CN111475787A - State switching method, device, storage medium and system - Google Patents
State switching method, device, storage medium and system Download PDFInfo
- Publication number
- CN111475787A CN111475787A CN202010286192.2A CN202010286192A CN111475787A CN 111475787 A CN111475787 A CN 111475787A CN 202010286192 A CN202010286192 A CN 202010286192A CN 111475787 A CN111475787 A CN 111475787A
- Authority
- CN
- China
- Prior art keywords
- authorization
- state switching
- switching
- user
- dynamic password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 238000013475 authorization Methods 0.000 claims abstract description 245
- 238000012795 verification Methods 0.000 claims abstract description 72
- 238000004590 computer program Methods 0.000 claims description 10
- 125000004122 cyclic group Chemical group 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 16
- 238000007726 management method Methods 0.000 description 13
- 239000002609 medium Substances 0.000 description 12
- 230000008569 process Effects 0.000 description 9
- 230000006870 function Effects 0.000 description 8
- 230000007246 mechanism Effects 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000000007 visual effect Effects 0.000 description 2
- 238000012550 audit Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000012120 mounting media Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/107—License processing; Key processing
- G06F21/1078—Logging; Metering
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
Abstract
The embodiment of the invention discloses a state switching method, a state switching device, a storage medium and a state switching system. The method comprises the following steps: switching an authorization system based on the login states of the authorization role accounts input by at least two users; respectively carrying out authorization validity verification on the dynamic password input by each of the at least two users; and if each user passes the authorization validity verification within the preset minimum authorization time difference, the state switching authorization system controls the enabling unit to switch the state. By the technical scheme provided by the embodiment of the invention, the safety of the state switching authorization system in controlling the enabling unit to switch the state can be effectively improved.
Description
Technical Field
The embodiment of the invention relates to the technical field of system security management, in particular to a state switching method, a state switching device, a storage medium and a state switching system.
Background
When a certain integrated service management platform (which may be collectively referred to as an "enabling unit") formed by an existing information system or a multi-service system performs certain specific state switching, an operation mode generally adopted is that a system administrator configures some role accounts with specific permissions to authorize a certain entity user, and then after the entity user logs in a state switching authorization system to perform corresponding operation, a control system or a service platform is switched from one specific state to another specific state. However, in the prior art, a scheme for controlling the enabling unit to switch states by using the state switching authorization system lacks a back-to-back multi-user authorization mechanism, and therefore, certain potential safety hazards exist.
Disclosure of Invention
The embodiment of the invention provides a state switching method, a state switching device, a storage medium and a state switching system, which can effectively improve the safety when a state switching authorization system controls an enabling unit to switch states.
In a first aspect, an embodiment of the present invention provides a state switching method, including:
switching an authorization system based on the login states of the authorization role accounts input by at least two users;
respectively carrying out authorization validity verification on the dynamic password input by each of the at least two users;
and if each user passes the authorization validity verification within the preset minimum authorization time difference, the state switching authorization system controls the enabling unit to switch the state.
In a second aspect, an embodiment of the present invention further provides a state switching apparatus, including:
the system login module is used for switching the authorization system based on the login states of the authorization role accounts input by at least two users;
the validity verification module is used for respectively carrying out authorization validity verification on the dynamic password input by each of the at least two users;
and the state switching control module is used for controlling the enabling unit to switch the state if each user passes the authorization validity verification within the preset minimum authorization time difference.
In a third aspect, an embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a state switching method according to an embodiment of the present invention.
In a fourth aspect, an embodiment of the present invention provides a status switching authorization system, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the computer program to implement the status switching method according to the embodiment of the present invention.
According to the state switching scheme provided by the embodiment of the invention, the state switching authorization system is logged in through the authorization role accounts which are respectively input based on at least two users; respectively carrying out authorization validity verification on the dynamic password input by each of the at least two users; if each user passes the authorization validity verification within the preset minimum authorization time difference, the state switching authorization system controls the enabling unit to switch the states, and the safety of the state switching authorization system in controlling the enabling unit to switch the states is effectively improved.
Drawings
FIG. 1 is a flow chart of a state switching method in the prior art;
fig. 2 is a flowchart of a state switching method according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a state switching process according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a circular switch between two states provided by an embodiment of the present invention;
FIG. 5 is a diagram illustrating linear switching between states provided by an embodiment of the present invention;
FIG. 6 is a schematic diagram of a closed loop switch between states provided by an embodiment of the present invention;
FIG. 7 is a diagram illustrating a random jump switching between multiple states according to an embodiment of the present invention;
FIG. 8 is a flow chart of a state switching method in another embodiment of the present invention;
FIG. 9 is a schematic structural diagram of a state switching device according to another embodiment of the present invention;
FIG. 10 is a block diagram of a status switch authorization system in another embodiment of the present invention;
fig. 11 is a schematic structural diagram of another status switching authorization system according to an embodiment of the present invention.
Detailed Description
Embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present invention are shown in the drawings, it should be understood that the present invention may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but rather are provided for a more thorough and complete understanding of the present invention. It should be understood that the drawings and the embodiments of the present invention are illustrative only and are not intended to limit the scope of the present invention.
It should be understood that the various steps recited in the method embodiments of the present invention may be performed in a different order and/or performed in parallel. Moreover, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the invention is not limited in this respect.
The term "include" and variations thereof as used herein are open-ended, i.e., "including but not limited to". The term "based on" is "based, at least in part, on". The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments". Relevant definitions for other terms will be given in the following description.
It should be noted that the terms "first", "second", and the like in the present invention are only used for distinguishing different devices, modules or units, and are not used for limiting the order or interdependence relationship of the functions performed by the devices, modules or units.
It is noted that references to "a", "an", and "the" modifications in the present invention are intended to be illustrative rather than limiting, and that those skilled in the art will recognize that reference to "one or more" unless the context clearly dictates otherwise.
The names of messages or information exchanged between devices in the embodiments of the present invention are for illustrative purposes only, and are not intended to limit the scope of the messages or information.
Fig. 1 is a schematic flow chart of state switching performed by a control enabling unit of a state switching authorization system in the prior art. Obviously, the prior art implementation has the following technical drawbacks: (1) the existing technical means authorizes an entity user with a certain authority close to a system administrator to complete the state switching of the enabling unit, lacks security management loopholes, is not very reliable and credible, is easily attacked by unknown users of a third party, and brings great harm to the normal operation of the system. (2) The authorization verification means is not perfect enough, the safety, reliability and credibility of the system state switching authorization are ensured only by the authorization of a system administrator and the safety authentication of the system, even if a dynamic password or some softdog modes are introduced to strengthen the system safety authorization, if an effective authorization time management and control and a multi-user online authorization mechanism are lacked, the authorization credibility is greatly reduced. (3) The existing technical scheme does not provide flexible state self-defining function, and in order to improve the adaptability and customizability of the system, the configurability of system state switching needs to be enhanced, and various forms of state switching of various types of enabling units can be driven by an interface mode.
Fig. 2 is a flowchart of a state switching method according to an embodiment of the present invention, where the method is applicable to a case where the state switching authorization system controls the enabling unit to perform state switching. As shown in fig. 2, the method specifically includes the following steps:
In the embodiment of the invention, at least two authorized role accounts input by a user are respectively obtained, and an authorization system is switched based on the login state of the authorized role accounts. The authorized role account number may include a system login name and a login password, and the authorized role account numbers input by each user may be the same or different. For example, the authorization system is switched based on the login status of the authorized role account inputted by three users, respectively, it can be understood that each user of the three users can switch the authorization system based on the login status of the authorized role account configured in advance, so as to perform a subsequent series of operations on the status switching authorization system independently.
Optionally, before switching the authorization system based on the login states of the authorization type role accounts input by the at least two users, the method further includes; when an account configuration request input by a system administrator is received, configuring the authorization type role accounts for the at least two users respectively based on the account configuration request; the authorized role account comprises a system login name and a login password. The method has the advantages that the system administrator can distribute the authority of logging in the state switching authorization system for different entity users according to requirements, so that the user has the authority of controlling the enabling unit to switch the state through the state switching authorization system.
For example, a user list may be preconfigured in the state switching authorization system, and after a system administrator logs in the state switching authorization system, at least two users (usually not less than three users) are selected from the preconfigured user list and authorized role accounts are respectively configured for the users, so that the selected at least two users have the authority to log in the state switching authorization system, where the authorized role accounts include a system login name and a login password. The authorized role account numbers can be respectively sent to the terminal devices corresponding to the at least two users through mails or short messages, or a system administrator can inform the authorized role account numbers to the at least two users.
And step 220, respectively performing authorization validity verification on the dynamic password input by each of the at least two users.
Optionally, the respectively performing authorization validity verification on the dynamic password input by each of the at least two users includes: for each user of the at least two users, when a dynamic password acquisition request input by the user is received, distributing a dynamic password for the user based on a token mode; matching the dynamic password input by the user with the distributed dynamic password so as to carry out authorization validity verification on the dynamic password input by the user; when the dynamic password input by the user is successfully matched with the distributed dynamic password, the dynamic password input by the user passes authorization validity verification; and when the user input dynamic password is failed to be matched with the distributed dynamic password, the user input dynamic password is not verified by the authorization validity.
Illustratively, after each of the at least two users logs in the state switching authorization system based on the respective authorization type role account, the dynamic password acquisition request is respectively input, and when the state switching authorization system receives the dynamic password acquisition request input by the user, the dynamic password is allocated to the user based on a token mode, wherein the user can input the dynamic password acquisition request by clicking a dynamic password acquisition button in an interactive interface of the state switching authorization system, and in addition, the dynamic password allocated to each user by the state switching authorization system can be sent to a terminal device corresponding to each user in the form of a mail or a short message. Optionally, the token mode may include a software token and a hardware token, and the general dynamic password is an arabic number with a length of 6 bits or 8 bits, and the timeliness does not exceed 1 minute. Then, each user inputs the acquired dynamic password online and submits the dynamic password to the system for authorization validity verification. It can be understood that, after the state switching authorization system allocates a dynamic password to each user, the state switching authorization system respectively acquires the dynamic passwords input by each user in the time efficiency range of the dynamic passwords, matches the dynamic passwords input by the users with the dynamic passwords allocated to the users, and if the matching is successful, indicates that the dynamic passwords input by the users pass the authorization validity verification; if the matching fails, it indicates that the dynamic password input by the user fails the authorization validity verification, i.e. the dynamic password input by the user fails the authorization validity verification. Of course, if the dynamic password input by the user exceeds the time limit range of the dynamic password, the fact that the dynamic password input by the user fails to pass the authorization validity verification can be directly determined.
In step 230, if each user passes the authorization validity verification within the preset minimum authorization time difference, the state switching authorization system controls the enabling unit to perform state switching.
In the embodiment of the present invention, a minimum authorization time difference may be preset in the state switching authorization system, and if each of the at least two users passes authorization validity verification within the preset minimum authorization time difference, the state switching authorization system controls the enabling unit to perform state switching. Illustratively, the minimum authorization time difference is 1 hour, the at least two users include a user a, a user b, and a user c, and within one hour in which the time for switching the authorization system from the login state of the first user among the user a, the user b, and the user c is the starting time, if all three users pass authorization validity verification successively or simultaneously, the state switching authorization system may directly control the enabling unit to perform state switching, for example, control the enabling unit to switch from one specific state to another specific state. The state switching authorization system can be connected with the enabling unit in an interface mode. Optionally, the enabling unit includes: at least one of a physical system, a functional component, and a platform system. It is to be understood that the enabling unit may be a physical system or functional component, or may be a logically associated platform system formed by a plurality of systems or functional components.
Optionally, if at least one user fails to pass the authorization validity verification within the preset minimum authorization time difference, the at least two user state switching authorization verification is prompted to fail. It can be understood that, if at least one user fails to pass the authorization validity verification within the preset minimum authorization time difference, or the time spent by all users in at least two users to pass the authorization validity verification (the time spent by the first user logging in the state switching authorization system to the last user passing the authorization validity verification) exceeds the preset minimum authorization time difference, the state switching authorization system may prompt that the state switching authorization verification of each user fails in a voice manner, an interface text manner, or the like, that is, the state switching authorization system cannot control the enabling unit to perform the state switching, thereby receiving the state switching authorization operation of the enabling unit.
The state switching method provided by the embodiment of the invention is used for respectively switching the authorization system based on the authorization type role account numbers input by at least two users; respectively carrying out authorization validity verification on the dynamic password input by each of the at least two users; and if each user passes the authorization validity verification within the preset minimum authorization time difference, the state switching authorization system controls the enabling unit to switch the state. In the technical scheme provided by the embodiment of the invention, a plurality of different authorization role entity users (the number of users is more than or equal to 2) are configured in the state switching authorization system, each user is authorized online in a dynamic password mode, and if all the users pass authorization validity verification within a set minimum authorization time difference, the state switching authorization system drives a corresponding enabling unit to be switched from one state to another state, so that the safety of the state switching authorization system in controlling the enabling unit to switch states is effectively improved.
In one embodiment, after the state switching authorization system controls the enabling unit to perform state switching, the method further includes: and receiving the state switching result fed back by the enabling unit, and displaying the state switching result to the at least two users. This has the advantage that the switching of the state of the enabling unit can be made clear to the respective user.
Illustratively, after the state switching authorization system controls the enabling unit to switch states, the state switching result fed back by the enabling unit is received, and the state switching result is fed back to each user in a language or interface display mode, so as to receive the state switching authorization operation of the state switching authorization system. The state switching result may include a state switching success or a state switching failure, and if the state switching of the enabling unit succeeds, the state switching result may further include a state switching manner of the enabling unit, such as that the enabling unit successfully switches from the state a to the state B.
In this embodiment of the present invention, fig. 3 is a schematic diagram of a state switching process provided in this embodiment of the present invention, and a specific state switching process may also refer to fig. 3.
In one embodiment, if each user passes the authorization validity verification within the preset minimum authorization time difference, the state switching authorization system controls the enabling unit to perform state switching, including: if each user passes the authorization validity verification within the preset minimum authorization time difference, acquiring state switching configuration information preset by a system administrator; and the state switching authorization system controls the enabling unit to carry out state switching according to the state switching configuration information. The advantage of this arrangement is that the state switching authorization system can have a flexible state management mechanism, so that the state switching authorization system can control the enabling unit to perform multi-state switching.
For example, if each user passes the authorization validity verification within the preset minimum authorization time difference, the preset state switching configuration information is obtained, where the state switching configuration information may include a state switching manner and a minimum time interval between two state switching, and then the state switching authorization system controls the enabling unit to perform state switching according to the state switching configuration information. For example, the state switching authorization system controls the enabling unit to perform state switching according to a state switching mode in the state switching configuration information, and if the state switching mode includes switching between a plurality of states or cyclic switching between two states, the switching operation from one state to another state is completed every minimum time interval of the two state switching.
Optionally, the state switching manner includes at least one of cyclic switching between two states, linear switching between multiple states, closed-loop switching between multiple states, and random jump switching between multiple states. For example, fig. 4 is a schematic diagram of a circular switch between two states according to an embodiment of the present invention, and as shown in fig. 4, if each user passes authorization validity verification within a preset minimum authorization time difference, and a state switch manner in the state switch configuration information is a circular switch between two states, the state switch authorization system may enable the enabling unit to perform a circular switch operation between the state a and the state B at a minimum time interval between the two states. Fig. 5 is a schematic diagram of linear switching among multiple states according to an embodiment of the present invention, and as shown in fig. 5, if each user passes authorization validity verification within a preset minimum authorization time difference, and a state switching manner in the state switching configuration information is linear switching among the multiple states, the state switching authorization system may enable the enabling unit to perform switching operation between the states according to the switching manner shown in fig. 5 at a minimum time interval of two states until the last state in the linear switching manner is switched. Fig. 6 is a schematic diagram of closed-loop switching among multiple states according to an embodiment of the present invention, and as shown in fig. 6, if each user passes authorization validity verification within a preset minimum authorization time difference, and a state switching manner in the state switching configuration information is closed-loop switching among multiple states, the state switching authorization system may enable the enabling unit to perform switching operation between states according to the switching manner shown in fig. 6 at every minimum time interval between two states. Fig. 7 is a schematic diagram of random jump switching among multiple states according to an embodiment of the present invention, and as shown in fig. 7, if each user passes authorization validity verification within a preset minimum authorization time difference and a state switching manner in state switching configuration information is random jump switching among multiple states, the state switching authorization system may enable the enabling unit to perform switching operation between states according to the switching manner shown in fig. 7 every minimum time interval between two states.
Fig. 8 is a flowchart of a state switching method in another embodiment of the present invention, as shown in fig. 8, the method includes the following steps:
The authorized role account comprises a system login name and a login password.
And 820, switching the authorization system based on the login states of the authorization role accounts input by at least two users.
The token mode comprises a software token mode and a hardware token mode.
And 840, matching the dynamic password input by the user with the distributed dynamic password to verify the authorization validity of the dynamic password input by the user.
When the dynamic password input by the user is successfully matched with the distributed dynamic password, the dynamic password input by the user passes authorization validity verification; and when the user input dynamic password is failed to be matched with the distributed dynamic password, the user input dynamic password is not verified by the authorization validity.
And 850, judging whether each user passes the authorization validity verification within the preset minimum authorization time difference, if so, executing 860, and otherwise, executing 890.
The state switching configuration information comprises a state switching mode and a minimum time interval of two state switching; the state switching mode comprises at least one of cyclic switching between two states, linear switching between a plurality of states, closed-loop switching between a plurality of states and random jump switching between a plurality of states.
Wherein the enabling unit includes: at least one of a physical system, a functional component, and a platform system.
The state switching method provided by the embodiment of the invention is characterized in that a plurality of different authorization role entity users (the number of users is more than or equal to 2) are configured in the state switching authorization system, each user is authorized online in a dynamic password mode, if all the users pass authorization validity verification within a set minimum authorization time difference, the state switching authorization system drives a corresponding enabling unit to switch states according to preset state switching configuration information, so that the safety of the state switching authorization system in controlling the enabling unit to switch states is effectively improved, the state switching authorization system can be provided with a flexible state management mechanism, and the state switching authorization system can control the enabling unit to switch states in multiple forms.
Fig. 9 is a schematic structural diagram of a state switching device according to another embodiment of the present invention. As shown in fig. 9, the apparatus includes: a system login module 910, a validity verification module 920 and a state switching control module 930. Wherein the content of the first and second substances,
a system login module 910, configured to switch the authorization system based on the login statuses of the authorization role accounts input by at least two users;
a validity verification module 920, configured to perform authorization validity verification on the dynamic password input by each of the at least two users;
a state switching control module 930, configured to control the enabling unit to perform state switching if each user passes the authorization validity verification within the preset minimum authorization time difference.
Optionally, the state switching control module is configured to:
if each user passes the authorization validity verification within the preset minimum authorization time difference, acquiring state switching configuration information preset by a system administrator;
and the state switching authorization system controls the enabling unit to carry out state switching according to the state switching configuration information.
Optionally, the state switching configuration information includes a state switching manner and a minimum time interval between two state switches;
the state switching mode comprises at least one of cyclic switching between two states, linear switching between a plurality of states, closed-loop switching between a plurality of states and random jump switching between a plurality of states.
Optionally, the validity verifying module is configured to:
for each user of the at least two users, when a dynamic password acquisition request input by the user is received, distributing a dynamic password for the user based on a token mode;
matching the dynamic password input by the user with the distributed dynamic password so as to carry out authorization validity verification on the dynamic password input by the user;
when the dynamic password input by the user is successfully matched with the distributed dynamic password, the dynamic password input by the user passes authorization validity verification; and when the user input dynamic password is failed to be matched with the distributed dynamic password, the user input dynamic password is not verified by the authorization validity.
Optionally, further comprising;
the system comprises an authorization role account configuration module, a role account configuration module and a role account configuration module, wherein the authorization role account configuration module is used for respectively configuring authorization role accounts for at least two users based on account configuration requests when the account configuration requests input by a system administrator are received before the authorization system is switched based on the login states of the authorization role accounts input by the at least two users; the authorized role account comprises a system login name and a login password.
Optionally, the apparatus further comprises:
and the user prompting module is used for prompting that the at least two user states are switched and the authorization verification is not passed if at least one user fails in the preset minimum authorization time difference.
Optionally, the apparatus further comprises:
and the state switching result display module is used for receiving the state switching result fed back by the enabling unit and displaying the state switching result to the at least two users after the state switching authorization system controls the enabling unit to switch the state.
The state switching device provided by the embodiment of the invention respectively logs in the state switching authorization system based on the authorization role accounts input by at least two users; respectively carrying out authorization validity verification on the dynamic password input by each of the at least two users; and if each user passes the authorization validity verification within the preset minimum authorization time difference, the state switching authorization system controls the enabling unit to switch the state. In the technical scheme provided by the embodiment of the invention, a plurality of different authorization role entity users (the number of users is more than or equal to 2) are configured in the state switching authorization system, each user is authorized online in a dynamic password mode, and if all the users pass authorization validity verification within a set minimum authorization time difference, the state switching authorization system drives a corresponding enabling unit to be switched from one state to another state, so that the safety of the state switching authorization system in controlling the enabling unit to switch states is effectively improved.
The device can execute the methods provided by all the embodiments of the invention, and has corresponding functional modules and beneficial effects for executing the methods. For technical details which are not described in detail in the embodiments of the present invention, reference may be made to the methods provided in all the aforementioned embodiments of the present invention.
Embodiments of the present invention also provide a storage medium containing computer-executable instructions, which when executed by a computer processor, perform a state switching method, the method including:
switching an authorization system based on the login states of the authorization role accounts input by at least two users;
respectively carrying out authorization validity verification on the dynamic password input by each of the at least two users;
and if each user passes the authorization validity verification within the preset minimum authorization time difference, the state switching authorization system controls the enabling unit to switch the state.
Storage medium-any of various types of memory devices or storage devices. The term "storage medium" is intended to include: mounting media such as CD-ROM, floppy disk, or tape devices; computer system memory or random access memory such as DRAM, DDRRAM, SRAM, EDORAM, Lanbas (Rambus) RAM, etc.; non-volatile memory such as flash memory, magnetic media (e.g., hard disk or optical storage); registers or other similar types of memory elements, etc. The storage medium may also include other types of memory or combinations thereof. In addition, the storage medium may be located in a first computer system in which the program is executed, or may be located in a different second computer system connected to the first computer system through a network (such as the internet). The second computer system may provide program instructions to the first computer for execution. The term "storage medium" may include two or more storage media that may reside in different locations, such as in different computer systems that are connected by a network. The storage medium may store program instructions (e.g., embodied as a computer program) that are executable by one or more processors.
Of course, the storage medium provided by the embodiment of the present invention contains computer-executable instructions, and the computer-executable instructions are not limited to the above-mentioned state switching operation, and may also perform related operations in the state switching method provided by any embodiment of the present invention.
The embodiment of the invention provides a state switching authorization system, wherein the state switching device provided by the embodiment of the invention can be integrated in the state switching authorization system. Fig. 10 is a block diagram of a state switching authorization system according to an embodiment of the present invention. The stateful switchover authorization system 1000 may include: a memory 1001, a processor 1002 and a computer program stored on the memory 1001 and executable by the processor, wherein the processor 1002 implements the state switching method according to the embodiment of the present invention when executing the computer program.
The state switching authorization system provided by the embodiment of the invention is respectively based on the authorization type role account numbers input by at least two users to log in the state switching authorization system; respectively carrying out authorization validity verification on the dynamic password input by each of the at least two users; and if each user passes the authorization validity verification within the preset minimum authorization time difference, the state switching authorization system controls the enabling unit to switch the state. In the technical scheme provided by the embodiment of the invention, a plurality of different authorization role entity users (the number of users is more than or equal to 2) are configured in the state switching authorization system, each user is authorized online in a dynamic password mode, and if all the users pass authorization validity verification within a set minimum authorization time difference, the state switching authorization system drives a corresponding enabling unit to be switched from one state to another state, so that the safety of the state switching authorization system in controlling the enabling unit to switch states is effectively improved.
Fig. 11 is a schematic structural diagram of another state switching authorization system according to an embodiment of the present invention, as shown in fig. 11, the state switching authorization system mainly includes three parts, i.e., a state switching human-computer interaction interface, a system core function component, and a state switching unified interface bus, where the system core function component includes a system authorization account management module, a dynamic password generation and authentication module, a system login and authentication module, a system parameter configuration module, a switching process monitoring module, a data access module, a log tracking and auditing module, and a switching state configuration module. And the state switching authorization system can exchange data with the enabling unit through the state switching unified interface bus. In particular, the method comprises the following steps of,
state switching human-computer interaction interface: the visual control interface is mainly provided for service operators such as system managers, authorized role entity users and the like.
The system authorization account management module: the system management personnel can realize the maintenance management of the user information of the authorized role entity, the initialization of the dynamic password token and the related configuration management through the module.
Dynamic password generation and authentication module: the method mainly realizes the generation of the dynamic password of the software token or the hardware token and the validity verification of the dynamic password.
The system login and authentication module: and providing the authentication and verification functions of a system login entrance and a login account number facing to a service operator.
A system parameter configuration module: and providing configuration entries of the minimum authorization time difference, the minimum switching time interval between different states and system interface parameters.
A switching process monitoring module: and monitoring the state switching process of the enabling unit in real time in an interface driving mode, and displaying the state switching process to a user in real time through a human-computer interaction interface.
A data access module: the system authorization account management module, the system parameter configuration module, the switching process monitoring module, the log tracking and auditing module, the switching state configuration module and the like generate service data to be stored, and meanwhile, an inquiry interface is provided to meet the service inquiry requirement.
Log tracking and auditing module: and the functions of real-time recording and tracking of the service operation log in the system operation process, subsequent safety audit management and the like are realized.
A switching state configuration module: the method provides visual configuration entries such as cyclic switching of an enabling unit between two states, linear switching or closed-loop switching between a plurality of states, random jumping of state switching and the like, and facilitates business personnel to perform online configuration definition on state switching of various forms.
State switching unified interface bus: the method can drive the enabling unit to execute the predefined state switching function based on the interface mode, and meanwhile, receives the state switching execution result fed back by the enabling unit.
An enabling unit: and executing the state switching function under the driving of the interface based on the predefined state form, and feeding back an execution result to the state switching unified interface bus.
The state switching device, the storage medium and the system provided in the above embodiments can execute the state switching method provided in any embodiment of the present invention, and have corresponding functional modules and beneficial effects for executing the method. For details of the state switching method provided in any of the embodiments of the present invention, reference may be made to the technical details not described in detail in the embodiments above.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (11)
1. A method of state switching, comprising:
switching an authorization system based on the login states of the authorization role accounts input by at least two users;
respectively carrying out authorization validity verification on the dynamic password input by each of the at least two users;
and if each user passes the authorization validity verification within the preset minimum authorization time difference, the state switching authorization system controls the enabling unit to switch the state.
2. The method of claim 1, wherein if each user passes the authorization validity verification within a preset minimum authorization time difference, the stateful switchover authorization system controls the enabling unit to perform stateful switchover, including:
if each user passes the authorization validity verification within the preset minimum authorization time difference, acquiring state switching configuration information preset by a system administrator;
and the state switching authorization system controls the enabling unit to carry out state switching according to the state switching configuration information.
3. The method of claim 2, wherein the stateful switchover configuration information comprises a stateful switchover manner and a minimum time interval between two stateful switchover;
the state switching mode comprises at least one of cyclic switching between two states, linear switching between a plurality of states, closed-loop switching between a plurality of states and random jump switching between a plurality of states.
4. The method of claim 1, wherein performing authorization validity verification on the dynamic password entered by each of the at least two users comprises:
for each user of the at least two users, when a dynamic password acquisition request input by the user is received, distributing a dynamic password for the user based on a token mode;
matching the dynamic password input by the user with the distributed dynamic password so as to carry out authorization validity verification on the dynamic password input by the user;
when the dynamic password input by the user is successfully matched with the distributed dynamic password, the dynamic password input by the user passes authorization validity verification; and when the user input dynamic password is failed to be matched with the distributed dynamic password, the user input dynamic password is not verified by the authorization validity.
5. The method of claim 1, before switching the authorization system based on the login status of the authorization class role account inputted by at least two users, further comprising;
when an account configuration request input by a system administrator is received, configuring the authorization type role accounts for the at least two users respectively based on the account configuration request; the authorized role account comprises a system login name and a login password.
6. The method of claim 1, further comprising:
and if at least one user fails the authorization validity verification within the preset minimum authorization time difference, prompting that the at least two user state switching authorization verification fails.
7. The method of claim 1, further comprising, after the stateful switchover authorization system control enabling unit performs stateful switchover:
and receiving the state switching result fed back by the enabling unit, and displaying the state switching result to the at least two users.
8. The method according to any of claims 1-7, wherein the enabling unit comprises: at least one of a physical system, a functional component, and a platform system.
9. A state switching device, comprising:
the system login module is used for switching the authorization system based on the login states of the authorization role accounts input by at least two users;
the validity verification module is used for respectively carrying out authorization validity verification on the dynamic password input by each of the at least two users;
and the state switching control module is used for controlling the enabling unit to switch the state if each user passes the authorization validity verification within the preset minimum authorization time difference.
10. A computer-readable medium, on which a computer program is stored, which program, when being executed by a processing means, is adapted to carry out the method of switching states of any one of claims 1 to 8.
11. A stateful switchover authorization system comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor when executing the computer program implements the stateful switchover method as claimed in any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010286192.2A CN111475787A (en) | 2020-04-13 | 2020-04-13 | State switching method, device, storage medium and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010286192.2A CN111475787A (en) | 2020-04-13 | 2020-04-13 | State switching method, device, storage medium and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111475787A true CN111475787A (en) | 2020-07-31 |
Family
ID=71752243
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010286192.2A Pending CN111475787A (en) | 2020-04-13 | 2020-04-13 | State switching method, device, storage medium and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111475787A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050204146A1 (en) * | 2004-03-09 | 2005-09-15 | International Business Machines Corporation | System, method, and program product for identity switching on a computer system |
| CN101051908A (en) * | 2007-05-21 | 2007-10-10 | 北京飞天诚信科技有限公司 | Dynamic cipher certifying system and method |
| CN101872436A (en) * | 2009-04-22 | 2010-10-27 | 上海幻维数码创意科技有限公司 | Multi-user synchronous fingerprint authentication method |
| CN104253810A (en) * | 2013-06-27 | 2014-12-31 | 北京神州泰岳软件股份有限公司 | Safe login method and system |
| CN105391724A (en) * | 2015-11-25 | 2016-03-09 | 用友网络科技股份有限公司 | Authorization management method and authorization management device used for information system |
| CN107341662A (en) * | 2017-06-12 | 2017-11-10 | 广东欧珀移动通信有限公司 | Verification method, electronic installation and computer-readable recording medium |
-
2020
- 2020-04-13 CN CN202010286192.2A patent/CN111475787A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050204146A1 (en) * | 2004-03-09 | 2005-09-15 | International Business Machines Corporation | System, method, and program product for identity switching on a computer system |
| CN101051908A (en) * | 2007-05-21 | 2007-10-10 | 北京飞天诚信科技有限公司 | Dynamic cipher certifying system and method |
| CN101872436A (en) * | 2009-04-22 | 2010-10-27 | 上海幻维数码创意科技有限公司 | Multi-user synchronous fingerprint authentication method |
| CN104253810A (en) * | 2013-06-27 | 2014-12-31 | 北京神州泰岳软件股份有限公司 | Safe login method and system |
| CN105391724A (en) * | 2015-11-25 | 2016-03-09 | 用友网络科技股份有限公司 | Authorization management method and authorization management device used for information system |
| CN107341662A (en) * | 2017-06-12 | 2017-11-10 | 广东欧珀移动通信有限公司 | Verification method, electronic installation and computer-readable recording medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106850699B (en) | A kind of mobile terminal login authentication method and system | |
| CN107948201B (en) | Authority authentication method and system for Docker mirror warehouse | |
| CN110809011B (en) | Access control method and system, and storage medium | |
| EP3304845B1 (en) | Authorization and authentication in a cloud-based storage array | |
| CN104320423B (en) | Single-sign-on lightweight implementation method based on Cookie | |
| CN106452772B (en) | Terminal authentication method and device | |
| US9088562B2 (en) | Using service request ticket for multi-factor authentication | |
| CN109257209A (en) | A kind of data center server centralized management system and method | |
| US9781102B1 (en) | Managing support access in software-as-a-service systems | |
| US9531727B1 (en) | Indirect user authentication | |
| US11061717B2 (en) | Automation as a service | |
| CN102404314A (en) | Remote resources single-point sign on | |
| KR20160138063A (en) | Techniques to operate a service with machine generated authentication tokens | |
| CN108632241B (en) | Unified login method and device for multiple application systems | |
| CN111475795A (en) | Method and device for unified authentication and authorization facing to multiple applications | |
| CN105611089B (en) | Proxy server and its control method and call center's login system | |
| CN110069909A (en) | It is a kind of to exempt from the close method and device for logging in third party system | |
| CN112800411A (en) | Multi-protocol and multi-mode supporting safe and reliable identity authentication method and device | |
| US20230135968A1 (en) | Control of access to computing resources implemented in isolated environments | |
| CN106529216B (en) | Software authorization system and software authorization method based on public storage platform | |
| EP3304390B1 (en) | Automatic provisioning of a device to access an account | |
| CN111475787A (en) | State switching method, device, storage medium and system | |
| US20220239662A1 (en) | User management system for computing support | |
| CN106603567B (en) | A kind of login management method and device of WEB administrator | |
| CN108924149A (en) | A kind of identity legitimacy verification method and system based on Tocken token |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |