CN105243319B - The access method of controlling security of XBRL application platforms - Google Patents

The access method of controlling security of XBRL application platforms Download PDF

Info

Publication number
CN105243319B
CN105243319B CN201510615509.1A CN201510615509A CN105243319B CN 105243319 B CN105243319 B CN 105243319B CN 201510615509 A CN201510615509 A CN 201510615509A CN 105243319 B CN105243319 B CN 105243319B
Authority
CN
China
Prior art keywords
access
platform
data
sub
interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510615509.1A
Other languages
Chinese (zh)
Other versions
CN105243319A (en
Inventor
李波
许岩龙
刘�东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Changhong Electric Co Ltd
Original Assignee
Sichuan Changhong Electric Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Changhong Electric Co Ltd filed Critical Sichuan Changhong Electric Co Ltd
Priority to CN201510615509.1A priority Critical patent/CN105243319B/en
Publication of CN105243319A publication Critical patent/CN105243319A/en
Application granted granted Critical
Publication of CN105243319B publication Critical patent/CN105243319B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to Access Control Technique, in order to solve the problems, such as existing XBRL application platforms sub-platform access authentication and management in occur it is cumbersome, easily cause disabled user access, control of authority is not tight and server load is overweight.The present invention provides a kind of access method of controlling security of XBRL application platforms, and this method comprises the following steps:First, access security control management database and access log management relational data table are established, and security control MONGODB data sets are accessed according to connection security management Database;Then, the access request and business of sub-platform are authenticated according to access security control management database, access log management relational data table and access security control MONGDOB data sets, if authentication passes through, allows sub-platform to access corresponding interface.The present invention is applied to the Access Control of XBRL application platforms.

Description

The access method of controlling security of XBRL application platforms
Technical field
The present invention relates to the access method of controlling security of Access Control Technique, more particularly to XBRL application platforms.
Background technology
XBRL Extensible Business Reporting Languages are based on internet, cross-platform operation, dedicated for financial report establishment, are draped over one's shoulders The computer language for revealing and using.When working out criteria for classification and instance document, a large amount of cumbersome manual processing work make for enterprise It is extremely complex to obtain financial staff's work.XBRL application platforms realize criteria for classification and instance document by powerful computer technology Automatically generate, with the continuous expansion of sub-platform, the problem of more and more occur in platform access authentication and management:
1st, sub-platform access configuration lacks interface configurations mode, cumbersome, it is necessary to change substantial amounts of configuration file, configures Completing the needs service of restarting can just come into force;
2nd, the sub-platform of access gradually increases, and very big challenge is brought to sub-platform access-in management;
Lack security mechanism when the 3rd, accessing, easily cause disabled user's access, very big potential safety hazard is brought to platform;
4th, unified empowerment management is lacked, it is not tight control of authority occur, causes information leakage;
5th, sub-platform access request concurrency gradually increases, and access authentication is slower and slower, and Platform Server can't bear the heavy load;
6th, sub-platform accesses no daily record data, lacks log information monitoring and management.
The content of the invention
In view of the above-mentioned problems, the present invention provides a kind of access method of controlling security of XBRL application platforms, it is characterised in that Comprise the following steps:
Access security control management database and access log management relational data table are established, and according to access bursting tube Manage Database access security control MONGODB data sets;
According to access security control management database, access log management relational data table and access security control MONGDOB data sets authenticate to the access request and business of sub-platform, if authentication passes through, allow sub-platform to access corresponding Interface.
Specifically, the access security control management database includes standard interface information data table, sub-platform role believes Cease tables of data, sub-platform information data table, role's interface intermediate interactions table and sub-platform role's intermediate interactions table.
Specifically, the specific method of foundation access security control management database is:Will by user's pattern manipulation interface Standard interface information is put in storage according to data list structure, and sub-platform Role Information is put in storage according to data list structure, sub-platform is believed Breath is put in storage according to data list structure, and is closed in graphical user operation interface configuration interface and role relation and sub-platform with role System, data are put in storage according to tables of data interface.
Specifically, the method for foundation access security control MONGODB data sets is:Establishment is uniformly accessed into authentication information data Collect model, will access security control data storehouse data by configurable timing routine is put in storage according to data set organization, and according to Put frequency and enter line data set incremental update, access security control MONGODB data sets are established after the completion of storage.
Specifically, the specific method of foundation access log management relational data table is:Day is accessed to XBRL application platforms Will management carries out relevant database modeling, establishes access log statistic information data table, will be connect by configurable timing routine Enter daily record data according to access log statistic relevant database data list structure storage, and tables of data is carried out according to configuration frequency Incremental update, access log management relational data table is established after the completion of storage.
Specifically, authentication is carried out to the access request of sub-platform to comprise the following steps:
When platform receives request, application platform calling interface, authentication parameter is added in interface requests parameter Sign and serial number parameter;
6 access ID are obtained by serial number parameter, the key of matching is obtained from MONGDOB by this access ID, leads to Cross sign parameter value modes identical rule and obtain reduced value, by reduced value compared with sign parameter values, this time connect with verification Whether mouth request is legal.The serial number parameter includes 6 access ID, 14 timestamps and 6 sequence numbers.The sign parameters take Value mode is:Interface requests parameter character string+key value parameter.
Specifically, the concrete operations of service authentication are:Whether verification access IP address is legal, and verification access sub-platform is worked as Whether day/of that month flow has residue, and whether verification sub-platform possesses the authority of institute's access interface, and verification is by then allowing access pair Interface is answered, failure then returns to corresponding error code.Solicited message is write into Mongodb log data sets while service authentication, opened Hair timing routine is according to configuration frequency Timing Synchronization into log information relational data table.
The beneficial effects of the invention are as follows:By being uniformly accessed into security control management method, sub-platform and access right are realized The logical separation of limit, reduce the complexity of empowerment management, reduce administration overhead, and with the management frame of each information system Structure is similar, reduces management complexity.
Embodiment with reference to embodiments is described in further detail to technical scheme, should be noted Meaning, embodiment are not intended to limit the invention just for the sake of helping reader to more fully understand the technical concept of the present invention Scope of the claims.
Embodiment
Cumbersome, the appearance that the present invention occurs for existing XBRL application platforms in sub-platform access authentication and management Easily cause the problem of disabled user accesses, control of authority is not tight and server load is overweight, there is provided a kind of XBRL application platforms Method of controlling security is accessed, this method comprises the following steps:First, access security control management database and access daily record are established Administrative relationships type tables of data, and security control MONGODB data sets are accessed according to connection security management Database;Then, According to access security control management database, access log management relational data table and access security control MONGDOB data The access request and business of set pair sub-platform are authenticated, if authentication passes through, allow sub-platform to access corresponding interface.
Embodiment
Technical scheme is further described below by way of exemplary description.
1. a pair XBRL application platforms access security control carries out relevant database modeling, standard interface information data is created Among table, sub-platform Role Information tables of data, sub-platform information data table, role's interface intermediate interactions table and sub-platform role Relation table.Standard interface information is put in storage according to data list structure by user's pattern manipulation interface, by sub-platform Role Information Be put in storage according to data list structure, sub-platform information is put in storage according to data list structure, and connect in the configuration of graphical user operation interface Mouth and role relation and sub-platform and role relation, data are put in storage according to tables of data interface.Access is established after the completion of storage Security control manages database.
2. a pair XBRL application platforms access security control carries out MONGODB Database Modelings, establishment is uniformly accessed into certification letter Data set model is ceased, will access security control data storehouse data by configurable timing routine is put in storage according to data set organization, and Enter line data set incremental update according to configuration frequency, access security control MONGODB data sets are established after the completion of storage.
3. a pair XBRL application platforms access log management carries out MONGODB Database Modelings, log information is accessed by creating Data set model.Relevant database modeling is carried out to the access log management of XBRL application platforms, establishes access log statistic letter Tables of data is ceased, daily record data will be accessed according to access log statistic relevant database tables of data knot by configurable timing routine Structure is put in storage, and carries out tables of data incremental update according to configuration frequency, and access log management relationship type number is established after the completion of storage According to table.
4. pair XBRL application platforms access security control authentication functions and journal function are developed, access request is first carried out Access authentication:Whether verification business serial number form is correct, whether verification serial number is effective, whether verification parameters for authentication sign closes Method.Then service authentication is carried out:Whether verification access IP address is legal, whether the verification access sub-platform same day/of that month flow has Whether remaining, verification sub-platform possesses the authority of institute's access interface.Verification accesses corresponding interface by then allowing, and failure then returns Corresponding error code.Solicited message is write into Mongodb log data sets simultaneously, exploitation timing routine is same according to configuration frequency timing Walk in log information relational data table.
4.1 are uniformly accessed into authentication
Distributed unitedly according to rule and access ID (6) and key key (32 character strings of gained after md5 encryption), access ID Supported the use with key key.
During calling interface, application platform adds authentication parameter sign and serial number parameter (6 in interface requests parameter Position access ID+14 positions+6 sequence numbers of timestamp).Sign parameter value modes are:(interface requests parameter character string+key is worth MD5 Parameter).
When platform receives request, 6 access ID are obtained by serial number parameter, by this access ID from MONGDOB The key key of matching is obtained, passes through sign parameter value modes identical rule (i.e. MD5 (interface requests parameter character string+key Value parameter)) reduced value is obtained, it is whether legal to verify this interface requests by reduced value compared with sign parameter values.
4.2 uniform traffics authenticate
In the access information deposit Mongodb that platform completes user interface configuration, it is uniformly accessed into after authentication passes through, platform Inquired about from Mongodb whether the access platform IP address legal, whether the access platform same day/of that month limited flow rate remaining, Whether the access platform possesses authority for accessing the interface etc..
4.3 are uniformly accessed into management
Access platform and interface message are managed concentratedly using Role-based access control model, ensure the consistent of data Property.
Role-based access control model (RBAC), support three famous security doctrines:Minimum right principle, responsibility Separation principle and the data principle of abstraction.
(1) why minimum right principle is supported by RBAC, is because its role can be configured to its completion by RBAC The minimum authority set that required by task is wanted.
(2) responsibility degree principle can complete the task of sensitivity jointly and body by calling the role of separate mutual exclusion It is existing, for example require that an accounting clerk and financial management person participate in same posting altogether.
(3) data abstraction can be embodied by the abstract of authority, such as financial operations with borrow money, the abstract authority of deposit, And without the typical reading and writing of operating system offer, execution authority.But these principles must pass through the detailed of each parts of RBAC Configuration can just emerge from.

Claims (9)

  1. The access method of controlling security of 1.XBRL application platforms, it is characterised in that comprise the following steps:
    Access security control management database and access log management relational data table are established, and according to connection security management number Access security control MONGODB data sets are established according to storehouse;
    According to access security control management database, access log management relational data table and access security control MONGDOB Data set authenticates to the access request and business of sub-platform, if authentication passes through, allows sub-platform to access corresponding interface, institute Stating access security control management database includes standard interface information data table, sub-platform Role Information tables of data, sub-platform letter Cease tables of data, role's interface intermediate interactions table and sub-platform role's intermediate interactions table.
  2. 2. the access method of controlling security of XBRL application platforms as claimed in claim 1, it is characterised in that establish access safety Control management database specific method be:Standard interface information is entered according to data list structure by user's pattern manipulation interface Storehouse, sub-platform Role Information is put in storage according to data list structure, and sub-platform information is put in storage according to data list structure, and in user Pattern manipulation interface configures interface and role relation and sub-platform and role relation, and data are put in storage according to tables of data interface.
  3. 3. the access method of controlling security of XBRL application platforms as claimed in claim 1 or 2, it is characterised in that establish access The method of security control MONGODB data sets is:Establishment is uniformly accessed into authentication information data set model, by can configure timing journey Sequence will access security control data storehouse data and is put in storage according to data set organization, and enter line data set increment more according to configuration frequency Newly, access security control MONGODB data sets are established after the completion of storage.
  4. 4. the access method of controlling security of XBRL application platforms as claimed in claim 3, it is characterised in that establish access daily record The specific method of administrative relationships type tables of data is:Relevant database modeling is carried out to the access log management of XBRL application platforms, Access log statistic information data table is established, will access daily record data by configurable timing routine closes according to access log statistic It is type database data table structure storage, and tables of data incremental update is carried out according to configuration frequency, is that foundation connects after the completion of storage Enter log management relational data table.
  5. 5. the access method of controlling security of XBRL application platforms as claimed in claim 4, it is characterised in that connect to sub-platform Enter request and carry out authentication to comprise the following steps:
    When platform receives request, application platform calling interface, in interface requests parameter add authentication parameter sign and Serial number parameter;
    6 access ID are obtained by serial number parameter, the key of matching is obtained from MONGDOB by this access ID, passes through Sign parameter value modes identical rule obtains reduced value, by reduced value compared with sign parameter values, to verify this interface Whether request is legal.
  6. 6. the access method of controlling security of XBRL application platforms as claimed in claim 5, it is characterised in that the serial number ginseng Number includes 6 access ID, 14 timestamps and 6 sequence numbers.
  7. 7. the access method of controlling security of the XBRL application platforms as described in claim 5 or 6, it is characterised in that the sign Parameter value mode is:Interface requests parameter character string+key value parameter.
  8. 8. the access method of controlling security of XBRL application platforms as claimed in claim 7, it is characterised in that the tool of service authentication Gymnastics conduct:Whether verification access IP address is legal, and whether the verification access sub-platform same day/of that month flow has residue, syndrome Whether platform possesses the authority of institute's access interface, and verification accesses corresponding interface by then allowing, and failure then returns to corresponding error code.
  9. 9. the access method of controlling security of XBRL application platforms as claimed in claim 8, it is characterised in that service authentication it is same When by solicited message write Mongodb log data sets, exploitation timing routine according to configuration frequency Timing Synchronization to log information In relational data table.
CN201510615509.1A 2015-09-24 2015-09-24 The access method of controlling security of XBRL application platforms Active CN105243319B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510615509.1A CN105243319B (en) 2015-09-24 2015-09-24 The access method of controlling security of XBRL application platforms

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510615509.1A CN105243319B (en) 2015-09-24 2015-09-24 The access method of controlling security of XBRL application platforms

Publications (2)

Publication Number Publication Date
CN105243319A CN105243319A (en) 2016-01-13
CN105243319B true CN105243319B (en) 2018-04-10

Family

ID=55040963

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510615509.1A Active CN105243319B (en) 2015-09-24 2015-09-24 The access method of controlling security of XBRL application platforms

Country Status (1)

Country Link
CN (1) CN105243319B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106709354B (en) * 2016-10-24 2018-07-06 北京亚控科技发展有限公司 A kind of the safe space building method and system of configurable control integration platform

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1691034A (en) * 2004-04-26 2005-11-02 株式会社日立制作所 Trade document managing system and method
CN104572748A (en) * 2013-10-24 2015-04-29 贵州广思信息网络有限公司 Method for increasing access speed of front-end data throughput platform

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1691034A (en) * 2004-04-26 2005-11-02 株式会社日立制作所 Trade document managing system and method
CN104572748A (en) * 2013-10-24 2015-04-29 贵州广思信息网络有限公司 Method for increasing access speed of front-end data throughput platform

Also Published As

Publication number Publication date
CN105243319A (en) 2016-01-13

Similar Documents

Publication Publication Date Title
US11057353B2 (en) Systems, methods, and devices for implementing a smart contract on a distributed ledger technology platform
GB2560671B (en) Systems and methods of secure data exchange
CN110957025A (en) Medical health information safety management system
CN108573341B (en) Workflow system construction method based on alliance chain
US20180374030A1 (en) Data processing systems for calculating and communicating cost of fulfilling data subject access requests and related methods
US7698230B1 (en) Transaction architecture utilizing transaction policy statements
JP6932175B2 (en) Personal number management device, personal number management method, and personal number management program
JP2021512416A (en) Systems, methods, and devices that enable intelligent consensus, smart consensus, and weighted consensus models for distributed ledger technology in a cloud-based computing environment.
AU2018202830A1 (en) Digital Asset Platform
CN103400226A (en) Integrated tobacco industry information security, operation and maintenance application platform system
WO2015164521A1 (en) Systems and methods of secure data exchange
CN113361937B (en) Integrated quality evaluation method for electronic government system
CN102663008B (en) Government integrated business platform business library and construction method of base library
US10503817B2 (en) System and method for multi-party document revision
Mutis et al. Cloud BIM governance framework for implementation in construction firms
CN105243319B (en) The access method of controlling security of XBRL application platforms
Toapanta et al. Hyperledger technology in public organizations in Ecuador
Shen et al. Development of an integrated and comprehensive clinical trial process management system
CN113660318A (en) Block chain-based academic calendar and academic degree authentication method
CN113541959A (en) Construction project management system and method
Al-Khouri et al. A government framework to address identity, trust and security in egovernment: The case of UAE Identity management infrastructure
CN104270423A (en) Unit address book interaction method
JP7409735B1 (en) Operational design document creation device
Subramaniyan et al. The Impact of Adopting Blockchain-based Identity Access Management: Current Applications and Potential Directions
Ainsworth et al. PsyGrid: applying e-Science to epidemiology

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant