CN103473489B - A kind of the Authority Verification system and method for verifying authority of comprehensive supervision of keeping the safety in production - Google Patents
A kind of the Authority Verification system and method for verifying authority of comprehensive supervision of keeping the safety in production Download PDFInfo
- Publication number
- CN103473489B CN103473489B CN201310231117.6A CN201310231117A CN103473489B CN 103473489 B CN103473489 B CN 103473489B CN 201310231117 A CN201310231117 A CN 201310231117A CN 103473489 B CN103473489 B CN 103473489B
- Authority
- CN
- China
- Prior art keywords
- client
- authority
- user
- server
- internet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention relates to supervisory systems technical field, a kind of the Authority Verification system and method for verifying authority of comprehensive supervision of keeping the safety in production are disclosed, and the Authority Verification system includes:Client and server end, client is communicated by some front end processors by internet and server end, each front end processor of client is provided with User logs in end module and business operation end module, and the server end is provided with the logon rights authentication module and business operation authentication module by the corresponding communication in internet with the User logs in end module and business operation end module of each front end processor;The internet communication agreement of client and server communication is http protocol.The present invention can will carry out the checking of authority to access request each time, the address of user's request is obtained when user is by the Internet access service device, and be compared with user right information database, when being verified, let pass, when checking is not by then directly return, with Authority Verification system is flexible, scalability is strong.
Description
Technical field
The present invention relates to supervisory systems technical field, more particularly to a kind of Authority Verification system for comprehensive supervision of keeping the safety in production
And method for verifying authority.
Background technology
At present, the Authority Verification of existing safety in production comprehensive monitoring system, reports frequently by driving superior, delays work
Mistake;Also have and reported by network superior, as shown in figure 1, server receives request, each business is distributed to according to request address
Processing module processing, each Service Processing Module is then complete by business processing code again respectively by Authority Verification code verification
Into Authority Verification.
This verification process generally server authentication service request when perform is following process:
1st, server receives request address
/office_message/viewmessage=1369723192631
2nd, execution/office_message/viewmessageThe business processing program of _=1369723192631
3rd, the code of Authority Verification module is carried out in/office_message/viewmessage processing routine
4th, success is then let pass and performs business processing code, otherwise returns to lack of competence message.
System above needs to write the code of Authority Verification in the module of each business processing, causes Authority Verification generation
The amount of writing of code is very huge, and is difficult to safeguard.
The content of the invention
In order to overcome the shortcomings of in background technology, the present invention provides a kind of Authority Verification system for comprehensive supervision of keeping the safety in production
System and method for verifying authority.
In order to realize foregoing invention purpose, the present invention is as follows using technical scheme:
A kind of Authority Verification system for comprehensive supervision of keeping the safety in production, including:Client and server end, client is by some
Front end processor is communicated by internet and server end, and each front end processor of client is provided with User logs in end module and business behaviour
Make end module, the server end be provided with pass through with the User logs in end module and business operation end module of each front end processor it is mutual
The logon rights authentication module and business operation authentication module of networking correspondence communication;The internet of client and server communication
Communications protocol is http protocol.
A kind of method for verifying authority for comprehensive supervision of keeping the safety in production, using the Authority Verification system of safety in production comprehensive supervision
Supervised, its step is as follows:
First, logon rights are verified
1), user browser access system login interface is passed through by the user of client;
2), input key signature instruction, client key signature command verified;User calls data by browser
The random number that authentication procedure the reception server is sent, signs to random number, and proposes that input frame checking private key protects password,
Then key signature is instructed signature value with user account password and certificate serial number in the lump by mutual by client by browser
Networking is sent to server end, is verified by server end;
3), server end login authentication, server receives the data that are sent by browser of client, carries out successively as follows
Checking:
A. certificate serial number SN values are taken out, validity is determined;
B. take out signature value and random number carries out validation verification;
C. user name, password are taken out to be verified, is verified if consistent with the username and password stored in database
Pass through;
Above a.b.c. verification steps, when there is a checking not pass through, then server can return to failure, work as whole
It is verified, then returns to the qualified success message of checking;And send out the result of checking through internet by returning to the result end
Client is delivered to be judged;
4), user by the browser the reception server the result of client, if the result is qualified, browse
The page of device will jump to system homepage, while recording session, underproof failed message, Yong Hudeng are verified in otherwise prompting
Record terminates;
5), carry out business operation, into after the homepage of system client, every business operation of system can be carried out;
2nd, service authority is verified
1st, service request, user, into the service request interface of client homepage, is inputted by the checking of logon rights
Service request is instructed, and is sent by internet to server end;
2nd, server authentication
A. the extraction request address end of server end, is extracted to the incoming traffic request instruction of client, to extracting
Login user authority is judged;Judge to have in authority information the item not judged, including:Login user title, user's request ground
Location and authority;
B. judge:Whether the request address of client matches with the request address in authority information;
It is judged as NO, returns and judge;It is judged as YES, server end proceeds next step judgement;
C. judge:Whether authority is possessed:It is judged as NO, authority authentication failed information terminal is returned to by authority by server end
Authentication failed information is sent to client by internet does not possess authority end, and customer service request terminates;
It is judged as YES, Authority Verification is let pass, server end performs business processing work, and passes through the Internet transmission to client
End, the business processing end of client is handled successfully, the service request order fulfillment.
Due to using technical scheme as described above, the present invention has following superiority:
One kind safety in production comprehensive supervision Authority Verification system and method for verifying authority, to the security requirement of system compared with
Height, and the software systems of B/S architecture designs are directly can to access each function of system by request address, it is therefore necessary to every
Access request once will carry out the checking of authority, and system is designed with SOA framework, it is desirable to permission system spirit
Living, scalability is strong, and general Authority Verification system can not meet the requirement of the system.
The Authority Verification of safety production comprehensive monitoring system is to be come on the basis of http protocol as body with ca authentication
The foundation of part identification, sets up user right information database, and user is authorized into the mark binding of HTTP request address, when with
The address of user's request is obtained when family is by internent access system, and is compared with user right information database, if
It is verified, lets pass, the information of user right authentication failed is not directly returned to if if checking.
【Brief description of the drawings】
Fig. 1 is the block diagram of existing Authority Verification system;
Fig. 2 is the block diagram of safety in production comprehensive supervision Authority Verification system;
Fig. 3 is the login authentication schematic flow sheet of Authority Verification system;
Fig. 4 is the service authority verification process schematic flow sheet of Authority Verification system;
【Embodiment】
As shown in Figure 2,3, 4, a kind of safety in production comprehensive supervision Authority Verification service system, using B/S architecture designs, is used
Family accesses the system by internet using http protocol, and the system overall structure includes:Client and server end, client
Communicated by some front end processors by internet and server end, each front end processor of client be provided with User logs in end module and
Business operation end module, the server end is provided with User logs in end module and business operation end mould with each front end processor
Logon rights authentication module and business operation authentication module that block passes through internet correspondence communication;Client and server is communicated
Internet communication agreement be http protocol.
Client configuration requirement:More than CPU2G, more than internal memory 2G, hard disk more than 10G, software environment requirement:Windows
More than XP operating systems, IE8 browsers;
Server configuration requirement:CPU:Inter Xeon processors, internal memory:16g,
Operating system:WINDOWS2012;Database platform:ORACLE;
Running environment:.NET FRAMEWORK4.0;WEB server:IIS7
One kind safety in production comprehensive supervision method, is supervised, its step is as follows using safety in production comprehensive monitoring system:
First, logon rights are verified
1st, user is by the User logs in interface of client,
2nd, input key signature instruction, client key signature command, client passes through the key signature instruction of checking
Internet sends to server end and verified;User passes through the business operation interface of client, input user sign, Yong Huquan
Limit instruction, sends communication HTTP request to server end by internet, carries out the Authority Verification of user;
3rd, server end login authentication, the login authentication end of server carries out login authentication, and the result of checking is passed through
Return to the result end and sent through internet to client and judged;
4th, client the reception server checking is judged:Judge underproof, User logs in terminates;Judge qualified,
User carries out next step business operation by client;
5th, server end is judged:Underproof, User logs in terminates;Qualified, server end is by the authority of user
Qualified information is sent to client through internet, and the reception responder of client determines that the authority of user is qualified, user have into
The business operation of row next step:The progress of data exchange system and accumulation layer that client passes through server end is communicated.
Below with account test(Password:123456)Exemplified by introduce the process of login authentication:If system reference address is:
http://192.168.0.1。
Step 1:User is in client by the browser access system login page, and client is opened browser input and accessed
Address:http://192.168.0.1, it will login page is presented in a browser.
Step 2:By certification key(USB KEY)Computer, input account and password are inputted, clicks on and logs in;Browser meeting
The random number for calling data authentication program the reception server to send, signs to random number, and proposes that input frame verifies private key
Password is protected, then signature value and user account password and certificate serial number are sent to server end by browser in the lump, by taking
Verified at business device end.
Now browser sends following data by http protocol:
sign MIIEgQYJKoZIhvcNAQcC…(Signature value)
Rand824414766 (random number)
appcode1012(Application code)
sn4a1b1657297db39bb9937d232a10f025(Certificate serial number)
User_name test (user name)
Pwd123456 (password)
Step 3:Server end login authentication, server receives the data that client is sent by browser, carries out successively
Following checking:
1st, SN is taken out(Certificate serial number)Value is 4a1b1657297db39bb9937d232a10f025 checking certificate sequences
Number validity.
2nd, signature value is taken out(MIIEgQYJKoZIhvcNAQcC…)And random number(824414766)Validity is carried out to test
Card
3rd, user name is taken out(test)Password(123456)Verified, if with the user name that is stored in database and close
Code is unanimously then verified
Checking has a checking not return to failure by then server above, is all verified, returns into
The message of work(.
If the session information of the user currently logged in can be recorded in the server by being proved to be successful.And be active user's distribution
One session id(For example:57297db39bb9937d2), and return to client.
Failure is:False, successful message is:true.
The message that step 3 returns to client has:
Session id:57297db39bb9937d2
The result:true
Step 4:Server will return to true or false checking knot in browser the reception server the result, step 3
Fruit information,
If result is true, the page of browser will jump to system homepage:
http://192.168.0.1/home/main
Record session id simultaneously(57297db39bb9937d2).Otherwise the message of authentication failed is pointed out.
Step 5:Business operation is carried out, every business operation of system can be carried out after carrying out system homepage.For example carry out
Check that message then checks message page by clicking on " checking message " in main menu access(http://
192.168.0.1/office_message/viewmessage).Check that messaging service Authority Verification is verified in example by business
Introduce.
2nd, service authority is verified
1st, service request, user is sent out by the service request interface of client, incoming traffic request instruction by internet
Deliver to server end;
2nd, server authentication, the extraction request address end of server end is carried to the incoming traffic request instruction of client
Take, extract login user authority and judged;Judge to have in authority information the item not judged, be judged as NO, pass through server end
Authority authentication failed information terminal is returned, Authority Verification failure information is sent to client by internet and does not possess authority
End, customer service request terminates;It is judged as YES, server end carries out next step judgement;
3rd, server end judges:Whether the request address of client matches with the request address in authority information;It is judged as
It is no, return;It is judged as YES, server end proceeds next step judgement;
4th, server end continues to judge:Whether authority is possessed:It is judged as NO, will by returning to authority authentication failed information terminal
Authority Verification failure information is sent to the authority end that do not possess of client by internet to be terminated;
It is judged as YES, Authority Verification is let pass, server end performs business processing work, and passes through the Internet transmission to client
End, the business processing end of client is handled successfully, the service request order fulfillment.The characteristics of due to B/S systems, if user knows
Road can be by browser if checking the reference address of messaging service and directly input http://192.168.0.1/
Office_message/viewmessage checks messaging service to access;
If the security for verifying example system without business can not ensure, it is exemplified below in detail:
Step 1:Service request, for example, access and check messaging service, browser will be proceeded as follows:
Browser takes out the session id stored when logging in(57297db39bb9937d2), send following HTTP data:
GET/office_message/viewmessage?_=1369723192631HTTP/1.1
Session_id:57297db39bb9937d2
…
, in this case will hair if browser is can not take session id when data above client is not normal accesses
Send following HTTP data:
GET/office_message/viewmessage?_=1369723192631HTTP/1.1
Session_id:…
Step 2:Server authentication, server authentication process is:
1st, when server receives request, session_id is taken out first:57297db39bb9937d2, and from session column
Currently logged on user test is obtained in table, login user can not be obtained if session_id is forges.
2nd, the address of user's request is obtained, i.e.,
/office_message/viewmessage=1369723192631
Wherein 1369723192631 represent the ID of message.
3rd, the permissions list of test user is taken out from rights database:It is as shown in the table
User name | Request address | Whether authority is possessed |
test | /office_message/viewmessage | It is |
test | /office_message/addmessage | It is |
test | /office_message/savemessage | It is |
test | /office_message/deletemessage | It is |
4th, traversal rights database in all request locations, and with user's request address
(/office_message/viewmessage_=1369723192631)It is compared, above rights database
In first(/office_message/viewmessage)The match is successful for meeting when being compared with user's request address, is tied
Fruit is test user to request address
/ office_message/viewmessage=1369723192631 possess authority, perform following 5 process.
5th, Authority Verification is let pass, and is performed
The request handler of/office_message/viewmessage=1369723192631.
Security requirement of the safety production comprehensive monitoring system to system is higher, and the software systems of B/S architecture designs
It is that each function of system directly can be accessed by request address, it is therefore necessary to which authority will be carried out to access request each time
Checking, and system is designed with SOA framework, it is desirable to the Authority Verification that permission system is flexible, scalability is strong, general
System can not meet the requirement of the system.
The Authority Verification of safety production comprehensive monitoring system is to be come on the basis of http protocol as body with ca authentication
The foundation of part identification, sets up user right information database, and user is authorized into the mark binding of HTTP request address, when with
The address of user's request is obtained when family is by internent access system, and is compared with user right information database, if
It is verified, lets pass, the information of user right authentication failed is not directly returned to if if checking.
Claims (1)
1. a kind of method for verifying authority for comprehensive supervision of keeping the safety in production, it is characterised in that:Using the power of safety in production comprehensive supervision
Limit checking system is supervised, and the system includes client and server end, client by some front end processors by internet and
Server end is communicated, and each front end processor of client is provided with User logs in end module and business operation end module, the service
Device end is provided with User logs in end module and business operation end module the stepping on by the corresponding communication in internet with each front end processor
Record Authority Verification module and business operation authentication module;The internet communication agreement of client and server communication is assisted for HTTP
View;Its step is as follows:
First, logon rights are verified
1), client user pass through browser access system login interface;
2), input key signature instruction, client to key signature instruction verify;User calls data to recognize by browser
The random number that card program the reception server is sent, signs to random number, and input frame checking private key protection password, Ran Houke
Key signature instruction signature value is sent out by internet in the lump with user account password and certificate serial number by browser at family end
Server end is given, is verified by server end;
3), server end login authentication, server receives the data that are sent by browser of client, tested as follows successively
Card:
A. the value of certificate serial number is taken out, validity is determined;
B. take out signature value and random number carries out validation verification;
C. account name, the password for taking out user are verified, if account name and password one with the user stored in database
Cause, be then verified;
Checking is when there is a checking not pass through above, then server can return to failure, is verified, then returns when all
The qualified success message of checking;And sentenced the result of checking by returning to the result end and being sent through internet to client
It is disconnected;
4), user by the browser the reception server the result of client, if the result is qualified, browser
The page will jump to system homepage, while recording session, underproof failed message, User logs in knot are verified in otherwise prompting
Beam;
5), carry out business operation, into after the homepage of system client, every business operation of system can be carried out;
2nd, service authority is verified
1st, service request, user is by the checkings of logon rights, into the service request interface of client homepage, incoming traffic
Request instruction, is sent to server end by internet;
2nd, server authentication
A. the extraction request address end of server end, extracts to the incoming traffic request instruction of client, extraction is stepped on
Record user right is judged;Judge whether there is the item not judged in authority information, authority information includes:The account of login user
Name, user's request address and authority;
B. judge:Whether the request address of client matches with the request address in authority information;
It is judged as NO, returns;It is judged as YES, server end proceeds next step judgement;
C. judge:Whether authority is possessed:
It is judged as NO, returning to authority authentication failed information terminal by server end sends out Authority Verification failure information by internet
That delivers to client does not possess authority end, and customer service request terminates;
It is judged as YES, Authority Verification is let pass, server end performs business processing work, and by the Internet transmission to client,
The business processing end of client is handled successfully, the service request order fulfillment.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310231117.6A CN103473489B (en) | 2013-06-09 | 2013-06-09 | A kind of the Authority Verification system and method for verifying authority of comprehensive supervision of keeping the safety in production |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310231117.6A CN103473489B (en) | 2013-06-09 | 2013-06-09 | A kind of the Authority Verification system and method for verifying authority of comprehensive supervision of keeping the safety in production |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103473489A CN103473489A (en) | 2013-12-25 |
CN103473489B true CN103473489B (en) | 2017-09-22 |
Family
ID=49798336
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310231117.6A Active CN103473489B (en) | 2013-06-09 | 2013-06-09 | A kind of the Authority Verification system and method for verifying authority of comprehensive supervision of keeping the safety in production |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103473489B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111931133A (en) * | 2019-12-26 | 2020-11-13 | 长扬科技(北京)有限公司 | Permission control method based on B/S architecture |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105306423B (en) * | 2014-07-04 | 2018-12-25 | 中国银联股份有限公司 | Unified login method for distribution Web web station system |
CN104573493B (en) * | 2014-12-25 | 2018-07-06 | 北京深思数盾科技股份有限公司 | A kind of method for protecting software and system |
CN106911651A (en) * | 2015-12-23 | 2017-06-30 | 上海格尔软件股份有限公司 | A kind of automatic verification method based on Web server middleware |
CN107274182B (en) * | 2016-04-06 | 2020-06-16 | 阿里巴巴集团控股有限公司 | Service processing method and device |
JP7218228B2 (en) * | 2019-03-26 | 2023-02-06 | 東芝テック株式会社 | Content distribution system |
CN110501996A (en) * | 2019-08-30 | 2019-11-26 | 北京起重运输机械设计研究院有限公司 | Stereo garage monitoring system operating right management method and system |
CN111010368B (en) * | 2019-11-11 | 2022-03-08 | 泰康保险集团股份有限公司 | Authority authentication method, device and medium based on authentication chain and electronic equipment |
CN111198773B (en) * | 2019-12-31 | 2024-03-29 | 上海汇付支付有限公司 | Message-based application communication method and device |
CN113985821B (en) * | 2021-09-08 | 2024-02-13 | 凯德技术长沙股份有限公司 | Integrated circuit chip production processing system |
CN116318863B (en) * | 2023-02-14 | 2023-10-13 | 深圳市利谱信息技术有限公司 | OPC industrial security gateway system |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101000702A (en) * | 2006-01-09 | 2007-07-18 | 北京东方兴华科技发展有限责任公司 | Self service system and method |
CN101163128A (en) * | 2006-10-13 | 2008-04-16 | 贾波 | Network attacked storage apparatus |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102171645B (en) * | 2009-05-27 | 2015-03-04 | 株式会社日立解决方案 | Retrieval system and control method thereof, retrieval space map server apparatus |
-
2013
- 2013-06-09 CN CN201310231117.6A patent/CN103473489B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101000702A (en) * | 2006-01-09 | 2007-07-18 | 北京东方兴华科技发展有限责任公司 | Self service system and method |
CN101163128A (en) * | 2006-10-13 | 2008-04-16 | 贾波 | Network attacked storage apparatus |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111931133A (en) * | 2019-12-26 | 2020-11-13 | 长扬科技(北京)有限公司 | Permission control method based on B/S architecture |
CN111931133B (en) * | 2019-12-26 | 2021-06-25 | 长扬科技(北京)有限公司 | Permission control method based on B/S architecture |
Also Published As
Publication number | Publication date |
---|---|
CN103473489A (en) | 2013-12-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103473489B (en) | A kind of the Authority Verification system and method for verifying authority of comprehensive supervision of keeping the safety in production | |
CN101764819B (en) | For detecting the method and system of man-in-the-browser attacks | |
CN104348777B (en) | The access control method and system of a kind of mobile terminal to third-party server | |
CN105592065B (en) | A kind of Website logging method and its login system based on SMS | |
CN101977194B (en) | Third-party verification code system and third-party verification code provision method | |
CN103795690B (en) | A kind of method, proxy server and the system of cloud access control | |
CN103607284B (en) | Identity authentication method and equipment and server | |
CN104283885B (en) | A kind of implementation method of many SP secure bindings based on intelligent terminal local authentication | |
CN106131047A (en) | Account login method and relevant device, account login system | |
WO2016173199A1 (en) | Mobile application single sign-on method and device | |
CN103139200A (en) | Single sign-on method of web service | |
CN105516133A (en) | User identity verification method, server and client | |
CN103986584A (en) | Double-factor identity verification method based on intelligent equipment | |
KR101812002B1 (en) | Method and system for authenticating service | |
CN103546430A (en) | Mobile terminal, and method, server and system for authenticating identities on basis of mobile terminal | |
CN104901924B (en) | Internet account verification method and device | |
CN105162773B (en) | A kind of convenient login method of Web system based on mobile terminal | |
CN102694781A (en) | Internet-based system and method for security information interaction | |
CN103188241A (en) | User account management method based on mobile intelligent terminal number | |
WO2015188439A1 (en) | Virtual desktop authentication method, terminal, and server | |
CN102694782A (en) | Internet-based device and method for security information interaction | |
CN115022047B (en) | Account login method and device based on multi-cloud gateway, computer equipment and medium | |
CN105162774A (en) | Virtual machine login method and device used for terminal | |
CN104579681A (en) | Identity authentication system for mutual-trust application systems | |
CN107395622A (en) | Method without cipher safety authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP02 | Change in the address of a patent holder | ||
CP02 | Change in the address of a patent holder |
Address after: 471000 Henan city of Luoyang province Chinese (Henan) Luoyang Free Trade Zone Northern Area high tech Development Zone, Road No. 19, building 2, 2613 Patentee after: Luoyang Hongzhuo Electronic Information Technology Co., Ltd. Address before: 471000 Henan city of Luoyang province Luopu Xigong District Road No. 1 Huayuan River Ming Ju 7 buildings 1 unit 5 floor No. 02 Patentee before: Luoyang Hongzhuo Electronic Information Technology Co., Ltd. |