CN101764806B - Single-point log-in method, system and log-in service platform - Google Patents
Single-point log-in method, system and log-in service platform Download PDFInfo
- Publication number
- CN101764806B CN101764806B CN 200910239615 CN200910239615A CN101764806B CN 101764806 B CN101764806 B CN 101764806B CN 200910239615 CN200910239615 CN 200910239615 CN 200910239615 A CN200910239615 A CN 200910239615A CN 101764806 B CN101764806 B CN 101764806B
- Authority
- CN
- China
- Prior art keywords
- token
- log
- service platform
- user
- serial number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The embodiment of the invention provides a single-point log-in method, comprising the following steps: a client side generates a user token according to a token identifier and a token serial number which are obtained from a log-in service platform, the user token comprises the token identifier and the token serial number which is encrypted by using a public key of the log-in service platform; the client side accesses an application server by using the user token, and the user token can only used one time; the application server requires the log-in service platform to carry out authentication to the user token, if the authentication is successful, the client side access is successful; correspondingly, the embodiment of the invention provides a log-in service platform and a log-in service system; dynamic user token is generated according to the initial token and is used for accessing the application server by obtaining the initial token of the log-in service platform; the user token invalidation is short and can be used one time, so as to realize to access SSO safely and enhance user experience.
Description
Technical field
The present invention relates to the communications field, relate in particular to a kind of single-point logging method, system and log-in service platform.
Background technology
(Single Sign On SSO) is one of solution of integrating of at present popular business event to single-sign-on.The definition of SSO is in a plurality of application systems, and the user only need login the application system that once just can visit all mutual trusts.It comprises and can current main login be mapped to the mechanism that is used for same user's login in other application.
Existing SSO is based on static token mode, to the SSO server, applies for token by the user, and client is carried this token and gone to visit other credit services; This token of applying for is produced by the SSO server end, in the certain hour section, can use repeatedly afterwards.In case token is illegally stolen, will cause the application system of user's credit to be trespassed.This problem is difficult being resolved under the mode of static token; If if static token can only use 1 time; Just need the user to land at every turn and just need remove the static token of application on the SSO server; The pressure that causes the SSO server mainly is in the action of user applies token; And apply for that at every turn the time of token also can increase total stand-by period of the each single sign-on SSO of user, have a strong impact on user experience.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of single-point logging method, generates dynamic token through client and conducts interviews, and has realized SSO access mechanism safely and fast.
The embodiment of the invention provides a kind of single-point logging method, and said single-point logging method comprises:
Client generates User Token according to token sign and the token serial number obtained from log-in service platform in advance, and said User Token comprises token sign and the token serial number through using the log-in service platform PKI to encrypt;
Said client is used said User Token access application server, and said User Token can only be used once;
Said application server carries out authentication to said log-in service platform request to said User Token, and the authentication success then makes said client-access success.
Correspondingly, the embodiment of the invention also provides a kind of log-in service platform, and said log-in service platform comprises:
The log-on message acquiring unit is used to obtain log-on message, and said log-on message comprises user totem information and the token key through using the log-in service platform PKI to encrypt;
The private key decryption unit is used to use the log-in service platform private key that the information that comprises the content of encrypting through use log-in service platform PKI that gets access to is deciphered;
Initial token is provided the unit; Be used to generate token sign and token serial number; And use through the said token key that obtains after the deciphering of private key decryption unit token serial number is encrypted; Return initial token to client, said initial token comprises said token sign and the token serial number through encrypting;
The User Token acquiring unit is used for obtaining User Token from application server, and said User Token comprises token sign and the token serial number through using the log-in service platform PKI to encrypt;
The token authenticating unit is used for said token sign that gets access to and the token serial number that deciphering obtains through the private key decryption unit are carried out authentication, and authenticating result is returned said application server.
Correspondingly, the embodiment of the invention also provides a kind of single-node login system, and said single-node login system comprises client, log-in service platform and application server, wherein:
Said client is used to generate token key, uses the log-in service platform PKI that said token key is encrypted, and user totem information and the said token key of encrypting of passing through are sent; Obtain the initial token that said log-in service platform is returned; Use said token key that said initial token is deciphered and obtain token sign and token serial number; Use the log-in service platform PKI that said token serial number is encrypted; Use said User Token to visit said application server, said User Token comprises the token serial number that token sign and process are encrypted;
Said log-in service platform is used to obtain said user totem information and the token key through encrypting; Use the deciphering of log-in service platform private key to obtain said token key; Generate token sign and token serial number; Use said token key that token serial number is encrypted, return initial token to client, said initial token comprises said token sign and the token serial number through encrypting; Obtain User Token from application server; Use the log-in service platform private key that said User Token is deciphered and obtain token sign and token serial number; Said token sign and token serial number are carried out authentication, and authenticating result is returned to said application server;
Said application server is used for obtaining User Token from said client, is transmitted to said log-in service platform request authentication, and passes through or refuse the access request of client according to the authenticating result that log-in service platform is returned.
The embodiment of the invention is through obtaining the initial token of log-in service platform; Generate dynamic User Token and be used for access application server according to this initial token, this User Token lost efficacy short, only can use once; Realize safe SSO visit, strengthened user experience.
Description of drawings
Fig. 1 is that the structure of a kind of single-node login system in the embodiment of the invention is formed sketch map;
Fig. 2 is that the structure of a kind of log-in service platform in the embodiment of the invention is formed sketch map;
Fig. 3 is the method flow sketch map that the embodiment of the invention one realizes single-sign-on;
Fig. 4 is the method flow sketch map that the embodiment of the invention two realizes single-sign-on.
Embodiment
To combine the accompanying drawing in the embodiment of the invention below, the technical scheme in the embodiment of the invention is carried out clear, intactly description, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not making the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.
Fig. 1 is that the structure of a kind of single-node login system in the embodiment of the invention is formed sketch map, and this single-node login system as shown in Figure 1 comprises client 10, log-in service platform 20 and application server 30 at least, wherein:
Log-in service platform 20 is used to obtain said user totem information and the token key through encrypting; Use the deciphering of log-in service platform private key to obtain said token key; Generate token sign and token serial number; Use said token key that token serial number is encrypted, return initial token to client 10, said initial token comprises said token sign and the token serial number through encrypting; Obtain User Token from application server 30; Use the log-in service platform private key that said User Token is deciphered and obtain token sign and token serial number; Said token sign and token serial number are carried out authentication, and authenticating result is returned to said application server 30.Particularly, said initial token can also comprise the ID after ID and the said token key of process are encrypted except comprising said token sign and the token serial number through encrypting.
Further; Single-node login system can also comprise user identity source server 40; The ID and the user source sign that are used for stored user; Obtain user profile from client 10, said user profile comprises ID and the token key through using the log-in service platform PKI to encrypt, and searches user's user source sign; Send log-on message to log-in service platform 20, said log-on message comprises ID, user source sign and the token key through using the log-in service platform PKI to encrypt.It is that the access user of user identity source server is pre-assigned that said user source is designated log-in service platform, and log-in service platform can be carried out authentication to this user source sign.
Fig. 2 is that the structure of a kind of log-in service platform in the embodiment of the invention is formed sketch map; This log-in service platform as shown in the figure comprises log-on message acquiring unit 201, private key decryption unit 202, initial token granting unit 203 and User Token acquiring unit 204, wherein:
Log-on message acquiring unit 201 is used to obtain log-on message, and said log-on message comprises user totem information and the token key through using the log-in service platform PKI to encrypt, and said user totem information can comprise ID.
Private key decryption unit 202 is used to use the log-in service platform private key that the information that comprises the content of encrypting through use log-in service platform PKI that gets access to is deciphered;
Initial token is provided unit 203; Be used to generate token sign and token serial number; And use through the said token key that obtains after the deciphering of private key decryption unit token serial number is encrypted; Return initial token to client, said initial token comprises said token sign and the token serial number through encrypting;
User Token acquiring unit 204 is used for obtaining User Token from application server, and said User Token comprises token sign and the token serial number through using the log-in service platform PKI to encrypt;
Token authenticating unit 205 is used for said token sign that gets access to and the token serial number that deciphering obtains through the private key decryption unit are carried out authentication, and authenticating result is returned said application server.Particularly, token authenticating unit 205 can at first be searched the corresponding token sequence number according to the token sign that gets access to, and then token serial number that finds and the token serial number that the deciphering through the private key decryption unit obtains is compared then authentication success of unanimity.
Further; This log-in service platform can also comprise ID authenticating unit 206; The user totem information of the log-on message that is used for said log-on message acquiring unit is got access to carries out authentication, and the authentication success then notifies the private key decryption unit that log-on message is deciphered.Particularly, said user totem information can comprise ID and user source sign, and said user source sign is that log-in service platform is user's distribution in advance, and said ID authenticating unit 206 can be carried out authentication to said user source sign.
Fig. 3 is the method flow sketch map that the embodiment of the invention one realizes single-sign-on, and this method flow as shown in the figure comprises:
Step S301, client generates User Token according to token sign and the token serial number obtained from log-in service platform in advance, and said User Token comprises token sign and the token serial number through using the log-in service platform PKI to encrypt.Particularly; Client can ask to obtain an initial token and carry out safe storage from log-in service platform in advance; Initial token comprises token sign and token serial number, and this initial token has the preset term of validity, for example 24 hours; In this initial token term of validity, client can generate said User Token according to sign of the token in the initial token and token serial number.Said User Token is except comprising the token sign and through using the log-in service platform PKI to carry out the sequence of tokens extra of asymmetric encryption, can also comprising ID, carry out the ID and the timestamp of asymmetric encryption through using the log-in service platform PKI.Wherein said log-in service platform PKI is disclosed, and corresponding private key is stored in the log-in service platform, and the third party can't obtain private key.Said further User Token has the effective time (for example 60 seconds) that can be provided with after generating; Begin to calculate during from generation; If overtime then this User Token lost efficacy, this User Token is only supported application server of client-access, and using once, the back User Token lost efficacy.
Step S302, said client is used said User Token access application server, and said User Token can only be used once.Particularly; Client is sent the access request of carrying said User Token to application server; Send the said User Token in back and lost efficacy, no matter success or not if need visit this application server again maybe need visit other application server, then needs execution in step S301 again.
Step S303, said application server carries out authentication to said log-in service platform request to said User Token, and the authentication success then makes said client-access success.Particularly; Said application server mails to log-in service platform request authentication with said User Token after getting access to said access request of carrying User Token, and log-in service platform is used the log-in service platform private key that User Token is deciphered and obtained token serial number; Compare with the token serial number that finds according to the token sign; The success of errorless then authentication is returned authenticating result to application server, and application server i.e. access request through client.
Fig. 4 is the method flow sketch map that the embodiment of the invention two realizes single-sign-on, and this method flow as shown in the figure comprises:
Step S401, said client generates token key Ktoken.
Step S402, client is sent log-on message to log-in service platform, and said log-on message comprises user totem information and the said token key through using the log-in service platform PKI to encrypt.Particularly; Client can directly send to log-in service platform with log-on message; Log-on message comprise at least user totem information UID and through the said token key ERsa that use log-in service platform PKI Kpub_sso to encrypt (Kpub_sso, Ktoken).Client is login user identity source server at first; The latter obtains ERsa (Kpub_sso from client; Ktoken) and behind the UID; Send log-on message to log-in service platform after finding user's source sign USID, the log-on message here comprises user totem information and the said token key through using the log-in service platform PKI to encrypt at least, and wherein user totem information comprises UID and USID.It is that the user who inserts the user identity source server distributes in advance that said user source is designated log-in service platform, can on log-in service platform, carry out authentication.
Step S403, client is obtained initial token from said log-in service platform, and said initial token comprises token sign and the token serial number of encrypting through said token key.Particularly; After said logon server has obtained log-on message; Optional at first carries out authentication to USID in the user totem information in the log-on message, and authentication success back uses log-in service platform private key Kpri_sso that the encrypted content in the log-on message is deciphered, and obtains said token key Ktoken; Log-in service platform and then generate initial token TokenInit; Said initial token TokenInit comprises token sign KTID at least and (Ktoken SN), can also comprise ID UID and through the ID EAes (Ktoken of symmetric cryptography through using token key Ktoken to carry out the token serial number EAes of symmetric cryptography; UID), client is obtained the initial token TokenInit that log-in service platform is returned.
Step S404 client uses said token key that initial token deciphering is obtained said token serial number.Particularly, client gets access to token sign KTID, uses Ktoken that initial token TokenInit is deciphered and obtains token serial number SN.
Step S405, client stores said token sign and token serial number.Particularly, client secure is deleted token key Stoken after storing said token sign KTID and token serial number SN.(for example 24 hours) this token sign KTID and token sign SN are effective in preset initial token timeliness.
Step S406, client generates User Token according to token sign and the token serial number obtained from log-in service platform, and said User Token comprises token sign and the token serial number through using the log-in service platform PKI to encrypt.Particularly; Client use log-in service platform PKI Kpub_sso to said token serial number SN carry out asymmetric encryption obtain ERsa (Kpub_sso, SN), client generates User Token TokenUser; Said User Token TokenUser comprises token sign KTID and ERsa (Kpub_sso at least; SN), can also comprise ID and through log-in service platform PKI Kpub_sso carry out asymmetric encryption ID and timestamp ERsa (Kpub_sso, UID|Ltime).According to the effective time of token sign KTID and token serial number SN among the initial token TokenInit, client can use KTID and SN to generate User Token TokenUser in this effective time further.Said User Token TokenUser has short time limit (for example 60 seconds), and not using then above this time limit, TokenUser lost efficacy.
Step S407, said client is used said User Token access application server, and said User Token can only be used once.Particularly; Client is sent the access request of carrying said User Token TokenUser to application server; Send the said User Token inefficacy TokenUser in back; No matter success or not if need visit this application server again maybe need visit other application server, then needs execution in step S406 again.
Step S408, said application server carries out authentication to said log-in service platform request to said User Token, and the authentication success then makes said client-access success.Particularly; After said application server gets access to said access request of carrying User Token TokenUser; Said User Token TokenUser is mail to log-in service platform request authentication; Log-in service platform is used log-in service platform private key Kpri_sso that User Token TokenUser is deciphered and is obtained token serial number SN, compares errorless then authentication success with the token serial number SN that finds according to token sign KTID; Return authenticating result to application server, application server i.e. access request through client.
The embodiment of the invention is through obtaining the initial token of log-in service platform; Generate dynamic User Token and be used for access application server according to this initial token, this User Token lost efficacy short, only can use once; Realize safe SSO visit, strengthened user experience.
Description through the foregoing description; One of ordinary skill in the art will appreciate that all or part of flow process that realizes the foregoing description; Be to instruct relevant hardware to accomplish through computer program; Described program can be stored in the computer-readable medium, this program when carrying out, can comprise as the embodiment of above-mentioned each side method flow process.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (Read-Only Memory, ROM) or at random store memory body (Random Access Memory, RAM) etc.
Above disclosedly be merely preferred embodiment of the present invention, can not limit the present invention's interest field certainly with this, the equivalent variations of therefore doing according to claim of the present invention still belongs to the scope that invention is contained.
Claims (10)
1. a single-point logging method is characterized in that, said single-point logging method comprises:
Client generates User Token according to token sign and the token serial number obtained from log-in service platform in advance, and said User Token comprises token sign and the token serial number through using the log-in service platform PKI to encrypt;
Said client is used said User Token access application server, and said User Token can only be used once;
Said application server carries out authentication to said log-in service platform request to said User Token; Said authentication comprises; Said log-in service platform is used said log-in service platform private key that said User Token is deciphered and is obtained said token serial number; Compare with the token serial number that finds according to said token sign, errorless then authentication success, authentication success then make said client-access success.
2. single-point logging method as claimed in claim 1 is characterized in that, said client also comprises according to token sign and the token serial number generation User Token obtained from log-in service platform in advance before:
Said client generates token key;
Send log-on message to log-in service platform, said log-on message comprises user totem information and the said token key through using the log-in service platform PKI to encrypt;
Obtain initial token from said log-in service platform, said initial token comprises token sign and the token serial number of encrypting through said token key;
Use said token key that initial token deciphering is obtained said token serial number;
Store said token sign and token serial number.
3. single-point logging method as claimed in claim 2 is characterized in that, said client is sent log-on message to log-in service platform and comprised:
Client is sent user profile to the user identity source server, and said user profile comprises ID and the said token key through using the log-in service platform PKI to encrypt;
Said user identity source server sends log-on message to log-in service platform; Said log-on message comprises user totem information and the said token key through using the log-in service platform PKI to encrypt, and said user totem information comprises ID and user source sign.
4. single-point logging method as claimed in claim 3 is characterized in that, saidly after log-in service platform is sent log-on message, also comprises:
After said log-in service platform is obtained said log-on message, said user totem information is carried out authentication;
Said log-in service platform authentication success back uses the log-in service platform private key that said log-on message deciphering is obtained said token key;
Generate and return said initial token, said initial token comprises token sign and the token serial number of encrypting through said token key.
5. single-point logging method as claimed in claim 2 is characterized in that, the said token key of said use is deleted said token key after initial token deciphering is obtained said token serial number.
6. single-point logging method as claimed in claim 2 is characterized in that, said single-point logging method also comprises:
The effective time of preset said initial token of said log-in service platform and said User Token.
7. a log-in service platform is characterized in that, said log-in service platform comprises:
The log-on message acquiring unit is used to obtain log-on message, and said log-on message comprises user totem information and the token key through using the log-in service platform PKI to encrypt;
The private key decryption unit is used to use the log-in service platform private key that the information that comprises the content of encrypting through use log-in service platform PKI that gets access to is deciphered;
Initial token is provided the unit; Be used to generate token sign and token serial number; And use through the said token key that obtains after the deciphering of private key decryption unit token serial number is encrypted; Return initial token to client, said initial token comprises said token sign and the token serial number through encrypting;
The User Token acquiring unit is used for obtaining User Token from application server, and said User Token comprises token sign and the token serial number through using the log-in service platform PKI to encrypt;
The token authenticating unit; Be used for said token sign that gets access to and the token serial number that deciphering obtains through the private key decryption unit are carried out authentication; Said authentication comprises; Said log-in service platform is used said log-in service platform private key that said User Token is deciphered and is obtained said token serial number, compares with the token serial number that finds according to said token sign, and authenticating result is returned said application server.
8. log-in service platform as claimed in claim 7 is characterized in that, said log-in service platform also comprises:
The ID authenticating unit, the user totem information of the log-on message that is used for said log-on message acquiring unit is got access to carries out authentication, and the authentication success then notifies the private key decryption unit that log-on message is deciphered.
9. a single-node login system is characterized in that, said single-node login system comprises client, log-in service platform and application server, wherein:
Said client is used to generate token key, uses the log-in service platform PKI that said token key is encrypted, and user totem information and the said token key of encrypting of passing through are sent; Obtain the initial token that said log-in service platform is returned; Use said token key that said initial token is deciphered and obtain token sign and token serial number; Use the log-in service platform PKI that said token serial number is encrypted; Use User Token to visit said application server, said User Token comprises the token serial number that token sign and process are encrypted;
Said log-in service platform is used to obtain said user totem information and the token key through encrypting; Use the deciphering of log-in service platform private key to obtain said token key; Generate token sign and token serial number; Use said token key that token serial number is encrypted, return initial token to client, said initial token comprises said token sign and the token serial number through encrypting; Obtain User Token from application server; Use the log-in service platform private key that said User Token is deciphered and obtain token sign and token serial number; Said token sign and token serial number are carried out authentication; Said authentication comprises; Said log-in service platform is used said log-in service platform private key that said User Token is deciphered and is obtained said token serial number, compares with the token serial number that finds according to said token sign, and authenticating result is returned to said application server;
Said application server is used for obtaining User Token from said client, is transmitted to said log-in service platform request authentication, and passes through or refuse the access request of client according to the authenticating result that log-in service platform is returned.
10. single-node login system as claimed in claim 9 is characterized in that, said single-node login system also comprises:
The user identity source server; The ID and the user source sign that are used for stored user; Obtain user's user profile; Said user profile comprises ID and the token key through using the log-in service platform PKI to encrypt, and sends log-on message to log-in service platform, and said log-on message comprises ID, user source sign and the token key through using the log-in service platform PKI to encrypt.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200910239615 CN101764806B (en) | 2009-12-31 | 2009-12-31 | Single-point log-in method, system and log-in service platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200910239615 CN101764806B (en) | 2009-12-31 | 2009-12-31 | Single-point log-in method, system and log-in service platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101764806A CN101764806A (en) | 2010-06-30 |
| CN101764806B true CN101764806B (en) | 2012-12-26 |
Family
ID=42495791
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200910239615 Expired - Fee Related CN101764806B (en) | 2009-12-31 | 2009-12-31 | Single-point log-in method, system and log-in service platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101764806B (en) |
Families Citing this family (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103069741A (en) * | 2011-08-17 | 2013-04-24 | 华为技术有限公司 | Credential authentication method and single sign-on server |
| CN103166783A (en) * | 2011-12-14 | 2013-06-19 | 华为技术有限公司 | Resource control method and resource control device |
| CN103188248A (en) * | 2011-12-31 | 2013-07-03 | 卓望数码技术(深圳)有限公司 | Identity authentication system and method based on single sign-on |
| US8539567B1 (en) * | 2012-09-22 | 2013-09-17 | Nest Labs, Inc. | Multi-tiered authentication methods for facilitating communications amongst smart home devices and cloud-based servers |
| CN103888410B (en) * | 2012-12-19 | 2018-05-18 | 卓望数码技术(深圳)有限公司 | Application identity verification method and system |
| CN104253787A (en) * | 2013-06-26 | 2014-12-31 | 华为技术有限公司 | Service authentication method and system |
| CN104348620A (en) * | 2013-07-31 | 2015-02-11 | 中兴通讯股份有限公司 | Method for authenticating intelligent household terminals, and corresponding devices |
| CN105187389B (en) * | 2015-08-07 | 2019-01-04 | 北京思特奇信息技术股份有限公司 | A kind of Web access method and system for obscuring encryption based on number |
| CN105871796A (en) * | 2015-11-18 | 2016-08-17 | 乐视致新电子科技(天津)有限公司 | Router binding and controlling method and device |
| CN107659406B (en) * | 2016-07-25 | 2021-06-01 | 华为技术有限公司 | Resource operation method and device |
| CN108234122B (en) * | 2016-12-09 | 2021-07-02 | 杭州海康汽车技术有限公司 | Token checking method and device |
| CN106878016A (en) * | 2017-04-27 | 2017-06-20 | 上海木爷机器人技术有限公司 | Data is activation, method of reseptance and device |
| CN109362074B (en) * | 2018-09-05 | 2022-12-06 | 福建福诺移动通信技术有限公司 | Method for h5 and server side safety communication in mixed mode APP |
| CN108965335B (en) * | 2018-09-07 | 2022-07-08 | 平安科技(深圳)有限公司 | Method for preventing malicious access to login interface, electronic device and computer medium |
| CN111683072A (en) * | 2020-05-29 | 2020-09-18 | 呱呱网络科技(大连)有限公司 | Remote verification method and remote verification system |
| CN111756701B (en) * | 2020-05-29 | 2022-12-27 | 苏州浪潮智能科技有限公司 | Method and system for acquiring equipment token access Rest interface by management platform |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101060520A (en) * | 2006-04-21 | 2007-10-24 | 盛趣信息技术(上海)有限公司 | Token-based SSO authentication system |
| CN101277193A (en) * | 2008-05-05 | 2008-10-01 | 北京航空航天大学 | One-point entry and access system based on authentication service acting information facing to service architecture |
-
2009
- 2009-12-31 CN CN 200910239615 patent/CN101764806B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101060520A (en) * | 2006-04-21 | 2007-10-24 | 盛趣信息技术(上海)有限公司 | Token-based SSO authentication system |
| CN101277193A (en) * | 2008-05-05 | 2008-10-01 | 北京航空航天大学 | One-point entry and access system based on authentication service acting information facing to service architecture |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101764806A (en) | 2010-06-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101764806B (en) | Single-point log-in method, system and log-in service platform | |
| EP3661120B1 (en) | Method and apparatus for security authentication | |
| CN100580657C (en) | Distributed single sign-on service | |
| CN103685282B (en) | A kind of identity identifying method based on single-sign-on | |
| CN100546245C (en) | Stride the network authentication and the method for distributing key of security domain | |
| CN108123795B (en) | Quantum key chip issuing method, application method, issuing platform and system | |
| CN104601593B (en) | The method that anti-tracking in network electronic authentication procedures is realized based on challenge mode | |
| CN105553654B (en) | Key information processing method and device, key information management system | |
| CN103634265B (en) | Method, equipment and the system of safety certification | |
| CN108566273A (en) | Identity authorization system based on quantum network | |
| CN110730077A (en) | Method and system for micro-service identity authentication and interface authentication | |
| CN106470103B (en) | Method and system for sending encrypted URL request by client | |
| CN111917543B (en) | User access cloud platform security access authentication system and application method thereof | |
| Wei et al. | BAVP: blockchain-based access verification protocol in LEO constellation using IBE keys | |
| CN110740116B (en) | System and method for multi-application identity authentication | |
| CN102404337A (en) | Data encryption method and device | |
| CN1447269A (en) | Certificate authentication system and method based on hardware characteristics | |
| CN112905979A (en) | Electronic signature authorization method and device, storage medium and electronic device | |
| CN101827106A (en) | DHCP safety communication method, device and system | |
| CN111010385A (en) | RESTful-based secure interaction method | |
| CN112787821A (en) | Asymmetric encryption Token verification method, server, client and system | |
| CN112929374A (en) | Cloud computing-based multi-factor bidirectional dynamic authentication encryption system | |
| Paranjape et al. | An approach towards security in private cloud using OTP | |
| Elmufti et al. | Anonymous authentication for mobile single sign-on to protect user privacy | |
| KR100377196B1 (en) | System and method for key recovery using multiple agents |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121226 Termination date: 20131231 |