(深圳)有限公司 | A kind of digital certificate management method, device and storage medium |
| CN110933037A (en) * | 2019-10-31 | 2020-03-27 | 贝壳技术有限公司 | User authority verification method and authority management system |
| CN111953491A (en) * | 2020-09-01 | 2020-11-17 | 杭州视洞科技有限公司 | SSHCertite and LDAP based two-step authentication auditing system |
| CN112104668A (en) * | 2020-11-10 | 2020-12-18 | 成都掌控者网络科技有限公司 | Distributed authority process separation control method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101321064A (en) * | 2008-07-17 | 2008-12-10 | 上海众恒信息产业有限公司 | Information system access control method and apparatus based on digital certificate technique |
| CN101350722A (en) * | 2008-07-24 | 2009-01-21 | 上海众恒信息产业有限公司 | Apparatus and method for controlling data security of information system |
| CN101707594A (en) * | 2009-10-21 | 2010-05-12 | 南京邮电大学 | Single sign on based grid authentication trust model |
-
2010
- 2010-12-31 CN CN201010619289.7A patent/CN102571873B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101321064A (en) * | 2008-07-17 | 2008-12-10 | 上海众恒信息产业有限公司 | Information system access control method and apparatus based on digital certificate technique |
| CN101350722A (en) * | 2008-07-24 | 2009-01-21 | 上海众恒信息产业有限公司 | Apparatus and method for controlling data security of information system |
| CN101707594A (en) * | 2009-10-21 | 2010-05-12 | 南京邮电大学 | Single sign on based grid authentication trust model |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105095792A (en) * | 2015-08-12 | 2015-11-25 | 浪潮(北京)电子信息产业有限公司 | Storage resource management method and system based on multi-user rights |
| CN105095792B (en) * | 2015-08-12 | 2018-05-25 | 浪潮(北京)电子信息产业有限公司 | A kind of storage resource management method and system based on multi-user authority |
| CN106612250A (en) * | 2015-10-21 | 2017-05-03 | 腾讯科技(深圳)有限公司 | Resource utilization authority judgment system and method |
| CN106027498A (en) * | 2016-05-05 | 2016-10-12 | 北京元心科技有限公司 | Method and device for improving email security of enterprise mobile management (EMM) system |
| CN107872439A (en) * | 2016-09-28 | 2018-04-03 | 腾讯科技(深圳)有限公司 | A kind of personal identification method, apparatus and system |
| CN107872439B (en) * | 2016-09-28 | 2021-02-05 | 腾讯科技(深圳)有限公司 | Identity recognition method, device and system |
| CN109587101A (en) * | 2017-09-29 | 2019-04-05 | 腾讯科技(深圳)有限公司 | A kind of digital certificate management method, device and storage medium |
| CN109587101B (en) * | 2017-09-29 | 2021-04-13 | 腾讯科技(深圳)有限公司 | Digital certificate management method, device and storage medium |
| CN109344600A (en) * | 2018-10-09 | 2019-02-15 | 象翌微链科技发展有限公司 | A kind of distributed system and the data processing method based on the system |
| CN109344600B (en) * | 2018-10-09 | 2022-04-08 | 象翌微链科技发展有限公司 | Distributed system and data processing method based on same |
| CN110933037A (en) * | 2019-10-31 | 2020-03-27 | 贝壳技术有限公司 | User authority verification method and authority management system |
| CN111953491A (en) * | 2020-09-01 | 2020-11-17 | 杭州视洞科技有限公司 | SSHCertite and LDAP based two-step authentication auditing system |
| CN111953491B (en) * | 2020-09-01 | 2022-06-10 | 杭州视洞科技有限公司 | SSH Certificate and LDAP based two-step authentication auditing method |
| CN112104668A (en) * | 2020-11-10 | 2020-12-18 | 成都掌控者网络科技有限公司 | Distributed authority process separation control method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102571873B (en) | 2015-01-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11063928B2 (en) | System and method for transferring device identifying information | |
| US10652226B2 (en) | Securing communication over a network using dynamically assigned proxy servers | |
| CN102571873B (en) | Bidirectional security audit method and device in distributed system | |
| US20200106610A1 (en) | System and method for decentralized identity management, authentication and authorization of applications | |
| CN106888084B (en) | Quantum fort machine system and authentication method thereof | |
| US11122047B2 (en) | Invitation links with enhanced protection | |
| US9288193B1 (en) | Authenticating cloud services | |
| CN108810073A (en) | A kind of Internet of Things multiple domain access control system and method based on block chain | |
| US9825938B2 (en) | System and method for managing certificate based secure network access with a certificate having a buffer period prior to expiration | |
| WO2018219056A1 (en) | Authentication method, device, system and storage medium | |
| JP2017510013A (en) | Techniques for providing network security with just-in-time provisioned accounts | |
| EP3374852B1 (en) | Authorized areas of authentication | |
| CN103827811A (en) | Managing basic input/output system (BIOS) access | |
| CN103259663A (en) | User unified authentication method in cloud computing environment | |
| US20210234850A1 (en) | System and method for accessing encrypted data remotely | |
| CN101669128A (en) | Cascading authentication system | |
| CN103856332A (en) | Implementation method of one-to-multiple account mapping binding of convenient and rapid multi-screen multi-factor WEB identity authentication | |
| CN101321064A (en) | Information system access control method and apparatus based on digital certificate technique | |
| CN102571874B (en) | On-line audit method and device in distributed system | |
| CN108881218B (en) | Data security enhancement method and system based on cloud storage management platform | |
| US11956228B2 (en) | Method and apparatus for securely managing computer process access to network resources through delegated system credentials | |
| KR20060032888A (en) | Apparatus for managing identification information via internet and method of providing service using the same | |
| US11233776B1 (en) | Providing content including sensitive data | |
| Klevjer et al. | Extended HTTP digest access authentication | |
| CN112334898A (en) | System and method for managing multi-domain access credentials for users having access to multiple domains |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP02 | Change in the address of a patent holder | ||
| CP02 | Change in the address of a patent holder |
Address after: 201203 403d, building 5, No. 3000, Longdong Avenue, Pudong New Area, Shanghai Patentee after: Shanghai Kelu Software Co.,Ltd. Address before: 201203 Shanghai city Pudong New Area road 887 Lane 82 Zuchongzhi Building No. two North Patentee before: Shanghai Kelu Software Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20231107 Address after: 201203 north, 2nd floor, No.82, Lane 887, Zuchongzhi Road, Pudong New Area, Shanghai Patentee after: Shanghai Kelu Software Co.,Ltd. Patentee after: Shanghai Left Bank Investment Management Co.,Ltd. Address before: 201203 403D 5, 3000 Longdong Avenue, Pudong New Area, Shanghai. Patentee before: Shanghai Kelu Software Co.,Ltd. |