CN111614668A - Unified authentication and authorization method and device based on standard protocol - Google Patents
Unified authentication and authorization method and device based on standard protocol Download PDFInfo
- Publication number
- CN111614668A CN111614668A CN202010431430.4A CN202010431430A CN111614668A CN 111614668 A CN111614668 A CN 111614668A CN 202010431430 A CN202010431430 A CN 202010431430A CN 111614668 A CN111614668 A CN 111614668A
- Authority
- CN
- China
- Prior art keywords
- login
- service system
- protocol
- standard
- oauth2
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 60
- 238000000034 method Methods 0.000 title claims abstract description 25
- 238000004590 computer program Methods 0.000 claims description 16
- 230000006870 function Effects 0.000 claims description 16
- 238000007726 management method Methods 0.000 description 13
- 238000013500 data storage Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a unified authentication and authorization method based on a standard protocol, which comprises the following steps: an international standard OAuth2 authentication authorization protocol is configured in a service system; expanding a session control support function in a service system; according to the international standard OAuth2 authentication authorization protocol and the extended session control support function, performing multi-terminal online management on a target user; the technical scheme of the invention realizes the unified authorization of the service system by configuring the International Standard OAuth2 authentication authorization protocol in the service system and expanding the session control support function, and simultaneously realizes the multi-terminal online management of the user and improves the working efficiency.
Description
Technical Field
The invention relates to the technical field of data processing, in particular to a unified authentication and authorization method and device based on a standard protocol.
Background
With the rapid development of computer technology, business systems are applied to various fields, and the business systems are utilized to perform business operations related to authentication and authorization, so that the working efficiency of enterprises can be improved. However, the common authentication and authorization function is coupled with a service system, so that the maintenance and development are difficult and the horizontal expansion cannot be realized; on a business system, unified authorization of service levels cannot be realized, account access service range control cannot be limited, and external third party authorization access to internal service resources cannot be realized.
Therefore, a unified authentication and authorization policy is needed in the market at present to implement unified authorization of the service system, and at the same time, implement multi-terminal online management on the user, and improve the working efficiency.
Disclosure of Invention
The invention provides a unified authentication and authorization method based on a standard protocol, which can realize unified authorization of a service system, simultaneously realize multi-terminal online management on a user and improve the working efficiency.
In order to solve the above technical problem, an embodiment of the present invention provides a unified authentication and authorization method based on a standard protocol, including:
an international standard OAuth2 authentication authorization protocol is configured in a service system;
expanding a session control support function in a service system;
and performing multi-terminal online management on the target user according to the international standard OAuth2 authentication authorization protocol and the extended session control support function.
Preferably, after the international standard OAuth2 authentication and authorization protocol is configured in the service system, the method further includes: the login parameters are extended in the business system.
Preferably, after the international standard OAuth2 authentication and authorization protocol is configured in the service system, the method further includes: and expanding the terminal type and the login type in the service system.
Preferably, after the international standard OAuth2 authentication and authorization protocol is configured in the service system, the method further includes: and expanding login modes in a service system, wherein the login modes comprise nickname login, password login, mobile phone login and mail login.
The embodiment of the invention also provides a unified authentication and authorization device based on the standard protocol, which comprises:
the standard protocol module is used for configuring an international standard OAuth2 authentication authorization protocol in the service system;
the session control module is used for expanding the session control support function in the service system;
and the online management module is used for performing multi-terminal online management on the target user according to the OAuth2 authentication authorization protocol and the extended session control support function.
Preferably, the unified certification authority device based on the standard protocol further includes: and the parameter expansion module is used for expanding the login parameters in the service system after the international standard OAuth2 authentication authorization protocol is configured in the service system.
Preferably, the unified certification authority device based on the standard protocol further includes: and the terminal extension module is used for extending the terminal type and the login type in the service system after the international standard OAuth2 authentication authorization protocol is configured in the service system.
Preferably, the unified certification authority device based on the standard protocol further includes: and the login extension module is used for extending login modes in the service system after an international standard OAuth2 authentication authorization protocol is configured in the service system, wherein the login modes comprise nickname login, password login, mobile phone login and mail login.
An embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium includes a stored computer program; wherein the computer program controls the device in which the computer readable storage medium is located to execute the unified authentication and authorization method based on standard protocol according to any one of the above items.
The embodiment of the present invention further provides a terminal device, which includes a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, where the processor implements the unified authentication and authorization method based on a standard protocol according to any one of the above items when executing the computer program.
Compared with the prior art, the embodiment of the invention has the following beneficial effects:
the technical scheme of the invention realizes the unified authorization of the service system by configuring the International Standard OAuth2 authentication authorization protocol in the service system and expanding the session control support function, and simultaneously realizes the multi-terminal online management of the user and improves the working efficiency.
Drawings
FIG. 1: the invention is a flow chart of steps of a unified authentication and authorization method based on a standard protocol in the embodiment of the invention;
FIG. 2: the invention is a structural schematic diagram of a unified authentication and authorization device based on a standard protocol in an embodiment.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, a preferred embodiment of the present invention provides a unified authentication and authorization method based on a standard protocol, which includes:
s1, configuring the international standard OAuth2 authentication and authorization protocol in the service system. In particular, following the international standard OAuth2 certification authorization protocol, a variety of authorization patterns and resource access control are flexibly implemented, i.e. these features are provided as long as the standard OAuth2 protocol is followed.
S2, extending the session control support function in the service system. Specifically, session support is expanded, and multi-terminal online management of the user is achieved.
And S3, performing multi-terminal online management on the target user according to the International Standard OAuth2 authentication authorization protocol and the extended session control support function, namely, supporting multi-terminal login management according to a service extended protocol. Based on the oauth2 protocol, micro-services are subjected to resource management, each service is allocated with a unique resource id, then the resource id is combined with an application id in a binding mode, and then the application id is distributed to different users, so that the access range of the users/applications is controlled.
In a preferred embodiment, after configuring the international standard OAuth2 authentication and authorization protocol in the service system, the method further includes: the login parameters are extended in the business system. In a preferred embodiment, after configuring the international standard OAuth2 authentication and authorization protocol in the service system, the method further includes: and expanding the terminal type and the login type in the service system.
Oauth2 is a mechanism for authenticating authorization tokens and does not have the concept that the user is online. By expanding the login parameters, increasing the terminal type, the login type and the like, after the user logs in, the information is bound with the user token, and the information life cycle is kept consistent with the user token, so that online management is realized.
In a preferred embodiment, after configuring the international standard OAuth2 authentication and authorization protocol in the service system, the method further includes: and expanding login modes in a service system, wherein the login modes comprise nickname login, password login, mobile phone login and mail login. oauth2 defaults to username and password login, and the service system expands nickname login, password login, mobile phone login and mail login.
Correspondingly, referring to fig. 2, an embodiment of the present invention further provides a unified authentication and authorization apparatus based on a standard protocol, including:
the standard protocol module is used for configuring an international standard OAuth2 authentication authorization protocol in the service system;
the session control module is used for expanding the session control support function in the service system;
and the online management module is used for performing multi-terminal online management on the target user according to the OAuth2 authentication authorization protocol and the extended session control support function.
In a preferred embodiment, the unified certification authority device based on the standard protocol further includes: and the parameter expansion module is used for expanding the login parameters in the service system after the international standard OAuth2 authentication authorization protocol is configured in the service system.
In a preferred embodiment, the unified certification authority device based on the standard protocol further includes: and the terminal extension module is used for extending the terminal type and the login type in the service system after the international standard OAuth2 authentication authorization protocol is configured in the service system.
In a preferred embodiment, the unified certification authority device based on the standard protocol further includes: and the login extension module is used for extending login modes in the service system after an international standard OAuth2 authentication authorization protocol is configured in the service system, wherein the login modes comprise nickname login, password login, mobile phone login and mail login.
An embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium includes a stored computer program; when running, the computer program controls the device where the computer-readable storage medium is located to execute the unified authentication and authorization method based on the standard protocol according to any of the above embodiments.
The embodiment of the present invention further provides a terminal device, where the terminal device includes a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, and the processor implements the unified authentication and authorization method based on the standard protocol according to any of the above embodiments when executing the computer program.
Preferably, the computer program may be divided into one or more modules/units (e.g., computer program) that are stored in the memory and executed by the processor to implement the invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used for describing the execution process of the computer program in the terminal device.
The Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, a discrete hardware component, etc., the general purpose Processor may be a microprocessor, or the Processor may be any conventional Processor, the Processor is a control center of the terminal device, and various interfaces and lines are used to connect various parts of the terminal device.
The memory mainly includes a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function, and the like, and the data storage area may store related data and the like. In addition, the memory may be a high speed random access memory, may also be a non-volatile memory, such as a plug-in hard disk, a Smart Memory Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, or may also be other volatile solid state memory devices.
It should be noted that the terminal device may include, but is not limited to, a processor and a memory, and those skilled in the art will understand that the terminal device is only an example and does not constitute a limitation of the terminal device, and may include more or less components, or combine some components, or different components.
The above-mentioned embodiments are provided to further explain the objects, technical solutions and advantages of the present invention in detail, and it should be understood that the above-mentioned embodiments are only examples of the present invention and are not intended to limit the scope of the present invention. It should be understood that any modifications, equivalents, improvements and the like, which come within the spirit and principle of the invention, may occur to those skilled in the art and are intended to be included within the scope of the invention.
Claims (10)
1. A unified authentication and authorization method based on standard protocols is characterized by comprising the following steps:
an international standard OAuth2 authentication authorization protocol is configured in a service system;
expanding a session control support function in a service system;
and performing multi-terminal online management on the target user according to the international standard OAuth2 authentication authorization protocol and the extended session control support function.
2. The unified certification authority method based on standard protocol according to claim 1, wherein after configuring the OAuth2 certification authority protocol in the service system, further comprising: the login parameters are extended in the business system.
3. The unified certification authority method based on standard protocol according to claim 1, wherein after configuring the OAuth2 certification authority protocol in the service system, further comprising: and expanding the terminal type and the login type in the service system.
4. The unified certification authority method based on standard protocol according to claim 1, wherein after configuring the OAuth2 certification authority protocol in the service system, further comprising: and expanding login modes in a service system, wherein the login modes comprise nickname login, password login, mobile phone login and mail login.
5. A unified certification authority device based on standard protocol, comprising:
the standard protocol module is used for configuring an international standard OAuth2 authentication authorization protocol in the service system;
the session control module is used for expanding the session control support function in the service system;
and the online management module is used for performing multi-terminal online management on the target user according to the OAuth2 authentication authorization protocol and the extended session control support function.
6. The unified certification authority device based on standard protocol according to claim 5, further comprising: and the parameter expansion module is used for expanding the login parameters in the service system after the international standard OAuth2 authentication authorization protocol is configured in the service system.
7. The unified certification authority device based on standard protocol according to claim 5, further comprising: and the terminal extension module is used for extending the terminal type and the login type in the service system after the international standard OAuth2 authentication authorization protocol is configured in the service system.
8. The unified certification authority device based on standard protocol according to claim 5, further comprising: and the login extension module is used for extending login modes in the service system after an international standard OAuth2 authentication authorization protocol is configured in the service system, wherein the login modes comprise nickname login, password login, mobile phone login and mail login.
9. A computer-readable storage medium, characterized in that the computer-readable storage medium comprises a stored computer program; wherein the computer program controls the device in which the computer readable storage medium is located to execute the unified certification and authorization method based on standard protocol according to any one of claims 1 to 4 when running.
10. A terminal device comprising a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, the processor implementing the unified certification authority method based on standard protocols according to any one of claims 1 to 4 when executing the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010431430.4A CN111614668A (en) | 2020-05-20 | 2020-05-20 | Unified authentication and authorization method and device based on standard protocol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010431430.4A CN111614668A (en) | 2020-05-20 | 2020-05-20 | Unified authentication and authorization method and device based on standard protocol |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111614668A true CN111614668A (en) | 2020-09-01 |
Family
ID=72203509
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010431430.4A Pending CN111614668A (en) | 2020-05-20 | 2020-05-20 | Unified authentication and authorization method and device based on standard protocol |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111614668A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170006021A1 (en) * | 2015-06-30 | 2017-01-05 | Vmware, Inc. | Providing a single session experience across multiple applications |
| US20180063140A1 (en) * | 2016-08-29 | 2018-03-01 | International Business Machines Corporation | Configuration based client for oauth authorization with arbitrary services and applications |
| CN108463982A (en) * | 2015-11-16 | 2018-08-28 | 万事达卡国际股份有限公司 | Carry out the system and method for certification online user for authorization server safe to use |
| CN109981561A (en) * | 2019-01-17 | 2019-07-05 | 华南理工大学 | Monomer architecture system moves to the user authen method of micro services framework |
| CN110535851A (en) * | 2019-08-27 | 2019-12-03 | 浪潮云信息技术有限公司 | A kind of customer certification system based on oauth2 agreement |
-
2020
- 2020-05-20 CN CN202010431430.4A patent/CN111614668A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170006021A1 (en) * | 2015-06-30 | 2017-01-05 | Vmware, Inc. | Providing a single session experience across multiple applications |
| CN108463982A (en) * | 2015-11-16 | 2018-08-28 | 万事达卡国际股份有限公司 | Carry out the system and method for certification online user for authorization server safe to use |
| US20180063140A1 (en) * | 2016-08-29 | 2018-03-01 | International Business Machines Corporation | Configuration based client for oauth authorization with arbitrary services and applications |
| CN109981561A (en) * | 2019-01-17 | 2019-07-05 | 华南理工大学 | Monomer architecture system moves to the user authen method of micro services framework |
| CN110535851A (en) * | 2019-08-27 | 2019-12-03 | 浪潮云信息技术有限公司 | A kind of customer certification system based on oauth2 agreement |
Non-Patent Citations (2)
| Title |
|---|
| 孟青春: "基于移动终端的多终端单点登录研究与设计", 《计算机工程与设计》 * |
| 阮杰辉: "智能家居平台中认证授权系统的设计与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11294735B2 (en) | Method and apparatus for accessing desktop cloud virtual machine, and desktop cloud controller | |
| CN108881228B (en) | Cloud registration activation method, device, equipment and storage medium | |
| CN102761549B (en) | Processing method and system of resource sharing and service platforms | |
| US9755831B2 (en) | Key extraction during secure boot | |
| US11296881B2 (en) | Using IP heuristics to protect access tokens from theft and replay | |
| CN103384237A (en) | Method for sharing IaaS cloud account, shared platform and network device | |
| TW201914354A (en) | A binding method, device and system for smart apparatus, and telecommunications system | |
| CN110784450A (en) | Single sign-on method and device based on browser | |
| CN111163130A (en) | Network service system and data transmission method thereof | |
| CN112311855A (en) | Data transmission method and device | |
| CN110266763A (en) | Block chain network implementation method, system and the storage medium of cross-network segment interconnection | |
| CN111985007A (en) | Contract signing and executing method and device based on block chain | |
| US10129074B2 (en) | Techniques for accessing logical networks via a virtualized gateway | |
| CN107453872A (en) | A kind of unified safety authentication method and system based on Mesos container cloud platforms | |
| CN107102889B (en) | Virtual machine resource adjusting method and device | |
| CN113259342A (en) | Login verification method, device, computer equipment and medium | |
| CN113542405B (en) | Block chain-based network communication system, method, equipment and storage medium | |
| CN102004705A (en) | USB storage device based on hardware encryption | |
| CN111614668A (en) | Unified authentication and authorization method and device based on standard protocol | |
| US20070220600A1 (en) | Response Delay Management Using Connection Information | |
| CN111984991A (en) | Data encryption storage method, system, terminal and storage medium | |
| CN111753270A (en) | Application program login verification method, device, equipment and storage medium | |
| CN111324906A (en) | Automatic access method and device based on data interface and electronic equipment | |
| CN106936686A (en) | A kind of immediate communication platform for supporting safety moving to handle official business | |
| JP2019523465A (en) | Application login control method, service terminal, and computer-readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200901 |