CN109194779A - A kind of safe and efficient enterprise directory update method - Google Patents
A kind of safe and efficient enterprise directory update method Download PDFInfo
- Publication number
- CN109194779A CN109194779A CN201811072325.5A CN201811072325A CN109194779A CN 109194779 A CN109194779 A CN 109194779A CN 201811072325 A CN201811072325 A CN 201811072325A CN 109194779 A CN109194779 A CN 109194779A
- Authority
- CN
- China
- Prior art keywords
- server
- user group
- client
- user
- record
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 19
- 230000008859 change Effects 0.000 claims description 23
- 238000004891 communication Methods 0.000 claims description 3
- 238000012795 verification Methods 0.000 claims description 2
- 230000001360 synchronised effect Effects 0.000 abstract description 3
- 230000003993 interaction Effects 0.000 description 2
- 230000002195 synergetic effect Effects 0.000 description 2
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4594—Address books, i.e. directories containing contact information about correspondents
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5076—Update or notification mechanisms, e.g. DynDNS
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of safe and efficient enterprise directory update method, belong to the update method field of enterprise directory, the present invention ensures the safety that enterprise directory updates by MAC certification and the permission control of employee, incremental update content is calculated according to the access authority of employee simultaneously, it is synchronous with client orientation.Different address list access authority is set for different employees, realizes orientation incremental update, and be optimized for mobile Internet, reduces the resource consumption of client and server-side.
Description
Technical field
The present invention relates to the update method of enterprise directory more particularly to a kind of safe and efficient enterprise directory update sides
Method ensures the safety that enterprise directory updates by MAC certification and the permission control of employee, while according to the access authority of employee
Incremental update content is calculated, it is synchronous with client orientation.
Background technique
In recent years, with the widely available of mobile Internet and rapid development, the application of Enterprise Mobile synergetic office work is increasingly
Universal, critical function of the enterprise directory as Enterprise Mobile synergistic application guarantees the ever more important that timely updates of address list.It passes
The enterprise directory update method of system does not consider the limited feature of mobile Internet resource, and when update does not consider that enterprise staff is visited
Ask that differentiation caused by the difference of permission updates, consumed flow is big, speed is slow, has not been suitable for present case.
Summary of the invention
In order to solve the above technical problems, the invention proposes a kind of safe and efficient enterprise directory update methods, both
The particularity of enterprise directory is considered, and is optimized for mobile Internet, to reduce mobile terminal and server-side
Resource consumption.
The present invention ensures the safety that enterprise directory updates by MAC certification and the permission control of employee, while according to member
The access authority of work calculates incremental update content, synchronous with client orientation.
The technical scheme is that
A kind of safe and efficient enterprise directory update method,
It comprises the concrete steps that:
1) request server-side, server-side generate unique identification code and issue working key to client client for the first time
End.
2) the complete address list information of enterprise is stored in server-side, the Content of Communication of server-side and client is calculated using 3DES
Method calculates MAC, the certification for ensureing the integrality of data by verification MAC and updating to address list.
3) server-side establish user, user group, address list correlation model.
Wherein, user group is to possess the set of the user of identical access authority,
4) change record table is established in server-side, when enterprise directory record changes, is established according to step 3)
Model finds the user group of influence of change, the user group that record changes record and influences.
5) the last update time of the address list content of each user group permission to access is recorded in server-side.
6) client first request enterprise directory requests user's owning user group according to the pattern query that step 2) is established
The address list record having permission, while the user's group # for requesting user affiliated at this time is returned into client, client is in local
Record returned content and the secondary request time.
7) the non-first request enterprise directory of client, user belonging to user when uploading the last time request locally retained
Group, request time, server-side compare access privilege and have the address list content of access authority, and difference content is divided into increasing
Three parts content adding, updating, deleting returns.
Of the invention is mainly characterized by:
The request of client and server-side is complete come the data for ensureing client and server by message authentication code (MAC)
The certification of property and data interaction.It is accessible to control user in permission control system of the server-side suggestion based on user group for system
Enterprise directory content.Client request enterprise directory, server-side can be returned when time time of request, be requested belonging to user
Subscriber group information, client is stored in local.Client request enterprise directory increment content uploads the member that client saves
Variation record is divided into three parts increased, updating, deleting and returned by work subscriber group information and last time request time, server-side
It returns.
Server distributes unique identification code to client and issues working key (MacKey) to calculate Content of communciation
Authentication code.
System establish user group and enterprise directory record between corresponding relationship, by the identical employee of access authority with
The mode of family group is classified, and records the address list access authority of each user group, including the accessible portion of the user group
Door and employee record content
The change of enterprise directory is classified as two kinds of situations, the change of the information such as enterprise staff and department and employee by system
The change of address list access authority.When employee in enterprise or department's information change, divide user group, timesharing in server-side
Between section save enterprise directory change record.
When employee in enterprise or department's information change, the user group of influence of change is analyzed, according to the use of influence
Family group, the address list for saving the user group changes the time, while will change record time segment storage.
When client first request enterprise directory, it is complete that server-side can calculate address list according to the access authority of request user
Amount record.
The non-first request enterprise directory of client, server-side, which calculates increment record, can compare the variation of employee access permission
And the variation of the information such as enterprise staff department.
Different address list access authority is arranged for different employees in the present invention, realizes orientation incremental update, and for shifting
Dynamic internet is optimized, and reduces the resource consumption of client and server-side.
Specific embodiment
More detailed elaboration is carried out to the contents of the present invention below:
A kind of safe and efficient enterprise directory update method, it includes using message authentication code (MAC) and employee and enterprise
Industry address list access authority model ensures the safety of the data interaction of client and server and the meter of incremental update content
It calculates.
1) total data of enterprise directory is saved in server database, and establishes user group, by address list access right
Identical user is limited to sort out.
2) the accessible address list record of setting user group.
3) when in enterprise employee or department's information change when, modify the record of lane database, and establish change
Record sheet, record change record and the user group that arrives of influence of change, while when server-side records the nearest variation of each user group
Between.
4) before client requests address list for the first time, server side authentication interface is requested, server-side generates unique mark
Code simultaneously issues working key to client, and client is saved in local.
5) when client first request enterprise directory, the access right of user group belonging to server-side computation requests user
The union of limit as full dose record, and will return, client when time access time and the current affiliated subscriber group information of request user
End is saved.
Here is the example of returned content:
6) it when the non-first request enterprise directory of client, uploaded belonging to renewal time last time locally saved, user
Incremental data is divided into three parts increased, modification, deleting after recording and returned to by subscriber group information, server-side acquisition variation
Client, client process data simultaneously save class request time, the current affiliated subscriber group information of user.
Server-side judgment step is as follows:
A) judge whether user group belonging to user changes, if increasing new user group, recorded in increment
Increased content in return to the address list that can access of the increased user group of user and record, if user group belonging to user subtracts
It is few, then it is embodied in the deletion part of increment record.
B) the last renewal time for judging the user group there is no variation, the last time request time uploaded with client
It compares, if the request of client last time is not handled only there is no variation, if after the request of client last time, communication
Record content changes, and calculates the record for being recorded in last time request time and changing with current time in user group permission.
Server-side end returned content is as follows, and wherein deleted represents the variation record that client need to delete, return recording
Id.
Claims (6)
1. a kind of safe and efficient enterprise directory update method, which is characterized in that
Specific steps are as follows:
1) request server-side, server-side generate unique identification code and issue working key to client client for the first time;
2) the complete address list information of enterprise is stored in server-side, the Content of Communication of server-side and client uses 3DES algorithm meter
MAC is calculated, the certification for ensureing the integrality of data by verification MAC and updating to address list;
3) server-side establish user, user group, address list correlation model;
Wherein, user group is to possess the set of the user of identical access authority;
4) change record table is established in server-side, when enterprise directory record changes, according to the model of step 3) foundation
Find the user group of influence of change, the user group that record changes record and influences;
5) the last update time of the address list content of each user group permission to access is recorded in server-side;
6) client first request enterprise directory, the pattern query request user's owning user group established according to step 2 are had the right
The address list of limit records, while the user's group # for requesting user affiliated at this time is returned to client, and client is locally recording
Returned content and the secondary request time;
7) the non-first request enterprise directory of client, upload locally retain last time request when user belonging to user group, ask
Seeking time, server-side compare access privilege and have the address list content of access authority, by difference content be divided into it is increased,
Three parts content updating, deleting returns.
2. the method according to claim 1, wherein
System establishes the corresponding relationship between user group and enterprise directory record, by the identical employee of access authority with user group
Mode classify, and record the address list access authority of each user group, including the accessible department of the user group and
Employee records content.
3. according to the method described in claim 2, it is characterized in that,
The change of enterprise directory is classified as two kinds of situations, the change of enterprise staff and department's information and employee's address list by system
The change of access authority;When employee in enterprise or department's information change, user group, time segment is divided to protect in server-side
It deposits enterprise directory and changes record.
4. according to the method in claim 2 or 3, which is characterized in that
When employee in enterprise or department's information change, the user group of influence of change is analyzed, according to the user group of influence,
The address list for saving the user group changes the time, while will change record time segment storage.
5. the method according to claim 1, wherein
When client first request enterprise directory, server-side can calculate address list full dose note according to the access authority of request user
Record.
6. the method according to claim 1, wherein
The non-first request enterprise directory of client, server-side calculate increment record can compare employee access permission variation and
The variation of the information such as enterprise staff department.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811072325.5A CN109194779A (en) | 2018-09-14 | 2018-09-14 | A kind of safe and efficient enterprise directory update method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811072325.5A CN109194779A (en) | 2018-09-14 | 2018-09-14 | A kind of safe and efficient enterprise directory update method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109194779A true CN109194779A (en) | 2019-01-11 |
Family
ID=64910874
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811072325.5A Pending CN109194779A (en) | 2018-09-14 | 2018-09-14 | A kind of safe and efficient enterprise directory update method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109194779A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110535903A (en) * | 2019-07-19 | 2019-12-03 | 浙江讯盟科技有限公司 | A kind of update method of the enterprise directory of real-time high-efficiency |
CN113824811A (en) * | 2021-08-25 | 2021-12-21 | 北京平治东方科技股份有限公司 | System and method for managing address book of internal telephone network of large enterprise |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102510357A (en) * | 2011-09-26 | 2012-06-20 | 深圳中兴网信科技有限公司 | Synchronous method of enterprise organization structure address book and system thereof |
CN103078899A (en) * | 2012-12-20 | 2013-05-01 | 北京思特奇信息技术股份有限公司 | Method and device for synchronizing enterprise address book |
CN103327037A (en) * | 2012-03-20 | 2013-09-25 | 中兴通讯股份有限公司 | Data synchronizing method and device |
CN103516591A (en) * | 2012-06-30 | 2014-01-15 | 北京神州泰岳软件股份有限公司 | Method and device for achieving enterprise address list in instant communication platform |
CN105915636A (en) * | 2016-06-03 | 2016-08-31 | 青岛海信移动通信技术股份有限公司 | Contact person information synchronization method and apparatus thereof |
CN106056365A (en) * | 2016-07-07 | 2016-10-26 | 珠海佳米科技有限公司 | Enterprise address book visibility authority control method and apparatus |
-
2018
- 2018-09-14 CN CN201811072325.5A patent/CN109194779A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102510357A (en) * | 2011-09-26 | 2012-06-20 | 深圳中兴网信科技有限公司 | Synchronous method of enterprise organization structure address book and system thereof |
CN103327037A (en) * | 2012-03-20 | 2013-09-25 | 中兴通讯股份有限公司 | Data synchronizing method and device |
CN103516591A (en) * | 2012-06-30 | 2014-01-15 | 北京神州泰岳软件股份有限公司 | Method and device for achieving enterprise address list in instant communication platform |
CN103078899A (en) * | 2012-12-20 | 2013-05-01 | 北京思特奇信息技术股份有限公司 | Method and device for synchronizing enterprise address book |
CN105915636A (en) * | 2016-06-03 | 2016-08-31 | 青岛海信移动通信技术股份有限公司 | Contact person information synchronization method and apparatus thereof |
CN106056365A (en) * | 2016-07-07 | 2016-10-26 | 珠海佳米科技有限公司 | Enterprise address book visibility authority control method and apparatus |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110535903A (en) * | 2019-07-19 | 2019-12-03 | 浙江讯盟科技有限公司 | A kind of update method of the enterprise directory of real-time high-efficiency |
CN113824811A (en) * | 2021-08-25 | 2021-12-21 | 北京平治东方科技股份有限公司 | System and method for managing address book of internal telephone network of large enterprise |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103078859B (en) | Operation system right management method, equipment and system | |
US8578460B2 (en) | Automating cloud service reconnections | |
CN107249035B (en) | Shared repeated data storage and reading method with dynamically variable levels | |
CN103853766B (en) | A kind of on-line processing method and system towards stream data | |
CN109194779A (en) | A kind of safe and efficient enterprise directory update method | |
CN107025411B (en) | A kind of system and method for fine-grained data permission dynamic control | |
CN106603729A (en) | Distributed-file-system multi-client synchronization method and system thereof | |
CN108777075A (en) | Parking stall Sharing Management system, method, terminal and medium based on block chain | |
CN107704597A (en) | Relevant database to Hive ETL script creation methods | |
CN107679420A (en) | A kind of authority setting method and system based on distributed file system | |
CN102136004B (en) | Method for acquiring service from workflow system | |
CN104298761A (en) | Implementation method for master data matching between heterogeneous software systems | |
CN103218433A (en) | Method and module for managing metadata applied to random access | |
CN108846755A (en) | A kind of right management method and device based on intelligent contract | |
CN109769009A (en) | A kind of decentralization cloud storage plateform system | |
CN105446824B (en) | Table increment acquisition methods and long-distance data backup method | |
CN101334795B (en) | Data storage method and device | |
CN104021137A (en) | Method and system for opening and closing file locally through client side based on catalogue authorization | |
CN1980236A (en) | Distribution-type data dynamic program agent method | |
CN103297580A (en) | System and method for managing and sharing personal information | |
CN106940765A (en) | A kind of access rights dynamic control method | |
CN103838766A (en) | Empty cache prevention method and device | |
CN108900475A (en) | User authority control method and device | |
CN100386990C (en) | Method for implementing intelligent network flexible authority management | |
CN111143341B (en) | Block chain account book weight reducing method based on intelligent contracts |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190111 |
|
RJ01 | Rejection of invention patent application after publication |