CN111371805A - Token-based unified identity authentication interface and method - Google Patents
Token-based unified identity authentication interface and method Download PDFInfo
- Publication number
- CN111371805A CN111371805A CN202010184984.9A CN202010184984A CN111371805A CN 111371805 A CN111371805 A CN 111371805A CN 202010184984 A CN202010184984 A CN 202010184984A CN 111371805 A CN111371805 A CN 111371805A
- Authority
- CN
- China
- Prior art keywords
- token
- user
- interface
- client
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
The invention relates to a Token-based unified identity authentication interface and a Token-based unified identity authentication method, which are used for solving the problem of identity authentication of a plurality of client unified interfaces. The invention is based on three interfaces: the authentication service interface requests the interface to perform preliminary information query each time the client is opened, and switches to different interfaces to perform operation according to the checking condition; a Token generation interface for generating a Token; and the Token verification interface is used for verifying the information of the Token. The invention unifies the login interfaces of the clients of various types, ensures that the user does not need to repeatedly authenticate within a certain period, and can define the respective identity authentication validity periods of the clients of various types by user. And a large amount of information such as user names and passwords does not need to be stored in the client or the server. The problem of storage of information of sensitive users is solved, the problem that excessive occupation of memory resources of the server caused by Session authentication is solved, and the server does not need to consider whether the user logs in or not.
Description
Technical Field
The invention belongs to the field of internet, and particularly relates to a unified login authentication method for multiple platforms and multiple systems.
Background
Most of the existing internet applications are based on a stateless HTTP protocol, a user sends a request each time, after session connection data exchange is completed, the connection between a client and a server is closed, and when the user sends a request again, a new session connection needs to be established again, so that login user information cannot be stored. Most enterprises authenticate the identity of a logged-in user by verifying a single user name and a single password of a single user, so that an illegal intruder is prevented from entering a system, and the safety of the system is ensured. This results in that the user needs to fill in the username and password again for verification each time the user logs in the system, and such a conventional authentication mechanism not only causes inconvenience to the user using the system, but also challenges the security of the application program because the static password is relatively easy to attack.
Although with the development of related technologies, developers gradually solve the stateless problem of HTTP through two technologies, namely, Cookie and Session, the user identity information can be recorded in the Cookie and the Session to solve the identity authentication problem.
For the Cookie mechanism, each visiting user has a 'pass', and each user can confirm the identity of the user according to the 'pass' in each visit. The pass is actually a piece of text information in which user information is recorded, and a Cookie is sent to the client browser through response each time the client requests and if the server needs to record the user. The client browser will save the Cookie so that the next time the web server is requested again, the Cookie will be sent to the server at the same time. The server verifies the Cookie to confirm the identity of the user, and the server can modify the recorded content of the Cookie as required.
Session is a mechanism that appears after a Cookie and is also used to record client state. Based on Session processing, when a client accesses a server, the server stores user information, which is called Session. Each site visitor will be assigned a unique identification attribute called Session ID (SID), which will be associated with any number of other data, such as the number of visits per month, set browsing preferences, etc. The SID is stored as a Cookie in the browser and is automatically included in each subsequent request to the server. And when the client accesses the server, the server searches the information of the current access user from the Session according to the SID so as to confirm the identity of the user.
Therefore, aiming at Cookie and Session mechanisms, a user firstly logs in by using information such as a user name, a password, an authentication code and the like, a Session object is created and a unique ID is generated during logging in, the Session object is stored in a server end to record the identity information of the user logging in, and then the Session ID is returned and stored in the Cookie of the client, so that a Session is started between the client and the server end until the browser is closed or the Session is ended after the whole application program is closed. And sending the Session ID stored by the Cookie at the client to the server every time the client requests data from the server within the Session validity period, comparing the Session ID with the ID in the Session stored by the server, responding to the user request and returning the data if the Session ID is consistent with the ID in the Session stored by the server, and otherwise informing the user that the user does not have the right to access the resources through identity authentication.
The above-mentioned conversation mode using cookies and sessions does solve the problem of identity authentication, but this mode still has many problems, and with the development of technology and the demand of people for user experience, an enterprise-level application program not only includes desktop programs and Web programs of a PC end, but also must provide a mobile phone APP and a WAP end, etc. These all present challenges to the original authentication model.
Session: each time the authenticated user initiates a request, the server needs to create a record to store the information. The memory overhead is also increasing as more and more users make requests. Session sharing is not easily realized by a plurality of servers, and Session replication performance is also sharply reduced with the increasing number of servers even if Session replication is realized, thereby causing loss to the performance of the servers.
2. And (3) expandability: the Session is used to store the login information in the memory of the server, which is accompanied by the problem of scalability.
3. Cross-domain Resource Sharing (CORS) can be a headache problem when data needs to be used across multiple mobile devices. A situation may arise where resources are prohibited from being requested when Ajax is used to grab resources from another domain.
Identity authentication in a Cookie and Session mode cannot meet the requirements of multiple platforms, and under the condition of excessive users, the load pressure of a server side is excessive. Therefore, in order to overcome the defects of Cookie and Session mechanisms, a Virtual identification method is adopted to carry out identity authentication login, namely a Virtual Token (Virtual Token).
Token is a string of character strings generated by the server, and is used as the identifier of the client request. By using the Token mechanism identity authentication method, the login record of the user does not need to be stored at the server, so that the problem of information storage of the sensitive user is solved, the problem of excessive occupation of the memory resource of the server caused by Session authentication is solved, and the server does not need to consider whether the user logs in. Meanwhile, Token stores user information in clients such as mobile phones, computers and tablets, and thus solves the problem of unified login of multiple end systems.
Disclosure of Invention
In the era of mobile internet, the types of clients are increasing, and the problem of N clients in one server is gradually raised, as shown in fig. 2. Different clients generate different user use scenes and requirements, and different session life cycles, different user authority control systems and different levels of interface calling modes exist. How to carry out identity authentication aiming at a plurality of client unified interfaces becomes a problem to be solved. In order to solve the problem, the invention provides a Token-based unified identity authentication method, which unifies login interfaces of multiple types of clients, ensures that a user does not need repeated authentication within a certain period, can define respective identity authentication validity periods of the different types of clients by self, and effectively solves cross-domain resource sharing and prevents the problem of cross-site request forgery.
The interface of the uniform identity authentication method mainly relates to three interfaces, wherein the first interface is an authentication service interface, and a user can request the interface to perform preliminary information query and switch to different interfaces to perform operation according to the checking condition when opening a client; the second interface is a Token generation interface and is used for generating a Token; and the third interface is a Token verification interface and is used for information verification of the Token.
The unified identity authentication method specifically comprises the following steps: when the client is used for the first time, the client automatically sends a request to the server, and if the Token is not checked by the authentication service interface, the user is required to input a user name and a password; the client requests the server again, the server obtains a user name and a password through the authentication service interface after receiving the request, acquires the information of the current login user from the database through the user information interface for validity verification, and generates a Token through the Token generation interface and returns the Token and the request resource data if the verification is successful; and after the client is opened again, the client automatically sends a request to the server, if the authentication service interface detects the Token, the Token data is directly read, the data is analyzed according to the Token verification interface, and the resource corresponding to the request is returned according to the user role and the type of the user client obtained by analysis.
Advantageous effects
1. And the Token authentication mode is adopted for user authentication, so that the user information does not need to be stored in the Session, and congestion cannot be caused even if the number of users is large.
2. The CSRF (cross-site request forgery, an attack method that traps a user from performing unintended operations on a currently logged-on Web application) is effectively prevented by sending sensitive information such as a token instead of a user name and password stored in a Cookie when the user requests a resource.
3. Token can create programs that share rights with other applications in terms of extensibility. All the application programs can be associated through one account to realize unified identity authentication, and partial functions of the application programs can be used after login is successful.
4. When the multi-platform cross-domain aspect, namely CORS problem, expands the application programs and the services, various devices and application programs can be added. Data and resources can be requested on any domain as long as the user has a Token that is authenticated.
Drawings
FIG. 1 shows a structure diagram of a pilot training support system of a carrier-based aircraft.
FIG. 2 is a schematic diagram of a single server with multiple clients
Fig. 3 is a timing diagram of a first login process.
Fig. 4 is a sequence diagram of the login process again.
Detailed Description
In the embodiment, multi-platform login of the carrier-based aircraft pilot training support system is used as an application scene, but the method is not limited to this. The system structure diagram of the support system is roughly shown in fig. 1, wherein the system structure diagram includes a plurality of cross-platform systems, including a plurality of Web application systems and an Android platform side APP. Because a plurality of system databases are not related to each other but the user group is fixed, unified identity authentication is required. Identity authentication is a process of determining whether a user is a valid user.
Identity authentication based on Token, it is obvious that how Token is designed is the most important link in the whole identity authentication system, and a specific Token comprises a plurality of parts:
the first part is the pilot number (username), login client type, pilot type (user class), and these user basis information are stored in JSON format, roughly as follows:
the type of the client and the type of the pilot (user category) determine the type of resources which can be requested by a specific current user, and corresponding data information is returned according to the judgment. These do not involve highly confidential content and are therefore encrypted with Base64 encoding only. The encrypted string content is denoted as M1. The specific encryption method is adjustable.
In addition to the basic information of the user, some time information such as a time stamp, a valid period, a refresh time, and a grace time needs to be recorded. The time stamp is the time of the server when the token is issued to the user, the time difference between the client and the server can be compared when the token is generated, and the validity of the time stamp is ensured; the validity period is determined by the system requirement, the resource is acquired by the Token within a limited period, the resource is invalid after expiration, for example, a week is specified, and the client user needs to re-verify the login application new Token after more than one week; the refresh time refers to the time during which the old Token can be exchanged for a new Token, for example, the Token valid time is 60 minutes, the refresh time is 20160 minutes, the new Token can be acquired by the Token within 60 minutes, but it is impossible to acquire more than 60 minutes, then you can cycle the acquisition until the total time exceeds 20160 minutes and can not be acquired any more; the grace time is to solve the problem of concurrent requests, and if the grace time is 0s, the concurrent requests will be in error when the old Token and the new Token are handed over, so a grace time needs to be set, and the old Token can still be used normally within the grace time. This part of the information also consists of a JSON string which is converted to a string and encrypted by Base64 encoding. The encrypted string content is denoted as M2. The specific encryption method is adjustable.
The third part of information is verification information, and in order to ensure that the data of Token is not tampered, we use HS256 algorithm in JWT signature algorithm for encryption. The algorithm needs a secret key for encryption, and the secret key is formed by intercepting two character strings of a registration code of a user and an encrypted user password. When each user registers, a unique registration code is generated, for example { "id": 20190805080552109003 "}, which consists of accumulated values in time, minute and second milliseconds of year, month, day and 3 same milliseconds, and the middle 10 bits of the registration code are taken as S1. The password is stored in the database by MD5 encryption, and the middle 20 bits of the encrypted ciphertext are recorded as S2. The final key for the current user is the string S of S1+ S2. And encrypting a character string 'M1. M2' formed by combining the first two parts of information of Token by using S as a key of the user, wherein the content of the encrypted character string is marked as M3. The encryption method in this embodiment is a preferred method, and the interception length of the key string is adjustable.
And finally combining the Token information by the'm', forming a character string of'm 1.m2.m 3', namely the Token of the system. And after receiving the Token, the server encrypts the previous information according to the key of the user, and if the information comparison is consistent, the Token information is not tampered by people, and the Token data is safe. And (4) encoding and decrypting the first two parts of information Base64, and returning corresponding resources according to the user information if the Token validity period is within the Token validity period. The key can be known only by the server, and the whole token is generated by a token generation interface of the server, responds to the client and is stored in the client by using Cookies.
The Token-based unified identity authentication method is designed based on MVC, and because the overall framework of the system is SSM (Spring + Spring MVC + MyBatis), the method can realize the unified identity authentication service of the MVC architecture based on the SSM. The springMVC framework is used for realizing the separation of MVC, a control reversal IoC mechanism provided by Spring is largely used at a business logic layer, the database operation is handed to Spring management, and the service is instantiated into JavaBean, so that the coupling degree of development can be greatly reduced, and meanwhile, the reusability of software development is greatly improved. The persistence layer is mainly realized by MyBatis, a table of the database and the JavaBean are associated, and the problems of database manipulation safety such as SQL injection attack and the like are avoided.
The identity authentication service database is roughly a table of basic information of pilots (users), a role table, a token issuing record table, a token survival log table and the like. When the user accesses the system, the request server can carry out relevant authentication through the interface, and relevant data information can be stored in the database after the user information is verified.
Token-based authentication processes are roughly classified into two types, i.e., first login authentication and second login authentication.
Fig. 3 is a timing diagram of a first login process, in which a request is automatically sent to a server after software is opened, and if Token is not detected by an authentication service, a login page is displayed at a current client. The user inputs a pilot id (user name) and a password, and sends a request for filled-in relevant authentication information to the server side. The server obtains the pilot id and the password through the authentication service interface after receiving the request, then requests a user information interface of the flight training electronic file system to obtain the information of the current login user from the database, compares the information of the current login user with the information of the current login user, and verifies the legality of the pilot id (user name) and the password in the request. And if the verification is successful, generating a Token through the Token generation interface and returning the Token and the request resource data.
Fig. 4 is a sequence diagram of a re-login process, after software is opened, a request is automatically sent to a server, if Token is detected, Token data is directly read, the data is analyzed according to a Token verification interface, the data is divided into three sections according to a separator ". multidot.m. in a character string, M3 information is verified according to a current login user key, M1 and M2 are encrypted again by using keys, and if the information is consistent with M3, it is indicated that the Token information is not modified, and the security passes the examination. And checking whether the token in the M2 information is in the valid period after verification is correct, and returning the corresponding request resource according to the user role and the user client type of the M1 after verification is correct in the second part.
The Token is required to be put in the HTTP header and sent to the server every time the client sends a request, so as to ensure that the HTTP request is stateless. By setting the server attribute Access-Control-all-Origin, the server is allowed to accept requests from all domains. After receiving the request, the server analyzes the data transmitted by the client through the authentication service interface, searches for the Token, verifies the validity and the safety of the Token, and returns the user request resource after the verification is passed.
The method solves the problem of unified identity authentication of a multi-user end system integrating a plurality of systems at a Web end, an APP at an Android flat plate end and a desktop program at a PC end, and enables users to log in the three types of clients quickly without repeated verification within a certain period.
Claims (6)
1. Unified identity authentication interface based on Token, its characterized in that: comprises three interfaces, namely a first interface, a second interface,
the first interface is an authentication service interface, and a user can request the first interface every time the user opens the client, wherein if the first login verification is carried out, the first interface is used for verifying a user name and a password and jumping to user service; if the login is verified again, the method is used for searching and verifying the legality of Token and then jumping to the user service;
the second interface is a Token generation interface and is used for generating a Token;
the third interface is a Token verification interface and is used for verifying the information of the Token;
the Token generation interface specifically comprises: acquiring basic information when a user requests a resource, carrying out algorithm encryption, and recording an encrypted character string as M1; acquiring a timestamp, a valid period, refreshing time and a grace time of the issuing Token, encrypting by an algorithm, and marking an encrypted character string as M2; combining the M1 and the M2 character strings, and then carrying out algorithm encryption to obtain an encrypted character string M3, wherein a user key is required in the encryption process; and finally, storing the styles of the Token spliced mode M1.M2.M3 locally at the client.
2. The Token-based unified identity authentication method of claim 1, wherein: the basic information in the Token generation interface includes a user name, a login client type, and a user category.
3. The Token-based unified identity authentication method of claim 1, wherein: the encryption algorithm for generating M1 and M2 in the Token generation interface is the Base64 encoding algorithm, and the encryption algorithm for generating M3 is the HS256 algorithm in the JWT signature algorithm.
4. The Token-based unified identity authentication method of claim 1, wherein: the user key required for generating M3 is composed of two strings, namely, a user registration code and an encrypted user password, wherein the registration code is a string generated when the user registers and is stored in a database.
5. The Token-based unified identity authentication method of claim 1, wherein: the Token verification interface specifically comprises: analyzing the Token data, dividing the Token data into three sections according to a separator in a character string, verifying the M3 information according to a key of a current login user, checking whether a Token in the M2 information is in an effective period after verification is carried out, and returning corresponding request resources according to the user type role and the user client type of the M1 if the Token is in the effective period.
6. A unified identity authentication method according to claim 1, characterized in that it comprises the following steps:
when the client is used for the first time, the client automatically sends a request to the server, and if the Token is not checked by the authentication service interface, the user is required to input a user name and a password; the client requests the server again, the server obtains a user name and a password through the authentication service interface after receiving the request, acquires the information of the current login user from the database through the user information interface for validity verification, and generates a Token through the Token generation interface and returns the Token and the request resource data if the verification is successful; and after the client is opened again, the client automatically sends a request to the server, if the authentication service interface detects the Token, the Token data is directly read, the data is analyzed according to the Token verification interface, and the resource corresponding to the request is returned according to the user role and the type of the user client obtained by analysis.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010184984.9A CN111371805A (en) | 2020-03-17 | 2020-03-17 | Token-based unified identity authentication interface and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010184984.9A CN111371805A (en) | 2020-03-17 | 2020-03-17 | Token-based unified identity authentication interface and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111371805A true CN111371805A (en) | 2020-07-03 |
Family
ID=71211974
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010184984.9A Pending CN111371805A (en) | 2020-03-17 | 2020-03-17 | Token-based unified identity authentication interface and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111371805A (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111711641A (en) * | 2020-07-10 | 2020-09-25 | 北京亚鸿世纪科技发展有限公司 | State control method and device for browser and server architecture identity authentication token |
| CN111953698A (en) * | 2020-08-17 | 2020-11-17 | 济南浪潮高新科技投资发展有限公司 | Interface security access method and system based on quantum computing cloud platform |
| CN112073424A (en) * | 2020-09-15 | 2020-12-11 | 北京中电飞华通信有限公司 | Client authority verification method and system |
| CN112202705A (en) * | 2020-08-21 | 2021-01-08 | 上海微亿智造科技有限公司 | Digital signature verification generation and verification method and system |
| CN112560067A (en) * | 2020-12-25 | 2021-03-26 | 平安普惠企业管理有限公司 | Access method, device and equipment based on token authority verification and storage medium |
| CN112600674A (en) * | 2020-12-04 | 2021-04-02 | 中国农业银行股份有限公司深圳市分行 | User security authentication method and device for front-end and back-end separation system and storage medium |
| CN112632491A (en) * | 2020-12-15 | 2021-04-09 | 读书郎教育科技有限公司 | Method for realizing account system shared by multiple information systems |
| CN113434889A (en) * | 2021-07-07 | 2021-09-24 | 数字广东网络建设有限公司 | Service data access method, device, equipment and storage medium |
| CN113760203A (en) * | 2021-08-26 | 2021-12-07 | 北京辰光信安电子有限公司 | Authentication printing method and device, electronic equipment and storage medium |
| CN114244628A (en) * | 2022-01-04 | 2022-03-25 | 上海华申智能卡应用系统有限公司 | Authorization method and system |
| CN114338212A (en) * | 2021-12-31 | 2022-04-12 | 航天信息股份有限公司 | Identity authentication token management method and device, electronic equipment and readable storage medium |
| CN114520744A (en) * | 2022-02-28 | 2022-05-20 | 佛山众陶联供应链服务有限公司 | Method and system for automatic authentication and login non-refreshing of front end of web system |
| CN114567469A (en) * | 2022-02-21 | 2022-05-31 | 北京创原天地科技有限公司 | Application password type detection method and platform based on B/S mode |
| CN114866253A (en) * | 2022-04-27 | 2022-08-05 | 北京计算机技术及应用研究所 | Reliable cloud host login system and cloud host login method realized by same |
| CN115348307A (en) * | 2022-08-11 | 2022-11-15 | 中国工商银行股份有限公司 | Online server protection method and device, computer equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101014958A (en) * | 2004-07-09 | 2007-08-08 | 松下电器产业株式会社 | System and method for managing user authentication and service authorization to achieve single-sign-on to access multiple network interfaces |
| CN109309683A (en) * | 2018-10-30 | 2019-02-05 | 泰华智慧产业集团股份有限公司 | The method and system of client identity verifying based on token |
| CN109547432A (en) * | 2018-11-19 | 2019-03-29 | 中国银行股份有限公司 | Multisystem verification method and device, storage medium and electronic equipment |
| CN109587126A (en) * | 2018-11-26 | 2019-04-05 | 平安科技(深圳)有限公司 | User anthority identifying method and system |
-
2020
- 2020-03-17 CN CN202010184984.9A patent/CN111371805A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101014958A (en) * | 2004-07-09 | 2007-08-08 | 松下电器产业株式会社 | System and method for managing user authentication and service authorization to achieve single-sign-on to access multiple network interfaces |
| CN109309683A (en) * | 2018-10-30 | 2019-02-05 | 泰华智慧产业集团股份有限公司 | The method and system of client identity verifying based on token |
| CN109547432A (en) * | 2018-11-19 | 2019-03-29 | 中国银行股份有限公司 | Multisystem verification method and device, storage medium and electronic equipment |
| CN109587126A (en) * | 2018-11-26 | 2019-04-05 | 平安科技(深圳)有限公司 | User anthority identifying method and system |
Non-Patent Citations (1)
| Title |
|---|
| 邹军国: "基于Token的身份认证在高校实训互动平台中的应用研究", 《无线互联科技》 * |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111711641B (en) * | 2020-07-10 | 2022-03-08 | 北京亚鸿世纪科技发展有限公司 | State control method and device for browser and server architecture identity authentication token |
| CN111711641A (en) * | 2020-07-10 | 2020-09-25 | 北京亚鸿世纪科技发展有限公司 | State control method and device for browser and server architecture identity authentication token |
| CN111953698A (en) * | 2020-08-17 | 2020-11-17 | 济南浪潮高新科技投资发展有限公司 | Interface security access method and system based on quantum computing cloud platform |
| CN112202705A (en) * | 2020-08-21 | 2021-01-08 | 上海微亿智造科技有限公司 | Digital signature verification generation and verification method and system |
| CN112073424A (en) * | 2020-09-15 | 2020-12-11 | 北京中电飞华通信有限公司 | Client authority verification method and system |
| CN112600674A (en) * | 2020-12-04 | 2021-04-02 | 中国农业银行股份有限公司深圳市分行 | User security authentication method and device for front-end and back-end separation system and storage medium |
| CN112632491A (en) * | 2020-12-15 | 2021-04-09 | 读书郎教育科技有限公司 | Method for realizing account system shared by multiple information systems |
| CN112560067A (en) * | 2020-12-25 | 2021-03-26 | 平安普惠企业管理有限公司 | Access method, device and equipment based on token authority verification and storage medium |
| CN113434889A (en) * | 2021-07-07 | 2021-09-24 | 数字广东网络建设有限公司 | Service data access method, device, equipment and storage medium |
| CN113760203A (en) * | 2021-08-26 | 2021-12-07 | 北京辰光信安电子有限公司 | Authentication printing method and device, electronic equipment and storage medium |
| CN113760203B (en) * | 2021-08-26 | 2022-05-10 | 北京辰光信安电子有限公司 | Authentication printing method and device, electronic equipment and storage medium |
| CN114338212A (en) * | 2021-12-31 | 2022-04-12 | 航天信息股份有限公司 | Identity authentication token management method and device, electronic equipment and readable storage medium |
| CN114244628A (en) * | 2022-01-04 | 2022-03-25 | 上海华申智能卡应用系统有限公司 | Authorization method and system |
| CN114244628B (en) * | 2022-01-04 | 2023-12-26 | 上海华申智能卡应用系统有限公司 | Authorization method and system |
| CN114567469A (en) * | 2022-02-21 | 2022-05-31 | 北京创原天地科技有限公司 | Application password type detection method and platform based on B/S mode |
| CN114520744A (en) * | 2022-02-28 | 2022-05-20 | 佛山众陶联供应链服务有限公司 | Method and system for automatic authentication and login non-refreshing of front end of web system |
| CN114866253A (en) * | 2022-04-27 | 2022-08-05 | 北京计算机技术及应用研究所 | Reliable cloud host login system and cloud host login method realized by same |
| CN115348307A (en) * | 2022-08-11 | 2022-11-15 | 中国工商银行股份有限公司 | Online server protection method and device, computer equipment and storage medium |
| CN115348307B (en) * | 2022-08-11 | 2024-04-09 | 中国工商银行股份有限公司 | Online server protection method, online server protection device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111371805A (en) | Token-based unified identity authentication interface and method | |
| US11329989B2 (en) | Token-based access control and grouping | |
| AU2019206006B2 (en) | System and method for biometric protocol standards | |
| US10715514B1 (en) | Token-based credential renewal service | |
| CN111488598B (en) | Access control method, device, computer equipment and storage medium | |
| US20180336554A1 (en) | Secure electronic transaction authentication | |
| US8332922B2 (en) | Transferable restricted security tokens | |
| US8341249B2 (en) | Synchronizing configuration information among multiple clients | |
| EP1645971B1 (en) | Database access control method, database access controller, agent processing server, database access control program, and medium recording the program | |
| US10673862B1 (en) | Token-based access tracking and revocation | |
| US20140331060A1 (en) | User and Device Authentication in Enterprise Systems | |
| US11290443B2 (en) | Multi-layer authentication | |
| US8819424B2 (en) | Token-based authentication using middle tier | |
| US10447682B1 (en) | Trust management in an electronic environment | |
| JP2006500657A (en) | Server, computer memory, and method for supporting security policy maintenance and distribution | |
| US11012233B1 (en) | Method for providing authentication service by using decentralized identity and server using the same | |
| CN103179134A (en) | Single sign on method and system based on Cookie and application server thereof | |
| US11531929B2 (en) | Systems and methods for machine generated training and imitation learning | |
| US11233776B1 (en) | Providing content including sensitive data | |
| US11757877B1 (en) | Decentralized application authentication | |
| CN107409129B (en) | Use the authorization in accesses control list and the distributed system of group | |
| Moreno et al. | A trusted approach for decentralised and privacy-preserving identity management | |
| Tandon et al. | HCAP: a history-based capability system for IoT devices | |
| US9479492B1 (en) | Authored injections of context that are resolved at authentication time | |
| LU101756B1 (en) | Verifiable credential with dynamic claim |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20200703 |