CN109450938A - A kind of cloud aggregation of data method for managing security and platform based on government affairs outer net - Google Patents
A kind of cloud aggregation of data method for managing security and platform based on government affairs outer net Download PDFInfo
- Publication number
- CN109450938A CN109450938A CN201811583979.4A CN201811583979A CN109450938A CN 109450938 A CN109450938 A CN 109450938A CN 201811583979 A CN201811583979 A CN 201811583979A CN 109450938 A CN109450938 A CN 109450938A
- Authority
- CN
- China
- Prior art keywords
- outer net
- government affairs
- user
- affairs outer
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of cloud aggregation of data method for managing security and platform based on government affairs outer net, including operation system resource management module, security strategy configuration management module, Network Safety Analysis system module.The present invention realizes that all devices within the scope of government affairs outer net, operation system, user carry out unified management by way of calling the centralized management of the api interface of each equipment a platform, and access behavior of all users in outer net can be counted, analyzed and be audited, improve the management of government affairs outer net Unified Device, unified identity authentication, unified log analysis function.
Description
Technical field
The present invention relates to network security management system technical field more particularly to a kind of cloud numbers based on government affairs outer net
According to security management method and platform.
Background technique
Government affairs outer net security management platform is with Network Security Device, authentication system, unified safety authentication net
Pass equipment, security strategy control centre are basic tool, realize unified security authentication, Network Security Device for government affairs outer net
The functions such as Unified Policy configuration management, log analysis provide a kind of platform of network security integrated management.Current existing market
Upper all authentication systems, Network Security Device, unified safety authentication gateway, log analysis are all respectively with respective
The configuration management page realizes that the equipment that above-mentioned functional requirement logs on each type goes management, configuration and analysis to show, behaviour
Work is more many and diverse, lacks unified platform and carries out integrated management.
Summary of the invention
Technical problem to be solved by the present invention lies in: all authentication system on the market existing at present, network
Safety equipment, unified safety authentication gateway, log analysis demand need to log on different types of equipment go management, configuration and point
Analysis is shown, lacks unified platform management, provides a kind of cloud aggregation of data method for managing security based on government affairs outer net and flat
Platform.
The present invention is solution above-mentioned technical problem by the following technical programs, of the invention a kind of based on government affairs outer net
Cloud aggregation of data method for managing security, realize the following steps are included:
(1) government affairs outer net equipment api interface is encapsulated as to the form of http;
(2) government affairs outer net equipment api interface is called by way of http;
(3) government affairs outer net service access user is passed through into api interface respectively and is uniformly handed down to Network Security Device, certification mirror
Power system and unified safety authentication gateway;
(4) government affairs outer net service access user applies for the service resources system desired access to;
(5) the access application of user is transmitted to Network Security Device by service resources system;
(6) accessed service resources system is verified to unified safety authentication gateway;
(7) government affairs outer net service access user access authentication right discriminating system is authenticated;
(8) the authentication is passed, and government affairs outer net service access user reaches accessed service resources system.
A kind of cloud aggregation of data safety management platform based on government affairs outer net, including operation system resource management module, peace
Full policy configuration management module, Network Safety Analysis system module.
The operation system resource management module, for being managed collectively and being divided for operation system online outside government affairs
Match.
The security strategy configuration management module, for for equipment such as Network Security Device, unified safety authentication gateways
Carry out unified configuration.
The Network Safety Analysis system module, for government affairs outer net service resources system statistical analysis and government affairs outer net
User behavior is for statistical analysis.
The operation system resource management module includes that system resource registration submodule and accessing user register submodule.
The system resource registers submodule, registers for realizing to each operation system resource of E-government extranet,
Security management platform is by calling the api interface at security policy manager center that corresponding system resource is issued to network peace
In full equipment.
The accessing user registers submodule, for realizing to the use to access in E-government extranet to service resources
Family registration, when in government affairs outer net security management platform typing accessing user, the authentication of calling can be passed through by managing platform
Accessing user's system is synchronized and is sent to authentication system by the API of system.
The Network Safety Analysis system module includes operation system resource analysis submodule and accessing user's behavioural analysis
Module submodule.
The operation system resource analysis submodule, for for statistical analysis to government affairs outer net service resources system.
Accessing user's behavioural analysis module submodule, for for statistical analysis to government affairs external network user's behavior.
The present invention has the advantage that the present invention calls the API of each equipment by a platform compared with prior art
The mode of the centralized management of interface realizes that all devices within the scope of E-government extranet, operation system, user are unified
Management, and access behavior of all users in outer net can be counted, analyzed and be audited, it improves government affairs outer net and uniformly sets
Standby management, unified identity authentication, unified log analysis function.
Detailed description of the invention
Fig. 1 is integrated stand composition;
Fig. 2 is to call equipment API explanatory diagram;
Fig. 3 is system resource registration explanatory diagram;
Fig. 4 is that accessing user registers explanatory diagram.
Specific embodiment
It elaborates below to the embodiment of the present invention, the present embodiment carries out under the premise of the technical scheme of the present invention
Implement, the detailed implementation method and specific operation process are given, but protection scope of the present invention is not limited to following implementation
Example.
As shown in Figure 1, the present embodiment detailed embodiment is as follows:
A kind of cloud aggregation of data safety management platform based on government affairs outer net is used to that the api interface of each equipment is called to carry out
Linkage, realization carry out unified management to all devices within the scope of E-government extranet, operation system, user, and can be to institute
Have user net outside in access behavior count, analyze and audit.The government affairs outer net security management platform includes
Operation system resource management module, security strategy configuration management module, Network Safety Analysis system module.When in government affairs outer net
Accessing user goes to need to carry out authentication when access service resources.
Operation system resource management module includes 2 submodules altogether, respectively system resource registration, accessing user's registration.
Each operation system resource of E-government extranet is registered in the realization of operation system resource registering, and security management platform passes through
Call the api interface at security policy manager center that corresponding system resource is issued in Network Security Device.Accessing user's note
Volume is realized to the user's registration to access in E-government extranet to service resources, when flat in government affairs outer net security management
Platform typing accessing user, management platform, which can be synchronized accessing user's system by the API of the authentication system of calling, to be sent to
Authentication system.
Security strategy configuration management module security policy database management is the pipe for realizing the configuration of operation system resource security strategy
Reason.Administrator can safeguard that it corresponds to the security strategy of operation system resource according to safety management demand.Resource access right is set
Limit, selects the accessing user of accessible resource.System synchronizes strategy automatically and be issued to unified security by api interface recognizes
Demonstrate,prove gateway and authentication equipment.
Network Safety Analysis system module is divided into operation system resource analysis, accessing user's behavioural analysis module.Network peace
Complete analysis is by Network Security Device, to count two kinds of security strategies of safety certificate equipment with by way of syslog log
On Log Shipping to government affairs outer net security management platform, after security management platform is by the filtering to log field,
Result is showed in a manner of statisticalling analyze.
It is illustrated in figure 2 the process that the platform calls equipment API.Api interface has been encapsulated as the form of http by producer,
In the case where network is reachable, the government affairs outer net security management platform calls directly Network Security Device, authentication
The api interface of system and unified safety authentication gateway.
It is illustrated in figure 3 the process of the platform resource registration.The government affairs outer net security management platform passes through
Government affairs outer net system resource is transferred to Network Security Device and unified safety authentication Network Management Equipment by the mode of http.
It is illustrated in figure 4 the process of the platform accessing user registration.The government affairs outer net security management platform is logical
Government affairs outer net access user information is transferred to authentication system and unified safety authentication by api interface by the mode for crossing http
Network Management Equipment.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention
Made any modifications, equivalent replacements, and improvements etc., should all be included in the protection scope of the present invention within mind and principle.
Claims (4)
1. a kind of cloud aggregation of data method for managing security based on government affairs outer net, which comprises the following steps:
(1) government affairs outer net equipment api interface is encapsulated as to the form of http;
(2) government affairs outer net equipment api interface is called by way of http;
(3) government affairs outer net service access user is passed through into api interface respectively and is uniformly handed down to Network Security Device, authentication system
System and unified safety authentication gateway;
(4) government affairs outer net service access user applies for the service resources system desired access to;
(5) the access application of user is transmitted to Network Security Device by service resources system;
(6) accessed service resources system is verified to unified safety authentication gateway;
(7) government affairs outer net service access user access authentication right discriminating system is authenticated;
(8) the authentication is passed, and government affairs outer net service access user reaches accessed service resources system.
2. a kind of cloud aggregation of data safety management platform based on government affairs outer net, it is characterised in that: including operation system resource pipe
Manage module, security strategy configuration management module, Network Safety Analysis system module;
The operation system resource management module, for being managed collectively and being distributed for operation system online outside government affairs;
The security strategy configuration management module, for being carried out for equipment such as Network Security Device, unified safety authentication gateways
Unified configuration;
The Network Safety Analysis system module, for government affairs outer net service resources system statistical analysis and government affairs external network user
Behavior is for statistical analysis.
3. a kind of cloud aggregation of data safety management platform based on government affairs outer net according to claim 2, it is characterised in that:
The operation system resource management module includes that system resource registration submodule and accessing user register submodule;
The system resource registers submodule, registers for realizing to each operation system resource of E-government extranet, comprehensive
Safety management platform is set by calling the api interface at security policy manager center that corresponding system resource is issued to network security
In standby;
The accessing user registers submodule, infuses for realizing in E-government extranet to the user that service resources access
Volume, when in government affairs outer net security management platform typing accessing user, the authentication system of calling can be passed through by managing platform
API accessing user's system synchronized be sent to authentication system.
4. a kind of cloud aggregation of data safety management platform based on government affairs outer net according to claim 2, it is characterised in that:
The Network Safety Analysis system module includes operation system resource analysis submodule and accessing user's behavioural analysis module submodule
Block;
The operation system resource analysis submodule, for for statistical analysis to government affairs outer net service resources system;
Accessing user's behavioural analysis module submodule, for for statistical analysis to government affairs external network user's behavior.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811583979.4A CN109450938A (en) | 2018-12-24 | 2018-12-24 | A kind of cloud aggregation of data method for managing security and platform based on government affairs outer net |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811583979.4A CN109450938A (en) | 2018-12-24 | 2018-12-24 | A kind of cloud aggregation of data method for managing security and platform based on government affairs outer net |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109450938A true CN109450938A (en) | 2019-03-08 |
Family
ID=65537976
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811583979.4A Pending CN109450938A (en) | 2018-12-24 | 2018-12-24 | A kind of cloud aggregation of data method for managing security and platform based on government affairs outer net |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109450938A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112437031A (en) * | 2019-08-23 | 2021-03-02 | 金田产业发展(山东)集团有限公司 | Multi-terminal converged homeland resource mobile government system based on heterogeneous network |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1561068A (en) * | 2004-03-04 | 2005-01-05 | 上海交通大学 | System structure of integrated practicing plat form of information safety engineering |
| CN202772909U (en) * | 2012-08-21 | 2013-03-06 | 北京盈想东方科技发展有限公司 | Internal network security integrated management system configuration |
| CN103152179A (en) * | 2013-02-07 | 2013-06-12 | 江苏意源科技有限公司 | Uniform identity authentication method suitable for multiple application systems |
| US20130256421A1 (en) * | 2012-03-27 | 2013-10-03 | Keith Patrick Johnson | Electronic Transfer of Monetary Funds Using A Barcode Application |
| CN105512780A (en) * | 2014-09-25 | 2016-04-20 | 克拉玛依红有软件有限责任公司 | Cooperative resource management workbench |
| US20160188765A1 (en) * | 2014-12-31 | 2016-06-30 | Ge Aviation Systems Llc | Aircraft simulation system |
| CN107888673A (en) * | 2017-11-03 | 2018-04-06 | 国云科技股份有限公司 | A kind of unified management implementation method suitable for isomery cloud platform |
| CN107948297A (en) * | 2017-11-30 | 2018-04-20 | 云赛智联股份有限公司 | Suitable for the cloud management system of government affairs cloud |
| CN108965404A (en) * | 2018-06-26 | 2018-12-07 | 山东博界信息科技有限公司 | Cloud net health services system and method |
-
2018
- 2018-12-24 CN CN201811583979.4A patent/CN109450938A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1561068A (en) * | 2004-03-04 | 2005-01-05 | 上海交通大学 | System structure of integrated practicing plat form of information safety engineering |
| US20130256421A1 (en) * | 2012-03-27 | 2013-10-03 | Keith Patrick Johnson | Electronic Transfer of Monetary Funds Using A Barcode Application |
| CN202772909U (en) * | 2012-08-21 | 2013-03-06 | 北京盈想东方科技发展有限公司 | Internal network security integrated management system configuration |
| CN103152179A (en) * | 2013-02-07 | 2013-06-12 | 江苏意源科技有限公司 | Uniform identity authentication method suitable for multiple application systems |
| CN105512780A (en) * | 2014-09-25 | 2016-04-20 | 克拉玛依红有软件有限责任公司 | Cooperative resource management workbench |
| US20160188765A1 (en) * | 2014-12-31 | 2016-06-30 | Ge Aviation Systems Llc | Aircraft simulation system |
| CN107888673A (en) * | 2017-11-03 | 2018-04-06 | 国云科技股份有限公司 | A kind of unified management implementation method suitable for isomery cloud platform |
| CN107948297A (en) * | 2017-11-30 | 2018-04-20 | 云赛智联股份有限公司 | Suitable for the cloud management system of government affairs cloud |
| CN108965404A (en) * | 2018-06-26 | 2018-12-07 | 山东博界信息科技有限公司 | Cloud net health services system and method |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112437031A (en) * | 2019-08-23 | 2021-03-02 | 金田产业发展(山东)集团有限公司 | Multi-terminal converged homeland resource mobile government system based on heterogeneous network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108322471B (en) | Multi-tenant identity and data security management cloud service | |
| EP3304824B1 (en) | Policy-driven compliance | |
| CN105991734B (en) | A kind of cloud platform management method and system | |
| CN110957025A (en) | Medical health information safety management system | |
| US20100030737A1 (en) | Identity enabled data level access control | |
| CN104469762A (en) | User grading control system of 3G/WIFI wireless router | |
| CN112311893B (en) | Cross-region, business and system data service middleware and data verification method | |
| Sharma et al. | Identity and access management-a comprehensive study | |
| CN106341428A (en) | Cross-domain access control method and system | |
| Xiaojian et al. | Power IoT security protection architecture based on zero trust framework | |
| US11632364B1 (en) | Dynamic provisioning of user groups within computer networks based on user attributes | |
| KR20160072391A (en) | the Integrated Access Security Management for Smart Work Environment and method thereof | |
| CN103475727A (en) | Database auditing method based on bridged mode | |
| US10192262B2 (en) | System for periodically updating backings for resource requests | |
| CN104504014A (en) | Data processing method and device based on large data platform | |
| KR20140035146A (en) | Apparatus and method for information security | |
| Du | Application of information communication network security management and control based on big data technology | |
| US20170024187A1 (en) | Automated approval | |
| CN110266722A (en) | A kind of method and system of multipath access server | |
| CN109450938A (en) | A kind of cloud aggregation of data method for managing security and platform based on government affairs outer net | |
| Faraji et al. | Identity access management for Multi-tier cloud infrastructures | |
| CN106713228A (en) | Cloud platform key management method and system | |
| KR20070076342A (en) | User Group Role / Permission Management System and Access Control Methods in a Grid Environment | |
| KR101277507B1 (en) | System for security smart phone | |
| CN108768965A (en) | A kind of education cloud open service application integrating system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190308 |