CN113904825A - Multi-application unified access gateway method and system - Google Patents

Multi-application unified access gateway method and system Download PDF

Info

Publication number
CN113904825A
CN113904825A CN202111149305.5A CN202111149305A CN113904825A CN 113904825 A CN113904825 A CN 113904825A CN 202111149305 A CN202111149305 A CN 202111149305A CN 113904825 A CN113904825 A CN 113904825A
Authority
CN
China
Prior art keywords
module
information
application
access
party
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111149305.5A
Other languages
Chinese (zh)
Inventor
晓晶
张宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bairong Zhixin Beijing Credit Investigation Co Ltd
Original Assignee
Bairong Zhixin Beijing Credit Investigation Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bairong Zhixin Beijing Credit Investigation Co Ltd filed Critical Bairong Zhixin Beijing Credit Investigation Co Ltd
Priority to CN202111149305.5A priority Critical patent/CN113904825A/en
Publication of CN113904825A publication Critical patent/CN113904825A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Abstract

The invention discloses a method and a system for accessing a gateway uniformly by multiple applications, wherein the method comprises the following steps: constructing a third-party system module, and acquiring first docking information and first authentication information of a first access application; inputting the first docking information and the first authentication information into the docking module and the authentication module respectively to obtain a first output result; when the first output result is successful access, obtaining first application information of a first calling party according to an application module, wherein the first application information comprises access system information and corresponding role information; generating a first approval form according to the first application information; and when the first approval form passes the approval, uniformly managing the first access application according to an authorization module. The technical problems that in the prior art, the permission control is limited, the function permission of the user cannot be controlled in a targeted mode, and unified management cannot be carried out are solved.

Description

Multi-application unified access gateway method and system
Technical Field
The invention relates to the technical field of network security management, in particular to a method and a system for uniformly accessing a gateway by multiple applications.
Background
With the continuous development and growth of enterprises, more and more enterprise-level systems of third-party companies are purchased. When the number of the third-party systems to be connected is increased, in order to reduce the connection cost, the third-party systems need to be managed through the unified access gateway system, system connection can be flexibly and quickly achieved, the authority management level is improved, and the safety control risk is reduced. Currently, the existing technology in the market is mainly used for accessing to login of third-party application, for example, the third-party website is logged in through WeChat and microblog accounts, but the technology application is limited, only a login module can be controlled, the function authority of a user cannot be controlled, and unified management cannot be achieved.
In the process of implementing the technical scheme of the invention in the embodiment of the present application, the inventor of the present application finds that the above-mentioned technology has at least the following technical problems:
the technical problems that the authority control is limited, the function authority of a user cannot be controlled in a targeted mode, and unified management cannot be performed in the prior art are solved.
Disclosure of Invention
The embodiment of the application provides a multi-application unified access gateway method and system, and solves the technical problems that in the prior art, the permission control is limited, the targeted control cannot be performed on the functional permission of a user, and the unified management cannot be performed. The multi-application unified access gateway achieves the technical effects of realizing function adaptation of the access application, reducing the access cost of each calling party, carrying out unified management on the calling party and a third party and reducing the safety risk to the maximum extent.
In view of the foregoing problems, embodiments of the present application provide a method and system for a multi-application unified access gateway.
In a first aspect, the present application provides a multi-application unified access gateway method, where the method includes: constructing a third-party system module, wherein the third-party system module comprises a docking module and an authentication module; obtaining first docking information and first authentication information of a first access application; inputting the first docking information and the first authentication information into the docking module and the authentication module respectively to obtain a first output result; when the first output result is successful access, obtaining first application information of a first calling party according to an application module, wherein the first application information comprises access system information and corresponding role information; generating a first approval form according to the first application information; and when the first approval form passes the approval, uniformly managing the first access application according to an authorization module.
In another aspect, the present application further provides a multi-application unified access gateway system, where the system includes: the system comprises a first building unit, a second building unit and a third-party system module, wherein the first building unit is used for building the third-party system module, and the third-party system module comprises a docking module and an authentication module; a first obtaining unit, configured to obtain first access information and first authentication information of a first access application; a second obtaining unit, configured to input the first docking information and the first authentication information into the docking module and the authentication module, respectively, and obtain a first output result; a third obtaining unit, configured to obtain first application information of a first caller according to an application module when the first output result is that access is successful, where the first application information includes access system information and corresponding role information; the first execution unit is used for generating a first approval form according to the first application information; and the second execution unit is used for performing unified management on the first access application according to an authorization module after the first approval form passes the approval.
On the other hand, the embodiment of the present application further provides a multi-application unified access gateway method and system, including a memory, a processor, and a computer program stored on the memory and capable of running on the processor, where the processor implements the steps of the method of the first aspect when executing the program.
One or more technical solutions provided in the embodiments of the present application have at least the following technical effects or advantages:
the embodiment of the application provides a multi-application unified access gateway method and a multi-application unified access gateway system, and a third-party system module is constructed, wherein the third-party system module comprises a docking module and an authentication module; obtaining first docking information and first authentication information of a first access application; inputting the first docking information and the first authentication information into the docking module and the authentication module respectively to obtain a first output result; when the first output result is successful access, obtaining first application information of a first calling party according to an application module, wherein the first application information comprises access system information and corresponding role information; generating a first approval form according to the first application information; and when the first approval form passes the approval, uniformly managing the first access application according to an authorization module. The technical problems that in the prior art, the permission control is limited, the function permission of the user cannot be controlled in a targeted mode, and unified management cannot be carried out are solved. The multi-application unified access gateway achieves the technical effects of realizing function adaptation of the access application, reducing the access cost of each calling party, carrying out unified management on the calling party and a third party and reducing the safety risk to the maximum extent.
The foregoing is a summary of the present disclosure, and embodiments of the present disclosure are described below to make the technical means of the present disclosure more clearly understood.
Drawings
Fig. 1 is a schematic flowchart of a method for accessing a gateway by multiple applications in a unified manner according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a process for obtaining a first output result in a multi-application unified access gateway method according to an embodiment of the present application;
fig. 3 is a schematic flowchart of a process of obtaining first application information of a first caller in a multi-application unified access gateway method according to an embodiment of the present application;
fig. 4 is a schematic flowchart illustrating a process of performing rights management on the first access application according to an authorization module in a multi-application unified access gateway method according to an embodiment of the present application;
fig. 5 is a schematic flow chart illustrating functions of a unified rights management module in a multi-application unified access gateway method according to an embodiment of the present application;
fig. 6 is a schematic flowchart illustrating a process of allocating third-party systems and functions allowed to be used in a multi-application unified access gateway method according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a multi-application unified access gateway system according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of an exemplary electronic device according to an embodiment of the present application.
Description of reference numerals: the system comprises a first building unit 11, a first obtaining unit 12, a second obtaining unit 13, a third obtaining unit 14, a first executing unit 15, a second executing unit 16, an electronic device 300, a memory 301, a processor 302, a communication interface 303 and a bus architecture 304.
Detailed Description
The embodiment of the application provides a multi-application unified access gateway method and system, and solves the technical problems that in the prior art, the permission control is limited, the targeted control cannot be performed on the functional permission of a user, and the unified management cannot be performed. The multi-application unified access gateway achieves the technical effects of realizing function adaptation of the access application, reducing the access cost of each calling party, carrying out unified management on the calling party and a third party and reducing the safety risk to the maximum extent.
Hereinafter, example embodiments of the present application will be described in detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only some embodiments of the present application and not all embodiments of the present application, and it is to be understood that the present application is not limited by the example embodiments described herein.
Summary of the application
With the continuous development and growth of enterprises, more and more enterprise-level systems of third-party companies are purchased. When the number of the third-party systems to be connected is increased, in order to reduce the connection cost, the third-party systems need to be managed through the unified access gateway system, system connection can be flexibly and quickly achieved, the authority management level is improved, and the safety control risk is reduced. Currently, the existing technology in the market is mainly used for accessing to login of third-party application, for example, the third-party website is logged in through WeChat and microblog accounts, but the technology application is limited, only a login module can be controlled, the function authority of a user cannot be controlled, and unified management cannot be achieved.
In view of the above technical problems, the technical solution provided by the present application has the following general idea:
the application provides a multi-application unified access gateway method, which is applied to a multi-application unified access gateway system, wherein the system comprises a plurality of modules, and the method comprises the following steps: constructing a third-party system module, wherein the third-party system module comprises a docking module and an authentication module; obtaining first docking information and first authentication information of a first access application; inputting the first docking information and the first authentication information into the docking module and the authentication module respectively to obtain a first output result; when the first output result is successful access, obtaining first application information of a first calling party according to an application module, wherein the first application information comprises access system information and corresponding role information; generating a first approval form according to the first application information; and when the first approval form passes the approval, uniformly managing the first access application according to an authorization module.
Having thus described the general principles of the present application, various non-limiting embodiments thereof will now be described in detail with reference to the accompanying drawings.
Example one
As shown in fig. 1, an embodiment of the present application provides a multi-application unified access gateway method, where the method is applied to a multi-application unified access gateway system, where the system includes a plurality of modules, where the method includes:
step S100: constructing a third-party system module, wherein the third-party system module comprises a docking module and an authentication module;
step S200: obtaining first docking information and first authentication information of a first access application;
specifically, the third-party system module comprises a docking module and an authentication module, and is responsible for docking and identity authentication between the system and the third-party system, controlling required functions and managing the functions. The docking module is used for docking the third-party system, so that the first caller can have part of authority functions of the third-party system. The authentication module needs to perform identity verification on the third-party system when a calling party calls the third-party system so as to ensure that the first calling party is qualified for configuring the authority of the third-party system, the authentication information comprises first user account information and corresponding password information, and if the privacy setting of third-party data needs to be enhanced, a face recognition authentication function, an iris authentication function, a fingerprint authentication function and the like can be performed on the third-party data. After the system is used for docking the third-party application, the docking information of the third-party application and the authentication webpage of the third-party application can be obtained, and the third-party system can be called only after authentication is carried out, so that the safety risk is reduced to the maximum extent.
Step S300: inputting the first docking information and the first authentication information into the docking module and the authentication module respectively to obtain a first output result;
step S400: when the first output result is successful access, obtaining first application information of a first calling party according to an application module, wherein the first application information comprises access system information and corresponding role information;
specifically, the first docking information refers to a specific management authority of the third-party application that the first caller needs to obtain. For example, the first caller only needs the login information of the third-party application, and then jumps to the third-party login webpage, the user fills in the third-party login information, and the system can obtain the login information of the third-party application. The first authentication information is used for authenticating the third-party application so that the third-party application can be normally called, and comprises an account number and a password of a third-party system, which is the simplest authentication mode, and for the third-party applications with different privacy levels, the third-party applications can be authenticated according to the privacy degree of the third-party applications. For example, a face recognition authentication function, an iris authentication function, a fingerprint authentication function and the like are added in the system. The application module is used for interfacing system requirements, so that the system can have a system which is expected to be accessed and a role name, and a third-party system can feed back the system. And respectively inputting the first docking information and the first authentication information into the docking module and the authentication module, and performing access verification on the third-party system, wherein if the access is successful, an application module appears, so that the third-party system can know the access request of the calling party, including the access system information and the corresponding role information, so as to maintain the data security of the system.
Step S500: generating a first approval form according to the first application information;
step S600: and when the first approval form passes the approval, uniformly managing the first access application according to an authorization module.
Specifically, the first approval form is based on that after the first caller and the third-party system are successfully docked, the third-party system sends the first caller application page, the first caller selects a specific system to be accessed and corresponding role information, the first caller selects the specific system to be accessed and submits the specific system and the corresponding role information after the first caller selects the specific system, and then the approval form is generated. The authorization module manages the access authority of the first caller, and in the authorization module, specific information of currently accessible third-party applications and third-party applications needing to be re-authorized can be checked. If the first approval form of the first calling party passes, the system can call the third-party application, has partial configuration authority, and performs unified management on the access application according to the specific authorization content of the third-party application.
Further, as shown in fig. 2, wherein the inputting the first docking information and the first authentication information into the docking module and the authentication module respectively to obtain a first output result, step S300 in this embodiment of the present application includes:
step S310: when the first docking information is input into the docking module, a first docking instruction is obtained;
step S320: obtaining a first API (application program interface) of a first interface module according to the first docking instruction, wherein the first interface module is connected with the docking module;
step S330: and inputting the first API interface into the third-party system module for butt joint, wherein the first API interface is a packaged API interface.
Specifically, the first interface module is connected with the docking module and is used for performing information docking on the calling system and the third-party system, so that the first caller can call the third-party system, and the first caller performs docking on the third-party system through the first API interface. The API interface is an interface between systems that can be predefined to provide a set of routines that applications and developers can access based on certain software or hardware without accessing the source code. And the first caller butt-joints the third-party system module through the API interface so as to configure the authority of the third-party system. And inputting the first docking information into the docking module, and docking with a third-party system module by using a specific API (application programming interface) interface according to the third-party application permission information required to be obtained by the first caller, thereby realizing the unified management of all accessed third-party systems.
Further, as shown in fig. 3, where, when the first output result is that the access is successful, the first application information of the first caller is obtained according to the application module, step S400 in this embodiment of the present application includes:
step S410: the first caller has a first caller module;
step S420: maintaining data information of the first caller according to the first caller module;
step S430: and maintaining the role information of the first caller according to the first caller module.
Specifically, the first caller module is used for calling a third party system in the multi-application unified access gateway system, and can maintain first caller data information and first caller role information. The first caller data information comprises all data in the system, and when the first caller data information is in butt joint with a third-party system, the first caller module can maintain the system data, so that information leakage is avoided. The role information of the first caller means that in the system, users logging in the system have different roles, such as a management layer and a common user, the management layer is also refined into other levels according to different authorities, and when the system is used for butting a third-party system, the first caller module can maintain the role information of the first caller so as to protect the data security of the system user information.
Further, as shown in fig. 4, wherein, when the first approval form passes the approval, the authorization module performs authority management on the first access application, and step S600 in this embodiment of the present application further includes:
step S610: the authorization module comprises a first authorization unit and a first access unit;
step S620: performing authority management on the first caller through the first authorization unit;
step S630: and accessing and re-authorizing all application information successfully accessed through the first access unit.
Specifically, the first authorization unit is mainly responsible for authorizing the system by the third-party application, the first caller can call authorization-related permissions to the third-party application only after authorization is performed, and the third-party application can flexibly configure functions that can be used by each caller based on an authorization request of the first caller. The first access unit is mainly used for recording historical information of calling of all third-party applications successfully accessed by a first calling party, when authorization is successful and when the authorization information is overdue, the first access unit records the historical information, and therefore management of the first access unit is facilitated.
Further, as shown in fig. 5, step S700 in the embodiment of the present application includes:
step S710: constructing a unified calling side management module, a unified third party management module and a unified authority management module;
step S720: the uniform calling party management module is used for uniformly managing all calling parties using the system;
step S730: the unified third-party management module is used for uniformly managing the accessed third-party system;
step S740: the unified authority management module is used for carrying out unified authority management including role configuration and function authority configuration.
Specifically, the unified caller management module is used for performing unified management on a first caller, the first caller refers to all users using the system, the unified management is performed on the first caller, and the user function module can be controlled. The unified third-party management module is used for carrying out unified management on the accessed third-party system, so that the system can be more flexibly and quickly butted, the authority management level is improved, and the safety control risk is reduced. The unified authority management module is used for configuring related authorities of the authorized first calling party based on the application request, including role configuration and function authority configuration, and performing function adaptation on access application, so that adaptation cost of the first calling party is reduced, authority control is performed on the first calling party, and functions which can be used by each calling party can be flexibly configured.
Further, as shown in fig. 6, where the authority management module is configured to perform unified authority management including role configuration and function authority configuration, step S740 in this embodiment of the present application includes:
step S741: the role configuration is carried out through a configuration module, wherein the configuration module comprises a system administrator;
step S742: the system administrator can perform custom control on the first caller authority through the configuration module;
step S743: and the system administrator distributes the allowed third-party systems and functions through the configuration module.
Specifically, the configuration module is used by a system administrator to perform custom control on the first caller authority and to allocate third party systems and functions that are allowed to be used. The system administrator can perform custom control on the first caller authority through the configuration module, flexibly configure the first caller authority, and realize the management of the available functions and the available third-party system by endowing different roles. The system administrator distributes the third-party system and the functions which are allowed to be used through the configuration module, and can realize the opening and closing of the functions of the third-party system through configuration to be used as a unified entrance and exit, thereby realizing the unified management control of the functions and reducing the safety risk to the maximum extent.
Further, step S100 in the embodiment of the present application includes:
step S100 a: the system is in butt joint with a third-party system, the required functions are controlled, the available functions are exposed to an internal caller after the butt joint, and the calling mode is provided in the form of an http interface.
Specifically, the system is in butt joint with a third-party system module through a first API interface which is packaged, after the butt joint is successful, corresponding permission is automatically opened for a calling party according to application information of the first calling party, and available permission can be displayed to internal personnel of the first calling party, so that the calling party staff can transfer the use permission. The calling mode is provided in the form of http interface, and mainly comprises get and post calling modes. And performing authority control on the first caller, and flexibly configuring functions which can be used by each caller.
To sum up, the method for accessing a gateway in a unified manner for multiple applications provided by the embodiment of the present application has the following technical effects:
1. the application provides a multi-application unified access gateway method, wherein the method comprises the following steps: constructing a third-party system module, wherein the third-party system module comprises a docking module and an authentication module; obtaining first docking information and first authentication information of a first access application; inputting the first docking information and the first authentication information into the docking module and the authentication module respectively to obtain a first output result; when the first output result is successful access, obtaining first application information of a first calling party according to an application module, wherein the first application information comprises access system information and corresponding role information; generating a first approval form according to the first application information; and when the first approval form passes the approval, uniformly managing the first access application according to an authorization module. The technical problems that in the prior art, the permission control is limited, the function permission of the user cannot be controlled in a targeted mode, and unified management cannot be carried out are solved. The multi-application unified access gateway achieves the technical effects of realizing function adaptation of the access application, reducing the access cost of each calling party, carrying out unified management on the calling party and a third party and reducing the safety risk to the maximum extent.
Example two
Based on the same inventive concept as the method for the multi-application unified access gateway in the foregoing embodiment, the present invention further provides a multi-application unified access gateway system, as shown in fig. 7, where the system includes:
the first building unit 11 is used for building a third-party system module, wherein the third-party system module comprises a docking module and an authentication module;
a first obtaining unit 12, where the first obtaining unit 12 is configured to obtain first docking information and first authentication information of a first access application;
a second obtaining unit 13, where the second obtaining unit 13 is configured to input the first docking information and the first authentication information into the docking module and the authentication module, respectively, and obtain a first output result;
a third obtaining unit 14, where the third obtaining unit 14 is configured to obtain first application information of a first caller according to an application module when the first output result is that the access is successful, where the first application information includes access system information and corresponding role information;
the first execution unit 15, the first execution unit 15 is configured to generate a first approval form according to the first application information;
and the second execution unit 16, where the second execution unit 16 is configured to perform unified management on the first access application according to an authorization module after the first approval form passes the approval.
Further, the system further comprises:
a fourth obtaining unit, configured to obtain a first docking instruction when the first docking information is input into the docking module;
a fifth obtaining unit, configured to obtain, according to the first docking instruction, a first API interface of a first interface module, where the first interface module is connected to the docking module;
and the third execution unit is used for inputting the first API interface into the third-party system module for butt joint, wherein the first API interface is a packaged API interface.
Further, the system further comprises:
a first modular unit for the first caller having a first caller module;
a fourth execution unit, configured to maintain data information of the first caller according to the first caller module;
a fifth execution unit, configured to maintain role information of the first caller according to the first caller module.
Further, the system further comprises:
the first containing unit is used for the authorization module and comprises a first authorization unit and a first access unit;
a sixth execution unit, configured to perform permission management on the first caller through the first authorization unit;
and the seventh execution unit is used for accessing and re-authorizing all the application information successfully accessed through the first access unit.
Further, the system further comprises:
the second construction unit is used for constructing a unified calling side management module, a unified third party management module and a unified authority management module;
the first functional unit is used for the unified caller management module to manage all callers using the system in a unified way;
the second functional unit is used for the unified third-party management module to be used for managing the accessed third-party system in a unified manner;
and the third functional unit is used for the unified authority management module to carry out unified authority management including role configuration and function authority configuration.
Further, the system further comprises:
an eighth execution unit, configured to perform the role configuration through a configuration module, where the configuration module includes a system administrator;
a ninth execution unit, configured to enable the system administrator to perform custom control on the first caller permission through the configuration module;
a tenth execution unit, configured to distribute, by the system administrator, third-party systems and functions that are allowed to be used through the configuration module.
Further, the system further comprises:
and the fourth functional unit is used for docking the system with a third-party system, controlling the required functions, exposing the available functions to an internal caller after docking, and providing the calling mode in the form of an http interface.
Exemplary electronic device
The electronic apparatus of the embodiment of the present application is described below with reference to fig. 8.
Based on the same inventive concept as the multi-application unified access gateway method in the foregoing embodiment, an embodiment of the present application further provides a multi-application unified access gateway system, including: a processor coupled to a memory, the memory for storing a program that, when executed by the processor, causes a system to perform the method of any of the first aspects.
The electronic device 300 includes: processor 302, communication interface 303, memory 301. Optionally, the electronic device 300 may also include a bus architecture 304. Wherein, the communication interface 303, the processor 302 and the memory 301 may be connected to each other through a bus architecture 304; the bus architecture 304 may be a peripheral component interconnect standard bus or an extended industry standard architecture bus, or the like. The bus architecture 304 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
Processor 302 may be a CPU, microprocessor, ASIC, or one or more integrated circuits for controlling the execution of programs in accordance with the teachings of the present application. Communication interface 303, using any transceiver or the like, is used for communicating with other devices or communication networks, such as ethernet, wireless access networks, wireless local area networks, wired access networks, and the like. The memory 301 may be, but is not limited to, a ROM or other type of static storage device that can store static information and instructions, a RAM or other type of dynamic storage device that can store information and instructions, an electrically erasable programmable read only memory, a read only optical disk or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory may be self-contained and coupled to the processor through a bus architecture 304. The memory may also be integral to the processor.
The memory 301 is used for storing computer-executable instructions for executing the present application, and is controlled by the processor 302 to execute. The processor 302 is configured to execute the computer executable instructions stored in the memory 301, so as to implement a multi-application unified access gateway method provided by the above-mentioned embodiments of the present application.
Optionally, the computer-executable instructions in the embodiments of the present application may also be referred to as application program codes, which are not specifically limited in the embodiments of the present application.
The embodiment of the application solves the technical problems that in the prior art, the permission control is limited, the function permission of a user cannot be subjected to targeted control, and unified management cannot be performed. The multi-application unified access gateway achieves the technical effects of realizing function adaptation of the access application, reducing the access cost of each calling party, carrying out unified management on the calling party and a third party and reducing the safety risk to the maximum extent.
Those of ordinary skill in the art will understand that: the various numbers of the first, second, etc. mentioned in this application are only used for the convenience of description and are not used to limit the scope of the embodiments of this application, nor to indicate the order of precedence. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one" means one or more. At least two means two or more. "at least one," "any," or similar expressions refer to any combination of these items, including any combination of singular or plural items. For example, at least one (one ) of a, b, or c, may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or multiple.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wire or wirelessly. The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device including one or more available media integrated servers, data centers, and the like. The usable medium may be a magnetic medium, an optical medium, a semiconductor medium, or the like.
The various illustrative logical units and circuits described in this application may be implemented or operated upon by design of a general purpose processor, a digital signal processor, an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof. A general-purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a digital signal processor and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a digital signal processor core, or any other similar configuration.
The steps of a method or algorithm described in the embodiments herein may be embodied directly in hardware, in a software element executed by a processor, or in a combination of the two. The software cells may be stored in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. For example, a storage medium may be coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC, which may be disposed in a terminal. In the alternative, the processor and the storage medium may reside in different components within the terminal. These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Although the present application has been described in conjunction with specific features and embodiments thereof, it will be evident that various modifications and combinations can be made thereto without departing from the spirit and scope of the application.
Accordingly, the specification and figures are merely exemplary of the present application as defined in the appended claims and are intended to cover any and all modifications, variations, combinations, or equivalents within the scope of the present application. It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations.

Claims (9)

1. A multi-application unified access gateway method, wherein the method is applied to a multi-application unified access gateway system, the system comprises a plurality of modules, and the method comprises:
constructing a third-party system module, wherein the third-party system module comprises a docking module and an authentication module;
obtaining first docking information and first authentication information of a first access application;
inputting the first docking information and the first authentication information into the docking module and the authentication module respectively to obtain a first output result;
when the first output result is successful access, obtaining first application information of a first calling party according to an application module, wherein the first application information comprises access system information and corresponding role information;
generating a first approval form according to the first application information;
and when the first approval form passes the approval, uniformly managing the first access application according to an authorization module.
2. The method of claim 1, wherein said inputting said first docking information and said first authentication information into said docking module and said authentication module, respectively, obtains a first output result, the method further comprising:
when the first docking information is input into the docking module, a first docking instruction is obtained;
obtaining a first API (application program interface) of a first interface module according to the first docking instruction, wherein the first interface module is connected with the docking module;
and inputting the first API interface into the third-party system module for butt joint, wherein the first API interface is a packaged API interface.
3. The method of claim 1, wherein when the first output result is successful access, first application information of a first caller is obtained according to an application module, and the method further comprises:
the first caller has a first caller module;
maintaining data information of the first caller according to the first caller module;
and maintaining the role information of the first caller according to the first caller module.
4. The method of claim 1, wherein when the first approval form passes the approval, the method further comprises performing rights management on the first access application according to an authorization module:
the authorization module comprises a first authorization unit and a first access unit;
performing authority management on the first caller through the first authorization unit;
and accessing and re-authorizing all application information successfully accessed through the first access unit.
5. The method of claim 1, wherein the method further comprises:
constructing a unified calling side management module, a unified third party management module and a unified authority management module;
the uniform calling party management module is used for uniformly managing all calling parties using the system;
the unified third-party management module is used for uniformly managing the accessed third-party system;
the unified authority management module is used for carrying out unified authority management including role configuration and function authority configuration.
6. The method of claim 5, wherein the rights management module is configured to perform unified rights management including role configuration, function rights configuration, the method further comprising:
the role configuration is carried out through a configuration module, wherein the configuration module comprises a system administrator;
the system administrator can perform custom control on the first caller authority through the configuration module;
and the system administrator distributes the allowed third-party systems and functions through the configuration module.
7. The method of claim 1, wherein the system interfaces with a third party system to control the desired functionality, and wherein the available functionality is exposed to an internal caller after interfacing, and wherein the calling is provided in the form of an http interface.
8. A multi-application unified access gateway system, wherein the system comprises:
the system comprises a first building unit, a second building unit and a third-party system module, wherein the first building unit is used for building the third-party system module, and the third-party system module comprises a docking module and an authentication module;
a first obtaining unit, configured to obtain first access information and first authentication information of a first access application;
a second obtaining unit, configured to input the first docking information and the first authentication information into the docking module and the authentication module, respectively, and obtain a first output result;
a third obtaining unit, configured to obtain first application information of a first caller according to an application module when the first output result is that access is successful, where the first application information includes access system information and corresponding role information;
the first execution unit is used for generating a first approval form according to the first application information;
and the second execution unit is used for performing unified management on the first access application according to an authorization module after the first approval form passes the approval.
9. A multi-application unified access gateway system, comprising: a processor coupled with a memory, the memory for storing a program that, when executed by the processor, causes a system to perform the method of any of claims 1-7.
CN202111149305.5A 2021-09-29 2021-09-29 Multi-application unified access gateway method and system Pending CN113904825A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111149305.5A CN113904825A (en) 2021-09-29 2021-09-29 Multi-application unified access gateway method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111149305.5A CN113904825A (en) 2021-09-29 2021-09-29 Multi-application unified access gateway method and system

Publications (1)

Publication Number Publication Date
CN113904825A true CN113904825A (en) 2022-01-07

Family

ID=79189324

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111149305.5A Pending CN113904825A (en) 2021-09-29 2021-09-29 Multi-application unified access gateway method and system

Country Status (1)

Country Link
CN (1) CN113904825A (en)

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030163733A1 (en) * 2002-02-28 2003-08-28 Ericsson Telefon Ab L M System, method and apparatus for federated single sign-on services
CN101977184A (en) * 2010-09-30 2011-02-16 西本新干线股份有限公司 Multi-identity selection landing device and service system
CN102420690A (en) * 2010-09-28 2012-04-18 上海可鲁系统软件有限公司 Fusion and authentication method and system of identity and authority in industrial control system
WO2015135331A1 (en) * 2014-03-10 2015-09-17 百度在线网络技术(北京)有限公司 Authorization method, apparatus and system for authentication
US20160065541A1 (en) * 2014-08-28 2016-03-03 Facebook, Inc. Anonymous single sign-on to third-party systems
CN105391721A (en) * 2015-11-23 2016-03-09 兰玉杰 Unified authentication management open system based on cloud computing
CN106713214A (en) * 2015-07-14 2017-05-24 腾讯科技(北京)有限公司 Method and system for carrying out identity authentication among multiple authorization systems
CN109462577A (en) * 2018-10-16 2019-03-12 同伦拍拍科技服务有限公司 A kind of third party communicates the inside login system and method for SSO in time
CN110365684A (en) * 2019-07-17 2019-10-22 中国工商银行股份有限公司 Access control method, device and the electronic equipment of application cluster
CN111224918A (en) * 2018-11-23 2020-06-02 中国移动通信集团广东有限公司 Real-time networking security control platform and access authentication method
CN111556006A (en) * 2019-12-31 2020-08-18 远景智能国际私人投资有限公司 Third-party application system login method, device, terminal and SSO service platform
CN112055017A (en) * 2020-09-02 2020-12-08 中国平安财产保险股份有限公司 Single-account multi-application unified login method and device and computer equipment
WO2021003751A1 (en) * 2019-07-11 2021-01-14 深圳市鹰硕技术有限公司 Single-account multi-identity login method and apparatus, server, and storage medium
CN112364336A (en) * 2020-11-18 2021-02-12 深圳航天智慧城市系统技术研究院有限公司 Unified authority management method, device, equipment and computer readable storage medium for database
CN113360862A (en) * 2021-05-06 2021-09-07 朗新科技集团股份有限公司 Unified identity authentication system, method, electronic device and storage medium

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030163733A1 (en) * 2002-02-28 2003-08-28 Ericsson Telefon Ab L M System, method and apparatus for federated single sign-on services
CN102420690A (en) * 2010-09-28 2012-04-18 上海可鲁系统软件有限公司 Fusion and authentication method and system of identity and authority in industrial control system
CN101977184A (en) * 2010-09-30 2011-02-16 西本新干线股份有限公司 Multi-identity selection landing device and service system
WO2015135331A1 (en) * 2014-03-10 2015-09-17 百度在线网络技术(北京)有限公司 Authorization method, apparatus and system for authentication
US20160065541A1 (en) * 2014-08-28 2016-03-03 Facebook, Inc. Anonymous single sign-on to third-party systems
CN106713214A (en) * 2015-07-14 2017-05-24 腾讯科技(北京)有限公司 Method and system for carrying out identity authentication among multiple authorization systems
CN105391721A (en) * 2015-11-23 2016-03-09 兰玉杰 Unified authentication management open system based on cloud computing
CN109462577A (en) * 2018-10-16 2019-03-12 同伦拍拍科技服务有限公司 A kind of third party communicates the inside login system and method for SSO in time
CN111224918A (en) * 2018-11-23 2020-06-02 中国移动通信集团广东有限公司 Real-time networking security control platform and access authentication method
WO2021003751A1 (en) * 2019-07-11 2021-01-14 深圳市鹰硕技术有限公司 Single-account multi-identity login method and apparatus, server, and storage medium
CN110365684A (en) * 2019-07-17 2019-10-22 中国工商银行股份有限公司 Access control method, device and the electronic equipment of application cluster
CN111556006A (en) * 2019-12-31 2020-08-18 远景智能国际私人投资有限公司 Third-party application system login method, device, terminal and SSO service platform
CN112055017A (en) * 2020-09-02 2020-12-08 中国平安财产保险股份有限公司 Single-account multi-application unified login method and device and computer equipment
CN112364336A (en) * 2020-11-18 2021-02-12 深圳航天智慧城市系统技术研究院有限公司 Unified authority management method, device, equipment and computer readable storage medium for database
CN113360862A (en) * 2021-05-06 2021-09-07 朗新科技集团股份有限公司 Unified identity authentication system, method, electronic device and storage medium

Similar Documents

Publication Publication Date Title
US20230026223A1 (en) Application platform with flexible permissioning
JP7225326B2 (en) Associating User Accounts with Corporate Workspaces
US8935757B2 (en) OAuth framework
US10397213B2 (en) Systems, methods, and software to provide access control in cloud computing environments
US20040054791A1 (en) System and method for enforcing user policies on a web server
US20090064303A1 (en) Transferable restricted security tokens
CN111314340B (en) Authentication method and authentication platform
JP2020531981A (en) Computer implementation methods, computer programs and systems for identity verification using biometric data and irreversible functions over the blockchain
US20200267090A1 (en) Organization level identity management
US20090187962A1 (en) Methods, devices, and computer program products for policy-driven adaptive multi-factor authentication
US10560435B2 (en) Enforcing restrictions on third-party accounts
US11196749B2 (en) System and method for controlling a multi-tenant service-oriented architecture
US11005853B1 (en) Restriction transitivity for session credentials
CN111062028B (en) Authority management method and device, storage medium and electronic equipment
CN110457629A (en) Permission processing, authority control method and device
CN109413203A (en) A kind of transaction data acquisition methods and device
CN113765655A (en) Access control method, device, equipment and storage medium
US20080289021A1 (en) Software application access method and system
US9027155B2 (en) System for governing the disclosure of restricted data
US11605093B1 (en) Security policy enforcement
US10257263B1 (en) Secure remote execution of infrastructure management
US11080379B2 (en) User authentication
US10931716B2 (en) Policy strength of managed devices
CN103929310A (en) Mobile phone client side password unified authentication method and system
CN113904825A (en) Multi-application unified access gateway method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 100000 floors 1-3, block a, global creative Plaza, No. 10, Furong street, Chaoyang District, Beijing

Applicant after: Bairong Zhixin (Beijing) Technology Co.,Ltd.

Address before: 100000 floors 1-3, block a, global creative Plaza, No. 10, Furong street, Chaoyang District, Beijing

Applicant before: Bairong Zhixin (Beijing) credit investigation Co.,Ltd.

CB02 Change of applicant information