CN109150800A - Login access method, system and storage medium - Google Patents

Login access method, system and storage medium Download PDF

Info

Publication number
CN109150800A
CN109150800A CN201710457265.8A CN201710457265A CN109150800A CN 109150800 A CN109150800 A CN 109150800A CN 201710457265 A CN201710457265 A CN 201710457265A CN 109150800 A CN109150800 A CN 109150800A
Authority
CN
China
Prior art keywords
service sub
information
token
service
authentication token
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710457265.8A
Other languages
Chinese (zh)
Other versions
CN109150800B (en
Inventor
王俊明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201710457265.8A priority Critical patent/CN109150800B/en
Publication of CN109150800A publication Critical patent/CN109150800A/en
Application granted granted Critical
Publication of CN109150800B publication Critical patent/CN109150800B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention provides a login access method, which is applied to a unified login system side, and comprises the following steps: and when receiving an access request of the user for any service subsystem, sending user login information and authentication token information of any service subsystem to any service subsystem for verification of any service subsystem. The invention mainly adopts a REST-based lightweight service technology, establishes an identity mutual trust authentication service between systems, then releases the authentication service as a service conforming to the REST architecture specification for a local user interface and a remote third-party interface to call, simultaneously adopts an encrypted token mode to store user authentication information in a token of a client, and then obtains the authentication user information by decrypting a token ciphertext, thereby providing safety guarantee for the user information and increasing the expandability of an application server.

Description

A kind of sign-on access method, system and storage medium
Technical field
The present invention relates to application system technical field more particularly to a kind of sign-on access methods, system and storage medium.
Background technique
It is constantly popularized with digitized, each department of large-scale enterprises and institutions has gradually gone up related to business itself Various subsystems (in these service sub-systems, in the majority with Web, Andriod/APP subsystem), almost each industry Business subsystem requires the identity of identification operator, and according to its different identity, distributes certain permission, do in some operations Limitation.As a result many companies or department all just respectively devise a set of subscriber data and permission pipe in each service sub-system The mechanism of reason, and user log-in authentication is provided.Demand above is met in this way, but thus brings user account management not side Just, the problems such as subscriber data disunity.When digitalized network develops to certain phase, to the integration of subscriber data to unite One management becomes very necessary, based on the mutual of user information between existing unified entry system and each service sub-system Verification process is realized by soap protocol, and then unified entry system will be believed containing the session of user authentication voucher Breath is saved, and subsequent user obtains session information by browser and initiates logging request, business subsystem to service sub-system System is logined successfully by the browser return of information authentication rear line.
It will be may create the problem that using above scheme
1. unified entry system response efficiency is slow, resource cannot be utilized rationally, be easy to produce clogged with messages phenomenon;
2. the resource of unified entry system and the loose coupling of view are poor, it is not easy to system maintenance, is not easy to third party system Integrated, set expandability is poor;
3. the data structure of unified entry system is single, traditional is based on SOAP (Simple Object access Protocol, Simple Object Access Protocol) with XML (eXtensible Markup Language, extending mark language) format Transmit data, it is difficult to adapt to mobile interchange business development needs;
4. the safety of service sub-system is low, traditional transmission be all with URL (Uniform Resource Locator, Uniform resource locator) mode, many sensitive informations are all exposed to outside, simply by simple increase configuration SSL (Secure Sockets Layer, Secure Socket Layer) transmission data, it is difficult to ensure that information security.
Summary of the invention
The technical problem to be solved by the present invention is to provide a kind of sign-on access method, system and storage medium, both guarantee industry The information security of business subsystem, and unified entry system is made to have good dynamic retractility.
The technical solution adopted by the present invention is that the sign-on access method, is applied to unified entry system side, the method Include:
When unified entry system, which receives the user, is directed to the access request of any service sub-system, user is logged in Information and service sub-system authentication token information are sent to the service sub-system, are verified for the service sub-system.
Further, the access request that the user is directed to any service sub-system is received in the unified entry system Before, the method, further includes:
Characteristic information of the unified entry system according to the service sub-system got in advance, generates the business Subsystem authentication token information simultaneously saves;
Wherein, the characteristic information of the service sub-system includes: the account information of the service sub-system, alternatively, described The account information of service sub-system and the corresponding unique encodings information of the service sub-system;The account of the service sub-system is believed Breath includes: service sub-system title and service sub-system password.
Further, described that user login information and the service sub-system authentication token information are sent to the industry Business subsystem include:
User is stepped on by REST (Representational State Transfer, declarative state transmitting) mode Record information and the service sub-system authentication token information are sent to the service sub-system.
Further, the characteristic information for the service sub-system that the foundation is got in advance generates business System authentication token information, comprising:
Token is generated by the account information of random data sequence character string and the service sub-system;
The token is encrypted to obtain the service sub-system authentication token information, alternatively, to the token and institute The corresponding unique encodings information of service sub-system is stated to be encrypted to obtain the service sub-system authentication token information.
Further, it is described the token is encrypted to obtain the service sub-system authentication token information include:
The token is hashed and generates identifying code;
The identifying code and the token by hash are encrypted to obtain the service sub-system authentication token letter Breath;
It is described that the token and the corresponding unique encodings information of the service sub-system are encrypted to obtain the business Subsystem authentication token information includes:
The token is hashed and generates identifying code;
The identifying code, the corresponding unique encodings information of the service sub-system and the token by hashing are carried out Encryption obtains the service sub-system authentication token information.
The present invention also provides a kind of sign-on access methods, comprising:
Service sub-system receives the user login information that unified entry system is sent and service sub-system authentication token letter Breath;
The service sub-system believes the user login information received and the service sub-system authentication token Breath is verified, and to the unified entry system back-checking result.
It further, is interacted in a manner of REST between the service sub-system and the unified entry system.
Further, the described pair of user login information received and service sub-system authentication token information carry out Verification, comprising:
Judge locally whether preserved the user login information received, wherein the user login information packet It includes: user information, alternatively, user information and encrypted message;
In the case where the judgment result is yes;
Whether the token that the service sub-system authentication token information that judgment basis receives obtains is effective, alternatively, sentencing The token and the corresponding unique encodings of service sub-system that the service sub-system authentication token information that disconnected foundation receives obtains Whether information is effective.
Further, the token and service sub-system obtained according to the service sub-system authentication token information received The mode of corresponding unique encodings information, comprising:
The service sub-system authentication token information is decrypted to obtain token and the corresponding unique encodings letter of service sub-system Breath;
Solution hash is carried out to the token and obtains the account information of random data sequence character string and service sub-system;It is described The account information of service sub-system includes: service sub-system title and service sub-system password.
Further, the token and industry that the service sub-system authentication token information that the judgment basis receives obtains Whether the corresponding unique encodings information of subsystem of being engaged in is effective, comprising:
Whether before the deadline A1: judging the token, if so then execute step A2, otherwise determine the token received and The corresponding unique encodings information of service sub-system is invalid;
A2: judge locally whether preserved the business subsystem decrypted to the service sub-system authentication token information It unites the account information of corresponding unique encodings information and the service sub-system obtained according to the token, if so, determining to connect The corresponding unique encodings information of the token and service sub-system received is effective, otherwise determines the token received and service sub-system Corresponding unique encodings information is invalid.
The present invention also provides a kind of unified entry systems, comprising: first communication module, first memory and the first processing Device, in which:
The first communication module is configured to carry out communication interaction with user and service sub-system;
The first memory is stored with authentication management program;
First processor is configured to execute the authentication management program to realize such as the step of above-mentioned sign-on access method.
The present invention also provides a kind of service sub-systems, comprising: second communication module, second memory and second processor, Wherein:
The second communication module is configured to carry out communication interaction with unified entry system;
The second memory is stored with certification accreditation process;
Second processor is configured to execute the certification accreditation process to realize such as the step of above-mentioned sign-on access method.
The present invention also provides being stored with computer program in computer storage medium described in a kind of computer storage medium, institute It states and realizes when computer program is executed by processor such as the step of above-mentioned sign-on access method.
By adopting the above technical scheme, the present invention at least has the advantage that
Sign-on access method, system and storage medium of the present invention pass through unified login for current client user Existing efficiency of service is high during system access service sub-system, Service Source waste and data structure are single etc. asks Topic, provides a kind of solution, while ensuring system availability, improves the real-time of system processing and accurate Property.The present invention can improve efficiency of service, save Service Source, and mobile application is given to provide good service, but can be reduced operation at This, improves user experience and increases the income of operator.
Detailed description of the invention
Fig. 1 is the sign-on access method flow diagram of first embodiment of the invention;
Fig. 2 is the sign-on access method flow diagram of second embodiment of the invention;
Fig. 3 is the unified entry system composition schematic diagram of third embodiment of the invention;
Fig. 4 is the service sub-system composition schematic diagram of fourth embodiment of the invention.
Specific embodiment
Further to illustrate the present invention to reach the technical means and efficacy that predetermined purpose is taken, below in conjunction with attached drawing And preferred embodiment, the present invention is described in detail as after.
First embodiment of the invention, a kind of sign-on access method are applied to unified entry system, as shown in Figure 1, this method Comprising the following specific steps
Step S101, unified entry system generate service sub-system authentication token information simultaneously for each service sub-system It saves, the service sub-system authentication token information is also configured in corresponding service sub-system.
Specifically, the service sub-system authentication token information includes: service sub-system in first optional example Account information.
In second optional example, the service sub-system authentication token information includes: the account of service sub-system Information and the corresponding unique encodings information of service sub-system.
The account information of service sub-system includes: service sub-system title and service sub-system password;
Unified entry system is with user and is to be interacted between service sub-system in a manner of REST.Such as: uniformly step on User login information and the service sub-system authentication token information are sent to the business by REST mode by recording system Subsystem.
In step s101, the characteristic information for the service sub-system that can be got in advance, the spy of the service sub-system Reference breath includes: the account information of the service sub-system, alternatively, the account information of the service sub-system and business The corresponding unique encodings information of system;The account information of the service sub-system includes: service sub-system title and business subsystem System password.
Unified entry system is directed to each service sub-system, according to the feature of the service sub-system got in advance Information generates service sub-system authentication token information, comprising:
A1: it is directed to any service sub-system, passes through the account of random data sequence character string and any service sub-system Family information generates token;
A2: the token is encrypted to obtain any service sub-system authentication token information, alternatively, to the order Board and the corresponding unique encodings information of any service sub-system are encrypted to obtain any service sub-system certification order Board information.
Further, it in step A2, is encrypted to the token or to the token and unique encoded information Obtain any service sub-system authentication token information, comprising:
The token is hashed and generates identifying code;
In first optional example, the identifying code and the token by hash are combined and encrypted Obtain any service sub-system authentication token information;
In second optional example, the identifying code, the corresponding unique encodings of any service sub-system are believed Breath and the token by hashing, which combine, is encrypted to obtain any service sub-system authentication token information.
User is logged in and is believed when receiving access request of the user for any service sub-system by step S102 Breath and any service sub-system authentication token information are sent to any service sub-system, for any business System is verified.
Mainly using REST lightweight service technology is based on, REST technological service has a characteristic that the embodiment of the present invention
1) data buffer storage.Data can be cached as needed based on REST system, it is possible to reduce server-side and visitor Information transmission, raising performance between the end of family, increase user experience.Service sub-system caches the visit from unified entry system It asks request, improves the speed of access.
2) system structure stratification.In one system based on REST, client can be with one or more server It interactively communicates, good system level structure is convenient for the maintenance of operation maintenance personnel and integrating for other application.Such as: the present invention is implemented Example, different service sub-system (classes can be logged in by unified entry system (similar to the unified login entrance of client) It is similar to server).
3) data structure is abundant.The form of expression gives corresponding contents by requirement when client request resource, general to return The formats such as XML, JSON, XHML.Such as: unified entry system (enters similar to the unified login of client in the embodiment of the present invention Mouthful) to service sub-system (be similar to server) request resource when, client can not only make PC machine that can also move with mobile terminal Dynamic terminal can request the resource of the various formats such as XML, JSON, XHML to service sub-system, and the client of the prior art is only It can be PC machine, and not support mobile terminal and above-mentioned multiple format.
4) stateless.In a REST system, server-side (being similar to unified login entrance) can't save related visitor Any state at family end (being similar to service sub-system).That is, client itself is responsible for the maintenance of User Status, and every Secondary transmission requires to provide enough information when requesting.Such as: the user side in the embodiment of the present invention sends user's logging request When, after unified entry system (similar to the unified login entrance of client) can combine user login information together with registration ciphertext Service sub-system (being similar to server) is sent to be verified.
5) unified interface.One REST system is needed using unified interface (the i.e. unified login of the embodiment of the present invention System) complete the interaction between unified interface and service sub-system.This makes each service sub-system in REST system It can complete alone to develop.In conclusion problems of the prior art can be solved fundamentally.
Furthermore it is possible to which the corresponding one kind that is programmed to of the method for the embodiment of the present invention is logged in access service.It should Service will log in access process and be issued as REST service, call for local user and remote user, while use crypto token side The service sub-system authentication token information preservation that formula inputs administrator is in unified entry system and configuration in service sub-system In, which is not used Session and is saved service sub-system relevant authentication information in a manner of session, but passes through solution secret order Board ciphertext obtains service sub-system authentication token information, has both guaranteed the information security of user, and it is good that server is had Dynamic retractility etc..
The user side of the embodiment of the present invention can be PC machine installation browser (such as: IE, Firefox, chrome) or Person's cell phone client (App or iOS).Such as: certain enterprise management system or Large-Scale Interconnected net portal, having logged in some in user is Other subsystems are there is no need to log in after system, all applications of accessible relevant subsystem.
Second embodiment of the invention, a kind of sign-on access method are applied to service sub-system, as shown in Fig. 2, this method is also Comprising the following specific steps
Step S201, service sub-system is in the service sub-system authentication token information that itself is locally configured;The business subsystem System authentication token information is also stored in unified entry system.
Step S202, service sub-system receive unified entry system and log in letter based on the user that the access request of user is sent When breath and service sub-system authentication token information, the user login information and the service sub-system certification received is enabled Board information is verified, and to the unified entry system back-checking result.
Specifically, interacted in a manner of REST between service sub-system and unified entry system.
In step S202, the described pair of user login information received and service sub-system authentication token information It is verified, comprising:
A1: judge locally whether preserved the user login information received, if so, thening follow the steps A2;It is no Then follow the steps A3;The user login information includes: user information, alternatively, user information and encrypted message;
A2: the obtained token of service sub-system authentication token information that judgment basis receives or obtained token and industry Whether the corresponding unique encodings information of subsystem of being engaged in is effective, if so, to unified entry system back-checking successful information;Otherwise Execute step A3;
A3: to unified entry system back-checking failure information.
Optionally, in step A2, the token and industry that obtain token according to service sub-system authentication token information or obtain The mode for the corresponding unique encodings information of subsystem of being engaged in, comprising:
In first optional example, service sub-system authentication token information is decrypted to obtain token;
In second optional example, service sub-system authentication token information is decrypted to obtain token and service sub-system Corresponding unique encodings information;
Solution hash is carried out to the token and obtains the account information of random data sequence character string and service sub-system;Business The account information of subsystem includes: service sub-system title and service sub-system password.
Further, in step A2, the service sub-system authentication token information that the judgment basis receives is obtained Token and the corresponding unique encodings information of service sub-system it is whether effective, comprising:
Whether before the deadline B1: judging the token, if so then execute step B2, otherwise determine the token received and The corresponding unique encodings information of service sub-system is invalid;
B2: judge locally whether preserved the business subsystem decrypted to the service sub-system authentication token information It unites the account information of corresponding unique encodings information and the service sub-system obtained according to the token, if so, determining to connect The corresponding unique encodings information of the token and service sub-system received is effective, otherwise determines the token received and service sub-system Corresponding unique encodings information is invalid.
In embodiments of the present invention due to introducing the relevant information for using token mode storage service subsystem to authenticate, simultaneously The interaction between user, unified entry system and service sub-system is realized using REST mode, both guarantees service sub-system Information security, and unified entry system is made to have good dynamic retractility.
The user side of the embodiment of the present invention can be PC machine installation browser (such as: IE, Firefox, chrome) or Person's cell phone client (App or iOS).Such as: certain enterprise management system or Large-Scale Interconnected net portal, having logged in some in user is Other subsystems are there is no need to log in after system, all applications of accessible relevant subsystem.
Third embodiment of the invention, a kind of unified entry system, as shown in figure 3, including consisting of part: the first communication Module 301, first memory 302 and first processor 303, in which:
First communication module 301 is configured to carry out communication interaction with user side and service sub-system;
First memory 302 is stored with authentication management program;
First processor 303 is configured to execute the authentication management program to realize such as first embodiment of the invention or Described in two embodiments the step of sign-on access method.
Fourth embodiment of the invention, a kind of service sub-system, as shown in figure 4, including consisting of part: the second communication mould Block 401, second memory 402 and second processor 403, in which:
Second communication module 401 is configured to carry out communication interaction with unified entry system;
Second memory 402 is stored with certification accreditation process;
Second processor 403 is configured to execute the certification accreditation process to realize such as third embodiment of the invention or Described in four embodiments the step of sign-on access method.
Fifth embodiment of the invention, a kind of computer storage medium are stored with computer in the computer storage medium Program realizes the sign-on access method as described in the present invention first or two embodiments when the computer program is executed by processor The step of.
In Project Realization, the software in the embodiment of the present invention computer storage medium may operate in required general It is realized on hardware platform, naturally it is also possible to which by hardware, but in many cases, the former is more preferably embodiment.Based in this way Understanding, in computer storage medium of the invention (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that one Equipment (can be server, client) executes method described in the embodiment of the present invention.
By the explanation of specific embodiment, the present invention can should be reached technological means that predetermined purpose is taken and Effect is able to more deeply and specifically understand, however appended diagram is only to provide reference and description and is used, and is not used to this Invention limits.

Claims (13)

1. a kind of sign-on access method characterized by comprising
When unified entry system, which receives the user, is directed to the access request of any service sub-system, by user login information And service sub-system authentication token information is sent to the service sub-system, is verified for the service sub-system.
2. sign-on access method according to claim 1, which is characterized in that received in the unified entry system described Before user is for the access request of any service sub-system, the method, further includes:
Characteristic information of the unified entry system according to the service sub-system got in advance, generates the business subsystem System authentication token information simultaneously saves;
Wherein, the characteristic information of the service sub-system includes: the account information of the service sub-system, alternatively, the business The account information of subsystem and the corresponding unique encodings information of the service sub-system;The account information packet of the service sub-system It includes: service sub-system title and service sub-system password.
3. sign-on access method according to claim 1, which is characterized in that described by user login information and the industry Business subsystem authentication token information is sent to the service sub-system and includes:
User login information and the service sub-system authentication token information are sent to business by REST mode System.
4. sign-on access method according to claim 2, which is characterized in that the business that the foundation is got in advance The characteristic information of subsystem generates the service sub-system authentication token information, comprising:
Token is generated by the account information of random data sequence character string and the service sub-system;
The token is encrypted to obtain the service sub-system authentication token information, alternatively, to the token and the industry The corresponding unique encodings information of business subsystem is encrypted to obtain the service sub-system authentication token information.
5. sign-on access method according to claim 4, which is characterized in that described to be encrypted to obtain institute to the token Stating service sub-system authentication token information includes:
The token is hashed and generates identifying code;
The identifying code and the token by hash are encrypted to obtain the service sub-system authentication token information;
It is described that the token and the corresponding unique encodings information of the service sub-system are encrypted to obtain the business subsystem System authentication token information include:
The token is hashed and generates identifying code;
The identifying code, the corresponding unique encodings information of the service sub-system and the token by hashing are encrypted Obtain the service sub-system authentication token information.
6. a kind of sign-on access method characterized by comprising
Service sub-system receives the user login information and service sub-system authentication token information that unified entry system is sent;
The service sub-system to the user login information and the service sub-system authentication token information received into Row verification, and to the unified entry system back-checking result.
7. sign-on access method according to claim 6, which is characterized in that the service sub-system and the unified login It is to be interacted in a manner of REST between system.
8. sign-on access method according to claim 6, which is characterized in that the described couple of user received logs in letter Breath and service sub-system authentication token information are verified, comprising:
Judge locally whether preserved the user login information received;
In the case where the judgment result is yes: the order that the service sub-system authentication token information that judgment basis receives obtains Whether board is effective, alternatively, token and business that the service sub-system authentication token information that judgment basis receives obtains Whether the corresponding unique encodings information of system is effective.
9. sign-on access method according to claim 8, which is characterized in that recognize according to the service sub-system received Card token information obtains the mode of token and the corresponding unique encodings information of service sub-system, comprising:
The service sub-system authentication token information is decrypted to obtain token and the corresponding unique encodings information of service sub-system;
Solution hash is carried out to the token and obtains the account information of random data sequence character string and service sub-system;The business The account information of subsystem includes: service sub-system title and service sub-system password.
10. sign-on access method according to claim 9, which is characterized in that the industry that the judgment basis receives Whether the token and the corresponding unique encodings information of service sub-system that business subsystem authentication token information obtains are effective, comprising:
Whether before the deadline A1: judging the token, if so then execute step A2, otherwise determines the token received and business The corresponding unique encodings information of subsystem is invalid;
A2: judge locally whether preserved the service sub-system pair decrypted to the service sub-system authentication token information The account information of the unique encodings information and the service sub-system obtained according to the token answered, if so, determining to receive Token and the corresponding unique encodings information of service sub-system it is effective, otherwise determine that the token received and service sub-system are corresponding Unique encodings information it is invalid.
11. a kind of unified entry system characterized by comprising first communication module, first memory and first processor, Wherein:
The first communication module is configured to carry out communication interaction with user and service sub-system;
The first memory is stored with authentication management program;
First processor is configured to execute the authentication management program to realize stepping on as described in any one of claims 1 to 5 The step of recording access method.
12. a kind of service sub-system characterized by comprising second communication module, second memory and second processor, In:
The second communication module is configured to carry out communication interaction with unified entry system;
The second memory is stored with certification accreditation process;
Second processor is configured to execute the certification accreditation process to realize as described in any one of claim 6 to 10 The step of sign-on access method.
13. a kind of computer storage medium, which is characterized in that be stored with computer program, institute in the computer storage medium State the step that the sign-on access method as described in any one of claims 1 to 10 is realized when computer program is executed by processor Suddenly.
CN201710457265.8A 2017-06-16 2017-06-16 Login access method, system and storage medium Active CN109150800B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710457265.8A CN109150800B (en) 2017-06-16 2017-06-16 Login access method, system and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710457265.8A CN109150800B (en) 2017-06-16 2017-06-16 Login access method, system and storage medium

Publications (2)

Publication Number Publication Date
CN109150800A true CN109150800A (en) 2019-01-04
CN109150800B CN109150800B (en) 2022-05-13

Family

ID=64830443

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710457265.8A Active CN109150800B (en) 2017-06-16 2017-06-16 Login access method, system and storage medium

Country Status (1)

Country Link
CN (1) CN109150800B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110032414A (en) * 2019-03-06 2019-07-19 联想企业解决方案(新加坡)有限公司 Apparatus and method for secure user authentication in remote console mode
CN110706143A (en) * 2019-09-26 2020-01-17 中电万维信息技术有限责任公司 Identity authentication method and device based on government affair service
CN111538966A (en) * 2020-04-17 2020-08-14 中移(杭州)信息技术有限公司 Access method, access device, server and storage medium
CN111935159A (en) * 2020-08-13 2020-11-13 工银科技有限公司 Method, device and system for authenticating mutual trust between multiple systems
CN112231674A (en) * 2020-10-20 2021-01-15 北京思特奇信息技术股份有限公司 Skip verification method and system for URL (Uniform resource locator) address and electronic equipment
CN114024681A (en) * 2021-09-03 2022-02-08 杭州安恒信息安全技术有限公司 System login method, device, equipment and computer readable storage medium
CN114039800A (en) * 2022-01-10 2022-02-11 中建电子商务有限责任公司 Access control method and device based on device fingerprint, server and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102739708A (en) * 2011-04-07 2012-10-17 腾讯科技(深圳)有限公司 System and method for accessing third party application based on cloud platform
CN103188248A (en) * 2011-12-31 2013-07-03 卓望数码技术(深圳)有限公司 Identity authentication system and method based on single sign-on
CN106162574A (en) * 2015-04-02 2016-11-23 成都鼎桥通信技术有限公司 Group system is applied universal retrieval method, server and terminal
US20170026339A1 (en) * 2015-07-21 2017-01-26 Sap Se Centralized authentication server for providing cross-domain resources via a rest-based tunnel
CN106790272A (en) * 2017-02-16 2017-05-31 济南浪潮高新科技投资发展有限公司 A kind of system and method for single-sign-on, a kind of application server

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102739708A (en) * 2011-04-07 2012-10-17 腾讯科技(深圳)有限公司 System and method for accessing third party application based on cloud platform
CN103188248A (en) * 2011-12-31 2013-07-03 卓望数码技术(深圳)有限公司 Identity authentication system and method based on single sign-on
CN106162574A (en) * 2015-04-02 2016-11-23 成都鼎桥通信技术有限公司 Group system is applied universal retrieval method, server and terminal
US20170026339A1 (en) * 2015-07-21 2017-01-26 Sap Se Centralized authentication server for providing cross-domain resources via a rest-based tunnel
CN106790272A (en) * 2017-02-16 2017-05-31 济南浪潮高新科技投资发展有限公司 A kind of system and method for single-sign-on, a kind of application server

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110032414A (en) * 2019-03-06 2019-07-19 联想企业解决方案(新加坡)有限公司 Apparatus and method for secure user authentication in remote console mode
CN110032414B (en) * 2019-03-06 2023-06-06 联想企业解决方案(新加坡)有限公司 Apparatus and method for secure user authentication in remote console mode
CN110706143A (en) * 2019-09-26 2020-01-17 中电万维信息技术有限责任公司 Identity authentication method and device based on government affair service
CN111538966A (en) * 2020-04-17 2020-08-14 中移(杭州)信息技术有限公司 Access method, access device, server and storage medium
CN111538966B (en) * 2020-04-17 2024-02-23 中移(杭州)信息技术有限公司 Access method, access device, server and storage medium
CN111935159A (en) * 2020-08-13 2020-11-13 工银科技有限公司 Method, device and system for authenticating mutual trust between multiple systems
CN112231674A (en) * 2020-10-20 2021-01-15 北京思特奇信息技术股份有限公司 Skip verification method and system for URL (Uniform resource locator) address and electronic equipment
CN114024681A (en) * 2021-09-03 2022-02-08 杭州安恒信息安全技术有限公司 System login method, device, equipment and computer readable storage medium
CN114039800A (en) * 2022-01-10 2022-02-11 中建电子商务有限责任公司 Access control method and device based on device fingerprint, server and storage medium

Also Published As

Publication number Publication date
CN109150800B (en) 2022-05-13

Similar Documents

Publication Publication Date Title
CN109150800A (en) Login access method, system and storage medium
CN105027493B (en) Safety moving application connection bus
CN102195957B (en) Resource sharing method, device and system
CN103139200B (en) A kind of method of Web service single-sign-on
CN108600203A (en) Secure Single Sign-on method based on Cookie and its unified certification service system
CN102457509B (en) Cloud computing resources safety access method, Apparatus and system
US20210056541A1 (en) Method and system for mobile cryptocurrency wallet connectivity
CN110225050B (en) JWT token management method
CN112468481B (en) Single-page and multi-page web application identity integrated authentication method based on CAS
CN108537046A (en) A kind of online contract signature system and method based on block chain technology
CN112769826B (en) Information processing method, device, equipment and storage medium
CN103716326A (en) Resource access method and URG
CN103179134A (en) Single sign on method and system based on Cookie and application server thereof
EP2391083A1 (en) Method for realizing authentication center and authentication system
CN105229987A (en) The initiatively mobile authentication of associating
US20230379160A1 (en) Non-fungible token authentication
CN109361753A (en) A kind of Internet of things system framework and encryption method
CN109495486B (en) Single-page Web application integration CAS method based on JWT
CN105991614A (en) Open authorization, resource access method and device, and a server
CN102143131B (en) User logout method and authentication server
Huang et al. A token-based user authentication mechanism for data exchange in RESTful API
CN112600674A (en) User security authentication method and device for front-end and back-end separation system and storage medium
CN104579681A (en) Identity authentication system for mutual-trust application systems
CN107911344A (en) A kind of safe docking calculation of cloud platform
CN106909826A (en) Password is for action and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant