WO2015188568A1 - Public cloud-based authentication method, security authentication middleware and cloud computing resource pool - Google Patents

Public cloud-based authentication method, security authentication middleware and cloud computing resource pool Download PDF

Info

Publication number
WO2015188568A1
WO2015188568A1 PCT/CN2014/089596 CN2014089596W WO2015188568A1 WO 2015188568 A1 WO2015188568 A1 WO 2015188568A1 CN 2014089596 W CN2014089596 W CN 2014089596W WO 2015188568 A1 WO2015188568 A1 WO 2015188568A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
cloud computing
resource pool
computing resource
middleware
Prior art date
Application number
PCT/CN2014/089596
Other languages
French (fr)
Chinese (zh)
Inventor
王雪玉
李炀
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2015188568A1 publication Critical patent/WO2015188568A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the invention relates to the field of authentication technology in a public environment, in particular to a public cloud-based authentication method, a security authentication middleware and a cloud computing resource pool.
  • Cloud computing is an add-on, use, and delivery model of Internet-based related services that typically involves providing dynamically scalable and often virtualized resources over the Internet. Since cloud computing involves personal and business computing models and involves sensitive information from individuals and businesses, centralized storage of information can easily lead to security issues.
  • the embodiment of the invention provides a public cloud-based authentication method, a security authentication middleware and a cloud computing resource pool, so as to at least solve the technical problem that the existing security authentication is difficult to adapt to the security authentication in the cloud computing environment.
  • the present invention provides a public cloud-based authentication method, which is applied to a security authentication middleware, and the public cloud-based authentication method includes the following steps:
  • the cloud computing resource pool queries the corresponding authentication policy
  • the information about the prompting password input corresponding to the authentication policy sent by the cloud computing resource pool is received, and the prompting input password information is sent to the user terminal;
  • the authentication service includes: a static password authentication service, a dynamic password authentication service, a USB Key authentication service, a smart card authentication service, a digital certificate authentication service, and a biometric authentication service;
  • the public cloud-based authentication method further includes: expanding a corresponding interface in the security authentication middleware according to the authentication service, to communicate with the cloud computing resource pool through the interface.
  • the method further includes: receiving an authentication result returned by the authentication server, and transmitting the authentication result to the user terminal.
  • the present invention further provides a public cloud-based authentication method, which is applied to a cloud computing resource pool, and the public cloud-based authentication method includes the following steps:
  • the query sent by the security authentication middleware corresponds to the query instruction of the authentication policy of the authentication service, and queries the resource in the cloud computing resource pool according to the query instruction;
  • the information indicating the password input corresponding to the authentication policy is returned to the security authentication middleware.
  • the method further includes: integrating an authentication policy of each authentication service, and adding the integrated authentication policy to the resource of the cloud computing resource pool.
  • the present invention further provides a security authentication middleware, where the security authentication middleware includes:
  • An obtaining module configured to receive an authentication request of the user terminal, and obtain an authentication service in the authentication request
  • a sending module configured to send, to the cloud computing resource pool, a query instruction corresponding to the authentication policy of the authentication service
  • the first receiving module is configured to: when the cloud computing resource pool queries the corresponding authentication policy, receive information about the prompting password input corresponding to the authentication policy sent by the cloud computing resource pool, and input the information of the prompting password Sent to the user terminal;
  • the second receiving module is configured to receive the input password sent by the user terminal, and send the input password to the authentication server for authentication.
  • the authentication service includes: a static password authentication service, a dynamic password authentication service, a USB Key authentication service, a smart card authentication service, a digital certificate authentication service, and a biometric authentication service;
  • the security authentication middleware further includes: an expansion module, configured to expand a corresponding interface in the security authentication middleware according to the authentication service, to communicate with the cloud computing resource pool through the interface.
  • the security authentication middleware further includes: a third receiving module, configured to receive an authentication result returned by the authentication server, and send the authentication result to the user terminal.
  • a third receiving module configured to receive an authentication result returned by the authentication server, and send the authentication result to the user terminal.
  • the present invention further provides a cloud computing resource pool, where the cloud computing resource pool includes:
  • the querying module is configured to receive a query command sent by the security authentication middleware corresponding to the authentication policy of the authentication service, and query the resource in the cloud computing resource pool according to the query instruction;
  • the returning module is configured to, when the corresponding authentication policy is queried, return information of the prompting input password corresponding to the authentication policy to the security authentication middleware.
  • the cloud computing resource pool further includes:
  • the module is added to integrate the authentication policy of each authentication service, and the integrated authentication policy is added to the resource of the cloud computing resource pool.
  • the invention provides a public cloud-based authentication method, a security authentication middleware and a cloud computing resource pool, and combines the security authentication with the security authentication middleware and the cloud computing resource pool, and uses the existing cloud security authentication center as a cloud computing resource.
  • a part of the pool does not require the cloud security authentication center to provide a corresponding database or management portal. Instead, the security authentication middleware expands the corresponding interface according to different authentication services, and communicates with the cloud computing resource pool through the interface.
  • security authentication is also open to users as a service resource, enabling security authentication in a cloud computing environment, and providing a variety of security authentication services for individuals or enterprises with increasingly complex services.
  • FIG. 1 is a schematic flowchart of a first embodiment of a public cloud-based authentication method according to the present invention
  • FIG. 2 is a schematic diagram of interaction between a cloud computing resource pool, a cloud computing resource pool, and a user terminal shown in FIG. 1;
  • FIG. 3 is a schematic flowchart of a second embodiment of a public cloud-based authentication method according to the present invention.
  • FIG. 4 is a schematic flowchart of a third embodiment of a public cloud-based authentication method according to the present invention.
  • FIG. 5 is a schematic flowchart of a fourth embodiment of a public cloud-based authentication method according to the present invention.
  • FIG. 6 is a schematic flowchart of a fifth embodiment of a public cloud-based authentication method according to the present invention.
  • FIG. 7 is a schematic diagram of functional modules of an embodiment of a security authentication middleware according to the present invention.
  • FIG. 8 is a schematic diagram of functional modules of an embodiment of a cloud computing resource pool according to the present invention.
  • the present invention provides a public cloud-based authentication method, which is applied to a security authentication middleware.
  • the public cloud-based authentication method includes:
  • Step S101 Receive an authentication request of the user terminal, and obtain an authentication service in the authentication request.
  • middleware is an independent system software or service program, and distributed application software uses middleware to share resources among different technologies. For connected systems, even if the two have different interfaces, they can exchange information with each other through the middleware.
  • the security authentication middleware is used for the security authentication of the embodiment.
  • different users have different authentication services, and the security authentication middleware communicates with different user terminals to receive authentication requests sent by different user terminals.
  • the authentication request includes the authentication service requested by the user.
  • the security authentication middleware can obtain the authentication service of the user according to the authentication request, such as a static password authentication service, a dynamic password authentication service, or a USB Key authentication service. and many more.
  • Step S102 sending a query instruction corresponding to the authentication policy of the authentication service to the cloud computing resource pool;
  • the corresponding authentication service is extended to the corresponding interface in the security authentication middleware, so that after obtaining the authentication service of the user, the security authentication middleware can send the query instruction of the authentication service to the cloud computing resource pool through the corresponding interface.
  • the authentication policy is a small part of the resources in the cloud computing resource pool, which is specifically an authentication method corresponding to the authentication service, such as an authentication method of static password authentication or an authentication method of static password authentication.
  • step S103 when the cloud computing resource pool queries the corresponding authentication policy, the information about the prompt input password corresponding to the authentication policy sent by the cloud computing resource pool is received, and the prompting input password information is sent to the User terminal
  • the related computing tables and related pages required for the authentication of the authentication service are added in advance in the cloud computing resource pool, and the authentication policies of different authentication services are obtained and integrated into the resources of the cloud computing resource pool.
  • the cloud computing resource pool after receiving the query instruction, queries the authentication policy corresponding to the authentication service. When the corresponding authentication policy is queried, the cloud computing resource pool sends the information indicating the password input corresponding to the authentication policy to the security authentication middleware, and the security authentication middleware forwards the information indicating the password input to the user terminal.
  • the cloud computing resource pool sends the prompt information of the dynamic password that needs to be input to the dynamic authentication middleware when the dynamic password authentication authentication policy is queried.
  • Step S104 Receive an input password sent by the user terminal, and send the input password to an authentication server for authentication.
  • the security authentication middleware After the security authentication middleware forwards the information indicating the input password to the user terminal, the user inputs an input password according to the information, and sends the input input password to the security authentication middleware, and the security authentication middleware sends the input password. Authenticate the authentication server.
  • the embodiment Compared with the prior art, the embodiment combines the security authentication with the security authentication middleware and the cloud computing resource pool, and the prior art cloud security authentication center is used as a part of the cloud computing resource pool, and does not need to be provided by the cloud security certification center.
  • Corresponding database or management portal, etc. but add a related table of security authentication in the database of the cloud computing resource pool, and add relevant pages of security authentication in the management portal of the cloud computing resource pool, that is, security authentication is also used as a service.
  • Resources are open to users, and they can provide a variety of security authentication services for individuals or businesses that are increasingly complex.
  • the security authentication middleware can shield the security authentication device from different security authentication devices, so that the user faces a specific security authentication service instead of a complicated security authentication device; the security authentication middleware can also By expanding the interfaces of security certification devices of different vendors to increase the number of security authentication services, it can provide rich security authentication services to meet the diverse security authentication requirements of users.
  • the embodiment further includes:
  • step S100 the corresponding interface is extended in the security authentication middleware according to the authentication service, so as to communicate with the cloud computing resource pool through the interface, where the authentication service includes: a static password authentication service, Dynamic password authentication service, USB Key authentication service, smart card authentication service, digital certificate authentication service, and biometric authentication service.
  • the authentication service includes: a static password authentication service, Dynamic password authentication service, USB Key authentication service, smart card authentication service, digital certificate authentication service, and biometric authentication service.
  • Step S100 of this embodiment may be located before step S101 or between step S101 and step S102.
  • the security authentication middleware since the corresponding interface is extended in the security authentication middleware according to the authentication service, the security authentication middleware supports a unified communication mode and message structure when performing security authentication, and can also shield different security authentication device vendors. The difference in security certification capabilities.
  • the security authentication middleware can provide a corresponding independent interface based on the security authentication capability, and can interact with the cloud computing resource pool by using a unified communication mode and message structure, and is managed by The ability to add this security authentication capability to the management portal is sufficient.
  • the embodiment further includes:
  • Step S105 Receive an authentication result returned by the authentication server, and send the authentication result to the user terminal.
  • the authentication server receives the input password sent by the security authentication middleware, and matches the input password with the password in the pre-existing authentication server.
  • the matching authentication result is sent to the security authentication middleware.
  • the security authentication middleware then sends it to the user terminal for display. If the match is unsuccessful, the authentication server also sends the authentication result that matches the failure to the authentication server, and the security authentication middleware sends it to the user terminal.
  • the present invention also provides another public cloud-based authentication method, which is applied to a cloud computing resource pool.
  • the public cloud-based authentication method includes:
  • Step S201 receiving a query instruction sent by the security authentication middleware corresponding to the authentication policy of the authentication service, and querying resources in the cloud computing resource pool according to the query instruction;
  • the cloud computing resource pool receives the query instruction of the security authentication middleware, and the authentication policy is a small part of the resource in the cloud computing resource pool, which is specifically an authentication method corresponding to the authentication service, such as static password authentication. Authentication method or authentication method for static password authentication.
  • the related computing tables and related pages required for the authentication of the authentication service are added in advance in the cloud computing resource pool, and the authentication policies of different authentication services are obtained and integrated into the resources of the cloud computing resource pool.
  • the cloud computing resource pool after receiving the query instruction, the cloud computing resource pool queries the authentication policy corresponding to the authentication service.
  • step S202 when the corresponding authentication policy is queried, the information indicating the password input corresponding to the authentication policy is returned to the security authentication middleware.
  • the cloud computing resource pool When the corresponding authentication policy is queried, the cloud computing resource pool sends the information indicating the password input corresponding to the authentication policy to the security authentication middleware, so that the security authentication middleware forwards the information prompting the input password to the user terminal.
  • the cloud computing resource pool sends the prompt information of the dynamic password that needs to be input to the dynamic authentication middleware when the dynamic password authentication authentication policy is queried.
  • the embodiment further includes:
  • step S200 the authentication policy of each authentication service is integrated, and the integrated authentication policy is added to the resources of the cloud computing resource pool.
  • a related table, a related page, and the like required for different authentication service security authentications are added in advance in the cloud computing resource pool, and authentication policies of different authentication services are obtained, and are integrated and added as a cloud computing resource pool. resource of.
  • the security authentication middleware includes:
  • the obtaining module 101 is configured to receive an authentication request of the user terminal, and obtain an authentication service in the authentication request.
  • middleware is an independent system software or service program, and distributed application software uses middleware to share resources among different technologies. For connected systems, even if the two have different interfaces, they can exchange information with each other through the middleware.
  • the security authentication middleware is used for the security authentication of the embodiment.
  • different users have different authentication services, and the security authentication middleware communicates with different user terminals to receive authentication requests sent by different user terminals.
  • the authentication request includes the authentication service requested by the user.
  • the security authentication middleware can obtain the authentication service of the user according to the authentication request, such as a static password authentication service, a dynamic password authentication service, or a USB Key authentication service. and many more.
  • the sending module 102 is configured to send, to the cloud computing resource pool, a query instruction corresponding to the authentication policy of the authentication service;
  • the corresponding authentication service is extended to the corresponding interface in the security authentication middleware, so that after obtaining the authentication service of the user, the security authentication middleware can send the query instruction of the authentication service to the cloud computing resource pool through the corresponding interface.
  • the authentication policy is a small part of the resources in the cloud computing resource pool, which is specifically an authentication method corresponding to the authentication service, such as an authentication method of static password authentication or an authentication method of static password authentication.
  • the first receiving module 103 is configured to: when the cloud computing resource pool queries the corresponding authentication policy, receive the information of the prompting input password corresponding to the authentication policy sent by the cloud computing resource pool, and input the prompt into the password Sending information to the user terminal;
  • the related computing tables and related pages required for the authentication of the authentication service are added in advance in the cloud computing resource pool, and the authentication policies of different authentication services are obtained and integrated into the resources of the cloud computing resource pool.
  • the cloud computing resource pool after receiving the query instruction, queries the authentication policy corresponding to the authentication service. When the corresponding authentication policy is queried, the cloud computing resource pool sends the information indicating the password input corresponding to the authentication policy to the security authentication middleware, and the security authentication middleware forwards the information indicating the password input to the user terminal.
  • the cloud computing resource pool sends the prompt information of the dynamic password that needs to be input to the dynamic authentication middleware when the dynamic password authentication authentication policy is queried.
  • the second receiving module 104 is configured to receive an input password sent by the user terminal, and send the input password to an authentication server for authentication.
  • the security authentication middleware After the security authentication middleware forwards the information indicating the input password to the user terminal, the user inputs an input password according to the information, and sends the input input password to the security authentication middleware, and the security authentication middleware sends the input password. Authenticate the authentication server.
  • the security authentication middleware further includes: an expansion module, configured to expand a corresponding interface in the security authentication middleware according to the authentication service, to Communicating with the cloud computing resource pool through the interface.
  • the authentication service includes: static password authentication service, dynamic password authentication service, USB Key authentication service, smart card authentication service, digital certificate authentication service, and biometric authentication service.
  • the security authentication middleware since the corresponding interface is extended in the security authentication middleware according to the authentication service, the security authentication middleware supports a unified communication mode and message structure when performing security authentication, and can also shield different security authentication device vendors. The difference in security certification capabilities.
  • the security authentication middleware can provide a corresponding independent interface based on the security authentication capability, and can interact with the cloud computing resource pool by using a unified communication mode and message structure, and is managed by The ability to add this security authentication capability to the management portal is sufficient.
  • the security authentication middleware further includes: a third receiving module, configured to receive an authentication result returned by the authentication server, and send the authentication result To the user terminal.
  • the authentication server receives the input password sent by the security authentication middleware, and matches the input password with the password in the pre-existing authentication server.
  • the matching authentication result is sent to the security authentication middleware.
  • the security authentication middleware then sends it to the user terminal for display. If the match is unsuccessful, the authentication server also sends the authentication result that matches the failure to the authentication server, and the security authentication middleware sends it to the user terminal.
  • the present invention further provides a cloud computing resource pool.
  • the cloud computing resource pool includes:
  • the querying module 201 is configured to receive a query command sent by the security authentication middleware and query the authentication policy of the authentication service, and query the resource in the cloud computing resource pool according to the query instruction;
  • the cloud computing resource pool receives the query instruction of the security authentication middleware, and the authentication policy is a small part of the resource in the cloud computing resource pool, which is specifically an authentication method corresponding to the authentication service, such as static password authentication. Authentication method or authentication method for static password authentication.
  • the related computing tables and related pages required for the authentication of the authentication service are added in advance in the cloud computing resource pool, and the authentication policies of different authentication services are obtained and integrated into the resources of the cloud computing resource pool.
  • the cloud computing resource pool after receiving the query instruction, the cloud computing resource pool queries the authentication policy corresponding to the authentication service.
  • the returning module 202 is configured to, when the corresponding authentication policy is queried, return information of the prompting input password corresponding to the authentication policy to the security authentication middleware.
  • the cloud computing resource pool When the corresponding authentication policy is queried, the cloud computing resource pool sends the information indicating the password input corresponding to the authentication policy to the security authentication middleware, so that the security authentication middleware forwards the information prompting the input password to the user terminal.
  • the cloud computing resource pool sends the prompt information of the dynamic password that needs to be input to the dynamic authentication middleware when the dynamic password authentication authentication policy is queried.
  • the cloud computing resource pool further includes: an adding module, configured to integrate an authentication policy of each authentication service, and add the integrated authentication policy to the The resource of the cloud computing resource pool.
  • a related table, a related page, and the like required for different authentication service security authentications are added in advance in the cloud computing resource pool, and authentication policies of different authentication services are obtained, and are integrated and added as a cloud computing resource pool. resource of.
  • the public cloud-based authentication method, the security authentication middleware, and the cloud computing resource pool provided by the embodiments of the present invention have the following beneficial effects:
  • the prior art cloud security authentication center is used as a part of the cloud computing resource pool.
  • the cloud security authentication center does not need to provide a corresponding database or management portal.
  • the security authentication middleware expands the corresponding interface according to different authentication services, and communicates with the cloud computing resource pool through the interface, in the cloud computing resource pool.
  • Security authentication is also open to users as a service resource, enabling security authentication in a cloud computing environment, and providing a wide variety of security authentication services for individuals or businesses with increasingly complex services.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Disclosed is a public cloud-based authentication method, which is applied to a security authentication middleware. The method comprises the steps of: receiving an authentication request of a user terminal, and acquiring an authentication service in the authentication request; sending a query instruction corresponding to an authentication policy of the authentication service to a cloud computing resource pool; when the cloud computing resource pool queries the corresponding authentication policy, receiving information for prompting an input password which is sent by the cloud computing resource pool and corresponds to the authentication policy, and sending the information for prompting the input password to the user terminal; and receiving the input password sent by the user terminal, and sending the input password to an authentication server for authentication. Also disclosed are another public cloud-based authentication method, a security authentication middleware and a cloud computing resource pool. The present invention can realize the security authentication in a cloud computing environment, and the security authentication services are relatively rich.

Description

基于公有云的认证方法、安全认证中间件及云计算资源池Public cloud-based authentication method, security authentication middleware, and cloud computing resource pool 技术领域Technical field
本发明涉及公有环境下认证技术领域,尤其涉及一种基于公有云的认证方法、安全认证中间件及云计算资源池。The invention relates to the field of authentication technology in a public environment, in particular to a public cloud-based authentication method, a security authentication middleware and a cloud computing resource pool.
背景技术Background technique
云计算(cloud computing)是基于互联网的相关服务的增加、使用和交付模式,通常涉及通过互联网来提供动态易扩展且经常是虚拟化的资源。由于云计算涉及个人和企业的运算模式,且涉及个人和企业的敏感信息,因此信息的集中存放容易引发安全问题。Cloud computing is an add-on, use, and delivery model of Internet-based related services that typically involves providing dynamically scalable and often virtualized resources over the Internet. Since cloud computing involves personal and business computing models and involves sensitive information from individuals and businesses, centralized storage of information can easily lead to security issues.
传统的安全认证技术包括静态密码认证、动态密码认证、智能卡认证等等。在现有技术条件下,每一种安全认证技术集成在一种安全认证设备中,这样的安全认证方式对于个人或者企业越来越复杂的业务来说,无疑太过于单一,难以适应云计算环境下的安全认证的需求。Traditional security authentication technologies include static password authentication, dynamic password authentication, smart card authentication, and so on. Under the existing technical conditions, each security authentication technology is integrated into a security authentication device. Such a security authentication method is undoubtedly too singular for an individual or an enterprise with increasingly complex business, and is difficult to adapt to a cloud computing environment. The need for security certification.
发明内容Summary of the invention
本发明实施例提供了一种基于公有云的认证方法、安全认证中间件及云计算资源池,以至少解决现有的安全认证难以适应云计算环境下的安全认证的技术问题。The embodiment of the invention provides a public cloud-based authentication method, a security authentication middleware and a cloud computing resource pool, so as to at least solve the technical problem that the existing security authentication is difficult to adapt to the security authentication in the cloud computing environment.
为实现上述目的,本发明提供一种基于公有云的认证方法,应用于安全认证中间件中,所述基于公有云的认证方法包括以下步骤:To achieve the above objective, the present invention provides a public cloud-based authentication method, which is applied to a security authentication middleware, and the public cloud-based authentication method includes the following steps:
接收用户终端的认证请求,获取所述认证请求中的认证业务;Receiving an authentication request of the user terminal, and acquiring an authentication service in the authentication request;
向云计算资源池发送对应所述认证业务的认证策略的查询指令;Sending, by the cloud computing resource pool, a query instruction corresponding to the authentication policy of the authentication service;
当云计算资源池查询到对应的认证策略时,接收所述云计算资源池发送的与所述认证策略对应的提示输入口令的信息,将所述提示输入口令的信息发送给所述用户终端;When the cloud computing resource pool queries the corresponding authentication policy, the information about the prompting password input corresponding to the authentication policy sent by the cloud computing resource pool is received, and the prompting input password information is sent to the user terminal;
接收所述用户终端发送的输入口令,将所述输入口令发送至认证服务器进行认证。 Receiving an input password sent by the user terminal, and transmitting the input password to an authentication server for authentication.
优选地,所述认证业务包括:静态密码认证业务、动态密码认证业务、USB Key认证业务、智能卡认证业务、数字证书认证业务、生物识别认证业务;Preferably, the authentication service includes: a static password authentication service, a dynamic password authentication service, a USB Key authentication service, a smart card authentication service, a digital certificate authentication service, and a biometric authentication service;
所述基于公有云的认证方法还包括:根据所述认证业务在所述安全认证中间件中扩展对应的接口,以通过所述接口与所述云计算资源池进行通信。The public cloud-based authentication method further includes: expanding a corresponding interface in the security authentication middleware according to the authentication service, to communicate with the cloud computing resource pool through the interface.
优选地,还包括:接收所述认证服务器返回的认证结果,并将所述认证结果发送给所述用户终端。Preferably, the method further includes: receiving an authentication result returned by the authentication server, and transmitting the authentication result to the user terminal.
此外,为实现上述目的,本发明还提供一种基于公有云的认证方法,应用于云计算资源池中,所述基于公有云的认证方法包括以下步骤:In addition, to achieve the above object, the present invention further provides a public cloud-based authentication method, which is applied to a cloud computing resource pool, and the public cloud-based authentication method includes the following steps:
接收安全认证中间件发送的查询对应所述认证业务的认证策略的查询指令,根据所述查询指令对所述云计算资源池中的资源进行查询;The query sent by the security authentication middleware corresponds to the query instruction of the authentication policy of the authentication service, and queries the resource in the cloud computing resource pool according to the query instruction;
当查询到对应的认证策略时,向所述安全认证中间件返回与所述认证策略对应的提示输入口令的信息。When the corresponding authentication policy is queried, the information indicating the password input corresponding to the authentication policy is returned to the security authentication middleware.
优选地,还包括:对每一认证业务的认证策略进行整合,将整合后的认证策略添加到所述云计算资源池的资源中。Preferably, the method further includes: integrating an authentication policy of each authentication service, and adding the integrated authentication policy to the resource of the cloud computing resource pool.
此外,为实现上述目的,本发明还提供一种安全认证中间件,所述安全认证中间件包括:In addition, in order to achieve the above object, the present invention further provides a security authentication middleware, where the security authentication middleware includes:
获取模块,设置为接收用户终端的认证请求,获取所述认证请求中的认证业务;An obtaining module, configured to receive an authentication request of the user terminal, and obtain an authentication service in the authentication request;
发送模块,设置为向云计算资源池发送对应所述认证业务的认证策略的查询指令;a sending module, configured to send, to the cloud computing resource pool, a query instruction corresponding to the authentication policy of the authentication service;
第一接收模块,设置为当云计算资源池查询到对应的认证策略时,接收所述云计算资源池发送的与所述认证策略对应的提示输入口令的信息,将所述提示输入口令的信息发送给所述用户终端;The first receiving module is configured to: when the cloud computing resource pool queries the corresponding authentication policy, receive information about the prompting password input corresponding to the authentication policy sent by the cloud computing resource pool, and input the information of the prompting password Sent to the user terminal;
第二接收模块,设置为接收所述用户终端发送的输入口令,将所述输入口令发送至认证服务器进行认证。The second receiving module is configured to receive the input password sent by the user terminal, and send the input password to the authentication server for authentication.
优选地,所述认证业务包括:静态密码认证业务、动态密码认证业务、USB Key认证业务、智能卡认证业务、数字证书认证业务、生物识别认证业务; Preferably, the authentication service includes: a static password authentication service, a dynamic password authentication service, a USB Key authentication service, a smart card authentication service, a digital certificate authentication service, and a biometric authentication service;
所述安全认证中间件还包括:扩展模块,设置为根据所述认证业务在所述安全认证中间件中扩展对应的接口,以通过所述接口与所述云计算资源池进行通信。The security authentication middleware further includes: an expansion module, configured to expand a corresponding interface in the security authentication middleware according to the authentication service, to communicate with the cloud computing resource pool through the interface.
优选地,所述安全认证中间件还包括:第三接收模块,设置为接收所述认证服务器返回的认证结果,并将所述认证结果发送给所述用户终端。Preferably, the security authentication middleware further includes: a third receiving module, configured to receive an authentication result returned by the authentication server, and send the authentication result to the user terminal.
此外,为实现上述目的,本发明还提供一种云计算资源池,所述云计算资源池包括:In addition, to achieve the above object, the present invention further provides a cloud computing resource pool, where the cloud computing resource pool includes:
查询模块,设置为接收安全认证中间件发送的查询对应所述认证业务的认证策略的查询指令,根据所述查询指令对所述云计算资源池中的资源进行查询;The querying module is configured to receive a query command sent by the security authentication middleware corresponding to the authentication policy of the authentication service, and query the resource in the cloud computing resource pool according to the query instruction;
返回模块,设置为当查询到对应的认证策略时,向所述安全认证中间件返回与所述认证策略对应的提示输入口令的信息。The returning module is configured to, when the corresponding authentication policy is queried, return information of the prompting input password corresponding to the authentication policy to the security authentication middleware.
优选地,所述云计算资源池还包括:Preferably, the cloud computing resource pool further includes:
添加模块,设置为对每一认证业务的认证策略进行整合,将整合后的认证策略添加到所述云计算资源池的资源中。The module is added to integrate the authentication policy of each authentication service, and the integrated authentication policy is added to the resource of the cloud computing resource pool.
本发明一种基于公有云的认证方法、安全认证中间件及云计算资源池,将安全认证与安全认证中间件及云计算资源池相结合,将现有技术的云安全认证中心作为云计算资源池的一部分,不需要云安全认证中心提供对应的数据库或者管理门户等,而是通过在安全认证中间件根据不同的认证业务扩展对应的接口,通过该接口与云计算资源池通信,在云计算资源池中,安全认证也作为服务的资源对用户开放,实现在云计算环境下的安全认证,对于个人或者企业越来越复杂的业务来说,能够提供丰富的各种安全认证服务。The invention provides a public cloud-based authentication method, a security authentication middleware and a cloud computing resource pool, and combines the security authentication with the security authentication middleware and the cloud computing resource pool, and uses the existing cloud security authentication center as a cloud computing resource. A part of the pool does not require the cloud security authentication center to provide a corresponding database or management portal. Instead, the security authentication middleware expands the corresponding interface according to different authentication services, and communicates with the cloud computing resource pool through the interface. In the resource pool, security authentication is also open to users as a service resource, enabling security authentication in a cloud computing environment, and providing a variety of security authentication services for individuals or enterprises with increasingly complex services.
附图说明DRAWINGS
图1为本发明基于公有云的认证方法第一实施例的流程示意图;1 is a schematic flowchart of a first embodiment of a public cloud-based authentication method according to the present invention;
图2为图1所示的云计算资源池、云计算资源池及用户终端之间交互的示意图;2 is a schematic diagram of interaction between a cloud computing resource pool, a cloud computing resource pool, and a user terminal shown in FIG. 1;
图3为本发明基于公有云的认证方法第二实施例的流程示意图;3 is a schematic flowchart of a second embodiment of a public cloud-based authentication method according to the present invention;
图4为本发明基于公有云的认证方法第三实施例的流程示意图;4 is a schematic flowchart of a third embodiment of a public cloud-based authentication method according to the present invention;
图5为本发明基于公有云的认证方法第四实施例的流程示意图; 5 is a schematic flowchart of a fourth embodiment of a public cloud-based authentication method according to the present invention;
图6为本发明基于公有云的认证方法第五实施例的流程示意图;6 is a schematic flowchart of a fifth embodiment of a public cloud-based authentication method according to the present invention;
图7为本发明安全认证中间件一实施例的功能模块示意图;7 is a schematic diagram of functional modules of an embodiment of a security authentication middleware according to the present invention;
图8为本发明云计算资源池一实施例的功能模块示意图。FIG. 8 is a schematic diagram of functional modules of an embodiment of a cloud computing resource pool according to the present invention.
本发明目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The implementation, functional features, and advantages of the present invention will be further described in conjunction with the embodiments.
具体实施方式detailed description
应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
本发明提供一种基于公有云的认证方法,应用于安全认证中间件中,参照图1,在一实施例中,该基于公有云的认证方法包括:The present invention provides a public cloud-based authentication method, which is applied to a security authentication middleware. Referring to FIG. 1, in an embodiment, the public cloud-based authentication method includes:
步骤S101,接收用户终端的认证请求,获取所述认证请求中的认证业务;Step S101: Receive an authentication request of the user terminal, and obtain an authentication service in the authentication request.
其中,中间件是一种独立的系统软件或服务程序,分布式应用软件借助中间件在不同的技术之间共享资源。对于相连接的系统,即使两者具有不同的接口,但仍能通过中间件相互交换信息。Among them, middleware is an independent system software or service program, and distributed application software uses middleware to share resources among different technologies. For connected systems, even if the two have different interfaces, they can exchange information with each other through the middleware.
在本实施例中,安全认证中间件为本实施例的安全认证所用。结合参阅图2,不同的用户具有的认证业务不相同,安全认证中间件与不同的用户终端进行通信,接收不同用户终端发送的认证请求。In this embodiment, the security authentication middleware is used for the security authentication of the embodiment. Referring to FIG. 2, different users have different authentication services, and the security authentication middleware communicates with different user terminals to receive authentication requests sent by different user terminals.
其中,认证请求中包括用户所请求的认证业务,安全认证中间件在接收认证请求后,可以根据认证请求得到用户的认证业务,如可以是静态密码认证业务、动态密码认证业务或USB Key认证业务等等。The authentication request includes the authentication service requested by the user. After receiving the authentication request, the security authentication middleware can obtain the authentication service of the user according to the authentication request, such as a static password authentication service, a dynamic password authentication service, or a USB Key authentication service. and many more.
步骤S102,向云计算资源池发送对应所述认证业务的认证策略的查询指令;Step S102, sending a query instruction corresponding to the authentication policy of the authentication service to the cloud computing resource pool;
本实施例中,根据不同的认证业务在安全认证中间件扩展对应的接口,使得安全认证中间件在获取用户的认证业务后,可以通过对应的接口将认证业务的查询指令发送给云计算资源池。In this embodiment, the corresponding authentication service is extended to the corresponding interface in the security authentication middleware, so that after obtaining the authentication service of the user, the security authentication middleware can send the query instruction of the authentication service to the cloud computing resource pool through the corresponding interface. .
本实施例中,认证策略为在云计算资源池中的资源的一小部分,其具体为与认证业务对应的认证方法,如静态密码认证的认证方法或者静态密码认证的认证方法等。 In this embodiment, the authentication policy is a small part of the resources in the cloud computing resource pool, which is specifically an authentication method corresponding to the authentication service, such as an authentication method of static password authentication or an authentication method of static password authentication.
步骤S103,当云计算资源池查询到对应的认证策略时,接收所述云计算资源池发送的与所述认证策略对应的提示输入口令的信息,将所述提示输入口令的信息发送给所述用户终端;In step S103, when the cloud computing resource pool queries the corresponding authentication policy, the information about the prompt input password corresponding to the authentication policy sent by the cloud computing resource pool is received, and the prompting input password information is sent to the User terminal
本实施例中,云计算资源池中预先增加不同的认证业务安全认证所需的相关表、相关的页面等,获取不同的认证业务的认证策略,并将其综合为云计算资源池的资源。In this embodiment, the related computing tables and related pages required for the authentication of the authentication service are added in advance in the cloud computing resource pool, and the authentication policies of different authentication services are obtained and integrated into the resources of the cloud computing resource pool.
本实施例中,云计算资源池接收到查询指令后,查询与认证业务对应的认证策略。当查询到对应的认证策略时,云计算资源池将与认证策略对应的提示输入口令的信息发送给安全认证中间件,并由安全认证中间件将提示输入口令的信息转发给用户终端。In this embodiment, after receiving the query instruction, the cloud computing resource pool queries the authentication policy corresponding to the authentication service. When the corresponding authentication policy is queried, the cloud computing resource pool sends the information indicating the password input corresponding to the authentication policy to the security authentication middleware, and the security authentication middleware forwards the information indicating the password input to the user terminal.
例如,用户终端需要进行动态密码认证,则云计算资源池查询到动态密码认证的认证策略时,将动态密码认证需要输入的动态口令的提示信息发送给安全认证中间件。For example, when the user terminal needs dynamic password authentication, the cloud computing resource pool sends the prompt information of the dynamic password that needs to be input to the dynamic authentication middleware when the dynamic password authentication authentication policy is queried.
步骤S104,接收所述用户终端发送的输入口令,将所述输入口令发送至认证服务器进行认证。Step S104: Receive an input password sent by the user terminal, and send the input password to an authentication server for authentication.
其中,在安全认证中间件将提示输入口令的信息转发给用户终端后,用户根据该信息输入一输入口令,并将输入的输入口令发送给安全认证中间件,由安全认证中间件将输入口令发送给认证服务器进行认证。After the security authentication middleware forwards the information indicating the input password to the user terminal, the user inputs an input password according to the information, and sends the input input password to the security authentication middleware, and the security authentication middleware sends the input password. Authenticate the authentication server.
与现有技术相比,本实施例将安全认证与安全认证中间件及云计算资源池相结,将现有技术的云安全认证中心作为云计算资源池的一部分,不需要云安全认证中心提供对应的数据库或者管理门户等,而是在云计算资源池的数据库中增加安全认证的相关表、在云计算资源池的管理门户中增加安全认证的相关页面,也就是说安全认证也作为服务的资源对用户开放,对于个人或者企业越来越复杂的业务来说,能够提供丰富的各种安全认证服务。Compared with the prior art, the embodiment combines the security authentication with the security authentication middleware and the cloud computing resource pool, and the prior art cloud security authentication center is used as a part of the cloud computing resource pool, and does not need to be provided by the cloud security certification center. Corresponding database or management portal, etc., but add a related table of security authentication in the database of the cloud computing resource pool, and add relevant pages of security authentication in the management portal of the cloud computing resource pool, that is, security authentication is also used as a service. Resources are open to users, and they can provide a variety of security authentication services for individuals or businesses that are increasingly complex.
另外,在本实施例中,安全认证中间件能够屏蔽安全认证厂商的安全认证设备的不同,使用户面对是一种具体的安全认证服务而不是繁杂的安全认证设备;安全认证中间件还可以通过扩展不同厂商的安全认证设备的接口来增加安全认证的服务数量,使其能够提供丰富的安全认证服务,满足用户多样性的安全认证需求。In addition, in this embodiment, the security authentication middleware can shield the security authentication device from different security authentication devices, so that the user faces a specific security authentication service instead of a complicated security authentication device; the security authentication middleware can also By expanding the interfaces of security certification devices of different vendors to increase the number of security authentication services, it can provide rich security authentication services to meet the diverse security authentication requirements of users.
在一优选的实施例中,如图3所示,在上述图1的实施例的基础上,本实施例还包括:In a preferred embodiment, as shown in FIG. 3, based on the foregoing embodiment of FIG. 1, the embodiment further includes:
步骤S100,根据所述认证业务在所述安全认证中间件中扩展对应的接口,以通过所述接口与所述云计算资源池进行通信,其中,认证业务包括:静态密码认证业务、 动态密码认证业务、USB Key认证业务、智能卡认证业务、数字证书认证业务、生物识别认证业务。In step S100, the corresponding interface is extended in the security authentication middleware according to the authentication service, so as to communicate with the cloud computing resource pool through the interface, where the authentication service includes: a static password authentication service, Dynamic password authentication service, USB Key authentication service, smart card authentication service, digital certificate authentication service, and biometric authentication service.
本实施例的步骤S100可以位于步骤S101之前或者步骤S101与步骤S102之间。Step S100 of this embodiment may be located before step S101 or between step S101 and step S102.
在本实施例中,由于根据认证业务在安全认证中间件中扩展对应的接口,因此,安全认证中间件在进行安全认证时支持统一的通信方式和消息结构,还能够屏蔽不同安全认证设备厂商的安全认证能力的不同。当需要对一个新的安全认证能力进行支持时,安全认证中间件只要基于该安全认证能力提供对应的独立接口,就可以采用统一的通信方式和消息结构与云计算资源池进行交互,并由管理员在管理门户中进行该安全认证能力的添加即可。In this embodiment, since the corresponding interface is extended in the security authentication middleware according to the authentication service, the security authentication middleware supports a unified communication mode and message structure when performing security authentication, and can also shield different security authentication device vendors. The difference in security certification capabilities. When a new security authentication capability needs to be supported, the security authentication middleware can provide a corresponding independent interface based on the security authentication capability, and can interact with the cloud computing resource pool by using a unified communication mode and message structure, and is managed by The ability to add this security authentication capability to the management portal is sufficient.
在一优选的实施例中,如图4所示,在上述图1的实施例的基础上,本实施例还包括:In a preferred embodiment, as shown in FIG. 4, based on the foregoing embodiment of FIG. 1, the embodiment further includes:
步骤S105,接收所述认证服务器返回的认证结果,并将所述认证结果发送给所述用户终端。Step S105: Receive an authentication result returned by the authentication server, and send the authentication result to the user terminal.
本实施例中,认证服务器接收安全认证中间件发送的输入口令,将该输入口令与预存在认证服务器中的口令进行匹配,当匹配成功时,将匹配成功的认证结果发送给安全认证中间件,安全认证中间件再将其发送给用户终端进行显示。若匹配不成功,则认证服务器也将匹配失败的认证结果发送给认证服务器,安全认证中间件再将其发送给用户终端。In this embodiment, the authentication server receives the input password sent by the security authentication middleware, and matches the input password with the password in the pre-existing authentication server. When the matching is successful, the matching authentication result is sent to the security authentication middleware. The security authentication middleware then sends it to the user terminal for display. If the match is unsuccessful, the authentication server also sends the authentication result that matches the failure to the authentication server, and the security authentication middleware sends it to the user terminal.
本发明还提供另一种基于公有云的认证方法,应用于云计算资源池中,参照图5,在一实施例中,该基于公有云的认证方法包括:The present invention also provides another public cloud-based authentication method, which is applied to a cloud computing resource pool. Referring to FIG. 5, in an embodiment, the public cloud-based authentication method includes:
步骤S201,接收安全认证中间件发送的查询对应所述认证业务的认证策略的查询指令,根据所述查询指令对所述云计算资源池中的资源进行查询;Step S201, receiving a query instruction sent by the security authentication middleware corresponding to the authentication policy of the authentication service, and querying resources in the cloud computing resource pool according to the query instruction;
本实施例中,云计算资源池接收安全认证中间件的查询指令,认证策略为在云计算资源池中的资源的一小部分,其具体为与认证业务对应的认证方法,如静态密码认证的认证方法或者静态密码认证的认证方法等。In this embodiment, the cloud computing resource pool receives the query instruction of the security authentication middleware, and the authentication policy is a small part of the resource in the cloud computing resource pool, which is specifically an authentication method corresponding to the authentication service, such as static password authentication. Authentication method or authentication method for static password authentication.
本实施例中,云计算资源池中预先增加不同的认证业务安全认证所需的相关表、相关的页面等,获取不同的认证业务的认证策略,并将其综合为云计算资源池的资源。In this embodiment, the related computing tables and related pages required for the authentication of the authentication service are added in advance in the cloud computing resource pool, and the authentication policies of different authentication services are obtained and integrated into the resources of the cloud computing resource pool.
本实施例中,云计算资源池接收到查询指令后,查询与认证业务对应的认证策略。 In this embodiment, after receiving the query instruction, the cloud computing resource pool queries the authentication policy corresponding to the authentication service.
步骤S202,当查询到对应的认证策略时,向所述安全认证中间件返回与所述认证策略对应的提示输入口令的信息。In step S202, when the corresponding authentication policy is queried, the information indicating the password input corresponding to the authentication policy is returned to the security authentication middleware.
当查询到对应的认证策略时,云计算资源池将与认证策略对应的提示输入口令的信息发送给安全认证中间件,以由安全认证中间件将提示输入口令的信息转发给用户终端。When the corresponding authentication policy is queried, the cloud computing resource pool sends the information indicating the password input corresponding to the authentication policy to the security authentication middleware, so that the security authentication middleware forwards the information prompting the input password to the user terminal.
例如,用户终端需要进行动态密码认证,则云计算资源池查询到动态密码认证的认证策略时,将动态密码认证需要输入的动态口令的提示信息发送给安全认证中间件。For example, when the user terminal needs dynamic password authentication, the cloud computing resource pool sends the prompt information of the dynamic password that needs to be input to the dynamic authentication middleware when the dynamic password authentication authentication policy is queried.
在一优选的实施例中,如图6所示,在上述图5的实施例的基础上,本实施例还包括:In a preferred embodiment, as shown in FIG. 6, on the basis of the foregoing embodiment of FIG. 5, the embodiment further includes:
步骤S200,对每一认证业务的认证策略进行整合,将整合后的认证策略添加到所述云计算资源池的资源中。In step S200, the authentication policy of each authentication service is integrated, and the integrated authentication policy is added to the resources of the cloud computing resource pool.
在本实施例中,云计算资源池中预先增加不同的认证业务安全认证所需的相关表、相关的页面等,获取不同的认证业务的认证策略,并将其综合并添加为云计算资源池的资源。In this embodiment, a related table, a related page, and the like required for different authentication service security authentications are added in advance in the cloud computing resource pool, and authentication policies of different authentication services are obtained, and are integrated and added as a cloud computing resource pool. resource of.
本发明还提供另一种安全认证中间件,参照图7,在一实施例中,该安全认证中间件包括:The present invention also provides another security authentication middleware. Referring to FIG. 7, in an embodiment, the security authentication middleware includes:
获取模块101,设置为接收用户终端的认证请求,获取所述认证请求中的认证业务;The obtaining module 101 is configured to receive an authentication request of the user terminal, and obtain an authentication service in the authentication request.
其中,中间件是一种独立的系统软件或服务程序,分布式应用软件借助中间件在不同的技术之间共享资源。对于相连接的系统,即使两者具有不同的接口,但仍能通过中间件相互交换信息。Among them, middleware is an independent system software or service program, and distributed application software uses middleware to share resources among different technologies. For connected systems, even if the two have different interfaces, they can exchange information with each other through the middleware.
在本实施例中,安全认证中间件为本实施例的安全认证所用。结合参阅图2,不同的用户具有的认证业务不相同,安全认证中间件与不同的用户终端进行通信,接收不同用户终端发送的认证请求。In this embodiment, the security authentication middleware is used for the security authentication of the embodiment. Referring to FIG. 2, different users have different authentication services, and the security authentication middleware communicates with different user terminals to receive authentication requests sent by different user terminals.
其中,认证请求中包括用户所请求的认证业务,安全认证中间件在接收认证请求后,可以根据认证请求得到用户的认证业务,如可以是静态密码认证业务、动态密码认证业务或USB Key认证业务等等。 The authentication request includes the authentication service requested by the user. After receiving the authentication request, the security authentication middleware can obtain the authentication service of the user according to the authentication request, such as a static password authentication service, a dynamic password authentication service, or a USB Key authentication service. and many more.
发送模块102,设置为向云计算资源池发送对应所述认证业务的认证策略的查询指令;The sending module 102 is configured to send, to the cloud computing resource pool, a query instruction corresponding to the authentication policy of the authentication service;
本实施例中,根据不同的认证业务在安全认证中间件扩展对应的接口,使得安全认证中间件在获取用户的认证业务后,可以通过对应的接口将认证业务的查询指令发送给云计算资源池。In this embodiment, the corresponding authentication service is extended to the corresponding interface in the security authentication middleware, so that after obtaining the authentication service of the user, the security authentication middleware can send the query instruction of the authentication service to the cloud computing resource pool through the corresponding interface. .
本实施例中,认证策略为在云计算资源池中的资源的一小部分,其具体为与认证业务对应的认证方法,如静态密码认证的认证方法或者静态密码认证的认证方法等。In this embodiment, the authentication policy is a small part of the resources in the cloud computing resource pool, which is specifically an authentication method corresponding to the authentication service, such as an authentication method of static password authentication or an authentication method of static password authentication.
第一接收模块103,设置为当云计算资源池查询到对应的认证策略时,接收所述云计算资源池发送的与所述认证策略对应的提示输入口令的信息,将所述提示输入口令的信息发送给所述用户终端;The first receiving module 103 is configured to: when the cloud computing resource pool queries the corresponding authentication policy, receive the information of the prompting input password corresponding to the authentication policy sent by the cloud computing resource pool, and input the prompt into the password Sending information to the user terminal;
本实施例中,云计算资源池中预先增加不同的认证业务安全认证所需的相关表、相关的页面等,获取不同的认证业务的认证策略,并将其综合为云计算资源池的资源。In this embodiment, the related computing tables and related pages required for the authentication of the authentication service are added in advance in the cloud computing resource pool, and the authentication policies of different authentication services are obtained and integrated into the resources of the cloud computing resource pool.
本实施例中,云计算资源池接收到查询指令后,查询与认证业务对应的认证策略。当查询到对应的认证策略时,云计算资源池将与认证策略对应的提示输入口令的信息发送给安全认证中间件,并由安全认证中间件将提示输入口令的信息转发给用户终端。In this embodiment, after receiving the query instruction, the cloud computing resource pool queries the authentication policy corresponding to the authentication service. When the corresponding authentication policy is queried, the cloud computing resource pool sends the information indicating the password input corresponding to the authentication policy to the security authentication middleware, and the security authentication middleware forwards the information indicating the password input to the user terminal.
例如,用户终端需要进行动态密码认证,则云计算资源池查询到动态密码认证的认证策略时,将动态密码认证需要输入的动态口令的提示信息发送给安全认证中间件。For example, when the user terminal needs dynamic password authentication, the cloud computing resource pool sends the prompt information of the dynamic password that needs to be input to the dynamic authentication middleware when the dynamic password authentication authentication policy is queried.
第二接收模块104,设置为接收所述用户终端发送的输入口令,将所述输入口令发送至认证服务器进行认证。The second receiving module 104 is configured to receive an input password sent by the user terminal, and send the input password to an authentication server for authentication.
其中,在安全认证中间件将提示输入口令的信息转发给用户终端后,用户根据该信息输入一输入口令,并将输入的输入口令发送给安全认证中间件,由安全认证中间件将输入口令发送给认证服务器进行认证。After the security authentication middleware forwards the information indicating the input password to the user terminal, the user inputs an input password according to the information, and sends the input input password to the security authentication middleware, and the security authentication middleware sends the input password. Authenticate the authentication server.
在一优选的实施例中,在上述图7的实施例的基础上,安全认证中间件还包括:扩展模块,设置为根据所述认证业务在所述安全认证中间件中扩展对应的接口,以通过所述接口与所述云计算资源池进行通信。In a preferred embodiment, based on the foregoing embodiment of FIG. 7, the security authentication middleware further includes: an expansion module, configured to expand a corresponding interface in the security authentication middleware according to the authentication service, to Communicating with the cloud computing resource pool through the interface.
其中,认证业务包括:静态密码认证业务、动态密码认证业务、USB Key认证业务、智能卡认证业务、数字证书认证业务、生物识别认证业务。 The authentication service includes: static password authentication service, dynamic password authentication service, USB Key authentication service, smart card authentication service, digital certificate authentication service, and biometric authentication service.
在本实施例中,由于根据认证业务在安全认证中间件中扩展对应的接口,因此,安全认证中间件在进行安全认证时支持统一的通信方式和消息结构,还能够屏蔽不同安全认证设备厂商的安全认证能力的不同。当需要对一个新的安全认证能力进行支持时,安全认证中间件只要基于该安全认证能力提供对应的独立接口,就可以采用统一的通信方式和消息结构与云计算资源池进行交互,并由管理员在管理门户中进行该安全认证能力的添加即可。In this embodiment, since the corresponding interface is extended in the security authentication middleware according to the authentication service, the security authentication middleware supports a unified communication mode and message structure when performing security authentication, and can also shield different security authentication device vendors. The difference in security certification capabilities. When a new security authentication capability needs to be supported, the security authentication middleware can provide a corresponding independent interface based on the security authentication capability, and can interact with the cloud computing resource pool by using a unified communication mode and message structure, and is managed by The ability to add this security authentication capability to the management portal is sufficient.
在一优选的实施例中,在上述图7的实施例的基础上,安全认证中间件还包括:第三接收模块,设置为接收所述认证服务器返回的认证结果,并将所述认证结果发送给所述用户终端。In a preferred embodiment, based on the foregoing embodiment of FIG. 7, the security authentication middleware further includes: a third receiving module, configured to receive an authentication result returned by the authentication server, and send the authentication result To the user terminal.
本实施例中,认证服务器接收安全认证中间件发送的输入口令,将该输入口令与预存在认证服务器中的口令进行匹配,当匹配成功时,将匹配成功的认证结果发送给安全认证中间件,安全认证中间件再将其发送给用户终端进行显示。若匹配不成功,则认证服务器也将匹配失败的认证结果发送给认证服务器,安全认证中间件再将其发送给用户终端。In this embodiment, the authentication server receives the input password sent by the security authentication middleware, and matches the input password with the password in the pre-existing authentication server. When the matching is successful, the matching authentication result is sent to the security authentication middleware. The security authentication middleware then sends it to the user terminal for display. If the match is unsuccessful, the authentication server also sends the authentication result that matches the failure to the authentication server, and the security authentication middleware sends it to the user terminal.
本发明还提供一种云计算资源池,参照图8,在一实施例中,该云计算资源池包括:The present invention further provides a cloud computing resource pool. Referring to FIG. 8, in an embodiment, the cloud computing resource pool includes:
查询模块201,设置为接收安全认证中间件发送的查询对应所述认证业务的认证策略的查询指令,根据所述查询指令对所述云计算资源池中的资源进行查询;The querying module 201 is configured to receive a query command sent by the security authentication middleware and query the authentication policy of the authentication service, and query the resource in the cloud computing resource pool according to the query instruction;
本实施例中,云计算资源池接收安全认证中间件的查询指令,认证策略为在云计算资源池中的资源的一小部分,其具体为与认证业务对应的认证方法,如静态密码认证的认证方法或者静态密码认证的认证方法等。In this embodiment, the cloud computing resource pool receives the query instruction of the security authentication middleware, and the authentication policy is a small part of the resource in the cloud computing resource pool, which is specifically an authentication method corresponding to the authentication service, such as static password authentication. Authentication method or authentication method for static password authentication.
本实施例中,云计算资源池中预先增加不同的认证业务安全认证所需的相关表、相关的页面等,获取不同的认证业务的认证策略,并将其综合为云计算资源池的资源。In this embodiment, the related computing tables and related pages required for the authentication of the authentication service are added in advance in the cloud computing resource pool, and the authentication policies of different authentication services are obtained and integrated into the resources of the cloud computing resource pool.
本实施例中,云计算资源池接收到查询指令后,查询与认证业务对应的认证策略。In this embodiment, after receiving the query instruction, the cloud computing resource pool queries the authentication policy corresponding to the authentication service.
返回模块202,设置为当查询到对应的认证策略时,向所述安全认证中间件返回与所述认证策略对应的提示输入口令的信息。The returning module 202 is configured to, when the corresponding authentication policy is queried, return information of the prompting input password corresponding to the authentication policy to the security authentication middleware.
当查询到对应的认证策略时,云计算资源池将与认证策略对应的提示输入口令的信息发送给安全认证中间件,以由安全认证中间件将提示输入口令的信息转发给用户终端。 When the corresponding authentication policy is queried, the cloud computing resource pool sends the information indicating the password input corresponding to the authentication policy to the security authentication middleware, so that the security authentication middleware forwards the information prompting the input password to the user terminal.
例如,用户终端需要进行动态密码认证,则云计算资源池查询到动态密码认证的认证策略时,将动态密码认证需要输入的动态口令的提示信息发送给安全认证中间件。For example, when the user terminal needs dynamic password authentication, the cloud computing resource pool sends the prompt information of the dynamic password that needs to be input to the dynamic authentication middleware when the dynamic password authentication authentication policy is queried.
在一优选的实施例中,在上述图8的实施例的基础上,云计算资源池还包括:添加模块,设置为对每一认证业务的认证策略进行整合,将整合后的认证策略添加到所述云计算资源池的资源中。In a preferred embodiment, based on the foregoing embodiment of FIG. 8, the cloud computing resource pool further includes: an adding module, configured to integrate an authentication policy of each authentication service, and add the integrated authentication policy to the The resource of the cloud computing resource pool.
在本实施例中,云计算资源池中预先增加不同的认证业务安全认证所需的相关表、相关的页面等,获取不同的认证业务的认证策略,并将其综合并添加为云计算资源池的资源。In this embodiment, a related table, a related page, and the like required for different authentication service security authentications are added in advance in the cloud computing resource pool, and authentication policies of different authentication services are obtained, and are integrated and added as a cloud computing resource pool. resource of.
以上仅为本发明的优选实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。The above are only the preferred embodiments of the present invention, and are not intended to limit the scope of the invention, and the equivalent structure or equivalent process transformations made by the description of the present invention and the drawings are directly or indirectly applied to other related technical fields. The same is included in the scope of patent protection of the present invention.
工业实用性Industrial applicability
如上所述,本发明实施例提供的一种基于公有云的认证方法、安全认证中间件及云计算资源池具有以下有益效果:将现有技术的云安全认证中心作为云计算资源池的一部分,不需要云安全认证中心提供对应的数据库或者管理门户等,而是通过在安全认证中间件根据不同的认证业务扩展对应的接口,通过该接口与云计算资源池通信,在云计算资源池中,安全认证也作为服务的资源对用户开放,实现在云计算环境下的安全认证,对于个人或者企业越来越复杂的业务来说,能够提供丰富的各种安全认证服务。 As described above, the public cloud-based authentication method, the security authentication middleware, and the cloud computing resource pool provided by the embodiments of the present invention have the following beneficial effects: the prior art cloud security authentication center is used as a part of the cloud computing resource pool. The cloud security authentication center does not need to provide a corresponding database or management portal. Instead, the security authentication middleware expands the corresponding interface according to different authentication services, and communicates with the cloud computing resource pool through the interface, in the cloud computing resource pool. Security authentication is also open to users as a service resource, enabling security authentication in a cloud computing environment, and providing a wide variety of security authentication services for individuals or businesses with increasingly complex services.

Claims (10)

  1. 一种基于公有云的认证方法,应用于安全认证中间件中,所述基于公有云的认证方法包括以下步骤:A public cloud-based authentication method is applied to a security authentication middleware, and the public cloud-based authentication method includes the following steps:
    接收用户终端的认证请求,获取所述认证请求中的认证业务;Receiving an authentication request of the user terminal, and acquiring an authentication service in the authentication request;
    向云计算资源池发送对应所述认证业务的认证策略的查询指令;Sending, by the cloud computing resource pool, a query instruction corresponding to the authentication policy of the authentication service;
    当云计算资源池查询到对应的认证策略时,接收所述云计算资源池发送的与所述认证策略对应的提示输入口令的信息,将所述提示输入口令的信息发送给所述用户终端;When the cloud computing resource pool queries the corresponding authentication policy, the information about the prompting password input corresponding to the authentication policy sent by the cloud computing resource pool is received, and the prompting input password information is sent to the user terminal;
    接收所述用户终端发送的输入口令,将所述输入口令发送至认证服务器进行认证。Receiving an input password sent by the user terminal, and transmitting the input password to an authentication server for authentication.
  2. 如权利要求1所述的基于公有云的认证方法,其中,所述认证业务包括:静态密码认证业务、动态密码认证业务、USB Key认证业务、智能卡认证业务、数字证书认证业务、生物识别认证业务;The public cloud-based authentication method according to claim 1, wherein the authentication service comprises: a static password authentication service, a dynamic password authentication service, a USB Key authentication service, a smart card authentication service, a digital certificate authentication service, and a biometric authentication service. ;
    所述基于公有云的认证方法还包括:根据所述认证业务在所述安全认证中间件中扩展对应的接口,以通过所述接口与所述云计算资源池进行通信。The public cloud-based authentication method further includes: expanding a corresponding interface in the security authentication middleware according to the authentication service, to communicate with the cloud computing resource pool through the interface.
  3. 如权利要求1或2所述的基于公有云的认证方法,其中,所述基于公有云的认证方法还包括:接收所述认证服务器返回的认证结果,并将所述认证结果发送给所述用户终端。The public cloud-based authentication method according to claim 1 or 2, wherein the public cloud-based authentication method further comprises: receiving an authentication result returned by the authentication server, and transmitting the authentication result to the user terminal.
  4. 一种基于公有云的认证方法,应用于云计算资源池中,所述基于公有云的认证方法包括以下步骤:A public cloud-based authentication method is applied to a cloud computing resource pool, and the public cloud-based authentication method includes the following steps:
    接收安全认证中间件发送的查询对应所述认证业务的认证策略的查询指令,根据所述查询指令对所述云计算资源池中的资源进行查询;The query sent by the security authentication middleware corresponds to the query instruction of the authentication policy of the authentication service, and queries the resource in the cloud computing resource pool according to the query instruction;
    当查询到对应的认证策略时,向所述安全认证中间件返回与所述认证策略对应的提示输入口令的信息。When the corresponding authentication policy is queried, the information indicating the password input corresponding to the authentication policy is returned to the security authentication middleware.
  5. 如权利要求4所述的基于公有云的认证方法,其中,所述基于公有云的认证方法还包括:对每一认证业务的认证策略进行整合,将整合后的认证策略添加到所述云计算资源池的资源中。 The public cloud-based authentication method according to claim 4, wherein the public cloud-based authentication method further comprises: integrating an authentication policy of each authentication service, and adding the integrated authentication policy to the cloud computing In the resource pool's resources.
  6. 一种安全认证中间件,所述安全认证中间件包括:A security authentication middleware, the security authentication middleware includes:
    获取模块,设置为接收用户终端的认证请求,获取所述认证请求中的认证业务;An obtaining module, configured to receive an authentication request of the user terminal, and obtain an authentication service in the authentication request;
    发送模块,设置为向云计算资源池发送对应所述认证业务的认证策略的查询指令;a sending module, configured to send, to the cloud computing resource pool, a query instruction corresponding to the authentication policy of the authentication service;
    第一接收模块,设置为当云计算资源池查询到对应的认证策略时,接收所述云计算资源池发送的与所述认证策略对应的提示输入口令的信息,将所述提示输入口令的信息发送给所述用户终端;The first receiving module is configured to: when the cloud computing resource pool queries the corresponding authentication policy, receive information about the prompting password input corresponding to the authentication policy sent by the cloud computing resource pool, and input the information of the prompting password Sent to the user terminal;
    第二接收模块,设置为接收所述用户终端发送的输入口令,将所述输入口令发送至认证服务器进行认证。The second receiving module is configured to receive the input password sent by the user terminal, and send the input password to the authentication server for authentication.
  7. 如权利要求6所述的安全认证中间件,其中,所述认证业务包括:静态密码认证业务、动态密码认证业务、USB Key认证业务、智能卡认证业务、数字证书认证业务、生物识别认证业务;The security authentication middleware according to claim 6, wherein the authentication service comprises: a static password authentication service, a dynamic password authentication service, a USB Key authentication service, a smart card authentication service, a digital certificate authentication service, and a biometric authentication service;
    所述安全认证中间件还包括:扩展模块,设置为根据所述认证业务在所述安全认证中间件中扩展对应的接口,以通过所述接口与所述云计算资源池进行通信。The security authentication middleware further includes: an expansion module, configured to expand a corresponding interface in the security authentication middleware according to the authentication service, to communicate with the cloud computing resource pool through the interface.
  8. 如权利要求6或7所述的安全认证中间件,其中,所述安全认证中间件还包括:第三接收模块,设置为接收所述认证服务器返回的认证结果,并将所述认证结果发送给所述用户终端。The security authentication middleware according to claim 6 or 7, wherein the security authentication middleware further comprises: a third receiving module, configured to receive an authentication result returned by the authentication server, and send the authentication result to The user terminal.
  9. 一种云计算资源池,所述云计算资源池包括:A cloud computing resource pool, the cloud computing resource pool includes:
    查询模块,设置为接收安全认证中间件发送的查询对应所述认证业务的认证策略的查询指令,根据所述查询指令对所述云计算资源池中的资源进行查询;The querying module is configured to receive a query command sent by the security authentication middleware corresponding to the authentication policy of the authentication service, and query the resource in the cloud computing resource pool according to the query instruction;
    返回模块,设置为当查询到对应的认证策略时,向所述安全认证中间件返回与所述认证策略对应的提示输入口令的信息。The returning module is configured to, when the corresponding authentication policy is queried, return information of the prompting input password corresponding to the authentication policy to the security authentication middleware.
  10. 如权利要求9所述的云计算资源池,其中,所述云计算资源池还包括:The cloud computing resource pool of claim 9, wherein the cloud computing resource pool further comprises:
    添加模块,设置为对每一认证业务的认证策略进行整合,将整合后的认证策略添加到所述云计算资源池的资源中。 The module is added to integrate the authentication policy of each authentication service, and the integrated authentication policy is added to the resource of the cloud computing resource pool.
PCT/CN2014/089596 2014-06-12 2014-10-27 Public cloud-based authentication method, security authentication middleware and cloud computing resource pool WO2015188568A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410262163.7 2014-06-12
CN201410262163.7A CN105207970B (en) 2014-06-12 2014-06-12 Authentication method, safety certification middleware and cloud computing resource pool based on public cloud

Publications (1)

Publication Number Publication Date
WO2015188568A1 true WO2015188568A1 (en) 2015-12-17

Family

ID=54832833

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/089596 WO2015188568A1 (en) 2014-06-12 2014-10-27 Public cloud-based authentication method, security authentication middleware and cloud computing resource pool

Country Status (2)

Country Link
CN (1) CN105207970B (en)
WO (1) WO2015188568A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105208012A (en) * 2015-08-31 2015-12-30 武汉云通英飞科技有限公司 Cloud computing-based cloud authentication method and system
CN109547217A (en) * 2019-01-11 2019-03-29 北京中实信达科技有限公司 One-to-many identity authorization system and method based on dynamic password

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106411941B (en) * 2016-11-24 2019-05-07 济南浪潮高新科技投资发展有限公司 Safety certification resource allocation and management method under a kind of cloud environment
CN108345801B (en) * 2018-02-09 2021-09-28 南京邮电大学 Ciphertext database-oriented middleware dynamic user authentication method and system
CN113992740B (en) * 2021-10-26 2024-03-22 超越科技股份有限公司 Middleware based on autonomous control and data transmission method
CN114070592A (en) * 2021-11-09 2022-02-18 乐美科技股份私人有限公司 Resource downloading method, device, terminal and server

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102045353A (en) * 2010-12-13 2011-05-04 北京交通大学 Distributed network security control method of public cloud service
CN103023986A (en) * 2012-11-27 2013-04-03 中国电信股份有限公司云计算分公司 System and method for providing relational database management system (RDBMS) services for multiple users
CN103401688A (en) * 2013-08-09 2013-11-20 中国人民解放军理工大学 Message-oriented middleware transmission integration system based on Eucalyptus cloud platform
WO2013179383A1 (en) * 2012-05-29 2013-12-05 株式会社日立システムズ Cloud security management system
US20140123028A1 (en) * 2012-10-27 2014-05-01 Kiran Kamity Comprehensive multimedia management platform
CN103780584A (en) * 2012-10-22 2014-05-07 上海俊悦智能科技有限公司 Cloud computing-based identity authentication fusion method

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120072972A1 (en) * 2010-09-20 2012-03-22 Microsoft Corporation Secondary credentials for batch system
CN102681899B (en) * 2011-03-14 2015-06-10 金剑 Virtual computing resource dynamic management system of cloud computing service platform
CN102185864B (en) * 2011-05-13 2014-12-24 北京星网锐捷网络技术有限公司 Security authentication strategy configuration method, device and system
CN202455386U (en) * 2011-12-13 2012-09-26 杭州晟元芯片技术有限公司 Safety system for cloud storage
CN102647432B (en) * 2012-05-17 2016-04-20 湖南神州祥网科技有限公司 A kind of authentication information transmission method, device and certification middleware
CN102752319B (en) * 2012-07-31 2015-02-11 广州市品高软件开发有限公司 Cloud computing secure access method, device and system
CN103095720B (en) * 2013-01-30 2016-03-23 中国科学院自动化研究所 A kind of method for managing security of cloud storage system of dialogue-based management server
CN103428298A (en) * 2013-08-30 2013-12-04 华南理工大学 Multi-party e-mail attachment sharing management method based on Cloud storage

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102045353A (en) * 2010-12-13 2011-05-04 北京交通大学 Distributed network security control method of public cloud service
WO2013179383A1 (en) * 2012-05-29 2013-12-05 株式会社日立システムズ Cloud security management system
CN103780584A (en) * 2012-10-22 2014-05-07 上海俊悦智能科技有限公司 Cloud computing-based identity authentication fusion method
US20140123028A1 (en) * 2012-10-27 2014-05-01 Kiran Kamity Comprehensive multimedia management platform
CN103023986A (en) * 2012-11-27 2013-04-03 中国电信股份有限公司云计算分公司 System and method for providing relational database management system (RDBMS) services for multiple users
CN103401688A (en) * 2013-08-09 2013-11-20 中国人民解放军理工大学 Message-oriented middleware transmission integration system based on Eucalyptus cloud platform

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105208012A (en) * 2015-08-31 2015-12-30 武汉云通英飞科技有限公司 Cloud computing-based cloud authentication method and system
CN109547217A (en) * 2019-01-11 2019-03-29 北京中实信达科技有限公司 One-to-many identity authorization system and method based on dynamic password
CN109547217B (en) * 2019-01-11 2021-10-22 北京中实信达科技有限公司 One-to-many identity authentication system and method based on dynamic password

Also Published As

Publication number Publication date
CN105207970A (en) 2015-12-30
CN105207970B (en) 2019-09-27

Similar Documents

Publication Publication Date Title
US11736469B2 (en) Single sign-on enabled OAuth token
US11089023B2 (en) Computer readable storage media for tiered connection pooling and methods and systems for utilizing same
WO2015188568A1 (en) Public cloud-based authentication method, security authentication middleware and cloud computing resource pool
WO2020151322A1 (en) Identity management method, apparatus and device based on blockchain, and storage medium
US10484385B2 (en) Accessing an application through application clients and web browsers
US9787659B2 (en) Techniques for secure access management in virtual environments
US10320773B2 (en) Validation for requests
EP2963884B1 (en) Bidirectional authorization system, client and method
CN111212075B (en) Service request processing method and device, electronic equipment and computer storage medium
US11570165B2 (en) Single sign-on service authentication through a voice assistant
US10091179B2 (en) User authentication framework
US20130269007A1 (en) Authentication system, authentication server, service providing server, authentication method, and computer-readable recording medium
AU2017275376B2 (en) Method and apparatus for issuing a credential for an incident area network
WO2021013056A1 (en) Microservice-based data processing method and apparatus, and device and readable storage medium
WO2020140914A1 (en) Client authentication method, apparatus, and computer-readable storage medium
US10749868B2 (en) Registration of the same domain with different cloud services networks
WO2017092385A1 (en) Portal authentication method, portal server and terminal
US20180322183A1 (en) Systems and methods for normalizing identity claims across disparate identity directories
US10257263B1 (en) Secure remote execution of infrastructure management
TWI768307B (en) Open source software integration approach
TWM495053U (en) Smart phone device of generating one-time password (OTP) and identity validation
CN118077173A (en) Application as resource body or service body
KR20130140483A (en) System for unified authorization and subscriber terminal
TW201512887A (en) Method for smart phone app to generate one-time password and for identity verification

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14894404

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14894404

Country of ref document: EP

Kind code of ref document: A1