Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a signing and approving user management method and device, which are used for overcoming the defects in the prior art, improving the safety of electronic signing and approving and guaranteeing the experience of users.
Specifically, the present invention proposes the following specific examples:
the embodiment of the invention provides a signing and approving initiating user management method, which is applied to an electronic signing and approving process and comprises the following steps:
when receiving a signing request of a signing and approving initiating user, judging whether the login environment of the signing and approving initiating user is abnormal or not;
if the judgment result is yes, when the key request of the signing initiating user is received, distributing the key for the signing initiating user so that the signing initiating user encrypts the signing request based on the distributed key and then initiates a signing application.
Further, in a specific embodiment, the "distributing a key to the signing initiating user when receiving a key request of the signing initiating user" includes:
when receiving a key request of a signing and issuing user, determining the level of a signing and issuing application corresponding to the signing and issuing request;
and if the level is higher than a preset threshold value, distributing a key for the signing and approving initiating user.
Further, in a specific embodiment, the "distributing a key to the signing initiating user when receiving a key request of the signing initiating user" includes:
when receiving a key request of the signing and issuing user, determining the authority of the signing and issuing user;
and if the authority value of the authority is larger than a preset authority threshold value, distributing a key for the signing and approving initiating user.
Further, in a specific embodiment, a plurality of keys are preset, each key corresponds to an encryption level, and the higher the encryption level is, the higher the security is;
the "distributing the key for the signing initiating user when receiving the key request of the signing initiating user" includes:
when receiving the key request of the signing and issuing user, determining the authority of the signing and issuing user and the level of the signing and issuing application corresponding to the signing and issuing request
Determining an encryption level based on the permission and the level;
and selecting a corresponding key to distribute to the signing and initiating user based on the encryption level.
Further, in a specific embodiment, the login environment specifically includes a login IP;
the judging whether the login environment of the signing and approving initiating user is abnormal includes:
when receiving a signing request of a signing and signing initiating user, acquiring a login IP of the signing and signing initiating user;
determining a risk value of the login IP based on the login IP and an IP in a preset abnormal IP database;
if the risk value exceeds a preset risk threshold value, determining that the login environment is abnormal;
and if the risk value is lower than a preset risk threshold value, determining that the login environment is not abnormal.
The embodiment of the invention also provides a signing and approving initiating user management device, which is applied to the electronic signing and approving process and comprises the following steps:
the system comprises a judging module, a judging module and a judging module, wherein the judging module is used for judging whether the login environment of a signing and approving initiating user is abnormal or not when a signing and approving request of the signing and approving initiating user is received;
and the distribution module is used for distributing the key for the signing and issuing user when the judgment result is yes and the key request of the signing and issuing user is received, so that the signing and issuing user encrypts the signing and issuing request based on the distributed key and then issues signing and issuing application.
Further, in a specific embodiment, the allocating module is configured to:
when receiving a key request of a signing and issuing user, determining the level of a signing and issuing application corresponding to the signing and issuing request;
and if the level is higher than a preset threshold value, distributing a key for the signing and approving initiating user.
Further, in a specific embodiment, the allocating module is configured to:
when receiving a key request of the signing and issuing user, determining the authority of the signing and issuing user;
and if the authority value of the authority is larger than a preset authority threshold value, distributing a key for the signing and approving initiating user.
Further, in a specific embodiment, a plurality of keys are preset, each key corresponds to an encryption level, and the higher the encryption level is, the higher the security is;
the allocation module is configured to:
when receiving the key request of the signing and issuing user, determining the authority of the signing and issuing user and the level of the signing and issuing application corresponding to the signing and issuing request
Determining an encryption level based on the permission and the level;
and selecting a corresponding key to distribute to the signing and initiating user based on the encryption level.
Further, in a specific embodiment, the login environment specifically includes a login IP;
the judging module is used for:
when receiving a signing request of a signing and signing initiating user, acquiring a login IP of the signing and signing initiating user;
determining a risk value of the login IP based on the login IP and an IP in a preset abnormal IP database;
if the risk value exceeds a preset risk threshold value, determining that the login environment is abnormal;
and if the risk value is lower than a preset risk threshold value, determining that the login environment is not abnormal.
Compared with the prior art, the embodiment of the invention provides a method and equipment for managing a signing and issuing user, which are applied to an electronic signing process, wherein the method for managing the signing and issuing user comprises the following steps: when receiving a signing request of a signing and approving initiating user, judging whether the login environment of the signing and approving initiating user is abnormal or not; if the judgment result is yes, when the key request of the signing initiating user is received, distributing the key for the signing initiating user so that the signing initiating user encrypts the signing request based on the distributed key and then initiates a signing application. Therefore, by the method, the safety of the electronic signing process is improved, and the use experience of the user is guaranteed.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
Aiming at the defects in the prior art, the invention provides a method and equipment for managing a signing and issuing user, which are applied to an electronic signing and issuing process and used for improving the safety of the electronic signing and issuing process.
Specifically, the present invention proposes the following specific examples:
an embodiment 1 of the present invention provides a method for managing a user initiating a signoff, which is applied to an electronic signoff process, and as shown in fig. 1, the method includes the following steps:
step 101, when receiving a signing request of a signing initiating user, judging whether the login environment of the signing initiating user is abnormal;
and 102, if the judgment result is yes, when a key request of the signing initiating user is received, distributing a key for the signing initiating user so that the signing initiating user encrypts the signing request based on the distributed key and then initiates a signing application.
In a specific embodiment, for example, when an employee in a company wants to ask for a leave, i.e., wants to initiate a check-in application, the employee needs to initiate a flow of check-in application, and in the process, the employee serves as a check-in initiating user.
In addition to the request for approval, the approval application may have many other embodiments, such as an electronic approval for reimbursement, an electronic approval for an upgrade command, and the like, and correspondingly, the user who initiates the approval process is the approval initiating user.
The signing and approving initiating user firstly needs to log in to initiate the signing and approving process, so the signing and approving initiating user can input login information such as an account, a password and the like in a login interface, and in a specific embodiment, the environment for inputting the account and the password is a login environment. Subsequent signoff applications are also initiated in the same environment, so the security of the login environment can influence the security of the signoff applications; for this reason, the login environment needs to be detected to determine the abnormal level of the login environment, i.e., the unsafe level.
In a specific embodiment, considering that the login environment is the network environment, and thus the IP is used as a very important network identifier, which has a very strong reference meaning to the security of the network environment, it is considered that whether the login environment is abnormal or not can be evaluated based on the login IP. One specific embodiment of step 101, as shown in fig. 2, may include the following steps:
step S1, when receiving the signing request of the signing initiating user, obtaining the login IP of the signing initiating user; specifically, the login IP of the signing and signing initiating user is not obtained consistently, and the obtaining operation is performed only when the signing and signing initiating user is determined to initiate a signing and signing application, that is, when a signing and signing request of the signing and signing initiating user is received.
Step S2, determining a risk value of the login IP based on the login IP and an IP in a preset abnormal IP database;
step S3, if the risk value exceeds a preset risk threshold value, determining that the login environment is abnormal;
and step S4, if the risk value is lower than a preset risk threshold value, determining that the login environment is not abnormal.
Specifically, when detection is performed based on an IP (Internet Protocol ), a login IP of a login environment where a signing and initiating user is located is first acquired, and an IP having a relationship with the login IP is queried in an abnormal IP database in which an abnormal IP is stored to determine a risk value of the login IP.
In a specific embodiment, the determining the risk value of the login IP may be performed by, for example, determining that there is a direct connection with the login IP in the abnormal IP database, and with respect to step 101, the login environment specifically includes the login IP;
therefore, the step 101, that is, the step of determining whether the login environment of the sign-off initiating user is abnormal includes:
when receiving a signing request of a signing and signing initiating user, acquiring a login IP when the signing and signing initiating user sends a login request;
judging whether the login IP exists in a prestored abnormal IP database or not;
if the judgment result is yes, determining that the login environment of the signing and approving initiating user is abnormal;
if the judgment result is negative, determining that the login environment of the signing and initiating user is not abnormal
As described above, in the specific embodiment, the data of the abnormal IP is acquired in advance, and the abnormal IP database is generated based on the data of the abnormal IP, and the specific abnormal IP data can be acquired from the database related to security, so that the abnormal IP has a direct or indirect relationship with the behavior such as fraud, and thus there is a risk.
Therefore, the method is carried out by judging whether the login IP exists in the abnormal IP database when judging whether the login IP when the sign-up initiating user sends the login request is the risky IP, if the login IP exists in the abnormal IP database, the login IP is the abnormal IP, and further the login environment is abnormal, otherwise, the login environment is not abnormal and is normal.
In addition, in another specific embodiment, the risk value of the login IP may be determined, for example, by determining the number of IPs having direct connection with the login IP in the abnormal IP database, specifically, the direct connection may be, for example, a website accessing the abnormal IP in the network scenario of the login IP; the greater the number, the greater the corresponding risk value.
In another specific embodiment, in addition to considering the connection, the hazard of the specific abnormal IP itself may be considered, a hazard weight is granted to each abnormal IP based on the hazard, and in the subsequent evaluation, in addition to the number, the hazard weight of each directly connected abnormal IP needs to be considered, so as to jointly determine the risk value of the logged IP by the two factors, and a specific determination manner may be that, for example, the risk value may be the sum of the values of the hazard weights.
And after determining a risk value for logging in to the IP, determining whether the login environment is abnormal based on a comparison of the risk value and a risk threshold. In a specific embodiment, for example, if the risk value is 5 and the risk threshold is 6, it may be determined that the login environment is not abnormal.
If the login environment is not abnormal, step 103 is performed, that is, the subsequent operation of initiating the signing is performed according to the normal flow.
If the login environment is judged to be abnormal, step 102 is performed, that is, when the key request of the signing and approving initiating user is received, a key is distributed to the signing and approving initiating user, so that the signing and approving initiating user encrypts the signing and approving request based on the distributed key and then initiates a signing and approving application. Specifically, the key is a parameter input in an algorithm for converting plaintext into ciphertext or converting ciphertext into plaintext.
The specific distribution process can be implemented in several ways:
mode 1, as shown in fig. 3, step 102, that is, when receiving a key request of the signoff initiating user, allocating a key to the signoff initiating user, may include the following steps:
step 11, when receiving the key request of the signing initiating user, determining the level of signing application corresponding to the signing request;
and step 12, if the level is higher than a preset threshold value, distributing a key for the signing and approving initiating user.
In this particular embodiment, it is determined whether to distribute a key based on the level of the signoff application, e.g., a signoff application that is important, e.g., a signoff application that involves the allocation of funds, to distribute the key to the signoff application and encrypt the initiated signoff application so that the signoff originator successfully and securely initiates the signoff application.
Mode 2, as shown in fig. 4, step 102, that is, when receiving a key request of the signoff initiating user, allocating a key to the signoff initiating user, may include the following steps:
step 21, when receiving the key request of the signing initiating user, determining the authority of the signing initiating user;
and step 22, if the authority value of the authority is larger than a preset authority threshold value, distributing a key for the signing and initiating user.
In this specific embodiment, whether to distribute the key is determined based on the authority of the signing and issuing user, for example, there is an important signing person, for example, the total manager level, the corresponding authority is very high, when the signing and issuing application is due, the key is distributed to the signing and issuing user, and the issued signing and issuing application is encrypted, so that the signing and issuing user can smoothly and safely issue the signing and issuing application.
Mode 3, a plurality of keys are preset in the method, each key corresponds to an encryption level, and the higher the encryption level is, the higher the security is; in this case, step 102, that is, the "distributing the key to the signing authority initiating user when receiving the key request of the signing authority initiating user", as shown in fig. 5, may include the following steps: the method specifically comprises the following steps:
step 31, when receiving the key request of the signing and issuing user, determining the authority of the signing and issuing user and the signing and issuing application level corresponding to the signing and issuing request;
step 32, determining an encryption level based on the authority and the level;
and step 33, selecting a corresponding key based on the encryption level to distribute to the signing and initiating user.
In the specific embodiment, the encryption level of the distributed key is determined by integrating the authority of the signing and issuing user and the level of the signing and applying corresponding to the signing and issuing request; specifically, for example, the general manager initiates a very important sign-off application, in this case, a key with a very high encryption level is distributed to the general manager, and the initiated sign-off application is encrypted, so that the sign-off initiator successfully initiates the sign-off application, and the smoothness and the safety of the sign-off initiating process are ensured.
The embodiment of the invention provides a method and equipment for managing a signing and issuing user, which are applied to an electronic signing and issuing process, wherein the method for managing the signing and issuing user comprises the following steps: when receiving a signing request of a signing and approving initiating user, judging whether the login environment of the signing and approving initiating user is abnormal or not; if the judgment result is yes, when the key request of the signing initiating user is received, distributing the key for the signing initiating user so that the signing initiating user encrypts the signing request based on the distributed key and then initiates a signing application. Therefore, by the method, the safety of the electronic signing process is improved, and the use experience of the user is guaranteed.
For further explanation of the present invention, embodiment 2 of the present invention further discloses a signing-initiating user management device, which is applied to an electronic signing process, and as shown in fig. 6, the signing-initiating user management device includes:
the system comprises a judging module 201, a checking module and a judging module, wherein the judging module is used for judging whether the login environment of a signing and approving initiating user is abnormal or not when a signing and approving request of the signing and approving initiating user is received;
the allocating module 202 is configured to, when the determination result is yes and the key request of the signing and approving initiating user is received, allocate a key to the signing and approving initiating user, so that the signing and approving initiating user encrypts the signing and approving request based on the allocated key and then initiates a signing and approving application.
In a specific embodiment, the allocating module 202 is configured to:
when receiving a key request of a signing and issuing user, determining the level of a signing and issuing application corresponding to the signing and issuing request;
and if the level is higher than a preset threshold value, distributing a key for the signing and approving initiating user.
In a specific embodiment, the allocating module 202 is configured to:
when receiving a key request of the signing and issuing user, determining the authority of the signing and issuing user;
and if the authority value of the authority is larger than a preset authority threshold value, distributing a key for the signing and approving initiating user.
In a specific embodiment, a plurality of keys are preset, each key corresponds to an encryption level, and the higher the encryption level is, the higher the security is;
the allocating module 202 is configured to:
when receiving the key request of the signing and issuing user, determining the authority of the signing and issuing user and the level of the signing and issuing application corresponding to the signing and issuing request
Determining an encryption level based on the permission and the level;
and selecting a corresponding key to distribute to the signing and initiating user based on the encryption level.
In a specific embodiment, the login environment specifically includes a login IP;
the determining module 201 is configured to:
when receiving a signing request of a signing and signing initiating user, acquiring a login IP of the signing and signing initiating user;
determining a risk value of the login IP based on the login IP and an IP in a preset abnormal IP database;
if the risk value exceeds a preset risk threshold value, determining that the login environment is abnormal;
and if the risk value is lower than a preset risk threshold value, determining that the login environment is not abnormal.
Compared with the prior art, the embodiment of the invention provides a method and equipment for managing a signing and issuing user, which are applied to an electronic signing process, wherein the method for managing the signing and issuing user comprises the following steps: when receiving a signing request of a signing and approving initiating user, judging whether the login environment of the signing and approving initiating user is abnormal or not; if the judgment result is yes, when the key request of the signing initiating user is received, distributing the key for the signing initiating user so that the signing initiating user encrypts the signing request based on the distributed key and then initiates a signing application. Therefore, by the method, the safety of the electronic signing process is improved, and the use experience of the user is guaranteed.
Those skilled in the art will appreciate that the figures are merely schematic representations of one preferred implementation scenario and that the blocks or flow diagrams in the figures are not necessarily required to practice the present invention.
Those skilled in the art will appreciate that the modules in the devices in the implementation scenario may be distributed in the devices in the implementation scenario according to the description of the implementation scenario, or may be located in one or more devices different from the present implementation scenario with corresponding changes. The modules of the implementation scenario may be combined into one module, or may be further split into a plurality of sub-modules.
The above-mentioned invention numbers are merely for description and do not represent the merits of the implementation scenarios.
The above disclosure is only a few specific implementation scenarios of the present invention, however, the present invention is not limited thereto, and any variations that can be made by those skilled in the art are intended to fall within the scope of the present invention.