CN108092983A - Unified internal control method for managing security and system - Google Patents

Unified internal control method for managing security and system Download PDF

Info

Publication number
CN108092983A
CN108092983A CN201711417462.3A CN201711417462A CN108092983A CN 108092983 A CN108092983 A CN 108092983A CN 201711417462 A CN201711417462 A CN 201711417462A CN 108092983 A CN108092983 A CN 108092983A
Authority
CN
China
Prior art keywords
server
strong authentication
sent
user
account
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201711417462.3A
Other languages
Chinese (zh)
Inventor
黄瀚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Niu Network Technology Co Ltd
Original Assignee
Hangzhou Niu Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Niu Network Technology Co Ltd filed Critical Hangzhou Niu Network Technology Co Ltd
Priority to CN201711417462.3A priority Critical patent/CN108092983A/en
Publication of CN108092983A publication Critical patent/CN108092983A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

The invention discloses a kind of unified internal control method for managing security and system, method to include the following steps:SDK monitors user and accesses operation in operation system, and in user's logon attempt operation system, certification SDK intercepts user login information, and the account of the user and password are sent to first server, to send certification request to the first server;Receive the certification request result that the first server is sent;In the certification request in the case of, strong authentication request is sent to second server to carry out strong authentication;In the strong authentication in the case of, the strong authentication token that the second server is sent is received;And in the case where the strong authentication token meets preset condition, single-sign-on operation system.

Description

Unified internal control method for managing security and system
Technical field
The present invention relates to information security management and control technical field more particularly to a kind of unified internal control safety management systems.
Background technology
At present, with business event, either internal support system is more and more single for every business or system progress Only Certificate Authority management, certainly will expend vast resources.Therefore a set of unified security management platform solution is needed, can solved The main problem that certainly internal support system is faced in terms of account password management, access control and audit measure.
The content of the invention
The present invention is to overcome uniformly shortcoming existing for internal control safety management of the prior art, provide a kind of system One internal control method for managing security and system.
A kind of unified internal control method for managing security of the present invention, includes the following steps:
SDK monitors user and accesses operation in operation system, and in user's logon attempt operation system, certification SDK, which is intercepted, to be used The account of the user and password are sent to first server by family log-on message, to send certification to the first server Request;
Receive the certification request result that the first server is sent;
In the certification request in the case of, strong authentication request is sent to second server to carry out strong authentication;
In the strong authentication in the case of, the strong authentication token that the second server is sent is received;And institute It states in the case that strong authentication token meets preset condition, single-sign-on operation system.
Preferably, the first server is Active Directory Domain control server, the second server, which is that 4A is unified, pacifies Full management platform server.
Preferably, the first server is Radius servers, the second server is 4A unified security management Platform Server.
Preferably, described send strong authentication request to include the step of carrying out strong authentication to second server:
The account and password are obtained from user's login page, and the account and password are sent to the first service Device carries out primary account number certification, in the primary account number certification by rear, receives the authentication result that the first server is sent;
When user's login page jumps to strong authentication interface for password input, user is obtained in the strong authentication password The strong authentication password of input interface input, and the strong authentication password is sent to described the by the first server Two servers carry out the strong authentication;
The strong authentication token is injected into the virtual desktop and pushes to terminal.
Unify internal control safety management system present invention simultaneously provides a kind of, including:
Certification SDK for being embedded in interception account access information in each operation system, and carries out permission to access information and recognizes Card;
Certificate Authority subsystem, for being authenticated and empowerment management to logging in account;
Account Administration subsystem, for being managed for account right;
Log audit subsystem, for gathering the system security incident in information system, user accesses record, system operation Daily record, system operation information, to the complete audit of information system daily record;
Behavior auditing subsystem, for carrying out follow-up auditing to account behavior.
Preferably, the first server is Active Directory Domain control server, the second server, which is that 4A is unified, pacifies Full management platform server.
Preferably, the first server is Radius servers, the second server is 4A unified security management Platform Server.
Description of the drawings
Fig. 1 is the flow chart for the unified internal control method for managing security that present invention implementation provides.
Fig. 2 is the frame diagram for the unified internal control method for managing security that present invention implementation provides.
Specific embodiment
The present invention is described further with reference to the accompanying drawings and detailed description.
SDK monitors user and accesses operation in operation system, and in user's logon attempt operation system, certification SDK, which is intercepted, to be used The account of the user and password are sent to first server by family log-on message, to send certification to the first server Request;
Receive the certification request result that the first server is sent;
In the certification request in the case of, strong authentication request is sent to second server to carry out strong authentication;
In the strong authentication in the case of, the strong authentication token that the second server is sent is received;And institute It states in the case that strong authentication token meets preset condition, single-sign-on operation system.
Preferably, the first server is Active Directory Domain control server, the second server, which is that 4A is unified, pacifies Full management platform server.
Preferably, the first server is Radius servers, the second server is 4A unified security management Platform Server.
Preferably, described send strong authentication request to include the step of carrying out strong authentication to second server:
The account and password are obtained from user's login page, and the account and password are sent to the first service Device carries out primary account number certification, in the primary account number certification by rear, receives the authentication result that the first server is sent;
When user's login page jumps to strong authentication interface for password input, user is obtained in the strong authentication password The strong authentication password of input interface input, and the strong authentication password is sent to described the by the first server Two servers carry out the strong authentication;
The strong authentication token is injected into the virtual desktop and pushes to terminal.
Unify internal control safety management system present invention simultaneously provides a kind of, including:
Certification SDK for being embedded in interception account access information in each operation system, and carries out permission to access information and recognizes Card;
Certificate Authority subsystem, for being authenticated and empowerment management to logging in account;
Account Administration subsystem, for being managed for account right;
Log audit subsystem, for gathering the system security incident in information system, user accesses record, system operation Daily record, system operation information, to the complete audit of information system daily record;
Behavior auditing subsystem, for carrying out follow-up auditing to account behavior.
Preferably, the first server is Active Directory Domain control server, the second server, which is that 4A is unified, pacifies Full management platform server.
Preferably, the first server is Radius servers, the second server is 4A unified security management Platform Server.

Claims (6)

1. a kind of unified internal control method for managing security, it is characterised in that:Include the following steps:
SDK monitors user and accesses operation in operation system, and in user's logon attempt operation system, certification SDK intercepts user and steps on Information is recorded, the account of the user and password are sent to first server, to send certification request to the first server;
Receive the certification request result that the first server is sent;
In the certification request in the case of, strong authentication request is sent to second server to carry out strong authentication;
In the strong authentication in the case of, the strong authentication token that the second server is sent is received;And described strong In the case that authentication token meets preset condition, single-sign-on operation system.
2. unified internal control method for managing security according to claim 1, it is characterized in that, the first server is movable mesh Domain control server is recorded, the second server is 4A unified security management platform servers.
3. unified internal control method for managing security according to claim 1, it is characterized in that, the first server is Radius Server, the second server are 4A unified security management platform servers.
4. a kind of login method of Centralized Authentication System according to claim 3, it is characterized in that, it is described to second server Strong authentication request is sent to include the step of carrying out strong authentication:
Obtain the account and password from user's login page, and by the account and password be sent to the first server into Row primary account number certification in the primary account number certification by rear, receives the authentication result that the first server is sent;
When user's login page jumps to strong authentication interface for password input, user is obtained in the strong authentication Password Input The strong authentication password of interface input, and the strong authentication password is sent to second clothes by the first server Business device carries out the strong authentication;
The strong authentication token is injected into the virtual desktop and pushes to terminal.
A kind of unified internal control safety management system, it is characterized in that, including:
Certification SDK for being embedded in interception account access information in each operation system, and carries out purview certification to access information;
Certificate Authority subsystem, for being authenticated and empowerment management to logging in account;
Account Administration subsystem, for being managed for account right;
Log audit subsystem, for gathering the system security incident in information system, user accesses record, system operation day Will, system operation information, to the complete audit of information system daily record;
Behavior auditing subsystem, for carrying out follow-up auditing to account behavior.
5. unified internal control safety management system according to claim 1, it is characterized in that, the first server is movable mesh Domain control server is recorded, the second server is 4A unified security management platform servers.
6. unified internal control safety management system according to claim 1, it is characterized in that, the first server is Radius Server, the second server are 4A unified security management platform servers.
CN201711417462.3A 2017-12-25 2017-12-25 Unified internal control method for managing security and system Withdrawn CN108092983A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711417462.3A CN108092983A (en) 2017-12-25 2017-12-25 Unified internal control method for managing security and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711417462.3A CN108092983A (en) 2017-12-25 2017-12-25 Unified internal control method for managing security and system

Publications (1)

Publication Number Publication Date
CN108092983A true CN108092983A (en) 2018-05-29

Family

ID=62178713

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711417462.3A Withdrawn CN108092983A (en) 2017-12-25 2017-12-25 Unified internal control method for managing security and system

Country Status (1)

Country Link
CN (1) CN108092983A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109120596A (en) * 2018-07-18 2019-01-01 河北中科恒运软件科技股份有限公司 A kind of more single sign-on Integrated Solutions
CN110197058A (en) * 2019-04-15 2019-09-03 杭州恩牛网络技术有限公司 Unified internal control method for managing security, system, medium and electronic equipment
CN111092869A (en) * 2019-12-10 2020-05-01 中盈优创资讯科技有限公司 Security management and control method for terminal access to office network and authentication server
CN111541664A (en) * 2020-04-14 2020-08-14 北京数盾信息科技有限公司 Unified password service management platform
CN113114464A (en) * 2020-01-13 2021-07-13 中国移动通信集团重庆有限公司 Unified security management system and identity authentication method

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109120596A (en) * 2018-07-18 2019-01-01 河北中科恒运软件科技股份有限公司 A kind of more single sign-on Integrated Solutions
CN109120596B (en) * 2018-07-18 2021-06-11 河北中科恒运软件科技股份有限公司 Multi-single sign-on integration method
CN110197058A (en) * 2019-04-15 2019-09-03 杭州恩牛网络技术有限公司 Unified internal control method for managing security, system, medium and electronic equipment
CN110197058B (en) * 2019-04-15 2021-07-02 杭州恩牛网络技术有限公司 Unified internal control security management method, system, medium and electronic device
CN111092869A (en) * 2019-12-10 2020-05-01 中盈优创资讯科技有限公司 Security management and control method for terminal access to office network and authentication server
CN111092869B (en) * 2019-12-10 2022-03-08 中盈优创资讯科技有限公司 Security management and control method for terminal access to office network and authentication server
CN113114464A (en) * 2020-01-13 2021-07-13 中国移动通信集团重庆有限公司 Unified security management system and identity authentication method
CN113114464B (en) * 2020-01-13 2023-10-27 中国移动通信集团重庆有限公司 Unified security management system and identity authentication method
CN111541664A (en) * 2020-04-14 2020-08-14 北京数盾信息科技有限公司 Unified password service management platform

Similar Documents

Publication Publication Date Title
US10936078B2 (en) Account management services for load balancers
AU2019206006B2 (en) System and method for biometric protocol standards
Dasgupta et al. Multi-factor authentication: more secure approach towards authenticating individuals
US20210314312A1 (en) System and method for transferring device identifying information
CN108092983A (en) Unified internal control method for managing security and system
CN111314340B (en) Authentication method and authentication platform
US20120216133A1 (en) Secure cloud computing system and method
CN107277049B (en) Access method and device of application system
US8141138B2 (en) Auditing correlated events using a secure web single sign-on login
US20190340376A1 (en) Systems and methods for providing data loss prevention via an embedded browser
CN101207485A (en) System and method of unification identification safety authentication for users
CA3135212A1 (en) Computing system and methods providing session access based upon authentication token with different authentication credentials
CN107506624A (en) A kind of Windows system safe login methods based on short message verification code
RU2415466C1 (en) Method of controlling identification of users of information resources of heterogeneous computer network
Ahn et al. User authentication platform using provisioning in cloud computing environment
KR102031868B1 (en) Distributed sso device
Huang et al. Research on Single Sign-on Technology for Educational Administration Information Service Platform
Kuzminykh et al. Mechanisms of ensuring security in Keystone service
Cai et al. Data security framework for electric company mobile apps to prevent information leakage
US20230275927A1 (en) Securing web browsing on a managed user device
US20230239324A1 (en) Securing web browsing on a managed user device
Gupta Single Sign-On beyond Corporate Boundaries
Mahajan et al. Window azure Active Directory Services for Maintaining Security & Access Control
CN106790026B (en) Hadoop-based multi-tenant network disk authentication method and system
Huawei Technologies Co., Ltd. Cloud Computing System

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20180529

WW01 Invention patent application withdrawn after publication