CN110336780A - A kind of O&M auditing system of automatic alarm - Google Patents

A kind of O&M auditing system of automatic alarm Download PDF

Info

Publication number
CN110336780A
CN110336780A CN201910379500.3A CN201910379500A CN110336780A CN 110336780 A CN110336780 A CN 110336780A CN 201910379500 A CN201910379500 A CN 201910379500A CN 110336780 A CN110336780 A CN 110336780A
Authority
CN
China
Prior art keywords
user
data
auditing
automatic alarm
password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910379500.3A
Other languages
Chinese (zh)
Inventor
陈平伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Henan Leiming Computer Technology Co Ltd
Original Assignee
Henan Leiming Computer Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Henan Leiming Computer Technology Co Ltd filed Critical Henan Leiming Computer Technology Co Ltd
Priority to CN201910379500.3A priority Critical patent/CN110336780A/en
Publication of CN110336780A publication Critical patent/CN110336780A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of O&M auditing systems of automatic alarm, user logs in O&M auditing system by client validation unit, the password in IP address, id information and rivest, shamir, adelman that client validation unit is inputted according to user, when three kinds of input information are correct, into server Authority Verification;When the server Authority Verification, the password in rivest, shamir, adelman is extracted, is addressed in Authority Verification library, determines the upper limit position of part permission;After determining upper limit position, user is successfully entered auditing and supervisory center, inputs object element in auditing and supervisory center, screens object element by audit aim screening unit, obtains three attribute datas of object element;User can carry out data to three attribute datas and transfer.Using by extracting the password in rivest, shamir, adelman, is addressed in Authority Verification library, determine the upper limit position of part permission, obtain the access right of user.

Description

A kind of O&M auditing system of automatic alarm
Technical field
The invention belongs to O&M audit fields, are related to a kind of O&M auditing system of automatic alarm.
Background technique
As being constantly progressive for information technology has been increasingly subject to more close with information-based significant development, information security Note.Not only by the threat of external factor, the violation operation and maloperation of internal user can also cause it seriously internal information Problem of data safety.Therefore, O&M security audit product is applied in more and more network environments, to take precautions against inside Information security issue records network resource accession log to audit afterwards.Most of such product all provides Account Administration, body The functions such as part certification, resource authorization, single-sign-on, access control and operation audit, to help user to realize O&M bursting tube The purpose of reason and Internal Control Audit.
O&M auditing system saves the basic datas such as user information, resource information.User refers to O&M auditing system itself Legitimate user, user has the information such as user name, login password, E-mail address.Resource refers to be protected by O&M auditing system Information resources, such as host, server, the network equipment, operating system, database.Resource has affiliated function, IP address, account Number and the information such as login password.
But present auditing system can not identify the access authorization for resource of user, cause great security risk.
Summary of the invention
It is an object of the invention to: a kind of O&M auditing system of automatic alarm is provided, solves present audit system The problem of system can not identify the access authorization for resource of user, cause great security risk.
The technical solution adopted by the invention is as follows:
A kind of O&M auditing system of automatic alarm, user log in O&M auditing system by client validation unit, visitor The password in IP address, id information and rivest, shamir, adelman that family end authentication unit is inputted according to user, three kinds of input information When correct, into server Authority Verification;When the server Authority Verification, the password in rivest, shamir, adelman is extracted, Authority Verification addresses in library, determines the upper limit position of part permission;After determining upper limit position, user is successfully entered auditing and supervisory Center inputs object element in auditing and supervisory center, screens object element by audit aim screening unit, obtains target list Three attribute datas of member;User can carry out data to three attribute datas and transfer.
Present auditing system can not identify the access authorization for resource of user, cause great security risk, and the present invention is It solves the problems, such as this, using by extracting the password in rivest, shamir, adelman, addresses in Authority Verification library, determine The upper limit position of local permission obtains the access right of user, and logs in the identical just success of three kinds of information using user Into next node, the password in rivest, shamir, adelman changes at any time, and long-term password is avoided to be changed without, and causes safety Hidden danger.
Further, the rivest, shamir, adelman is made of private key and public key, when using public key encryption, uses corresponding private Key is decrypted, and when using private key encryption, is decrypted using corresponding public key.Password is replaced at regular intervals, more What is added is safe and reliable.
Further, data generate 32 unique cryptographic Hash after double SHA256 operations, reuse private key encryption Hash Value generates digital signature, and digital signature and data are encrypted to obtain encryption data using the public key of recipient.
Further, the password in the rivest, shamir, adelman corresponds the upper limit in Authority Verification library;The user Upper limit value it is higher, obtain permission it is bigger.One-to-one relationship is just inputted when system Construction.
Further, three attribute data includes that data are completed in field research data, online audit data and audit.This hair Transferring in bright is the Audit data of a company.
Further, when three kinds of input information of the user are incorrect, do not pass through client authentication unit, client validation list Three kinds of information of input are sent to alarm by member.O&M auditing system is that security properties are very high, only allows once to step on The chance of record.
Further, the alarm sends warning message to three system operator hands simultaneously by way of wireless transmission On machine, being sent on three system operator mobile phones is and the retrocession in order to supervise jointly.
In conclusion by adopting the above-described technical solution, the beneficial effects of the present invention are:
1. a kind of O&M auditing system of automatic alarm, using by extracting the password in rivest, shamir, adelman, It is addressed in Authority Verification library, determines the upper limit position of part permission, obtain the access right of user, and using user Log in three kinds of information coincide just be successfully entered next node, the password in rivest, shamir, adelman changes at any time, avoids Long-term password is changed without, and causes security risk.
2. heretofore described rivest, shamir, adelman is made of private key and public key, when using public key encryption, correspondence is used Private key be decrypted, when using private key encryption, be decrypted using corresponding public key.Password carries out more at regular intervals It changes, more securely and reliably.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached Figure is briefly described, it should be understood that the following drawings illustrates only certain embodiments of the present invention, therefore is not construed as pair The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this A little attached drawings obtain other relevant attached drawings, in which:
Fig. 1 is present system flow chart;
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right The present invention is further elaborated.It should be appreciated that described herein, specific examples are only used to explain the present invention, not For limiting the present invention, i.e., described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is logical The component for the embodiment of the present invention being often described and illustrated herein in the accompanying drawings can be arranged and be designed with a variety of different configurations.
Therefore, the detailed description of the embodiment of the present invention provided in the accompanying drawings is not intended to limit below claimed The scope of the present invention, but be merely representative of selected embodiment of the invention.Based on the embodiment of the present invention, those skilled in the art Member's every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
It should be noted that the relational terms of term " first " and " second " or the like be used merely to an entity or Operation is distinguished with another entity or operation, and without necessarily requiring or implying between these entities or operation, there are any This actual relationship or sequence.Moreover, the terms "include", "comprise" or its any other variant be intended to it is non-exclusive Property include so that include a series of elements process, method, article or equipment not only include those elements, but also Further include other elements that are not explicitly listed, or further include for this process, method, article or equipment it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described There is also other identical elements in the process, method, article or equipment of element.
A kind of O&M auditing system of automatic alarm, user log in O&M auditing system by client validation unit, visitor The password in IP address, id information and rivest, shamir, adelman that family end authentication unit is inputted according to user, three kinds of input information When correct, into server Authority Verification;When the server Authority Verification, the password in rivest, shamir, adelman is extracted, Authority Verification addresses in library, determines the upper limit position of part permission;After determining upper limit position, user is successfully entered auditing and supervisory Center inputs object element in auditing and supervisory center, screens object element by audit aim screening unit, obtains target list Three attribute datas of member;User can carry out data to three attribute datas and transfer.
Feature and performance of the invention are described in further detail below with reference to embodiment.
Embodiment one
Present pre-ferred embodiments provide a kind of automatic alarm O&M auditing system, further, it is described it is asymmetric plus Close algorithm is made of private key and public key, when using public key encryption, is decrypted using corresponding private key, when using private key encryption, It is decrypted using corresponding public key.Data generate 32 unique cryptographic Hash after double SHA256 operations, reuse private key Cryptographic hash generates digital signature, and digital signature and data are encrypted to obtain encryption data using the public key of recipient.
Present auditing system can not identify the access authorization for resource of user, cause great security risk, and the present invention is It solves the problems, such as this, using by extracting the password in rivest, shamir, adelman, addresses in Authority Verification library, determine The upper limit position of local permission obtains the access right of user, and logs in the identical just success of three kinds of information using user Into next node, the password in rivest, shamir, adelman changes at any time, and long-term password is avoided to be changed without, and causes safety Hidden danger;Password is replaced at regular intervals, more securely and reliably.
Embodiment two
The present embodiment on the basis of example 1, further, test in permission by the password in the rivest, shamir, adelman Card corresponds the upper limit in library;The upper limit value of the user is higher, and it is bigger to obtain permission.Three attribute data includes that scene is adjusted It grinds data, online audit data and audit and completes data.When three kinds of input information of the user are incorrect, do not tested by client Unit is demonstrate,proved, three kinds of information of input are sent to alarm by client validation unit.The side that the alarm passes through wireless transmission Formula is sent simultaneously on warning message to three system operator mobile phones,
Transferring in the present invention is the Audit data of a company.Just input is one-to-one when system Construction closes System.O&M auditing system is that security properties are very high, the chance for only allowing once to log in.It is sent to three system operators It is and the retrocession in order to supervise jointly on mobile phone.
The foregoing is merely illustrative of the preferred embodiments of the present invention, the protection scope being not intended to limit the invention, any Those skilled in the art within the spirit and principles in the present invention made by any modifications, equivalent replacements, and improvements etc., It should all be included in the protection scope of the present invention.

Claims (7)

1. a kind of O&M auditing system of automatic alarm, it is characterised in that: user logs in O&M by client validation unit and examines Meter systems, the password in IP address, id information and rivest, shamir, adelman that client validation unit is inputted according to user, three kinds When input information is correct, into server Authority Verification;
When the server Authority Verification, the password in rivest, shamir, adelman is extracted, is addressed in Authority Verification library, determines office The upper limit position of portion's permission;After determining upper limit position, user is successfully entered auditing and supervisory center, defeated in auditing and supervisory center Enter object element, object element is screened by audit aim screening unit, obtains three attribute datas of object element;User can be right Three attribute datas carry out data and transfer.
2. a kind of O&M auditing system of automatic alarm according to claim 1, it is characterised in that: the asymmetric encryption Algorithm is made of private key and public key, when using public key encryption, is decrypted using corresponding private key, when using private key encryption, is made It is decrypted with corresponding public key.
3. a kind of O&M auditing system of automatic alarm according to claim 2, it is characterised in that: the data encryption Cheng Shi: data generate 32 unique cryptographic Hash after double SHA256 operations, reuse private key encryption cryptographic Hash and generate number Signature, digital signature and data are encrypted to obtain encryption data using the public key of recipient.
4. a kind of O&M auditing system of automatic alarm according to claim 1, it is characterised in that: the asymmetric encryption Password in algorithm corresponds the upper limit in Authority Verification library;The upper limit value of the user is higher, and it is bigger to obtain permission.
5. a kind of O&M auditing system of automatic alarm according to claim 1, it is characterised in that: three attribute data Data are completed including field research data, online audit data and audit.
6. a kind of O&M auditing system of automatic alarm according to claim 1, it is characterised in that: three kinds of the user is defeated Enter information it is incorrect when, not by client authentication unit, three kinds of information of input are sent to alarm by client validation unit Device.
7. a kind of O&M auditing system of automatic alarm according to claim 6, it is characterised in that: the alarm passes through The mode of wireless transmission is sent on warning message to three system operator mobile phones simultaneously.
CN201910379500.3A 2019-05-08 2019-05-08 A kind of O&M auditing system of automatic alarm Pending CN110336780A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910379500.3A CN110336780A (en) 2019-05-08 2019-05-08 A kind of O&M auditing system of automatic alarm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910379500.3A CN110336780A (en) 2019-05-08 2019-05-08 A kind of O&M auditing system of automatic alarm

Publications (1)

Publication Number Publication Date
CN110336780A true CN110336780A (en) 2019-10-15

Family

ID=68139629

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910379500.3A Pending CN110336780A (en) 2019-05-08 2019-05-08 A kind of O&M auditing system of automatic alarm

Country Status (1)

Country Link
CN (1) CN110336780A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111984971A (en) * 2020-08-10 2020-11-24 成都安恒信息技术有限公司 Method for automatically producing and managing operation and maintenance data

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104010088A (en) * 2014-06-16 2014-08-27 中国地质大学(武汉) Smart-phone anti-theft method and system
CN104794789A (en) * 2015-04-18 2015-07-22 内蒙古科技大学 Photoelectric coded lock system
CN106776717A (en) * 2016-11-16 2017-05-31 北京集奥聚合科技有限公司 A kind of interface configurations method and system based on HBase
CN109302404A (en) * 2018-10-30 2019-02-01 国电南瑞南京控制系统有限公司 A kind of remote maintenance authenticating operation method of wide area operational system
CN109684164A (en) * 2018-11-26 2019-04-26 武汉烽火信息集成技术有限公司 A kind of isomery operation management method and system based on autonomous controllable software and hardware

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104010088A (en) * 2014-06-16 2014-08-27 中国地质大学(武汉) Smart-phone anti-theft method and system
CN104794789A (en) * 2015-04-18 2015-07-22 内蒙古科技大学 Photoelectric coded lock system
CN106776717A (en) * 2016-11-16 2017-05-31 北京集奥聚合科技有限公司 A kind of interface configurations method and system based on HBase
CN109302404A (en) * 2018-10-30 2019-02-01 国电南瑞南京控制系统有限公司 A kind of remote maintenance authenticating operation method of wide area operational system
CN109684164A (en) * 2018-11-26 2019-04-26 武汉烽火信息集成技术有限公司 A kind of isomery operation management method and system based on autonomous controllable software and hardware

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111984971A (en) * 2020-08-10 2020-11-24 成都安恒信息技术有限公司 Method for automatically producing and managing operation and maintenance data

Similar Documents

Publication Publication Date Title
JP7295068B2 (en) Federated key management
JP6542962B2 (en) Delayed data access
EP3258374B1 (en) Systems and methods for detecting and reacting to malicious activity in computer networks
JP6329970B2 (en) Policy enforcement with relevant data
US9038196B2 (en) Method for authenticating a user requesting a transaction with a service provider
US20190207772A1 (en) Network scan for detecting compromised cloud-identity access information
EP3585032A1 (en) Data security service
US11372993B2 (en) Automatic key rotation
TWI424726B (en) Method and system for defeating the man in the middle computer hacking technique
CN103413083A (en) Security defending system for single host
CN103310161A (en) Protection method and system for database system
CN117768236A (en) Safety control and data desensitization platform and method based on API gateway
CN106685995B (en) Leakage account data query system based on hardware encryption
CN110336780A (en) A kind of O&M auditing system of automatic alarm
CN110708156B (en) Communication method, client and server
Kang et al. A strengthening plan for enterprise information security based on cloud computing
AlZomai et al. Strengthening sms-based authentication through usability
Sheik et al. Considerations for secure mosip deployment
Rocha Cybersecurity analysis of a SCADA system under current standards, client requisites, and penetration testing
Sorge IT Security measures and their relation to data protection
Makowski et al. Evaluation of Real-World Risk-Based Authentication at Online Services Revisited: Complexity Wins
Algamdi Security Risk Management in the Electronic Banking Environment: Some Evidence for Banking Systems
Anand et al. Enhancing Security for IoT Devices using Software Defined Networking (SDN)
Riaz et al. Analysis of Web based Structural Security Patterns by Employing Ten Security Principles
Wunsch Guide for the enforcement of IT security in automation systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20191015

RJ01 Rejection of invention patent application after publication