CN106685977A - Account system construction method based on intelligent community cloud platform - Google Patents

Account system construction method based on intelligent community cloud platform Download PDF

Info

Publication number
CN106685977A
CN106685977A CN201710001471.8A CN201710001471A CN106685977A CN 106685977 A CN106685977 A CN 106685977A CN 201710001471 A CN201710001471 A CN 201710001471A CN 106685977 A CN106685977 A CN 106685977A
Authority
CN
China
Prior art keywords
account
cell
authority
user
role
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710001471.8A
Other languages
Chinese (zh)
Other versions
CN106685977B (en
Inventor
陈亮
张松
杨然
胡志勇
阳许军
蔡剑峰
肖伟明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Hong Xin Technological Service Co Ltd
Original Assignee
Wuhan Hong Xin Technological Service Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Hong Xin Technological Service Co Ltd filed Critical Wuhan Hong Xin Technological Service Co Ltd
Priority to CN201710001471.8A priority Critical patent/CN106685977B/en
Publication of CN106685977A publication Critical patent/CN106685977A/en
Application granted granted Critical
Publication of CN106685977B publication Critical patent/CN106685977B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/16Real estate
    • G06Q50/163Real estate management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Tourism & Hospitality (AREA)
  • Economics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Primary Health Care (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides an account system construction method based on an intelligent community cloud platform. The account system construction method based on the intelligent community cloud platform comprises the following steps: account system configuration, user login certification, and authority acquiring and interface presence. The account system construction method is based on RBAC, and a 'residential quarter-authority-role-account' configuration is proposed according to requirements of an intelligent community. The account system construction method based on the intelligent community cloud platform comprises the following steps: establishing various basic residential quarters; configuring authority through List Picker and binding the authority with one or a plurality of residential quarters, establishing a role, and storing the role in a cloud database; and finally, combining one or a plurality of roles into an account. After being analyzed in an encrypted manner, the login certification of a user is cryptographically checked through a stored original account, and a check result is read from session information in subsequent logging-in to reduce burden of a database. Acquisition of user authority is based on a corresponding selected residential quarter, a role authority set of the selected residential quarter authority in the account is read; operation authority is given; and a right interface is presented. Cross configuration of a plurality of residential quarters, a plurality of roles and a plurality of authorities is realized, and therefore, expansibility, safety and economy of the platform are improved.

Description

A kind of system of account building method based on intelligence community cloud platform
Technical field
The present invention relates to computer account system field, in particular to a kind of account based on intelligence community cloud platform Family System Construction method, the collocation method comprising account system, user login validation, user right are obtained and interface is presented three Part.
Background technology
RBAC(Role-Based Access Control)System of account, associating realizing account by role and authority The functional configuration at family.One user can possess some roles, and each role possesses some authorities again.So it is constructed for " using The mandate model at family-role-authority ".In this model, it is usually multipair between role and authority between user and role Many relations.Intelligence community cloud platform calls the lower community service new application carried out as national " the Internet+", bases oneself upon reality There is unique requirement community to account System Construction.
1st, the multiformity of platform accessing user species, platform not only includes traditional property and owner, also including community business Family, certainly the novel user species such as business owner, community distribution company;2nd, the complexity of object is managed, is developed in actual life Business need the multiple cells of synchronous operation, management Duo Jia property subsidiary, have numerous trade companies to enter on platform, You Duojia communities match somebody with somebody Send company to provide service, have substantial amounts of owner in community.3rd, the intercrossing of all kinds of roles, property management staff may in different districts May possess the room of multiple cells in the possible different, owner of each community operation category with different administration authorities, large-scale trade company Produce.
For above-mentioned situation, effective intelligence community cloud platform system of account solution is not yet proposed at present.
The content of the invention
The invention provides a kind of system of account building method based on intelligence community cloud platform, at least to solve existing skill In art due to cell and merger and reorganization many role-securities institute cannot be accurate to caused by cannot realize intelligence community cloud platform account Crossed privilege technical problem.
The present invention employs the following technical solutions realization:
A kind of system of account building method based on intelligence community cloud platform,
By optimizing to typical RBAC model, " cell " dimension is introduced, propose " cell-authority-role-account " method, will be little Area is considered as the base unit of intelligence community cloud platform, and authority configuration is given birth to based on cell;By the compound binding of cell and authority Build single role;Again an account is given by multiple roles, make the account that there are multiple cells, multiple differentiation authorities;
After the completion of above-mentioned intelligence community cloud platform account system configuration, platform will verify the login of user by MD5 hash algorithms Information, and complete authority acquiring and the interface presentation of user.
Specifically include following steps:
The configuration of step 1, intelligence community cloud platform account system;
On the basis of RBAC, cellular concept is introduced, " cell-authority-role-account " method is proposed, using cell as wisdom The base unit of community's cloud platform, by cell and the single role of compound binding construction of authority;Give one by multiple roles again Individual account, makes the account have multiple cells, multiple differentiation authorities;
Step 2, the login authentication of register user;
During login authentication, the account of user input, password are uploaded onto the server by the transmission link of des encryption; Cloud storage service device is using MD5 hash algorithms checking account, the matching degree of password;Generate digital signature file and return by rear The result is logined successfully to user, prompting;
The des encryption transmission, for changing into the ciphertext of 64 bits after 16 encryptions of plaintext by user's typing, ciphertext is final By link transmission to server, it is to avoid user profile occurs by packet capturing or abduction and reveals;
The MD5 Hash checking, for the account for receiving, encrypted message to be grouped first by MD5 to it so that every One group of length is 512, applies for the link variable of 4 32, obtains link variable data i.e. MD5 digest after computing repeatedly;
The generation digital label file is simultaneously returned, for the labelling of MD5 hash algorithm the results, its input item:Signature value, Original text, public key;Its output item:Whether it is verified;
Step 3, the authority acquiring of user and interface are presented;
The authority acquiring, for the cell included in user account all to be enumerated, and selects after one of them, to obtain at this The authority intersection of all roles in cell;
The interface is presented, for the authority intersection that will be included in user account, according to the design framework of intelligence community cloud platform Corresponding web/APP clients are displayed in, for user and server end information exchange is produced, process all kinds of business of the user Operation, it is ensured that good Consumer's Experience;
Detailed process is:It is preferential to inquire about the cell number included in the affiliated role of account after user account information is proved to be successful, if The empty then expression account, without associated rights, obtains failure;All cells are presented if having cell, user selects one of cell Operation, the then role in backstage reading account with selected cell, further reads the union of these role-securities;If can not spend Authority, then interface presentation failure;If not empty, then all permissions of the account are obtained, is refine to by authority list correspondence display The function interface of button rank, user is operated according to self-demand.
In the step 1, all user's tables are divided into into operation, property, trade company, dispensing, the class of owner 5;User's table and role Table association, role's table nesting cell table and authority list;Manager creates cell, arranges region, Lou Dong, unit, the room of cell Information;Create trade company, property, the community distribution company information in the cell;And by the authority configuration of cell management into an angle Color, it is given to cell management person's account so as to exercise the power of the cell;It is right that cell management person is realized by the account of oneself The management of every matters, by management backstage property, trade company's authority of the cell are configured in community;The log-on message of examination & verification owner Application;The business column of configuration cell;
Specifically include following steps:
Step 3-1, platform operation manager creates cell;
Platform administrator Admin creates cell on backstage, successively typing cell name, subdistrict position, construction area information, to little All houses in area according to area, unit, room typing successively, input floor space, property fees radix, house status information, Complete the Initialize installation in cell house;Operation team in associated cell, infrastructure management company, Delivery Co., Ltd;The cell is set Property fees, parking fee charge date personalized configuration information;Finally complete every terms of information configuration in cell and enter step 3-2;
Step 3-2, authority of the configuration based on cell;
Platform administrator Admin configures the repertoire that the cell possesses in management backstage, then configures each according to needing The authority of class user, the authority can be accurate to button rank;Platform administrator Admin chooses system administration, information pipe on backstage Reason, service for infrastructure, the authority of value-added service module;Finally completed and enter after the authority configuration based on the cell step 3-3;
Step 3-3, creates role-cell management person;
By the cell in the place cell drop-down point choice-start of role, subsequently into permissions list the institute of cell management person's needs is chosen It is functional, finally the role is preserved and is named as the cell management person, role's establishment has so far been completed, into step 3-4;
Step 3-4, platform operation manager creates account-cell management person;
Click on and create after account button, it can be seen that select role interface, all roles for having set up all to be shown in this, choose The cell management person role that previous step is set up, names the user to be cell management person's account, and preservation has completed account establishment, entered Step 3-5;
Step 3-5, cell management person creates other concerned account numbers in account-cell;
The cell management person for just having built up starts to perform the authority of itself, completes examination & approval and establishment, owner's account Shen of trade company's account Examination & verification please, the foundation of property account.
One account can possess multiple role-securities, but not across user class;
5 class users have independent coding of accounts, and inhomogeneous user's group is not allowed across client operation;
Different user's groups uses different clients:
Operation and property user use cloud management backstage;
Trade company uses trade company's version web and trade company end APP;
Owner uses this family version web and owner end APP;
Community distribution uses dispensing end APP;
6 sections of products are independently operated, but data common transport is capable of achieving data processing intercommunication to cloud server in platform.
In the step 2, the generating process of MD5 digest is as follows:
A1, the clear packets of 512 are divided into 16 sub- clear packets, are 32 per individual sub- clear packets;
A 2, the link variable of application 4 32, are designated as A, B, C, D;
A 3, sub- clear packets and link variable carry out the 1st wheel computing;
A 4, sub- clear packets and link variable carry out the 2nd wheel computing;
A 5, sub- clear packets and link variable carry out the 3rd wheel computing;
A 6, sub- clear packets and link variable carry out the 4th wheel computing;
A 7, link variable and initial link variable carry out summation operation;
A 8, link variable repeats above operation as the input of next clear packets;
A 9, last, the data inside 4 link variables are exactly MD5 digest.
In the step 2, generate digital label and return, for the concrete mistake of the labelling of MD5 hash algorithm the results Journey is as follows;
B1, by client send original do MD5 computings, obtain HASH values X;
B 2, by the signature public key decryptions for receiving, obtain HASH values Y;
B 3, value Y of doing that value X that the 1st step is obtained is obtained with the 2nd step is compared, if X=Y is verified, otherwise do not passed through;
B 4, assay is returned.
In the step 3, the authority acquiring of user and interface present and comprise the following steps;
Step c-1, inquires about all cell informations included in the affiliated role of account, determines whether sky;If the account looks into nothing appointing What cell then obtains authority failure;Step c-2 is entered if not being sky if Query Result;
Step c-2, is presented the result of previous step inquiry, and presents all cells included in the account roles, Yong Huxuan One of entrance is selected, into step c-3;
Step c-3, read in the user account comprising the cell role, the role be " cell management person ";Into step c- 4;
Step c-4, authority intersection of the account in all roles for changing cell is read, and whether inquire about is empty, if inquiring nothing Authority can be obtained, and then interface is presented failure;If Query Result is not sky, into step c-5;
Step c-5, obtains the account authority and reconstructs interface;Cell management person's account may be read into system configuration, consultancy service, The functional module authority such as service for infrastructure, value-added service;And be presented on Web/APP interfaces, into step c-6;
Step c-6, user gets operation interface, starts to perform correspondence business operation.
After cell management person's account is set up on the basis of the cell, if the account later stage also needs to have another cell Authority, then repeat step 3-1 set up another cell, repeat step 3-2 arrange another cell repertoire point, repeat Step 3-3 configure another cell authority that it possesses in addition and name, the last final election in cell management person's role's Option Box The option of two cells, renaming is preserved can be completed to increase role and administration authority newly on the basis of former account, subsequently into step Rapid 3-5.
In the present invention, the account system for realizing intelligence community cloud platform by the tight fit of above three part is made by oneself Adopted expanded configuration, login cryptographic check, authority acquiring and page reconstruct.
Compared with prior art, the present invention has advantages below and beneficial effect:
1st, the dimension of system of account is deepened, and increases " cell " dimension newly, proposes the intelligence community cloud of " cell-authority-role-account " Platform system of account collocation method, solves the multiple cell operational issue for being badly in need of solving in the application of intelligence community.Make the dimension of platform Degree refine to " cell " granularity so that this platform can access arbitrary cell, with splendid autgmentability and practicality.
2nd, the plyability of system of account strengthens, and the method causes an account to possess multiple authorities and the scope of application, has Splendid Consumer's Experience and plyability, it is possible to resolve be badly in need of authority and the scope of application complex composition for solving in the application of intelligence community Problem.
For example, account 60000X that property management staff M can pass through to possess is provided simultaneously with 2 roles(Cell A property Manager, cell B parking management person), realize the property fees management to cell A and the parking fee management function of cell B.
3rd, the present invention is more using user types for intelligence community(Operation, property, trade company, dispensing, owner)Feature, wound The property made introduces operation(9000X), property(6000X), trade company(8000X), dispensing(7000X), owner(1000X)Method.So that User types are easily distinguishable and management, significant increase account management efficiency.
4th, the present invention is for the checking of account is using des encryption transmission, the checking of MD5 Hash, digital label checking trilogy Guarantee the safety of intelligence community cloud platform system of account.
Description of the drawings
Technical scheme in order to be illustrated more clearly that the embodiment of the present invention, below will be to making needed for embodiment description Accompanying drawing is briefly described, it is clear that ground, and drawings in the following description are only some embodiments of the present invention, for For those of ordinary skill in the art, without having to pay creative labor, can be obtaining it according to these accompanying drawings Its accompanying drawing.
Fig. 1 is that the applied environment of cloud platform account system building method in intelligence community provided in an embodiment of the present invention is illustrated Figure;
Fig. 2 is intelligence community cloud platform account system building method overall flow figure provided in an embodiment of the present invention;
Fig. 3 is a kind of collocation method flow chart of intelligence community cloud platform system of account provided in an embodiment of the present invention;
Fig. 4 is a kind of user login validation method flow diagram provided in an embodiment of the present invention;
Fig. 5 is obtained and interface presentation flow chart for a kind of user right provided in an embodiment of the present invention.
Specific embodiment
In order that those skilled in the art more fully understand the present invention program, below in conjunction with the embodiment of the present invention Accompanying drawing, is clearly and completely described to the technical scheme in the embodiment of the present invention, it is clear that described embodiment is only The embodiment of a part of the invention, rather than the embodiment of whole.Based on the embodiment in the present invention, ordinary skill people All other embodiment that member is obtained under the premise of creative work is not made belongs to the scope of the application protection.

It should be noted that the present invention is based on RBAC(Access control based roles:Role-Based Access Control)Derivative, the introducing cellular concept of system of account, creativeness proposition " cell-authority-role-account " method, for The solution intelligence community cloud platform system of account construction requirements of property.Term " comprising " and " having " and their any deformation, It is intended to cover non-exclusive including.For example, the process of series of steps or unit, method, system, product are contained or is set Standby those steps or the unit for being not necessarily limited to clearly list, but may include clearly not list or for these mistakes Other intrinsic steps of journey, method, product or equipment or unit.
With reference to Fig. 1, for the applied environment of cloud platform account system building method in intelligence community provided in an embodiment of the present invention Schematic diagram, methods described specifically can include:S102 intelligence communities Cloud Server processes and receives and dispatches user as platform core The operational order of S106, and respective application data are stored beyond the clouds.S104 is played as operative and is uploaded the intermediary's work assigned With.User's group S106 refers to the intelligence community role comprising different districts:Operation, property, owner, trade company of community, community distribution 6 Class user, platform can simultaneously access multiple different districts, and synchronously operation, many community distributions, owners intert multiple societies for many trade companies The application scenarios such as area.In the environment that the present embodiment is illustrated, instruction is sent to S102 by S104 comprising S106 user or is operated Normal direction flow, also comprising S102 pass through reverse flow process of the S104 terminals to S106 user's group PUSH messages.
Optionally, in the present embodiment, above-mentioned cell is not limited only to cell A, cell B and can include any not restriction Cell, terminal can include but is not limited at least one of:Mobile phone, panel computer, notebook computer, desktop PC.On A kind of simply example is stated, the present embodiment does not do any restriction to this.Alternatively, in the present embodiment, above-mentioned network environment can be with Including but not limited at least one of:3/4G mobile networks, WLAN wireless networks, wired network.An above-mentioned simply clock example, this reality Apply example and any restriction is not done to this.
With reference to Fig. 2, intelligence community cloud platform account system building method overall flow figure provided in an embodiment of the present invention, institute Method is stated comprising following three part:1st, the configuration of intelligence community cloud platform account system is completed, by the basis of RBAC schemes On, introduce cellular concept, propose " cell-authority-role-account " method, using cell as system base unit, by little Area and the single role of compound binding construction of authority;Again an account is given by some roles, make the account that there are multiple cells , multiple differentiation authorities.The method is the expanded application to typical RBAC methods so as to meet the account of intelligence community cloud platform Family system expanding is required.2nd, the login authentication of register user is completed, during login authentication, system is by the account of user input Number, password uploaded onto the server by the transmission link of des encryption;Cloud storage service device using MD5 hash algorithms checking account, The matching degree of password;Generate digital signature file and return the result to user by rear, prompting is logined successfully.3rd, complete to use The authority acquiring at family and interface are presented, and after user account information is proved to be successful, what is preferentially included in the affiliated role of inquiry account is little Area's number, then represents that if it is empty the account, without associated rights, obtains failure;All cells are presented if having cell, user selects it In a cell operation, then backstage read the role in account with selected cell, further read these role-securities and Collection.If authority can not be spent, interface is presented failure;If not empty, then all permissions of the account are obtained, by authority list correspondence Display refine to the function interface of button rank, and user is operated according to self-demand.So far, complete intelligence community cloud to put down The account system building-up work of platform, can meet special construction requirements of the intelligence community cloud platform for account system.
With reference to Fig. 3, for a kind of collocation method flow process of intelligence community cloud platform system of account provided in an embodiment of the present invention Figure, accompanying method can include:Create authority-establishment role-establishment account of the cell-configuration based on cell.
Step 3-1, platform operation manager creates cell.Platform administrator Admin creates cell in system background, successively The profile informations such as typing cell name, subdistrict position, construction area.To all houses in cell according to area, unit, room The information such as typing successively, input floor space, property fees radix, house state, complete the Initialize installation in cell house;Association Operation team in cell, infrastructure management company, Delivery Co., Ltd;The personalizations such as property fees, the parking fee charge date of the cell are set Configuration information;Finally complete every terms of information configuration in cell and enter step 3-2;
Step 3-2, authority of the configuration based on cell A.Platform administrator Admin management backstage configure that the cell possesses it is complete Portion's function(Web/app ends), the authority of a certain class user is then configured according to needing, the authority can be accurate to button rank. Show the process of its authority configuration as a example by create cell A manager.Platform administrator Admin chooses on backstage
System administration(Account, configurations, log query)、
Information is managed(Community's government affairs, community are notified, convenience-for-people almanac)、
Service for infrastructure(Property fees management, parking fee management, water power civil gas management, property are reported for repairment, property is complained)、
Value-added service(Store, the third Protocol trade company)The authority of module;Finally completed the authority configuration based on cell A to enter Step 3-3;
Step 3-3, creates role-cell A manager.By cell A in the place cell drop-down point choice-start of role, subsequently into power The institute that cell management person's needs are chosen in limit list is functional.Finally the role is preserved and cell A manager is named as, so far Complete role to create into step 3-4.
Step 3-4, platform operation manager creates account-cell A manager.Click on and create after account button, can see To role interface is selected, all roles for having set up are shown in this, again in example, only choose the cell of previous step foundation A administrator roles, name the user to be cell A manager's account, and preservation has completed account and created into step 3-5.
Optionally, cell A manager's account is only illustrated in the present embodiment sets up process on the basis of cell A.If The account later stage also needs to a certain authority with cell B, then need to set up cell B(Repeat step 3-1), cell B is set Repertoire point(Repeat step 3-2), configure cell B authority that it possesses in addition and name(Step repeats 3-3), it is last little Final election A, B two in area A administrator role Option Boxs, renaming preserve can complete on the basis of former account increase newly role and Administration authority.Create other accounts in platform and enter step 3-5.
Step 3-5, cell management person creates other concerned account numbers in account-cell A.The cell A manager for just having built up opens Begin to perform the authority of itself, complete examination & approval and establishment, the examination & verification of owner's account application, the foundation of property account of trade company's account. So far a complete set of account system configuration of intelligence community cloud platform is completed.
With reference to Fig. 4, for a kind of user login validation method flow diagram provided in an embodiment of the present invention;The login authentication Method includes account number cipher typing, encrypted transmission, the checking of MD5 Hash, digital signature and return, wherein,
The input account number cipher refers to the login interface that user is provided by web/app products, and difference typing account, password are simultaneously Submit to.
The encrypted transmission is used to for the information of user's typing to adopt symmetric encipherment algorithm DES(Digital Encryption Standard)Encryption, exchanges through the encryptions of 16 times, finally by inverse initial transformation, obtains the close of 64 bits Text.Ciphertext is eventually through link transmission to server, it is ensured that the safety of user account information, it is to avoid occurred by packet capturing or abduction Information leakage.
The MD5 hash algorithms are verified for user to be carried out first by MD5 by the account number cipher that DES is transmitted to it Packet so that each group of length is 512, is then iteratively repeated process to these clear packets.
It is as follows for the summarization generation process of each clear packets:
1st, the clear packets of 512 are divided into into 16 sub- clear packets, are 32 per individual sub- clear packets.
2nd, apply for the link variable of 4 32, be designated as A, B, C, D.
3rd, sub- clear packets and link variable carry out the 1st wheel computing.
4th, sub- clear packets and link variable carry out the 2nd wheel computing.
5th, sub- clear packets and link variable carry out the 3rd wheel computing.
6th, sub- clear packets and link variable carry out the 4th wheel computing.
7th, link variable and initial link variable carry out summation operation.
8th, link variable repeats above operation as the input of next clear packets.
9th, last, the data inside 4 link variables are exactly MD5 digest.
The digital signature authentication and result are returned for the labelling of MD5 hash algorithm the results, its input item:Signature Value, original text, public key;Its output item:Whether it is verified.Summary step is as follows:
4-1, by client send original do MD5 computings, obtain HASH values X;
4-2, by the signature public key decryptions for receiving, obtain HASH values Y;
4-3, value Y of doing that value X that the 1st step is obtained is obtained with the 2nd step is compared, if X=Y is verified, otherwise do not passed through;
4-4, assay is returned.
Obtain and interface presentation flow chart with reference to Fig. 5, for a kind of user right provided in an embodiment of the present invention;Institute State method to present including user right acquisition, interface, wherein,
Step 5-1, inquires about all cell informations included in the affiliated role of account, determines whether sky.If the account looks into nothing appointing What cell then obtains authority failure.Step 5-2 is entered if not being sky if Query Result.
Step 5-2, is presented the result of previous step inquiry, and presents all cells included in the account roles, uses Family selects one of entrance, and the embodiment of the present invention is still by taking cell A as an example.Into step 5-3.
Step 5-3, read the user(As a example by cell A manager's account)The cell is included in account(Above-mentioned selected cell A)Role, the role be " cell A manager ".Into step 5-4.
Step 5-4, authority intersection of the account in all roles for changing cell is read, and whether inquire about is empty, if inquiry To obtaining authority, then interface is presented failure.If Query Result is not sky, into step 5-5.
Step 5-5, obtains the account authority and reconstructs interface.In the present embodiment, successively cell A manager account can read To functional module authorities such as system configuration, consultancy service, service for infrastructure, value-added services.According to predetermined design framework, it is presented on On Web/APP interfaces, into step 5-6.
Step 5-6, user gets associative operation interface, starts to perform correspondence business operation, realizes that intelligence community cloud is put down The respective services function of platform.So far authority acquiring described in the embodiment of the present invention and interface are presented flow process and finish, and user can independently grasp Make.
Specific embodiment described in the invention is only to the inventive method explanation for example.Technology neck belonging to of the invention The technical staff in domain can be made various modifications to described specific embodiment or supplement or replaced using similar mode Generation, but without departing from the spiritual of the present invention or surmount scope defined in appended claims.

Claims (8)

1. a kind of system of account building method based on intelligence community cloud platform, it is characterised in that:
By optimizing to typical RBAC model, " cell " dimension is introduced, propose " cell-authority-role-account " method, will be little Area is considered as the base unit of intelligence community cloud platform, and authority configuration is given birth to based on cell;By the compound binding of cell and authority Build single role;Again an account is given by multiple roles, make the account that there are multiple cells, multiple differentiation authorities;
After the completion of above-mentioned intelligence community cloud platform account system configuration, platform will verify the login of user by MD5 hash algorithms Information, and complete authority acquiring and the interface presentation of user.
2. a kind of system of account building method based on intelligence community cloud platform according to claim 1, it is characterised in that Specifically include following steps:
The configuration of step 1, intelligence community cloud platform account system;
On the basis of RBAC, cellular concept is introduced, " cell-authority-role-account " method is proposed, using cell as wisdom The base unit of community's cloud platform, by cell and the single role of compound binding construction of authority;Give one by multiple roles again Individual account, makes the account have multiple cells, multiple differentiation authorities;
Step 2, the login authentication of register user;
During login authentication, the account of user input, password are uploaded onto the server by the transmission link of des encryption; Cloud storage service device is using MD5 hash algorithms checking account, the matching degree of password;Generate digital signature file and return by rear The result is logined successfully to user, prompting;
The des encryption transmission, for changing into the ciphertext of 64 bits after 16 encryptions of plaintext by user's typing, ciphertext is final By link transmission to server, it is to avoid user profile occurs by packet capturing or abduction and reveals;
The MD5 Hash checking, for the account for receiving, encrypted message to be grouped first by MD5 to it so that every One group of length is 512, applies for the link variable of 4 32, obtains link variable data i.e. MD5 digest after computing repeatedly;
The generation digital label file is simultaneously returned, for the labelling of MD5 hash algorithm the results, its input item:Signature value, Original text, public key;Its output item:Whether it is verified;
Step 3, the authority acquiring of user and interface are presented;
The authority acquiring, for the cell included in user account all to be enumerated, and selects after one of them, to obtain at this The authority intersection of all roles in cell;
The interface is presented, for the authority intersection that will be included in user account, according to the design framework of intelligence community cloud platform Corresponding web/APP clients are displayed in, for user and server end information exchange is produced, process all kinds of business of the user Operation, it is ensured that good Consumer's Experience;
Detailed process is:It is preferential to inquire about the cell number included in the affiliated role of account after user account information is proved to be successful, if The empty then expression account, without associated rights, obtains failure;All cells are presented if having cell, user selects one of cell Operation, the then role in backstage reading account with selected cell, further reads the union of these role-securities;If can not spend Authority, then interface presentation failure;If not empty, then all permissions of the account are obtained, is refine to by authority list correspondence display The function interface of button rank, user is operated according to self-demand.
3. a kind of system of account building method based on intelligence community cloud platform according to claim 2, it is characterised in that In the step 1, all user's tables are divided into into operation, property, trade company, dispensing, the class of owner 5;User's table is associated with role's table, angle Color table nesting cell table and authority list;Manager creates cell, arranges region, Lou Dong, unit, the room information of cell;Create Trade company, property, community distribution company information in the cell;And by the authority configuration of cell management into role, be given to Cell management person's account so as to exercise the power of the cell;Cell management person is realized to each in community by the account of oneself The management of item matters, by management backstage property, trade company's authority of the cell are configured;The log-on message application of examination & verification owner;Match somebody with somebody Put the business column of cell;
Specifically include following steps:
Step 3-1, platform operation manager creates cell;
Platform administrator Admin creates cell on backstage, successively typing cell name, subdistrict position, construction area information, to little All houses in area according to area, unit, room typing successively, input floor space, property fees radix, house status information, Complete the Initialize installation in cell house;Operation team in associated cell, infrastructure management company, Delivery Co., Ltd;The cell is set Property fees, parking fee charge date personalized configuration information;Finally complete every terms of information configuration in cell and enter step 3-2;
Step 3-2, authority of the configuration based on cell;
Platform administrator Admin configures the repertoire that the cell possesses in management backstage, then configures each according to needing The authority of class user, the authority can be accurate to button rank;Platform administrator Admin chooses system administration, information pipe on backstage Reason, service for infrastructure, the authority of value-added service module;Finally completed and enter after the authority configuration based on the cell step 3-3;
Step 3-3, creates role-cell management person;
By the cell in the place cell drop-down point choice-start of role, subsequently into permissions list the institute of cell management person's needs is chosen It is functional, finally the role is preserved and is named as the cell management person, role's establishment has so far been completed, into step 3-4;
Step 3-4, platform operation manager creates account-cell management person;
Click on and create after account button, it can be seen that select role interface, all roles for having set up all to be shown in this, choose The cell management person role that previous step is set up, names the user to be cell management person's account, and preservation has completed account establishment, entered Step 3-5;
Step 3-5, cell management person creates other concerned account numbers in account-cell;
The cell management person for just having built up starts to perform the authority of itself, completes examination & approval and establishment, owner's account Shen of trade company's account Examination & verification please, the foundation of property account.
4. a kind of system of account building method based on intelligence community cloud platform according to claim 3, it is characterised in that: One account can possess multiple role-securities, but not across user class;
5 class users have independent coding of accounts, and inhomogeneous user's group is not allowed across client operation;
Different user's groups uses different clients:
Operation and property user use cloud management backstage;
Trade company uses trade company's version web and trade company end APP;
Owner uses this family version web and owner end APP;
Community distribution uses dispensing end APP;
6 sections of products are independently operated, but data common transport is capable of achieving data processing intercommunication to cloud server in platform.
5. a kind of system of account building method based on intelligence community cloud platform according to claim 2, it is characterised in that: In the step 2, the generating process of MD5 digest is as follows:
A1, the clear packets of 512 are divided into 16 sub- clear packets, are 32 per individual sub- clear packets;
A 2, the link variable of application 4 32, are designated as A, B, C, D;
A 3, sub- clear packets and link variable carry out the 1st wheel computing;
A 4, sub- clear packets and link variable carry out the 2nd wheel computing;
A 5, sub- clear packets and link variable carry out the 3rd wheel computing;
A 6, sub- clear packets and link variable carry out the 4th wheel computing;
A 7, link variable and initial link variable carry out summation operation;
A 8, link variable repeats above operation as the input of next clear packets;
A 9, last, the data inside 4 link variables are exactly MD5 digest.
6. a kind of system of account building method based on intelligence community cloud platform according to claim 2, it is characterised in that: In the step 2, generate digital label and return, the detailed process for the labelling of MD5 hash algorithm the results is as follows;
B1, by client send original do MD5 computings, obtain HASH values X;
B 2, by the signature public key decryptions for receiving, obtain HASH values Y;
B 3, value Y of doing that value X that the 1st step is obtained is obtained with the 2nd step is compared, if X=Y is verified, otherwise do not passed through;
B 4, assay is returned.
7. a kind of system of account building method based on intelligence community cloud platform according to claim 2, it is characterised in that: In the step 3, the authority acquiring of user and interface present and comprise the following steps;
Step c-1, inquires about all cell informations included in the affiliated role of account, determines whether sky;If the account looks into nothing appointing What cell then obtains authority failure;Step c-2 is entered if not being sky if Query Result;
Step c-2, is presented the result of previous step inquiry, and presents all cells included in the account roles, Yong Huxuan One of entrance is selected, into step c-3;
Step c-3, read in the user account comprising the cell role, the role be " cell management person ";Into step c- 4;
Step c-4, authority intersection of the account in all roles for changing cell is read, and whether inquire about is empty, if inquiring nothing Authority can be obtained, and then interface is presented failure;If Query Result is not sky, into step c-5;
Step c-5, obtains the account authority and reconstructs interface;Cell management person's account may be read into system configuration, consultancy service, The functional module authority such as service for infrastructure, value-added service;And be presented on Web/APP interfaces, into step c-6;
Step c-6, user gets operation interface, starts to perform correspondence business operation.
8. a kind of system of account building method based on intelligence community cloud platform according to claim 3, it is characterised in that: After cell management person's account is set up on the basis of the cell, if the account later stage also needs to the authority with another cell, Then repeat step 3-1 sets up repertoire point, repeat step 3-3 that another cell, repeat step 3-2 arrange another cell Configure another cell authority that it possesses in addition and name, last two cells of final election in cell management person's role's Option Box Option, renaming is preserved can be completed to increase role and administration authority newly on the basis of former account, subsequently into step 3-5.
CN201710001471.8A 2017-01-03 2017-01-03 A kind of system of account building method based on intelligence community cloud platform Active CN106685977B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710001471.8A CN106685977B (en) 2017-01-03 2017-01-03 A kind of system of account building method based on intelligence community cloud platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710001471.8A CN106685977B (en) 2017-01-03 2017-01-03 A kind of system of account building method based on intelligence community cloud platform

Publications (2)

Publication Number Publication Date
CN106685977A true CN106685977A (en) 2017-05-17
CN106685977B CN106685977B (en) 2019-11-08

Family

ID=58848970

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710001471.8A Active CN106685977B (en) 2017-01-03 2017-01-03 A kind of system of account building method based on intelligence community cloud platform

Country Status (1)

Country Link
CN (1) CN106685977B (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107295002A (en) * 2017-07-12 2017-10-24 联动优势科技有限公司 The method and server of a kind of high in the clouds data storage
CN107564225A (en) * 2017-10-27 2018-01-09 华润电力技术研究院有限公司 A kind of image detection warning system
CN108491902A (en) * 2018-03-12 2018-09-04 重庆文理学院 A kind of anti-method and system of wandering away of the Quick Response Code based on public platform
CN109286486A (en) * 2018-11-14 2019-01-29 常熟理工学院 For the multiple real-time data encryption method and system of intelligence community security assurance information
CN109543372A (en) * 2018-10-26 2019-03-29 深圳壹账通智能科技有限公司 Service authority data processing method, device, computer equipment and storage medium
CN109801035A (en) * 2018-12-31 2019-05-24 苏州民源网络科技有限公司 A method of creation magnanimity community information database
CN110378089A (en) * 2018-09-28 2019-10-25 深圳市德立信环境工程有限公司 Big data platform
CN111198531A (en) * 2020-01-17 2020-05-26 刘睿妍 Intelligent control system for power communication and working method thereof
CN111552956A (en) * 2020-04-30 2020-08-18 成都新潮传媒集团有限公司 Role authority control method and device for background management
CN111600862A (en) * 2020-05-09 2020-08-28 青岛海信智慧家居系统股份有限公司 User account management method and device
CN111612984A (en) * 2020-05-18 2020-09-01 温州知更网络科技有限公司 Intelligent cabinet control system
CN111865938A (en) * 2020-06-30 2020-10-30 上海东普信息科技有限公司 Login method and device
CN112383556A (en) * 2020-11-17 2021-02-19 珠海大横琴科技发展有限公司 Data processing method and device
CN113204747A (en) * 2021-05-20 2021-08-03 远景智能国际私人投资有限公司 Account management method, account management device, server and storage medium
CN113407914A (en) * 2021-06-15 2021-09-17 上海安畅网络科技股份有限公司 Network software authority control method, device, equipment and storage medium
CN113612865A (en) * 2021-07-29 2021-11-05 济南浪潮数据技术有限公司 Method, device and equipment for managing cloud platform LDAP domain account and readable medium
CN113905060A (en) * 2021-11-09 2022-01-07 成都源码数据科技有限公司 Data security interaction system of wisdom community
CN117522418A (en) * 2024-01-05 2024-02-06 南京晟斯科技有限公司 Student information data management system and method based on SaaS mode
CN118296580A (en) * 2024-06-05 2024-07-05 华能信息技术有限公司 Multi-role authority management method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101883122A (en) * 2010-07-30 2010-11-10 迈普通信技术股份有限公司 Safety connection establishing method and client equipment for establishing safety connection
CN105825463A (en) * 2016-03-19 2016-08-03 北京纳衡仪器仪表有限公司 Community public service cloud system platform and method
CN105978693A (en) * 2016-04-19 2016-09-28 北京奇虎科技有限公司 Terminal association method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101883122A (en) * 2010-07-30 2010-11-10 迈普通信技术股份有限公司 Safety connection establishing method and client equipment for establishing safety connection
CN105825463A (en) * 2016-03-19 2016-08-03 北京纳衡仪器仪表有限公司 Community public service cloud system platform and method
CN105978693A (en) * 2016-04-19 2016-09-28 北京奇虎科技有限公司 Terminal association method and system

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107295002A (en) * 2017-07-12 2017-10-24 联动优势科技有限公司 The method and server of a kind of high in the clouds data storage
CN107295002B (en) * 2017-07-12 2020-06-19 联动优势科技有限公司 Cloud data storage method and server
CN107564225A (en) * 2017-10-27 2018-01-09 华润电力技术研究院有限公司 A kind of image detection warning system
CN108491902B (en) * 2018-03-12 2020-11-24 重庆文理学院 Two-dimensional code anti-lost method and system based on public platform
CN108491902A (en) * 2018-03-12 2018-09-04 重庆文理学院 A kind of anti-method and system of wandering away of the Quick Response Code based on public platform
CN110378089A (en) * 2018-09-28 2019-10-25 深圳市德立信环境工程有限公司 Big data platform
CN109543372A (en) * 2018-10-26 2019-03-29 深圳壹账通智能科技有限公司 Service authority data processing method, device, computer equipment and storage medium
CN109286486A (en) * 2018-11-14 2019-01-29 常熟理工学院 For the multiple real-time data encryption method and system of intelligence community security assurance information
CN109801035A (en) * 2018-12-31 2019-05-24 苏州民源网络科技有限公司 A method of creation magnanimity community information database
CN111198531B (en) * 2020-01-17 2021-02-12 刘睿妍 Intelligent control system for power communication and working method thereof
CN112859957A (en) * 2020-01-17 2021-05-28 刘睿妍 Intelligent control system for power communication and working method thereof
CN111198531A (en) * 2020-01-17 2020-05-26 刘睿妍 Intelligent control system for power communication and working method thereof
CN111552956A (en) * 2020-04-30 2020-08-18 成都新潮传媒集团有限公司 Role authority control method and device for background management
CN111600862A (en) * 2020-05-09 2020-08-28 青岛海信智慧家居系统股份有限公司 User account management method and device
CN111600862B (en) * 2020-05-09 2022-06-14 青岛海信智慧生活科技股份有限公司 User account management method and device
CN111612984A (en) * 2020-05-18 2020-09-01 温州知更网络科技有限公司 Intelligent cabinet control system
CN111865938B (en) * 2020-06-30 2023-04-07 上海东普信息科技有限公司 Login method and device
CN111865938A (en) * 2020-06-30 2020-10-30 上海东普信息科技有限公司 Login method and device
CN112383556A (en) * 2020-11-17 2021-02-19 珠海大横琴科技发展有限公司 Data processing method and device
CN113204747A (en) * 2021-05-20 2021-08-03 远景智能国际私人投资有限公司 Account management method, account management device, server and storage medium
CN113204747B (en) * 2021-05-20 2024-07-23 远景智能国际私人投资有限公司 Account management method, device, server and storage medium
CN113407914A (en) * 2021-06-15 2021-09-17 上海安畅网络科技股份有限公司 Network software authority control method, device, equipment and storage medium
CN113612865A (en) * 2021-07-29 2021-11-05 济南浪潮数据技术有限公司 Method, device and equipment for managing cloud platform LDAP domain account and readable medium
CN113905060A (en) * 2021-11-09 2022-01-07 成都源码数据科技有限公司 Data security interaction system of wisdom community
CN113905060B (en) * 2021-11-09 2024-04-19 成都源码数据科技有限公司 Data security interaction system of intelligent community
CN117522418A (en) * 2024-01-05 2024-02-06 南京晟斯科技有限公司 Student information data management system and method based on SaaS mode
CN117522418B (en) * 2024-01-05 2024-03-26 南京晟斯科技有限公司 Student information data management system and method based on SaaS mode
CN118296580A (en) * 2024-06-05 2024-07-05 华能信息技术有限公司 Multi-role authority management method and system

Also Published As

Publication number Publication date
CN106685977B (en) 2019-11-08

Similar Documents

Publication Publication Date Title
CN106685977B (en) A kind of system of account building method based on intelligence community cloud platform
CN112714050B (en) Data sharing and privacy protection method based on block chain and federal learning
CN101090347B (en) Digital home network service operation system and its implementing method
CN101771541B (en) Secret key certificate generating method and system for home gateway
CN104079636B (en) A kind of Mobile Campus Network based on cloud computing
CN107276775A (en) A kind of enterprise group sets up cube method and device
CN105389870A (en) Entrance guard management method and system
CN104144167B (en) User login authentication method of open intelligent gateway platform
CN110322678B (en) Block chain based four-table centralized reading system and method
CN101977184B (en) Multi-identity selection landing device and service system
CN103595759B (en) Desktop presentation method based on high in the clouds
CN101083537A (en) Method, apparatus and system for realizing device management
CN104283961A (en) Community management cloud service integration platform and method
CN102624728A (en) Method and system for carrying out whole-network login authentication by utilizing registered website user information
CN112861172A (en) Symmetric searchable encryption method based on PBFT (public domain representation) consensus mechanism
CN106302483A (en) Decentralized management method and system
CN112134867B (en) User behavior storage system based on block chain and uplink authorization confirming method thereof
CN107679100A (en) Teller system for electrical management
CN201733328U (en) Enterprise data maintaining device and system based on bank system
CN107018405A (en) LED three dimensional displays and its control method based on cloud platform
CN107302524A (en) A kind of ciphertext data-sharing systems under cloud computing environment
CN102571619B (en) Based on the SNS service platform communicated, SNS system and its implementation
CN107800615A (en) Method based on big data and public number depth interactive TV
CN1187691C (en) New method for veriying citizenship
CN106060032B (en) User data integration and reassignment method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant