CN102420836A - Sign-on method and sign-on management system for service information system - Google Patents

Sign-on method and sign-on management system for service information system Download PDF

Info

Publication number
CN102420836A
CN102420836A CN2012100093134A CN201210009313A CN102420836A CN 102420836 A CN102420836 A CN 102420836A CN 2012100093134 A CN2012100093134 A CN 2012100093134A CN 201210009313 A CN201210009313 A CN 201210009313A CN 102420836 A CN102420836 A CN 102420836A
Authority
CN
China
Prior art keywords
authentication
sign
password
digital certificate
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2012100093134A
Other languages
Chinese (zh)
Inventor
徐华
马潮技
吴卫荣
敖石泉
董磊
刘玉龙
史劲
魏楠
何岩
贾晓霞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 15 Research Institute
Original Assignee
CETC 15 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 15 Research Institute filed Critical CETC 15 Research Institute
Priority to CN2012100093134A priority Critical patent/CN102420836A/en
Publication of CN102420836A publication Critical patent/CN102420836A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a sign-on method and a sign-on management system for a service information system. The method comprises that: the service information system receives sign-on request information from a user, and then transmits authentication request information to an authentication gateway; after performing password authentication and right authentication according to the received authentication request information, the authentication gateway returns an authentication result indicating the user passes the authentication to the service information system; and the service information system determines whether to permit the sign-on and access of the user or not according to the authentication result. A user password information list and a right list in the authentication gateway store a sign-on password of the user and an identifier of the service information system which is accessed by the authorized user, so that unified verification for accessing a plurality of service information systems by the user can be realized, and the single sign-on of the user can be realized.

Description

The login method of operating information system and login management system
Technical field
The present invention relates to computer communication technology, relate in particular to the login management technology of centralized service information system.
Background technology
Along with informationization the deepening constantly of units such as government, office, enterprise, colleges and universities, operating information system integrated becomes a key point gradually.Suppose in the system of unit, have: the operating information system of the operating information system aspect financial, audit aspect, the operating information system of office worker's information.So, to different service information system in the per-unit system, need to set up different account numbers, and distribute different logon rights different users of service.For example, if user has the sign-on access authority of A, two operating information systems of B simultaneously, just need in these two operating information systems, set up number of the account and password respectively for these personnel.The user need use different numbers of the account to login this two operating information systems.
Under the various situation of operating information system, make more and more loaded down with trivial details to the management of user's account number, password, cause confusion easily.Simultaneously, when the user is switched, need information such as frequent input account number, password between the different business information system, also reduce user experience and operating efficiency greatly, or even the stability of system.
And the informatization of constituent parts is all carried out as time passes by easy stages.Along with the informatization of unit, in per-unit system, also can constantly increase the miscellaneous service information system.Suppose that along with the informationalized operating information system C that deeply also need increase the performance appraisal aspect, this user also has the authority of visit C.That just also need be in operating information system C for this reason the user set up account number and corresponding password again, more increase per-unit system loaded down with trivial details and chaotic to Account Administration.
In sum; The sign-on access technology of the operating information system of prior art all need adopt different numbers of the account and password to carry out sign-on access for the different service information system, causes managerial confusion, the poor efficiency of login account easily; Simultaneously, the inconvenience that also causes user's use.The user has to remember the login account number and the password of each operating information system of its use, and information such as frequent input account number, password also reduce user experience and operating efficiency greatly when between operating information system, switching, or even the stability of system.
Summary of the invention
The embodiment of the invention provides a kind of login method and login management system of operating information system, in order to realize the single-sign-on of operating information system.
According to an aspect of the present invention, a kind of login method of operating information system is provided, has comprised:
Operating information system receives the landing request information that the user sends; Carry the password after digital certificate identifies and encrypts in the said landing request information; Said digital certificate is designated the sign of the digital certificate that is distributed to said user, and the password after the said encryption is through the password behind the encrypted private key of said digital certificate;
Said operating information system is sent authentication request information to authentication gateway; Carry the sign of said operating information system, said digital certificate sign in the said authentication request information and encrypt after password;
After said authentication gateway receives said authentication request information, use public-key the password after the said encryption is deciphered, the password after obtaining deciphering;
Said authentication gateway finds out with this digital certificate from the user password information tabulation and identifies corresponding password according to the sign of the digital certificate in the said authentication request information;
After the password of said authentication gateway after confirming deciphering is identical with the password that finds out,, from permissions list, find out sign with the corresponding operating information system of this digital certificate according to the sign of the digital certificate in the said authentication request information;
After one of the sign of the operating information system that said authentication gateway carries in confirming said authentication request information and sign of the operating information system that finds out are identical, the authentication result of passing through to said operating information system return authentication;
Said operating information system allows said user's sign-on access according to said authentication result.
Wherein, Said authentication gateway also comprised before the authentication result that said operating information system return authentication passes through: said authentication gateway passes through information according to the authentication of the sign of the digital certificate in the said authentication request information of said authentication result buffer memory in the authentication information cache table; Said authentication gateway use public-key the password after the said encryption deciphered before, also comprise:, from the authentication information cache table, search the authentication of this digital certificate sign and pass through information according to the sign of the digital certificate in the said authentication request information; And; Said authentication gateway uses public-key the password after the said encryption is deciphered; Be specially: said authentication gateway does not have the authentication of this digital certificate sign of buffer memory through after the information in confirming said authentication information cache table, use public-key the password after the said encryption is deciphered.
Wherein, Identify according to the digital certificate in the said authentication request information at said authentication gateway; From permissions list, find out before the sign with the corresponding operating information system of this digital certificate; Also comprise: information is passed through in the authentication as if the sign of the digital certificate in the said authentication request information that finds buffer memory in the said authentication information cache table, then the password after the said encryption is not deciphered.
Wherein individual, also preserve number of the account in the said user password information tabulation corresponding to said digital certificate sign; And said authentication gateway also returns said number of the account to said operating information system when authentication result that said operating information system return authentication passes through; And said operating information system allows said user's sign-on access according to said authentication result, is specially: said operating information system allows said user to use this this operating information system of number of the account visit according to authentication result and the number of the account returned.
Said user's digital certificate is generated and distribution by authoring system; And,
User password information tabulation, permissions list and PKI in the said authentication gateway be to be generated by said authoring system, and send to said authentication gateway.
According to another aspect of the present invention, a kind of login management system of operating information system is provided, has comprised:
Operating information system is used for after the landing request information that receives user's transmission, sending authentication request information; Carry the password after digital certificate identifies and encrypts in the said landing request information, said digital certificate is designated the sign of the digital certificate that is distributed to said user, and the password after the said encryption is through the password behind the encrypted private key of said digital certificate; Carry the sign of said operating information system, said digital certificate sign in the said authentication request information and encrypt after password;
Authentication gateway, be used to receive said authentication request information after, use public-key the password after the said encryption deciphered, the password after obtaining deciphering; And, from the user password information tabulation, find out and identify corresponding password with this digital certificate according to the sign of the digital certificate in the said authentication request information; After password after confirming deciphering is identical with the password that finds out,, from permissions list, find out sign with the corresponding operating information system of this digital certificate according to the sign of the digital certificate in the said authentication request information; After one of the sign of the operating information system of in confirming said authentication request information, carrying and sign of the operating information system that finds out are identical, the authentication result of passing through to said operating information system return authentication;
Said operating information system also is used for allowing said user's sign-on access according to said authentication result.
Said authentication gateway also was used for before the authentication result of passing through to said operating information system return authentication, passed through information according to the authentication of the sign of the digital certificate in the said authentication request information of said authentication result buffer memory in the authentication information cache table.
Said authentication gateway also be used for use public-key the password after the said encryption deciphered before, according to the sign of the digital certificate in the said authentication request information, from the authentication information cache table, search the authentication of this digital certificate sign and pass through information; If the authentication of confirming not have this digital certificate sign of buffer memory in the said authentication information cache table then uses public-key the password after the said encryption is deciphered through information; Otherwise, the password after the said encryption is not deciphered.
Wherein, said system also comprises: authoring system is used to generate said digital certificate, and is distributed to said user; Said authoring system also generates said user password information tabulation, permissions list and PKI, and sends to said authentication gateway.
The user of a plurality of operating information systems of granted access passes through authentication gateway and carries out authentication when the access service information system in the embodiment of the invention.And the user password information in authentication gateway tabulation has been preserved this user's login password with permissions list and the sign of the operating information system that is authorized to visit, therefore, can realize the unified of a plurality of operating information systems of user capture verified.For the user, only need remember or preserve a password for a plurality of operating information systems of needs visits, just can a plurality of operating information systems of sign-on access, realized single-sign-on, improved convenience greatly.And, adopt the hardware digital certificate to preserve the fail safe that password after the encryption has more increased login process, also make things convenient for the user to carry.The digital certificate sign also plays the effect of identifying user identity simultaneously.
In addition, the information passed through of digital certificate ID authentication of having gone back buffer memory in the authentication gateway when the user roams into other operating information system, can be saved the step of cipher authentication in the process of carrying out authentication, improve system effectiveness.
Description of drawings
Fig. 1 is the login management system schematic of the operating information system of the embodiment of the invention;
Fig. 2 is the method flow diagram of the sign-on access operating information system of the embodiment of the invention.
Embodiment
The sign-on access method of a kind of operating information system that the embodiment of the invention provides; For the user provides convenient, for a plurality of operating information systems, the user can realize single-sign-on; Be that the user carries out register one time, input number of the account, password just can be visited the operating information system of a plurality of mandates.In the login management system of the operating information system as shown in Figure 1 that the embodiment of the invention provides, comprising: a plurality of operating information system 101, authentication gateway 102, authoring system 104.Authentication gateway 102 is in order to realize the unified certification to user's registering service information system.For further guaranteeing the fail safe and the convenience of login process, the password of user's login is through the encrypted private key of digital certificate, and the password after the encryption can be to be stored in the portable hardware medium (being called for short the hardware digital certificate), and the user need not memory cipher.
The login method of the operating information system of the embodiment of the invention is: after operating information system 101 receives the landing request information of user through client 103 transmissions, send the authentication request information to authentication gateway 102.Carry the password after digital certificate identifies and encrypts in the landing request information, digital certificate is designated the sign of the digital certificate that is distributed to this user, and the password after the encryption is through the password behind the encrypted private key of said digital certificate; Carry the sign of this operating information system and the password after digital certificate sign and the encryption in the authentication request information.
After authentication gateway 102 receives authentication request information, use public-key the password after the said encryption is deciphered, the password after obtaining deciphering; And, from the user password information tabulation, find out and identify corresponding password with this digital certificate according to the sign of the digital certificate in the authentication request information.After the password of authentication gateway 102 after confirming deciphering is identical with the password that finds out, confirm that cipher authentication passes through.After authentication gateway 102 confirms that cipher authentication passes through; Identify according to the digital certificate in the authentication request information; From permissions list, find out sign with the corresponding operating information system of this digital certificate; After one of the sign of the operating information system of in confirming authentication request information, carrying and sign of the operating information system that finds out are identical, the authentication result of passing through to operating information system 101 return authentications.Operating information system 101 allows said user's sign-on access according to the authentication result of returning.
Realize user unified cipher authentication and purview certification through tabulation of the user password information in the authentication gateway 102 and permissions list.The user can use same hardware digital certificate, thereby realize single-sign-on when login different service information system.And, in the password transmission process, adopted the digital certificate method of encrypting, fail safe more is provided.
Preferable, the user is as shown in Figure 2 through the method flow of client 103 sign-on access operating information systems 101 (being assumed to be operating information system A), comprises the steps:
S201: when the user passed through client 103 sign-on access operating information system A, the user sent landing request information through client 103 to operating information system A.Concrete, the user links to each other the hardware digital certificate with client 103, and client 103 can be obtained digital certificate sign in the hardware digital certificate and the password of encrypting.The user sends landing request information through client 103 to operating information system A according to the URL address of operating information system A, the password that carries the digital certificate sign in the landing request information and encrypted.
User's registering service information system 101 for ease can also provide the portal website of access service information system.The URL link of each operating information system is provided in portal website.The user can at first login portal website, the URL link of the operating information system through portal website, and A communicates by letter with operating information system, sends landing request information to operating information system A.
S202: after operating information system A receives landing request information, send authentication request information, the password that carries the digital certificate sign in the authentication request information and encrypted to authentication gateway 102.Concrete; In operating information system A, be integrated with the log-on message blocker; After this log-on message blocker has been intercepted and captured the landing request information of client 103 transmissions; Obtain digital certificate sign in the landing request information and the password of encrypting, and this is obtained content add in the authentication request information to authentication gateway 102 transmissions.
S203: after authentication gateway 102 receives the authentication request information of operating information system 101 transmissions; According to the digital certificate sign of carrying in the authentication request information, search the authentication that whether has the corresponding digital certificates identified in the local authentication information cache table of storing and pass through information.Can preserve following information in the authentication information cache table: the digital certificate sign, and this digital certificate is identified at the authentication information in the authentication gateway 102.The authentication information that digital certificate is identified in the authentication gateway specifically can comprise: whether this digital certificate sign is through authentication, authenticated time, out-of-service time etc.
If the authentication that does not have the corresponding digital certificates identified in the authentication information cache table explains that through information this digital certificate identifies the cipher authentication that pairing user does not also pass through this authentication gateway, execution in step S204.
If being arranged in the authentication information cache table, the authentication of corresponding digital certificates identified passes through information; Explain that this digital certificate identified pairing user before access service information system A; In other operating information system of visit when (supposing operating information system B), cipher authentication through authentication gateway 102 then needn't be carried out the cipher authentication of following step S204-S205; The cipher authentication of directly confirming this digital certificate sign passes through, and execution in step S206 continues purview certification.
The authentication information cache table of buffer memory in the authentication gateway 102; Can play when the user roams into other operating information system; Avoid the effect of the cipher authentication of repetition; Further improve the efficient of user capture operating information system, be provided at the function of carrying out seamless roam in the different business information system for the user.
S204: use public-key at authentication gateway 102 and the password of the encryption in the authentication request information to be deciphered the password after obtaining deciphering.
S205: the user password information tabulation of authentication gateway 102 inquiry storages, confirm whether cipher authentication passes through.In user password information tabulation corresponding stored user's digital certificate sign and the password after the deciphering.Authentication gateway 102 is at the password that identifies and from authentication request information, decrypt than the digital certificate in the right authentication request information; After the passwords match in tabulating with user password information respectively after stored numbers certificates identified and the deciphering; Confirm that then cipher authentication passes through, execution in step S206; Otherwise cipher authentication does not pass through, execution in step S207.In addition, can also use the user's of this digital certificate number of the account in the user password information tabulation, be i.e. also preserved user's number of the account in the user password information tabulation corresponding to each digital certificate sign to each digital certificate sign corresponding stored.
S206: authentication gateway 102 continues to judge whether purview certification passes through.Concrete, in authentication gateway 102, store permissions list, in the permissions list corresponding stored digital certificate sign and the sign of using the operating information system that the user was authorized to visit of this digital certificate.Concrete, the sign of operating information system can be the URL address of operating information system.Therefore; Authentication gateway 102 obtains the URL address of sending authentication request information; And from permissions list, search with authentication request information in the identical digital certificate sign of digital certificate sign, confirm the digital certificate that finds out identifies in the URL address of corresponding operating information system whether the URL address of sending authentication request information is arranged; If have, confirm that purview certification passes through; Otherwise purview certification does not pass through.
S207: authentication gateway 102 is to operating information system A return authentication result.Concrete, authentication gateway 102 only passes through at cipher authentication, under the situation that purview certification passes through simultaneously, confirms that authentication result is that authentication is passed through, and the authentication result of returning to operating information system A is that authentication is passed through; Otherwise the authentication result of returning to operating information system A is that authentication is not passed through.In practical application, because only after cipher authentication passes through, authentication gateway 102 just can carry out purview certification, so authentication gateway 102 is recognized purview certification and passed through the authentication result of then passing through to operating information system A return authentication if judge., before operating information system A return authentication result, the relevant information of authentication result is saved in the authentication information cache table, at authentication gateway 102 like digital certificates identified, whether through authentication, authenticated time, out-of-service time.
Certainly, the simplest a kind of authentication information cache table: authentication gateway 102 only is saved in authentication result in the authentication information cache table for the digital certificate of " authentication through " identifies.So; In step S203, the operation of " search in the local authentication information cache table of storing and whether have the information that the authentication of corresponding digital certificates identified is passed through " specifically can be reduced to the operation of " search whether the corresponding digital certificates identified is arranged in the authentication information cache table ".
Further; Authentication gateway 102 can also be in password after operating information system A return digital certificate sign, deciphering and user password information tabulation and the number of the account of the corresponding preservation of digital certificate sign, so that the certain operations of operating information system A after the user logins.
The authentication information cache table of buffer memory in the authentication gateway 102; Can be after having logined certain operating information system as the user; In the time of need roaming into other operating information system again; Avoid authentication gateway 102 to repeat cipher authentication, further improve the efficient of user capture operating information system, be provided at the function of carrying out seamless roam in the different business information system for the user.
S208: operating information system A carries out subsequent operation according to the authentication result of returning.
Particularly, do not pass through if authentication result is authentication, operating information system A will not allow user access.
Pass through if authentication result is authentication, operating information system A searches the user account information tabulation of local storage.In the user account information tabulation corresponding stored user's number of the account identify with digital certificate.
If stored the digital certificate sign of carrying in the landing request information in the user account information tabulation, then allow the user to use and identify pairing this operating information system of number of the account visit with this digital certificate.
If store the digital certificate sign of carrying in the landing request information in the user account information tabulation, just show that this user is registering service information system A first.Then operating information system A confirms the use number of the account of this number of the account for the user according to the number of the account of returning from authentication gateway 102, and this number of the account and this user's digital certificate is identified corresponding stored in the user account information tabulation; And allow the user to use this this operating information system of number of the account visit A.
The method of safeguarding the authentication information cache table in the authentication gateway 102 is for the relevant information that is increased to the authentication result in the authentication information cache table among the above-mentioned steps S207, can after the setting-up time section, delete automatically.For example, deletion automatically after 2 hours.So, after 2 hours, if the user goes to login other operating information system again, then authentication gateway 102 will carry out cipher authentication and purview certification again; Perhaps, the user withdraws from operating information system A, and after 2 hours, if the user goes registering service information system A or other operating information system again, then authentication gateway 102 will carry out cipher authentication and purview certification again.
The PKI of above-mentioned user password information tabulation and permissions list and deciphering is that authoring system 104 stores in the authentication gateway 102 in advance:
The keeper is at number of the account, the password of confirming the user; And after this user operating information system of being authorized to visit; This user's password and digital certificate hardware are bound; The password that is about to the user stores into behind the digital certificate encrypted private key in the digital certificate hardware, and this digital certificate hardware is distributed to this user.The keeper also sends to authentication gateway 102 through authoring system 104 with the PKI of deciphering.
In addition, during the keeper also tabulates the password corresponding stored of this user's digital certificate sign and not encrypted to the user password information in the authoring system 104.Obviously, the password of certain user's in the user password information tabulation not encrypted is identical with the password that in authentication gateway 102, uses public-key after the password of this user's encryption deciphered.
The keeper is with in this user's digital certificate sign and sign (specifically can be the URL address of the operating information system) corresponding stored of authorizing the operating information system of this user capture permissions list in the authoring system 104.The keeper is with the user password information tabulation that generates in the authoring system 104, and permissions list sends to authentication gateway 102.
If the content in tabulation of the user password information of authoring system 104 or the permissions list changes, user password information tabulation or permissions list after 104 of authoring systems will upgrade send to authentication gateway 102, and authentication gateway 102 carries out corresponding renewal.
Flow process through above-mentioned introduction can find out, authentication gateway 102 can confirm that automatically the operating information system that the user asks to login be first operating information system of being visited through the authentication information cache table, or user's operating information system that need roam into; For the situation of roaming, can the default password authenticating step, confirming that promptly return authentication passes through information under the situation that purview certification passes through.
The user of a plurality of operating information systems of granted access passes through authentication gateway and carries out authentication when the access service information system in the embodiment of the invention.And the user password information in authentication gateway tabulation has been preserved this user's login password with permissions list and the sign of the operating information system that is authorized to visit, therefore, can realize the unified of a plurality of operating information systems of user capture verified.For the user, only need remember or preserve a password for a plurality of operating information systems of needs visits, just can a plurality of operating information systems of sign-on access, realized single-sign-on, improved convenience greatly.And, adopt the hardware digital certificate to preserve the fail safe that password after the encryption has more increased login process, also make things convenient for the user to carry.The digital certificate sign also plays the effect of identifying user identity simultaneously.
In addition, the information passed through of digital certificate ID authentication of having gone back buffer memory in the authentication gateway when the user roams into other operating information system, can be saved the step of cipher authentication in the process of carrying out authentication, improve system effectiveness.
One of ordinary skill in the art will appreciate that all or part of step that realizes in the foregoing description method is to instruct relevant hardware to accomplish through program; This program can be stored in the computer read/write memory medium, as: ROM/RAM, magnetic disc, CD etc.
The above only is a preferred implementation of the present invention; Should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; Can also make some improvement and retouching, these improvement and retouching also should be regarded as protection scope of the present invention.

Claims (9)

1. the login method of an operating information system comprises:
Operating information system receives the landing request information that the user sends; Carry the password after digital certificate identifies and encrypts in the said landing request information; Said digital certificate is designated the sign of the digital certificate that is distributed to said user, and the password after the said encryption is through the password behind the encrypted private key of said digital certificate;
Said operating information system is sent authentication request information to authentication gateway; Carry the sign of said operating information system, said digital certificate sign in the said authentication request information and encrypt after password;
After said authentication gateway receives said authentication request information, use public-key the password after the said encryption is deciphered, the password after obtaining deciphering;
Said authentication gateway finds out with this digital certificate from the user password information tabulation and identifies corresponding password according to the sign of the digital certificate in the said authentication request information;
After the password of said authentication gateway after confirming deciphering is identical with the password that finds out,, from permissions list, find out sign with the corresponding operating information system of this digital certificate according to the sign of the digital certificate in the said authentication request information;
After one of the sign of the operating information system that said authentication gateway carries in confirming said authentication request information and sign of the operating information system that finds out are identical, the authentication result of passing through to said operating information system return authentication;
Said operating information system allows said user's sign-on access according to said authentication result.
2. the method for claim 1, said authentication gateway also comprised before the authentication result that said operating information system return authentication passes through:
Said authentication gateway passes through information according to the authentication of the sign of the digital certificate in the said authentication request information of said authentication result buffer memory in the authentication information cache table; And,
Said authentication gateway use public-key the password after the said encryption deciphered before, also comprise:
According to the sign of the digital certificate in the said authentication request information, from the authentication information cache table, search the authentication of this digital certificate sign and pass through information; And,
Said authentication gateway uses public-key the password after the said encryption is deciphered; Be specially: said authentication gateway does not have the authentication of this digital certificate sign of buffer memory through after the information in confirming said authentication information cache table, use public-key the password after the said encryption is deciphered.
3. method as claimed in claim 2, finds out from permissions list before the sign with the corresponding operating information system of this digital certificate according to the digital certificate in said authentication request information sign at said authentication gateway, also comprises:
Information is passed through in authentication as if the sign of the digital certificate in the said authentication request information that finds buffer memory in the said authentication information cache table, then the password after the said encryption is not deciphered.
4. method as claimed in claim 3 is also preserved the number of the account corresponding to said digital certificate sign in the said user password information tabulation; And,
Said authentication gateway also returns said number of the account to said operating information system when authentication result that said operating information system return authentication passes through; And,
Said operating information system allows said user's sign-on access according to said authentication result, is specially: said operating information system allows said user to use this this operating information system of number of the account visit according to authentication result and the number of the account returned.
5. like the described method of claim 1-4, said user's digital certificate is generated and distribution by authoring system; And,
User password information tabulation, permissions list and PKI in the said authentication gateway be to be generated by said authoring system, and send to said authentication gateway.
6. the login management system of an operating information system comprises:
Operating information system is used for after the landing request information that receives user's transmission, sending authentication request information; Carry the password after digital certificate identifies and encrypts in the said landing request information, said digital certificate is designated the sign of the digital certificate that is distributed to said user, and the password after the said encryption is through the password behind the encrypted private key of said digital certificate; Carry the sign of said operating information system, said digital certificate sign in the said authentication request information and encrypt after password;
Authentication gateway, be used to receive said authentication request information after, use public-key the password after the said encryption deciphered, the password after obtaining deciphering; And, from the user password information tabulation, find out and identify corresponding password with this digital certificate according to the sign of the digital certificate in the said authentication request information; After password after confirming deciphering is identical with the password that finds out,, from permissions list, find out sign with the corresponding operating information system of this digital certificate according to the sign of the digital certificate in the said authentication request information; After one of the sign of the operating information system of in confirming said authentication request information, carrying and sign of the operating information system that finds out are identical, the authentication result of passing through to said operating information system return authentication;
Said operating information system also is used for allowing said user's sign-on access according to said authentication result.
7. system as claimed in claim 6 is characterized in that,
Said authentication gateway also was used for before the authentication result of passing through to said operating information system return authentication, passed through information according to the authentication of the sign of the digital certificate in the said authentication request information of said authentication result buffer memory in the authentication information cache table.
8. system as claimed in claim 7 is characterized in that,
Said authentication gateway also be used for use public-key the password after the said encryption deciphered before, according to the sign of the digital certificate in the said authentication request information, from the authentication information cache table, search the authentication of this digital certificate sign and pass through information; If the authentication of confirming not have this digital certificate sign of buffer memory in the said authentication information cache table then uses public-key the password after the said encryption is deciphered through information; Otherwise, the password after the said encryption is not deciphered.
9. like the described system of claim 6-8, it is characterized in that, also comprise:
Authoring system is used to generate said digital certificate, and is distributed to said user; Said authoring system also generates said user password information tabulation, permissions list and PKI, and sends to said authentication gateway.
CN2012100093134A 2012-01-12 2012-01-12 Sign-on method and sign-on management system for service information system Pending CN102420836A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2012100093134A CN102420836A (en) 2012-01-12 2012-01-12 Sign-on method and sign-on management system for service information system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2012100093134A CN102420836A (en) 2012-01-12 2012-01-12 Sign-on method and sign-on management system for service information system

Publications (1)

Publication Number Publication Date
CN102420836A true CN102420836A (en) 2012-04-18

Family

ID=45945071

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2012100093134A Pending CN102420836A (en) 2012-01-12 2012-01-12 Sign-on method and sign-on management system for service information system

Country Status (1)

Country Link
CN (1) CN102420836A (en)

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103685305A (en) * 2013-12-25 2014-03-26 乐视网信息技术(北京)股份有限公司 Method and system for logging multiple business application system by single point
CN103716325A (en) * 2013-12-31 2014-04-09 网神信息技术(北京)股份有限公司 Security control method, device and system for network access
CN103873427A (en) * 2012-12-07 2014-06-18 广州爱游信息科技有限公司 Authority management method and authority management system
CN104065612A (en) * 2013-03-18 2014-09-24 中国移动通信集团公司 User management method and device and unified user management system
CN104158723A (en) * 2014-08-15 2014-11-19 深圳市蜂联科技有限公司 Implementation method for sharing of user account by open intelligent gateway platform
CN104580256A (en) * 2015-02-02 2015-04-29 北京嘀嘀无限科技发展有限公司 Method and device for logging in through user equipment and verifying user's identity
CN105391721A (en) * 2015-11-23 2016-03-09 兰玉杰 Unified authentication management open system based on cloud computing
CN105592059A (en) * 2015-10-14 2016-05-18 杭州华三通信技术有限公司 Digital certificate verification method and device
CN105592031A (en) * 2014-11-25 2016-05-18 中国银联股份有限公司 User login method and system based on identity authentication
CN105791241A (en) * 2014-12-24 2016-07-20 远光软件股份有限公司 Method and device in support of switching login unit when re-login is executed
CN106899615A (en) * 2017-04-18 2017-06-27 北京思特奇信息技术股份有限公司 A kind of single sign-on authentication method and system
US9692745B2 (en) 2015-04-10 2017-06-27 Microsoft Technology Licensing, Llc Single sign-on without a broker application
CN107517179A (en) * 2016-06-15 2017-12-26 阿里巴巴集团控股有限公司 A kind of method for authenticating, device and system
CN108027851A (en) * 2015-07-14 2018-05-11 优捷达公司 Client communication system including service pipelining
CN108650209A (en) * 2018-03-06 2018-10-12 北京信安世纪科技股份有限公司 A kind of method of single-sign-on, system, device and authentication method
CN108769007A (en) * 2018-05-28 2018-11-06 上海顺舟智能科技股份有限公司 Gateway security authentication method, server and gateway
CN109474435A (en) * 2018-12-12 2019-03-15 中国移动通信集团江苏有限公司 Method, apparatus, equipment, system and the medium of multiple business relay certifications
CN109815656A (en) * 2018-12-11 2019-05-28 平安科技(深圳)有限公司 Login authentication method, device, equipment and computer readable storage medium
CN110493008A (en) * 2019-09-19 2019-11-22 腾讯科技(深圳)有限公司 A kind of block chain authentication method, device, equipment and medium
CN111064695A (en) * 2018-10-17 2020-04-24 联易软件有限公司 Authentication method and authentication system
WO2020133292A1 (en) * 2018-12-28 2020-07-02 深圳市优必选科技有限公司 Authority system and method for service access
CN111385279A (en) * 2018-12-28 2020-07-07 深圳市优必选科技有限公司 Service access authority system and method
CN112448958A (en) * 2020-11-30 2021-03-05 南方电网科学研究院有限责任公司 Domain policy issuing method and device, electronic equipment and storage medium
CN112994894A (en) * 2021-02-26 2021-06-18 中国工商银行股份有限公司 Single-thread request processing method and information verification AGENT based on gateway
CN114567475A (en) * 2022-02-23 2022-05-31 平安国际智慧城市科技股份有限公司 Multi-system login method and device, electronic equipment and storage medium
CN114765547A (en) * 2020-12-31 2022-07-19 北京千里日成科技有限公司 Business system access method, device, equipment and storage medium
CN115361234A (en) * 2022-10-20 2022-11-18 北京云成金融信息服务有限公司 Security authentication method and system for supply chain platform
CN116361753A (en) * 2023-03-17 2023-06-30 深圳市东信时代信息技术有限公司 Authority authentication method, device, equipment and medium

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030163737A1 (en) * 2002-02-26 2003-08-28 James Roskind Simple secure login with multiple-authentication providers
CN1645789A (en) * 2005-02-04 2005-07-27 张亚武 Electronic e-mail system with intelligent card
KR100590698B1 (en) * 2005-03-08 2006-06-19 에스케이 텔레콤주식회사 Authentication method, system and server for prohibiting multi login with same identification
CN101105753A (en) * 2006-07-11 2008-01-16 联想(北京)有限公司 Computer safety control method based on USB flash memory disc
CN101166173A (en) * 2006-10-20 2008-04-23 北京直真节点技术开发有限公司 A single-node login system, device and method
CN101207485A (en) * 2007-08-15 2008-06-25 深圳市同洲电子股份有限公司 System and method of unification identification safety authentication for users
CN101232379A (en) * 2008-01-29 2008-07-30 中国移动通信集团公司 Method for implementing system login, information technology system and communication system
JP4291213B2 (en) * 2004-05-26 2009-07-08 日本電信電話株式会社 Authentication method, authentication system, authentication proxy server, network access authentication server, program, and recording medium
CN101510877A (en) * 2009-02-25 2009-08-19 中国网络通信集团公司 Single-point logging-on method and system, communication apparatus
CN101931534A (en) * 2010-08-30 2010-12-29 中兴通讯股份有限公司 Management method and device of operator resource usage license
CN101997685A (en) * 2009-08-27 2011-03-30 阿里巴巴集团控股有限公司 Single sign-on method, single sign-on system and associated equipment

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030163737A1 (en) * 2002-02-26 2003-08-28 James Roskind Simple secure login with multiple-authentication providers
JP4291213B2 (en) * 2004-05-26 2009-07-08 日本電信電話株式会社 Authentication method, authentication system, authentication proxy server, network access authentication server, program, and recording medium
CN1645789A (en) * 2005-02-04 2005-07-27 张亚武 Electronic e-mail system with intelligent card
KR100590698B1 (en) * 2005-03-08 2006-06-19 에스케이 텔레콤주식회사 Authentication method, system and server for prohibiting multi login with same identification
CN101105753A (en) * 2006-07-11 2008-01-16 联想(北京)有限公司 Computer safety control method based on USB flash memory disc
CN101166173A (en) * 2006-10-20 2008-04-23 北京直真节点技术开发有限公司 A single-node login system, device and method
CN101207485A (en) * 2007-08-15 2008-06-25 深圳市同洲电子股份有限公司 System and method of unification identification safety authentication for users
CN101232379A (en) * 2008-01-29 2008-07-30 中国移动通信集团公司 Method for implementing system login, information technology system and communication system
CN101510877A (en) * 2009-02-25 2009-08-19 中国网络通信集团公司 Single-point logging-on method and system, communication apparatus
CN101997685A (en) * 2009-08-27 2011-03-30 阿里巴巴集团控股有限公司 Single sign-on method, single sign-on system and associated equipment
CN101931534A (en) * 2010-08-30 2010-12-29 中兴通讯股份有限公司 Management method and device of operator resource usage license

Cited By (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103873427A (en) * 2012-12-07 2014-06-18 广州爱游信息科技有限公司 Authority management method and authority management system
CN104065612B (en) * 2013-03-18 2017-11-14 中国移动通信集团公司 A kind of user management method, device and Union user management system
CN104065612A (en) * 2013-03-18 2014-09-24 中国移动通信集团公司 User management method and device and unified user management system
CN103685305A (en) * 2013-12-25 2014-03-26 乐视网信息技术(北京)股份有限公司 Method and system for logging multiple business application system by single point
CN103716325A (en) * 2013-12-31 2014-04-09 网神信息技术(北京)股份有限公司 Security control method, device and system for network access
CN104158723A (en) * 2014-08-15 2014-11-19 深圳市蜂联科技有限公司 Implementation method for sharing of user account by open intelligent gateway platform
CN104158723B (en) * 2014-08-15 2017-04-19 深圳市蜂联科技有限公司 Implementation method for sharing of user account by open intelligent gateway platform
CN105592031B (en) * 2014-11-25 2019-07-19 中国银联股份有限公司 The user log-in method and system of identity-based certification
CN105592031A (en) * 2014-11-25 2016-05-18 中国银联股份有限公司 User login method and system based on identity authentication
CN105791241B (en) * 2014-12-24 2019-08-13 远光软件股份有限公司 Again the method and apparatus for supporting switching to log in unit is logged in
CN105791241A (en) * 2014-12-24 2016-07-20 远光软件股份有限公司 Method and device in support of switching login unit when re-login is executed
CN104580256A (en) * 2015-02-02 2015-04-29 北京嘀嘀无限科技发展有限公司 Method and device for logging in through user equipment and verifying user's identity
US9692745B2 (en) 2015-04-10 2017-06-27 Microsoft Technology Licensing, Llc Single sign-on without a broker application
CN108027851A (en) * 2015-07-14 2018-05-11 优捷达公司 Client communication system including service pipelining
CN108027851B (en) * 2015-07-14 2023-08-08 优捷达公司 Customer communication system including service pipeline
US11087332B2 (en) 2015-07-14 2021-08-10 Ujet, Inc. Customer communication system including service pipeline
CN105592059A (en) * 2015-10-14 2016-05-18 杭州华三通信技术有限公司 Digital certificate verification method and device
CN105391721A (en) * 2015-11-23 2016-03-09 兰玉杰 Unified authentication management open system based on cloud computing
CN107517179A (en) * 2016-06-15 2017-12-26 阿里巴巴集团控股有限公司 A kind of method for authenticating, device and system
CN106899615A (en) * 2017-04-18 2017-06-27 北京思特奇信息技术股份有限公司 A kind of single sign-on authentication method and system
CN108650209B (en) * 2018-03-06 2021-05-14 北京信安世纪科技股份有限公司 Single sign-on method, system, device and authentication method
CN108650209A (en) * 2018-03-06 2018-10-12 北京信安世纪科技股份有限公司 A kind of method of single-sign-on, system, device and authentication method
CN108769007A (en) * 2018-05-28 2018-11-06 上海顺舟智能科技股份有限公司 Gateway security authentication method, server and gateway
CN111064695A (en) * 2018-10-17 2020-04-24 联易软件有限公司 Authentication method and authentication system
CN109815656A (en) * 2018-12-11 2019-05-28 平安科技(深圳)有限公司 Login authentication method, device, equipment and computer readable storage medium
CN109474435A (en) * 2018-12-12 2019-03-15 中国移动通信集团江苏有限公司 Method, apparatus, equipment, system and the medium of multiple business relay certifications
CN111385279A (en) * 2018-12-28 2020-07-07 深圳市优必选科技有限公司 Service access authority system and method
WO2020133292A1 (en) * 2018-12-28 2020-07-02 深圳市优必选科技有限公司 Authority system and method for service access
CN110493008A (en) * 2019-09-19 2019-11-22 腾讯科技(深圳)有限公司 A kind of block chain authentication method, device, equipment and medium
CN112448958A (en) * 2020-11-30 2021-03-05 南方电网科学研究院有限责任公司 Domain policy issuing method and device, electronic equipment and storage medium
CN114765547A (en) * 2020-12-31 2022-07-19 北京千里日成科技有限公司 Business system access method, device, equipment and storage medium
CN112994894A (en) * 2021-02-26 2021-06-18 中国工商银行股份有限公司 Single-thread request processing method and information verification AGENT based on gateway
CN112994894B (en) * 2021-02-26 2023-12-08 中国工商银行股份有限公司 Gateway-based single-thread request processing method and information verification AGENT
CN114567475A (en) * 2022-02-23 2022-05-31 平安国际智慧城市科技股份有限公司 Multi-system login method and device, electronic equipment and storage medium
CN115361234A (en) * 2022-10-20 2022-11-18 北京云成金融信息服务有限公司 Security authentication method and system for supply chain platform
CN116361753A (en) * 2023-03-17 2023-06-30 深圳市东信时代信息技术有限公司 Authority authentication method, device, equipment and medium
CN116361753B (en) * 2023-03-17 2024-03-22 深圳市东信时代信息技术有限公司 Authority authentication method, device, equipment and medium

Similar Documents

Publication Publication Date Title
CN102420836A (en) Sign-on method and sign-on management system for service information system
US8856530B2 (en) Data storage incorporating cryptographically enhanced data protection
CN106487763B (en) Data access method based on cloud computing platform and user terminal
CN109587101B (en) Digital certificate management method, device and storage medium
CN103095847B (en) Cloud storage safety-ensuring method and system thereof
US20060232826A1 (en) Method, device, and system of selectively accessing data
US20140237248A1 (en) Mobile communication system implementing integration of multiple logins of mobile device applications
CN107959567A (en) Date storage method, data capture method, apparatus and system
CN101764742A (en) Network resource visit control system and method
CN103248479A (en) Cloud storage safety system, data protection method and data sharing method
CN101841521A (en) Method, server and system for authenticating identify information in DNS message
CN101321064A (en) Information system access control method and apparatus based on digital certificate technique
US20130067217A1 (en) System and method for protecting access to authentication systems
CN105610845A (en) Data routing method and device based on cloud service and system
CN103812927A (en) Storage method
CN110225017B (en) Identity authentication method, equipment and storage medium based on alliance block chain
CN103812651A (en) Password authentication method, device and system
US8645681B1 (en) Techniques for distributing secure communication secrets
Murala et al. Secure dynamic groups data sharing with modified revocable attribute-based encryption in cloud
JP2024501326A (en) Access control methods, devices, network equipment, terminals and blockchain nodes
CN114389878B (en) Block chain slicing method and block chain network system
CN103888430A (en) Single-point registration system and method
JP2013020313A (en) Data decentralization and storage system
CN103618612A (en) Method and device for achieving single sign on of applications in terminal
CN106257859A (en) A kind of password using method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20120418