CN115134144A - Enterprise-level business system authentication method, device and system - Google Patents
Enterprise-level business system authentication method, device and system Download PDFInfo
- Publication number
- CN115134144A CN115134144A CN202210741336.8A CN202210741336A CN115134144A CN 115134144 A CN115134144 A CN 115134144A CN 202210741336 A CN202210741336 A CN 202210741336A CN 115134144 A CN115134144 A CN 115134144A
- Authority
- CN
- China
- Prior art keywords
- client
- authentication
- information
- service system
- enterprise
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 238000012795 verification Methods 0.000 claims abstract description 52
- 238000004590 computer program Methods 0.000 claims description 22
- 238000004891 communication Methods 0.000 claims description 8
- 230000004044 response Effects 0.000 claims description 6
- 230000008859 change Effects 0.000 abstract description 6
- 230000006870 function Effects 0.000 description 24
- 238000010586 diagram Methods 0.000 description 13
- 238000012545 processing Methods 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 239000000284 extract Substances 0.000 description 2
- 238000010276 construction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Abstract
The application provides an enterprise-level business system authentication method, device and system, relates to the technical field of information authentication, can be used in the financial field, and comprises the following steps: receiving client login request authentication information sent by a service system server, verifying the login request, and returning a login page to a client browser terminal after the verification is passed; receiving account password information submitted by a client and carrying out validity verification on the client; and after the validity verification is passed, account number associated information of the multi-service system of the client is extracted, the account number associated information is encrypted and then sent to a service system server, and the service system server opens a transaction page for the client after the decryption verification is passed. According to the method and the system, the transaction function and the authentication function are decoupled by the plurality of service systems, and the authentication function is converged to the authentication server, so that the independence of the authentication system is enhanced, the module division and the responsibility are relatively clear, the influence of the change of the module on the transaction of other partner systems is minimized, and the flexibility of the service is ensured.
Description
Technical Field
The application relates to the technical field of information authentication, can be used in the financial field, and particularly relates to an enterprise-level business system authentication method, device and system.
Background
At present, more and more business systems facing enterprise customers are provided for banks, such as enterprise online banks, enterprise mobile phone banks, e-shopping mall B2B, e-shopping merchant center, e-union service management platform, and the like. If a current enterprise client needs to use the function of a business system, user information needs to be registered in the current business system in the following way: firstly, opening a business system page, inputting a group name, a business license or an organization code, inserting credible authentication elements such as a u shield, a mobile phone number, an input short message verification code and the like, and finishing the registration of the current business system. When the enterprise client wants to use the function on another business system, the process needs to be repeated to another system. This causes the following problems in the authentication of the current enterprise-level business system: (1) when the enterprise client uses the new system, the client information needs to be registered again for reuse, and the registration process is complicated. (2) When a client switches among a plurality of service systems, the client needs to log in again, and the switching and logging process is complicated. (3) The customer needs to manage the user information of a plurality of service systems respectively, and the management is complex. (4) When a bank pushes out a system, its stock customer base cannot be quickly expanded to customers of a new target system. (5) The client authentication information, the client basic information, the service system information and the authority information of the client are coupled, and the expandability is poor. (6) Registration and authentication information of different service systems are managed in a subsection mode, but information sharing tends to be achieved in service, and system complexity is increased.
Disclosure of Invention
In view of the above, the present invention provides an enterprise-level business system authentication method, apparatus and system, which are used to solve at least one of the above-mentioned problems.
In order to achieve the purpose, the invention adopts the following scheme:
according to a first aspect of the present invention, there is provided an enterprise-level business system authentication method, the method comprising: receiving client login request authentication information sent by a service system server; performing login request verification according to the client login request authentication information, responding to the verification passing of the login request, and returning a login page to the client browser end; receiving account password information submitted by a client based on the login page; carrying out validity verification on the client according to the account password information; and responding to the passing of the validity verification, extracting account number associated information of the multi-service system of the client, encrypting the account number associated information and sending the encrypted account number associated information to the service system server, and opening a service system transaction page for the client after the decryption verification of the service system server passes.
According to a second aspect of the present invention, there is provided an enterprise-level business system authentication apparatus, the apparatus comprising: the first receiving unit is used for receiving client login request authentication information sent by a service system server; the login verification unit is used for verifying the login request according to the client login request authentication information and returning a login page to the client browser end in response to the verification passing of the login request; the second receiving unit is used for receiving account password information submitted by the client based on the login page; the account verification unit is used for verifying the legality of the client according to the account password information; and the login feedback unit is used for responding to the passing of the validity verification, extracting the account number associated information of the multi-service system of the client, encrypting the account number associated information and sending the encrypted account number associated information to the service system server, and opening a service system transaction page for the client after the decryption verification of the service system server passes.
According to a third aspect of the present invention, there is provided an enterprise level business system authentication system, the system comprising: the system comprises a client, a service system server and an authentication server, wherein the client is respectively in communication connection with the service system server and the authentication server, the service system server is in communication connection with the authentication server, and the authentication server comprises the enterprise-level service system authentication device.
According to a fourth aspect of the present invention, there is provided an electronic device, including a memory, a processor, and a debugging program stored in the memory and executable on the processor, where the processor implements the steps of the enterprise-level business system authentication method when executing the debugging program.
According to a fifth aspect of the present invention, there is provided a computer readable storage medium, having stored thereon a computer program, which when executed by a processor, performs the steps of the above-described enterprise level business system authentication method.
According to a sixth aspect of the present invention, there is provided a computer program product comprising computer programs/instructions which, when executed by a processor, implement the steps of the enterprise-level business system authentication method described above.
According to the enterprise-level business system authentication method, device and system provided by the embodiment of the invention, the transaction function and the authentication function are decoupled by the plurality of business systems, and the authentication function is aggregated to the authentication server, so that the independence of the authentication system is enhanced, the module division and responsibility are relatively clear, the influence of the change of the module on the transaction of other partner systems is reduced to the minimum, and the business flexibility is ensured.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts. In the drawings:
fig. 1 is a schematic flowchart of an authentication method for an enterprise-level business system according to an embodiment of the present application;
fig. 2 is a detailed flowchart of an authentication method for an enterprise-level business system according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of an authentication apparatus for an enterprise-level business system according to an embodiment of the present application;
fig. 4 is a schematic diagram illustrating an enterprise-level business system authentication system according to an embodiment of the present disclosure;
fig. 5 is a schematic diagram of an electronic device provided in an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention are further described in detail below with reference to the accompanying drawings. The exemplary embodiments and descriptions of the present invention are provided to explain the present invention, but not to limit the present invention.
It should be noted that the method, the apparatus, and the system for authenticating the enterprise-level business system disclosed in the present application may be used in the financial field, and may also be used in any field other than the financial field.
The following first presents some technical terms related to the present application in a simplified form:
the term "SM 4": the method is a block cipher algorithm and is commonly used in the fields of wireless internet encryption and the like.
The term "SM 2": a public key algorithm has an encryption strength of 256 bits.
Fig. 1 is a schematic flow chart of an authentication method for an enterprise-level business system according to an embodiment of the present disclosure, where an implementation subject of the embodiment is an authentication server, and in a specific implementation, functions of the authentication server may be integrated in an existing enterprise electronic communication certificate server, for example, so as to save development hardware cost. The method comprises the following steps:
s101: and receiving client login request authentication information sent by the service system server.
In this embodiment, when a client initiates registration and account login through a browser, for example, clicking a registration and login button in a browser page, after receiving the click message, the service system server sends a client login request authentication message to the authentication server.
Preferably, the login request authentication information in this step may be uploaded by the service system server in the form of an interface request message, and the login request authentication information may include: the interface after SM4 symmetric encryption requests message information, valid timestamp and SM2 private key signature. By the encryption transmission of the cryptographic algorithms SM4 and SM2, the login request authentication information can be effectively prevented from being tampered, the login request authentication information can be prevented from being multiplexed by the effective timestamp, and the effective operation of the system can be protected.
S102: and performing login request verification according to the client login request authentication information, responding to the verification passing of the login request, and returning a login page to the client browser.
In this embodiment, the login request verification may be authenticated through rules agreed between the service system server and the authentication server, for example, when the login request authentication information includes interface request message information symmetrically encrypted by SM4, a valid timestamp, and an SM2 private key signature, the login request verification may include the following steps: and decrypting the interface message information in the client login request authentication information according to the agreed symmetric key SM4, and using an SM2 public key reserved by the service system to check the signature.
After the login request passes the verification, the authentication center can directly return the login page to the client browser end without passing through the service system processing server, so that the system response time is shortened, and the influence on the use experience of the client due to overlong response time is avoided.
S103: and receiving account password information submitted by the client based on the login page.
S104: and carrying out validity verification on the client according to the account password information.
Preferably, in this step, the customer may be validated by comparing the account password information with the inventory information in a consistent manner.
S105: and responding to the passing of the validity verification, extracting account number associated information of the multi-service system of the client, encrypting the account number associated information and sending the encrypted account number associated information to the service system server, and opening a service system transaction page for the client after the decryption verification of the service system server passes.
In this embodiment, an enterprise client only needs one account in a plurality of business systems, and can enter account information into the authentication server by a worker by signing a unified access agreement on a counter, so that the account association information in this embodiment may include the following information: the corresponding service system information opened by the account number, the authority information of the account number in the corresponding service system and the like. In addition, if the enterprise client has registered one or more business system accounts through the registration page, the enterprise client can also sign a unified access agreement to the counter and reserve one account to open the login authority of other required business systems. Through the association of the multi-service system account in the authentication server, the authentication functions of the service systems can be gathered together, and the experience of a client is improved.
Preferably, the step of encrypting the account number association information and sending the encrypted account number association information to the service system server may include: and symmetrically encrypting the account related information by using SM4 to generate a unified token, attaching a valid timestamp and an SM2 private key signature, and sending the token and the signature to the service system server. Correspondingly, the decryption and verification of the service system server in the step comprises the following steps: the service system server uses the SM2 public key to check the signature after being decrypted by the symmetric key SM4 agreed by both parties.
Preferably, in this step, after receiving the unified token, the service system server may further perform integrity check on the unified token after the token is restored, and if the integrity check fails, notify the authentication server to resend the unified token. As can be seen from the above description, the present embodiment adopts the mutual authentication of the unified token based on the country password, so as to ensure the integrity and consistency of the storage, transmission and verification of the user information, and avoid the risk of tampering by unauthorized tampering information.
In order to more clearly illustrate the present application, the method flow of the present application is further illustrated by fig. 2, and fig. 2 is a detailed flow diagram of an enterprise-level business system authentication method provided by an embodiment of the present application, where the method includes the following steps: a client browser side initiates a login request authentication to a service system server; after receiving the request, the service system server sends client login request authentication information to the enterprise electronic pass server after carrying out SM4 encryption and SM2 signature on the interface information; after receiving the login request interface information, the enterprise electronic pass server analyzes the interface information message to obtain an api, a ciphertext and a signature, then carries out SM4 decryption according to a corresponding symmetric key, carries out SM2 signature verification on the content, and opens an authentication service page in a client browser page for a client after the signature verification passes; the client browser inputs an account password in an authentication service page to log in, and the account password information is sent to an enterprise electronic pass server through a network; after receiving the account password information, the enterprise electronic pass server carries out validity check on the account password information, extracts account related information of the client multi-service system after the check is passed, encrypts the account related information by using SM4 and signs by using SM2, generates a unified token and sends the unified token to the service system server; and the service system server restores the received token and checks the integrity of the token, continues to use the symmetric key to decrypt SM4 after the integrity check is passed, performs public key SM2 signature check on the content, and opens a transaction page of the service system for the client browser to operate by the client after the signature check is passed.
In summary, the enterprise-level business system authentication method provided in the embodiments of the present invention decouples the transaction function and the authentication function by the multiple business systems, and aggregates the authentication function to the authentication server, so that the authentication system independence is enhanced, the module division and responsibility are relatively clear, the change of the module itself has the smallest influence on the transactions of other partner systems, and the business flexibility is ensured.
Fig. 3 is a schematic structural diagram of an authentication apparatus for an enterprise-level service system according to an embodiment of the present application, where the apparatus includes: the system comprises a first receiving unit 310, a login verification unit 320, a second receiving unit 330, an account verification unit 340 and a login feedback unit 350, wherein the first receiving unit 310 is connected with the login verification unit 320, and the account verification unit 340 is respectively connected with the second receiving unit 330 and the login feedback unit 350.
The first receiving unit 310 is used for receiving the client login request authentication information sent by the service system server.
Preferably, the client login request authentication information comprises interface request message information symmetrically encrypted by SM4, a valid timestamp and an SM2 private key signature.
The login verifying unit 320 is configured to verify a login request according to the client login request authentication information received by the first receiving unit 310, and return a login page to the client browser in response to verification of the login request.
Preferably, the login request verifying unit 320 may specifically perform login request verification on the client login request authentication information by: and decrypting the interface message information in the client login request authentication information according to the agreed symmetric key SM4, and using an SM2 public key reserved by the service system to check the signature.
The second receiving unit 330 is configured to receive account password information submitted by the customer based on the login page.
The account verification unit 340 is configured to verify the validity of the customer according to the account password information received by the second receiving unit 330.
Preferably, the verifying the validity of the customer according to the account password information by the account verifying unit 340 may specifically include: and comparing the account password information with inventory information in a consistency manner to verify the legality of the customer.
The login feedback unit 350 is configured to, in response to the validity verification being passed, extract account number associated information of the multi-service system of the client, encrypt the account number associated information, and send the encrypted account number associated information to the service system server, and open a service system transaction page for the client after the service system server decrypts the verification being passed.
Preferably, the account associated information includes information of a corresponding service system opened by the account and authority information of the account in the corresponding service system.
Preferably, the encrypting the account association information and sending the encrypted account association information to the service system server by the login feedback unit 350 may specifically include: and symmetrically encrypting the account related information by using SM4 to generate a unified token, attaching a valid timestamp and an SM2 private key signature, and sending the token and the signature to the service system server.
Correspondingly, the decryption verification of the service system server comprises the following steps: the service system server uses the SM2 public key to check the signature after being decrypted by the symmetric key SM4 agreed by both parties.
And after receiving the unified token, the preferable service system server can also perform integrity check on the unified token, and if the integrity check fails, the preferable service system server informs the authentication server to resend the unified token.
For the detailed description of each unit, reference may be made to the corresponding description in the foregoing method embodiment, and details are not repeated here.
The enterprise-level business system authentication device provided by the embodiment of the invention has the advantages that the transaction function and the authentication function are decoupled by the plurality of business systems, and the authentication function is gathered to the authentication server, so that the independence of the authentication system is enhanced, the module division and responsibility are relatively clear, the influence of the change of the module on the transaction of other partner systems is reduced to the minimum, and the business flexibility is ensured. In addition, the two-way authentication of the unified token based on the state password is adopted, so that the integrity and consistency of storage, transmission and verification of user information can be ensured, and the risk of tampering unauthorized tampering information is avoided.
Fig. 4 is a schematic diagram illustrating a configuration of an authentication system for an enterprise-level business system according to an embodiment of the present application, where the system includes: the system comprises a client 401, a service system server 402 and an authentication server 403, wherein the client 401 is respectively connected with the service system server 402 and the authentication server 403 in a communication way, the service system server 402 is connected with the authentication server 403 in a communication way, and the authentication server 403 comprises the enterprise-level service system authentication device.
The enterprise-level business system authentication system provided by the embodiment of the invention has the advantages that the transaction function and the authentication function are decoupled by the plurality of business systems, and the authentication function is gathered to the authentication server, so that the independence of the authentication system is enhanced, the module division and responsibility are relatively clear, the influence of the change of the module on the transaction of other partner systems is reduced to the minimum, and the business flexibility is ensured. In addition, the two-way authentication of the unified token based on the state password is adopted, so that the integrity and consistency of storage, transmission and verification of user information can be ensured, and the risk of tampering unauthorized tampering information is avoided.
Fig. 5 is a schematic diagram of an electronic device provided in an embodiment of the present invention. The electronic device shown in fig. 5 is a general-purpose data processing apparatus comprising a general-purpose computer hardware structure including at least a processor 501 and a memory 502. The processor 501 and the memory 502 are connected by a bus 503. The memory 502 is adapted to store one or more instructions or programs executable by the processor 501. The one or more instructions or programs are executed by processor 501 to implement the steps in the enterprise level business system authentication method.
The processor 501 may be an independent microprocessor or a set of one or more microprocessors. Thus, the processor 501 implements the processing of data and the control of other devices by executing commands stored in the memory 502 to execute the method flows of the embodiments of the present invention as described above. The bus 503 connects the above components together, and also connects the above components to a display controller 504 and a display device and an input/output (I/O) device 505. Input/output (I/O) device 505 may be a mouse, keyboard, modem, network interface, touch input device, motion sensitive input device, printer, and other devices known in the art. Typically, input/output (I/O) devices 505 are connected to the system through an input/output (I/O) controller 506.
The memory 502 may store, among other things, software components such as an operating system, communication modules, interaction modules, and application programs. Each of the modules and applications described above corresponds to a set of executable program instructions for performing one or more functions and methods described in embodiments of the invention.
Embodiments of the present invention further provide a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the steps of the above-mentioned enterprise-level business system authentication method.
An embodiment of the present invention further provides a computer program product, which includes a computer program/instruction, and when the computer program/instruction is executed by a processor, the steps of the authentication method for the enterprise-level business system are implemented.
In summary, the enterprise-level business system authentication method, device and system provided by the embodiments of the present invention can decouple the transaction function and the authentication function from a plurality of business systems, and aggregate the authentication function to the authentication server, so that the independence of the authentication system is enhanced, the module division and responsibility are relatively clear, the change of the module itself has the least influence on the transactions of other partner systems, and the flexibility of the business is ensured. In addition, the two-way authentication of the unified token based on the state password is adopted, so that the integrity and consistency of storage, transmission and verification of user information can be ensured, and the risk of tampering unauthorized tampering information is avoided.
The preferred embodiments of the present invention have been described above with reference to the accompanying drawings. The many features and advantages of the embodiments are apparent from the detailed specification, and thus, it is intended by the appended claims to cover all such features and advantages of the embodiments which fall within the true spirit and scope thereof. Further, since numerous modifications and changes will readily occur to those skilled in the art, it is not desired to limit the embodiments of the invention to the exact construction and operation illustrated and described, and accordingly, all suitable modifications and equivalents may be resorted to, falling within the scope thereof.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (12)
1. An enterprise-level business system authentication method, comprising:
receiving client login request authentication information sent by a service system server;
performing login request verification according to the client login request authentication information, responding to the verification passing of the login request, and returning a login page to the client browser end;
receiving account password information submitted by a client based on the login page;
carrying out validity verification on the client according to the account password information;
and responding to the passing of the validity verification, extracting account number associated information of the multi-service system of the client, encrypting the account number associated information and sending the encrypted account number associated information to the service system server, and opening a service system transaction page for the client after the decryption verification of the service system server passes.
2. The enterprise-level business system authentication method of claim 1, wherein the client login request authentication information comprises: the interface after SM4 symmetric encryption requests message information, valid timestamp and SM2 private key signature.
3. The enterprise-level business system authentication method of claim 2, wherein said performing login request verification based on said client login request authentication information comprises:
and decrypting the interface message information in the client login request authentication information according to the agreed symmetric key SM4, and using an SM2 public key reserved by the service system to check the signature.
4. The authentication method of enterprise-level business system according to claim 1, wherein said verifying the validity of the client according to the account password information comprises: and comparing the account password information with inventory information in a consistency manner to verify the legality of the customer.
5. The enterprise-level business system authentication method of claim 1,
the step of encrypting the account number association information and then sending the encrypted account number association information to the service system server comprises the following steps: the account number associated information is symmetrically encrypted by using SM4 to generate a unified token, and a valid effective timestamp and an SM2 private key signature are attached to the unified token and sent to the business system server;
the decryption verification of the service system server comprises the following steps: the service system server uses the SM2 public key to check the signature after being decrypted by the symmetric key SM4 agreed by both parties.
6. The authentication method of enterprise business system according to claim 5, wherein said business system server performs integrity check on said unified token after receiving said unified token, and if the integrity check fails, notifies the authentication server to resend the unified token.
7. The authentication method of the enterprise-level business system according to claim 5, wherein the account association information includes information of a corresponding business system opened by the account and authority information of the account in the corresponding business system.
8. An enterprise-level business system authentication apparatus, comprising:
the first receiving unit is used for receiving client login request authentication information sent by a service system server;
the login verification unit is used for verifying the login request according to the client login request authentication information and returning a login page to the client browser end in response to the verification passing of the login request;
the second receiving unit is used for receiving account password information submitted by the client based on the login page;
the account verification unit is used for verifying the legality of the client according to the account password information;
and the login feedback unit is used for responding to the passing of the validity verification, extracting account number associated information of the multi-service system of the client, encrypting the account number associated information and sending the encrypted account number associated information to the service system server, and opening a service system transaction page for the client after the decryption verification of the service system server passes.
9. An enterprise-level business system authentication system, the system comprising: the system comprises a client, a service system server and an authentication server, wherein the client is respectively in communication connection with the service system server and the authentication server, the service system server is in communication connection with the authentication server, and the authentication server comprises the enterprise-level service system authentication device as claimed in claim 8.
10. An electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor when executing the computer program performs the steps of the enterprise level business system authentication method of any one of claims 1 to 7.
11. A computer-readable storage medium, having stored thereon a computer program, wherein the computer program, when executed by a processor, performs the steps of the enterprise-level business system authentication method of any one of claims 1 to 7.
12. A computer program product comprising computer programs/instructions, characterized in that the computer programs/instructions, when executed by a processor, implement the steps of the enterprise-level business system authentication method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210741336.8A CN115134144A (en) | 2022-06-28 | 2022-06-28 | Enterprise-level business system authentication method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210741336.8A CN115134144A (en) | 2022-06-28 | 2022-06-28 | Enterprise-level business system authentication method, device and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115134144A true CN115134144A (en) | 2022-09-30 |
Family
ID=83379343
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210741336.8A Pending CN115134144A (en) | 2022-06-28 | 2022-06-28 | Enterprise-level business system authentication method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115134144A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106330918A (en) * | 2016-08-26 | 2017-01-11 | 杭州迪普科技有限公司 | Multi-system login method and device |
| CN108600203A (en) * | 2018-04-11 | 2018-09-28 | 四川长虹电器股份有限公司 | Secure Single Sign-on method based on Cookie and its unified certification service system |
| CN109815656A (en) * | 2018-12-11 | 2019-05-28 | 平安科技(深圳)有限公司 | Login authentication method, device, equipment and computer readable storage medium |
| CN109981561A (en) * | 2019-01-17 | 2019-07-05 | 华南理工大学 | Monomer architecture system moves to the user authen method of micro services framework |
| CN113746811A (en) * | 2021-08-13 | 2021-12-03 | 网宿科技股份有限公司 | Login method, device, equipment and readable storage medium |
-
2022
- 2022-06-28 CN CN202210741336.8A patent/CN115134144A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106330918A (en) * | 2016-08-26 | 2017-01-11 | 杭州迪普科技有限公司 | Multi-system login method and device |
| CN108600203A (en) * | 2018-04-11 | 2018-09-28 | 四川长虹电器股份有限公司 | Secure Single Sign-on method based on Cookie and its unified certification service system |
| CN109815656A (en) * | 2018-12-11 | 2019-05-28 | 平安科技(深圳)有限公司 | Login authentication method, device, equipment and computer readable storage medium |
| CN109981561A (en) * | 2019-01-17 | 2019-07-05 | 华南理工大学 | Monomer architecture system moves to the user authen method of micro services framework |
| CN113746811A (en) * | 2021-08-13 | 2021-12-03 | 网宿科技股份有限公司 | Login method, device, equipment and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10917246B2 (en) | System and method for blockchain-based cross-entity authentication | |
| US11038670B2 (en) | System and method for blockchain-based cross-entity authentication | |
| EP3788523B1 (en) | System and method for blockchain-based cross-entity authentication | |
| WO2021000420A1 (en) | System and method for blockchain-based cross-entity authentication | |
| CN111080295B (en) | Electronic contract processing method and device based on blockchain | |
| US8843415B2 (en) | Secure software service systems and methods | |
| CN110535648B (en) | Electronic certificate generation and verification and key control method, device, system and medium | |
| US20080235513A1 (en) | Three Party Authentication | |
| CN109450843B (en) | SSL certificate management method and system based on block chain | |
| EP2251810B1 (en) | Authentication information generation system, authentication information generation method, and authentication information generation program utilizing a client device and said method | |
| CA2914956C (en) | System and method for encryption | |
| Guarnizo et al. | PDFS: practical data feed service for smart contracts | |
| CN105162607A (en) | Authentication method and system of payment bill voucher | |
| CN110189184B (en) | Electronic invoice storage method and device | |
| CN102111378A (en) | Signature verification system | |
| CN112532656B (en) | Block chain-based data encryption and decryption method and device and related equipment | |
| CN112235301B (en) | Access right verification method and device and electronic equipment | |
| CN113748657A (en) | Method, node, system and computer-readable storage medium for license authentication | |
| Bryce | A security framework for a mobile agent system | |
| CN113312576A (en) | Page jump method, system and device | |
| CN113869901B (en) | Key generation method, key generation device, computer-readable storage medium and computer equipment | |
| KR20080012402A (en) | Method for authenticating and decrypting of short message based on public key | |
| CN115664668A (en) | Private data processing method and device | |
| CN115134144A (en) | Enterprise-level business system authentication method, device and system | |
| CN113706261A (en) | Block chain-based power transaction method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |