CN103473489B - A kind of the Authority Verification system and method for verifying authority of comprehensive supervision of keeping the safety in production - Google Patents

A kind of the Authority Verification system and method for verifying authority of comprehensive supervision of keeping the safety in production Download PDF

Info

Publication number
CN103473489B
CN103473489B CN201310231117.6A CN201310231117A CN103473489B CN 103473489 B CN103473489 B CN 103473489B CN 201310231117 A CN201310231117 A CN 201310231117A CN 103473489 B CN103473489 B CN 103473489B
Authority
CN
China
Prior art keywords
client
authority
user
server
internet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310231117.6A
Other languages
Chinese (zh)
Other versions
CN103473489A (en
Inventor
郭兵兵
姚磊
韩炘桥
李鹏
李娇娇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
LUOYANG HONGZHUO ELECTRONIC INFORMATION TECHNOLOGY Co Ltd
Original Assignee
LUOYANG HONGZHUO ELECTRONIC INFORMATION TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by LUOYANG HONGZHUO ELECTRONIC INFORMATION TECHNOLOGY Co Ltd filed Critical LUOYANG HONGZHUO ELECTRONIC INFORMATION TECHNOLOGY Co Ltd
Priority to CN201310231117.6A priority Critical patent/CN103473489B/en
Publication of CN103473489A publication Critical patent/CN103473489A/en
Application granted granted Critical
Publication of CN103473489B publication Critical patent/CN103473489B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention relates to supervisory systems technical field, a kind of the Authority Verification system and method for verifying authority of comprehensive supervision of keeping the safety in production are disclosed, and the Authority Verification system includes:Client and server end, client is communicated by some front end processors by internet and server end, each front end processor of client is provided with User logs in end module and business operation end module, and the server end is provided with the logon rights authentication module and business operation authentication module by the corresponding communication in internet with the User logs in end module and business operation end module of each front end processor;The internet communication agreement of client and server communication is http protocol.The present invention can will carry out the checking of authority to access request each time, the address of user's request is obtained when user is by the Internet access service device, and be compared with user right information database, when being verified, let pass, when checking is not by then directly return, with Authority Verification system is flexible, scalability is strong.

Description

A kind of the Authority Verification system and method for verifying authority of comprehensive supervision of keeping the safety in production
Technical field
The present invention relates to supervisory systems technical field, more particularly to a kind of Authority Verification system for comprehensive supervision of keeping the safety in production And method for verifying authority.
Background technology
At present, the Authority Verification of existing safety in production comprehensive monitoring system, reports frequently by driving superior, delays work Mistake;Also have and reported by network superior, as shown in figure 1, server receives request, each business is distributed to according to request address Processing module processing, each Service Processing Module is then complete by business processing code again respectively by Authority Verification code verification Into Authority Verification.
This verification process generally server authentication service request when perform is following process:
1st, server receives request address
/office_message/viewmessage=1369723192631
2nd, execution/office_message/viewmessageThe business processing program of _=1369723192631
3rd, the code of Authority Verification module is carried out in/office_message/viewmessage processing routine
4th, success is then let pass and performs business processing code, otherwise returns to lack of competence message.
System above needs to write the code of Authority Verification in the module of each business processing, causes Authority Verification generation The amount of writing of code is very huge, and is difficult to safeguard.
The content of the invention
In order to overcome the shortcomings of in background technology, the present invention provides a kind of Authority Verification system for comprehensive supervision of keeping the safety in production System and method for verifying authority.
In order to realize foregoing invention purpose, the present invention is as follows using technical scheme:
A kind of Authority Verification system for comprehensive supervision of keeping the safety in production, including:Client and server end, client is by some Front end processor is communicated by internet and server end, and each front end processor of client is provided with User logs in end module and business behaviour Make end module, the server end be provided with pass through with the User logs in end module and business operation end module of each front end processor it is mutual The logon rights authentication module and business operation authentication module of networking correspondence communication;The internet of client and server communication Communications protocol is http protocol.
A kind of method for verifying authority for comprehensive supervision of keeping the safety in production, using the Authority Verification system of safety in production comprehensive supervision Supervised, its step is as follows:
First, logon rights are verified
1), user browser access system login interface is passed through by the user of client;
2), input key signature instruction, client key signature command verified;User calls data by browser The random number that authentication procedure the reception server is sent, signs to random number, and proposes that input frame checking private key protects password, Then key signature is instructed signature value with user account password and certificate serial number in the lump by mutual by client by browser Networking is sent to server end, is verified by server end;
3), server end login authentication, server receives the data that are sent by browser of client, carries out successively as follows Checking:
A. certificate serial number SN values are taken out, validity is determined;
B. take out signature value and random number carries out validation verification;
C. user name, password are taken out to be verified, is verified if consistent with the username and password stored in database Pass through;
Above a.b.c. verification steps, when there is a checking not pass through, then server can return to failure, work as whole It is verified, then returns to the qualified success message of checking;And send out the result of checking through internet by returning to the result end Client is delivered to be judged;
4), user by the browser the reception server the result of client, if the result is qualified, browse The page of device will jump to system homepage, while recording session, underproof failed message, Yong Hudeng are verified in otherwise prompting Record terminates;
5), carry out business operation, into after the homepage of system client, every business operation of system can be carried out;
2nd, service authority is verified
1st, service request, user, into the service request interface of client homepage, is inputted by the checking of logon rights Service request is instructed, and is sent by internet to server end;
2nd, server authentication
A. the extraction request address end of server end, is extracted to the incoming traffic request instruction of client, to extracting Login user authority is judged;Judge to have in authority information the item not judged, including:Login user title, user's request ground Location and authority;
B. judge:Whether the request address of client matches with the request address in authority information;
It is judged as NO, returns and judge;It is judged as YES, server end proceeds next step judgement;
C. judge:Whether authority is possessed:It is judged as NO, authority authentication failed information terminal is returned to by authority by server end Authentication failed information is sent to client by internet does not possess authority end, and customer service request terminates;
It is judged as YES, Authority Verification is let pass, server end performs business processing work, and passes through the Internet transmission to client End, the business processing end of client is handled successfully, the service request order fulfillment.
Due to using technical scheme as described above, the present invention has following superiority:
One kind safety in production comprehensive supervision Authority Verification system and method for verifying authority, to the security requirement of system compared with Height, and the software systems of B/S architecture designs are directly can to access each function of system by request address, it is therefore necessary to every Access request once will carry out the checking of authority, and system is designed with SOA framework, it is desirable to permission system spirit Living, scalability is strong, and general Authority Verification system can not meet the requirement of the system.
The Authority Verification of safety production comprehensive monitoring system is to be come on the basis of http protocol as body with ca authentication The foundation of part identification, sets up user right information database, and user is authorized into the mark binding of HTTP request address, when with The address of user's request is obtained when family is by internent access system, and is compared with user right information database, if It is verified, lets pass, the information of user right authentication failed is not directly returned to if if checking.
【Brief description of the drawings】
Fig. 1 is the block diagram of existing Authority Verification system;
Fig. 2 is the block diagram of safety in production comprehensive supervision Authority Verification system;
Fig. 3 is the login authentication schematic flow sheet of Authority Verification system;
Fig. 4 is the service authority verification process schematic flow sheet of Authority Verification system;
【Embodiment】
As shown in Figure 2,3, 4, a kind of safety in production comprehensive supervision Authority Verification service system, using B/S architecture designs, is used Family accesses the system by internet using http protocol, and the system overall structure includes:Client and server end, client Communicated by some front end processors by internet and server end, each front end processor of client be provided with User logs in end module and Business operation end module, the server end is provided with User logs in end module and business operation end mould with each front end processor Logon rights authentication module and business operation authentication module that block passes through internet correspondence communication;Client and server is communicated Internet communication agreement be http protocol.
Client configuration requirement:More than CPU2G, more than internal memory 2G, hard disk more than 10G, software environment requirement:Windows More than XP operating systems, IE8 browsers;
Server configuration requirement:CPU:Inter Xeon processors, internal memory:16g,
Operating system:WINDOWS2012;Database platform:ORACLE;
Running environment:.NET FRAMEWORK4.0;WEB server:IIS7
One kind safety in production comprehensive supervision method, is supervised, its step is as follows using safety in production comprehensive monitoring system:
First, logon rights are verified
1st, user is by the User logs in interface of client,
2nd, input key signature instruction, client key signature command, client passes through the key signature instruction of checking Internet sends to server end and verified;User passes through the business operation interface of client, input user sign, Yong Huquan Limit instruction, sends communication HTTP request to server end by internet, carries out the Authority Verification of user;
3rd, server end login authentication, the login authentication end of server carries out login authentication, and the result of checking is passed through Return to the result end and sent through internet to client and judged;
4th, client the reception server checking is judged:Judge underproof, User logs in terminates;Judge qualified, User carries out next step business operation by client;
5th, server end is judged:Underproof, User logs in terminates;Qualified, server end is by the authority of user Qualified information is sent to client through internet, and the reception responder of client determines that the authority of user is qualified, user have into The business operation of row next step:The progress of data exchange system and accumulation layer that client passes through server end is communicated.
Below with account test(Password:123456)Exemplified by introduce the process of login authentication:If system reference address is: http://192.168.0.1。
Step 1:User is in client by the browser access system login page, and client is opened browser input and accessed Address:http://192.168.0.1, it will login page is presented in a browser.
Step 2:By certification key(USB KEY)Computer, input account and password are inputted, clicks on and logs in;Browser meeting The random number for calling data authentication program the reception server to send, signs to random number, and proposes that input frame verifies private key Password is protected, then signature value and user account password and certificate serial number are sent to server end by browser in the lump, by taking Verified at business device end.
Now browser sends following data by http protocol:
sign MIIEgQYJKoZIhvcNAQcC…(Signature value)
Rand824414766 (random number)
appcode1012(Application code)
sn4a1b1657297db39bb9937d232a10f025(Certificate serial number)
User_name test (user name)
Pwd123456 (password)
Step 3:Server end login authentication, server receives the data that client is sent by browser, carries out successively Following checking:
1st, SN is taken out(Certificate serial number)Value is 4a1b1657297db39bb9937d232a10f025 checking certificate sequences Number validity.
2nd, signature value is taken out(MIIEgQYJKoZIhvcNAQcC…)And random number(824414766)Validity is carried out to test Card
3rd, user name is taken out(test)Password(123456)Verified, if with the user name that is stored in database and close Code is unanimously then verified
Checking has a checking not return to failure by then server above, is all verified, returns into The message of work(.
If the session information of the user currently logged in can be recorded in the server by being proved to be successful.And be active user's distribution One session id(For example:57297db39bb9937d2), and return to client.
Failure is:False, successful message is:true.
The message that step 3 returns to client has:
Session id:57297db39bb9937d2
The result:true
Step 4:Server will return to true or false checking knot in browser the reception server the result, step 3 Fruit information,
If result is true, the page of browser will jump to system homepage:
http://192.168.0.1/home/main
Record session id simultaneously(57297db39bb9937d2).Otherwise the message of authentication failed is pointed out.
Step 5:Business operation is carried out, every business operation of system can be carried out after carrying out system homepage.For example carry out Check that message then checks message page by clicking on " checking message " in main menu access(http:// 192.168.0.1/office_message/viewmessage).Check that messaging service Authority Verification is verified in example by business Introduce.
2nd, service authority is verified
1st, service request, user is sent out by the service request interface of client, incoming traffic request instruction by internet Deliver to server end;
2nd, server authentication, the extraction request address end of server end is carried to the incoming traffic request instruction of client Take, extract login user authority and judged;Judge to have in authority information the item not judged, be judged as NO, pass through server end Authority authentication failed information terminal is returned, Authority Verification failure information is sent to client by internet and does not possess authority End, customer service request terminates;It is judged as YES, server end carries out next step judgement;
3rd, server end judges:Whether the request address of client matches with the request address in authority information;It is judged as It is no, return;It is judged as YES, server end proceeds next step judgement;
4th, server end continues to judge:Whether authority is possessed:It is judged as NO, will by returning to authority authentication failed information terminal Authority Verification failure information is sent to the authority end that do not possess of client by internet to be terminated;
It is judged as YES, Authority Verification is let pass, server end performs business processing work, and passes through the Internet transmission to client End, the business processing end of client is handled successfully, the service request order fulfillment.The characteristics of due to B/S systems, if user knows Road can be by browser if checking the reference address of messaging service and directly input http://192.168.0.1/ Office_message/viewmessage checks messaging service to access;
If the security for verifying example system without business can not ensure, it is exemplified below in detail:
Step 1:Service request, for example, access and check messaging service, browser will be proceeded as follows:
Browser takes out the session id stored when logging in(57297db39bb9937d2), send following HTTP data:
GET/office_message/viewmessage?_=1369723192631HTTP/1.1
Session_id:57297db39bb9937d2
, in this case will hair if browser is can not take session id when data above client is not normal accesses Send following HTTP data:
GET/office_message/viewmessage?_=1369723192631HTTP/1.1
Session_id:…
Step 2:Server authentication, server authentication process is:
1st, when server receives request, session_id is taken out first:57297db39bb9937d2, and from session column Currently logged on user test is obtained in table, login user can not be obtained if session_id is forges.
2nd, the address of user's request is obtained, i.e.,
/office_message/viewmessage=1369723192631
Wherein 1369723192631 represent the ID of message.
3rd, the permissions list of test user is taken out from rights database:It is as shown in the table
User name Request address Whether authority is possessed
test /office_message/viewmessage It is
test /office_message/addmessage It is
test /office_message/savemessage It is
test /office_message/deletemessage It is
4th, traversal rights database in all request locations, and with user's request address
(/office_message/viewmessage_=1369723192631)It is compared, above rights database In first(/office_message/viewmessage)The match is successful for meeting when being compared with user's request address, is tied Fruit is test user to request address
/ office_message/viewmessage=1369723192631 possess authority, perform following 5 process.
5th, Authority Verification is let pass, and is performed
The request handler of/office_message/viewmessage=1369723192631.
Security requirement of the safety production comprehensive monitoring system to system is higher, and the software systems of B/S architecture designs It is that each function of system directly can be accessed by request address, it is therefore necessary to which authority will be carried out to access request each time Checking, and system is designed with SOA framework, it is desirable to the Authority Verification that permission system is flexible, scalability is strong, general System can not meet the requirement of the system.
The Authority Verification of safety production comprehensive monitoring system is to be come on the basis of http protocol as body with ca authentication The foundation of part identification, sets up user right information database, and user is authorized into the mark binding of HTTP request address, when with The address of user's request is obtained when family is by internent access system, and is compared with user right information database, if It is verified, lets pass, the information of user right authentication failed is not directly returned to if if checking.

Claims (1)

1. a kind of method for verifying authority for comprehensive supervision of keeping the safety in production, it is characterised in that:Using the power of safety in production comprehensive supervision Limit checking system is supervised, and the system includes client and server end, client by some front end processors by internet and Server end is communicated, and each front end processor of client is provided with User logs in end module and business operation end module, the service Device end is provided with User logs in end module and business operation end module the stepping on by the corresponding communication in internet with each front end processor Record Authority Verification module and business operation authentication module;The internet communication agreement of client and server communication is assisted for HTTP View;Its step is as follows:
First, logon rights are verified
1), client user pass through browser access system login interface;
2), input key signature instruction, client to key signature instruction verify;User calls data to recognize by browser The random number that card program the reception server is sent, signs to random number, and input frame checking private key protection password, Ran Houke Key signature instruction signature value is sent out by internet in the lump with user account password and certificate serial number by browser at family end Server end is given, is verified by server end;
3), server end login authentication, server receives the data that are sent by browser of client, tested as follows successively Card:
A. the value of certificate serial number is taken out, validity is determined;
B. take out signature value and random number carries out validation verification;
C. account name, the password for taking out user are verified, if account name and password one with the user stored in database Cause, be then verified;
Checking is when there is a checking not pass through above, then server can return to failure, is verified, then returns when all The qualified success message of checking;And sentenced the result of checking by returning to the result end and being sent through internet to client It is disconnected;
4), user by the browser the reception server the result of client, if the result is qualified, browser The page will jump to system homepage, while recording session, underproof failed message, User logs in knot are verified in otherwise prompting Beam;
5), carry out business operation, into after the homepage of system client, every business operation of system can be carried out;
2nd, service authority is verified
1st, service request, user is by the checkings of logon rights, into the service request interface of client homepage, incoming traffic Request instruction, is sent to server end by internet;
2nd, server authentication
A. the extraction request address end of server end, extracts to the incoming traffic request instruction of client, extraction is stepped on Record user right is judged;Judge whether there is the item not judged in authority information, authority information includes:The account of login user Name, user's request address and authority;
B. judge:Whether the request address of client matches with the request address in authority information;
It is judged as NO, returns;It is judged as YES, server end proceeds next step judgement;
C. judge:Whether authority is possessed:
It is judged as NO, returning to authority authentication failed information terminal by server end sends out Authority Verification failure information by internet That delivers to client does not possess authority end, and customer service request terminates;
It is judged as YES, Authority Verification is let pass, server end performs business processing work, and by the Internet transmission to client, The business processing end of client is handled successfully, the service request order fulfillment.
CN201310231117.6A 2013-06-09 2013-06-09 A kind of the Authority Verification system and method for verifying authority of comprehensive supervision of keeping the safety in production Active CN103473489B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310231117.6A CN103473489B (en) 2013-06-09 2013-06-09 A kind of the Authority Verification system and method for verifying authority of comprehensive supervision of keeping the safety in production

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310231117.6A CN103473489B (en) 2013-06-09 2013-06-09 A kind of the Authority Verification system and method for verifying authority of comprehensive supervision of keeping the safety in production

Publications (2)

Publication Number Publication Date
CN103473489A CN103473489A (en) 2013-12-25
CN103473489B true CN103473489B (en) 2017-09-22

Family

ID=49798336

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310231117.6A Active CN103473489B (en) 2013-06-09 2013-06-09 A kind of the Authority Verification system and method for verifying authority of comprehensive supervision of keeping the safety in production

Country Status (1)

Country Link
CN (1) CN103473489B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111931133A (en) * 2019-12-26 2020-11-13 长扬科技(北京)有限公司 Permission control method based on B/S architecture

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105306423B (en) * 2014-07-04 2018-12-25 中国银联股份有限公司 Unified login method for distribution Web web station system
CN104573493B (en) * 2014-12-25 2018-07-06 北京深思数盾科技股份有限公司 A kind of method for protecting software and system
CN106911651A (en) * 2015-12-23 2017-06-30 上海格尔软件股份有限公司 A kind of automatic verification method based on Web server middleware
CN107274182B (en) * 2016-04-06 2020-06-16 阿里巴巴集团控股有限公司 Service processing method and device
JP7218228B2 (en) * 2019-03-26 2023-02-06 東芝テック株式会社 Content distribution system
CN110501996A (en) * 2019-08-30 2019-11-26 北京起重运输机械设计研究院有限公司 Stereo garage monitoring system operating right management method and system
CN111010368B (en) * 2019-11-11 2022-03-08 泰康保险集团股份有限公司 Authority authentication method, device and medium based on authentication chain and electronic equipment
CN111198773B (en) * 2019-12-31 2024-03-29 上海汇付支付有限公司 Message-based application communication method and device
CN113985821B (en) * 2021-09-08 2024-02-13 凯德技术长沙股份有限公司 Integrated circuit chip production processing system
CN116318863B (en) * 2023-02-14 2023-10-13 深圳市利谱信息技术有限公司 OPC industrial security gateway system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101000702A (en) * 2006-01-09 2007-07-18 北京东方兴华科技发展有限责任公司 Self service system and method
CN101163128A (en) * 2006-10-13 2008-04-16 贾波 Network attacked storage apparatus

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102171645B (en) * 2009-05-27 2015-03-04 株式会社日立解决方案 Retrieval system and control method thereof, retrieval space map server apparatus

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101000702A (en) * 2006-01-09 2007-07-18 北京东方兴华科技发展有限责任公司 Self service system and method
CN101163128A (en) * 2006-10-13 2008-04-16 贾波 Network attacked storage apparatus

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111931133A (en) * 2019-12-26 2020-11-13 长扬科技(北京)有限公司 Permission control method based on B/S architecture
CN111931133B (en) * 2019-12-26 2021-06-25 长扬科技(北京)有限公司 Permission control method based on B/S architecture

Also Published As

Publication number Publication date
CN103473489A (en) 2013-12-25

Similar Documents

Publication Publication Date Title
CN103473489B (en) A kind of the Authority Verification system and method for verifying authority of comprehensive supervision of keeping the safety in production
CN101764819B (en) For detecting the method and system of man-in-the-browser attacks
CN104348777B (en) The access control method and system of a kind of mobile terminal to third-party server
CN105592065B (en) A kind of Website logging method and its login system based on SMS
CN101977194B (en) Third-party verification code system and third-party verification code provision method
CN103795690B (en) A kind of method, proxy server and the system of cloud access control
CN103607284B (en) Identity authentication method and equipment and server
CN104283885B (en) A kind of implementation method of many SP secure bindings based on intelligent terminal local authentication
CN106131047A (en) Account login method and relevant device, account login system
WO2016173199A1 (en) Mobile application single sign-on method and device
CN103139200A (en) Single sign-on method of web service
CN105516133A (en) User identity verification method, server and client
CN103986584A (en) Double-factor identity verification method based on intelligent equipment
KR101812002B1 (en) Method and system for authenticating service
CN103546430A (en) Mobile terminal, and method, server and system for authenticating identities on basis of mobile terminal
CN104901924B (en) Internet account verification method and device
CN105162773B (en) A kind of convenient login method of Web system based on mobile terminal
CN102694781A (en) Internet-based system and method for security information interaction
CN103188241A (en) User account management method based on mobile intelligent terminal number
WO2015188439A1 (en) Virtual desktop authentication method, terminal, and server
CN102694782A (en) Internet-based device and method for security information interaction
CN115022047B (en) Account login method and device based on multi-cloud gateway, computer equipment and medium
CN105162774A (en) Virtual machine login method and device used for terminal
CN104579681A (en) Identity authentication system for mutual-trust application systems
CN107395622A (en) Method without cipher safety authentication

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP02 Change in the address of a patent holder
CP02 Change in the address of a patent holder

Address after: 471000 Henan city of Luoyang province Chinese (Henan) Luoyang Free Trade Zone Northern Area high tech Development Zone, Road No. 19, building 2, 2613

Patentee after: Luoyang Hongzhuo Electronic Information Technology Co., Ltd.

Address before: 471000 Henan city of Luoyang province Luopu Xigong District Road No. 1 Huayuan River Ming Ju 7 buildings 1 unit 5 floor No. 02

Patentee before: Luoyang Hongzhuo Electronic Information Technology Co., Ltd.