Universal security management system, device and method for network management

Universal security management system, device and method for network management

  • CN 101,160,775 A
  • Filed: 07/10/2006
  • Published: 04/09/2008
  • Est. Priority Date: 07/21/2005
  • Status: Active Application
First Claim
Patent Images

1. Claima kind of common network management safety control system, it is characterised in that include security management center, at least one functional entity and at least one secure management gateway;

  • Wherein, the whole network, which is divided at least one security domain, each security domain, includes at least one described functional entity;

    Each at least one described secure management gateway of the security domain correspondence, for the safety management interface of functional entity in the security domain to be adapted into the universal safety management interface that the security management center is provided..2. the common network management safety control system according to claim 1, it is characterised in that also comprising safety management operate interface, for providing safety management operation interface to keeper based on the security management center.3. common network management safety control system according to claim 2, characterized in that, the security management center is used to manage the user profile, authorization message and authentication information of the whole network, is interacted and interacted by the safety management operate interface with keeper with the whole network functional entity by the secure management gateway of each security domain.4. common network management safety control system according to any one of claim 1 to 3, characterized in that, authority information and Slow that the functional entity is used to forward user authentication request to download currently logged on user to the security management center to the secure management gateway of security domain where it, by the secure management gateway are deposited, are operated the Slow for being authenticated and removing the authority information when user exits or according to the strategy pre-set to deposit to user according to the authority information.5. common network management safety control system according to any one of claim 1 to 3, characterized in that, the secure management gateway is interacted with all functional entitys in intrinsic safety universe by the safety management interface of security domain where it, interacted by the universal safety management interface with the security management center, for forwarding the user authentication request that the functional entity is transmitted to the security management center and forwarding the authority information that the security management center is transmitted to the functional entity.6. a kind of common network management safety control system, it is characterised in that including security management center, at least one functional entity and at least one secure management gateway;

    Wherein, the functional entity is used to handle customer service;

    The security management center is used for the safety management for carrying out the whole network;

    Each secure management gateway corresponds at least one functional entity, for the data interaction for realizing security management center between corresponding functional entity.7th, common network management safety control system according to claim 6, it is characterized in that, the secure management gateway is interacted by the safety management interface of functional entity with the corresponding functional entity, and the universal safety management interface provided by the security management center is interacted with the security management center.8th, a kind of webmaster secure management gateway, it is characterised in that corresponding at least one functional entity, realize the interaction of the functional entity and network management system security management center;

    Including:

    Functional entity interactive unit, for realizing the data interaction with functional entity;

    Security management center interactive unit, for realizing the data interaction with security management center;

    Processing unit, the adaptation of the data for realizing the function interactive unit and the transmission of security management center interactive unit.9th, webmaster secure management gateway as claimed in claim 8, it is characterised in that the functional entity interactive unit is interacted by the safety management interface of functional entity with the corresponding functional entity;

    The universal safety management interface that the security management center interactive unit is provided by the security management center is interacted with the security management center.10th, webmaster secure management gateway as claimed in claim 8 or 9, it is characterised in that the processing unit includes:

    Certification request processing unit, is sent to the security management center after the user authentication request conversion that the functional entity for functional entity interactive unit to be received is transmitted by security management center interactive unit;

    Authority information processing unit, the user authentication request from the security management center for security management center interactive unit to be received is sent to the functional entity after changing by functional entity interactive unit.11st, a kind of security management center, including universal safety management interface;

    It is characterized in that in addition to:

    Functional entity interactive unit, for realizing the data interaction with functional entity;

    Adaptation unit, the adaptation for realizing the data transmitted between the universal safety management interface and functional entity interactive unit.12nd, a kind of functional entity of webmaster safety management system, including safety management interface;

    Characterized in that, also including:

    Security management center interactive unit, for realizing the data interaction with security management center;

    Adaptation unit, the adaptation for realizing the data transmitted between the safety management interface and security management center.13. a kind of user management method of common network management safety control system, it is characterised in that comprise the steps of,The safety management operate interface receives the user management operation requests of the keeper, and is sent to the security management center;

    The security management center handles the user management operation requests, and returns to result to the safety management operate interface;

    The safety management operate interface shows result on a user interface.14. a kind of subscriber entitlement method of common network management safety control system, it is characterised in that comprise the steps of,The safety management operate interface receives user'"'"'s Authorized operation request of the keeper, and is sent to the security management center;

    The security management center from the secure management gateway obtain can Authorized operation type and can Authorized operation object information, and return to the safety management operate interface;

    The safety management operate interface will it is described can Authorized operation type and can Authorized operation object information include in administrator interfaces, be used as the keeper to carry out the reference of Authorized operation;

    After the keeper completes Authorized operation, Authorized operation request is sent to the security management center by the safety management operate interface;

    The security management center processing Authorized operation, preservation authorized user message, and result is returned to the safety management operate interface;

    The safety management operate interface includes result in administrator interfaces.15. a kind of subscriber entitlement method of common network management safety control system, it is characterised in that includeFollowing steps,The security management center is obtained from the secure management gateway in each start and described Authorized operation type and Authorized operation object information and can locally preserved;

    The secure management gateway it is each update change after initiate synchronizing process to the security management center so that it is described can Authorized operation type and can Authorized operation object information keep synchronous;

    The keeper according to the security management center provided can Authorized operation type and can Authorized operation object information carry out Authorized operation;

    After the Authorized operation, Authorized operation request is sent to the security management center by the safety management operate interface;

    The security management center processing Authorized operation, preservation authorized user message, and result is returned to the safety management operate interface;

    The safety management operate interface includes result in administrator interfaces.16. the user authen method of-kind of common network management safety control system, it is characterised in that comprise the steps of,The functionManagement gateway, the security management center is transmitted to by it;

    In the safety managementLimit information gives the secure management gateway, and the functional entity is transmitted to by it;

    The functional entity is in user right information described in local cache until user exits or time-out.17. the user authen method of common network management safety control system according to claim 16, it is characterised in that when the functional entity receives user authentication request, also comprising following sub-step:

    Forwarding is decided whether according to preset local policy, the user authentication request is if it is transmitted to the secure management gateway, otherwise directly in processing locality.18. the user authen method of common network management safety control system according to claim 16, it is characterized in that, the functional entity is before local Slow deposits the user right information, also comprising judging whether the sub-step that Slow is deposited according to preset local policy.19. a kind of user anthority identifying method of common network management safety control system, it is characterised in that comprise the steps of,The user right information that the functional entity is deposited according to local Slow is authenticated to user'"'"'s operation, and the operation is performed after authentication passes through;

    The functional entity is exited in user, remove the user right information that local Slow is deposited by the strategy pre-set under timeout case.

View all claims
    ×
    ×

    Thank you for your feedback

    ×
    ×