CN108092983A - Unified internal control method for managing security and system - Google Patents
Unified internal control method for managing security and system Download PDFInfo
- Publication number
- CN108092983A CN108092983A CN201711417462.3A CN201711417462A CN108092983A CN 108092983 A CN108092983 A CN 108092983A CN 201711417462 A CN201711417462 A CN 201711417462A CN 108092983 A CN108092983 A CN 108092983A
- Authority
- CN
- China
- Prior art keywords
- server
- strong authentication
- sent
- user
- account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The invention discloses a kind of unified internal control method for managing security and system, method to include the following steps:SDK monitors user and accesses operation in operation system, and in user's logon attempt operation system, certification SDK intercepts user login information, and the account of the user and password are sent to first server, to send certification request to the first server;Receive the certification request result that the first server is sent;In the certification request in the case of, strong authentication request is sent to second server to carry out strong authentication;In the strong authentication in the case of, the strong authentication token that the second server is sent is received;And in the case where the strong authentication token meets preset condition, single-sign-on operation system.
Description
Technical field
The present invention relates to information security management and control technical field more particularly to a kind of unified internal control safety management systems.
Background technology
At present, with business event, either internal support system is more and more single for every business or system progress
Only Certificate Authority management, certainly will expend vast resources.Therefore a set of unified security management platform solution is needed, can solved
The main problem that certainly internal support system is faced in terms of account password management, access control and audit measure.
The content of the invention
The present invention is to overcome uniformly shortcoming existing for internal control safety management of the prior art, provide a kind of system
One internal control method for managing security and system.
A kind of unified internal control method for managing security of the present invention, includes the following steps:
SDK monitors user and accesses operation in operation system, and in user's logon attempt operation system, certification SDK, which is intercepted, to be used
The account of the user and password are sent to first server by family log-on message, to send certification to the first server
Request;
Receive the certification request result that the first server is sent;
In the certification request in the case of, strong authentication request is sent to second server to carry out strong authentication;
In the strong authentication in the case of, the strong authentication token that the second server is sent is received;And institute
It states in the case that strong authentication token meets preset condition, single-sign-on operation system.
Preferably, the first server is Active Directory Domain control server, the second server, which is that 4A is unified, pacifies
Full management platform server.
Preferably, the first server is Radius servers, the second server is 4A unified security management
Platform Server.
Preferably, described send strong authentication request to include the step of carrying out strong authentication to second server:
The account and password are obtained from user's login page, and the account and password are sent to the first service
Device carries out primary account number certification, in the primary account number certification by rear, receives the authentication result that the first server is sent;
When user's login page jumps to strong authentication interface for password input, user is obtained in the strong authentication password
The strong authentication password of input interface input, and the strong authentication password is sent to described the by the first server
Two servers carry out the strong authentication;
The strong authentication token is injected into the virtual desktop and pushes to terminal.
Unify internal control safety management system present invention simultaneously provides a kind of, including:
Certification SDK for being embedded in interception account access information in each operation system, and carries out permission to access information and recognizes
Card;
Certificate Authority subsystem, for being authenticated and empowerment management to logging in account;
Account Administration subsystem, for being managed for account right;
Log audit subsystem, for gathering the system security incident in information system, user accesses record, system operation
Daily record, system operation information, to the complete audit of information system daily record;
Behavior auditing subsystem, for carrying out follow-up auditing to account behavior.
Preferably, the first server is Active Directory Domain control server, the second server, which is that 4A is unified, pacifies
Full management platform server.
Preferably, the first server is Radius servers, the second server is 4A unified security management
Platform Server.
Description of the drawings
Fig. 1 is the flow chart for the unified internal control method for managing security that present invention implementation provides.
Fig. 2 is the frame diagram for the unified internal control method for managing security that present invention implementation provides.
Specific embodiment
The present invention is described further with reference to the accompanying drawings and detailed description.
SDK monitors user and accesses operation in operation system, and in user's logon attempt operation system, certification SDK, which is intercepted, to be used
The account of the user and password are sent to first server by family log-on message, to send certification to the first server
Request;
Receive the certification request result that the first server is sent;
In the certification request in the case of, strong authentication request is sent to second server to carry out strong authentication;
In the strong authentication in the case of, the strong authentication token that the second server is sent is received;And institute
It states in the case that strong authentication token meets preset condition, single-sign-on operation system.
Preferably, the first server is Active Directory Domain control server, the second server, which is that 4A is unified, pacifies
Full management platform server.
Preferably, the first server is Radius servers, the second server is 4A unified security management
Platform Server.
Preferably, described send strong authentication request to include the step of carrying out strong authentication to second server:
The account and password are obtained from user's login page, and the account and password are sent to the first service
Device carries out primary account number certification, in the primary account number certification by rear, receives the authentication result that the first server is sent;
When user's login page jumps to strong authentication interface for password input, user is obtained in the strong authentication password
The strong authentication password of input interface input, and the strong authentication password is sent to described the by the first server
Two servers carry out the strong authentication;
The strong authentication token is injected into the virtual desktop and pushes to terminal.
Unify internal control safety management system present invention simultaneously provides a kind of, including:
Certification SDK for being embedded in interception account access information in each operation system, and carries out permission to access information and recognizes
Card;
Certificate Authority subsystem, for being authenticated and empowerment management to logging in account;
Account Administration subsystem, for being managed for account right;
Log audit subsystem, for gathering the system security incident in information system, user accesses record, system operation
Daily record, system operation information, to the complete audit of information system daily record;
Behavior auditing subsystem, for carrying out follow-up auditing to account behavior.
Preferably, the first server is Active Directory Domain control server, the second server, which is that 4A is unified, pacifies
Full management platform server.
Preferably, the first server is Radius servers, the second server is 4A unified security management
Platform Server.
Claims (6)
1. a kind of unified internal control method for managing security, it is characterised in that:Include the following steps:
SDK monitors user and accesses operation in operation system, and in user's logon attempt operation system, certification SDK intercepts user and steps on
Information is recorded, the account of the user and password are sent to first server, to send certification request to the first server;
Receive the certification request result that the first server is sent;
In the certification request in the case of, strong authentication request is sent to second server to carry out strong authentication;
In the strong authentication in the case of, the strong authentication token that the second server is sent is received;And described strong
In the case that authentication token meets preset condition, single-sign-on operation system.
2. unified internal control method for managing security according to claim 1, it is characterized in that, the first server is movable mesh
Domain control server is recorded, the second server is 4A unified security management platform servers.
3. unified internal control method for managing security according to claim 1, it is characterized in that, the first server is Radius
Server, the second server are 4A unified security management platform servers.
4. a kind of login method of Centralized Authentication System according to claim 3, it is characterized in that, it is described to second server
Strong authentication request is sent to include the step of carrying out strong authentication:
Obtain the account and password from user's login page, and by the account and password be sent to the first server into
Row primary account number certification in the primary account number certification by rear, receives the authentication result that the first server is sent;
When user's login page jumps to strong authentication interface for password input, user is obtained in the strong authentication Password Input
The strong authentication password of interface input, and the strong authentication password is sent to second clothes by the first server
Business device carries out the strong authentication;
The strong authentication token is injected into the virtual desktop and pushes to terminal.
A kind of unified internal control safety management system, it is characterized in that, including:
Certification SDK for being embedded in interception account access information in each operation system, and carries out purview certification to access information;
Certificate Authority subsystem, for being authenticated and empowerment management to logging in account;
Account Administration subsystem, for being managed for account right;
Log audit subsystem, for gathering the system security incident in information system, user accesses record, system operation day
Will, system operation information, to the complete audit of information system daily record;
Behavior auditing subsystem, for carrying out follow-up auditing to account behavior.
5. unified internal control safety management system according to claim 1, it is characterized in that, the first server is movable mesh
Domain control server is recorded, the second server is 4A unified security management platform servers.
6. unified internal control safety management system according to claim 1, it is characterized in that, the first server is Radius
Server, the second server are 4A unified security management platform servers.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711417462.3A CN108092983A (en) | 2017-12-25 | 2017-12-25 | Unified internal control method for managing security and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711417462.3A CN108092983A (en) | 2017-12-25 | 2017-12-25 | Unified internal control method for managing security and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108092983A true CN108092983A (en) | 2018-05-29 |
Family
ID=62178713
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711417462.3A Withdrawn CN108092983A (en) | 2017-12-25 | 2017-12-25 | Unified internal control method for managing security and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108092983A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109120596A (en) * | 2018-07-18 | 2019-01-01 | 河北中科恒运软件科技股份有限公司 | A kind of more single sign-on Integrated Solutions |
CN110197058A (en) * | 2019-04-15 | 2019-09-03 | 杭州恩牛网络技术有限公司 | Unified internal control method for managing security, system, medium and electronic equipment |
CN111092869A (en) * | 2019-12-10 | 2020-05-01 | 中盈优创资讯科技有限公司 | Security management and control method for terminal access to office network and authentication server |
CN111541664A (en) * | 2020-04-14 | 2020-08-14 | 北京数盾信息科技有限公司 | Unified password service management platform |
CN113114464A (en) * | 2020-01-13 | 2021-07-13 | 中国移动通信集团重庆有限公司 | Unified security management system and identity authentication method |
-
2017
- 2017-12-25 CN CN201711417462.3A patent/CN108092983A/en not_active Withdrawn
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109120596A (en) * | 2018-07-18 | 2019-01-01 | 河北中科恒运软件科技股份有限公司 | A kind of more single sign-on Integrated Solutions |
CN109120596B (en) * | 2018-07-18 | 2021-06-11 | 河北中科恒运软件科技股份有限公司 | Multi-single sign-on integration method |
CN110197058A (en) * | 2019-04-15 | 2019-09-03 | 杭州恩牛网络技术有限公司 | Unified internal control method for managing security, system, medium and electronic equipment |
CN110197058B (en) * | 2019-04-15 | 2021-07-02 | 杭州恩牛网络技术有限公司 | Unified internal control security management method, system, medium and electronic device |
CN111092869A (en) * | 2019-12-10 | 2020-05-01 | 中盈优创资讯科技有限公司 | Security management and control method for terminal access to office network and authentication server |
CN111092869B (en) * | 2019-12-10 | 2022-03-08 | 中盈优创资讯科技有限公司 | Security management and control method for terminal access to office network and authentication server |
CN113114464A (en) * | 2020-01-13 | 2021-07-13 | 中国移动通信集团重庆有限公司 | Unified security management system and identity authentication method |
CN113114464B (en) * | 2020-01-13 | 2023-10-27 | 中国移动通信集团重庆有限公司 | Unified security management system and identity authentication method |
CN111541664A (en) * | 2020-04-14 | 2020-08-14 | 北京数盾信息科技有限公司 | Unified password service management platform |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10936078B2 (en) | Account management services for load balancers | |
AU2019206006B2 (en) | System and method for biometric protocol standards | |
Dasgupta et al. | Multi-factor authentication: more secure approach towards authenticating individuals | |
US20210314312A1 (en) | System and method for transferring device identifying information | |
CN108092983A (en) | Unified internal control method for managing security and system | |
CN111314340B (en) | Authentication method and authentication platform | |
US20120216133A1 (en) | Secure cloud computing system and method | |
CN107277049B (en) | Access method and device of application system | |
US8141138B2 (en) | Auditing correlated events using a secure web single sign-on login | |
US20190340376A1 (en) | Systems and methods for providing data loss prevention via an embedded browser | |
CN101207485A (en) | System and method of unification identification safety authentication for users | |
CA3135212A1 (en) | Computing system and methods providing session access based upon authentication token with different authentication credentials | |
CN107506624A (en) | A kind of Windows system safe login methods based on short message verification code | |
RU2415466C1 (en) | Method of controlling identification of users of information resources of heterogeneous computer network | |
Ahn et al. | User authentication platform using provisioning in cloud computing environment | |
KR102031868B1 (en) | Distributed sso device | |
Huang et al. | Research on Single Sign-on Technology for Educational Administration Information Service Platform | |
Kuzminykh et al. | Mechanisms of ensuring security in Keystone service | |
Cai et al. | Data security framework for electric company mobile apps to prevent information leakage | |
US20230275927A1 (en) | Securing web browsing on a managed user device | |
US20230239324A1 (en) | Securing web browsing on a managed user device | |
Gupta | Single Sign-On beyond Corporate Boundaries | |
Mahajan et al. | Window azure Active Directory Services for Maintaining Security & Access Control | |
CN106790026B (en) | Hadoop-based multi-tenant network disk authentication method and system | |
Huawei Technologies Co., Ltd. | Cloud Computing System |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20180529 |
|
WW01 | Invention patent application withdrawn after publication |