CN104065612B - A kind of user management method, device and Union user management system - Google Patents

A kind of user management method, device and Union user management system Download PDF

Info

Publication number
CN104065612B
CN104065612B CN201310085024.7A CN201310085024A CN104065612B CN 104065612 B CN104065612 B CN 104065612B CN 201310085024 A CN201310085024 A CN 201310085024A CN 104065612 B CN104065612 B CN 104065612B
Authority
CN
China
Prior art keywords
user
information
servicetick
operation system
system
Prior art date
Application number
CN201310085024.7A
Other languages
Chinese (zh)
Other versions
CN104065612A (en
Inventor
陈云峰
陈志刚
范晓晖
Original Assignee
中国移动通信集团公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国移动通信集团公司 filed Critical 中国移动通信集团公司
Priority to CN201310085024.7A priority Critical patent/CN104065612B/en
Publication of CN104065612A publication Critical patent/CN104065612A/en
Application granted granted Critical
Publication of CN104065612B publication Critical patent/CN104065612B/en

Links

Abstract

The embodiment of the present invention provides a kind of user management method, device and Union user management system, multiple user types corresponding with different operation authority can be configured in operation system, the user type full dose of itself configuration can be synchronized to Subscriber Management System by operation system.Subscriber Management System is fed back in the operation system to operation system, the user type of user so that operation system can determine the operating right of user according to user type, so as to realize the validity judgement of the Operational Visit request to user.

Description

A kind of user management method, device and Union user management system

Technical field

The present invention relates to the communications field, more particularly to a kind of user management method, device and Union user management system.

Background technology

At present, in the user management method of operation system, including mobile proxy system(Mobile Agent System, MAS)Pattern and Application Data Center(Application data Center, ADC)Pattern.

Under MAS patterns, the main implementation that part is inserted using pedestal.Subscriber Management System as pedestal is only realized To the access-in management of each operation system, the management of the user data to each operation system is not realized.Therefore, it is necessary to system Keeper adds user data in each operation system as plug-in unit respectively(That is user account information)With configuration user behaviour Make authority, each operation system is separate, each Self management user.When user needs to use multiple operation systems, it is necessary to Login authentication is carried out respectively in each operation system.

Under ADC mode, although realizing single-sign-on, Subscriber Management System is needed to each operation system synchronization user Data, and need that the operating right of user is respectively configured for each operation system.

In existing scheme, when Subscriber Management System is the operating right of each operation system of user configuration, user management system System needs the user data according to the user, the operating right of the user is inquired about to each operation system respectively, by the operating right The user is distributed to, and Light Directory Access Protocol can be stored in(Lightweight Directory Access Protocol, LADP)In.After the certification that user passes through Subscriber Management System, single-sign-on to operation system, grasped every time When making, operation system is according to the user data of the user, as user name inquires about to Subscriber Management System the operating right of the user, So as to learn whether the user can carry out this operation.

Therefore, there is problems with prior art:

(1), for each user, each operation system that Subscriber Management System is both needed to use to the user inquires about the user Operating right;And it is both needed to inquire about the behaviour of the user to Subscriber Management System for each operation of a user, operation system Make authority.Because the data query operation between operation system and Subscriber Management System is frequent, can cause to take substantial amounts of system Resource.And during due to carrying out data query every time, it is required to carry user data so that the risk that user data is stolen by hacker Property is higher.

(2), Subscriber Management System need to each operation system synchronizing user data, thus there may be each operation system with The problem of user data in Subscriber Management System is inconsistent.

The content of the invention

The embodiment of the present invention provides a kind of user management method, device and Union user management system, for improving user The security of data.

A kind of user management method, methods described include:

Subscriber Management System receives the authentication business system that operation system is sent and accesses label ServiceTick requests, institute State in certification ServiceTick requests and carry ServiceTick information corresponding to the operation system;

The Subscriber Management System is authenticated to the ServiceTick information, and is believed to the ServiceTick Cease certification by when, carried to the operation system return authentication response message, in the authentication response message user's mark with And user type, the user are identified as user corresponding to the ServiceTick information and identified, the user type is described In all user types that Subscriber Management System is sent in advance from the operation system, corresponding to the user that determines mark User type;

Wherein, operation system operating right according to corresponding to the user type, it is determined that identifying table to the user The response results for the Operational Visit request that the user shown sends.

A kind of user management method, methods described include:

Operation system receives the Operational Visit that user is sent by browser and asked;

The operation system is according to operating right, it is determined that the response results asked the Operational Visit that the user sends, The operating right is operation system user type according to corresponding to the predetermined user, and that determines is corresponding Operating right;

Wherein, the user type determines in the following manner:

The operation system sends authentication business system to Subscriber Management System and accesses label ServiceTick requests, institute State in certification ServiceTick requests and carry ServiceTick information corresponding to the operation system;Receive the user management The authentication response message that system is sent, the user's mark and user type of the user are carried in the authentication response message, The user type is in all user types that the Subscriber Management System is sent in advance from the operation system, is determined User type corresponding to user's mark.

A kind of user management device, described device include:

Receiving module, the authentication business system for receiving operation system transmission access label ServiceTick requests, institute State in certification ServiceTick requests and carry ServiceTick information corresponding to the operation system;

Authentication module, for being authenticated to the ServiceTick information, and to the ServiceTick information Certification by when, carried to the operation system return authentication response message, in the authentication response message user's mark and User type, the user are identified as user corresponding to the ServiceTick information and identified, and the user type is from described In all user types that operation system is sent in advance, user type corresponding to the user that determines mark;Wherein, it is described Operation system operating right according to corresponding to the user type, it is determined that identifying the business that the user represented sends to the user The response results of access request.

A kind of user management device, described device include:

Determining module, label ServiceTick requests, institute are accessed for sending authentication business system to Subscriber Management System State in certification ServiceTick requests and carry ServiceTick information corresponding to operation system;Receive the Subscriber Management System The authentication response message of transmission, the user's mark and user type of the user are carried in the authentication response message, it is described User type is that determines is described in all user types that the Subscriber Management System is sent in advance from the operation system User type corresponding to user's mark;

Receiving module, asked for receiving the Operational Visit that user is sent by browser;

Respond module, for according to operating right, it is determined that the response results asked the Operational Visit that the user sends, The operating right is the user type received according to the determining module, the corresponding operating right determined.

A kind of Union user management system, the system include Subscriber Management System and at least one operation system, wherein:

The operation system, label is accessed for sending authentication business system to the Subscriber Management System ServiceTick is asked, and carrying ServiceTick corresponding to the operation system in the certification ServiceTick requests believes Breath;The operating right according to corresponding to the user type received, it is determined that identifying what the user represented sent to the user received The response results of Operational Visit request;

The Subscriber Management System, for being authenticated to the ServiceTick information, and to described ServiceTick authentification of messages by when, disappear to the operation system return authentication response for sending the ServiceTick information Cease, user's mark and user type are carried in the authentication response message, the user is identified as the ServiceTick letters User corresponding to breath identifies, and the user type is industry of the Subscriber Management System from the transmission ServiceTick information In all user types that business system is sent in advance, user type corresponding to the user that determines mark.

The scheme provided according to embodiments of the present invention, operation system can send itself configuration to Subscriber Management System in advance All user types, a user type corresponds to a kind of operating right to the operation system.Subscriber Management System exists To the ServiceTick authentification of messages that operation system is sent by when, it is corresponding to return to the ServiceTick information to operation system User's mark, and user mark is in user type corresponding to the operation system so that operation system can be according to connecing The user type received, it is determined that the user received identifies the user represented to the operating right of itself.

Therefore, operation system can be used when receiving the Operational Visit request of user's transmission every time without repeating inquiry Family management system, you can with the operating right corresponding to the user type according to corresponding to the user, to the Operational Visit of the user Request carries out validity judgement, reduces inquiry times of the operation system to Subscriber Management System.Further, since operation system is All user types of itself configuration are transmitted to Subscriber Management System, you can disposably to pass the operating right of all users Pass Subscriber Management System so that Subscriber Management System inquires about the operating right of the user, also respectively without being directed to each user Reduce inquiry times of the Subscriber Management System to operation system.Due to inquiry times between Subscriber Management System and operation system Reduction, the security of user data can be improved, and effectively reduce the occupancy of system resource.And due to operation system according to Family type can determine that user need not carry out user in operating right corresponding to itself, Subscriber Management System to each operation system Data syn-chronization, the problem of user data in each operation system and Subscriber Management System can also be avoided inconsistent.

Brief description of the drawings

Fig. 1 is the step flow chart for the user management method that the embodiment of the present invention one provides;

Fig. 2 is the structural representation for the user management device that the embodiment of the present invention two provides;

Fig. 3 is the step flow chart for the user management method that the embodiment of the present invention three provides;

Fig. 4 is the structural representation for the user management device that the embodiment of the present invention four provides;

Fig. 5 is the schematic flow sheet for the user data configuration that the embodiment of the present invention five provides;

Fig. 6 is the step flow chart for the user management method that the embodiment of the present invention five provides;

Fig. 7 is the structural representation for the Subscriber Management System that the embodiment of the present invention six provides;

Fig. 8 is the structural representation for the Subscriber Management System that the embodiment of the present invention six provides.

Embodiment

In the scheme that various embodiments of the present invention provide, it can be configured in operation system corresponding with different operation authority The user type full dose of itself configuration can be synchronized to Subscriber Management System by multiple user types, operation system.User management System is fed back in the operation system to operation system, the user type of user so that operation system can be according to user type The operating right of user is determined, so as to realize the validity judgement of the Operational Visit request to user.

The preferred embodiments of the present invention are illustrated below in conjunction with Figure of description, it will be appreciated that described herein Preferred embodiment is merely to illustrate and explain the present invention, and is not intended to limit the present invention.And in the case where not conflicting, this Shen Please in embodiment and embodiment in feature can be mutually combined.

Embodiment one,

The embodiment of the present invention one provides a kind of user management method, from Subscriber Management System side to user provided by the invention Management method illustrates, the step flow of this method can with as shown in figure 1, including:

Step 101, Subscriber Management System receive authentication business system and access label(ServiceTick)Request.

In the present embodiment, Subscriber Management System can be to the user type of operation system feedback user so that business system System can determine the operating right of user according to the user type of user.Specifically, Subscriber Management System can be to certification The user type of user is carried in the authentication response message of ServiceTick requests.

Therefore, in this step, Subscriber Management System can receive the certification ServiceTick that operation system is sent and ask Ask, ServiceTick information corresponding to the operation system is carried in the certification ServiceTick requests.

Step 102, Subscriber Management System return authentication response message.

Subscriber Management System is authenticated to the ServiceTick information, to the ServiceTick authentification of messages By when, user's mark and user are carried to the operation system return authentication response message, in the authentication response message Type, the user are identified as user corresponding to the ServiceTick information and identified, and the user type is user's pipe In all user types that reason system is sent in advance from the operation system, user class corresponding to the user that determines mark Type.So that will be in the operation system, user type corresponding to user's mark feeds back to the operation system.

Certainly, in the present embodiment, multiple user class corresponding with operating right can be configured in operation system in advance The advance full dose of each user type of itself configuration can be synchronized to Subscriber Management System by type, operation system.Therefore, equivalent to Operating right corresponding to all users can disposably be passed to Subscriber Management System by operation system, greatly reduce user's pipe Reason system inquires about the number of user's operating right to operation system.

For example, it is assumed that being configured with three user types in operation system in advance, used respectively with the first user type, second Family type and the 3rd user type represent that the first user type, second user type and the 3rd user type are in the operation system In corresponding operating right be respectively the first operating right, the second operating right and the 3rd operating right.

The operation system can be synchronous by the first user type, second user type and the advance full dose of the 3rd user type To Subscriber Management System.

When Subscriber Management System passes through to ServiceTick authentification of messages, it is possible to by the ServiceTick information pair The user's mark answered, and the user identify the user represented in the operation system, and corresponding user type is sent to institute State operation system.

Certainly, in Subscriber Management System, user has been pre-configured with it(User identifies)With being used in the operation system The corresponding relation of family type.

Further, before step 101, Subscriber Management System can also be to temporary text files(Cookie)Information is entered Before step 101 row checking, i.e., can further include following steps:

Step 101 ', Subscriber Management System receive certification Cookie request.

Subscriber Management System can also be authenticated to cookie information, to realize single-sign-on.In this step, user Management system can receive the certification Cookie that user is sent by browser and ask, and be carried in the certification Cookie requests Cookie information.

Step 101 ", Subscriber Management System certification cookie information.

In this step, Subscriber Management System is authenticated to cookie information, so that it is determined that carrying out the use of single-sign-on Whether family had logged in.

The Subscriber Management System is it is determined that user account information corresponding to the cookie information is not present or described When user account information is invalid corresponding to cookie information, it is determined that the user for carrying out single-sign-on did not logged in, can be to institute State browser and return to login page, ask the user to input user account information.

The Subscriber Management System is when it is determined that user account information corresponding to the cookie information is effective, it is determined that carrying out The user of single-sign-on had logged in, and can be that the operation system distributes ServiceTick information, and to the browser Return to the ServiceTick information and the cookie information(Now, the ServiceTick information i.e. with it is described Cookie information establishes corresponding relation, that is, establishes ServiceTick information use corresponding with the cookie information Family accounts information(In user mark)Corresponding relation), wherein, the browser carries the ServiceTick information weight It is directed to the operation system.So that operation system can send certification ServiceTick requests to Subscriber Management System.

Same inventive concept is based on the embodiment of the present invention one, there is provided following user management device.

Embodiment two,

The embodiment of the present invention two provides a kind of user management device, and the user management device can be integrated in embodiment one and relate to And Subscriber Management System in, the structure of the device can with as shown in Fig. 2 including:

The authentication business system that receiving module 11 is used to receive operation system transmission accesses label ServiceTick requests, ServiceTick information corresponding to the operation system is carried in the certification ServiceTick requests;

Authentication module 12 is used to be authenticated the ServiceTick information, and to the ServiceTick information Certification by when, carried to the operation system return authentication response message, in the authentication response message user's mark and User type, the user are identified as user corresponding to the ServiceTick information and identified, and the user type is from described In all user types that operation system is sent in advance, user type corresponding to the user that determines mark;Wherein, it is described Operation system operating right according to corresponding to the user type, it is determined that identifying the business that the user represented sends to the user The response results of access request.

The receiving module 11 is additionally operable to the certification temporary text files Cookie that reception user is sent by browser please Ask, cookie information is carried in the certification Cookie requests;

The authentication module 12 is additionally operable to it is determined that user account information corresponding to the cookie information is not present or institute When stating that user account information is invalid corresponding to cookie information, login page is returned to the browser, asks the user defeated Access customer accounts information;When it is determined that user account information corresponding to the cookie information is effective, for the operation system point The ServiceTick information and the cookie information are returned with the ServiceTick information, and to the browser, Wherein, the browser carries the ServiceTick information and is redirected to the operation system.

Embodiment three,

The embodiment of the present invention three provides a kind of user management method, from business system side to user management provided by the invention Method illustrates, the step flow of this method can with as shown in figure 3, including:

Step 201, operation system receive Operational Visit request.

Operation system, can be according to the user type being previously received, to determine user during to user management Operational Visit request legitimacy., should to Subscriber Management System inquiry during without receiving Operational Visit request every time The operating right of user, so as to reduce the inquiry times to Subscriber Management System.

In this step, operation system receives the Operational Visit that user is sent by browser and asked.

Step 202, operation system determine response results.

In this step, operation system can be according to the operating right corresponding to the user type of user, it is determined that to the use The response results of the Operational Visit request at family.

Specifically, in this step, the operation system is according to operating right, it is determined that visiting the business that the user sends The response results of request are asked, the operating right is operation system user class according to corresponding to the predetermined user Type, the corresponding operating right determined.

Wherein, the user type determines in the following manner:

The operation system sends authentication business system to Subscriber Management System and accesses label ServiceTick requests, institute State in certification ServiceTick requests and carry ServiceTick information corresponding to the operation system;Receive the user management The authentication response message that system is sent, the user's mark and user type of the user are carried in the authentication response message, The user type is in all user types that the Subscriber Management System is sent in advance from the operation system, is determined User type corresponding to user's mark.

Specifically, the operation system sends authentication business system to Subscriber Management System accesses label ServiceTick Before request, the operation system receives the operation system access request that the user is sent by browser;

Then, the operation system sends authentication business system to Subscriber Management System and accesses label ServiceTick requests, Specifically include:

The operation system judges whether carry ServiceTick information in the operation system access request:

When it is determined that carrying ServiceTick information in the operation system access request, determine Subscriber Management System User described in warp-wise has signed and issued the bill of the access operation system, can send certification to Subscriber Management System ServiceTick is asked;

When it is determined that not carrying ServiceTick information in the operation system access request, user management system is determined System does not sign and issue the bill for accessing the operation system to the user, can be redirected to the browser;Wherein, it is described clear Device of looking at sends certification temporary text files Cookie requests to the Subscriber Management System, is carried in the certification Cookie requests Cookie information;The Subscriber Management System is it is determined that user account information corresponding to the cookie information is not present or described When user account information is invalid corresponding to cookie information, login page is returned to the browser, asks the user to input User account information;The Subscriber Management System is when it is determined that user account information corresponding to the cookie information is effective The operation system distributes the ServiceTick information, and returns to the ServiceTick information and institute to the browser Cookie information is stated, the browser carries the ServiceTick information and is redirected to the operation system.

Same inventive concept is based on the embodiment of the present invention three, there is provided following user management device.

Example IV,

The embodiment of the present invention four provides a kind of user management device, and the user management device can be integrated in embodiment one and relate to And operation system in, the structure of the device can with as shown in figure 4, including:

Determining module 21 is used to send the access label ServiceTick requests of authentication business system to Subscriber Management System, ServiceTick information corresponding to operation system is carried in the certification ServiceTick requests;Receive the user management system Unite the authentication response message sent, the user's mark and user type of the user, institute are carried in the authentication response message It is the institute determined in all user types that the Subscriber Management System is sent in advance from the operation system to state user type State user type corresponding to user's mark;

Receiving module 22 is used to receive the Operational Visit request that user is sent by browser;

Respond module 23 is used for according to operating right, it is determined that the response knot asked the Operational Visit that the user sends Fruit, the operating right are the user types received according to the determining module, the corresponding operating right determined.

The receiving module 22 is additionally operable to receive the operation system access request that the user is sent by browser;

The determining module 21 is specifically used for judging whether carry ServiceTick letters in the operation system access request Breath:

When it is determined that carrying ServiceTick information in the operation system access request, sent to Subscriber Management System Certification ServiceTick is asked;

When it is determined that not carrying ServiceTick information in the operation system access request, it is redirected to described clear Look at device;Wherein, the browser sends certification temporary text files Cookie requests, the certification to the Subscriber Management System Cookie information is carried in Cookie requests;The Subscriber Management System is it is determined that user account corresponding to the cookie information Information be not present or the cookie information corresponding to user account information it is invalid when, to the browser return login page, The user is asked to input user account information;The Subscriber Management System is it is determined that user's account corresponding to the cookie information When family information is effective, the ServiceTick information is distributed for the operation system, and to described in browser return ServiceTick information and the cookie information, the browser carrying ServiceTick information are redirected to described Operation system.

The scheme of the embodiment of the present invention one~tetra- is illustrated below by a specific example.

Embodiment five,

The embodiment of the present invention five provides a kind of user management method, and in implementation process, the flow of user data configuration can With as shown in figure 5, including:

The first step, system manager configure user type in operation system.

Each user type corresponds to a kind of operating right.

In Figure 5, illustrated by taking an operation system as an example.Operation for each operation system is identical.

Second step, operation system synchronization user type to Subscriber Management System.

After good user type corresponding with various operating rights is configured in operation system, operation system can match somebody with somebody itself All user type full doses put are synchronized to Subscriber Management System.

3rd step, Subscriber Management System binding information.

In this step, Subscriber Management System can be by user type corresponding to each operation system, with the operation system Log-on message is bound, so as to establish the corresponding relation of operation system and user type.If an operation system is not managed in user Registered in reason system, then Bind Failed.

4th step, Subscriber Management System feedback binding result.

Subscriber Management System is by user type corresponding to an operation system, the log-on message binding with the operation system Afterwards, binding success information can be fed back to the operation system.Certainly, if Bind Failed, that is, determining that the operation system is not noted Volume, Bind Failed information can be fed back to the operation system.

5th step, system manager create user.

Each operation system is directed in Subscriber Management System, establishes the operation system, user class corresponding with the operation system After the corresponding relation of type, you can to create user.

In this step, system manager can create user by Subscriber Management System, be selected for the user available Operation system, and each available operation system is directed to, distribute the user type of the user.

Certainly, Subscriber Management System can preserve the relevant information of the user of system manager's establishment.

After user data configuration is carried out in advance, you can to realize user management.Specifically, in the present embodiment, use The step flow of family management method can with as shown in fig. 6, including:

Step 301, user send operation system access request by browser.

Step 302, operation system are judged in operation system access request, if carry ServiceTick information.

If operation system determines to carry ServiceTick information in operation system access request, execution can be redirected Step 309, otherwise, step 303 can be continued executing with.

Step 303, operation system are redirected to browser.

Step 304, browser are redirected to Subscriber Management System, carry cookie information.

Step 305, Subscriber Management System certification cookie information.

Subscriber Management System is it is determined that user account information corresponding to the cookie information is not present or the Cookie When user account information is invalid corresponding to information, step 306 is performed;The Subscriber Management System is it is determined that the cookie information When corresponding user account information is effective, step 307 is performed.

Step 306, Subscriber Management System return to login page to the browser.

In this step, Subscriber Management System returns to login page to the browser, asks the user to input user Accounts information.

Step 307, Subscriber Management System returns to the ServiceTick information to the browser and the Cookie believes Breath.

Subscriber Management System is that the operation system distributes the ServiceTick information, and is returned to the browser The ServiceTick information and the cookie information.

Step 308, the browser are redirected to the operation system.

In this step, the browser carries the ServiceTick information and is redirected to the operation system.

Step 309, operation system send certification ServiceTick requests to Subscriber Management System.

In the certification ServiceTick requests, the ServiceTick information is carried.

Step 310, Subscriber Management System return authentication response message.

If Subscriber Management System is to the ServiceTick authentification of messages by returning and recognizing to the operation system Response message is demonstrate,proved, user's mark of the user is carried in the authentication response message(Such as, user name)And in the business In system, user type corresponding to user's mark.

Step 311, operation system batch operation authority.

Operation system can be according to the user type received, the user type and pair of operating right that are configured according to itself It should be related to, determine the user in operating right corresponding to itself.

Step 312, operation system are redirected to browser.

Operation system be user's batch operation authority after, raw requests address can be redirected to.

Mainly single-sign-on process is illustrated for step 301~step 312.After step 312, operation system can The Operational Visit sent with receiving user by browser is asked, and the operating right of the user determined according to step 311, It is determined that to each Operational Visit request response results, without every time receive Operational Visit request when, to user management System repeats to inquire about the operating right of user.

Further, the embodiment of the present invention six provides a kind of Union user management system.

Embodiment six,

The embodiment of the present invention six provides a kind of Union user management system, the structure of the system can with as shown in fig. 7, comprises Subscriber Management System 31(The Subscriber Management System being related to equivalent to embodiment one~five)With at least one operation system 32(Quite In the operation system that embodiment one~five is related to), i.e. it can include multiple operation systems in a Union user management system, its In:

The operation system 32 is used to send authentication business system access label to the Subscriber Management System ServiceTick is asked, and carrying ServiceTick corresponding to the operation system in the certification ServiceTick requests believes Breath;The operating right according to corresponding to the user type received, it is determined that identifying what the user represented sent to the user received The response results of Operational Visit request;

The Subscriber Management System 31 is used to be authenticated the ServiceTick information, and to described ServiceTick authentification of messages by when, disappear to the operation system return authentication response for sending the ServiceTick information Cease, user's mark and user type are carried in the authentication response message, the user is identified as the ServiceTick letters User corresponding to breath identifies, and the user type is industry of the Subscriber Management System from the transmission ServiceTick information In all user types that business system is sent in advance, user type corresponding to the user that determines mark.

Certainly, in the present embodiment, further Module Division can be carried out to Subscriber Management System.For example, such as Fig. 8 institutes Show, Subscriber Management System can be divided into registration management module, user type management module, user management module and single-point and stepped on Authentication module is recorded, wherein:

Registration management module, it can be understood as realizing registration of each operation system in Subscriber Management System.Receiving To operation system registration request when, if the log-on message of operation system is legal, can preserve operation system pertinent registration letter Breath.

User type management module, it can be understood as preserving each operation system, user corresponding with the operation system The corresponding relation of type, realize the binding of user type and log-on message.

User management module, it can be understood as system manager's login user management system, create user, configuration is used Operation system workable for family accounts information, user and the user type of user and preservation.

Single sign-on authentication module, it can be understood as when user is by browser access operation system, realizing system One user authentication.

Similar, further Module Division can also be carried out to operation system.For example, as shown in figure 8, can be by business system System is divided into authentication registration module, user type configuration module, business function and realizes module and login authentication module, wherein:

Authentication registration module, it can be understood as initiating authentication registration flow to Subscriber Management System.In log-on message It can include:The unique mark of operation system(Single Identifation, SID), user's access service system entrance system One URLs(Uniform Resource Locator, URL)Address.

User type configuration module, it can be understood as the user type for system manager's configuration service system.And can With the various user types synchronously configured to Subscriber Management System.

Business function module, it can be understood as realizing the miscellaneous service function of operation system.

Login authentication module, it can be understood as realizing single-sign-on.

In fig. 8, by taking an operation system as an example, show each module of operation system and each module of Subscriber Management System it Between annexation.Certainly, when Union user management system includes multiple operation systems, each operation system and user management Annexation between system is similar, is not repeated.

The scheme provided according to various embodiments of the present invention, realizes user in multiservice system by the transmission of user type Operating right control.The user type full dose that itself is configured is synchronized to Subscriber Management System, system administration by each operation system Member Subscriber Management System carry out user establishment, distributing user each operation system user type(That is operating right).Work as industry For business system to during Subscriber Management System initiation certification ServiceTick requests, operation system can be anti-according to Subscriber Management System The authentication response message of feedback, the user type of user is determined, and the operating right pipe of user is realized according to the user type of user Reason.

Compare prior art, and in the present invention program, user type is by operation system only full dose transmission primaries, only business When the user type configured in system changes, just need to transmit again.Reduce Subscriber Management System to look into operation system Ask the number of the operating right of each user.During single-sign-on, Subscriber Management System is disposable by the operating right of user Operation system is transferred to, each operation of user is directed to without operation system, repeats to inquire about Subscriber Management System, you can with basis The operating right disposably received, the validity judgement of user's operation is carried out, reduces operation system to Subscriber Management System Inquiry times.Thus, the present invention program reduces the interaction times between operation system and Subscriber Management System, improves use The security of user data.

Meanwhile in the present invention program, system manager can realize the unification to user data by Subscriber Management System Management operation, without carrying out the configuration management of user data in operation system, reduces the inconsistent risk of user data.

It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer program Product.Therefore, the application can use the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware Apply the form of example.Moreover, the application can use the computer for wherein including computer usable program code in one or more Usable storage medium(Including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)The computer program production of upper implementation The form of product.

The application is with reference to method, the equipment according to the embodiment of the present application(System)And the flow of computer program product Figure and/or block diagram describe.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided The processors of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.

These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or The function of being specified in multiple square frames.

These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in individual square frame or multiple square frames.

Although having been described for the preferred embodiment of the application, those skilled in the art once know basic creation Property concept, then can make other change and modification to these embodiments.So appended claims be intended to be construed to include it is excellent Select embodiment and fall into having altered and changing for the application scope.

Obviously, those skilled in the art can carry out the essence of various changes and modification without departing from the application to the application God and scope.So, if these modifications and variations of the application belong to the scope of the application claim and its equivalent technologies Within, then the application is also intended to comprising including these changes and modification.

Claims (9)

1. a kind of user management method, it is characterised in that methods described includes:
Subscriber Management System receives the authentication business system that operation system is sent and accesses label ServiceTick requests, described to recognize ServiceTick information corresponding to the operation system is carried in card ServiceTick requests;
The Subscriber Management System is authenticated to the ServiceTick information, and is recognized to the ServiceTick information When card passes through, to the operation system return authentication response message, user's mark is carried in the authentication response message and is used Family type, the user are identified as user corresponding to the ServiceTick information and identified, and the user type is the user In all user types that management system is sent in advance from the operation system, user corresponding to the user that determines mark Type;
Wherein, operation system operating right according to corresponding to the user type, it is determined that identifying what is represented to the user The response results for the Operational Visit request that user sends.
2. the method as described in claim 1, it is characterised in that Subscriber Management System receives the authentication business that operation system is sent Before system accesses label ServiceTick request, methods described also includes:
The Subscriber Management System receives the certification temporary text files Cookie that user is sent by browser and asked, described to recognize Cookie information is carried in card Cookie requests;
The Subscriber Management System is it is determined that user account information corresponding to the cookie information is not present or the Cookie When user account information is invalid corresponding to information, login page is returned to the browser, asks the user to input user's account Family information;The Subscriber Management System is the industry when it is determined that user account information corresponding to the cookie information is effective Business system distributes the ServiceTick information, and returns to the ServiceTick information and described to the browser Cookie information, wherein, the browser carries the ServiceTick information and is redirected to the operation system.
3. a kind of user management method, it is characterised in that methods described includes:
Operation system receives the Operational Visit that user is sent by browser and asked;
The operation system is according to operating right, it is determined that the response results asked the Operational Visit that the user sends, described Operating right is operation system user type according to corresponding to the predetermined user, the corresponding operation determined Authority;
Wherein, the user type determines in the following manner:
The operation system sends authentication business system to Subscriber Management System and accesses label ServiceTick requests, described to recognize ServiceTick information corresponding to the operation system is carried in card ServiceTick requests;Receive the Subscriber Management System The authentication response message of transmission, the user's mark and user type of the user are carried in the authentication response message, it is described User type is that determines is described in all user types that the Subscriber Management System is sent in advance from the operation system User type corresponding to user's mark.
4. method as claimed in claim 3, it is characterised in that the operation system sends authentication business to Subscriber Management System Before system accesses label ServiceTick requests, methods described also includes:
The operation system receives the operation system access request that the user is sent by browser;
Then, the operation system sends authentication business system to Subscriber Management System and accesses label ServiceTick requests, specifically Including:
The operation system judges whether carry ServiceTick information in the operation system access request:
When it is determined that carrying ServiceTick information in the operation system access request, certification is sent to Subscriber Management System ServiceTick is asked;
When it is determined that not carrying ServiceTick information in the operation system access request, the browser is redirected to; Wherein, the browser sends certification temporary text files Cookie requests, the certification to the Subscriber Management System Cookie information is carried in Cookie requests;The Subscriber Management System is it is determined that user account corresponding to the cookie information Information be not present or the cookie information corresponding to user account information it is invalid when, to the browser return login page, The user is asked to input user account information;The Subscriber Management System is it is determined that user's account corresponding to the cookie information When family information is effective, the ServiceTick information is distributed for the operation system, and to described in browser return ServiceTick information and the cookie information, the browser carrying ServiceTick information are redirected to described Operation system.
5. a kind of user management device, it is characterised in that described device includes:
Receiving module, the authentication business system for receiving operation system transmission accesses label ServiceTick requests, described to recognize ServiceTick information corresponding to the operation system is carried in card ServiceTick requests;
Authentication module, for being authenticated to the ServiceTick information, and to the ServiceTick authentification of messages By when, user's mark and user are carried to the operation system return authentication response message, in the authentication response message Type, the user are identified as user corresponding to the ServiceTick information and identified, and the user type is from the business In all user types that system is sent in advance, user type corresponding to the user that determines mark;Wherein, the business System operating right according to corresponding to the user type, it is determined that identifying the Operational Visit that the user represented sends to the user The response results of request.
6. device as claimed in claim 5, it is characterised in that the receiving module, be additionally operable to reception user and pass through browser The certification temporary text files Cookie requests of transmission, cookie information is carried in the certification Cookie requests;
The authentication module, it is additionally operable to it is determined that user account information corresponding to the cookie information is not present or described When user account information is invalid corresponding to cookie information, login page is returned to the browser, asks the user to input User account information;When it is determined that user account information corresponding to the cookie information is effective, distributed for the operation system The ServiceTick information, and the ServiceTick information and the cookie information are returned to the browser, its In, the browser carries the ServiceTick information and is redirected to the operation system.
7. a kind of user management device, it is characterised in that described device includes:
Determining module, label ServiceTick requests are accessed for sending authentication business system to Subscriber Management System, it is described to recognize Demonstrate,prove in ServiceTick requests and carry ServiceTick information corresponding to operation system;The Subscriber Management System is received to send Authentication response message, the user's mark and user type of the user, the user are carried in the authentication response message Type is the user determined in all user types that the Subscriber Management System is sent in advance from the operation system User type corresponding to mark;
Receiving module, asked for receiving the Operational Visit that user is sent by browser;
Respond module, for according to operating right, it is determined that the response results asked the Operational Visit that the user sends, described Operating right is the user type received according to the determining module, the corresponding operating right determined.
8. device as claimed in claim 7, it is characterised in that the receiving module, be additionally operable to receive the user pass through it is clear The operation system access request that device of looking at is sent;
The determining module, specifically for judging whether carry ServiceTick information in the operation system access request:
When it is determined that carrying ServiceTick information in the operation system access request, certification is sent to Subscriber Management System ServiceTick is asked;
When it is determined that not carrying ServiceTick information in the operation system access request, the browser is redirected to; Wherein, the browser sends certification temporary text files Cookie requests, the certification to the Subscriber Management System Cookie information is carried in Cookie requests;The Subscriber Management System is it is determined that user account corresponding to the cookie information Information be not present or the cookie information corresponding to user account information it is invalid when, to the browser return login page, The user is asked to input user account information;The Subscriber Management System is it is determined that user's account corresponding to the cookie information When family information is effective, the ServiceTick information is distributed for the operation system, and to described in browser return ServiceTick information and the cookie information, the browser carrying ServiceTick information are redirected to described Operation system.
9. a kind of Union user management system, it is characterised in that the system includes Subscriber Management System and at least one business System, wherein:
The operation system, please for sending authentication business system access label ServiceTick to the Subscriber Management System Ask, ServiceTick information corresponding to the operation system is carried in the certification ServiceTick requests;According to receiving User type corresponding to operating right, it is determined that identifying what the Operational Visit that the user represented sends was asked to the user that receives Response results;
The Subscriber Management System, for being authenticated to the ServiceTick information, and to the ServiceTick Authentification of message by when, to the operation system return authentication response message for sending the ServiceTick information, the certification rings Carrying user mark and user type, the user in message is answered to be identified as user corresponding to the ServiceTick information Mark, the user type are that the Subscriber Management System is sent out in advance from the operation system for sending the ServiceTick information In all user types sent, user type corresponding to the user that determines mark.
CN201310085024.7A 2013-03-18 2013-03-18 A kind of user management method, device and Union user management system CN104065612B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310085024.7A CN104065612B (en) 2013-03-18 2013-03-18 A kind of user management method, device and Union user management system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310085024.7A CN104065612B (en) 2013-03-18 2013-03-18 A kind of user management method, device and Union user management system

Publications (2)

Publication Number Publication Date
CN104065612A CN104065612A (en) 2014-09-24
CN104065612B true CN104065612B (en) 2017-11-14

Family

ID=51553145

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310085024.7A CN104065612B (en) 2013-03-18 2013-03-18 A kind of user management method, device and Union user management system

Country Status (1)

Country Link
CN (1) CN104065612B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007310512A (en) * 2006-05-16 2007-11-29 Mitsubishi Electric Corp Communication system, service providing server, and user authentication server
CN101477596A (en) * 2009-02-02 2009-07-08 中国网络通信集团公司 Medical data center system
CN101588241A (en) * 2008-05-20 2009-11-25 中兴通讯股份有限公司 Web network single login system and Web network single login method
CN102420836A (en) * 2012-01-12 2012-04-18 中国电子科技集团公司第十五研究所 Sign-on method and sign-on management system for service information system
CN102469075A (en) * 2010-11-09 2012-05-23 中科正阳信息安全技术有限公司 Integration authentication method based on WEB single sign on
CN102946603A (en) * 2012-10-31 2013-02-27 重庆市电力公司 Uniform identity authentication method based on social characteristics in power cloud system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007310512A (en) * 2006-05-16 2007-11-29 Mitsubishi Electric Corp Communication system, service providing server, and user authentication server
CN101588241A (en) * 2008-05-20 2009-11-25 中兴通讯股份有限公司 Web network single login system and Web network single login method
CN101477596A (en) * 2009-02-02 2009-07-08 中国网络通信集团公司 Medical data center system
CN102469075A (en) * 2010-11-09 2012-05-23 中科正阳信息安全技术有限公司 Integration authentication method based on WEB single sign on
CN102420836A (en) * 2012-01-12 2012-04-18 中国电子科技集团公司第十五研究所 Sign-on method and sign-on management system for service information system
CN102946603A (en) * 2012-10-31 2013-02-27 重庆市电力公司 Uniform identity authentication method based on social characteristics in power cloud system

Also Published As

Publication number Publication date
CN104065612A (en) 2014-09-24

Similar Documents

Publication Publication Date Title
US10447684B2 (en) Hosted application sandbox model
US9787664B1 (en) Methods systems and articles of manufacture for implementing user access to remote resources
JP2020064668A (en) Network connection automation
EP3047626B1 (en) Multiple resource servers with single, flexible, pluggable oauth server and oauth-protected restful oauth consent management service, and mobile application single sign on oauth service
US9210160B2 (en) Establishing and maintaining an improved single sign-on (SSO) facility
CN103428696B (en) Virtual SIM card achieving method and system and relevant device
US20140325621A1 (en) Implementing single sign-on across a heterogeneous collection of client/server and web-based applications
ES2601009T3 (en) Procedures for authorizing access to protected content
US8528066B2 (en) Methods and apparatus for enabling context sharing
US8819253B2 (en) Network message generation for automated authentication
JP5567011B2 (en) Method and service integration platform system for providing Internet services
US7484012B2 (en) User enrollment in an e-community
EP1654852B1 (en) System and method for authenticating clients in a client-server environment
US8527615B2 (en) Apparatus and method for determining a program neighborhood for a client node in a client-server network
US7356694B2 (en) Security session authentication system and method
EP2705642B1 (en) System and method for providing access credentials
US20130179509A1 (en) Identifying guests in web meetings
CN101399813B (en) Identity combination method
US5586260A (en) Method and apparatus for authenticating a client to a server in computer systems which support different security mechanisms
US20160248757A1 (en) Method and apparatus for multi-domain authentication
CN103795692B (en) Open authorization method, system and certification authority server
US7353282B2 (en) Methods and systems for sharing a network resource with a user without current access
CN103220259B (en) The use of Oauth API, call method, equipment and system
CN103188207B (en) A kind of cross-domain single sign-on realization method and system
KR100534816B1 (en) Methods and devices for creating interactive hypermedia

Legal Events

Date Code Title Description
PB01 Publication
C06 Publication
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination
GR01 Patent grant
GR01 Patent grant