CN100464338C - Method for binding security mechanism of application software and large database - Google Patents
Method for binding security mechanism of application software and large database Download PDFInfo
- Publication number
- CN100464338C CN100464338C CNB2007100159906A CN200710015990A CN100464338C CN 100464338 C CN100464338 C CN 100464338C CN B2007100159906 A CNB2007100159906 A CN B2007100159906A CN 200710015990 A CN200710015990 A CN 200710015990A CN 100464338 C CN100464338 C CN 100464338C
- Authority
- CN
- China
- Prior art keywords
- database
- application system
- login
- user
- security mechanism
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention discloses a method for bundling application software safety mechanism and large database safety mechanism. The method bundles the safety mechanisms of application system and large database together, thus enhancing the safety of data visit and safety grade of user visit. Through establishing the independent visit control database, the method completes the bundling of safety mechanisms of application system and large database. Through the independent visit control database, the method, on the one hand, can realize database safety certification mechanism of user log-in; and on the other hand, the method completes the log-in of application database, so as to reach the purpose of operating application database. The method relieves the application system of building a safety mechanism and validation principle by its own, avoids database log-in through written code or encrypted database registration, and skillfully bundles safety mechanisms of application system and large database together.
Description
Technical field
The present invention relates to the method to set up of a kind of security mechanism of computer information system, be widely used in the secure access of management information system, and the safe integrated approach of isomery infosystem.
Background technology
It is particularly important that safety of data seems for IT application in enterprises.Along with popularizing of infotech, enterprises personnel are for the understanding of secret data in enterprise and steal hope and strengthen; Along with popularizing of computer technology, the ability of individual operating database is also strengthened.So information security technology more and more becomes the emphasis that corporate client is paid close attention to.Encryption technology becomes the first-selection that the software industry is carried out safety approach, and the main points of encryption technology are cryptographic algorithm, and cryptographic algorithm can be divided into symmetric cryptography, asymmetric cryptosystem and irreversible encryption three class algorithms.Through the independently developed Software tool of these algorithms, do not obtain the authentication of specialized department, security is difficult to be protected.And the commercialization instrument of releasing based on these algorithms, for example digital certificate, dynamic password card etc., these instruments are widely used in security requirements such as bank, government than higher scene, and the investment of requirement is also than higher.Use for general enterprise, level of security and scale of investment are relatively low.
Like this, invent a kind of security mechanism method of appropriateness, should be used for saying that just seeming has been even more important for IT application in enterprises.
Summary of the invention
The object of the present invention is to provide a kind of safe data access method, be intended to improve the security access levels of system software.
The present invention includes following steps:
1, at first set up independently access control database, the access control database carries out initialization after perhaps system software is installed and creates when system software is installed.An independently table is set up in this database inside, be used for storage application system database-name, Database owner, password and with information such as application system corresponding relation rule.
2, pass through login window, input registrant numbering and password carry out connected reference and control database, and will verify by means of the security mechanism of large database this moment, from the access control database take out in requisition for the data of operation according to library information, carry out the login of operating database.
Safety access method of the present invention except the security access mechanism that is widely used in management information system, can also be applied to the access interface technology between heterogeneous system.
Key point of the present invention is to have created independently access control database, makes login authentication become the connection login authentication of database, has strengthened the level of security of data access.
Description of drawings:
Fig. 1 is a security mechanism schematic diagram of the present invention;
Fig. 2 is traditional secure log synoptic diagram;
Fig. 3 is a security mechanism process flow diagram of the present invention.
Embodiment
Below in conjunction with accompanying drawing to technical scheme of the present invention detailed description in addition.
Described method of the present invention is applicable to the visit large database, carries out data acquisition, processing, processing, output, is usually used in the secure logon facility of management information system, also can be used for the access interface technology between heterogeneous system.
Large database involved in the present invention can be widely used in large databases such as MSS SQL, SYBASE, ORACLE, DB2.The data access mechanism that now a lot of application software are used always large database: fixing Database owner and password are set, so that expressly sign indicating number or cipher mode are stored in registration table or the Parameter File, read this document by login window, be connected to the database (as accompanying drawing 2) of the application system that will operate.This method mainly is applicable to early stage use large-scale database system, and enterprise is owing to understand that the people of large database programming development is less, and business data probability under fire is little.And now along with the popularizing of computer technology, the software practitioner's flows, and the importance of company information, and business data hazard level is under fire strengthened.The security mechanism of large database has all reached very high security control rank, and ORACLE database has for example reached the B1 level of the National Computer Security center (NCSC), and few people can illegally login.The login techniques of how to use database is bound the login of application system, and the security that improves application system just seems important.The method of application system and the binding of large database security mechanism is still disclosed without any technical literature now.
Method of the present invention is fully used the large database security access mechanism, as shown in Figure 1, by creating a security control database, the login user of application system is converted to simultaneously the login user of database, thereby the login authentication of application system has been tied to the login authentication of database, and this is a key of the present invention.Described method comprises the steps, as shown in Figure 3:
A) in application system installs, perhaps during the application system initialization, creates a security control database dbmaster, create in this security control database and show db info, in order to the database information of storage application system.
B) at first with the dbmaster owner, be the login user of large database, also be the system keeper of system of application system carries out login system, the login authentication of application system realizes by the login authentication of database at this moment.
C) system manager is by application system, creation operation person user.Operator user should become the user of application system, also will register the login user of database.This is the key principle of binding data storehouse login.
Like this,, just realized the binding of secure logon facility, thereby finished the security mechanism of application system and the security mechanism binding of large database by user binding.
D) like this, when its login numbering of login user typing and password, can judgement be connected to large database, if can be connected to dbmaster, illustrate by safety verification, read dbinfo this moment again, take out owner and the password of the database OperDatabase that wants register, the database of finishing OperDatabase connects, thereby carries out system operation.
The database description of symbols is as follows:
Mark | Explanation |
Dbinfo_id | The database sequence number |
dbinfo_database | The service data library name |
dbinfo_owner | The operating database owner |
dbinfo_password | Operating database owner password |
Wherein large database is supported large databases such as MSS SQL, SYBASE, ORACLE, DB2.
Application software security mechanism of the present invention and large database security mechanism binding method, further comprising the steps of in its steps A:
A1) when application system is installed, perhaps, create the access control database using the later initialization of installation;
When A2) creating the access control database, require input manager person's numbering, password, with the login user of this user as database, and with this user as access control wide area information server owner;
A3) table of the database of establishment record application system.By initialization, finish the establishment of application system database and register to this table.
Application software security mechanism of the present invention and large database security mechanism binding method, further comprising the steps of among the step B:
B1) by login window, user and password that input will be logined are logined;
B2) login user carries out connected reference and controls database, and takes out the target data library information from the table of record application system database information, finishes the login of target database;
B3) new user's maintenance is undertaken by application system, and new user will register the database login user, and the control database authority of table of the inside of read access is arranged.
Should be understood that above-mentioned description to specific embodiment of the present invention is comparatively concrete, but can not therefore be interpreted as the restriction of scope that the present invention is asked for protection.
Claims (2)
1. application software security mechanism and large database security mechanism binding method is characterized in that comprising the steps:
Create independently access control database when carrying out initialization when A) application system is installed or after application system is installed, set up in this access control database inside one independently information table be used for the storage application system operating database title, Database owner, password and with the information of application system corresponding relation rule;
B) by means of the security mechanism checking of large database, carry out the login of application system operating database, this step comprises following concrete steps:
B1) by login window, input registrant numbering and password are logined;
B2) login user carries out connected reference and controls database, and takes out a certain target data library information in the application system operating database from the information table of record application system operating database, finishes the login of a certain target database in the application system operating database;
B3) new user's maintenance is undertaken by application system, and new user will register the database login user, and the control database authority of information table of the inside of read access is arranged.
2. 1 described application software security mechanism and large database security mechanism binding method as requested is characterized in that steps A comprises following concrete steps:
A1) when application system is installed, perhaps, create the access control database using the later initialization of installation;
When A2) creating the access control database, require input manager person's numbering, password, with the login user of this user as the access control database, and with this user as access control wide area information server owner;
A3) create the information table that writes down the application system operating database,, finish the establishment of application system operating database and register to this information table by initialization.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2007100159906A CN100464338C (en) | 2007-06-25 | 2007-06-25 | Method for binding security mechanism of application software and large database |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2007100159906A CN100464338C (en) | 2007-06-25 | 2007-06-25 | Method for binding security mechanism of application software and large database |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101105827A CN101105827A (en) | 2008-01-16 |
CN100464338C true CN100464338C (en) | 2009-02-25 |
Family
ID=38999715
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB2007100159906A Expired - Fee Related CN100464338C (en) | 2007-06-25 | 2007-06-25 | Method for binding security mechanism of application software and large database |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN100464338C (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100595739C (en) * | 2008-08-15 | 2010-03-24 | 用友软件股份有限公司 | Method and system for accessing finance data |
CN105631346A (en) * | 2015-12-25 | 2016-06-01 | 深圳市华讯方舟软件技术有限公司 | Spark database electronic coded lock safe and convenient to use and operation method thereof |
CN107656949B (en) * | 2016-12-23 | 2018-09-25 | 航天星图科技(北京)有限公司 | A kind of joint access method of distributed data base |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5283830A (en) * | 1991-12-17 | 1994-02-01 | International Computers Limited | Security mechanism for a computer system |
US5321841A (en) * | 1989-06-29 | 1994-06-14 | Digital Equipment Corporation | System for determining the rights of object access for a server process by combining them with the rights of the client process |
JP2002169808A (en) * | 2000-11-30 | 2002-06-14 | Hitachi Ltd | Secure multi-database system |
CN1485746A (en) * | 2002-09-27 | 2004-03-31 | 鸿富锦精密工业(深圳)有限公司 | Management system and method for user safety authority limit |
CN1567300A (en) * | 2003-06-19 | 2005-01-19 | 鸿富锦精密工业(深圳)有限公司 | Database using right inquiry system and method |
-
2007
- 2007-06-25 CN CNB2007100159906A patent/CN100464338C/en not_active Expired - Fee Related
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5321841A (en) * | 1989-06-29 | 1994-06-14 | Digital Equipment Corporation | System for determining the rights of object access for a server process by combining them with the rights of the client process |
US5283830A (en) * | 1991-12-17 | 1994-02-01 | International Computers Limited | Security mechanism for a computer system |
JP2002169808A (en) * | 2000-11-30 | 2002-06-14 | Hitachi Ltd | Secure multi-database system |
CN1485746A (en) * | 2002-09-27 | 2004-03-31 | 鸿富锦精密工业(深圳)有限公司 | Management system and method for user safety authority limit |
CN1567300A (en) * | 2003-06-19 | 2005-01-19 | 鸿富锦精密工业(深圳)有限公司 | Database using right inquiry system and method |
Also Published As
Publication number | Publication date |
---|---|
CN101105827A (en) | 2008-01-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10146957B1 (en) | Sensitive data aliasing | |
US8275995B2 (en) | Identity authentication and secured access systems, components, and methods | |
US8677126B2 (en) | Method and system for digital rights management of documents | |
US20030217264A1 (en) | System and method for providing a secure environment during the use of electronic documents and data | |
US20020141588A1 (en) | Data security for digital data storage | |
US20200134617A1 (en) | Securing data via multi-layer tokens | |
EP1914951A1 (en) | Methods and system for storing and retrieving identity mapping information | |
CN111368324A (en) | Credible electronic license platform system based on block chain and authentication method thereof | |
CN111783075A (en) | Authority management method, device and medium based on secret key and electronic equipment | |
US9294918B2 (en) | Method and system for secure remote login of a mobile device | |
CN100397814C (en) | Uniform identication method and system based on network | |
CN106575342A (en) | Kernel program including relational data base, and method and device for executing said program | |
CN103152179A (en) | Uniform identity authentication method suitable for multiple application systems | |
CN106533693B (en) | Access method and device of railway vehicle monitoring and overhauling system | |
CN101321064A (en) | Information system access control method and apparatus based on digital certificate technique | |
CN103023921A (en) | Authentication and access method and authentication system | |
CN106936588A (en) | A kind of trustship method, the apparatus and system of hardware controls lock | |
CN102255732B (en) | Safe certificate issuing method based on USB (Universal Serial Bus) key | |
EP3185465A1 (en) | A method for encrypting data and a method for decrypting data | |
CN100464338C (en) | Method for binding security mechanism of application software and large database | |
CN104951923A (en) | Electronic signature system based on combination of PKI technology and anti-counterfeit technology of physical seal | |
CN106529216B (en) | Software authorization system and software authorization method based on public storage platform | |
CN103220139B (en) | The management method of the condom password of ATM and system | |
CN108964883A (en) | It is a kind of using smart phone as the digital certificate store of medium and endorsement method | |
JPH10200522A (en) | Ic card use enciphering method, system therefor and ic card |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090225 Termination date: 20150625 |
|
EXPY | Termination of patent right or utility model |