CN115277166A - Cross-boundary user management system for engineering vector library - Google Patents
Cross-boundary user management system for engineering vector library Download PDFInfo
- Publication number
- CN115277166A CN115277166A CN202210875255.7A CN202210875255A CN115277166A CN 115277166 A CN115277166 A CN 115277166A CN 202210875255 A CN202210875255 A CN 202210875255A CN 115277166 A CN115277166 A CN 115277166A
- Authority
- CN
- China
- Prior art keywords
- unit
- user
- login
- module
- classification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 claims description 15
- 238000012795 verification Methods 0.000 claims description 14
- 238000010276 construction Methods 0.000 claims description 11
- 238000012545 processing Methods 0.000 claims description 9
- 230000005540 biological transmission Effects 0.000 abstract description 10
- 238000012423 maintenance Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 238000000034 method Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000009440 infrastructure construction Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a cross-boundary user management system for an engineering vector library, which comprises a client, a login information encryption module, a user access server, a classification module and a safety module, wherein the client is used for a client to execute login operation; the invention can effectively ensure the safety of data resources during transmission, encrypts the user login password and the key data in the system by using the RSA asymmetric encryption algorithm to ensure the safety of the data during transmission, and encrypts the user login password and the key data in the system by using the MD5 abstract algorithm to ensure that the data is not tampered during transmission.
Description
Technical Field
The invention relates to the field of user management, in particular to a cross-border user management system for an engineering vector library.
Background
At present, the quantity of power grid construction projects is huge, a large number of infrastructure construction projects generate massive engineering drawings and data, and engineering project design units submit design schemes and engineering drawings in a paper form, so that the core data of the power grid construction projects cannot be mastered by power grid enterprises; in addition, the paper engineering drawing access mode is old, the utilization efficiency is low, the process data of each link such as engineering construction, acceptance, operation and maintenance, management and the like cannot be accurately recorded, and the front-line work such as production, overhaul, operation and maintenance, emergency rescue and the like cannot be supported, so that the engineering vector system is required to manage the drawing, and in the system, a plurality of users can appear, so that the user management system is required to manage the users.
When a user logs in the existing cross-border user management system for the engineering vector library, the phenomenon of tampering can occur in the data transmission process, and the safety is poor; secondly, the existing cross-border user management system for the engineering vector library has login replay attack, and the traditional user management system cannot divide the user categories, so that the later maintenance difficulty is high.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: when a user of the conventional cross-border user management system for the engineering vector library logs in, the phenomenon of tampering can occur in the data transmission process, and the safety is poor; secondly, the existing cross-border user management system for the engineering vector library has login replay attack, and the traditional user management system cannot divide the user categories, so that the later maintenance difficulty is high.
The invention solves the technical problem through the following technical scheme, and the cross-boundary user management system for the engineering vector library comprises a client, a login information encryption module, a user access server, a classification module and a security module;
the client is used for a client to execute login operation;
the login information encryption module is used for encrypting information during login;
the user access server is used for receiving, processing, calculating and executing various commands;
the classification module is used for classifying and storing user categories;
the security module is used for increasing the security of user information;
the client is in communication connection with the user access server, and the login information encryption module, the security module and the classification module are in communication connection with the user access server.
Preferably, the security module comprises a time stamp unit, a processing unit, a verification code generation unit and an access authority control unit, and the time stamp unit, the verification code generation unit and the access authority control unit are all in communication connection with the processing unit.
Preferably, the classification module comprises a classification library, an ID identification unit, a classification unit, a storage unit and an output unit, and the classification library, the ID identification unit, the classification unit, the storage unit and the output unit are sequentially connected in a communication manner.
Preferably, the classification module comprises a classification library, an ID identification unit, a classification unit, a storage unit and an output unit, and the classification library, the ID identification unit, the classification unit, the storage unit and the output unit are sequentially connected in a communication manner.
Preferably, when the login information encryption module encrypts, the RSA asymmetric encryption algorithm is used to encrypt the user login password and the key data in the system, and the MD5 digest algorithm is used to remember the user login password and the key data in the system.
Preferably, the timestamp unit in the security module is configured to generate time information, the verification code generation unit is configured to generate verification code information, and the access right control unit implements access control in an RBAC (role-based right access control) manner.
Preferably, the category library stores ID category information of unified users, intranet temporary users, intranet construction unit users, and extranet construction unit users.
Compared with the prior art, the invention has the following advantages:
the login information encryption module is arranged, the key data in the user login password and the system are encrypted by using the RSA asymmetric encryption algorithm, the security of the data in the transmission process is ensured, and the system uses the MD5 digest algorithm to remember the digest of the key data in the user login password and the system, so that the data are not falsified in the transmission process;
by arranging the security module, the login replay attack is prevented by adopting a login mode of mixing a login verification code and a timestamp, the HTTP request information submitted by a user can be acquired by the replay attack to carry out secondary request, and the system ensures that the HTTP request information submitted by each login is inconsistent after the login verification code and the timestamp are added, so that the login replay attack is effectively avoided;
through setting up the classification module, through setting up the ID number of different classification to many users such as the unified user of intranet, the interim user of intranet, intranet construction unit user, outer net construction unit user to store through the classification storehouse, when the user enters into the server, can be divided different classification and store, make later maintenance more nimble.
Drawings
FIG. 1 is a system block diagram of the present invention;
FIG. 2 is a system diagram of a login information encryption module of the present invention;
FIG. 3 is a system diagram of the security module of the present invention;
FIG. 4 is a system diagram of a classification module of the present invention.
Detailed Description
The following examples are given for the detailed implementation and specific operation of the present invention, but the scope of the present invention is not limited to the following examples.
As shown in fig. 1 to 4, the present embodiment provides a technical solution: a cross-boundary user management system for an engineering vector library comprises a client, a login information encryption module, a user access server, a classification module and a security module;
the client is used for the client to execute login operation;
the login information encryption module is used for encrypting information during login;
the user access server is used for receiving, processing, calculating and executing various commands;
the classification module is used for classifying and storing the user categories;
the safety module is used for increasing the safety of user information;
the client is in communication connection with the user access server, and the login information encryption module, the security module and the classification module are in communication connection with the user access server.
In this embodiment, the login information encryption module includes an RSA unit, an MD5 unit, and an execution unit, where the RSA unit and the MD5 unit are in communication connection with the execution unit, and encrypt the user login password and the key data in the system by using an RSA asymmetric encryption algorithm, so as to ensure that the data is not tampered in the transmission process.
In the embodiment, the security module comprises a time stamp unit, a processing unit, an identifying code generating unit and an access authority control unit, wherein the time stamp unit, the identifying code generating unit and the access authority control unit are all in communication connection with the processing unit, and login replay attack is prevented by adopting a login mode of mixing a login identifying code and a time stamp, so that login replay attack is effectively avoided.
In this embodiment, the classification module includes a category library, an ID identification unit, a classification unit, a storage unit, and an output unit, and the category library, the ID identification unit, the classification unit, the storage unit, and the output unit are sequentially in communication connection, so as to facilitate division of user groups of different categories, and facilitate later maintenance.
In this embodiment, when the login information encryption module encrypts, the RSA asymmetric encryption algorithm is used to encrypt the user login password and the key data in the system, the MD5 digest algorithm is used to encrypt the user login password and the key data in the system, and the MD5 digest algorithm is used to encrypt the user login password and the key data in the system, so as to ensure that the data is not tampered during transmission.
In this embodiment, the timestamp unit in the security module is configured to generate time information, the verification code generation unit is configured to generate verification code information, the access right control unit implements access control in an RBAC (role based access control) manner, and the access right control verification manner is as follows: 1. the method comprises the steps that a user obtains account information of the user when logging in; 2. acquiring corresponding role information according to account information of a user; 3. acquiring menus, modules and function button lists which can be operated by a user according to the role information, and acquiring all corresponding URL lists; 4. when the user accesses any request, the system compares the URL of the request with the URL list held by the user, and checks whether the user has the right to access.
In this embodiment, the category library stores ID category information of a unified user, an intranet temporary user, an intranet construction unit user, and an extranet construction unit user, and is used by the classification unit to retrieve category data.
In summary, when the invention is used, a user enters a user access server through a client, in the process, a login information encryption module encrypts a user login password and key data in a system by using an RSA asymmetric encryption algorithm to ensure the security of the data in the transmission process, the system records and digests the user login password and the key data in the system by using an MD5 digest algorithm, when the user enters the user access server, an ID identification unit identifies user ID information and compares the user ID information with ID class information stored in a class library, finally, a classification unit stores different types of ID users through a storage unit, when people inquire, the ID information can be output through an output unit, when the user enters the user access server, a security module adopts a login mode of mixing a login authentication code and a timestamp to prevent login replay attack, as the replay attack can obtain HTTP request information submitted by the user to carry out a secondary request, and after the system adds the login authentication code and the timestamp, the request information submitted by each login is ensured to be inconsistent.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.
Claims (7)
1. A cross-border user management system for an engineering vector library is characterized by comprising a client, a login information encryption module, a user access server, a classification module and a security module;
the client is used for a client to execute login operation;
the login information encryption module is used for encrypting information during login;
the user access server is used for receiving, processing, calculating and executing various commands;
the classification module is used for classifying and storing user categories;
the security module is used for increasing the security of user information;
the client is in communication connection with the user access server, and the login information encryption module, the security module and the classification module are in communication connection with the user access server.
2. The system of claim 1, wherein the system comprises: the login information encryption module comprises an RSA unit, an MD5 unit and an execution unit, wherein the RSA unit and the MD5 unit are in communication connection with the execution unit.
3. The system of claim 1, wherein the system comprises: the security module comprises a time stamp unit, a processing unit, a verification code generating unit and an access authority control unit, wherein the time stamp unit, the verification code generating unit and the access authority control unit are all in communication connection with the processing unit.
4. The system of claim 1, wherein the system comprises: the classification module comprises a classification library, an ID identification unit, a classification unit, a storage unit and an output unit, wherein the classification library, the ID identification unit, the classification unit, the storage unit and the output unit are sequentially in communication connection.
5. The system of claim 2, wherein the system is used for cross-border user management of an engineering vector library, and comprises: when the login information encryption module is used for encrypting, the RSA asymmetric encryption algorithm is used for encrypting the user login password and the key data in the system, and the MD5 abstract algorithm is used for carrying out memorability abstract on the user login password and the key data in the system.
6. The system of claim 3, wherein the system comprises: the security module comprises a timestamp unit, a verification code generation unit and an access authority control unit, wherein the timestamp unit is used for generating time information, the verification code generation unit is used for generating verification code information, and the access authority control unit realizes access control in an RBAC (role-based authority access control) mode.
7. The system of claim 4, wherein the system comprises: and the category library stores ID category information of unified users, intranet temporary users, intranet construction unit users and extranet construction unit users.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210875255.7A CN115277166A (en) | 2022-07-25 | 2022-07-25 | Cross-boundary user management system for engineering vector library |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210875255.7A CN115277166A (en) | 2022-07-25 | 2022-07-25 | Cross-boundary user management system for engineering vector library |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115277166A true CN115277166A (en) | 2022-11-01 |
Family
ID=83768067
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210875255.7A Pending CN115277166A (en) | 2022-07-25 | 2022-07-25 | Cross-boundary user management system for engineering vector library |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115277166A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103179134A (en) * | 2013-04-19 | 2013-06-26 | 中国建设银行股份有限公司 | Single sign on method and system based on Cookie and application server thereof |
| CN104580248A (en) * | 2015-01-27 | 2015-04-29 | 中復保有限公司 | Secured logon method for variable secret key encryption under HTTP |
| CN112257089A (en) * | 2020-10-28 | 2021-01-22 | 衡阳圣堂科技有限公司 | Automatic storage system for customer information |
| CN112396531A (en) * | 2020-12-10 | 2021-02-23 | 东莞市莞云信息科技有限公司 | Management system integrating information, social contact and multi-platform aggregation service |
| US11030299B1 (en) * | 2020-01-27 | 2021-06-08 | Capital One Services, Llc | Systems and methods for password managers |
-
2022
- 2022-07-25 CN CN202210875255.7A patent/CN115277166A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103179134A (en) * | 2013-04-19 | 2013-06-26 | 中国建设银行股份有限公司 | Single sign on method and system based on Cookie and application server thereof |
| CN104580248A (en) * | 2015-01-27 | 2015-04-29 | 中復保有限公司 | Secured logon method for variable secret key encryption under HTTP |
| US11030299B1 (en) * | 2020-01-27 | 2021-06-08 | Capital One Services, Llc | Systems and methods for password managers |
| CN112257089A (en) * | 2020-10-28 | 2021-01-22 | 衡阳圣堂科技有限公司 | Automatic storage system for customer information |
| CN112396531A (en) * | 2020-12-10 | 2021-02-23 | 东莞市莞云信息科技有限公司 | Management system integrating information, social contact and multi-platform aggregation service |
Non-Patent Citations (1)
| Title |
|---|
| 李东荣;: "《《网上银行系统信息安全通用规范》解读》", 中国金融出版社, pages: 88 - 91 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114372296B (en) | Block chain-based user behavior data auditing method and system | |
| CN112733211A (en) | Intelligent power grid data storage scheme based on block chain | |
| CN114550353A (en) | Intelligent lock control system of transformer substation | |
| CN116319387A (en) | Simulation test platform based on block chain | |
| CN111352999A (en) | National data circulation and data right confirming method and platform based on block chain | |
| CN109450925B (en) | User authority verification method and device for operation and maintenance of power secondary system and electronic equipment | |
| CN101118639A (en) | Safety electric national census system | |
| CN110555783A (en) | block chain-based power marketing data protection method and system | |
| Shen et al. | Design of trusted aviation data exchange platform based on blockchain | |
| CN106529216B (en) | Software authorization system and software authorization method based on public storage platform | |
| CN110430207B (en) | Multi-point remote cross-network interaction collaborative authentication method for smart power grid | |
| CN115238320B (en) | Power data storage management method | |
| CN115277166A (en) | Cross-boundary user management system for engineering vector library | |
| CN115328053B (en) | Permission realization method based on security level DCS system of nuclear power plant | |
| CN115347675A (en) | Smart power grid data secure access method and system | |
| CN116346415A (en) | Multi-factor login authentication method and device for industrial control PLC system and PLC system | |
| CN115361273A (en) | Block chain-based electric power operation and maintenance safety supervision and emergency management and control system and method | |
| CN109743297A (en) | Management service system and its working method are done in a kind of cruising | |
| CN111597525A (en) | Resource management system security platform | |
| CN115348114B (en) | Intelligent power plant data safety transmission method and system, electronic equipment and medium | |
| CN112422340B (en) | Method for managing cloud service cluster | |
| CN112383599B (en) | Block chain-based distributed storage method for scheduling communication data | |
| CN115473713B (en) | Secret key safety management system and method based on cloud service | |
| CN114531440B (en) | Industrial edge side data sharing system based on combination of active identification and block chain technology | |
| Chen et al. | Research on Blockchain-Based Power Data Storage Scheme |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |