CN103023921A - Authentication and access method and authentication system - Google Patents
Authentication and access method and authentication system Download PDFInfo
- Publication number
- CN103023921A CN103023921A CN201210580828XA CN201210580828A CN103023921A CN 103023921 A CN103023921 A CN 103023921A CN 201210580828X A CN201210580828X A CN 201210580828XA CN 201210580828 A CN201210580828 A CN 201210580828A CN 103023921 A CN103023921 A CN 103023921A
- Authority
- CN
- China
- Prior art keywords
- service end
- authentication
- user name
- database
- sign
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses an authentication and access method. The authentication and access method includes logging on a first server through a user name, generating an authentication mark related to time of logging on the first server after passing authentication, writing the user name and the authentication mark into a database of the first server and databases of one or a plurality of second servers connected with the first server, starting access modules configured at the second servers to read authentication marks from the databases of the second servers according to the user name if the second servers are accessed by the first server according to the user name, comparing the read authentication marks with the authentication mark read from the database of the first server, and being allowed to continue to access the second servers if comparison result is consistent. The invention further provides a corresponding authentication system. By the method and the system, single-point logging on between the two types of servers is achieved, and accordingly integrated authentication efficiency of the authentication system is improved on the whole.
Description
Technical field
The present invention relates to the data security field, in particular to a kind of authentication accessing method and Verification System.
Background technology
Along with the development of information security technology, people improve constantly identification safety authentication consciousness, for different stage or level business or operation, adopt different safety certification schemes to become a kind of trend.For example, in financial industry, for the application of different risk class, need the authenticating user identification scheme of different brackets, that is to say, for same user, need to be between different application service repeatedly the authentication access of carrying out process operation, authentication efficiency is extremely low.
For example, a certain A of bank has set up the application service end of centralized displaying Report Forms Service for improving report form showing efficient, as this application service end of front end take a plurality of Report Forms Service ends of rear end as support, a plurality of Report Forms Service ends in centralized displaying rear end result.Yet, for guaranteeing the security needs of report data, general bank all can adopt to different application services the identity verification scheme of different brackets, in other words, the application service end of the service end access front end of different authentication scheme is adopted in each application service of rear end, all need to carry out manual configuration for it one time at application service end and Report Forms Service end at every turn, show at integrated application service end with a plurality of Report Forms Service ends with the rear end, this authentication access configuration is loaded down with trivial details, efficient is lower, causes the integral body authentication integrated level of identification service system low.
Summary of the invention
The invention provides a kind of authentication accessing method and Verification System, for the scene that adopts integrated first service end that a plurality of second service ends are represented, be in the different authentication scheme in different application services, only need in the configuration of first service end once, can realize the access to the second service end, realize the single-sign-on between first service end and second service end, improved the over all Integration degree of identification service system.
According to the first aspect of embodiment of the present invention, a kind of authentication accessing method is provided, comprising:
Log in the first service end by user name,
After the authentication by described first service end, generate the authentication sign, wherein said authentication sign and the described time correlation connection that logs in the first service end;
With described user name be connected that authentication sign writes the database of described first service end and the database of one or more second service ends of being connected with described first service end;
If access described second service end by described first service end according to described user name, then start the access module be deployed in described second service end and read the authentication sign according to described user name from the database of described second service end, and the authentication of reading sign and the authentication sign that reads from the database of described first service end compared, if comparison is consistent, then allow to continue the described second service end of access.
Second aspect according to embodiment of the present invention, a kind of Verification System is provided, comprise first service end, one or more second service ends that are connected with described first service end, be deployed in the generation module of described first service end and be deployed in the access module of described second service end, wherein
The first service end is used for logging in by user name;
Described generation module, be used for after the authentication by described first service end, generate the authentication sign, wherein said authentication sign and the described time correlation connection that logs in the first service end, and with described user name be connected that the authentication sign writes the database of described first service end and the database of one or more second service ends of being connected with described first service end;
Described access module, access described second service end by described first service end according to described user name if be used for, read the authentication sign according to described user name from the database of described second service end, and the authentication of reading sign and the authentication sign that reads from the database of described first service end compared, if comparison is consistent, then allow to continue the described second service end of access.
The authentication accessing method that embodiment of the present invention provides and Verification System, by after logging in the first service end, generating the disposable authentication sign that is associated with landing time, and will authenticate sign and user name writes the database of first service end and second service end, when by first service end access second service end, read the authentication sign of two service ends and compare by the access module that is configured in the second service end, can continue to access the second service end after comparison is consistent, realized the single-sign-on between first service end and the second service end has been improved the over all Integration degree of identification service system by the mode of user name in conjunction with the authentication sign.
Description of drawings
Fig. 1 illustrates the schematic diagram according to the authentication accessing method of embodiment of the present invention.
Fig. 2 illustrates the schematic diagram according to the Verification System of embodiment of the present invention.
Embodiment
For the purpose, technical scheme and the advantage that make embodiments of the invention is clearer, the present invention is described in further detail below in conjunction with accompanying drawing.
With reference to figure 1, illustrate the schematic diagram according to the authentication accessing method of embodiment of the present invention, particularly, this authentication accessing method comprises:
S101 logs in the first service end by user name,
S102 after the authentication by described first service end, generates the authentication sign, wherein said authentication sign and the described time correlation connection that logs in the first service end;
S103, with described user name be connected that authentication sign writes the database of described first service end and the database of one or more second service ends of being connected with described first service end;
S104, if access described second service end by described first service end according to described user name, then start the access module be deployed in described second service end and read the authentication sign according to described user name from the database of described second service end, and the authentication of reading sign and the authentication sign that reads from the database of described first service end compared, if comparison is consistent, then allow to continue the described second service end of access.
In the embodiment of the present invention, the user logs in the first service end by user name, wherein the first service end can be provide unified report form showing for multiple different application systems integrated application service end (for example, can be the RIDE service end of China Construction Bank's exploitation), and the second service end can be various industry-leadings the BI report tool (for example, the Cognos service end), as the first service end of front end (for example, RIDE end) take as the second service end of rear end as support.In some particular implementation, the report form showing function of the application systems such as ERP System, Statistical Information Management System need not be developed separately, and they can utilize all basic report form showing services of gain-of-function of RIDE+Cognos.
Carry out communication by the webservice mode between first service end and the second service end, in other words, any one service end in first service end and the second service end obtains the entry mode that enters by the webservice interface that calls another service end and provide.In same application service, the first service end adopts identical authentication method with the second service end, and for different application services, based on the different authentication method of needs employing of authentication security.For example, for using aa, first service end and second service end can adopt authentication method AA; And for using bb (wherein, it is to use different application from aa that bb uses), first service end and second service end can all adopt authentication method BB (for example, authentication method BB can be the authentication method different from authentication method AA).Authentication accessing method provided by the invention can be under the scene of different application service (namely corresponding different authentication method), need not different authentication method corresponding to each different application carried out separately authenticated configuration, but utilize unified authentication sign to carry out authentication processing, this authentication accessing method has significantly improved the access efficiency of authentication processing, especially in the scene of second service end number more (in other words, corresponding application service number is larger).
After logging in the first service end by user name, carry out authentication processing, no matter which kind of certificate scheme what adopt is, certainly prerequisite is to finish relevant authentication information in the configuration of first service end, after the authentication of this user name by the first service end, the state that logs in that the first service end records this user name is " successfully logging in ".
After this user name is by authentication, the generation module of first service end administration will generate the authentication sign for this user name, this authentication sign joins with the time correlation that this user name logs in the first service end, that is to say, this authentication sign changed with the time that user name logs in the first service end, and same user name logs in the authentication sign difference that the first service end generates in different time points.The authentication sign that this mode generates can guarantee to authenticate real-time and the uniqueness of sign, improves the fail safe of authentication access.In some embodiments of the present invention, the authentication sign can be the character string that joins with the time correlation that logs in the first service end, for example, can be 32 random string.Those skilled in the art can adopt any type of authentication sign that can realize above-mentioned purpose, the execution mode that is not limited to mention herein.
Then, this authentication sign that logs in the generation of first service end of this user name that logs in and this user name writes the database of first service end together with the user, write simultaneously the database of one or more (for example, two, three or more) second service ends that are connected with the first service end.Second service end in the embodiment of the present invention can be the Cognos of Cognos(IBM IBM Corporation), MSTR (Microstrategy), BO(Business Object) etc. professional business intelligence (Business Intelligence, BI) report tool service end.
In the embodiment of the present invention, after by the authentication of first service end, generate before the authentication sign, also comprise, from the database of authentication, obtain this user name institutional affiliation and affiliated role, and all mechanisms that use under this user name and all roles, and with this user name, this user name institutional affiliation, the role forms authentication information under this user name, then will (for example use database that all mechanisms and role write the first service end under the authentication information that form and this user name, the oracle database), so that the follow-up management user carries out rights management to the first service end.For example, for the present various Verification Systems of using of bank, the General Requirements user possesses institutional affiliation and affiliated role, distinguish the authority that the user should authorize with this, take libin.xm as example, its institutional affiliation can be thought " Xiamen branch ", affiliated role is " the general inquiry personnel of Accounting Department ", the authority of then authorizing libin.xm is the data of checking Xiamen accounting department of branch, and can not carry out other operations, as not revising the data change of checking, can not check the data outside this mechanism.For example, certain form " deposit detail list ", application management person during to this form mandate, the first service end can be listed all mechanisms and all roles, makes things convenient for the keeper therefrom to choose and authorizes (having the authority of checking and deleting this form such as certain role who authorizes in certain mechanism).Wherein, same user name and this user name institutional affiliation and role are kept in the database with the form of a database table, and full mechanism, the full-shape look used under this user name are stored in database with the form of a database table separately.
Need to prove, after the user withdraws from the first service end, the full mechanism that under this user name, uses, other information the full-shape look, authentication sign, this user name institutional affiliation and the role etc. that generate such as this login can delete, save memory space, also be conducive to lower the inquiry pressure that has a plurality of authentication signs in the database and cause.
The user is after the first service end logs in, can be according to user name by first service end access second service end, if access the second service end by the first service end according to user name, then start the access module that is deployed in the second service end, access module is inquired about authentication sign corresponding to this user name according to the user name of access second service end from the database of second service end, and will compare from second service client database the authentication sign that reads and the authentication sign that reads from the first service client database, if comparison is consistent, then this access module can be by authenticating to second service end feedback by allowing to continue access second service end.In the embodiment of the present invention, under normal circumstances, the authentication sign of storing in first service end and the second service end be that the first service end generates this logs in constantly related authentication and identifies with this user, this moment, the comparison result of access module was consistent, allowed to continue access second service end by the first service end.In some embodiments of the present invention, for the cognos service end (for example, one or more service ends) corresponding server cluster, can be one or the computer cluster that above computer forms, access module is disposed on the Content Management main frame (for the cognos system, management host is exactly Cognos content manager) of cluster.Generally speaking, for a Cognos computer cluster, only have a Content Management main frame, that is to say, the access module in the embodiment of the present invention can only need be deployed on the Content Management main frame and get final product.During each user access, the access module on can the invoking content management main frame is carried out corresponding processing operation.Need to prove that those skilled in the art can determine according to Report form applications such as cognos the concrete configuration mode of access module for the way to manage of authentication.
In the embodiment of the present invention, the access module that is deployed in the second service end is being passed through to the authentication of second service end feedback, permission continues after the access second service end by the first service end, also can verify the authentication information that the first service end sends when accessing the second service end, particularly, comprise: whether the authentication of users name is correct, if this username good, then inquire about authentication information corresponding to this user name, described authentication information comprises user name, this user name institutional affiliation and affiliated role, particularly, in the database of first service end, inquire about this user name institutional affiliation information according to user name, and inquire about Role Information under this user name according to user name, and obtain all roles that use under all mechanisms of using under this user name and this user name, and will verify by after the information obtained (comprising: this user name, this user name institutional affiliation and affiliated role, with all mechanisms that use under this user name and all roles) be assembled into the discernible visa object of second service end.In the embodiment of the present invention, the sign ID(that user name can be thought identifying user for example, aforesaid libin.xm), user name and its institutional affiliation and affiliated role association, for example, user name can be used as major key, and this user name institutional affiliation and affiliated role then can be used as the property value of the corresponding major key of this user name.Adopt the visa object to carry out data encapsulation in the embodiment of the present invention, improved the range of application of authentication demand among the present invention.
The second service end is after being proved to be successful, and second service end (for example, the Cognos service end) can receive the access request of this user name, and distributes to the Service Privileges that the user should have according to the visa object, serves accordingly to represent.After the user withdraws from the second service end, in the database of second service end except full mechanism and full-shape look information other information (for example, logging in the information such as authentication sign, this user name institutional affiliation and role that the first service end generates) can delete thereupon.
In the embodiment of the present invention, access module is implemented by java, forms the jar bag after the compiling, and the jar bag is called in the support of second service end, also can move the jar bag simultaneously, and communicate by the webservice application interface between access module and the first service end.
Below describe in conjunction with the embodiments authentication accessing method of the present invention, set forth the Verification System that adopts above-mentioned authentication accessing method below in conjunction with embodiment.
Referring to Fig. 2, illustrate the schematic diagram according to the Verification System of embodiment of the present invention, this Verification System 200 comprises first service end 201, one or more second service ends 202 that are connected with the first service end, be deployed in the generation module 2010 of first service end 201 and be deployed in the access module 2020 of second service end 202
Described generation module 2010, be used for after the authentication by described first service end, generate the authentication sign, wherein said authentication sign and the described time correlation connection that logs in the first service end, and with described user name be connected that the authentication sign writes the database of described first service end and the database of one or more second service ends of being connected with described first service end;
Described access module 2020, access described second service end by described first service end according to described user name if be used for, read the authentication sign according to described user name from the database of described second service end, and the authentication of reading sign and the authentication sign that reads from the database of described first service end compared, if comparison is consistent, then allow to continue the described second service end of access.
In the embodiment of the present invention, the user for example logs in first service end 201(by user name, can be the RIDE service end of China Construction Bank's exploitation), and the second service end can be various industry-leadings the BI report tool (for example, the Cognos service end), as the first service end of front end (for example, RIDE end) take as the second service end of rear end as support.In some particular implementation, the report form showing function of ERP System, Statistical Information Management System etc. application system need not be developed separately, and they can utilize all basic report form showing services of gain-of-function of RIDE+Cognos.
Carry out communication by the webservice mode between first service end and the second service end, in other words, any one service end in first service end and the second service end obtains the entry mode that enters by the webservice interface that calls another service end and provide.In same application service, the first service end adopts identical authentication method with the second service end, and for different application services, based on the different authentication method of needs employing of authentication security.Authentication connecting system provided by the invention can be under the scene of different application service (namely corresponding different authentication method), need not different authentication method corresponding to each different application carried out separately authenticated configuration, but utilize unified authentication sign to carry out authentication processing, this authentication access way has significantly been improved the access efficiency of authentication processing, especially in the scene of second service end number more (in other words, corresponding application service number is larger).
After the authentication of this user name by the first service end, the state that logs in that the first service end records this user name is " successfully logging in ".After by authentication, the generation module 2010 that is deployed in first service end 201 generates the authentication sign for this user name, this authentication sign joins with the time correlation that this user name logs in the first service end, that is to say, this authentication sign changed with the time that user name logs in the first service end, and same user name logs in the authentication sign difference that the first service end generates in different time points.The authentication sign that generation module 2010 adopts this mode to generate can guarantee to authenticate real-time and the uniqueness of sign, improves the fail safe of authentication access.In some embodiments of the present invention, it can be the character string that joins with the time correlation that logs in the first service end that generation module 2010 generates the authentication sign, for example, can be 32 random string.Those skilled in the art can adopt any type of authentication sign that can realize above-mentioned purpose, the execution mode that is not limited to mention herein.
In the embodiment of the present invention, after by the authentication of first service end, generate before the authentication sign, also by being deployed in the acquisition module of first service end 201, from the database of authentication, obtain this user name institutional affiliation and affiliated role, and all mechanisms that use under this user name and all roles, and with this user name, this user name institutional affiliation, the role forms authentication information under this user name, then will (for example use database that all mechanisms and all roles write the first service end under the authentication information that form and this user name, the oracle database), so that the follow-up management user carries out rights management to the first service end.For example, for the present various Verification Systems of using of bank, the General Requirements user possesses institutional affiliation and affiliated role, distinguish the authority that the user should give with this, take libin.xm as example, its institutional affiliation can be thought " Xiamen branch ", affiliated role is " the general inquiry personnel of Accounting Department ", the authority of then authorizing libin.xm is the data of checking Xiamen accounting department of branch, and can not carry out other operations, as not revising the data change of checking, can not check the data outside this mechanism.For example, certain form " deposit detail list ", application management person during to this form mandate, the first service end can be listed all mechanisms and all roles, makes things convenient for the keeper therefrom to choose and authorizes (having the authority of checking and deleting this form such as certain role who authorizes in certain mechanism).Wherein, same user name and this user name institutional affiliation and role are kept in the database with the form of a database table, and the full mechanism of the described application of this user name, full-shape look store with the form of a database table separately.
Need to prove, after the user withdraws from the first service end, the full mechanism that under this user name, uses, other information the full-shape look, authentication sign, this user name institutional affiliation and the role etc. that generate such as this login can delete, save memory space, also be conducive to lower the inquiry pressure that has a plurality of authentication signs in the database and cause.
If access second service end 202 by first service end 201 according to user name, the access module 202 that is configured in second service end 202 can be inquired about authentication sign corresponding to this user name according to the user name of access second service end 202 from the second service client database, and the authentication that will read from second service client database sign is compared with the authentication sign that reads from the first service client database, if comparison is consistent, then can be by authenticating to second service end feedback by allowing to continue access second service end.In some embodiments of the present invention, for the cognos service end (for example, one or more service ends) corresponding server cluster, can be one or the computer cluster that above computer forms, access module is disposed on the Content Management main frame (for the cognos system, management host is exactly Cognos content manager) of cluster.Generally speaking, for a Cognos computer cluster, only have a Content Management main frame, that is to say, the access module in the embodiment of the present invention can only need be deployed on the Content Management main frame and get final product.During each user access, the access module on can the invoking content management main frame is carried out corresponding processing operation.Need to prove that those skilled in the art can determine according to Report form applications such as cognos the concrete configuration mode of access module for the way to manage of authentication.Wherein, the logical java of the access module in the embodiment of the present invention implements, and forms the jar bag after the compiling, and the jar bag is called and moves in the support of second service end.
In the embodiment of the present invention, the access module that is configured in the second service end is being passed through to the authentication of second service end feedback, permission continues after the access second service end by the first service end, also can verify the authentication information that the first service end sends when accessing the second service end, particularly, comprise: whether the authentication of users name is correct, if this username good, then inquire about authentication information corresponding to this user name according to user name, described authentication information comprises this user name, this user name institutional affiliation and affiliated role, particularly, in the database of first service end, inquire about this user name institutional affiliation information according to user name, and inquire about Role Information under this user name according to user name, and obtain all roles that use under all mechanisms of using under this user name and this user name, and will verify by after the information obtained (comprising: this user name, this user name institutional affiliation and affiliated role, with all mechanisms that use under this user name and all roles) be assembled into the discernible visa object of second service end.In the embodiment of the present invention, the sign ID(that user name can be thought identifying user for example, aforesaid libin.xm), user name and its institutional affiliation and affiliated role association, for example, user name can be used as major key, and this user name institutional affiliation and affiliated role then can be used as the property value of the corresponding major key of this user name.Adopt the visa object to carry out data encapsulation in the embodiment of the present invention, improved the range of application of authentication demand among the present invention.
After being proved to be successful, second service end 202(for example, the Cognos service end) can receive the access request of this user name, and distribute to the Service Privileges that the user should have according to the visa object, serve accordingly and represent.After the user withdraws from the second service end, in the database of second service end except full mechanism and full-shape look information other information (for example, logging in the information such as authentication sign, this user name institutional affiliation and role that the first service end generates) can delete thereupon.
In the embodiment of the present invention, the access module 2020 that is configured in the second service end communicates by webservice application interface and first service end 201.
In sum, authentication accessing method of the present invention and Verification System, by generating the disposable authentication sign related with landing time behind the login first service end, and the authentication sign that will generate and user name write the database of first service end and second service end, when accessing the second service end with box lunch by the first service end, read the authentication sign that writes above-mentioned two service end databases and compare by the access module that is deployed in the second service end, can continue to access the second service end after comparison is consistent, realize single sign-on between two kinds of service ends by user name in conjunction with the mode of uniqueness authentication sign; And after the comparison of authentication sign is passed through, be encapsulated as the discernible visa object of second service end after the authentication information that obtains behind the first service end is verified and carry out right assignment logging in, realize the Collective qualification under the different authentication scheme scene, improved on the whole the Integrated Authentication treatment effeciency of Verification System.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode of software combined with hardware platform, can certainly all implement by hardware.Based on such understanding, technical scheme of the present invention is to can embodying with the form of software product in whole or in part that background technology contributes, this computer software product can be stored in the storage medium, such as ROM/RAM, magnetic disc, CD etc., comprise that some instructions are with so that a computer equipment (can be personal computer, server, the perhaps network equipment etc.) carry out the described method of some part of each embodiment of the present invention or embodiment.
Above disclosed only is a kind of preferred embodiment of the present invention, certainly can not limit with this interest field of the present invention, and the equivalent variations of therefore doing according to claim of the present invention still belongs to the scope that the present invention is contained.
Claims (16)
1. an authentication accessing method is characterized in that, comprising:
Log in the first service end by user name,
After the authentication by described first service end, generate the authentication sign, wherein said authentication sign and the described time correlation connection that logs in the first service end;
With described user name be connected that authentication sign writes the database of described first service end and the database of one or more second service ends of being connected with described first service end;
If access described second service end by described first service end according to described user name, then start the access module be deployed in described second service end and read the authentication sign according to described user name from the database of described second service end, and the authentication of reading sign and the authentication sign that reads from the database of described first service end compared, if comparison is consistent, then allow to continue the described second service end of access.
2. the method for claim 1 is characterized in that, also comprises:
After the authentication by described first service end, generate before the authentication sign, obtain described user name institutional affiliation and affiliated role, and the authentication information that described user name, described user name institutional affiliation and affiliated role form is write the database of described first service end.
3. method as claimed in claim 2 is characterized in that, described second service end comprises the Cognos service end.
4. method as claimed in claim 3 is characterized in that, also comprises:
After allow continuing the described second service end of access, start described access module the described authentication information that described first service end sends is verified, and the information of obtaining after will verifying is assembled into the visa object, be saved to the database of described second service end.
5. method as claimed in claim 4 is characterized in that, the described described authentication information that described first service end is sent is verified and comprised:
Whether the authentication of users name is correct,
If correct, then inquire about authentication information corresponding to this user name, and obtain all mechanisms and the role who uses under this user name.
6. such as each described method of claim 1 to 5, it is characterized in that described access module communicates by webservice application interface and described first service end.
7. such as each described method of claim 1 to 5, it is characterized in that described authentication sign comprises and the described character string that logs in the time correlation connection of first service end.
8. method as claimed in claim 2 is characterized in that, user name and this user name institutional affiliation and role store with the form of individual database table in the described authentication information.
9. a Verification System is characterized in that, comprise first service end, one or more second service ends that are connected with described first service end, be deployed in the generation module of described first service end and be deployed in the access module of described second service end, wherein,
The first service end is used for logging in by user name;
Described generation module, be used for after the authentication by described first service end, generate the authentication sign, wherein said authentication sign and the described time correlation connection that logs in the first service end, and with described user name be connected that the authentication sign writes the database of described first service end and the database of one or more second service ends of being connected with described first service end;
Described access module, access described second service end by described first service end according to described user name if be used for, read the authentication sign according to described user name from the database of described second service end, and the authentication of reading sign and the authentication sign that reads from the database of described first service end compared, if comparison is consistent, then allow to continue the described second service end of access.
10. system as claimed in claim 9, it is characterized in that, described first service end also is deployed with acquisition module, be used for after the authentication by described first service end, generate before the authentication sign, obtain described user name institutional affiliation and affiliated role, and the authentication information that described user name, described user name institutional affiliation and affiliated role form is write the database of described first service end.
11. system as claimed in claim 10 is characterized in that, described second service end comprises the Cognos service end.
12. system as claimed in claim 11, it is characterized in that, described access module, also be used for after allowing to continue the described second service end of access, the described authentication information that described first service end sends is verified, and the information of obtaining after will verifying is assembled into the visa object, is saved to the database of described second service end.
13. system as claimed in claim 12, it is characterized in that, described access module, be used for the described authentication information that described first service end sends is verified, particularly, whether the authentication of users name is correct, if correct, inquire about authentication information corresponding to this user name, and obtain all mechanisms and the role who uses under this user name.
14., it is characterized in that described access module communicates by webservice application interface and described first service end such as each described system of claim 9 to 13.
15., it is characterized in that described authentication sign comprises and the described character string that logs in the time correlation connection of first service end such as each described system of claim 9 to 13.
16. system as claimed in claim 10 is characterized in that, user name and this user name institutional affiliation and role store with the form of individual database table in the described authentication information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210580828XA CN103023921A (en) | 2012-12-27 | 2012-12-27 | Authentication and access method and authentication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210580828XA CN103023921A (en) | 2012-12-27 | 2012-12-27 | Authentication and access method and authentication system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103023921A true CN103023921A (en) | 2013-04-03 |
Family
ID=47972052
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210580828XA Pending CN103023921A (en) | 2012-12-27 | 2012-12-27 | Authentication and access method and authentication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103023921A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105100107A (en) * | 2015-08-17 | 2015-11-25 | 深圳市深信服电子科技有限公司 | Method and device for authenticating proxy client account |
| CN105740693A (en) * | 2016-03-28 | 2016-07-06 | 中国建设银行股份有限公司 | System login method and device |
| CN106790209A (en) * | 2017-01-03 | 2017-05-31 | 北京并行科技股份有限公司 | A kind of login authentication method and system |
| CN106789883A (en) * | 2016-11-21 | 2017-05-31 | 美的智慧家居科技有限公司 | The method and apparatus of connection server |
| CN106789918A (en) * | 2015-12-08 | 2017-05-31 | 腾讯科技(深圳)有限公司 | Give account number, protection account number safety, the method and apparatus of account anti-theft for change |
| CN107079008A (en) * | 2015-03-27 | 2017-08-18 | 华为技术有限公司 | User authen method, apparatus and system |
| CN107526817A (en) * | 2017-08-28 | 2017-12-29 | 平安科技(深圳)有限公司 | A kind of business personnel intellectual coded generation method, equipment and storage medium |
| CN110113296A (en) * | 2018-02-01 | 2019-08-09 | 上海钢盾信息科技有限公司 | A method of processing data |
| CN111565228A (en) * | 2020-04-29 | 2020-08-21 | 杭州涂鸦信息技术有限公司 | Data source switching method, device, equipment and medium |
| CN115242511A (en) * | 2022-07-22 | 2022-10-25 | 成都中科大旗软件股份有限公司 | Multi-environment application management platform and management method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1588853A (en) * | 2004-07-13 | 2005-03-02 | 中国工商银行 | Uniform identication method and system based on network |
| US20080016333A1 (en) * | 2006-07-13 | 2008-01-17 | Huawei Technologies Co., Ltd. | Method and system for remote password based authentication using smart cards for accessing a communications network |
| CN102546165A (en) * | 2010-12-31 | 2012-07-04 | 中国银联股份有限公司 | Dynamic uniform resource locator (URL) generator, generation method, dynamic-URL-based authentication system and method |
| CN102685093A (en) * | 2011-12-08 | 2012-09-19 | 陈易 | Mobile-terminal-based identity authentication system and method |
| US20120303960A1 (en) * | 2008-01-23 | 2012-11-29 | John Wankmueller | Systems and Methods for Mutual Authentication Using One Time Codes |
-
2012
- 2012-12-27 CN CN201210580828XA patent/CN103023921A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1588853A (en) * | 2004-07-13 | 2005-03-02 | 中国工商银行 | Uniform identication method and system based on network |
| US20080016333A1 (en) * | 2006-07-13 | 2008-01-17 | Huawei Technologies Co., Ltd. | Method and system for remote password based authentication using smart cards for accessing a communications network |
| US20120303960A1 (en) * | 2008-01-23 | 2012-11-29 | John Wankmueller | Systems and Methods for Mutual Authentication Using One Time Codes |
| CN102546165A (en) * | 2010-12-31 | 2012-07-04 | 中国银联股份有限公司 | Dynamic uniform resource locator (URL) generator, generation method, dynamic-URL-based authentication system and method |
| CN102685093A (en) * | 2011-12-08 | 2012-09-19 | 陈易 | Mobile-terminal-based identity authentication system and method |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107079008B (en) * | 2015-03-27 | 2020-02-21 | 华为技术有限公司 | User authentication method, device and system |
| CN107079008A (en) * | 2015-03-27 | 2017-08-18 | 华为技术有限公司 | User authen method, apparatus and system |
| CN105100107A (en) * | 2015-08-17 | 2015-11-25 | 深圳市深信服电子科技有限公司 | Method and device for authenticating proxy client account |
| CN105100107B (en) * | 2015-08-17 | 2018-10-12 | 深信服科技股份有限公司 | The method and apparatus of agent client account certification |
| CN106789918A (en) * | 2015-12-08 | 2017-05-31 | 腾讯科技(深圳)有限公司 | Give account number, protection account number safety, the method and apparatus of account anti-theft for change |
| CN105740693B (en) * | 2016-03-28 | 2019-01-01 | 中国建设银行股份有限公司 | A kind of system login method and device |
| CN105740693A (en) * | 2016-03-28 | 2016-07-06 | 中国建设银行股份有限公司 | System login method and device |
| CN106789883A (en) * | 2016-11-21 | 2017-05-31 | 美的智慧家居科技有限公司 | The method and apparatus of connection server |
| CN106790209A (en) * | 2017-01-03 | 2017-05-31 | 北京并行科技股份有限公司 | A kind of login authentication method and system |
| CN106790209B (en) * | 2017-01-03 | 2019-12-24 | 北京并行科技股份有限公司 | Login authentication method and system |
| CN107526817A (en) * | 2017-08-28 | 2017-12-29 | 平安科技(深圳)有限公司 | A kind of business personnel intellectual coded generation method, equipment and storage medium |
| WO2019041822A1 (en) * | 2017-08-28 | 2019-03-07 | 平安科技(深圳)有限公司 | Intelligent salesman code generation method, apparatus and device, and storage medium |
| CN107526817B (en) * | 2017-08-28 | 2020-08-14 | 平安科技(深圳)有限公司 | Intelligent generation method, equipment and storage medium for salesman code |
| CN110113296A (en) * | 2018-02-01 | 2019-08-09 | 上海钢盾信息科技有限公司 | A method of processing data |
| CN111565228A (en) * | 2020-04-29 | 2020-08-21 | 杭州涂鸦信息技术有限公司 | Data source switching method, device, equipment and medium |
| CN115242511A (en) * | 2022-07-22 | 2022-10-25 | 成都中科大旗软件股份有限公司 | Multi-environment application management platform and management method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103023921A (en) | Authentication and access method and authentication system | |
| US8392969B1 (en) | Method and apparatus for hosting multiple tenants in the same database securely and with a variety of access modes | |
| CN109522735B (en) | Data permission verification method and device based on intelligent contract | |
| CN108292331B (en) | Method and system for creating, verifying and managing identities | |
| CN105357201B (en) | A kind of object cloud storage access control method and system | |
| CN106713271B (en) | Web system login constraint method based on single sign-on | |
| US20190236562A1 (en) | Systems, methods, and apparatuses for implementing document interface and collaboration using quipchain in a cloud based computing environment | |
| US7356840B1 (en) | Method and system for implementing security filters for reporting systems | |
| CN102761551B (en) | System and method for multilevel cross-domain access control | |
| CN102420690B (en) | Fusion and authentication method and system of identity and authority in industrial control system | |
| EP2405607B1 (en) | Privilege management system and method based on object | |
| CN106997525A (en) | Digital license system based on block chain technology | |
| CN116743440A (en) | Security design and architecture for multi-tenant HADOOP clusters | |
| US20090172795A1 (en) | Secure single-sign-on portal system | |
| US8051168B1 (en) | Method and system for security and user account integration by reporting systems with remote repositories | |
| KR20200105997A (en) | System and method for blockchain-based authentication | |
| CN103248699A (en) | Multi-account processing method of single sign on (SSO) information system | |
| CN102880897B (en) | A kind of application data of smart card shares method and smart card | |
| CN111680310B (en) | Authority control method and device, electronic equipment and storage medium | |
| US20190081794A1 (en) | Systems and methods for user identity | |
| US7801967B1 (en) | Method and system for implementing database connection mapping for reporting systems | |
| KR20120112598A (en) | Implementing method, system of universal card system and smart card | |
| CN104580081A (en) | Integrated SSO (single sign on) system | |
| US10057240B2 (en) | Single sign-on to web applications from mobile devices | |
| CN106933605A (en) | A kind of intelligent progress recognizing control method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130403 |