CN102420836A - Sign-on method and sign-on management system for service information system - Google Patents

Sign-on method and sign-on management system for service information system Download PDF

Info

Publication number
CN102420836A
CN102420836A CN2012100093134A CN201210009313A CN102420836A CN 102420836 A CN102420836 A CN 102420836A CN 2012100093134 A CN2012100093134 A CN 2012100093134A CN 201210009313 A CN201210009313 A CN 201210009313A CN 102420836 A CN102420836 A CN 102420836A
Authority
CN
China
Prior art keywords
authentication
information
password
digital certificate
system
Prior art date
Application number
CN2012100093134A
Other languages
Chinese (zh)
Inventor
何岩
刘玉龙
史劲
吴卫荣
徐华
敖石泉
董磊
贾晓霞
马潮技
魏楠
Original Assignee
中国电子科技集团公司第十五研究所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国电子科技集团公司第十五研究所 filed Critical 中国电子科技集团公司第十五研究所
Priority to CN2012100093134A priority Critical patent/CN102420836A/en
Publication of CN102420836A publication Critical patent/CN102420836A/en

Links

Abstract

The invention discloses a sign-on method and a sign-on management system for a service information system. The method comprises that: the service information system receives sign-on request information from a user, and then transmits authentication request information to an authentication gateway; after performing password authentication and right authentication according to the received authentication request information, the authentication gateway returns an authentication result indicating the user passes the authentication to the service information system; and the service information system determines whether to permit the sign-on and access of the user or not according to the authentication result. A user password information list and a right list in the authentication gateway store a sign-on password of the user and an identifier of the service information system which is accessed by the authorized user, so that unified verification for accessing a plurality of service information systems by the user can be realized, and the single sign-on of the user can be realized.

Description

业务信息系统的登录方法以及登录管理系统 Login Method Log in business information systems and management systems

技术领域 FIELD

[0001] 本发明涉及计算机通信技术,尤其涉及集中式业务信息系统的登录管理技术。 [0001] The present invention relates to computer communication technologies, and particularly to a centralized log management business information systems. 背景技术 Background technique

[0002] 随着信息化在政府、机关、企业、高校等单位的不断深化,业务信息系统的集成逐渐成为一个关键点。 [0002] With the deepening of information technology in government units, institutions, enterprises, universities, etc., integrated business information systems gradually become a key point. 假设,在单位的系统中有:财务方面的业务信息系统、审计方面的业务信息系统、职员信息的业务信息系统。 Assume that the system units are: the financial aspects of the business information systems, business information systems auditing, business information systems employee information. 那么,针对单位系统中不同的业务信息系统,需要对不同的使用人员要建立不同的帐号,并分配不同的登录权限。 So, for the unit system in different business information systems, the need for a different use of personnel to establish separate accounts and assign different access capabilities. 例如,一个用户如果同时具有A、B两个业务信息系统的登录访问权限,就需要分别在这两个业务信息系统中为这个人员建立账号和密码。 For example, if a user has both login access A, B two business information systems, we need to set up an account and password, respectively, for the people in these two business information systems. 用户需要使用不同的账号来登录这两个业务信息系统。 Users need to sign two business information systems use different account.

[0003] 在业务信息系统繁多的情况下,使得对用户的帐号、密码的管理越来越繁琐、容易造成混乱。 [0003] In many cases business information systems, so that the user's account, password management more cumbersome, likely to cause confusion. 同时,用户在不同业务信息系统之间进行切换时,需频繁输入帐号、密码等信息, 也大大降低用户体验及工作效率,甚至是系统的稳定性。 Meanwhile, when the user switches, the frequent need to enter information systems between different business account information, passwords, etc., but also greatly reduce the user experience and productivity, and even the stability of the system.

[0004] 而且,各单位的信息化建设都是随着时间推移循序渐进地进行的。 [0004] Moreover, the information construction of the units over time are carried out step by step. 随着单位的信息化建设,在单位系统中还会不断增加各种业务信息系统。 With the information technology unit, the unit system will continue to grow all kinds of business information systems. 假设,随着信息化的深入还需要增加绩效考核方面的业务信息系统C,此用户也具有访问C的权限。 Assume, with the deepening of information technology also needs to increase business information systems C assessment aspects of performance, the user also has access to the C's. 那就还需要在业务信息系统C中为此用户再建立帐号以及相应密码,更增加单位系统对帐号管理的繁琐和混乱。 It also requires the user to re-establish the account and the corresponding password for this in business information systems in C, adds to the unit of account management system cumbersome and confusing.

[0005] 综上所述,现有技术的业务信息系统的登录访问技术,对于不同的业务信息系统都需要采用不同的账号和密码进行登录访问,容易造成登录账号的管理混乱、低效,同时, 也导致用户的使用的不方便。 [0005] In summary, log in to access business information technology systems of the prior art, for different business information systems need to adopt a different account and password access, is likely to cause confusion login account management, inefficient, while also led to difficult to use by the user. 用户不得不记住其使用的各业务信息系统的登录帐号和密码,在业务信息系统间切换时频繁输入帐号、密码等信息,也大大降低用户体验及工作效率,甚至是系统的稳定性。 Users had to remember each business information system login ID and password for their use, frequently enter account information, passwords and other business information when switching between systems, but also greatly reduce the user experience and productivity, and even the stability of the system.

发明内容 SUMMARY

[0006] 本发明实施例提供了一种业务信息系统的登录方法以及登录管理系统,用以实现业务信息系统的单点登录。 Example [0006] The present invention provides a method for login information service system, and log management system for single sign-business information systems.

[0007] 根据本发明的一个方面,提供了一种业务信息系统的登录方法,包括: [0007] In accordance with one aspect of the present invention, there is provided a method of a service login information system, comprising:

[0008] 业务信息系统接收用户发送的登录请求信息,所述登录请求信息中携带有数字证书标识以及加密后的密码,所述数字证书标识为分发给所述用户的数字证书的标识,所述加密后的密码为经过所述数字证书的私钥加密后的密码; Login [0008] information service system receives the request information sent by a user, the login request information carries the digital certificate identifier and the encrypted password, a digital certificate identifier identifying the user for the distributed digital certificate, the password encrypted password is encrypted via private key of the digital certificate;

[0009] 所述业务信息系统向认证网关发送认证请求信息;所述认证请求信息中携带有所述业务信息系统的标识、所述数字证书标识和加密后的密码; [0009] The authentication system transmits service information to the request information authentication gateway; the authentication request message carries the password identification information of the service system, the digital certificate identifier and encryption;

[0010] 所述认证网关接收到所述认证请求信息后,使用公钥对所述加密后的密码进行解密,得到解密后的密码; [0010] The authentication gateway after receiving the authentication request message, using the public key of the encrypted password is decrypted to obtain the decrypted password;

[0011] 所述认证网关根据所述认证请求信息中的数字证书标识,从用户密码信息列表中查找出与该数字证书标识相对应的密码;[0012] 所述认证网关在确认解密后的密码和查找出的密码相同后,根据所述认证请求信息中的数字证书标识,从权限列表中查找出与该数字证书相对应的业务信息系统的标识; [0011] The digital certificate authentication gateway identification request according to the authentication information, to find out the identity of the digital certificate from the user password corresponding to the password information list; [0012] The authentication gateway decrypted password confirmation and find out the same password, digital certificate identification request according to the authentication information, to find out the identity of the digital certificate and corresponding service information from the permissions list system;

[0013] 所述认证网关在确认所述认证请求信息中携带的业务信息系统的标识和查找出的业务信息系统的标识之一相同后,向所述业务信息系统返回认证通过的认证结果; [0013] After confirming the authentication gateway same identification information identifying one of the service information carried in the system and find out the service information system of the authentication request, and returning an authentication result to the authentication service information system;

[0014] 所述业务信息系统根据所述认证结果允许所述用户登录访问。 [0014] The traffic information system allowing the user login access based on the authentication result.

[0015] 其中,所述认证网关向所述业务信息系统返回认证通过的认证结果之前,还包括: 所述认证网关根据所述认证结果在认证信息缓存表中缓存所述认证请求信息中的数字证书标识的认证通过信息;在所述认证网关使用公钥对所述加密后的密码进行解密之前,还包括:根据所述认证请求信息中的数字证书标识,从认证信息缓存表中查找该数字证书标识的认证通过信息;以及,所述认证网关使用公钥对所述加密后的密码进行解密,具体为: 所述认证网关在确认所述认证信息缓存表中没有缓存该数字证书标识的认证通过信息后, 使用公钥对所述加密后的密码进行解密。 Before [0015] wherein, the authentication by the authenticator gateway to the service information system further comprising: a gateway according to the authentication result of the authentication request buffering the digital authentication information in the authentication information table cache through certification identification information; password before decrypting the encrypted using the public key in the authentication gateway, further comprising: requesting a digital certificate identification information based on the authentication, the authentication information from this digital lookup cache table by certificate identification information; and a gateway using the authentication public key password to decrypt the encrypted, specifically: the authentication gateway authenticates the digital certificate is not cached in confirming the identity authentication information cache table after the information by using the cryptographic public key to decrypt the encrypted.

[0016] 其中,在所述认证网关根据所述认证请求信息中的数字证书标识,从权限列表中查找出与该数字证书相对应的业务信息系统的标识之前,还包括:若查找到所述认证信息缓存表中缓存的所述认证请求信息中的数字证书标识的认证通过信息,则不对所述加密后的密码进行解密。 Before [0016] wherein, in the digital certificate authentication gateway identification request according to the authentication information, to find out the identity of the digital certificate and corresponding service information from the permissions list system, further comprising: if it can find the the authentication information in the authentication cache table cache requests the digital certificate authentication by the identification information in the information, not the encrypted password to decrypt.

[0017] 其中个,所述用户密码信息列表中还保存有对应于所述数字证书标识的账号;以及,所述认证网关向所述业务信息系统返回认证通过的认证结果时,还向所述业务信息系统返回所述账号;以及,所述业务信息系统根据所述认证结果允许所述用户登录访问,具体为:所述业务信息系统根据返回的认证结果以及账号,允许所述用户使用该账号访问本业务信息系统。 [0017] wherein a, the user password information is also stored in the list corresponds to an account of the digital certificate identifier; and when the authentication by the authenticator gateway to the service information system, to the further business information system to return to the account; and, the traffic information system allowing the user login access based on the authentication result, specifically: the system according to the service information and an authentication result returned by the account, allowing the user to use the account access to the business information system.

[0018] 所述用户的数字证书是由授权系统生成并分发的;以及, [0018] The user digital certificate is generated by the distribution and authorization system; and,

[0019] 所述认证网关中的用户密码信息列表、权限列表和公钥是由所述授权系统生成, 并发送到所述认证网关的。 [0019] The user password authentication gateway information list, permission list and the public key is generated by the authorization system, and sent to the authentication gateway.

[0020] 根据本发明的另一个方面,提供了一种业务信息系统的登录管理系统,包括: [0020] According to another aspect of the present invention, there is provided an information service system log management system, comprising:

[0021] 业务信息系统,用于在接收到用户发送的登录请求信息后,发送认证请求信息;所述登录请求信息中携带有数字证书标识以及加密后的密码,所述数字证书标识为分发给所述用户的数字证书的标识,所述加密后的密码为经过所述数字证书的私钥加密后的密码; 所述认证请求信息中携带有所述业务信息系统的标识、所述数字证书标识和加密后的密码; [0021] information service system for receiving the login request message, sending an authentication request message sent by the user; the login request information carries the digital certificate identifier and the encrypted password, the digital certificate identifier is distributed the identification of the user's digital certificate, the encrypted password through the password is encrypted private key of the digital certificate; the authentication request information carries identification information of the service system, the digital certificate identifies and encrypted passwords;

[0022] 认证网关,用于接收到所述认证请求信息后,使用公钥对所述加密后的密码进行解密,得到解密后的密码;并根据所述认证请求信息中的数字证书标识,从用户密码信息列表中查找出与该数字证书标识相对应的密码;在确认解密后的密码和查找出的密码相同后,根据所述认证请求信息中的数字证书标识,从权限列表中查找出与该数字证书相对应的业务信息系统的标识;在确认所述认证请求信息中携带的业务信息系统的标识和查找出的业务信息系统的标识之一相同后,向所述业务信息系统返回认证通过的认证结果; [0022] authentication gateway for receiving the request to the authentication information using the public key of the encrypted password is decrypted, the decrypted password obtained; and requests a digital certificate identification information based on the authentication, from user information list to find out the password to the digital certificate corresponding to the identification code; after the same password and the decrypted confirmation find out the password, digital certificate requests identification information based on the authentication, and to find out from the list of permissions the digital certificate information corresponding to the service identification systems; one in the same identifications of the service information and to find out the service information system system acknowledgment information carried in the authentication request, and returns the authentication information to the service system by authentication result;

[0023] 所述业务信息系统还用于根据所述认证结果允许所述用户登录访问。 [0023] The system further service information for allowing the user login access based on the authentication result.

[0024] 所述认证网关还用于在向所述业务信息系统返回认证通过的认证结果之前,根据所述认证结果在认证信息缓存表中缓存所述认证请求信息中的数字证书标识的认证通过fn息ο [0024] The authentication gateway for further authentication result before returning to the service through the information system, according to the authentication result of the authentication request buffer the digital certificate authentication by the identification information in the authentication information in the cache table fn interest ο

[0025] 所述认证网关还用于在使用公钥对所述加密后的密码进行解密之前,根据所述认证请求信息中的数字证书标识,从认证信息缓存表中查找该数字证书标识的认证通过信息;若确认所述认证信息缓存表中没有缓存该数字证书标识的认证通过信息,则使用公钥对所述加密后的密码进行解密;否则,不对所述加密后的密码进行解密。 [0025] The authentication gateway further for using a public key before the encrypted password to decrypt the digital certificate authentication request according to the identification information, the authentication of the digital certificate to find identity authentication information from the cache table through information; when it is confirmed that the authentication information is not cached in the cache table of the digital certificate authentication by the identification information, the public key password is used to decrypt said encryption; otherwise, the password does not decrypt said encryption.

[0026] 其中,所述系统,还包括:授权系统,用于生成所述数字证书,并分发给所述用户; 所述授权系统还生成所述用户密码信息列表、权限列表和公钥,并发送到所述认证网关。 [0026] wherein, said system further comprising: authorization system for generating the digital certificate, and distributed to the user; the authorization of the user password system also generates information list, permission list and the public key, and sending to the authentication gateway.

[0027] 本发明实施例中授权访问多个业务信息系统的用户在访问业务信息系统时,都经过认证网关进行认证。 User [0027] embodiment of the present invention the plurality of business information system authorized to access when accessing the business information systems are certified authentication gateway. 而认证网关中的用户密码信息列表和权限列表保存了该用户的登录密码以及被授权访问的业务信息系统的标识,因此,可以实现对用户访问多个业务信息系统的统一验证。 The list of user passwords and permissions information authentication gateway in the list contains the identity of the user's login and password are authorized to access business information systems, so you can achieve a unified verification of user access to multiple business information systems. 对于用户而言,对于需要访问的多个业务信息系统只需记忆或保存一个密码,就可以登录访问多个业务信息系统,实现了单点登录,大大提高了方便性。 For users, for more business information systems need to access memory or simply save a password, you can log in to access multiple business information systems, to achieve a single sign-on, greatly improving the convenience. 而且,采用硬件数字证书来保存加密后的密码更增加了登录过程的安全性,也方便用户携带。 Moreover, the use of hardware digital certificates to save the password encrypted adds to the security of the login process, but also user-friendly carry. 同时数字证书标识也起到标识用户身份的作用。 Meanwhile digital certificate identifies also serve to identify the user's identity.

[0028] 此外,认证网关中还缓存了数字证书标识认证通过的信息,当用户漫游到其它业务信息系统时,在进行认证的过程中可以节省掉密码认证的步骤,提高系统效率。 [0028] Further, the authentication gateway further cached information identifying the digital certificate authentication when a user roams to other business information system, during the authentication process can be saved in step out password authentication, improve system efficiency.

附图说明 BRIEF DESCRIPTION

[0029] 图1为本发明实施例的业务信息系统的登录管理系统示意图; [0029] FIG. 1 is a schematic embodiment of the business information system log management system according to the present invention;

[0030] 图2为本发明实施例的登录访问业务信息系统的方法流程图。 Method [0030] FIG. 2 login access information service system according to an embodiment of the present invention. FIG.

具体实施方式 Detailed ways

[0031] 本发明实施例提供的一种业务信息系统的登录访问方法,为用户提供便捷,对于多个业务信息系统,用户可以实现单点登录,即用户进行一次登录操作,输入账号、密码就可以访问多个授权的业务信息系统。 [0031] A method for login access information service system according to an embodiment of the present invention, to provide users with convenient, for a plurality of business information system, the user can implement single sign-on, i.e., a user login operation, username, password you can access multiple authorized business information system. 本发明实施例提供的如图1所示的业务信息系统的登录管理系统中,包括:多个业务信息系统101、认证网关102、授权系统104。 Business information systems log management system shown in FIG. 1 according to an embodiment of the present invention, comprising: a plurality of business information system 101, the gateway 102 authentication, authorization system 104. 认证网关102用以实现对用户登录业务信息系统的统一认证。 Authentication gateway 102 to achieve a unified authentication for users logging in business information systems. 为进一步保证登录过程的安全性和便捷性, 用户登录的密码通过数字证书的私钥加密,加密后的密码可以是存于便于携带的硬件介质(简称硬件数字证书)中,用户无需记忆密码。 To further ensure the security of the private key encryption and convenience, user login password login process through digital certificates, encrypted passwords can be stored in easy to carry hardware media (referred to as hardware digital certificates), users do not need to remember passwords.

[0032] 本发明实施例的业务信息系统的登录方法为:当业务信息系统101接收到用户通过客户端103发送的登录请求信息后,向认证网关102发送认证请求信息。 [0032] The method of login information service system according to an embodiment of the present invention is as follows: when the traffic information system 101 receives the user through the client 103 after the login request information, sends an authentication request to the authentication information sent by gateway 102. 登录请求信息中携带有数字证书标识以及加密后的密码,数字证书标识为分发给该用户的数字证书的标识,加密后的密码为经过所述数字证书的私钥加密后的密码;认证请求信息中携带有该业务信息系统的标识、以及数字证书标识和加密后的密码。 Login request information carries identification password and the encrypted digital certificate, a digital certificate is distributed to the identified digital certificate identifying the user, the encrypted password is encrypted private key after the password of the digital certificate; authentication request message It carries an identifier of the business information systems, as well as the identity of the digital certificate and encryption password.

[0033] 认证网关102接收到认证请求信息后,使用公钥对所述加密后的密码进行解密, 得到解密后的密码;并根据认证请求信息中的数字证书标识,从用户密码信息列表中查找出与该数字证书标识相对应的密码。 [0033] After receiving the authentication gateway authentication request message, using the public key 102 pairs of decrypting the encrypted password, to obtain the decrypted password; and to find the password from the user according to the authentication information list request information digital certificate identifier the digital certificate with the identifier corresponding to the password. 认证网关102在确认解密后的密码和查找出的密码相同后,确认密码认证通过。 After the same authentication gateway 102 after the confirmation of the decrypted password, and to find out the password, the password authentication confirmation. 在认证网关102确认密码认证通过后,根据认证请求信息中的数字证书标识,从权限列表中查找出与该数字证书相对应的业务信息系统的标识,在确认认证请求信息中携带的业务信息系统的标识和查找出的业务信息系统的标识之一相同后,向业务信息系统101返回认证通过的认证结果。 After authentication gateway 102 confirm the password authentication, the authentication request message in the digital certificate identifier lookup from the permissions list that identifies the digital certificate corresponding to the service information system, confirming the authentication request service information system information carried in the identity of the one and find out the identity of the business information system of the same, the authenticator by the business information system 101. 业务信息系统101根据返回的认证结果允许所述用户登录访问。 Business information system 101 allows the user according to the authentication result returned login access.

[0034] 通过认证网关102中的用户密码信息列表和权限列表实现对用户统一的密码认证和权限认证。 [0034] list to achieve a unified user authentication through password authentication and access control lists and permissions the user password information authentication gateway 102. 用户在登录不同的业务信息系统时,都可以使用同一硬件数字证书,从而实现单点登录。 When a user logs of different business information systems, you can use the same hardware digital certificates, enabling single sign-on. 而且,在密码传输过程中采用了数字证书加密的方法,更提供了安全性。 Further, using a digital certificate encrypted password transmission method, and more security provided.

[0035] 较佳的,用户通过客户端103登录访问业务信息系统101(假设为业务信息系统A) 的方法流程如图2所示,包括如下步骤: [0035] Preferably, the user client 103 to access the business information system login process flow 101 (assuming business information system A) shown in Figure 2, comprising the steps of:

[0036] S201 :用户通过客户端103登录访问业务信息系统A时,用户通过客户端103向业务信息系统A发送登录请求信息。 [0036] S201: When the user 103 via the client login access terminal A business information system, the user client 103 transmits the login request information to the service information system A. 具体的,用户将硬件数字证书与客户端103相连,客户端103可以获取硬件数字证书中的数字证书标识和加密过的密码。 Specifically, the user certificate and the digital hardware connected to the client 103, the client 103 can obtain a digital certificate in the hardware identifier and the digital certificate encrypted password. 用户根据业务信息系统A 的URL地址,通过客户端103向业务信息系统A发送登录请求信息,登录请求信息中携带有数字证书标识和加密过的密码。 The URL address of the user service information system A, by the client 103 sends a login request message to the service information system A, the login request information carries identification and digital certificate encrypted password.

[0037] 为了方便用户登录业务信息系统101,还可以提供访问业务信息系统的门户网站。 [0037] In order to facilitate user logon business information system 101 can also provide portal access to business information systems. 在门户网站中提供了各业务信息系统的URL链接。 Provide a URL link various business information systems in the portal. 用户可以首先登录门户网站,通过门户网站的业务信息系统的URL链接,与业务信息系统A通信,向业务信息系统A发送登录请求fn息ο First, users can log into the portal, sending login request information ο fn A URL to link business information systems business information systems portal, A to communicate with business information systems

[0038] S202 :业务信息系统A接收到登录请求信息后,向认证网关102发送认证请求信息,认证请求信息中携带有数字证书标识和加密过的密码。 [0038] S202: A business information system after receiving the login request information, sends an authentication request message to the authentication gateway 102, the authentication request message carries the identifier and the digital certificate encrypted password. 具体的,在业务信息系统A中集成有登录信息拦截器,该登录信息拦截器截获了客户端103发送的登录请求信息后,获取登录请求信息中的数字证书标识和加密过的密码,并将该获取内容添加到认证请求信息中向认证网关102发送。 Specifically, in the information service system A interceptors integrated login information, the login information is intercepted by the interceptor registration client 103 transmits the request message to acquire the login request identification information and digital certificate encrypted password, and the acquired content to the authentication request message 102 is transmitted to the authentication gateway.

[0039] S203 :认证网关102接收到业务信息系统101发送的认证请求信息后,根据认证请求信息中携带的数字证书标识,查找本地存储的认证信息缓存表中是否存有相应的数字证书标识的认证通过信息。 [0039] S203: authentication gateway 102 receives service information system 101 after the transmission of the authentication request message, the authentication request according to the identification information carried in the digital certificate, the authentication information to find a locally stored cache table if there is a corresponding digital certificate identifier authentication information. 认证信息缓存表中可以保存如下信息:数字证书标识,以及该数字证书标识在认证网关102中的认证信息。 The authentication information may be stored in the cache table the following information: identifying digital certificates, digital certificate identification and authentication information authentication gateway 102. 数字证书标识在认证网关中的认证信息具体可以包括:该数字证书标识是否通过认证、认证时间、失效时间等。 Identified in the digital certificate authentication gateway authentication information may include: whether the digital certificate identifier is authenticated, the authentication time, the failure time.

[0040] 如果认证信息缓存表中没有相应的数字证书标识的认证通过信息,说明该数字证书标识所对应的用户还没有经过本认证网关的密码认证,执行步骤S204。 [0040] If the authentication information corresponding table does not cache the digital certificate authentication by the identification information indicates that the digital certificate identifier corresponding to the user has not been present authentication password authentication gateway, performs step S204.

[0041] 如果认证信息缓存表中有相应的数字证书标识的认证通过信息,说明该数字证书标识所对应的用户在访问业务信息系统A之前,已经在访问其它业务信息系统(假设业务信息系统B)时,通过认证网关102的密码认证了,则不必执行下述步骤S204-S205的密码认证,直接确认该数字证书标识的密码认证通过,执行步骤S206继续权限认证。 [0041] If the authentication information cache table corresponding authentication digital certificate identified by the information indicates that the digital certificate identifier corresponding to the user prior to accessing the business information system A, has access to other business information systems (assuming business information system B ), the authentication by password authentication to the gateway 102, it is not necessary to perform the steps S204-S205 of password authentication, password authentication directly recognized by the identification of the digital certificate, the certification authority continues to step S206.

[0042] 认证网关102中缓存的认证信息缓存表,可以起到当用户漫游到其它业务信息系统时,避免重复的密码认证的作用,进一步提高用户访问业务信息系统的效率,为用户提供在不同业务信息系统中进行无缝漫游的功能。 [0042] authentication gateway 102 caches authentication information in the cache table, can play when a user roams to other business information systems, to avoid duplication of password authentication role, user access to further improve the efficiency of business information systems, to provide users with different the ability to roam seamlessly business information system.

[0043] S204 :在认证网关102使用公钥对认证请求信息中的加密过的密码进行解密,得到解密后的密码。 [0043] S204: In the authentication using public key authentication request gateway 102 encrypt the password to decrypt information to obtain decrypted password.

[0044] S205:认证网关102查询存储的用户密码信息列表,确认密码认证是否通过。 [0044] S205: user password authentication gateway 102 queries a list of information stored, confirm whether through password authentication. 在用户密码信息列表中对应存储了用户的数字证书标识和解密后的密码。 User password information stored in the user list corresponding to the digital certificate identifier and the decrypted password. 认证网关102在比对了认证请求信息中的数字证书标识和从认证请求信息中解密出的密码,分别与用户密码信息列表中存储的数字证书标识和解密后的密码相符后,则确认密码认证通过,执行步骤S206 ;否则,密码认证不通过,执行步骤S207。 Authentication gateway 102 than on the authentication requesting a digital certificate identification information and decrypted from the authentication request message password, respectively, the digital certificate identifier and the decrypted password storage matches the user password information list, the confirmation password authentication through, step S206; otherwise, the password authentication is not passed, the step S207. 此外,用户密码信息列表中还可以针对每个数字证书标识对应存储使用该数字证书的用户的账号,即用户密码信息列表中还对应于每个数字证书标识保存了用户的账号。 In addition, the list of information the user password can also use the digital certificate for each user to store digital certificates to identify the corresponding account, that user's password information is also in the list corresponding to each digital certificate identifies the saved user account.

[0045] S206 :认证网关102继续判断权限认证是否通过。 [0045] S206: authentication gateway 102 continues by determining whether the certification authority. 具体的,在认证网关102中存储有权限列表,权限列表中对应存储了数字证书标识以及使用该数字证书的用户所被授权访问的业务信息系统的标识。 Specifically, the gateway 102 stores the authentication permission list, permission list identifier stored in the corresponding digital certificate identifier and the digital certificate of the user is authorized to access the business information system. 具体的,业务信息系统的标识可以是业务信息系统的URL地址。 Specifically, the identification of business information system can be a URL address of business information systems. 因此,认证网关102获取发送认证请求信息的URL地址,并从权限列表中查找与认证请求信息中的数字证书标识相同的数字证书标识,确认查找出的数字证书标识相对应的业务信息系统的URL地址中是否有发送认证请求信息的URL地址;若有,确认权限认证通过;否则, 权限认证不通过。 Therefore, the authentication gateway 102 obtains the URL address to send the authentication request message, and looks for the authentication request the same digital certificate information identifying digital certificates to identify, confirm the URL to find out the digital certificate identifier corresponding to the service information system from the list of permissions is there an address to send the authentication request URL address information; if so, confirmed by the certification authority; otherwise, permission authentication fails.

[0046] S207 :认证网关102向业务信息系统A返回认证结果。 [0046] S207: authentication gateway 102 returns an authentication result to the service information system A. 具体的,认证网关102只有在密码认证通过,同时权限认证通过的情况下,确认认证结果为认证通过,向业务信息系统A返回的认证结果为认证通过;否则,向业务信息系统A返回的认证结果为认证不通过。 Specifically, the authentication gateway 102 only if the password authentication, while in the case authority authentication to confirm the authentication result of the authentication is passed, returning to the service information system A authentication result of the authentication; otherwise, it returns to the service information system A certification The results for the authentication fails. 在实际应用中,由于只有在密码认证通过后,认证网关102才会进行权限认证,所以认证网关102若判断出认权限认证通过,则向业务信息系统A返回认证通过的认证结果。 In practice, since only the password authentication, the authentication authority for authentication gateway 102 will, if it is determined that the authentication gateway 102 identified by the certification authority, the service information to the system A through the authenticator. 在认证网关102向业务信息系统A返回认证结果前,将认证结果的相关信息保存到认证信息缓存表中, 如数字证书标识、是否通过认证、认证时间、失效时间。 Before the authentication gateway 102 returns an authentication result to the service information system A, to save the information to the authentication result of the authentication information table cache, such as digital certificate identifies whether authenticated, the authentication time, expiration time.

[0047] 当然,最简单的一种认证信息缓存表:认证网关102仅将认证结果为“认证通过” 的数字证书标识保存到认证信息缓存表中。 [0047] Of course, the simplest kind of authentication information in the cache table: authentication gateway 102 only authentication result is "authentication" digital certificate identifies the authentication information saved to the cache table. 那么,对于步骤S203中,“查找本地存储的认证信息缓存表中是否存有相应的数字证书标识认证通过的信息”的操作具体可以简化为“查找认证信息缓存表中是否有相应的数字证书标识”的操作。 So, for the step S203, "Finding the authentication information stored in the local cache table if there identification information corresponding to the digital certificate authentication," the specific operation can be simplified as "if a corresponding digital certificate authentication identification information in the cache lookup table "operation.

[0048] 进一步,认证网关102还可以向业务信息系统A返回数字证书标识、解密后的密码以及用户密码信息列表中与数字证书标识对应保存的账号,以便业务信息系统A在用户登录后的一些操作。 [0048] Further, the authentication gateway 102 can return a digital certificate identification to the service information system A, stored account password and the user password information list decrypted with the digital certificate identifier corresponding to the service information system A number after the user logged operating.

[0049] 认证网关102中缓存的认证信息缓存表,可以在当用户已经登录过某个业务信息系统后,又需要漫游到其它业务信息系统时,避免认证网关102重复进行密码认证,进一步提高用户访问业务信息系统的效率,为用户提供在不同业务信息系统中进行无缝漫游的功能。 When the [0049] authentication gateway 102 caches authentication information in the cache table, a user may have logged on when a business information system, the need to roam to other services and information systems, to avoid repeating the authentication password authentication gateway 102, to further improve the user access efficiency business information systems, to provide users with seamless roaming functions in different business information systems.

[0050] S208 :业务信息系统A根据返回的认证结果进行后续操作。 [0050] S208: A business information system subsequent operations according to the authentication result is returned.

[0051] 具体地,如果认证结果为认证不通过,业务信息系统A将不允许用户进行访问。 [0051] Specifically, the authentication result if authentication is not passed, A business information system will not allow user access.

[0052] 如果认证结果为认证通过,业务信息系统A查找本地存储的用户账号信息列表。 [0052] If the authentication result is authentication by business information systems A look locally stored list, the user account information. 用户账号信息列表中对应存储了用户的账号和数字证书标识。 User account information stored in the corresponding list of user accounts and digital certificates to identify.

[0053] 如果用户账号信息列表中存储了登录请求信息中携带的数字证书标识,则允许用户使用与该数字证书标识所对应的账号访问本业务信息系统。 [0053] If the user account information list stored in the digital certificate identification information carried in the login request, the user is allowed to use the digital certificate identifier corresponding to the account access to the business information system.

[0054] 如果用户账号信息列表中没有存储登录请求信息中携带的数字证书标识,就表明该用户为首次登录业务信息系统A。 [0054] If the user account information is not stored in the list of login requests a digital certificate identification information carried in, it indicates that the user first logs business information systems A. 则业务信息系统A根据从认证网关102返回的账号,确 A system in accordance with the service information returned from the account authentication gateway 102, indeed

8定该账号为用户的使用账号,并将该账号与该用户的数字证书标识对应存储到用户账号信息列表中;并允许用户使用该账号访问本业务信息系统A。 8 set to the user's account using the account, the account number and the user's digital certificate is stored in the user account corresponding to the identification information list; and allows the user access to the account of the business information system A.

[0055] 维护认证网关102中的认证信息缓存表的方法为,对于上述步骤S207中增加到认证信息缓存表中的认证结果的相关信息,可以在设定时间段后进行自动删除。 Method [0055] authentication gateway 102 maintains authentication information for the cache table, the above-described step S207 increases the authentication information authentication result information in the cache table can be automatically deleted after a set period of time. 例如,2小时后自动删除。 For example, automatically deleted after 2 hours. 那么,2小时后,若用户再去登录其它业务信息系统,则认证网关102将重新进行密码认证和权限认证;或者,用户退出业务信息系统A,2小时后,若用户再去登录业务信息系统A或其它业务信息系统,则认证网关102将重新进行密码认证和权限认证。 Then, after two hours, if the user login go to other business information systems, the authentication gateway 102 will re-password authentication and certification authority; or, the user exits the business information system A, after 2 hours, if the user login go to business information systems A system or other service information, the gateway 102 will re-authentication password authentication and privilege authentication.

[0056] 上述的用户密码信息列表和权限列表、以及解密的公钥为授权系统104预先存储到认证网关102中的: [0056] The user password and permission list information list, and a public key for decrypting previously stored authorization system 104 to the gateway 102 of the authentication:

[0057] 管理员在确认用户的账号、密码,以及该用户被授权访问的业务信息系统后,将该用户的密码与数字证书硬件进行绑定,即将用户的密码经数字证书私钥加密后存储到数字证书硬件中,将该数字证书硬件分发给该用户。 [0057] After confirming the Administrator user account, password, and the user is authorized to access business information system, the user's password and digital certificates to bind the hardware, the user's password after coming through a digital certificate private key is stored encrypted hardware digital certificate, the digital certificates distributed to the user hardware. 管理员还通过授权系统104将解密的公钥发送给认证网关102。 The administrator also the gateway 102 to the authentication system 104 via a public key to decrypt the authorization.

[0058] 此外,管理员还将该用户的数字证书标识和未经加密的密码对应存储到授权系统104中的用户密码信息列表中。 [0058] In addition, the administrator will identify the user's digital certificate and unencrypted user passwords stored in the password information corresponding to the list of authorized in the system 104. 显然,用户密码信息列表中的某个用户的未经加密的密码, 是与在认证网关102中使用公钥将该用户的加密过的密码进行解密后的密码相同的。 Obviously, unencrypted password user password information in a user's list, is the same password to decrypt the encryption and authentication gateway 102 using the public key of the user of the password.

[0059] 管理员将该用户的数字证书标识和授权该用户访问的业务信息系统的标识(具体可以是业务信息系统的URL地址)对应存储到授权系统104中的权限列表中。 Identification [0059] The administrator and the user digital certificate identifying the user is authorized to access the information service system (specifically, may be a URL address of the service information system) corresponding to the storage system 104 to the authorization permissions list. 管理员将授权系统104中生成的用户密码信息列表,以及权限列表发送给认证网关102。 Administrator system 104 transmits the authorization password in the generated user information list, the authentication and permission list to the gateway 102.

[0060] 若授权系统104的用户密码信息列表、或者权限列表中的内容发生改变,授权系统104则将更新后的用户密码信息列表、或者权限列表发送给认证网关102,认证网关102 进行相应更新。 [0060] When the content information list of authorized user password system 104, or changes in the permissions list, send password information list after the user authorization system 104 will be updated, or certification authority list to the gateway 102, the gateway 102 performs authentication updated accordingly .

[0061] 通过上述介绍的流程可以看出,认证网关102可以通过认证信息缓存表来自动确认用户请求登录的业务信息系统是第一个被访问的业务信息系统,还是用户需要漫游到的业务信息系统;对于漫游的情况,可以缺省密码认证步骤,在确认权限认证通过的情况下, 即返回认证通过信息。 [0061] As can be seen by the process described above, the authentication gateway 102 may be automatically confirmed by the authentication information table cache user requests to access business information system is first accessed business information system, or the user service information need to roam system; in the case of roaming, the default password authentication step can, in the case where confirmation by the certification authority, i.e. returned by the authentication information.

[0062] 本发明实施例中授权访问多个业务信息系统的用户在访问业务信息系统时,都经过认证网关进行认证。 [0062] Examples user authorized to access the plurality of information service system according to the present invention, when access to business information systems are certified authentication gateway. 而认证网关中的用户密码信息列表和权限列表保存了该用户的登录密码以及被授权访问的业务信息系统的标识,因此,可以实现对用户访问多个业务信息系统的统一验证。 The list of user passwords and permissions information authentication gateway in the list contains the identity of the user's login and password are authorized to access business information systems, so you can achieve a unified verification of user access to multiple business information systems. 对于用户而言,对于需要访问的多个业务信息系统只需记忆或保存一个密码,就可以登录访问多个业务信息系统,实现了单点登录,大大提高了方便性。 For users, for more business information systems need to access memory or simply save a password, you can log in to access multiple business information systems, to achieve a single sign-on, greatly improving the convenience. 而且,采用硬件数字证书来保存加密后的密码更增加了登录过程的安全性,也方便用户携带。 Moreover, the use of hardware digital certificates to save the password encrypted adds to the security of the login process, but also user-friendly carry. 同时数字证书标识也起到标识用户身份的作用。 Meanwhile digital certificate identifies also serve to identify the user's identity.

[0063] 此外,认证网关中还缓存了数字证书标识认证通过的信息,当用户漫游到其它业务信息系统时,在进行认证的过程中可以节省掉密码认证的步骤,提高系统效率。 [0063] Further, the authentication gateway further cached information identifying the digital certificate authentication when a user roams to other business information system, during the authentication process can be saved in step out password authentication, improve system efficiency.

[0064] 本领域普通技术人员可以理解实现上述实施例方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成,该程序可以存储于一计算机可读取存储介质中,如: ROM/RAM、磁碟、光盘等。 [0064] Those of ordinary skill in the art may understand that the above-described embodiment, all or part of the method steps may be relevant hardware instructed by a program, the program may be stored in a computer readable storage medium, such as: ROM / RAM, magnetic disk, optical disk.

[0065] 以上所述仅是本发明的优选实施方式,应当指出,对于本技术领域的普通技术人 [0065] The above are only preferred embodiments of the present invention, it should be noted that, for the person of ordinary skill in the art

9员来说,在不脱离本发明原理的前提下,还可以作出若干改进和润饰,这些改进和润饰也应视为本发明的保护范围。 9, in the present invention without departing from the principle of the premise, but also several improvements and modifications can be made, and these improvements and modifications should be the scope of the invention.

Claims (9)

1. 一种业务信息系统的登录方法,包括:业务信息系统接收用户发送的登录请求信息,所述登录请求信息中携带有数字证书标识以及加密后的密码,所述数字证书标识为分发给所述用户的数字证书的标识,所述加密后的密码为经过所述数字证书的私钥加密后的密码;所述业务信息系统向认证网关发送认证请求信息;所述认证请求信息中携带有所述业务信息系统的标识、所述数字证书标识和加密后的密码;所述认证网关接收到所述认证请求信息后,使用公钥对所述加密后的密码进行解密, 得到解密后的密码;所述认证网关根据所述认证请求信息中的数字证书标识,从用户密码信息列表中查找出与该数字证书标识相对应的密码;所述认证网关在确认解密后的密码和查找出的密码相同后,根据所述认证请求信息中的数字证书标识,从权限列表中查找出与 1. A method of log information service system, comprising: a traffic information system receives the login request information sent by a user, the login request information carries identification password and the encrypted digital certificate, the digital certificate identifier is circulated to identification of said user's digital certificate, the encrypted password is a password encrypted via private key of the digital certificate; the service information request message to the authentication system transmits authentication gateway; the authentication request message carries somewhat service password identification information of said system, the identification and the encrypted digital certificate; the authentication gateway, after receiving the authentication request message, using the public key of the encrypted password is decrypted to obtain the decrypted password; the digital certificate authentication gateway requests identification information based on the authentication, and find out the identity of the digital certificate from the user password corresponding to the password information list; the same gateway after authentication confirmation and to find out the password to decrypt password after the digital certificate authentication request according to the identification information, and to find out from the list of permissions 该数字证书相对应的业务信息系统的标识;所述认证网关在确认所述认证请求信息中携带的业务信息系统的标识和查找出的业务信息系统的标识之一相同后,向所述业务信息系统返回认证通过的认证结果; 所述业务信息系统根据所述认证结果允许所述用户登录访问。 The digital certificate identifier corresponding to the service information system; after confirming the authentication gateway in the authentication request carries the service identification information and the system information to find out the same as one of the identified business information systems, information to the service by the authenticator system; and the service information system allowing the user login access based on the authentication result.
2.如权利要求1所述的方法,所述认证网关向所述业务信息系统返回认证通过的认证结果之前,还包括:所述认证网关根据所述认证结果在认证信息缓存表中缓存所述认证请求信息中的数字证书标识的认证通过信息;以及,在所述认证网关使用公钥对所述加密后的密码进行解密之前,还包括: 根据所述认证请求信息中的数字证书标识,从认证信息缓存表中查找该数字证书标识的认证通过信息;以及,所述认证网关使用公钥对所述加密后的密码进行解密,具体为:所述认证网关在确认所述认证信息缓存表中没有缓存该数字证书标识的认证通过信息后,使用公钥对所述加密后的密码进行解密。 Before 2. A method according to claim 1, the authentication by the authenticator gateway to the service information system, further comprising: buffering the gateway the authentication information in the authentication cache table according to the authentication result authentication digital certificate authentication request identification information by the information; and before using the public key in the authentication password for the gateway to decrypt the encrypted, further comprising: requesting a digital certificate identification information based on the authentication, from the authentication information table lookup cache the digital certificate authentication by the identification information; public key using the password and decrypting the encrypted, the authentication gateway, specifically: the acknowledgment of the authentication gateway the authentication information in the cache table the digital certificate identifier is not cached after the authentication information by using the cryptographic public key to decrypt the encrypted.
3.如权利要求2所述的方法,在所述认证网关根据所述认证请求信息中的数字证书标识,从权限列表中查找出与该数字证书相对应的业务信息系统的标识之前,还包括:若查找到所述认证信息缓存表中缓存的所述认证请求信息中的数字证书标识的认证通过信息,则不对所述加密后的密码进行解密。 Before 3. The method according to claim 2, requesting a digital certificate identification information in the authentication according to the authentication gateway, find out the identity of the digital certificate and corresponding service information from the permissions list system, further comprising : If the authentication information is found in the cache of the cache table authentication digital certificate authentication request identification information by the information, not the encrypted password to decrypt.
4.如权利要求3所述的方法,所述用户密码信息列表中还保存有对应于所述数字证书标识的账号;以及,所述认证网关向所述业务信息系统返回认证通过的认证结果时,还向所述业务信息系统返回所述账号;以及,所述业务信息系统根据所述认证结果允许所述用户登录访问,具体为:所述业务信息系统根据返回的认证结果以及账号,允许所述用户使用该账号访问本业务信息系统。 And when the authentication by the authenticator gateway to the service information system; 4. The method according to claim 3, the user password is also stored in the information list corresponding to the identified digital certificate account further returning the account information to the service system; and said service information system allowing the user login access based on the authentication result, specifically: the system according to the service information and an authentication result returned by the account, allowing the said user access to the account of the business information system.
5.如权利要求1-4所述的方法,所述用户的数字证书是由授权系统生成并分发的;以及,所述认证网关中的用户密码信息列表、权限列表和公钥是由所述授权系统生成,并发送到所述认证网关的。 5. A method as claimed in claim 1-4, the user's digital certificate is generated and distributed by the authorization system; and a user password authentication information list of the gateway, permission list and the public key is authorization system generates, and transmits to the authentication gateway.
6. 一种业务信息系统的登录管理系统,包括:业务信息系统,用于在接收到用户发送的登录请求信息后,发送认证请求信息;所述登录请求信息中携带有数字证书标识以及加密后的密码,所述数字证书标识为分发给所述用户的数字证书的标识,所述加密后的密码为经过所述数字证书的私钥加密后的密码;所述认证请求信息中携带有所述业务信息系统的标识、所述数字证书标识和加密后的密码;认证网关,用于接收到所述认证请求信息后,使用公钥对所述加密后的密码进行解密, 得到解密后的密码;并根据所述认证请求信息中的数字证书标识,从用户密码信息列表中查找出与该数字证书标识相对应的密码;在确认解密后的密码和查找出的密码相同后,根据所述认证请求信息中的数字证书标识,从权限列表中查找出与该数字证书相对应的业务信息系统 After the login request information carries identification and the encrypted digital certificate; information service system for receiving the login request message sent by the user, it transmits the authentication request message: A service system log information management system, comprising password, a digital certificate identifier identifying the user for the distributed digital certificate, the encrypted password through the password is encrypted private key of the digital certificate; the authentication request message carries the service password information identification system, the identification and the encrypted digital certificate; authentication gateway, for, after receiving the authentication request message, using the public key of the encrypted password is decrypted to obtain the decrypted password; and requesting a digital certificate based on the identification information authentication, find out the identity of the digital certificate from the user password corresponding to the password information list; after confirming the same password and the decrypted password to find out, according to the authentication request the digital certificate identification information, to find out the corresponding digital certificate business information systems from the permissions list 的标识;在确认所述认证请求信息中携带的业务信息系统的标识和查找出的业务信息系统的标识之一相同后,向所述业务信息系统返回认证通过的认证结果;所述业务信息系统还用于根据所述认证结果允许所述用户登录访问。 Identification; one in the same system identification information to identify the service confirming that the information carried in the authentication request and find out the service information system, the authenticator to the service information through the system; the traffic information system further for allowing the user login access based on the authentication result.
7.如权利要求6所述的系统,其特征在于,所述认证网关还用于在向所述业务信息系统返回认证通过的认证结果之前,根据所述认证结果在认证信息缓存表中缓存所述认证请求信息中的数字证书标识的认证通过信息。 7. The system according to claim 6, wherein said gateway is further configured to authenticate the authentication result through before returning to the service information system, the cache according to the authentication result in the authentication information table cache said authentication digital certificate authentication request identification information through the information.
8.如权利要求7所述的系统,其特征在于,所述认证网关还用于在使用公钥对所述加密后的密码进行解密之前,根据所述认证请求信息中的数字证书标识,从认证信息缓存表中查找该数字证书标识的认证通过信息;若确认所述认证信息缓存表中没有缓存该数字证书标识的认证通过信息,则使用公钥对所述加密后的密码进行解密;否则,不对所述加密后的密码进行解密。 8. The system according to claim 7, wherein said gateway is further configured to authenticate using a public key before the encrypted password is decrypted, the digital certificate identifies a request based on the authentication information, from the the authentication information table lookup cache the digital certificate authentication by the identification information; when it is confirmed that the authentication information is not cached in the cache table of the digital certificate authentication by the identification information, the public key password is used to decrypt said encryption; otherwise , not the encrypted password to decrypt.
9.如权利要求6-8所述的系统,其特征在于,还包括:授权系统,用于生成所述数字证书,并分发给所述用户;所述授权系统还生成所述用户密码信息列表、权限列表和公钥,并发送到所述认证网关。 The user password information list further generating the authorization system; authorization system for generating the digital certificate, and distributed to the user: The system as claimed in claim 6-8, characterized in that, further comprising , permission list and the public key, and sent to the authentication gateway.
CN2012100093134A 2012-01-12 2012-01-12 Sign-on method and sign-on management system for service information system CN102420836A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2012100093134A CN102420836A (en) 2012-01-12 2012-01-12 Sign-on method and sign-on management system for service information system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2012100093134A CN102420836A (en) 2012-01-12 2012-01-12 Sign-on method and sign-on management system for service information system

Publications (1)

Publication Number Publication Date
CN102420836A true CN102420836A (en) 2012-04-18

Family

ID=45945071

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2012100093134A CN102420836A (en) 2012-01-12 2012-01-12 Sign-on method and sign-on management system for service information system

Country Status (1)

Country Link
CN (1) CN102420836A (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103685305A (en) * 2013-12-25 2014-03-26 乐视网信息技术(北京)股份有限公司 Method and system for logging multiple business application system by single point
CN103716325A (en) * 2013-12-31 2014-04-09 网神信息技术(北京)股份有限公司 Security control method, device and system for network access
CN103873427A (en) * 2012-12-07 2014-06-18 广州爱游信息科技有限公司 Authority management method and authority management system
CN104065612A (en) * 2013-03-18 2014-09-24 中国移动通信集团公司 User management method and device and unified user management system
CN104158723A (en) * 2014-08-15 2014-11-19 深圳市蜂联科技有限公司 Implementation method for sharing of user account by open intelligent gateway platform
CN104580256A (en) * 2015-02-02 2015-04-29 北京嘀嘀无限科技发展有限公司 Method and device for logging in through user equipment and verifying user's identity
CN105391721A (en) * 2015-11-23 2016-03-09 兰玉杰 Unified authentication management open system based on cloud computing
CN105592059A (en) * 2015-10-14 2016-05-18 杭州华三通信技术有限公司 Digital certificate verification method and device
CN105592031A (en) * 2014-11-25 2016-05-18 中国银联股份有限公司 User login method and system based on identity authentication
CN105791241A (en) * 2014-12-24 2016-07-20 远光软件股份有限公司 Method and device in support of switching login unit when re-login is executed
US9692745B2 (en) 2015-04-10 2017-06-27 Microsoft Technology Licensing, Llc Single sign-on without a broker application
CN106899615A (en) * 2017-04-18 2017-06-27 北京思特奇信息技术股份有限公司 A kind of single sign-on authentication method and system

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030163737A1 (en) * 2002-02-26 2003-08-28 James Roskind Simple secure login with multiple-authentication providers
CN1645789A (en) * 2005-02-04 2005-07-27 张亚武 Electronic e-mail system with intelligent card
KR100590698B1 (en) * 2005-03-08 2006-06-09 에스케이 텔레콤주식회사 Authentication method, system and server for prohibiting multi login with same identification
CN101105753A (en) * 2006-07-11 2008-01-16 联想(北京)有限公司 Computer safety control method based on USB flash memory disc
CN101166173A (en) * 2006-10-20 2008-04-23 北京直真节点技术开发有限公司 A single-node login system, device and method
CN101207485A (en) * 2007-08-15 2008-06-25 深圳市同洲电子股份有限公司 System and method of unification identification safety authentication for users
CN101232379A (en) * 2008-01-29 2008-07-30 中国移动通信集团公司;中兴通讯股份有限公司 Method for implementing system login, information technology system and communication system
JP4291213B2 (en) * 2004-05-26 2009-07-08 日本電信電話株式会社 Authentication method, authentication system, authentication proxy server, network access authentication server, program, and recording medium
CN101510877A (en) * 2009-02-25 2009-08-19 中国网络通信集团公司 Single-point logging-on method and system, communication apparatus
CN101931534A (en) * 2010-08-30 2010-12-29 中兴通讯股份有限公司 Management method and device of operator resource usage license
CN101997685A (en) * 2009-08-27 2011-03-30 阿里巴巴集团控股有限公司 Single sign-on method, single sign-on system and associated equipment

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030163737A1 (en) * 2002-02-26 2003-08-28 James Roskind Simple secure login with multiple-authentication providers
JP4291213B2 (en) * 2004-05-26 2009-07-08 日本電信電話株式会社 Authentication method, authentication system, authentication proxy server, network access authentication server, program, and recording medium
CN1645789A (en) * 2005-02-04 2005-07-27 张亚武 Electronic e-mail system with intelligent card
KR100590698B1 (en) * 2005-03-08 2006-06-09 에스케이 텔레콤주식회사 Authentication method, system and server for prohibiting multi login with same identification
CN101105753A (en) * 2006-07-11 2008-01-16 联想(北京)有限公司 Computer safety control method based on USB flash memory disc
CN101166173A (en) * 2006-10-20 2008-04-23 北京直真节点技术开发有限公司 A single-node login system, device and method
CN101207485A (en) * 2007-08-15 2008-06-25 深圳市同洲电子股份有限公司 System and method of unification identification safety authentication for users
CN101232379A (en) * 2008-01-29 2008-07-30 中国移动通信集团公司;中兴通讯股份有限公司 Method for implementing system login, information technology system and communication system
CN101510877A (en) * 2009-02-25 2009-08-19 中国网络通信集团公司 Single-point logging-on method and system, communication apparatus
CN101997685A (en) * 2009-08-27 2011-03-30 阿里巴巴集团控股有限公司 Single sign-on method, single sign-on system and associated equipment
CN101931534A (en) * 2010-08-30 2010-12-29 中兴通讯股份有限公司 Management method and device of operator resource usage license

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103873427A (en) * 2012-12-07 2014-06-18 广州爱游信息科技有限公司 Authority management method and authority management system
CN104065612B (en) * 2013-03-18 2017-11-14 中国移动通信集团公司 A kind of user management method, device and Union user management system
CN104065612A (en) * 2013-03-18 2014-09-24 中国移动通信集团公司 User management method and device and unified user management system
CN103685305A (en) * 2013-12-25 2014-03-26 乐视网信息技术(北京)股份有限公司 Method and system for logging multiple business application system by single point
CN103716325A (en) * 2013-12-31 2014-04-09 网神信息技术(北京)股份有限公司 Security control method, device and system for network access
CN104158723A (en) * 2014-08-15 2014-11-19 深圳市蜂联科技有限公司 Implementation method for sharing of user account by open intelligent gateway platform
CN104158723B (en) * 2014-08-15 2017-04-19 深圳市蜂联科技有限公司 Implementation method for sharing of user account by open intelligent gateway platform
CN105592031B (en) * 2014-11-25 2019-07-19 中国银联股份有限公司 The user log-in method and system of identity-based certification
CN105592031A (en) * 2014-11-25 2016-05-18 中国银联股份有限公司 User login method and system based on identity authentication
CN105791241A (en) * 2014-12-24 2016-07-20 远光软件股份有限公司 Method and device in support of switching login unit when re-login is executed
CN105791241B (en) * 2014-12-24 2019-08-13 远光软件股份有限公司 Again the method and apparatus for supporting switching to log in unit is logged in
CN104580256A (en) * 2015-02-02 2015-04-29 北京嘀嘀无限科技发展有限公司 Method and device for logging in through user equipment and verifying user's identity
US9692745B2 (en) 2015-04-10 2017-06-27 Microsoft Technology Licensing, Llc Single sign-on without a broker application
CN105592059A (en) * 2015-10-14 2016-05-18 杭州华三通信技术有限公司 Digital certificate verification method and device
CN105391721A (en) * 2015-11-23 2016-03-09 兰玉杰 Unified authentication management open system based on cloud computing
CN106899615A (en) * 2017-04-18 2017-06-27 北京思特奇信息技术股份有限公司 A kind of single sign-on authentication method and system

Similar Documents

Publication Publication Date Title
Riedel et al. A Framework for Evaluating Storage System Security.
CN1939028B (en) Protection from the plurality of data storage devices to access the network
US7487539B2 (en) Cross domain authentication and security services using proxies for HTTP access
CN100580610C (en) Security link management method in dynamic networks
US9544297B2 (en) Method for secured data processing
JP3897613B2 (en) Operation method of registration authority server, registration authority server, and program in public key cryptosystem
EP0695985B1 (en) Logon certificates
EP1579624B1 (en) System for digital rights management using distributed provisioning and authentication
CN101202753B (en) Method and device for accessing plug-in connector applied system by client terminal
JP2015517261A (en) Secure authentication in multi-party systems
US7688975B2 (en) Method and apparatus for dynamic generation of symmetric encryption keys and exchange of dynamic symmetric key infrastructure
US6490679B1 (en) Seamless integration of application programs with security key infrastructure
US7443986B2 (en) Key allocating method and key allocation system for encrypted communication
CN1323508C (en) A Single Sign On method based on digital certificate
US7062654B2 (en) Cross-domain access control
US20030217148A1 (en) Method and apparatus for LAN authentication on switch
CN100583761C (en) Method for realizing uniform authentication
CN101212297B (en) WEB-based WLAN access authentication method and system
US6801998B1 (en) Method and apparatus for presenting anonymous group names
JP2005505991A (en) Method and system for providing client privacy when content is requested from a public server
CN1265676C (en) Method for realizing roaming user to visit network inner service
EP2731043B1 (en) Computer system for storing and retrieval of encrypted data items, client computer, computer program product and computer-implemented method
US20020150253A1 (en) Methods and arrangements for protecting information in forwarded authentication messages
CN1835438B (en) Method of realizing single time accession between websites and website thereof
US8788811B2 (en) Server-side key generation for non-token clients

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
C12 Rejection of a patent application after its publication