CN101222335A - Cascade connection authentication method and device between application systems - Google Patents
Cascade connection authentication method and device between application systems Download PDFInfo
- Publication number
- CN101222335A CN101222335A CNA200810057498XA CN200810057498A CN101222335A CN 101222335 A CN101222335 A CN 101222335A CN A200810057498X A CNA200810057498X A CN A200810057498XA CN 200810057498 A CN200810057498 A CN 200810057498A CN 101222335 A CN101222335 A CN 101222335A
- Authority
- CN
- China
- Prior art keywords
- authentication
- request
- user
- message
- cascading
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses an application system cascade certification method and a device thereof; the invention can realizes user identity certification of application systems between two or more than two different or identical platforms; the certification method includes that: when a user of the system A initiates a request of visiting a system B from a system A, the system B firstly judges whether the user passes the certification, if the user of the system A does not pass the certification, the system B is directly redirected to the system A which completes the certification; if the user of the system A passes the certification, the information of the successful certification is fed back to the system B, the system B believes that the user is a valid user and allows the user to visit the system B; on the contrary, if a user of the system B visits the system A, the same process is adopted. In the mutual certification process, the data interaction can use a plurality of encryption algorithms, the user can choose the encryption-decryption algorithms by himself, thereby improving the flexibility and the expandability of the system.
Description
Technical field
The present invention relates to identity identifying technology, particularly relate to cascade connection authentication method and device between a kind of application system.
Background technology
Usually, all need to carry out authentication during the user capture application system, thus the fail safe of the system of assurance.Cascading authentication is meant the mutual identification that realizes user identity between the different application systems.At present, cascading authentication mode between the different application systems mainly adopts the mode of federal authentication, the agreement that is the employing standard is carried out transfer of data, and federal authentication has multiple disclosed standard, (Security Assertion MarkupLanguage, security assertion markup language are a kind of extensible XML frameworks based on the OASIS standard such as SAML, be used to exchange authentication and authorization message, it allows to use single sign-on feature in the modern network environment) etc.But there are the following problems on compatibility for these federal certified products of developing based on existing Open Standard:
Because present federal certified product all is at the authentication between the particular platform system, all systems that promptly can cascading authentication all need be based on same or with a kind of platform, and may not be suitable for based on authentication mode between the system of this platform between the system of other platforms and authenticate.That is to say that the cascading authentication mode that different platform is suitable for is also different.Therefore, for the cascading authentication between cross-platform application system, present certified product can't be realized authentication mutually to the system based on different platform; And, owing to authenticate between the system based on identical platform, certified product and platform binding, the different certified products that use of platform also need different, so just must select federal certified product at platform, and therefore present federal certified product all lacks flexibility.
Illustrate, the system of cascading authentication is first and second, and when system's party a subscriber passed through system's first access system second, system's second need be carried out authentication to it; Equally, system's first also needs system's party b subscriber of request visit is authenticated.If system's first and system's second all based on same or with a kind of platform, can be selected to authenticate mutually at the federal certified product of this platform; If respectively based on different application platforms, then present cascading authentication mode also can't realize.
Summary of the invention
Technical problem to be solved by this invention provides cascade connection authentication method and the device between a kind of application system, to solve the cascading authentication problem between the different platform application system.
For solving the problems of the technologies described above,, the invention discloses following technical scheme according to specific embodiment provided by the invention:
Cascade connection authentication method between a kind of application system, same procedure is adopted in the mutual authentication between system, and wherein first system comprises the authentication of second system:
First system user is initiated the request of visit second system by first system;
Whether second system judges first system user by authentication according to the state of current accessed, if then allow visit; If not, then second system is redirected to first system with described request, is finished this user's internal authentication by first system;
After first system passed through this user's internal authentication, to the second system feedback authentication success message, second system allowed the visit of first system user.
Preferably, second system comprises the step that described request is redirected to first system: the second system constructing request tokens message, and carry and use ID and send to first system; Wherein, described request tokens message comprises the URL of the first system user request and uses the URL that nullifies.
Preferably, described request tokens message also comprises timestamp and random number, and first system carries out safety verification according to described timestamp and random number.
Preferably, after the second system constructing request tokens message, also comprise: second system according to the enciphering and deciphering algorithm of first system negotiates, described request tokens message is encrypted, and described enciphering and deciphering algorithm is configurable.
Preferably, if second system judges that first system user by authentication, also comprises: second system continues to judge whether the Session ID of current request is identical with the Session ID that has passed through to authenticate, if inequality, denied access then.
Preferably, described first system and second system adopt the filter mode to authenticate mutually respectively.
Cascading authentication device between a kind of application system, described cascading authentication device is separately positioned on each application system end, comprising:
The authentication transmitting element is used for sending access request to the other side;
The authentication receiving element is used to receive the access request that the other side sends, and calls the state-maintenance unit and judge that according to the state of current accessed whether the other user is by authentication, if then finish the authentication receiving function; If not, triggering authentication processing unit then; Also be used to receive the redirect request that the other side sends, and the triggering authentication processing unit is handled;
The authentication processing unit, at described access request, the access request that is used for receiving is redirected to the other side, finishes authentication by the other side; At described redirect request, be used for the redirect request that receives is carried out internal authentication, after authentication is passed through, feed back authentication success message to the other side;
The state-maintenance unit is used to safeguard the state of current accessed.
Preferably, the redirect request of described authentication processing unit comprises: request tokens message and application ID, wherein ask tokens message to comprise the URL of first system's access request and the URL that application is nullified.
Preferably, described request tokens message also comprises timestamp and random number.
Preferably, described device also comprises: encryption/decryption element, and be used for that described request tokens message is carried out encryption and decryption and handle, wherein said enciphering and deciphering algorithm is configurable.
Preferably, described device also comprises: secure processing units is used for carrying out safety verification according to the timestamp and the random number of request tokens message.
Preferably, if the authentication receiving element is judged the other user by authentication, then described authentication receiving element continues to judge whether the Session ID of current request is identical with the Session ID that has passed through to authenticate, if inequality, denied access then.
According to specific embodiment provided by the invention, the invention discloses following technique effect:
At first, the invention provides the cascade connection authentication method between a kind of general application system, can realize the authenticating user identification of the application system between two or more different platforms or the same platform.Described authentication method is: when the user of system's first when system's first is initiated the request of access system second, system's second judges that at first whether the user is by authentication, if not by authentication, then system's second directly is redirected to system's first, finish authentication by system's first, if system's first by this user authentication feed back authentication success message to system's second, system's second thinks that then this user is validated user, allows its visit.Otherwise, if the user capture system first on system's second also adopts identical flow process.Described method efficiently solves the incompatible problem of existing various federal certified products.
Secondly, in the above-mentioned cascading authentication process, adopt the tokens mode to transmit parameter, promptly directly at URL (Uniform Resoure Locator, uniform resource locator) self-defining redirection parameter is carried in the back, address, and existing federal heat symptom-complex product all is to adopt the agreement of standard to carry out transfer of data at bottom, and the present invention compares characteristics such as having the realization of being simple and easy to the bottom transmission.
Once more, the verify data of federal certified product transmission cipher mode is fixed, and the user can not select; And the present invention does not do any restriction to the data cipher mode, selects cipher mode by the user voluntarily according to the needs of fail safe, and better flexibility and extensibility are arranged.
At last, the present invention also adopts measures such as timestamp, random number to guarantee data transmission security except that adopting cipher mode, promptly carries timestamp and random number and prevent to transmit data and distorted or reveal in tokens message.
Description of drawings
Fig. 1 is the cascade connection authentication method embodiment flow chart between application system of the present invention;
Fig. 2 is the cascading authentication device example structure block diagram between application system of the present invention;
Fig. 3 is the cascading authentication device process chart between the described system of the embodiment of the invention.
Embodiment
For above-mentioned purpose of the present invention, feature and advantage can be become apparent more, the present invention is further detailed explanation below in conjunction with the drawings and specific embodiments.
Need cascade to form an integral body between the different platform application system at present, it needs to authenticate each other.The invention provides the cascade connection authentication method that a kind of general application system is asked, can realize the authenticating user identification of the application system between two or more different platforms or the same platform.The prerequisite that the present invention realizes is that the authentication between the application system is trusted each other, if i.e. user's access system second of system's first, then system's second thinks that the authentication mode of system's first is trusty.
Authentication principles is as follows: when the user of system's first when system's first is initiated the request of access system second, system's second judges that at first whether the user is by authentication, if not by authentication, then system's second directly is redirected to system's first, finish authentication by system's first, if system's first by this user authentication feed back authentication success message to system's second, system's second thinks that then this user is validated user, allows its visit.Otherwise, if the user capture system first on system's second also adopts identical flow process.
To be that example is elaborated below with the mutual authentication between system's first and the system's second, wherein, system's first and system's second not be refered in particular to certain system, but distinguish for convenience of explanation and in addition.
With reference to Fig. 1, the cascade connection authentication method flow chart between described application system.Wherein, system's first and system's second can be based on a kind of or same platforms, also can be based on different platform.Because first is identical to the identifying procedure of first with second to the identifying procedure of second, therefore with system's party a subscriber request access system second, by system's second system's party a subscriber being authenticated is the example explanation.In actual applications, system's first and system's second all adopt the filter mode to realize whole authentication process, and idiographic flow is as follows:
In whole authentication process, system's second can be safeguarded the state table of a current accessed, if calling party has passed through authentication in this communicates to connect, then can be recorded in the state table.Under the cascade environment, can initiate repeatedly access request in the connection procedure between system, if passed through authentication in this connects, then follow-up request process is considered as authenticating, but each connection all needs to authenticate again.
Preferably, be to increase authenticating safety, if system's party a subscriber by authentication, then system's second filter also can continue to verify the Session ID of current request with whether identical by the Session ID that authenticates, if inequality, denied access then.
Session is translations time domains generally.In the computer major term, Session is meant the time interval that a terminal use and interactive system communicate, be often referred to from registration enter system log off to cancellation institute's elapsed time.Specific to the Session among the Web refer to be exactly the user when browsing certain website, from enter the website to browser close process during this period of time, just the user browses the time that this website spends.Therefore can see that from above-mentioned definition Session is actually a specific concept of time.The notion that it should be noted that a Session need comprise specific client, specific server end and unbroken operating time.Residing Session residing Sessions when connecting in party B-subscriber and the C server was two different Session when for example, the party A-subscriber connected with the C server.
Described redirected detailed process is: the filter of system's second makes up request tokens message, with the URL of timestamp, random number and user's request, use the parameters such as URL of nullifying according to the rules format combination become character string, encrypt this information by the cryptographic protocol that the user selects, and carry and use ID generation redirect request, send to the URL of system's first filter.In tokens message, the URL of user's request is meant the application system address that the user need visit; Use the URL that nullifies and be meant the application system that has access to after the user is by authentication, the cancellation address of this application system self; Application ID in the redirect request is meant the ID that distributes for the sign application system.Wherein, the URL of user request is mapping relations one by one with using ID, might not be identical.
In the prior art, the data of federal certified product in verification process are to transmit at bottom, promptly adopt the agreement of standard to carry out transfer of data, be similar to and on TCP (Transmission Control Protocol, transmission control protocol) layer, construct a protocol layer again and be used for authentication.And the present invention is preferred, adopts the tokens mode to transmit parameter, and described Tokens carries self-defining character string in the back, URL address of HTTP (Hyper Text Transfer Protocol, HTML (Hypertext Markup Language)).Compare with the bottom transmission, the tokens mode is transmitted data and is had characteristics such as the realization of being simple and easy to.
In the prior art, the verify data of federal certified product transmission cipher mode is fixed, and the user can not select.And the present invention is preferred, and the data cipher mode is not done any restriction, selects cipher mode by the user voluntarily according to the needs of fail safe, and better flexibility and extensibility are arranged.This configurable encryption and decryption mode comprises: the first, and the user can select according to a series of encryption and decryption functions that weave in advance; The second, the user also can oneself write the encryption and decryption function, and the encryption and decryption function that calls oneself in program is just passable.Need to prove that " user " here is meant the use user of cascading authentication product of the present invention, is different from system's party a subscriber.
The present invention is preferred, and joining day stamp and random number increase safety of data transmission in request tokens message, prevent that data from illegally being distorted or information leakage in transmission course.
Preferably, whether filter also can relatively be checked the timestamp in the tokens message and current time overtime, checks also simultaneously whether random number is distorted, thereby guarantees safety of data transmission.
After step 107, the filter of system's second were received the success response information that system's first returns, deciphering obtained user profile such as user ID, is delivered to system's second then.System's second utilizes described user profile to carry out the single-sign-on initial work, finishes whole authentication process.
Above-mentioned flow process is the identifying procedure of system's party a subscriber access system second, and same, system's party b subscriber access system first is also according to above-mentioned flow performing.And above-mentioned identifying procedure also is applicable to the authenticating user identification of the application system between a plurality of different platforms or the same platform, and the present invention does not limit concrete applicable cases at this.
At above-mentioned cascade connection authentication method, the present invention also provides the embodiment of the cascading authentication device between a kind of application system.With reference to Fig. 2, be the cascading authentication apparatus structure block diagram between described application system.Described cascading authentication device is arranged at each application system end, and the mutual authentication between the system is finished by the authenticate device of each system.Therefore, described authenticate device has the initiation authentication request simultaneously and receives the dual-use function that authentication request authenticates.
Described cascading authentication device mainly comprises authentication transmitting element 201, authentication receiving element 202, authentication processing unit 203 and state-maintenance unit 204.
Authentication transmitting element 201 is responsible for sending access request to the other side's cascading authentication device.
Authentication receiving element 202 is responsible for receiving the access request that the other side sends, and calls state-maintenance unit 204, judges that according to the state of current accessed whether the other user is by authentication, if then finish the authentication receiving function; If not, triggering authentication processing unit 203 then.Authentication receiving element 202 also is used to receive the redirect request that the other side sends, and triggering authentication processing unit 203 is handled.
Preferably,, continue then to judge whether the Session ID of current request is identical with the Session ID that has passed through to authenticate if authentication receiving element 203 is judged the other users by authentication, if inequality, denied access then, thus guaranteed authenticating safety.
Whole authentication processing flow process is responsible for realizing in authentication processing unit 203.At the access request that the other side sends, the access request that is used for receiving is redirected to the other side's cascading authentication device, finishes authentication by the other side; At redirect request, be used for the redirect request that receives is carried out internal authentication, after authentication is passed through, feed back authentication success message to the other side.
The state of current accessed is responsible for safeguarding in state-maintenance unit 204, and judges whether user's Flushing status is overtime, if overtime then disconnect to connect.
Preferably, described authentication processing unit 203 adopts the tokens modes to transmit parameter.Authentication processing unit 203 makes up request tokens message, and request tokens message comprises URL that the user asks, uses the parameters such as URL of nullifying, and also comprises timestamp and random number in order to guarantee fail safe.Authentication processing unit 203 will ask tokens message with use ID according to the rules format combination become character string as redirect request, send to the other side's cascading authentication device.
Preferably, described cascading authentication device also comprises encryption/decryption element 205, is responsible for tokens message being carried out encryption and decryption handling according to the calling of authentication processing unit 203.Wherein, the various enciphering and deciphering algorithms that encryption/decryption element 205 is realized are configurable, and promptly the user can select according to a series of encryption and decryption functions that weave in advance, perhaps oneself writes the encryption and decryption function.
Whether preferably, described cascading authentication device also comprises secure processing units 206, be responsible for timestamp in the tokens message and current time are relatively checked overtime, checks also simultaneously whether random number is distorted, thus the assurance safety of data transmission.
Above the function of each unit in the cascading authentication device has been carried out comprehensive explanation, below will by in the verification process between system the handling process of each unit be elaborated.With reference to Fig. 3, be the cascading authentication device process chart between system.
Be the example explanation still with system's first and system's second.System's first has been disposed identical cascading authentication device respectively with system second, and the mutual authentication between system's first and the system's second is cooperated by cascading authentication device first and cascading authentication device second to be finished.Clear simple and direct for describing, only listed the unit that relates to this handling process among Fig. 3, the unit of corresponding cascade authenticate device first comprises authentication transmitting element 301, authentication receiving element 302, authentication processing unit 303, encryption/decryption element 304 and secure processing units 305, and the unit of corresponding cascade authenticate device second comprises authentication transmitting element 311, authentication receiving element 312, authentication processing unit 313, state-maintenance unit 314, encryption/decryption element 315 and secure processing units 316.
When system's party a subscriber request access system second, handling process is as follows:
1, system's first is initiated access request by authentication transmitting element 301;
2, after the authentication receiving element 312 of system's second receives described access request, call state-maintenance unit 314 and judge that according to the state of current accessed whether system's party a subscriber is by authentication, if, then continue the Session ID of checking current request and whether identical by the Session ID that authenticates, if inequality, denied access then; If identical, then request is forwarded in system's second, allow this user capture system second;
If by authentication, then the triggering authentication processing unit 313 for 3 system's party a subscribers; The authentication processing unit 313 of system's second makes up request tokens message, with the URL of timestamp, random number and user's request, use the parameters such as URL of nullifying according to the rules format combination become character string, call encryption/decryption element 315 and encrypt this information, and carry and use ID generation redirect request, send to system's first by authentication transmitting element 311;
4, after the authentication receiving element 302 of system's first receives described redirect request, call 304 pairs of requests of encryption/decryption element tokens message and be decrypted processing, and timestamp, the random number called in 305 pairs of requests of secure processing units tokens message are carried out safety verification; After deciphering obtained corresponding information, 303 couples of these users of invokes authentication processing unit carried out internal authentication; After authentication is passed through, authentication processing unit 303 is with the user profile of identifying user identity such as this user ID, and information such as timestamp, random number according to the rules format combination successfully feed back tokens message, and utilize encryption/decryption element 304 to encrypt, then by authentication transmitting element 301 retrieval system second;
5, the authentication receiving element 312 of system's second receives described successful feedback message, utilize encryption/decryption element 315 deciphering to obtain user ID, pass to system's second, and timestamp, the random number called in 316 pairs of requests of secure processing units tokens message are carried out safety verification; System's second utilizes described user profile to carry out the single-sign-on initial work, finishes whole authentication process.
The said units flow chart of data processing has clearly demonstrated the unilateral authentication process of system's second to system's party a subscriber, and is same, and system's first also can get final product first and second transposings in the diagram with reference to Fig. 3 the authentication of system's party b subscriber, is not described in detail in this.
The part that does not describe in detail in Fig. 2, the device shown in Figure 3 can be considered for length referring to the relevant portion of method shown in Figure 1, is not described in detail in this.
More than to cascade connection authentication method and device between a kind of application system provided by the present invention, be described in detail, used specific case herein principle of the present invention and execution mode are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, part in specific embodiments and applications all can change.In sum, this description should not be construed as limitation of the present invention.
Claims (12)
1. the cascade connection authentication method between an application system is characterized in that, same procedure is adopted in the mutual authentication between system, and wherein first system comprises the authentication of second system:
First system user is initiated the request of visit second system by first system;
Whether second system judges first system user by authentication according to the state of current accessed, if then allow visit; If not, then second system is redirected to first system with described request, is finished this user's internal authentication by first system;
After first system passed through this user's internal authentication, to the second system feedback authentication success message, second system allowed the visit of first system user.
2. method according to claim 1 is characterized in that, second system comprises the step that described request is redirected to first system: the second system constructing request tokens message, and carry and use ID and send to first system; Wherein, described request tokens message comprises the URL of the first system user request and uses the URL that nullifies.
3. method according to claim 2 is characterized in that: described request tokens message also comprises timestamp and random number, and first system carries out safety verification according to described timestamp and random number.
4. according to claim 2 or 3 described methods, it is characterized in that, after the second system constructing request tokens message, also comprise: second system according to the enciphering and deciphering algorithm of first system negotiates, described request tokens message is encrypted, and described enciphering and deciphering algorithm is configurable.
5. method according to claim 1, it is characterized in that if second system judges that first system user by authentication, also comprises: second system continues to judge the Session ID of current request and whether the Session ID by authentication is identical, if inequality, denied access then.
6. method according to claim 1 is characterized in that: described first system and second system adopt the filter mode to authenticate mutually respectively.
7. the cascading authentication device between an application system is characterized in that described cascading authentication device is separately positioned on each application system end, comprising:
The authentication transmitting element is used for sending access request to the other side;
The authentication receiving element is used to receive the access request that the other side sends, and calls the state-maintenance unit and judge that according to the state of current accessed whether the other user is by authentication, if then finish the authentication receiving function; If not, triggering authentication processing unit then; Also be used to receive the redirect request that the other side sends, and the triggering authentication processing unit is handled;
The authentication processing unit, at described access request, the access request that is used for receiving is redirected to the other side, finishes authentication by the other side; At described redirect request, be used for the redirect request that receives is carried out internal authentication, after authentication is passed through, feed back authentication success message to the other side;
The state-maintenance unit is used to safeguard the state of current accessed.
8. cascading authentication device according to claim 7, it is characterized in that: the redirect request of described authentication processing unit comprises: request tokens message and application ID, wherein ask tokens message to comprise the URL of first system's access request and the URL that application is nullified.
9. cascading authentication device according to claim 8 is characterized in that: described request tokens message also comprises timestamp and random number.
10. according to Claim 8,9 described cascading authentication devices, it is characterized in that, also comprise: encryption/decryption element, be used for that described request tokens message is carried out encryption and decryption and handle, wherein said enciphering and deciphering algorithm is configurable.
11. cascading authentication device according to claim 9 is characterized in that, also comprises: secure processing units is used for carrying out safety verification according to the timestamp and the random number of request tokens message.
12. cascading authentication device according to claim 7, it is characterized in that: if the authentication receiving element judges that the other user is by authentication, then described authentication receiving element continues to judge the Session ID of current request and whether the Session ID by authentication is identical, if inequality, denied access then.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA200810057498XA CN101222335A (en) | 2008-02-02 | 2008-02-02 | Cascade connection authentication method and device between application systems |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA200810057498XA CN101222335A (en) | 2008-02-02 | 2008-02-02 | Cascade connection authentication method and device between application systems |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101222335A true CN101222335A (en) | 2008-07-16 |
Family
ID=39631932
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNA200810057498XA Pending CN101222335A (en) | 2008-02-02 | 2008-02-02 | Cascade connection authentication method and device between application systems |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101222335A (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101938465A (en) * | 2010-07-05 | 2011-01-05 | 北京广电天地信息咨询有限公司 | Method and system based on webservice authentication |
CN102428488A (en) * | 2009-05-19 | 2012-04-25 | 诺基亚公司 | Method and apparatus for displaying purchasing information |
CN103179089A (en) * | 2011-12-21 | 2013-06-26 | 富泰华工业(深圳)有限公司 | System and method for identity authentication for accessing of different software development platforms |
CN104144161A (en) * | 2014-07-08 | 2014-11-12 | 北京彩云动力教育科技有限公司 | Interacting method and system for client side and WEB server side |
CN104410674A (en) * | 2014-11-12 | 2015-03-11 | 国云科技股份有限公司 | A WEB session synchronization method of a single sign on system |
CN105337949A (en) * | 2014-08-13 | 2016-02-17 | 中国移动通信集团重庆有限公司 | SSO (Single Sign On) authentication method, web server, authentication center and token check center |
CN106331772A (en) * | 2015-06-17 | 2017-01-11 | 阿里巴巴集团控股有限公司 | Data verification method and apparatus and smart television system |
CN109831307A (en) * | 2018-12-28 | 2019-05-31 | 上海分布信息科技有限公司 | Computerized information authentication method and authentification of message system |
CN112887331A (en) * | 2021-02-26 | 2021-06-01 | 政采云有限公司 | Bidirectional authentication method, device and equipment between different single sign-on systems |
CN115118454A (en) * | 2022-05-25 | 2022-09-27 | 四川中电启明星信息技术有限公司 | Cascade authentication system and method based on mobile application |
-
2008
- 2008-02-02 CN CNA200810057498XA patent/CN101222335A/en active Pending
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102428488A (en) * | 2009-05-19 | 2012-04-25 | 诺基亚公司 | Method and apparatus for displaying purchasing information |
CN101938465A (en) * | 2010-07-05 | 2011-01-05 | 北京广电天地信息咨询有限公司 | Method and system based on webservice authentication |
CN101938465B (en) * | 2010-07-05 | 2013-05-01 | 北京广电天地科技有限公司 | Method and system based on webservice authentication |
CN103179089A (en) * | 2011-12-21 | 2013-06-26 | 富泰华工业(深圳)有限公司 | System and method for identity authentication for accessing of different software development platforms |
CN104144161B (en) * | 2014-07-08 | 2017-03-22 | 北京彩云动力教育科技有限公司 | Interacting method and system for client side and WEB server side |
CN104144161A (en) * | 2014-07-08 | 2014-11-12 | 北京彩云动力教育科技有限公司 | Interacting method and system for client side and WEB server side |
CN105337949A (en) * | 2014-08-13 | 2016-02-17 | 中国移动通信集团重庆有限公司 | SSO (Single Sign On) authentication method, web server, authentication center and token check center |
CN104410674A (en) * | 2014-11-12 | 2015-03-11 | 国云科技股份有限公司 | A WEB session synchronization method of a single sign on system |
CN104410674B (en) * | 2014-11-12 | 2018-04-10 | 国云科技股份有限公司 | A kind of WEB session synchronization methods of single-node login system |
CN106331772A (en) * | 2015-06-17 | 2017-01-11 | 阿里巴巴集团控股有限公司 | Data verification method and apparatus and smart television system |
CN109831307A (en) * | 2018-12-28 | 2019-05-31 | 上海分布信息科技有限公司 | Computerized information authentication method and authentification of message system |
CN109831307B (en) * | 2018-12-28 | 2021-07-20 | 上海分布信息科技有限公司 | Computer information authentication method and information authentication system |
CN112887331A (en) * | 2021-02-26 | 2021-06-01 | 政采云有限公司 | Bidirectional authentication method, device and equipment between different single sign-on systems |
CN112887331B (en) * | 2021-02-26 | 2022-07-08 | 政采云有限公司 | Bidirectional authentication method, device and equipment between different single sign-on systems |
CN115118454A (en) * | 2022-05-25 | 2022-09-27 | 四川中电启明星信息技术有限公司 | Cascade authentication system and method based on mobile application |
CN115118454B (en) * | 2022-05-25 | 2023-06-30 | 四川中电启明星信息技术有限公司 | Cascade authentication system and authentication method based on mobile application |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101222335A (en) | Cascade connection authentication method and device between application systems | |
Yang et al. | A security analysis of the OAuth protocol | |
JP5334320B2 (en) | Authentication delegation based on re-verification of cryptographic evidence | |
CN104767731B (en) | A kind of Restful move transactions system identity certification means of defence | |
CN101009561B (en) | System and method for IMX session control and authentication | |
WO2017028804A1 (en) | Web real-time communication platform authentication and access method and device | |
EP1595190B1 (en) | Service provider anonymization in a single sign-on system | |
TWI543574B (en) | Method for authenticatiing online transactions using a browser | |
JP5139423B2 (en) | Policy-driven credentials delegation for single sign-on and secure access to network resources | |
CN100574193C (en) | Method, system and third party website, service server that the switching third party lands | |
US8800013B2 (en) | Devolved authentication | |
EP0940960A1 (en) | Authentication between servers | |
CN105917630A (en) | Redirect to inspection proxy using single-sign-on bootstrapping | |
CN101292496A (en) | Method and devices for carrying out cryptographic operations in a client-server network | |
CN102638454A (en) | Plug-in type SSO (single signon) integration method oriented to HTTP (hypertext transfer protocol) identity authentication protocol | |
CN101651666A (en) | Method and device for identity authentication and single sign-on based on virtual private network | |
JP5602165B2 (en) | Method and apparatus for protecting network communications | |
CN105554098A (en) | Device configuration method, server and system | |
EP2979420B1 (en) | Network system comprising a security management server and a home network, and method for including a device in the network system | |
CN104243452B (en) | A kind of cloud computing access control method and system | |
US20100132017A1 (en) | Process for authenticating a user by certificate using an out-of band message exchange | |
WO2007078037A1 (en) | Web page protection method employing security appliance and set-top box having the security appliance built therein | |
KR20030075809A (en) | Client authentication method using SSO in the website builded on a multiplicity of domains | |
Sudhakar | Techniques for securing rest | |
James | Web single sign-on systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C41 | Transfer of patent application or patent right or utility model | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20080606 Address after: Beijing City, Xuanwu District Baiguang road two No. Applicant after: State Grid Information & Telecommunication Co., Ltd. Address before: Beijing City, Xuanwu District Baiguang road two No. Applicant before: China Electric Power Information Center |
|
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Open date: 20080716 |