CN101764806A - Single-point log-in method, system and system and log-in service platform - Google Patents

Single-point log-in method, system and system and log-in service platform Download PDF

Info

Publication number
CN101764806A
CN101764806A CN 200910239615 CN200910239615A CN101764806A CN 101764806 A CN101764806 A CN 101764806A CN 200910239615 CN200910239615 CN 200910239615 CN 200910239615 A CN200910239615 A CN 200910239615A CN 101764806 A CN101764806 A CN 101764806A
Authority
CN
China
Prior art keywords
token
log
user
service platform
serial number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN 200910239615
Other languages
Chinese (zh)
Other versions
CN101764806B (en
Inventor
傅志敬
唐斌
吴卓坤
张高镜
刘志诚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aspire Digital Technologies Shenzhen Co Ltd
Original Assignee
Aspire Digital Technologies Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aspire Digital Technologies Shenzhen Co Ltd filed Critical Aspire Digital Technologies Shenzhen Co Ltd
Priority to CN 200910239615 priority Critical patent/CN101764806B/en
Publication of CN101764806A publication Critical patent/CN101764806A/en
Application granted granted Critical
Publication of CN101764806B publication Critical patent/CN101764806B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides a single-point log-in method, comprising the following steps: a client side generates a user token according to a token identifier and a token serial number which are obtained from a log-in service platform, the user token comprises the token identifier and the token serial number which is encrypted by using a public key of the log-in service platform; the client side accesses an application server by using the user token, and the user token can only used one time; the application server requires the log-in service platform to carry out authentication to the user token, if the authentication is successful, the client side access is successful; correspondingly, the embodiment of the invention provides a log-in service platform and a log-in service system; dynamic user token is generated according to the initial token and is used for accessing the application server by obtaining the initial token of the log-in service platform; the user token invalidation is short and can be used one time, so as to realize to access SSO safely and enhance user experience.

Description

A kind of single-point logging method, system and log-in service platform
Technical field
The present invention relates to the communications field, relate in particular to a kind of single-point logging method, system and log-in service platform.
Background technology
(Single Sign On SSO) is one of solution of integrating of at present popular business event to single-sign-on.The definition of SSO is in a plurality of application systems, and the user only need login the application system that once just can visit all mutual trusts.It comprises and current main login can be mapped to the mechanism that is used for same user's login in other application.
Existing SSO is based on static token mode, applies for token by the user to the SSO server, and client is carried this token and gone to visit other credit services; This token of applying for is produced by the SSO server end, can use repeatedly in the certain hour section afterwards.In case token is illegally stolen, will cause the application system of user's credit to be trespassed.This problem is difficult being resolved under the mode of static token; If if static token can only use 1 time, just need the user to land at every turn and just need remove the static token of application on the SSO server, the pressure that causes the SSO server mainly is in the action of user applies token, and apply for that at every turn the time of token also can increase total stand-by period of the each single sign-on SSO of user, have a strong impact on user experience.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of single-point logging method, generates dynamic token by client and conducts interviews, and has realized SSO access mechanism safely and fast.
The embodiment of the invention provides a kind of single-point logging method, and described single-point logging method comprises:
Client generates User Token according to token sign and the token serial number obtained from log-in service platform in advance, and described User Token comprises token sign and the token serial number through using the log-in service platform PKI to encrypt;
Described client is used described User Token access application server, and described User Token can only be used once;
Described application server carries out authentication to described log-in service platform request to described User Token, and the authentication success then makes described client-access success.
Correspondingly, the embodiment of the invention also provides a kind of log-in service platform, and described log-in service platform comprises:
The log-on message acquiring unit is used to obtain log-on message, and described log-on message comprises user totem information and the token key through using the log-in service platform PKI to encrypt;
The private key decrypting device is used to use the log-in service platform private key that the information that comprises the content of encrypting through use log-in service platform PKI that gets access to is decrypted;
Initial token is provided the unit, be used to generate token sign and token serial number, and use by the described token key that obtains after the deciphering of private key decrypting device token serial number is encrypted, return initial token to client, described initial token comprises described token sign and the token serial number through encrypting;
The User Token acquiring unit is used for obtaining User Token from application server, and described User Token comprises token sign and the token serial number through using the log-in service platform PKI to encrypt;
The token authenticating unit is used for described token sign that gets access to and the token serial number that deciphering obtains through the private key decrypting device are carried out authentication, and authenticating result is returned described application server.
Correspondingly, the embodiment of the invention also provides a kind of single-node login system, and described single-node login system comprises client, log-in service platform and application server, wherein:
Described client is used to generate token key, uses the log-in service platform PKI that described token key is encrypted, and user totem information and the described token key of encrypting of passing through are sent; Obtain the initial token that described log-in service platform is returned, use described token key that described initial token is decrypted and obtain token sign and token serial number, use the log-in service platform PKI that described token serial number is encrypted, use described User Token to visit described application server, described User Token comprises the token serial number that token sign and process are encrypted;
Described log-in service platform is used to obtain described user totem information and the token key through encrypting, use the deciphering of log-in service platform private key to obtain described token key, generate token sign and token serial number, use described token key that token serial number is encrypted, return initial token to client, described initial token comprises described token sign and the token serial number through encrypting; Obtain User Token from application server, use the log-in service platform private key that described User Token is decrypted and obtain token sign and token serial number, described token sign and token serial number are carried out authentication, and authenticating result is returned to described application server;
Described application server is used for obtaining User Token from described client, is transmitted to described log-in service platform request authentication, and passes through or refuse the access request of client according to the authenticating result that log-in service platform is returned.
The embodiment of the invention is by obtaining the initial token of log-in service platform, generate dynamic User Token and be used for access application server according to this initial token, this User Token lost efficacy short, only can use once, realize safe SSO visit, strengthened user experience.
Description of drawings
Fig. 1 is that the structure of a kind of single-node login system in the embodiment of the invention is formed schematic diagram;
Fig. 2 is that the structure of a kind of log-in service platform in the embodiment of the invention is formed schematic diagram;
Fig. 3 is the method flow schematic diagram that the embodiment of the invention one realizes single-sign-on;
Fig. 4 is the method flow schematic diagram that the embodiment of the invention two realizes single-sign-on.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
Fig. 1 is that the structure of a kind of single-node login system in the embodiment of the invention is formed schematic diagram, and this single-node login system comprises client 10, log-in service platform 20 and application server 30 at least as shown in Figure 1, wherein:
Client 10 is used to generate token key, uses the log-in service platform PKI that described token key is encrypted, and user totem information and the described token key of encrypting of passing through are sent; Obtain the initial token that log-in service platform 20 is returned, use described token key that described initial token is decrypted and obtain token sign and token serial number, use the log-in service platform PKI that described token serial number is encrypted, use described User Token to visit described application server 30, described User Token comprises the token serial number that token sign and process are encrypted.Particularly, described token key is that a symmetric key uses the content of this token secret key encryption can use same token key to be decrypted, and use described log-in service platform PKI that described token key is encrypted as asymmetric encryption, the opposite end has only the log-in service platform private key of the correspondence used to be decrypted reading to encrypted content.Described user's flag information comprises user's flag, client also can with user ID and token key together encrypting and transmitting go out.The initial token that user side returns from log-in service platform can comprise user ID and the token serial number after token sign, user ID and process are used described token key encryption.Described User Token is except comprising token sign and the process token serial number of asymmetric encryption, the user ID and the timestamp that can also comprise user ID, process asymmetric encryption, described User Token has the effective time (for example 60 seconds) that can be provided with after generating, when overtime then this User Token lost efficacy, this User Token is only supported application server of client-access, and using once, the back User Token lost efficacy.
Log-in service platform 20 is used to obtain described user totem information and the token key through encrypting, use the deciphering of log-in service platform private key to obtain described token key, generate token sign and token serial number, use described token key that token serial number is encrypted, return initial token to client 10, described initial token comprises described token sign and the token serial number through encrypting; Obtain User Token from application server 30, use the log-in service platform private key that described User Token is decrypted and obtain token sign and token serial number, described token sign and token serial number are carried out authentication, and authenticating result is returned to described application server 30.Particularly, described initial token can also comprise the user ID after user ID and the described token key of process are encrypted except comprising described token sign and the token serial number through encrypting.
Application server 30 is used for obtaining User Token from described client 10, is transmitted to described log-in service platform 20 request authentications, and passes through or refuse the access request of client according to the authenticating result that log-in service platform 20 is returned.
Further, single-node login system can also comprise user identity source server 40, the user ID and the user source sign that are used for stored user, obtain user profile from client 10, described user profile comprises user ID and the token key through using the log-in service platform PKI to encrypt, search user's user source sign, send log-on message to log-in service platform 20, described log-on message comprises user ID, user source sign and the token key through using the log-in service platform PKI to encrypt.It is that the access user of user identity source server is pre-assigned that described user source is designated log-in service platform, and log-in service platform can be carried out authentication to this user source sign.
Fig. 2 is that the structure of a kind of log-in service platform in the embodiment of the invention is formed schematic diagram, this log-in service platform comprises log-on message acquiring unit 201, private key decrypting device 202, initial token granting unit 203 and User Token acquiring unit 204 as shown in the figure, wherein:
Log-on message acquiring unit 201 is used to obtain log-on message, and described log-on message comprises user totem information and the token key through using the log-in service platform PKI to encrypt, and described user totem information can comprise user ID.
Private key decrypting device 202 is used to use the log-in service platform private key that the information that comprises the content of encrypting through use log-in service platform PKI that gets access to is decrypted;
Initial token is provided unit 203, be used to generate token sign and token serial number, and use by the described token key that obtains after the deciphering of private key decrypting device token serial number is encrypted, return initial token to client, described initial token comprises described token sign and the token serial number through encrypting;
User Token acquiring unit 204 is used for obtaining User Token from application server, and described User Token comprises token sign and the token serial number through using the log-in service platform PKI to encrypt;
Token authenticating unit 205 is used for described token sign that gets access to and the token serial number that deciphering obtains through the private key decrypting device are carried out authentication, and authenticating result is returned described application server.Particularly, token authenticating unit 205 can at first be searched the corresponding token sequence number according to the token sign that gets access to, and then token serial number that finds and the token serial number that the deciphering through the private key decrypting device obtains is compared then authentication success of unanimity.
Further, this log-in service platform can also comprise user ID authenticating unit 206, the user totem information that is used for log-on message that described log-on message acquiring unit is got access to carries out authentication, and the authentication success then notifies the private key decrypting device that log-on message is decrypted.Particularly, described user totem information can comprise user ID and user source sign, and described user source sign is that log-in service platform is user's distribution in advance, and described user ID authenticating unit 206 can be carried out authentication to described user source sign.
Fig. 3 is the method flow schematic diagram that the embodiment of the invention one realizes single-sign-on, and this method flow comprises as shown in the figure:
Step S301, client generates User Token according to token sign and the token serial number obtained from log-in service platform in advance, and described User Token comprises token sign and the token serial number through using the log-in service platform PKI to encrypt.Particularly, client can ask to obtain an initial token and carry out safe storage from log-in service platform in advance, initial token comprises token sign and token serial number, this initial token has the default term of validity, for example 24 hours, in this initial token term of validity, client can generate described User Token according to sign of the token in the initial token and token serial number.Described User Token is except comprising the token sign and through using the log-in service platform PKI to carry out the sequence of tokens extra of asymmetric encryption, can also comprising user ID, carry out the user ID and the timestamp of asymmetric encryption through using the log-in service platform PKI.Wherein said log-in service platform PKI is disclosed, and corresponding private key is stored in the log-in service platform, and the third party can't obtain private key.Described further User Token has the effective time (for example 60 seconds) that can be provided with after generating, begin to calculate during from generation, if overtime then this User Token lost efficacy, this User Token is only supported application server of client-access, and using once, the back User Token lost efficacy.
Step S302, described client is used described User Token access application server, and described User Token can only be used once.Particularly, client sends the access request of carrying described User Token to application server, success or not sends the described User Token in back and lost efficacy, no matter then need re-execute step S301 if need visit this application server again maybe need visit other application server.
Step S303, described application server carries out authentication to described log-in service platform request to described User Token, and the authentication success then makes described client-access success.Particularly, after described application server gets access to described access request of carrying User Token, described User Token is mail to log-in service platform request authentication, log-in service platform is used the log-in service platform private key that User Token is decrypted and is obtained token serial number, compare with the token serial number that finds according to the token sign, the success of errorless then authentication is returned authenticating result to application server, and application server i.e. access request by client.
Fig. 4 is the method flow schematic diagram that the embodiment of the invention two realizes single-sign-on, and this method flow comprises as shown in the figure:
Step S401, described client generates token key Ktoken.
Step S402, client sends log-on message to log-in service platform, and described log-on message comprises user totem information and the described token key through using the log-in service platform PKI to encrypt.Particularly, client can directly send to log-in service platform with log-on message, log-on message comprise at least user totem information UID and through the described token key ERsa that use log-in service platform PKI Kpub_sso to encrypt (Kpub_sso, Ktoken).Client is login user identity source server at first, the latter obtains ERsa (Kpub_sso from client, Ktoken) and behind the UID, send log-on message to log-in service platform after finding user's source sign USID, log-on message herein comprises user totem information and the described token key through using the log-in service platform PKI to encrypt at least, and wherein user totem information comprises UID and USID.It is that the user who inserts the user identity source server distributes in advance that described user source is designated log-in service platform, can carry out authentication on log-in service platform.
Step S403, client is obtained initial token from described log-in service platform, and described initial token comprises token sign and the token serial number of encrypting through described token key.Particularly, after described logon server has obtained log-on message, optionally at first USID in the user totem information in the log-on message is carried out authentication, authentication success back uses log-in service platform private key Kpri_sso that the encrypted content in the log-on message is decrypted, obtain described token key Ktoken, log-in service platform and then generate initial token TokenInit, described initial token TokenInit comprises token sign KTID at least and carries out the token serial number EAes (Ktoken of symmetric cryptography through use token key Ktoken, SN), user ID EAes (the Ktoken that can also comprise user ID UID and process symmetric cryptography, UID), client is obtained the initial token TokenInit that log-in service platform is returned.
Step S404 client uses described token key that initial token deciphering is obtained described token serial number.Particularly, client gets access to token sign KTID, uses Ktoken that initial token TokenInit is decrypted and obtains token serial number SN.
Step S405, client stores described token sign and token serial number.Particularly, client secure is deleted token key Stoken after storing described token sign KTID and token serial number SN.(for example 24 hours) this token sign KTID and token sign SN are effective in default initial token timeliness.
Step S406, client generates User Token according to token sign and the token serial number obtained from log-in service platform, and described User Token comprises token sign and the token serial number through using the log-in service platform PKI to encrypt.Particularly, client is used log-in service platform PKI Kpub_sso that described token serial number SN is carried out asymmetric encryption and is obtained ERsa (Kpub_sso, SN), client generates User Token TokenUser, described User Token TokenUser comprises token sign KTID and ERsa (Kpub_sso at least, SN), can also comprise user ID and through log-in service platform PKI Kpub_sso carry out the user ID of asymmetric encryption and timestamp ERsa (Kpub_sso, UID|Ltime).According to the effective time of token sign KTID and token serial number SN among the initial token TokenInit, client can use KTID and SN to generate User Token TokenUser in this effective time further.Described User Token TokenUser has short time limit (for example 60 seconds), and not using then above this time limit, TokenUser lost efficacy.
Step S407, described client is used described User Token access application server, and described User Token can only be used once.Particularly, client sends the access request of carrying described User Token TokenUser to application server, send the described User Token inefficacy TokenUser in back, no matter success or not then need re-execute step S406 if need visit this application server again maybe need visit other application server.
Step S408, described application server carries out authentication to described log-in service platform request to described User Token, and the authentication success then makes described client-access success.Particularly, after described application server gets access to described access request of carrying User Token TokenUser, described User Token TokenUser is mail to log-in service platform request authentication, log-in service platform is used log-in service platform private key Kpri_sso that User Token TokenUser is decrypted and is obtained token serial number SN, compare with the token serial number SN that finds according to token sign KTID, errorless then authentication success, return authenticating result to application server, application server i.e. access request by client.
The embodiment of the invention is by obtaining the initial token of log-in service platform, generate dynamic User Token and be used for access application server according to this initial token, this User Token lost efficacy short, only can use once, realize safe SSO visit, strengthened user experience.
Description by the foregoing description, one of ordinary skill in the art will appreciate that all or part of flow process that realizes the foregoing description, be to instruct relevant hardware to finish by computer program, described program can be stored in the computer-readable medium, this program when carrying out, can comprise as the embodiment of above-mentioned each side method flow process.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (Read-Only Memory, ROM) or at random store memory body (Random Access Memory, RAM) etc.
Above disclosed is preferred embodiment of the present invention only, can not limit the present invention's interest field certainly with this, and therefore the equivalent variations of doing according to claim of the present invention still belongs to the scope that invention is contained.

Claims (10)

1. a single-point logging method is characterized in that, described single-point logging method comprises:
Client generates User Token according to token sign and the token serial number obtained from log-in service platform in advance, and described User Token comprises token sign and the token serial number through using the log-in service platform PKI to encrypt;
Described client is used described User Token access application server, and described User Token can only be used once;
Described application server carries out authentication to described log-in service platform request to described User Token, and the authentication success then makes described client-access success.
2. single-point logging method as claimed in claim 1 is characterized in that, described client is according to also comprising before token sign that stores in advance and the described token serial number generation User Token:
Described client generates token key;
Send log-on message to log-in service platform, described log-on message comprises user totem information and the described token key through using the log-in service platform PKI to encrypt;
Obtain initial token from described log-in service platform, described initial token comprises token sign and the token serial number of encrypting through described token key;
Use described token key that initial token deciphering is obtained described token serial number;
Store described token sign and token serial number.
3. single-point logging method as claimed in claim 2 is characterized in that, described client sends log-on message to log-in service platform and comprises:
Client sends user profile to the user identity source server, and described user profile comprises user ID and the described token key through using the log-in service platform PKI to encrypt;
Described user identity source server sends log-on message to log-in service platform, described log-on message comprises user totem information and the described token key through using the log-in service platform PKI to encrypt, and described user totem information comprises user ID and user source sign.
4. single-point logging method as claimed in claim 3 is characterized in that, describedly also comprises after log-in service platform sends log-on message:
After described log-in service platform is obtained described log-on message, described user totem information is carried out authentication;
Described log-in service platform authentication success back uses the log-in service platform private key that described log-on message deciphering is obtained described token key;
Generate and return described initial token, described initial token comprises token sign and the token serial number of encrypting through described token key.
5. single-point logging method as claimed in claim 2 is characterized in that, the described token key of described use is deleted described token key after initial token deciphering is obtained described token serial number.
6. single-point logging method as claimed in claim 2 is characterized in that, described single-point logging method also comprises:
The effective time of default described initial token of described log-in service platform and described User Token.
7. a log-in service platform is characterized in that, described log-in service platform comprises:
The log-on message acquiring unit is used to obtain log-on message, and described log-on message comprises user totem information and the token key through using the log-in service platform PKI to encrypt;
The private key decrypting device is used to use the log-in service platform private key that the information that comprises the content of encrypting through use log-in service platform PKI that gets access to is decrypted;
Initial token is provided the unit, be used to generate token sign and token serial number, and use by the described token key that obtains after the deciphering of private key decrypting device token serial number is encrypted, return initial token to client, described initial token comprises described token sign and the token serial number through encrypting;
The User Token acquiring unit is used for obtaining User Token from application server, and described User Token comprises token sign and the token serial number through using the log-in service platform PKI to encrypt;
The token authenticating unit is used for described token sign that gets access to and the token serial number that deciphering obtains through the private key decrypting device are carried out authentication, and authenticating result is returned described application server.
8. log-in service platform as claimed in claim 7 is characterized in that, described log-in service platform also comprises:
The user ID authenticating unit, the user totem information that is used for log-on message that described log-on message acquiring unit is got access to carries out authentication, and the authentication success then notifies the private key decrypting device that log-on message is decrypted.
9. a single-node login system is characterized in that, described single-node login system comprises client, log-in service platform and application server, wherein:
Described client is used to generate token key, uses the log-in service platform PKI that described token key is encrypted, and user totem information and the described token key of encrypting of passing through are sent; Obtain the initial token that described log-in service platform is returned, use described token key that described initial token is decrypted and obtain token sign and token serial number, use the log-in service platform PKI that described token serial number is encrypted, use described User Token to visit described application server, described User Token comprises the token serial number that token sign and process are encrypted;
Described log-in service platform is used to obtain described user totem information and the token key through encrypting, use the deciphering of log-in service platform private key to obtain described token key, generate token sign and token serial number, use described token key that token serial number is encrypted, return initial token to client, described initial token comprises described token sign and the token serial number through encrypting; Obtain User Token from application server, use the log-in service platform private key that described User Token is decrypted and obtain token sign and token serial number, described token sign and token serial number are carried out authentication, and authenticating result is returned to described application server;
Described application server is used for obtaining User Token from described client, is transmitted to described log-in service platform request authentication, and passes through or refuse the access request of client according to the authenticating result that log-in service platform is returned.
10. single-node login system as claimed in claim 9 is characterized in that, described single-node login system also comprises:
The user identity source server, the user ID and the user source sign that are used for stored user, obtain user's user profile, described user profile comprises user ID and the token key through using the log-in service platform PKI to encrypt, send log-on message to log-in service platform, described log-on message comprises user ID, user source sign and the token key through using the log-in service platform PKI to encrypt.
CN 200910239615 2009-12-31 2009-12-31 Single-point log-in method, system and log-in service platform Expired - Fee Related CN101764806B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200910239615 CN101764806B (en) 2009-12-31 2009-12-31 Single-point log-in method, system and log-in service platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200910239615 CN101764806B (en) 2009-12-31 2009-12-31 Single-point log-in method, system and log-in service platform

Publications (2)

Publication Number Publication Date
CN101764806A true CN101764806A (en) 2010-06-30
CN101764806B CN101764806B (en) 2012-12-26

Family

ID=42495791

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200910239615 Expired - Fee Related CN101764806B (en) 2009-12-31 2009-12-31 Single-point log-in method, system and log-in service platform

Country Status (1)

Country Link
CN (1) CN101764806B (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012162952A1 (en) * 2011-08-17 2012-12-06 华为技术有限公司 Credential authentication method and single sign-on server
CN103166783A (en) * 2011-12-14 2013-06-19 华为技术有限公司 Resource control method and resource control device
CN103188248A (en) * 2011-12-31 2013-07-03 卓望数码技术(深圳)有限公司 Identity authentication system and method based on single sign-on
CN103888410A (en) * 2012-12-19 2014-06-25 卓望数码技术(深圳)有限公司 Application authentication method and system
CN104253787A (en) * 2013-06-26 2014-12-31 华为技术有限公司 Service authentication method and system
CN104348620A (en) * 2013-07-31 2015-02-11 中兴通讯股份有限公司 Method for authenticating intelligent household terminals, and corresponding devices
CN105187389A (en) * 2015-08-07 2015-12-23 北京思特奇信息技术股份有限公司 Webpage access method and system based on digital mixed encryption
CN105871796A (en) * 2015-11-18 2016-08-17 乐视致新电子科技(天津)有限公司 Router binding and controlling method and device
CN106878016A (en) * 2017-04-27 2017-06-20 上海木爷机器人技术有限公司 Data is activation, method of reseptance and device
WO2018019069A1 (en) * 2016-07-25 2018-02-01 华为技术有限公司 Resource operation method and apparatus
CN108234122A (en) * 2016-12-09 2018-06-29 杭州海康汽车技术有限公司 Token method of calibration and device
CN108965335A (en) * 2018-09-07 2018-12-07 平安科技(深圳)有限公司 Prevent method, electronic equipment and the computer media of malicious access login interface
CN109005185A (en) * 2012-09-22 2018-12-14 谷歌有限责任公司 Promote the multilayer authentication method communicated between intelligent home equipment and server based on cloud
CN109362074A (en) * 2018-09-05 2019-02-19 福建福诺移动通信技术有限公司 The method of h5 and server-side safety communication in a kind of mixed mode APP
CN111683072A (en) * 2020-05-29 2020-09-18 呱呱网络科技(大连)有限公司 Remote verification method and remote verification system
CN111756701A (en) * 2020-05-29 2020-10-09 苏州浪潮智能科技有限公司 Method and system for acquiring equipment token access Rest interface by management platform

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101060520A (en) * 2006-04-21 2007-10-24 盛趣信息技术(上海)有限公司 Token-based SSO authentication system
CN101277193A (en) * 2008-05-05 2008-10-01 北京航空航天大学 One-point entry and access system based on authentication service acting information facing to service architecture

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103069741A (en) * 2011-08-17 2013-04-24 华为技术有限公司 Credential authentication method and single sign-on server
WO2012162952A1 (en) * 2011-08-17 2012-12-06 华为技术有限公司 Credential authentication method and single sign-on server
CN103166783A (en) * 2011-12-14 2013-06-19 华为技术有限公司 Resource control method and resource control device
WO2013086952A1 (en) * 2011-12-14 2013-06-20 华为技术有限公司 Method and device for controlling resources
CN103188248A (en) * 2011-12-31 2013-07-03 卓望数码技术(深圳)有限公司 Identity authentication system and method based on single sign-on
CN109005185B (en) * 2012-09-22 2021-03-30 谷歌有限责任公司 Multi-layered authentication method to facilitate communication between smart home devices and cloud-based servers
CN109005185A (en) * 2012-09-22 2018-12-14 谷歌有限责任公司 Promote the multilayer authentication method communicated between intelligent home equipment and server based on cloud
CN103888410A (en) * 2012-12-19 2014-06-25 卓望数码技术(深圳)有限公司 Application authentication method and system
CN103888410B (en) * 2012-12-19 2018-05-18 卓望数码技术(深圳)有限公司 Application identity verification method and system
CN104253787A (en) * 2013-06-26 2014-12-31 华为技术有限公司 Service authentication method and system
WO2014206316A1 (en) * 2013-06-26 2014-12-31 华为技术有限公司 Service authentication method and system
CN104348620A (en) * 2013-07-31 2015-02-11 中兴通讯股份有限公司 Method for authenticating intelligent household terminals, and corresponding devices
CN105187389A (en) * 2015-08-07 2015-12-23 北京思特奇信息技术股份有限公司 Webpage access method and system based on digital mixed encryption
CN105187389B (en) * 2015-08-07 2019-01-04 北京思特奇信息技术股份有限公司 A kind of Web access method and system for obscuring encryption based on number
CN105871796A (en) * 2015-11-18 2016-08-17 乐视致新电子科技(天津)有限公司 Router binding and controlling method and device
WO2018019069A1 (en) * 2016-07-25 2018-02-01 华为技术有限公司 Resource operation method and apparatus
CN108234122A (en) * 2016-12-09 2018-06-29 杭州海康汽车技术有限公司 Token method of calibration and device
CN108234122B (en) * 2016-12-09 2021-07-02 杭州海康汽车技术有限公司 Token checking method and device
CN106878016A (en) * 2017-04-27 2017-06-20 上海木爷机器人技术有限公司 Data is activation, method of reseptance and device
CN109362074A (en) * 2018-09-05 2019-02-19 福建福诺移动通信技术有限公司 The method of h5 and server-side safety communication in a kind of mixed mode APP
CN109362074B (en) * 2018-09-05 2022-12-06 福建福诺移动通信技术有限公司 Method for h5 and server side safety communication in mixed mode APP
CN108965335A (en) * 2018-09-07 2018-12-07 平安科技(深圳)有限公司 Prevent method, electronic equipment and the computer media of malicious access login interface
CN108965335B (en) * 2018-09-07 2022-07-08 平安科技(深圳)有限公司 Method for preventing malicious access to login interface, electronic device and computer medium
CN111683072A (en) * 2020-05-29 2020-09-18 呱呱网络科技(大连)有限公司 Remote verification method and remote verification system
CN111756701A (en) * 2020-05-29 2020-10-09 苏州浪潮智能科技有限公司 Method and system for acquiring equipment token access Rest interface by management platform
CN111756701B (en) * 2020-05-29 2022-12-27 苏州浪潮智能科技有限公司 Method and system for acquiring equipment token access Rest interface by management platform

Also Published As

Publication number Publication date
CN101764806B (en) 2012-12-26

Similar Documents

Publication Publication Date Title
CN101764806B (en) Single-point log-in method, system and log-in service platform
EP3661120B1 (en) Method and apparatus for security authentication
CN103685282B (en) A kind of identity identifying method based on single-sign-on
CN100580657C (en) Distributed single sign-on service
CN108123795B (en) Quantum key chip issuing method, application method, issuing platform and system
CN105553654B (en) Key information processing method and device, key information management system
CN110225050B (en) JWT token management method
KR20190138389A (en) Blockchain for physical identity management using One-time-password
CN102098317A (en) Data transmitting method and system applied to cloud system
CN108566273A (en) Identity authorization system based on quantum network
CN103634265B (en) Method, equipment and the system of safety certification
CN105207776A (en) Fingerprint authentication method and system
CN110730077A (en) Method and system for micro-service identity authentication and interface authentication
CN106713276B (en) A kind of data capture method and its system based on authorization identifying
CN106470103B (en) Method and system for sending encrypted URL request by client
CN111917543B (en) User access cloud platform security access authentication system and application method thereof
US20100005303A1 (en) Universal authentication method
CN115459929B (en) Security verification method, security verification device, electronic equipment, security verification system, security verification medium and security verification product
CN104540136B (en) A kind of method and system logging in WLAN
CN114697113B (en) Multiparty privacy calculation method, device and system based on hardware accelerator card
KR19990038925A (en) Secure Two-Way Authentication Method in a Distributed Environment
CN112887308B (en) Non-inductive network identity authentication method and system
CN112787821A (en) Asymmetric encryption Token verification method, server, client and system
CN111010385A (en) RESTful-based secure interaction method
KR100559152B1 (en) Method and apparatus for maintaining the security of contents

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20121226

Termination date: 20131231