Content of the invention
For defect of the prior art, the present invention proposes a kind of sign-off and initiates user management method and equipment, in order to
Overcome defect of the prior art, improve the safety of approving electronic, ensure the experience of user.
Specifically, the present invention proposes embodiment in detail below:
The embodiment of the present invention proposes a kind of sign-off and initiates user management method, is applied to approving electronic process, including:
Judge whether extremely sign-off initiates the login environment of user;
If the determination result is YES, when receiving the sign-off request that described sign-off initiates user, it is that described sign-off initiates to use
A refined net passage is distributed at family, so that described sign-off initiates user initiates sign-off Shen based on the refined net passage being distributed
Please.
Further, in a specific embodiment, described " when the sign-off request receiving described sign-off and initiating user
When, it is that described sign-off initiates user's one refined net passage of distribution ", including:
When receiving the sign-off request that described sign-off initiates user, determine the corresponding sign-off application of described sign-off request
Rank;
If described be superior to default threshold value, it is that described sign-off initiates user's one refined net passage of distribution.
Further, in a specific embodiment, described " when the sign-off request receiving described sign-off and initiating user
When, it is that described sign-off initiates user's one refined net passage of distribution ", including:
When receiving the sign-off request that described sign-off initiates user, determine that described sign-off initiates the authority of user;
If the authority credentials of described authority is more than default authority threshold value, it is that described sign-off initiates user's one densification network of distribution
Network passage.
Further, in a specific embodiment, described refined net passage is to should have encryption level, encryption level
Higher, safety is higher;
Described " when receiving the sign-off request that described sign-off initiates user, is that described sign-off initiates user's distribution one
Refined net passage ", including:
When receiving the sign-off request that described sign-off initiates user, determine that described sign-off initiates authority and the institute of user
State the rank of the corresponding sign-off application of sign-off request
Encryption level is determined based on described authority and described rank;
Corresponding refined net channel allocation is chosen based on described encryption level and initiates user to described sign-off.
Further, in a specific embodiment, described login environment specifically includes login IP;
Described judge sign-off initiate user login environment whether abnormal, including:
Obtain the login IP that sign-off initiates user;
Determine the value-at-risk of described login IP based on the IP in described login IP and default abnormal IP data base;
If value-at-risk exceedes default risk threshold value, determine described login environmental abnormality;
If the low excessively default risk threshold value of value-at-risk, determine that described login environment is not abnormal.
The embodiment of the present invention also proposed a kind of sign-off and initiates user management device, is applied to approving electronic process, including:
Judge module, for judging whether extremely sign-off initiates the login environment of user;
Distribute module, for being yes when judged result, and when receiving the sign-off request of described sign-off initiation user, is institute
State sign-off and initiate user's one refined net passage of distribution, so that described sign-off initiates user being led to based on the refined net being distributed
Sign-off application is initiated in road.
Further, in a specific embodiment, described distribute module, it is used for:
When receiving the sign-off request that described sign-off initiates user, determine the corresponding sign-off application of described sign-off request
Rank;
If described be superior to default threshold value, it is that described sign-off initiates user's one refined net passage of distribution.
Further, in a specific embodiment, described distribute module, it is used for:
When receiving the sign-off request that described sign-off initiates user, determine that described sign-off initiates the authority of user;
If the authority credentials of described authority is more than default authority threshold value, it is that described sign-off initiates user's one densification network of distribution
Network passage.
Further, in a specific embodiment, described refined net passage is to should have encryption level, encryption level
Higher, safety is higher;
Described distribute module, is used for:
When receiving the sign-off request that described sign-off initiates user, determine that described sign-off initiates authority and the institute of user
State the rank of the corresponding sign-off application of sign-off request
Encryption level is determined based on described authority and described rank;
Corresponding refined net channel allocation is chosen based on described encryption level and initiates user to described sign-off.
Further, in a specific embodiment, described login environment specifically includes login IP;
Described judge module, is used for:
Obtain the login IP that sign-off initiates user;
Determine the value-at-risk of described login IP based on the IP in described login IP and default abnormal IP data base;
If value-at-risk exceedes default risk threshold value, determine described login environmental abnormality;
If the low excessively default risk threshold value of value-at-risk, determine that described login environment is not abnormal.
Compared with prior art, the embodiment of the present invention proposes a kind of sign-off and initiates user management method and equipment, application
In approving electronic process, wherein, this sign-off is initiated user management method and is included:Judge whether sign-off initiates the login environment of user
Abnormal;If the determination result is YES, when receiving the sign-off request that described sign-off initiates user, it is that described sign-off initiation user divides
Join a refined net passage, so that described sign-off initiates user initiates sign-off application based on the refined net passage being distributed.
With this, improve the safety of approving electronic process by said method, ensure the experience of user.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation description is it is clear that described embodiment is only a part of embodiment of the present invention, rather than whole embodiments.Generally
Can be arranged with various different configurations and design with the assembly of the embodiment of the present invention shown described in the accompanying drawing herein.Cause
This, be not intended to limit claimed invention to the detailed description of the embodiments of the invention providing in the accompanying drawings below
Scope, but it is merely representative of the selected embodiment of the present invention.Based on embodiments of the invention, those skilled in the art are not doing
The every other embodiment being obtained on the premise of going out creative work, broadly falls into the scope of protection of the invention.
For defect of the prior art, the inventors discovered that in actual application, sign-off initiates the peace that user occurs
Full problem is larger, for this reason, the present invention proposes a kind of sign-off initiates user management method and equipment, is applied to approving electronic mistake
Journey, in order to improve the safety of approving electronic process.
Specifically, the present invention proposes embodiment in detail below:
The embodiment of the present invention 1 proposes a kind of sign-off and initiates user management method, is applied to approving electronic process, such as Fig. 1
Shown, comprise the following steps:
Step 101, judge sign-off initiate user login environment whether abnormal;
Step 102, if the determination result is YES, when receiving the sign-off request that described sign-off initiates user, is described label
Core is initiated user and is distributed a refined net passage, so that described sign-off initiates user being sent out based on the refined net passage being distributed
Play sign-off application.
In a specific embodiment, such as certain employee in a company wants to ask for leave, namely wants to initiate one
Sign-off application, this employee is accomplished by initiating the flow process of a sign-off application, and in this process, this employee just initiates to use as sign-off
Family.
And in addition to the sign-off application with regard to asking for leave, sign-off application can also have a lot of other embodiments, for example, close
In the approving electronic of reimbursement, and the approving electronic with regard to order of being transferred and promoted etc., and corresponding, the user initiating sign-off process is
Initiate user for sign-off.
Sign-off initiates user firstly the need of login, could initiate sign-off process, and therefore sign-off initiation user can step at one
Record interface input account, the log-on message such as password, in a specific embodiment, the environment of input account and password is
Log in environment.And follow-up sign-off application is also to initiate in same environment, the safety therefore logging in environment can affect
Safety to sign-off application;For this reason, being accomplished by login environment is detected, to determine the intensity of anomaly logging in environment,
I.e. unsafe degree.
It is contemplated that logging in the environment that environment is network in a specific embodiment, critically important as one by this IP
Network identity, the safety to place network environment has very strong reference significance, just allowing for this point, can be based on stepping on
Record IP whether login environment is estimated extremely.A kind of specific embodiment with regard to step 101, it is as shown in Fig. 2 can
To comprise the steps:
Step S1, acquisition sign-off initiate the login IP of user;
Step S2, determine the risk of described login IP based on the IP in described login IP and default abnormal IP data base
Value;
If step S3 value-at-risk exceedes default risk threshold value, determine described login environmental abnormality;
If the low excessively default risk threshold value of step S4 value-at-risk, determine that described login environment is not abnormal.
Specifically, based on IP (Internet Protocol, the agreement of interconnection between network) come detected, first
Get sign-off initiate user be located log in environment login IP, and and in the abnormal IP data base of the abnormal IP that is stored with inquire about
There is related IP to determine the value-at-risk logging in IP with this login IP.
In a specific embodiment, such as by judging to there may be directly with login IP in abnormal IP data base
The IP quantity connecing in succession logs in the value-at-risk of IP to carry out judgement, and with regard to step 101, described login environment specifically includes login
IP;
Thus, step 101, namely extremely whether the described login environment judging sign-off initiation user, including:
Obtain described sign-off and initiate login IP during user's transmission logging request;
Judge that described login IP whether there is in the abnormal IP data base prestoring;
If the determination result is YES it is determined that described sign-off initiates the login environmental abnormality of user;
If judged result is no it is determined that described sign-off initiates the login environment of user not extremely
More than, the data of abnormal IP, and the data life based on this abnormal IP in the particular embodiment, can be got in advance
Become abnormal IP data base, specifically abnormal IP data can be obtained, with this abnormal IP meeting from the data base with regard to safety
There is directly or indirectly relation with the such as behavior such as swindle, can be existed with this risky.
Thus, by judging whether the login IP that sign-off initiates during user's transmission logging request is to pass through during risky IP
Judging to log in IP with the presence or absence of to carry out in abnormal IP data base, if log in IP being present in abnormal IP data base, saying
Bright login IP is abnormal IP, and then may determine that login environmental abnormality, conversely, then explanation logs in environment not extremely, is just
Normal.
Additionally, in other specific embodiments, for example can by judge in abnormal IP data base with login
IP there are the IP quantity being directly connected to carry out judge log in IP value-at-risk, specifically, be directly connected to can be for example
Log in the website of access exception IP under the network scenarios of IP;Quantity is more, and corresponding value-at-risk is bigger.
In another specific embodiment, it is also contemplated that specific abnormal IP itself in addition to considering to connect
Hazardness, authorize harm weight to each abnormal IP based on hazardness, during further evaluation, except consider quantity in addition to, for
Each abnormal IP being directly connected to, in addition it is also necessary to harm weight in view of this abnormal IP, is come jointly by this two factors with this
Judge to log in the value-at-risk of IP, a kind of specific determination mode can be that for example value-at-risk can be the sum of the value of harm weight.
And after determining the value-at-risk logging in IP, based on this value-at-risk and risk threshold value relatively determining login ring
Whether border is abnormal.In a specific embodiment, such as value-at-risk is 5, and risk threshold value is 6, then can determine login environment
Not abnormal.
If judging to log in environment not extremely, then carry out step 103, namely carry out follow-up initiation according to normal flow process
The operation of sign-off.
And if in the case of judging to log in environmental abnormality, carry out step 102, namely initiating to use when receiving described sign-off
During the sign-off request at family, it is that described sign-off initiates user's one refined net passage of distribution, so that described sign-off initiates user's base
Initiate sign-off application in the refined net passage being distributed.A kind of specific refined net passage can be VPN (Virtual
Private Network, VPN (virtual private network)).
Specific allocation flow can several ways as follows:
Mode 1 as shown in figure 3, step 102 namely described " when the sign-off request receiving described sign-off and initiating user
When, it is that described sign-off initiates user's one refined net passage of distribution " may comprise steps of:
Step 11, when receiving the sign-off request that described sign-off initiates user, determine that described sign-off request is corresponding
The rank of sign-off application;
If step 12 is described is superior to default threshold value, it is that described sign-off initiation user's one refined net of distribution leads to
Road.
In this specific embodiment, being rank based on sign-off application to determine whether to distribute refined net passage, example
If any important sign-off application, for example, it is related to the sign-off application of fund distribution, just distribute a refined net passage for it, with
Note core sponsor smoothly initiates sign-off application.
Mode 2 as shown in figure 4, step 102 namely described " when the sign-off request receiving described sign-off and initiating user
When, it is that described sign-off initiates user's one refined net passage of distribution " may comprise steps of:
Step 21, when receiving the sign-off request that described sign-off initiates user, determine that described sign-off initiates the power of user
Limit;
If the authority credentials of the described authority of step 22 is more than default authority threshold value, it is that described sign-off initiates user's distribution one
Bar refined net passage.
In this specific embodiment, it is to determine whether that distributing refined net leads to based on the authority that sign-off initiates user
, for example, there is an important approved officer in road, e.g. general manager's rank, and corresponding authority is very high, just distribute a densification network for it
Network passage, so that sign-off sponsor smoothly initiates sign-off application.
, to there being encryption level, encryption level is higher, and safety is higher for mode 3, wherein said refined net passage;Here
In the case of, step 102, namely described " when receiving the sign-off request that described sign-off initiates user, be that described sign-off initiates to use
A refined net passage is distributed at family ", as shown in figure 5, may comprise steps of:Specifically include step:
Step 31, when receiving the sign-off request that described sign-off initiates user, determine that described sign-off initiates the power of user
The rank of the sign-off application corresponding to limit and the request of described sign-off;
Step 32, encryption level is determined based on described authority and described rank;
Step 33, choose corresponding refined net channel allocation based on described encryption level and initiate user to described sign-off.
In this specific embodiment, it is that comprehensive sign-off initiates the authority of user and the label that the request of described sign-off is corresponding
The rank of core application is determining the encryption level of distributed refined net passage;Specifically, such as general manager has initiated one
Critically important sign-off application, in the case, is that general manager distributes a very high refined net passage of encryption level so that signing
Core sponsor smoothly initiates sign-off application it is ensured that initiating the smooth of sign-off process and safety.
The embodiment of the present invention proposes a kind of sign-off and initiates user management method and equipment, is applied to approving electronic process,
Wherein, this sign-off initiation user management method includes:Judge whether extremely sign-off initiates the login environment of user;If judged result
It is yes, when receiving the sign-off request that described sign-off initiates user, be that described sign-off initiates user's one refined net of distribution
Passage, so that described sign-off initiates user initiates sign-off application based on the refined net passage being distributed.With this, by above-mentioned side
Method, improves the safety of approving electronic process, has ensured the experience of user.
In order to be further detailed to the present invention, the embodiment of the present invention 2 also discloses a kind of sign-off and initiates user's pipe
Reason equipment, is applied to approving electronic process, as shown in fig. 6, including:
Judge module 201, for judging whether extremely sign-off initiates the login environment of user;
Distribute module 202, for being yes when judged result, and when receiving the sign-off request of described sign-off initiation user,
Initiate user for described sign-off and distribute a refined net passage, so that described sign-off initiates user based on the densification network being distributed
Network passage initiates sign-off application.
In a specific embodiment, described distribute module 202, it is used for:
When receiving the sign-off request that described sign-off initiates user, determine the corresponding sign-off application of described sign-off request
Rank;
If described be superior to default threshold value, it is that described sign-off initiates user's one refined net passage of distribution.
In a specific embodiment, described distribute module 202, it is used for:
When receiving the sign-off request that described sign-off initiates user, determine that described sign-off initiates the authority of user;
If the authority credentials of described authority is more than default authority threshold value, it is that described sign-off initiates user's one densification network of distribution
Network passage.
In a specific embodiment, to there being encryption level, encryption level is higher, safety for described refined net passage
Property is higher;
Described distribute module 202, is used for:
When receiving the sign-off request that described sign-off initiates user, determine that described sign-off initiates authority and the institute of user
State the rank of the corresponding sign-off application of sign-off request
Encryption level is determined based on described authority and described rank;
Corresponding refined net channel allocation is chosen based on described encryption level and initiates user to described sign-off.
In a specific embodiment, described login environment specifically includes login IP;
Described judge module 201, is used for:
Obtain the login IP that sign-off initiates user;
Determine the value-at-risk of described login IP based on the IP in described login IP and default abnormal IP data base;
If value-at-risk exceedes default risk threshold value, determine described login environmental abnormality;
If the low excessively default risk threshold value of value-at-risk, determine that described login environment is not abnormal.
Compared with prior art, the embodiment of the present invention proposes a kind of sign-off and initiates user management method and equipment, application
In approving electronic process, wherein, this sign-off is initiated user management method and is included:Judge whether sign-off initiates the login environment of user
Abnormal;If the determination result is YES, when receiving the sign-off request that described sign-off initiates user, it is that described sign-off initiation user divides
Join a refined net passage, so that described sign-off initiates user initiates sign-off application based on the refined net passage being distributed.
With this, by said method, improve the safety of approving electronic process, ensured the experience of user.
It will be appreciated by those skilled in the art that accompanying drawing is a schematic diagram being preferable to carry out scene, the module in accompanying drawing or
Flow process is not necessarily implemented necessary to the present invention.
It will be appreciated by those skilled in the art that module in device in implement scene can according to implement scene describe into
Row is distributed in the device of implement scene it is also possible to carry out one or more dresses that respective change is disposed other than this implement scene
In putting.The module of above-mentioned implement scene can merge into a module it is also possible to be further split into multiple submodule.
The invention described above sequence number is for illustration only, does not represent the quality of implement scene.
Only the several of the present invention disclosed above are embodied as scene, but, the present invention is not limited to this, Ren Heben
What the technical staff in field can think change all should fall into protection scope of the present invention.