CN110990828A - Aggregation management system and method for multi-information system - Google Patents

Aggregation management system and method for multi-information system Download PDF

Info

Publication number
CN110990828A
CN110990828A CN201911176185.0A CN201911176185A CN110990828A CN 110990828 A CN110990828 A CN 110990828A CN 201911176185 A CN201911176185 A CN 201911176185A CN 110990828 A CN110990828 A CN 110990828A
Authority
CN
China
Prior art keywords
subsystem
information
configuration module
authority
administrator
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911176185.0A
Other languages
Chinese (zh)
Inventor
高业燊
陈佳佳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Tiantu Network Technology Co Ltd
Original Assignee
Guangzhou Tiantu Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Tiantu Network Technology Co Ltd filed Critical Guangzhou Tiantu Network Technology Co Ltd
Priority to CN201911176185.0A priority Critical patent/CN110990828A/en
Publication of CN110990828A publication Critical patent/CN110990828A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2145Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a system and a method for aggregation management of a multi-information system, wherein the system comprises: the system comprises an administrator configuration module, a role configuration module, a permission configuration module, a subsystem configuration module and a supplier management module, wherein the administrator configuration module is used for managing administrator information of the system; the role configuration module is used for configuring the roles of the subsystems; the authority configuration module is used for configuring administrator authority in the subsystem; the subsystem is configured to configure a subsystem. According to the invention, the subsystems are integrated by using the SDK, and the account number and the system authority of the subsystems are authorized to the aggregation management system, so that the lightweight management of the multi-information system is realized.

Description

Aggregation management system and method for multi-information system
Technical Field
The present invention relates to the field of computer information systems, and more particularly, to an aggregation management system and method for multiple information systems.
Background
A large business information system often includes several business subsystems to cooperate together, and the conventional way of the existing unified management background is to integrate the management backgrounds of the subsystems into one large management background, such a processing method has the following disadvantages:
the large management background can be too bulky and system performance can be degraded as functions are increased.
Because all the functions are packed into one system, whether the function modification of one subsystem affects other systems or not needs to be considered, and the development difficulty and risk are greatly increased.
There is a need for a lightweight aggregation management system and method for multiple information systems.
Disclosure of Invention
The invention provides an aggregation management system and method for multiple information systems, aiming at overcoming the defect that the management of the multiple information systems in the prior art cannot realize light weight.
The primary objective of the present invention is to solve the above technical problems, and the technical solution of the present invention is as follows:
the first aspect of the present invention provides an aggregation management system for multiple information systems, including: an administrator configuration module, a role configuration module, a permission configuration module, a subsystem configuration module and a supplier management module,
the administrator configuration module is used for managing administrator information of the system;
the role configuration module is used for configuring the roles of the subsystems;
the authority configuration module is used for configuring administrator authority in the subsystem;
the subsystem is configured to configure a subsystem.
Further, the administrator configuration module includes: an administrator list subunit and an add administrator subunit;
the role configuration unit includes: a role list subunit and an add role subunit;
the permission configuration module comprises: a permission list subunit and an add permission subunit;
the subsystem configuration module comprises a subsystem list subunit and an add subsystem subunit.
The second aspect of the present invention provides an aggregation management method for a multiple information system, the method is applied to an aggregation management system for a multiple information system, and the method comprises the following steps:
s1: deploying an aggregation management system background;
s2: the subsystem to be aggregated authorizes the account number and the system authority of the subsystem to the aggregation management system through SDK integration;
s3: adding subsystem configuration information to be aggregated, a subsystem operator account, and authority and roles required by the subsystem on an aggregation management background respectively;
s4: the aggregation management background allocates subsystem roles to operators, and the same operator has the roles of a plurality of same subsystems or different subsystems;
s5: an operator selects to log in any subsystem, jumps to a login interface of an aggregation management background, inputs a preset account and a preset password for logging in, and the unified management background adds an encrypted character string generated by the input account, the password and the authority information to jump to a URL (uniform resource locator) of the subsystem;
s6: and after receiving the encrypted character string, the subsystem decrypts the encrypted character string to obtain the account number and the authority information.
Further, the SDK includes a method of: verifying the correctness of the encrypted token;
acquiring the user name, role and authority information of an operator from the token;
and the operator authority and the subsystem method execute authority matching judgment.
Further, the encryption token comprises: head, payload, signature;
the header represents the header information and lists the encryption algorithm of the signature verification information;
payload represents effective information, contains information to be transmitted and adopts a reversible encryption algorithm;
signature represents signature verification information; and the signature verification information is obtained by splicing the head information and the existing information after encryption, splicing a preset secret key, and finally encrypting by using an irreversible algorithm of the head information.
Further, the reversible encryption algorithm is a base64 encryption algorithm, and the irreversible algorithm is an SHA256 algorithm.
Compared with the prior art, the technical scheme of the invention has the beneficial effects that:
according to the invention, the subsystems are integrated by using the SDK, and the account number and the system authority of the subsystems are authorized to the aggregation management system, so that the lightweight management of the multi-information system is realized.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
Detailed Description
In order that the above objects, features and advantages of the present invention can be more clearly understood, a more particular description of the invention will be rendered by reference to the appended drawings. It should be noted that the embodiments and features of the embodiments of the present application may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those specifically described herein, and therefore the scope of the present invention is not limited by the specific embodiments disclosed below.
Example 1
The first aspect of the present invention provides an aggregation management system for multiple information systems, including: an administrator configuration module, a role configuration module, a permission configuration module, a subsystem configuration module and a supplier management module,
the administrator configuration module is used for managing administrator information of the system;
the role configuration module is used for configuring the roles of the subsystems;
the authority configuration module is used for configuring administrator authority in the subsystem;
the subsystem is configured to configure a subsystem.
Further, the administrator configuration module includes: an administrator list subunit and an add administrator subunit;
the role configuration unit includes: a role list subunit and an add role subunit;
the permission configuration module comprises: a permission list subunit and an add permission subunit;
the subsystem configuration module comprises a subsystem list subunit and an add subsystem subunit.
As shown in fig. 1, a second aspect of the present invention provides an aggregation management method for a multiple information system, the method being applied to an aggregation management system for a multiple information system, and including the steps of:
s1: deploying an aggregation management system background;
s2: the subsystem to be aggregated authorizes the account number and the system authority of the subsystem to the aggregation management system through SDK integration;
more specifically, the SDK includes methods of: verifying the correctness of the encrypted token;
acquiring the user name, role and authority information of an operator from the token;
and the operator authority and the subsystem method execute authority matching judgment.
It should be noted that the subsystem integrates the SDK into its own program code, and calls the methods provided in the SDK when necessary.
S3: adding subsystem configuration information to be aggregated, a subsystem operator account, and authority and roles required by the subsystem on an aggregation management background respectively;
s4: the aggregation management background allocates subsystem roles to operators, and the same operator has the roles of a plurality of same subsystems or different subsystems;
s5: an operator selects to log in any subsystem, jumps to a login interface of an aggregation management background, inputs a preset account and a preset password for logging in, and the unified management background adds an encrypted character string generated by the input account, the password and the authority information to jump to a URL (uniform resource locator) of the subsystem;
s6: and after receiving the encrypted character string, the subsystem decrypts the encrypted character string to obtain the account number and the authority information.
Further, the encryption token comprises: head, payload, signature;
the header represents the header information and lists the encryption algorithm of the signature verification information;
in the invention, a base64 encryption algorithm is adopted as a reversible encryption algorithm, and an SHA256 algorithm is adopted as an irreversible algorithm.
payload represents effective information, contains information to be transmitted and adopts a reversible encryption algorithm;
signature represents signature verification information; and the signature verification information is obtained by splicing the head information and the existing information after encryption, splicing a preset secret key, and finally encrypting by using an irreversible algorithm of the head information.
It should be understood that the above-described embodiments of the present invention are merely examples for clearly illustrating the present invention, and are not intended to limit the embodiments of the present invention. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the claims of the present invention.

Claims (6)

1. An aggregation management system of a multiple information system, comprising: an administrator configuration module, a role configuration module, a permission configuration module, a subsystem configuration module and a supplier management module,
the administrator configuration module is used for managing administrator information of the system;
the role configuration module is used for configuring the roles of the subsystems;
the authority configuration module is used for configuring administrator authority in the subsystem;
the subsystem is configured to configure a subsystem.
2. The system of claim 1, wherein the administrator configuration module comprises: an administrator list subunit and an add administrator subunit;
the role configuration unit includes: a role list subunit and an add role subunit;
the permission configuration module comprises: a permission list subunit and an add permission subunit;
the subsystem configuration module comprises a subsystem list subunit and an add subsystem subunit.
3. An aggregation management method for a multi-information system, the method being applied to an aggregation management system for a multi-information system, comprising the steps of:
s1: deploying an aggregation management system background;
s2: the subsystem to be aggregated authorizes the account number and the system authority of the subsystem to the aggregation management system through SDK integration;
s3: adding subsystem configuration information to be aggregated, a subsystem operator account, and authority and roles required by the subsystem on an aggregation management background respectively;
s4: the aggregation management background allocates subsystem roles to operators, and the same operator has the roles of a plurality of same subsystems or different subsystems;
s5: an operator selects to log in any subsystem, jumps to a login interface of an aggregation management background, inputs a preset account and a preset password for logging in, and the unified management background adds an encrypted character string generated by the input account, the password and the authority information to jump to a URL (uniform resource locator) of the subsystem;
s6: and after receiving the encrypted character string, the subsystem decrypts the encrypted character string to obtain the account number and the authority information.
4. The method of claim 1, wherein the SDK comprises a method of: verifying the correctness of the encrypted token; acquiring the user name, role and authority information of an operator from the token; and the operator authority and the subsystem method execute authority matching judgment.
5. The aggregation management method for multiple information systems according to claim 1,
the encryption token comprises: head, payload, signature;
the header represents the header information and lists the encryption algorithm of the signature verification information;
payload represents effective information, contains information to be transmitted and adopts a reversible encryption algorithm;
signature represents signature verification information; and the signature verification information is obtained by splicing the head information and the existing information after encryption, splicing a preset secret key, and finally encrypting by using an irreversible algorithm of the head information.
6. The aggregation management method for multiple information systems according to claim 5, wherein the reversible encryption algorithm is a base64 encryption algorithm, and the irreversible algorithm is a SHA256 algorithm.
CN201911176185.0A 2019-11-26 2019-11-26 Aggregation management system and method for multi-information system Pending CN110990828A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911176185.0A CN110990828A (en) 2019-11-26 2019-11-26 Aggregation management system and method for multi-information system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911176185.0A CN110990828A (en) 2019-11-26 2019-11-26 Aggregation management system and method for multi-information system

Publications (1)

Publication Number Publication Date
CN110990828A true CN110990828A (en) 2020-04-10

Family

ID=70087322

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911176185.0A Pending CN110990828A (en) 2019-11-26 2019-11-26 Aggregation management system and method for multi-information system

Country Status (1)

Country Link
CN (1) CN110990828A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102045171A (en) * 2010-12-30 2011-05-04 北京世纪互联工程技术服务有限公司 Unified authentication system and login method based on same
CN103617485A (en) * 2013-11-15 2014-03-05 中国航空无线电电子研究所 Uniform authority management and deployment system
CN106682487A (en) * 2016-11-04 2017-05-17 浙江蘑菇加电子商务有限公司 User authority management method and system
CN107483437A (en) * 2017-08-14 2017-12-15 深圳市华傲数据技术有限公司 A kind of user's unified login management method and device
CN109740333A (en) * 2018-12-28 2019-05-10 上汽通用五菱汽车股份有限公司 The right management method of integrated system and subsystem, server and storage medium
CN110197058A (en) * 2019-04-15 2019-09-03 杭州恩牛网络技术有限公司 Unified internal control method for managing security, system, medium and electronic equipment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102045171A (en) * 2010-12-30 2011-05-04 北京世纪互联工程技术服务有限公司 Unified authentication system and login method based on same
CN103617485A (en) * 2013-11-15 2014-03-05 中国航空无线电电子研究所 Uniform authority management and deployment system
CN106682487A (en) * 2016-11-04 2017-05-17 浙江蘑菇加电子商务有限公司 User authority management method and system
CN107483437A (en) * 2017-08-14 2017-12-15 深圳市华傲数据技术有限公司 A kind of user's unified login management method and device
CN109740333A (en) * 2018-12-28 2019-05-10 上汽通用五菱汽车股份有限公司 The right management method of integrated system and subsystem, server and storage medium
CN110197058A (en) * 2019-04-15 2019-09-03 杭州恩牛网络技术有限公司 Unified internal control method for managing security, system, medium and electronic equipment

Similar Documents

Publication Publication Date Title
US10834075B2 (en) Declarative techniques for transaction-specific authentication
US10277591B2 (en) Protection and verification of user authentication credentials against server compromise
CN109643285B (en) Encrypted user data transmission and storage
CN110326252B (en) Secure provisioning and management of devices
KR101590076B1 (en) Method for managing personal information
CN112422532B (en) Service communication method, system and device and electronic equipment
US20200007531A1 (en) Seamless transition between web and api resource access
US8839354B2 (en) Mobile enterprise server and client device interaction
CN111737366B (en) Private data processing method, device, equipment and storage medium of block chain
CN109194673A (en) Authentication method, system, equipment and storage medium based on authorized user message
CN111683071A (en) Private data processing method, device, equipment and storage medium of block chain
US20230139222A1 (en) Non-custodial tool for building decentralized computer applications
EP2755162A2 (en) Identity controlled data center
CN104320389A (en) Fusion identify protection system and fusion identify protection method based on cloud computing
US20110271274A1 (en) System, method, and computer program product for collaboratively installing a computer application
US20120131641A1 (en) Optimizing interactions between co-located processes
US8832779B2 (en) Generalized identity mediation and propagation
KR20210127125A (en) Systems and methods for secure access to properties or information using blockchain
US11979411B2 (en) Control of access to computing resources implemented in isolated environments
US20100030805A1 (en) Propagating information from a trust chain processing
CN108347411B (en) Unified security guarantee method, firewall system, equipment and storage medium
EP3902225A1 (en) Systems and methods for secure over-the-air updates for cyber-physical systems
CN110990828A (en) Aggregation management system and method for multi-information system
CN116601916A (en) Attribute-based encryption key as keying material for key hash message authentication code user authentication and authorization
CN113987475A (en) Distributed resource management system, distributed resource management method, credential information management system, and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination