CN106506498A - A kind of inter-system data calls authorization and authentication method - Google Patents
A kind of inter-system data calls authorization and authentication method Download PDFInfo
- Publication number
- CN106506498A CN106506498A CN201610975924.2A CN201610975924A CN106506498A CN 106506498 A CN106506498 A CN 106506498A CN 201610975924 A CN201610975924 A CN 201610975924A CN 106506498 A CN106506498 A CN 106506498A
- Authority
- CN
- China
- Prior art keywords
- sign
- data
- token
- inter
- interim token
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Abstract
The invention belongs to Data Interchange Technology and safety verification technical field, more particularly to a kind of inter-system data calls authorization and authentication method.The present invention generates SysKey by the first system first, and SysKey is sent into single-sign-on services system to obtain interim Token;SysKey and interim Token are sent to second system by single-sign-on services system again;Whether interim Token is sent to single-sign-on services system by second system effective to verify interim Token;The single-sign-on services system returns the result to second system;If interim Token is effectively, the data that the first system needs inquiry are back to the first system;Otherwise, being returned directly to the first system carries out data processing.The present invention ensures the safety of the first system and second system user profile during data call authorization identifying;Two systems are communicated by single-sign-on services system so that the data in two systems in the range of respective system administration authority, effectively prevent the phenomenon generation that data between two systems are reported to the leadship after accomplishing a task respectively.
Description
Technical field
The invention belongs to Data Interchange Technology and safety verification technical field, more particularly to a kind of inter-system data is called to be awarded
Power authentication method.
Background technology
With the fast development of IT industries, the exploitation of software system not only only considers that demand functionally, client are also got over
More to pay attention to the demand of the safety of user profile and data call, therefore the mandate of user and inter-system data are called
Authorization identifying becomes particularly important, and as the safety of system is increasingly paid attention to by user, user is hidden for network data
Private is also paid much attention to, while research staff is also designed with emphatically relation system safety problem.Therefore, for system login and data
Call a much-talked-about topic for also becoming that IT industries are researched and developed emphatically in recent years.
Inter-system data of the prior art calls authorization and authentication method ensure to award in data call between two systems
The safety of user profile in verification process is weighed, and reporting to the leadship after accomplishing a task easily occur in the data between system, therefore need a kind of energy of proposition badly
Enough ensure that the inter-system data of the safety of user profile calls authorization and authentication method.
Content of the invention
The present invention is in order to overcome the above-mentioned deficiencies of the prior art, there is provided a kind of inter-system data calls authorization identifying side
Method, this invention ensures that the safety of user profile during data call authorization identifying between two systems, and two are
Data in system in the range of respective system administration authority, will not occur the phenomenon that data are reported to the leadship after accomplishing a task respectively.
For achieving the above object, following technical measures present invention employs:
A kind of inter-system data calls authorization and authentication method, comprises the following steps:
S1, the first system generate SysKey, and the SysKey is sent into single-sign-on services system, the single-sign-on
Service system generates interim Token;
SysKey and interim Token are sent to second system by S2, the single-sign-on services system;
Interim Token is back to single-sign-on services system to verify whether interim Token has by S3, the second system
Effect;
S4, the single-sign-on services system return the result to second system;
If the interim Token of S5 are effectively, the first system is needed the data of inquiry to be back to the first system by second system;
If interim Token is invalid, information invalid for interim Token is returned to the first system by second system, after the first system is done again
Continuous process.
Preferably, the first system produces interface by calling the Token of single-sign-on services system, and SysKey is sent
Enter Token to produce interface to obtain interim Token.
Preferably, the single-sign-on services system is by calling the user list information interface of second system by SysKey
And interim Token is sent to second system.
Preferably, the effective time length of the interim Token is 60 seconds, and is only capable of using once.
Further, if the first system and second system are 30 during inter-system data calls authorization identifying
Any data interaction is not carried out in minute, then needs the authorization identifying for re-starting step S1 to step S5.
Further, if the first system did not entered in 30 minutes during inter-system data calls authorization identifying
Any operation of row, needs to re-call single-sign-on interface and is verified.
The beneficial effects of the present invention is:
1), the present invention introduces single-sign-on services system between the first system and second system, while the first system
With second system when data call authorization identifying is carried out, need to call the Token of single-sign-on services system to produce interface
Interim Token is obtained, authorization identifying is carried out to data call by the certification to interim Token, therefore the present invention can be protected
The safety of card the first system and second system user profile during data call authorization identifying;And two systems pass through
Single-sign-on services system is being communicated so that the data in two systems are respectively in the scope of respective system administration authority
Interior, effectively prevent the phenomenon generation that data between two systems are reported to the leadship after accomplishing a task.
Description of the drawings
Fig. 1 is the schematic diagram of data call process between the first system of the invention and second system.
Specific embodiment
Accompanying drawing in below in conjunction with the embodiment of the present invention, to the embodiment of the present invention in technical scheme carry out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiment.It is based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made
Embodiment, belongs to the scope of protection of the invention.
As shown in figure 1, a kind of inter-system data calls authorization and authentication method, comprise the following steps:
S1, the first system generate SysKey, and the SysKey is sent into single-sign-on services system, the single-sign-on
Service system generates interim Token;
SysKey and interim Token are sent to second system by S2, the single-sign-on services system;
Interim Token is back to single-sign-on services system to verify whether interim Token has by S3, the second system
Effect;
S4, the single-sign-on services system return the result to second system;
If the interim Token of S5 are effectively, the first system is needed the data of inquiry to be back to the first system by second system;
If interim Token is invalid, information invalid for interim Token is returned to the first system by second system, after the first system is done again
Continuous process.
The subsequent treatment done by the first system can point out user, the first system to call second system data call mandate
Authentification failure, please re-operate.
The first system produces interface by calling the Token of single-sign-on services system, and SysKey is sent into Token
Produce interface to obtain interim Token.
The single-sign-on services system and is faced SysKey by calling the user list information interface of second system
When Token be sent to second system.
The effective time length of the interim Token is 60 seconds, and is only capable of using once, more than 60 seconds after interim Token
Will fail.
During inter-system data calls authorization identifying if the first system and second system in 30 minutes not
Any data interaction is carried out, then needs the authorization identifying for re-starting step S1 to step S5.
If the first system did not carry out any behaviour in 30 minutes during inter-system data calls authorization identifying
Make, need to re-call single-sign-on interface and verified.
SysKey represents unique mark, with uniqueness;Interim Token is having temporarily for single-sign-on services system generation
Effect bill, with ageing, interim Token refers to the token in computer identity certification.
Data when there is data to interact between the first system and second system, between the first system and second system
Call and have to carry out authorization identifying, it is ensured that standardization and safety that inter-system data is called, carry out between two systems
During data call, user conversation is not relied on.
Such as the first system needs second system timing acquisition business datum, then the first system needs first to generate
SysKey, then SysKey is sent into single-sign-on services system to obtain interim Token, the single-sign-on services system will
SysKey and interim Token are sent to second system, after second system receives SysKey and interim Token, will be interim
Token is sent to single-sign-on services system come the information that whether effectively verifies interim Token and obtain the user, finally sentences
The result of disconnected checking, if interim Token is effectively, user can arrive second system timing acquisition business datum;Otherwise, second is
Information invalid for interim Token is returned to the first system by system, and the first system does subsequent treatment again.
The inter-system data of the present invention calls authorization and authentication method, introduces single-point between the first system and second system
Log-in service system, while the first system and second system are when data call is carried out, needs to call single-sign-on services system
Token produce interface obtaining interim Token, authorization identifying is carried out to data call by the certification to interim Token,
Therefore the present invention ensure that the safety of the first system and second system user profile during data call authorization identifying;
And two systems are communicated by single-sign-on services system so that the data in two systems are respectively in respective system
In the range of administration authority, the phenomenon generation that data between two systems are reported to the leadship after accomplishing a task is effectively prevent.Present invention efficiently solves being
The problems such as system is logged in and inter-system data calls safety, standardization.
Claims (6)
1. a kind of inter-system data calls authorization and authentication method, it is characterised in that comprise the following steps:
S1, the first system generate SysKey, and the SysKey is sent into single-sign-on services system, the single-sign-on services
System generates interim Token;
SysKey and interim Token are sent to second system by S2, the single-sign-on services system;
Whether interim Token is back to single-sign-on services system by S3, the second system effective to verify interim Token;
S4, the single-sign-on services system return the result to second system;
If the interim Token of S5 are effectively, the first system is needed the data of inquiry to be back to the first system by second system;If facing
When Token invalid, then information invalid for interim Token is returned to the first system by second system, and the first system does follow-up place again
Reason.
2. a kind of inter-system data calls authorization and authentication method as claimed in claim 1, it is characterised in that:The first system
Interface is produced by calling the Token of single-sign-on services system, SysKey is sent into Token and is produced interface to obtain temporarily
Token.
3. a kind of inter-system data calls authorization and authentication method as claimed in claim 2, it is characterised in that:The single-sign-on
Service system by calling the user list information interface of second system that SysKey and interim Token are sent to second is
System.
4. a kind of inter-system data as described in claims 1 to 3 any one calls authorization and authentication method, it is characterised in that:
The effective time length of the interim Token is 60 seconds, and is only capable of using once.
5. a kind of inter-system data calls authorization and authentication method as claimed in claim 1, it is characterised in that:In inter-system data
If the first system did not carried out any data interaction with second system in 30 minutes during calling authorization identifying, then need
Re-start the authorization identifying of step S1 to step S5.
6. a kind of inter-system data calls authorization and authentication method as claimed in claim 5, it is characterised in that:In inter-system data
If the first system did not carried out any operation in 30 minutes during calling authorization identifying, need to re-call single-point and step on
Record interface is verified.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610975924.2A CN106506498B (en) | 2016-11-07 | 2016-11-07 | Data call authorization authentication method between systems |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610975924.2A CN106506498B (en) | 2016-11-07 | 2016-11-07 | Data call authorization authentication method between systems |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106506498A true CN106506498A (en) | 2017-03-15 |
| CN106506498B CN106506498B (en) | 2020-07-28 |
Family
ID=58323673
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610975924.2A Active CN106506498B (en) | 2016-11-07 | 2016-11-07 | Data call authorization authentication method between systems |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106506498B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114257583A (en) * | 2021-12-22 | 2022-03-29 | 贵州东彩供应链科技有限公司 | Safe downloading method for solving JWT authorization |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101483525A (en) * | 2009-01-22 | 2009-07-15 | 中兴通讯股份有限公司 | Implementing method for authentication center |
| WO2012098265A1 (en) * | 2011-01-21 | 2012-07-26 | Lionel Wolovitz | Method and system for controlling access to networks and/or services |
| CN103581140A (en) * | 2012-08-03 | 2014-02-12 | 腾讯科技(深圳)有限公司 | Authorization control method, device and system and authorization request method and device |
| CN103716285A (en) * | 2012-09-29 | 2014-04-09 | 西门子公司 | Single sign on method, proxy server and single sign on system |
| CN104580184A (en) * | 2014-12-29 | 2015-04-29 | 华中师范大学 | Identity authentication method for mutual-trust application systems |
| CN105225072A (en) * | 2015-11-05 | 2016-01-06 | 浪潮(北京)电子信息产业有限公司 | A kind of access management method of multi-application system and system |
| CN105471579A (en) * | 2014-09-10 | 2016-04-06 | 阿里巴巴集团控股有限公司 | Trusted login method and device |
| CN105721412A (en) * | 2015-06-24 | 2016-06-29 | 乐视云计算有限公司 | Method and device for authenticating identity between multiple systems |
| US20160205108A1 (en) * | 2015-01-13 | 2016-07-14 | Oracle International Corporation | Identity management and authentication system for resource access |
-
2016
- 2016-11-07 CN CN201610975924.2A patent/CN106506498B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101483525A (en) * | 2009-01-22 | 2009-07-15 | 中兴通讯股份有限公司 | Implementing method for authentication center |
| WO2012098265A1 (en) * | 2011-01-21 | 2012-07-26 | Lionel Wolovitz | Method and system for controlling access to networks and/or services |
| CN103581140A (en) * | 2012-08-03 | 2014-02-12 | 腾讯科技(深圳)有限公司 | Authorization control method, device and system and authorization request method and device |
| CN103716285A (en) * | 2012-09-29 | 2014-04-09 | 西门子公司 | Single sign on method, proxy server and single sign on system |
| CN105471579A (en) * | 2014-09-10 | 2016-04-06 | 阿里巴巴集团控股有限公司 | Trusted login method and device |
| CN104580184A (en) * | 2014-12-29 | 2015-04-29 | 华中师范大学 | Identity authentication method for mutual-trust application systems |
| US20160205108A1 (en) * | 2015-01-13 | 2016-07-14 | Oracle International Corporation | Identity management and authentication system for resource access |
| CN105721412A (en) * | 2015-06-24 | 2016-06-29 | 乐视云计算有限公司 | Method and device for authenticating identity between multiple systems |
| CN105225072A (en) * | 2015-11-05 | 2016-01-06 | 浪潮(北京)电子信息产业有限公司 | A kind of access management method of multi-application system and system |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114257583A (en) * | 2021-12-22 | 2022-03-29 | 贵州东彩供应链科技有限公司 | Safe downloading method for solving JWT authorization |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106506498B (en) | 2020-07-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101183932B (en) | Security identification system of wireless application service and login and entry method thereof | |
| CN104539615B (en) | Cascade connection authentication method based on CAS | |
| CN108600203A (en) | Secure Single Sign-on method based on Cookie and its unified certification service system | |
| US20120260322A1 (en) | Flexible authentication for online services with unreliable identity providers | |
| CN101193027A (en) | A single-point login system and method for integrated isomerous system | |
| CN106529979A (en) | Enterprise identity authentication method and system | |
| CN104104672A (en) | Method for establishing dynamic authorization code based on identity authentication | |
| TW201014315A (en) | User identity authentication method, system thereof and identifying code generating maintenance subsystem | |
| CN1731723A (en) | Electron/handset token dynamic password identification system | |
| CN103188344A (en) | Method for safely invoking REST API (representational state transfer, application programming interface) | |
| CN109274505A (en) | A kind of anonymous electronic voting method based on block chain technology | |
| EP3225053B1 (en) | Identity and phone number verification | |
| CN107070894A (en) | A kind of software integrating method based on enterprise's cloud service platform | |
| CN104079413A (en) | Enhancement type one-time dynamic password authentication method and system | |
| CN107277015A (en) | Unifying user authentication management method, system, storage medium and server | |
| CN102377573A (en) | Double-factor authentication method capable of securely updating password | |
| CN102176712A (en) | Identity authentication method and data card | |
| CN101902329A (en) | Method and device for single sign on | |
| CN107634834A (en) | A kind of trusted identity authentication method based on the more scenes in multiple terminals | |
| CN101626291A (en) | ECC algorithm-based identity authentication system and identity authentication method | |
| CN103379093B (en) | A kind of method and device for realizing account intercommunication | |
| CN102404112A (en) | Access authentication method for credible terminal | |
| CN102510338B (en) | System, device and method for security certificate for multi-organization interconnection system | |
| CN103428698B (en) | Mobile interchange participant's identity strong authentication method | |
| CN104657860A (en) | Mobile banking security authentication method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |