CN102868702B - System login device and system login method - Google Patents
System login device and system login method Download PDFInfo
- Publication number
- CN102868702B CN102868702B CN201210370770.6A CN201210370770A CN102868702B CN 102868702 B CN102868702 B CN 102868702B CN 201210370770 A CN201210370770 A CN 201210370770A CN 102868702 B CN102868702 B CN 102868702B
- Authority
- CN
- China
- Prior art keywords
- code
- voucher
- unique identity
- user identity
- identifying code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a kind of system login apparatus and method, wherein, device comprises client, the first system and second system.By the present invention, the authentication information only inputting another system when user logs in goal systems can realize logging in goal systems safely.Based on the consideration of safety, goal systems without any subscriber authentication information, the data such as the subscriber authentication information of other system without, be not stored in goal systems.User uses temporary identifications code to log in goal systems.Refusal is walked around the subscriber authentication of other system and uses counterfeit information directly to log in goal systems.
Description
Technical field
The present invention relates to field of computer technology, in particular to a kind of system login device and a kind of system login method.
Background technology
For user provides the application system of service usually to use " login " identifying user identity, this just needs this system to have subscriber identity information and verification method.In reality, enterprise has had one to have complete subscriber identity information and the application system of verification method usually.When this enterprise another one application system, usual needs are that new system sets up a set of subscriber identity information and verification method again, or by the subscriber identity information of existed system with verification method is independent sets up centralized and unified subscriber identity authentication system for existed system and newly-built system.
Along with business event development, enterprise can set up increasing system, and these systems need the identity of authentication of users usually.In reality, enterprise has had one to have complete subscriber identity information and the application system of verification method usually.When this enterprise sets up an application system again, usually need, for new system sets up a set of subscriber identity information and verification method again, so just to have occurred repeated construction, and need to do security evaluation to the new login authentication process introduced.Another method is by the subscriber identity information of existed system and verification method is independent sets up centralized and unified subscriber identity authentication system, but this method cost is high and have considerable influence to the structure of existed system.Therefore how to realize light weight in newly-built system, safe subscriber authentication is significant.
Therefore, need a kind of technical scheme for system login newly, do not need to set up subscriber identity information and verification method separately, also do not need to do excessive change to existing system, that light weight can be completed, safe subscriber authentication.
Summary of the invention
Technical problem to be solved by this invention is, a kind of technical scheme for system login is newly provided, do not need to set up subscriber identity information and verification method separately, do not need to do excessive change to existing system yet, that light weight can be completed, safe subscriber authentication.
In view of this, the invention provides a kind of system login device, comprise client, the first system and second system, wherein, when described client need log in described the first system, described client obtains user identity voucher, and described user identity voucher is sent to described the first system; Described the first system generates unique identity code according to described user identity voucher, preserves described user identity voucher and described unique identity code, and described unique identity code is returned to described client; Described client obtains described user identity voucher again, and the login authentication information that described identity user voucher, described unique identity code and user input is sent to described second system; Described second system uses described login authentication information to carry out login authentication, and after being proved to be successful, described user identity voucher and described unique identity code is sent to described the first system; Described the first system compares from the described user identity voucher of described second system and described unique identity code with the described user identity voucher preserved and described unique identity code, and when comparative result is consistent, identifying code is generated according to described user identity voucher and described unique identity code, preserve described unique identity code and described identifying code, and described identifying code is returned to described second system; Described identifying code is returned to described client by described second system; Described client obtains described user identity voucher again, and described user identity voucher, described unique identity code and described identifying code are sent to described the first system; Described the first system regenerates described identifying code according to from the described user identity voucher of described client and the described unique identity code preserved, and the described identifying code more preserved, from the described identifying code of described client and newly-generated described identifying code, when three is consistent, allow the first system described in described client logs.In this technical scheme, the Authentication mechanism that successfully make use of second system carrys out the checking of completing user identity, and in order to prevent makeing mistakes in data exchange process, have employed identifying code to verify, when only having three identifying codes all consistent, could illustrate in data exchange process errorless, can secure log.
In technique scheme, preferably, described unique identity code also when generating described unique identity code, is set to effectively by described the first system; Described the first system is searched described the first system according to the described unique identity code from described second system and whether is preserved effective described unique identity code, when finding, the described user identity voucher from described second system is compared with the described user identity voucher preserved, and comparative result consistent time generate described identifying code, when comparative result is inconsistent, refuse described user and log in described the first system, and the described unique identities identification code of having preserved is set to invalid; Whether described the first system also detects the described unique identities identification code of having preserved effective, and when invalid, refuse the first system described in described client logs, when effective, regenerate described identifying code, it is invalid the described unique identities identification code of having preserved to be set to.In this technical scheme, in order to ensure the fail safe of system login further, in order to unique identities identification code is provided with validity, as long as it is previously used once, no matter result, being all set to disarmed state, the fail safe of system login can be ensured further.
In technique scheme, preferably, described the first system is when comparative result is consistent, and the rise time stabs, generate identifying code according to described user identity voucher, described unique identity code and described timestamp, preserve described unique identity code, described identifying code and described timestamp; The described timestamp preserved and present system time compare and judge whether time-out by described the first system, when judged result is time-out, refuse the first system described in described client logs, when judged result is no, regenerate described identifying code according to from the described user identity voucher of described client, the described unique identity code preserved and described timestamp.In this technical scheme, in order to ensure the safety of system login further, timestamp is utilized to control the ageing of system login.
In technique scheme, preferably, described the first system is also when comparative result is consistent, generate described timestamp and random number, generate identifying code according to described user identity voucher, described unique identity code, described random number and described timestamp, preserve described unique identity code, described identifying code, described timestamp and described random number; Described the first system regenerates described identifying code according to from the described user identity voucher of described client, the described unique identity code preserved, described timestamp and described random number.In this technical scheme, for ensureing the fail safe of system login further, random code is utilized to improve the safe coefficient of identifying code.
In technique scheme, preferably, described user identity voucher comprises IP address, MAC Address and/or digital certificate.In this technical scheme, those skilled in the art should connect, and IP address, MAC Address, digital certificate only do example, and more information can as user's voucher.
The present invention also provides a kind of system login method, comprising: step 202, and when client need log in the first system, described client obtains user identity voucher, and described user identity voucher is sent to described the first system; Step 204, described the first system generates unique identity code according to described user identity voucher, preserves described user identity voucher and described unique identity code, and described unique identity code is returned to described client; Step 206, described client obtains described user identity voucher again, and the login authentication information that described identity user voucher, described unique identity code and user input is sent to second system; Step 208, described second system uses described login authentication information to carry out login authentication, and after being proved to be successful, described user identity voucher and described unique identity code is sent to described the first system; Step 210, described the first system compares from the described user identity voucher of described second system and described unique identity code with the described user identity voucher preserved and described unique identity code, and when comparative result is consistent, identifying code is generated according to described user identity voucher and described unique identity code, preserve described unique identity code and described identifying code, and described identifying code is returned to described second system; Step 212, described identifying code is returned to described client by described second system; Step 214, described client obtains described user identity voucher again, and described user identity voucher, described unique identity code and described identifying code are sent to described the first system; Step 216, described the first system regenerates described identifying code according to from the described user identity voucher of described client and the described unique identity code preserved, and the described identifying code more preserved, from the described identifying code of described client and newly-generated described identifying code, when three is consistent, allow the first system described in described client logs.In this technical scheme, the Authentication mechanism that successfully make use of second system carrys out the checking of completing user identity, and in order to prevent makeing mistakes in data exchange process, have employed identifying code to verify, when only having three identifying codes all consistent, could illustrate in data exchange process errorless, can secure log.
In technique scheme, preferably, also comprise: described unique identity code, when generating described unique identity code, is set to effectively by described the first system; Described step 210 comprises: described the first system is searched described the first system according to the described unique identity code from described second system and whether preserved effective described unique identity code, when finding, the described user identity voucher from described second system is compared with the described user identity voucher preserved, and comparative result consistent time generate described identifying code, when comparative result is inconsistent, refuse described user and log in described the first system, and the described unique identities identification code of having preserved is set to invalid; Before described step 216, also comprise: whether described the first system detects the described unique identities identification code of having preserved effective, and when invalid, refuse the first system described in described client logs, when effective, perform described step 216, it is invalid the described unique identities identification code of having preserved to be set to.In this technical scheme, in order to ensure the fail safe of system login further, in order to unique identities identification code is provided with validity, as long as it is previously used once, no matter result, being all set to disarmed state, the fail safe of system login can be ensured further.
In technique scheme, preferably, described step 210 comprises: described the first system is when comparative result is consistent, rise time stabs, generate identifying code according to described user identity voucher, described unique identity code and described timestamp, preserve described unique identity code, described identifying code and described timestamp; Before described step 216, also comprise: the described timestamp preserved and present system time compare and judge whether time-out by described the first system, when judged result is time-out, refuse the first system described in described client logs, when judged result is no, perform described step 216; Described step 216 comprises: described the first system regenerates described identifying code according to from the described user identity voucher of described client, the described unique identity code preserved and described timestamp.In this technical scheme, in order to ensure the safety of system login further, timestamp is utilized to control the ageing of system login.
In technique scheme, preferably, described step 210 comprises: described the first system is when comparative result is consistent, generate described timestamp and random number, generate identifying code according to described user identity voucher, described unique identity code, described random number and described timestamp, preserve described unique identity code, described identifying code, described timestamp and described random number; Described step 216 comprises: described the first system regenerates described identifying code according to from the described user identity voucher of described client, the described unique identity code preserved, described timestamp and described random number.In this technical scheme, for ensureing the fail safe of system login further, random code is utilized to improve the safe coefficient of identifying code.
In technique scheme, preferably, described user identity voucher comprises IP address, MAC Address and/or digital certificate.In this technical scheme, those skilled in the art should connect, and IP address, MAC Address, digital certificate only do example, and more information can as user's voucher.
By above technical scheme, do not need to set up subscriber identity information and verification method separately, do not need to do excessive change to existing system yet, that light weight can be completed, safe subscriber authentication.
Accompanying drawing explanation
Fig. 1 is the block diagram of system login device according to an embodiment of the invention;
Fig. 2 is the flow chart of system login method according to an embodiment of the invention;
Fig. 3 is the schematic flow sheet of system login method according to an embodiment of the invention;
Fig. 4 is the schematic flow sheet of system login method according to an embodiment of the invention;
Fig. 5 is the schematic flow sheet of system login method according to an embodiment of the invention.
Embodiment
In order to more clearly understand above-mentioned purpose of the present invention, feature and advantage, below in conjunction with the drawings and specific embodiments, the present invention is further described in detail.
Set forth a lot of detail in the following description so that fully understand the present invention, but the present invention can also adopt other to be different from other modes described here and implement, and therefore, the present invention is not limited to the restriction of following public specific embodiment.
Fig. 1 is the block diagram of system login device according to an embodiment of the invention.
As shown in Figure 1, the invention provides a kind of system login device 100, comprise client 102, the first system 104 and second system 106, wherein, when described client 102 need log in described the first system 104, described client 102 obtains user identity voucher, and described user identity voucher is sent to described the first system 104; Described the first system 104 generates unique identity code according to described user identity voucher, preserves described user identity voucher and described unique identity code, and described unique identity code is returned to described client 102; Described client 102 obtains described user identity voucher again, and the login authentication information that described identity user voucher, described unique identity code and user input is sent to described second system 106; Described second system 106 uses described login authentication information to carry out login authentication, and after being proved to be successful, described user identity voucher and described unique identity code is sent to described the first system 104; Described the first system 104 compares from the described user identity voucher of described second system 106 and described unique identity code with the described user identity voucher preserved and described unique identity code, and when comparative result is consistent, identifying code is generated according to described user identity voucher and described unique identity code, preserve described unique identity code and described identifying code, and described identifying code is returned to described second system 106; Described identifying code is returned to described client 102 by described second system 106; Described client 102 obtains described user identity voucher again, and described user identity voucher, described unique identity code and described identifying code are sent to described the first system 104; Described the first system 104 regenerates described identifying code according to from the described user identity voucher of described client 102 and the described unique identity code preserved, and the described identifying code more preserved, from the described identifying code of described client 102 and newly-generated described identifying code, when three is consistent, described client 102 is allowed to log in described the first system 104.In this technical scheme, the Authentication mechanism that successfully make use of second system 106 carrys out the checking of completing user identity, and in order to prevent makeing mistakes in data exchange process, have employed identifying code to verify, when only having three identifying codes all consistent, could illustrate in data exchange process errorless, can secure log.
In technique scheme, described unique identity code also when generating described unique identity code, is set to effectively by described the first system 104; Described the first system 104 is searched described the first system 104 according to the described unique identity code from described second system 106 and whether is preserved effective described unique identity code, when finding, the described user identity voucher from described second system 106 is compared with the described user identity voucher preserved, and comparative result consistent time generate described identifying code, when comparative result is inconsistent, refuse described user and log in described the first system 104, and the described unique identities identification code of having preserved is set to invalid; Whether described the first system 104 also detects the described unique identities identification code of having preserved effective, and when invalid, refuse described client 102 log in described the first system 104, when effective, regenerate described identifying code, it is invalid the described unique identities identification code of having preserved to be set to.In this technical scheme, in order to ensure the fail safe of system login further, in order to unique identities identification code is provided with validity, as long as it is previously used once, no matter result, being all set to disarmed state, the fail safe of system login can be ensured further.
In technique scheme, described the first system 104 is when comparative result is consistent, rise time stabs, and generates identifying code, preserve described unique identity code, described identifying code and described timestamp according to described user identity voucher, described unique identity code and described timestamp; The described timestamp preserved and present system time compare and judge whether time-out by described the first system 104, when judged result is time-out, refuse described client 102 and log in described the first system 104, when judged result is no, regenerate described identifying code according to from the described user identity voucher of described client 102, the described unique identity code preserved and described timestamp.In this technical scheme, in order to ensure the safety of system login further, timestamp is utilized to control the ageing of system login.
In technique scheme, described the first system 104 is also when comparative result is consistent, generate described timestamp and random number, generate identifying code according to described user identity voucher, described unique identity code, described random number and described timestamp, preserve described unique identity code, described identifying code, described timestamp and described random number; Described the first system 104 regenerates described identifying code according to from the described user identity voucher of described client 102, the described unique identity code preserved, described timestamp and described random number.In this technical scheme, for ensureing the fail safe of system login further, random code is utilized to improve the safe coefficient of identifying code.
In technique scheme, described user identity voucher comprises IP address, MAC Address and/or digital certificate.In this technical scheme, those skilled in the art should connect, and IP address, MAC Address, digital certificate only do example, and more information can as user's voucher.
Fig. 2 is the flow chart of system login method according to an embodiment of the invention.
As shown in Figure 2, the present invention also provides a kind of system login method, comprising: step 202, and when client need log in the first system, described client obtains user identity voucher, and described user identity voucher is sent to described the first system; Step 204, described the first system generates unique identity code according to described user identity voucher, preserves described user identity voucher and described unique identity code, and described unique identity code is returned to described client; Step 206, described client obtains described user identity voucher again, and the login authentication information that described identity user voucher, described unique identity code and user input is sent to second system; Step 208, described second system uses described login authentication information to carry out login authentication, and after being proved to be successful, described user identity voucher and described unique identity code is sent to described the first system; Step 210, described the first system compares from the described user identity voucher of described second system and described unique identity code with the described user identity voucher preserved and described unique identity code, and when comparative result is consistent, identifying code is generated according to described user identity voucher and described unique identity code, preserve described unique identity code and described identifying code, and described identifying code is returned to described second system; Step 212, described identifying code is returned to described client by described second system; Step 214, described client obtains described user identity voucher again, and described user identity voucher, described unique identity code and described identifying code are sent to described the first system; Step 216, described the first system regenerates described identifying code according to from the described user identity voucher of described client and the described unique identity code preserved, and the described identifying code more preserved, from the described identifying code of described client and newly-generated described identifying code, when three is consistent, allow the first system described in described client logs.In this technical scheme, the Authentication mechanism that successfully make use of second system carrys out the checking of completing user identity, and in order to prevent makeing mistakes in data exchange process, have employed identifying code to verify, when only having three identifying codes all consistent, could illustrate in data exchange process errorless, can secure log.
In technique scheme, also comprise: described unique identity code, when generating described unique identity code, is set to effectively by described the first system; Described step 210 comprises: described the first system is searched described the first system according to the described unique identity code from described second system and whether preserved effective described unique identity code, when finding, the described user identity voucher from described second system is compared with the described user identity voucher preserved, and comparative result consistent time generate described identifying code, when comparative result is inconsistent, refuse described user and log in described the first system, and the described unique identities identification code of having preserved is set to invalid; Before described step 216, also comprise: whether described the first system detects the described unique identities identification code of having preserved effective, and when invalid, refuse the first system described in described client logs, when effective, perform described step 216, it is invalid the described unique identities identification code of having preserved to be set to.In this technical scheme, in order to ensure the fail safe of system login further, in order to unique identities identification code is provided with validity, as long as it is previously used once, no matter result, being all set to disarmed state, the fail safe of system login can be ensured further.
In technique scheme, described step 210 comprises: described the first system is when comparative result is consistent, rise time stabs, generate identifying code according to described user identity voucher, described unique identity code and described timestamp, preserve described unique identity code, described identifying code and described timestamp; Before described step 216, also comprise: the described timestamp preserved and present system time compare and judge whether time-out by described the first system, when judged result is time-out, refuse the first system described in described client logs, when judged result is no, perform described step 216; Described step 216 comprises: described the first system regenerates described identifying code according to from the described user identity voucher of described client, the described unique identity code preserved and described timestamp.In this technical scheme, in order to ensure the safety of system login further, timestamp is utilized to control the ageing of system login.
In technique scheme, described step 210 comprises: described the first system is when comparative result is consistent, generate described timestamp and random number, generate identifying code according to described user identity voucher, described unique identity code, described random number and described timestamp, preserve described unique identity code, described identifying code, described timestamp and described random number; Described step 216 comprises: described the first system regenerates described identifying code according to from the described user identity voucher of described client, the described unique identity code preserved, described timestamp and described random number.In this technical scheme, for ensureing the fail safe of system login further, random code is utilized to improve the safe coefficient of identifying code.
In technique scheme, described user identity voucher comprises IP address, MAC Address and/or digital certificate.In this technical scheme, those skilled in the art should connect, and IP address, MAC Address, digital certificate only do example, and more information can as user's voucher.
In one embodiment of the invention, set up a kind of device, the authentication information only inputting another system when user logs in goal systems can realize logging in goal systems safely.
Based on the consideration of safety, goal systems without any subscriber authentication information, the data such as the subscriber authentication information of other system without, be not stored in goal systems.User uses temporary identifications code to log in goal systems, and refusal is walked around the subscriber authentication of other system and uses counterfeit information directly to log in goal systems.
Goal systems A is without any subscriber identity information, and system B has subscriber identity information and corresponding login authentication.Now provide a kind of method to allow the login authentication process of system A multiplex system B log in goal systems A with allowing user security, process as shown in Figures 3 to 5:
Step 302, uses client (Client/Browser) access system A for the user logging in goal systems A, and client sends it to system A after obtaining user identity voucher (IP address or MAC Address or digital certificate etc.);
Step 304, goal systems A obtains this user identity voucher, and generates random, that system is unique temporary identifications code (TEMP_ID);
Step 306, user identity voucher and TEMP_ID are set up corresponding relation and are preserved by goal systems A;
Step 308, TEMP_ID is returned to subscription client by goal systems A;
Step 310, subscription client obtains temporary identifications code (TEMP_ID);
Step 312, mode one: the login authentication module of the parameter access system B such as client end band TEMP_ID, user identity voucher of again obtaining, user inputs its login authentication information at system B,
Mode two: client provides input module for the login authentication information of user input systems B, then mails to the login authentication module of system B by this login authentication information and TEMP_ID, the user identity voucher that again obtains,
Mode three: again obtain user identity voucher by system B, the acquisition of TEMP_ID and login authentication information is with " mode one " or " mode two ";
Step 314, the log-on message of system B authentication of users;
Step 316, judges whether, by checking, not pass through then login failure;
Step 318, after system B is verified the log-on message of user, uses the communication channel between system server that user identity voucher and TEMP_ID are sent to goal systems A;
Step 320, the user identity voucher that goal systems A receiving system B sends here and TEMP_ID;
Step 322, compared with the user identity voucher that system B sends here by goal systems A and TEMP_ID preserve with native system, judges whether consistent;
Step 324, inconsistent, this temporary identifications code TEMP_ID was lost efficacy in systems in which, and returns failure information to system B;
Step 326, refusal user logs in;
Step 328, unanimously then the rise time stabs ST, random number R.Then use " TEMP_ID+ user identity voucher+timestamp ST+ random number R " to do Hash operation as origination message and obtain an identifying code, by timestamp ST, random number R, identifying code (another name: H1) be kept at system A in the lump with TEMP_ID;
Step 330, identifying code is returned to system B by goal systems A;
Step 332, the identifying code (another name: H2) return to subscription client that goal systems A returns by system B;
Step 334, client obtains the identity documents of user again;
Step 336, client is by the authentication module of itself and TEMP_ID, identifying code (H2) access destination system A;
Step 338, goal systems A obtains TEMP_ID, the identifying code (H2) of user, and the user identity voucher again obtained, judges that whether TEMP_ID is effective;
Step 340, if TEMP_ID is effective, obtains timestamp ST, random number R, the identifying code (H1) of native system preservation according to this TEMP_ID;
Step 342, at once arranges this TEMP_ID and lost efficacy;
Step 344, compares with timestamp ST according to present system time stamp, judges whether time-out; Then system A uses " the user identity voucher that TEMP_ID+ obtains again+timestamp ST+ random number R " to do Hash operation and is verified code (another name: H3);
Step 346, starts checking, only has " H1=H2=H3 " i.e. three complete equal ability of checking code value by checking, otherwise returns the login of error message refusal;
Step 350, logins successfully process.
In sum, pass through the present invention, only need the authentication information inputting another system can realize logging in goal systems safely, construction object system does not need any subscriber authentication information and logs in authentication process itself accordingly, to providing, the system amendment logging in authentication is very little, only needs the module that increase by is mutual with goal systems.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. a system login device, is characterized in that, comprises client, the first system and second system, wherein,
When described client need log in described the first system, described client obtains user identity voucher, and described user identity voucher is sent to described the first system;
Described the first system generates unique identity code according to described user identity voucher, preserves described user identity voucher and described unique identity code, and described unique identity code is returned to described client;
Described client obtains described user identity voucher again, and the login authentication information that described identity user voucher, described unique identity code and user input is sent to described second system;
Described second system uses described login authentication information to carry out login authentication, and after being proved to be successful, described user identity voucher and described unique identity code is sent to described the first system;
Described the first system compares from the described user identity voucher of described second system and described unique identity code with the described user identity voucher preserved and described unique identity code, and when comparative result is consistent, identifying code is generated according to described user identity voucher and described unique identity code, preserve described unique identity code and described identifying code, and described identifying code is returned to described second system;
Described identifying code is returned to described client by described second system;
Described client obtains described user identity voucher again, and described user identity voucher, described unique identity code and described identifying code are sent to described the first system;
Described the first system regenerates described identifying code according to from the described user identity voucher of described client and the described unique identity code preserved, and the described identifying code more preserved, from the described identifying code of described client and newly-generated described identifying code, when three is consistent, allow the first system described in described client logs.
2. system login device according to claim 1, is characterized in that, described unique identity code also when generating described unique identity code, is set to effectively by described the first system;
Described the first system is searched described the first system according to the described unique identity code from described second system and whether is preserved effective described unique identity code, when finding, the described user identity voucher from described second system is compared with the described user identity voucher preserved, and comparative result consistent time generate described identifying code, when comparative result is inconsistent, refuse described user and log in described the first system, and the described unique identity code preserved is set to invalid;
Whether described the first system also detects the described unique identity code preserved effective, and when invalid, refuse the first system described in described client logs, when effective, regenerate described identifying code, it is invalid to be set to by the described unique identity code preserved.
3. system login device according to claim 1, it is characterized in that, described the first system is when comparative result is consistent, rise time stabs, generate identifying code according to described user identity voucher, described unique identity code and described timestamp, preserve described unique identity code, described identifying code and described timestamp;
The described timestamp preserved and present system time compare and judge whether time-out by described the first system, when judged result is time-out, refuse the first system described in described client logs, when judged result is no, regenerate described identifying code according to from the described user identity voucher of described client, the described unique identity code preserved and described timestamp.
4. system login device according to claim 3, it is characterized in that, described the first system is also when comparative result is consistent, generate described timestamp and random number, generate identifying code according to described user identity voucher, described unique identity code, described random number and described timestamp, preserve described unique identity code, described identifying code, described timestamp and described random number;
Described the first system regenerates described identifying code according to from the described user identity voucher of described client, the described unique identity code preserved, described timestamp and described random number.
5. system login device according to any one of claim 1 to 4, is characterized in that, described user identity voucher comprises IP address, MAC Address and/or digital certificate.
6. a system login method, is characterized in that, comprising:
Step 202, when client need log in the first system, described client obtains user identity voucher, and described user identity voucher is sent to described the first system;
Step 204, described the first system generates unique identity code according to described user identity voucher, preserves described user identity voucher and described unique identity code, and described unique identity code is returned to described client;
Step 206, described client obtains described user identity voucher again, and the login authentication information that described identity user voucher, described unique identity code and user input is sent to second system;
Step 208, described second system uses described login authentication information to carry out login authentication, and after being proved to be successful, described user identity voucher and described unique identity code is sent to described the first system;
Step 210, described the first system compares from the described user identity voucher of described second system and described unique identity code with the described user identity voucher preserved and described unique identity code, and when comparative result is consistent, identifying code is generated according to described user identity voucher and described unique identity code, preserve described unique identity code and described identifying code, and described identifying code is returned to described second system;
Step 212, described identifying code is returned to described client by described second system;
Step 214, described client obtains described user identity voucher again, and described user identity voucher, described unique identity code and described identifying code are sent to described the first system;
Step 216, described the first system regenerates described identifying code according to from the described user identity voucher of described client and the described unique identity code preserved, and the described identifying code more preserved, from the described identifying code of described client and newly-generated described identifying code, when three is consistent, allow the first system described in described client logs.
7. system login method according to claim 6, is characterized in that, also comprises: described unique identity code, when generating described unique identity code, is set to effectively by described the first system;
Described step 210 comprises: described the first system is searched described the first system according to the described unique identity code from described second system and whether preserved effective described unique identity code, when finding, the described user identity voucher from described second system is compared with the described user identity voucher preserved, and comparative result consistent time generate described identifying code, when comparative result is inconsistent, refuse described user and log in described the first system, and the described unique identity code preserved is set to invalid;
Before described step 216, also comprise: whether described the first system detects the described unique identity code preserved effective, and when invalid, refuse the first system described in described client logs, when effective, perform described step 216, it is invalid to be set to by the described unique identity code preserved.
8. system login method according to claim 6, it is characterized in that, described step 210 comprises: described the first system is when comparative result is consistent, rise time stabs, generate identifying code according to described user identity voucher, described unique identity code and described timestamp, preserve described unique identity code, described identifying code and described timestamp;
Before described step 216, also comprise: the described timestamp preserved and present system time compare and judge whether time-out by described the first system, when judged result is time-out, refuse the first system described in described client logs, when judged result is no, perform described step 216;
Described step 216 comprises: described the first system regenerates described identifying code according to from the described user identity voucher of described client, the described unique identity code preserved and described timestamp.
9. system login method according to claim 8, it is characterized in that, described step 210 comprises: described the first system is when comparative result is consistent, generate described timestamp and random number, generate identifying code according to described user identity voucher, described unique identity code, described random number and described timestamp, preserve described unique identity code, described identifying code, described timestamp and described random number;
Described step 216 comprises: described the first system regenerates described identifying code according to from the described user identity voucher of described client, the described unique identity code preserved, described timestamp and described random number.
10. the system login method according to any one of claim 6 to 9, is characterized in that, described user identity voucher comprises IP address, MAC Address and/or digital certificate.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210370770.6A CN102868702B (en) | 2012-09-28 | 2012-09-28 | System login device and system login method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210370770.6A CN102868702B (en) | 2012-09-28 | 2012-09-28 | System login device and system login method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102868702A CN102868702A (en) | 2013-01-09 |
| CN102868702B true CN102868702B (en) | 2015-09-02 |
Family
ID=47447293
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210370770.6A Active CN102868702B (en) | 2012-09-28 | 2012-09-28 | System login device and system login method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102868702B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104468589A (en) * | 2014-12-12 | 2015-03-25 | 上海斐讯数据通信技术有限公司 | Method and system for achieving lightweight-level conversation |
| CN106612255A (en) * | 2015-10-23 | 2017-05-03 | 北京国双科技有限公司 | A method, apparatus and system for system docking |
| US10063571B2 (en) * | 2016-01-04 | 2018-08-28 | Microsoft Technology Licensing, Llc | Systems and methods for the detection of advanced attackers using client side honeytokens |
| CN107809407B (en) * | 2016-09-08 | 2020-04-03 | 杭州海康威视系统技术有限公司 | Method and device for acquiring streaming media resources and streaming media system |
| CN107547639B (en) * | 2017-08-24 | 2020-07-28 | 江苏北泰电气设备有限公司 | Centralized operation and maintenance hosting system of power distribution room |
| CN109448478A (en) * | 2018-12-29 | 2019-03-08 | 武汉易测云网络科技有限公司 | A kind of building peace pipe personnel continue educating learning system and method |
| CN111935173A (en) * | 2020-08-25 | 2020-11-13 | 南方电网科学研究院有限责任公司 | Router login verification method and device |
| CN113239341B (en) * | 2021-07-12 | 2021-10-19 | 南京赛宁信息技术有限公司 | Identity authentication method, equipment and system independent of user real characteristic information |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1835438A (en) * | 2006-03-22 | 2006-09-20 | 阿里巴巴公司 | Method of realizing single time accession between systems and system thereof |
| CN1866822A (en) * | 2005-05-16 | 2006-11-22 | 联想(北京)有限公司 | Method for realizing uniform authentication |
| CN101547092A (en) * | 2008-03-27 | 2009-09-30 | 天津德智科技有限公司 | Method and device for data synchronization of multi-application systems for unifying user authentication |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040220996A1 (en) * | 2003-04-29 | 2004-11-04 | Taiwan Semiconductor Manufaturing Co., Ltd. | Multi-platform computer network and method of simplifying access to the multi-platform computer network |
-
2012
- 2012-09-28 CN CN201210370770.6A patent/CN102868702B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1866822A (en) * | 2005-05-16 | 2006-11-22 | 联想(北京)有限公司 | Method for realizing uniform authentication |
| CN1835438A (en) * | 2006-03-22 | 2006-09-20 | 阿里巴巴公司 | Method of realizing single time accession between systems and system thereof |
| CN101547092A (en) * | 2008-03-27 | 2009-09-30 | 天津德智科技有限公司 | Method and device for data synchronization of multi-application systems for unifying user authentication |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102868702A (en) | 2013-01-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102868702B (en) | System login device and system login method | |
| CN107948204B (en) | One-key login method and system, related equipment and computer readable storage medium | |
| CN102638473B (en) | User data authorization method, device and system | |
| US10754826B2 (en) | Techniques for securely sharing files from a cloud storage | |
| US11122047B2 (en) | Invitation links with enhanced protection | |
| CN101350720B (en) | Dynamic cipher authentication system and method | |
| CN102685110B (en) | Universal method and system for user registration authentication based on fingerprint characteristics | |
| CN106060078B (en) | User information encryption method, register method and verification method applied to cloud platform | |
| CN103179134A (en) | Single sign on method and system based on Cookie and application server thereof | |
| CN101087193A (en) | New method for using the mobile number bond with account for identity identification | |
| CN103853950A (en) | Authentication method based on mobile terminal and mobile terminal | |
| CN206212040U (en) | A kind of real-name authentication system for express delivery industry | |
| CN103220673B (en) | WLAN user authentication method, certificate server and subscriber equipment | |
| CN104735065A (en) | Data processing method, electronic device and server | |
| CN107306246A (en) | Based on the data capture method for accessing key | |
| CN102143131B (en) | User logout method and authentication server | |
| CN105429991A (en) | Efficient data transmission method for mobile terminal | |
| CN106330829A (en) | Method and system for realizing single signing on by using middleware | |
| CN103905194A (en) | Identity traceability authentication method and system | |
| CN103812651A (en) | Password authentication method, device and system | |
| CN103458407A (en) | Internet account number login management system and method based on short message | |
| CN105450658A (en) | System login method and device | |
| CN106549909A (en) | A kind of authority checking method and apparatus | |
| CN104125230A (en) | Short message authentication service system and authentication method | |
| CN106850517A (en) | A kind of method, apparatus and system for solving intranet and extranet repeat logon |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee | ||
| CP03 | Change of name, title or address |
Address after: 100094 Haidian District North Road, Beijing, No. 68 Patentee after: Yonyou Network Technology Co., Ltd. Address before: 100094 Beijing city Haidian District North Road No. 68, UFIDA Software Park Patentee before: UFIDA Software Co., Ltd. |