CN103546290A - Third party certification system with user groups or third party certification method - Google Patents
Third party certification system with user groups or third party certification method Download PDFInfo
- Publication number
- CN103546290A CN103546290A CN201310460798.3A CN201310460798A CN103546290A CN 103546290 A CN103546290 A CN 103546290A CN 201310460798 A CN201310460798 A CN 201310460798A CN 103546290 A CN103546290 A CN 103546290A
- Authority
- CN
- China
- Prior art keywords
- user
- service side
- service
- party intermediary
- party
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Information Transfer Between Computers (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to a third party certification system with user groups or a third party certification method. A user terminal can log in service sides or enjoy service of the service sides through service-side certification which is completed through a mediator side, certification processes are needed in the service-side certification, and the service-side certification can only pass under the condition that the certification processes are kept running; user accounts of different mediator sides can commonly share authority and resources of the same user group by adding the user groups in the mediator side, so that a management function of the third party certification system can be enhanced.
Description
Technical field
The present invention relates to a kind of Third Party Authentication system or method of the user's of having group.
Background technology
The resource that the Internet provides and the quantity of service are very huge and increase swift and violent, the Internet has become the main channel of people's obtaining information resource and information service, many internet resources and service provider require user to login and verify, this has just produced the problem of convenience and fail safe.Authentication method by third party or party intermediary is a kind of effective way addressing these problems.
Summary of the invention
The present invention realizes like this, a kind of Third Party Authentication system or method with user's group, it is characterized in that, the respective service of this user terminal ability access service side after user uses terminal to authenticate by service side, service side authenticates by party intermediary and completes, wherein, user logins an authentication procedure of moving on user terminal after party intermediary and can authenticate by party intermediary, after authentication procedure authenticates by party intermediary, user terminal just can carry out service side and authenticates, under the condition that a program object PRO who only has this authentication procedure or this authentication procedure to start still keeps moving, user terminal could authenticate by service side, wherein, carry out service side while authenticating party intermediary can directly send or forward a Service Ticket by user terminal to service side, after only having service side to receive correct Service Ticket, this service side authenticates and could pass through, wherein, carry out service side while authenticating user terminal can send a customer identification information to service side, while only having service side to receive correct customer identification information, this service side authenticates and could pass through, wherein, service side, authenticate by rear, service side can allow a port of user terminal or connect the respective service of access service side, this port or connection are exactly that user terminal sends port or the connection of Service Ticket or customer identification information to service side, wherein, in party intermediary, can set up user's group, the member of user's group is the user account of party intermediary, wherein, user's group of party intermediary can be associated with service side, wherein, after user's group is associated with service side, the member who is composed power in this user organizes just can inherit has this user's group in service side had and compose authority from power to this member, wherein, if this user's group has the authority of a service side's of access respective service, this user organizes the interior member who is invested respective right and just can carry out the respective service that service side authenticated and accessed this service side by party intermediary so, wherein, the interpolation of the keeper of user's group to the member of this user's group, deleting and compose power manages.
Wherein, in party intermediary, can set up user's group, the member of user's group is the user account of party intermediary, wherein, user's group of party intermediary can be associated with service side, wherein, after user's group is associated with service side, the member who is composed power in this user organizes just can inherit has this user's group in service side had and compose authority from power to this member, wherein, if this user's group has the authority of a service side's of access respective service, this user organizes the interior member who is invested respective right and just can carry out the respective service that service side authenticated and accessed this service side by party intermediary so, wherein, the interpolation of the keeper of user's group to the member of this user's group, deleting and compose power manages.
Wherein, the keeper of user group can be also the service side's that is associated keeper, or has registered the user of user account or user's group and service side's user account or user's group are associated with user's group of party intermediary service side.
Wherein, user Group administrators is to user group membership's interpolation, deletion and tax power, can be that the user that user account that keeper directly searches party intermediary adds by this user account again confirms, can be also that the user of party intermediary files a request and by keeper, request confirmed to keeper.
Wherein, after user group is associated with service side, the member of user's group can be no longer register with associated and can be directly carry out service side by party intermediary and authenticate and access the respective service of being organized the service side that tax weighs by user service side.
Wherein, service side's account of user and party intermediary account need first interrelated, and then user could complete service side by party intermediary and authenticate the also respective service of access service side.Wherein, service side's account of user refers to user's group of the service side at service side's account of user or service side's account place of user.Wherein, user's party intermediary account refers to user's group of the party intermediary at user's party intermediary account or user's party intermediary account place.Wherein, service side's account of user and party intermediary account is interrelated refers to, interrelated between user's group of service side's account of user or the service side at its place and user's group of user's party intermediary account or the party intermediary at its place.
Wherein, after service side's account of user and party intermediary account are interrelated, service side's user account and the user account of party intermediary have mutual corresponding relation, and this corresponding relation is specifically preserved by service side and party intermediary both sides.
Wherein, user uses the concrete steps of terminal access service side respective service to be: on 1> user terminal, move authentication procedure, user uses authentication procedure login party intermediary, 2> user selects request access service side on the interface of authentication procedure, whether 3> party intermediary authentication verification program keeps operation, only have this to be verified just and can carry out next step, 4> user terminal, service side and party intermediary complete service side and authenticate, only have service side to authenticate by just carrying out next step, the respective service of 5> user access service side.
Wherein, after user terminal is ended service side's access, user terminal need to authenticate access service side again by party intermediary again.
Wherein, after authentication procedure is stopped running, authentication procedure need to be carried out after party intermediary authentication again, and user terminal could carry out service side again and authenticate.
Wherein, user logins these two steps that party intermediary and authentication procedure authenticate by party intermediary, can be specifically same step or the different step of simultaneously carrying out or the different step of carrying out when different.
Wherein, authentication procedure authenticates by party intermediary, specifically refers to: user uses the authentication of authentication procedure by party intermediary or authentication procedure undertaken and authenticated by party intermediary by another program connecting with party intermediary.For example: after user logins party intermediary by a dedicated program, this dedicated program is set up safely and is connected with party intermediary, authentication procedure is connected safely and is carried out and authenticate (for example: authentication procedure, this dedicated program and party intermediary three closure are transmitted an authentication information, and authentication procedure is set up one by this closure transmission and party intermediary and is newly connected and authenticates by party intermediary) by party intermediary by this.
Wherein, the process that authentication procedure authenticates by party intermediary can comprise that user uses the authentication of terminal by party intermediary and authentication procedure undertaken and authenticated by party intermediary by another program connecting with party intermediary simultaneously.For example: user uses dedicated program login party intermediary and connects, of being authenticated and being set up by party intermediary again between authentication procedure and party intermediary based on this connections of authentication procedure is newly connected---and above process is all included in user terminal and carries out in process that party intermediary authenticates.
Wherein, user terminal is after login party intermediary, this user account that intermediary can show to authentication procedure transmission and on authentication procedure interface party intermediary is the service side of party intermediary association or at service side's user account, user can ask the respective service or the request that access one of them service side to access this service side's respective service at a service side's a user account with user by enterprising line operate at the interface of authentication procedure.
Wherein, this user account of party intermediary has also comprised that the service side of party intermediary association the user at the user account place of this party intermediary organizes to all service sides of this user account tax power or service side's respective service.
Wherein, on described authentication procedure interface, can show service side that this user terminal has accessed by party intermediary or service side's respective service or at service side's user account, user can end service side to wherein showing or the access of respective service or user account on authentication procedure interface.
Wherein, user can on authentication procedure interface, select to terminate among the service side who has accessed by party intermediary that shows on authentication procedure interface or service side's respective service one or several or all.
Wherein, when user selects the service side who has accessed by party intermediary that shows on aborts authentication program interface or service side's respective service on authentication procedure interface, authentication procedure can be sent one to party intermediary and end access request, party intermediary can be sent and end access notice to corresponding service side, and service side receives and ends will end the access of this user terminal to this service side or this service side's respective service after access notice.
Wherein, user terminal is after login party intermediary, intermediary can show to authentication procedure transmission and on authentication procedure interface user's group that this user account of party intermediary has added in party intermediary, user can on the interface of authentication procedure, select to exit one of them user's group or user's group keeper can user organize on administration interface, select to delete user's group member or above both all can.
Wherein, user terminal, after login party intermediary, can show or search on authentication procedure interface and can carry out with this party intermediary associated service side or service side's respective service.
Wherein, user terminal is after login party intermediary, and user can directly register a service side's that can be associated user account and this user account is associated with to this user at the user account of party intermediary on authentication procedure interface.
Wherein, can not by known customer identification information know by inference later or unknown or other or new customer identification information.
Wherein, can not be by known users identifying information customer identification information that know other by inference or that later service side authenticates.
Wherein, customer identification information is included as this service side and authenticates the content of random generation or comprise time that this service side authenticate and the information of computations.For example: the rise time that customer identification information comprises this information is also carried out digital signature.
Wherein, a customer identification information only authenticates for a service side.
Wherein, the free term of validity of each customer identification information, expired customer identification information can lose efficacy and cannot complete service side and authenticate.
Wherein, when party intermediary directly sends Service Ticket to service side, customer identification information and Service Ticket can have the corresponding relation that can verify.Wherein, service side understands authentication of users identifying information and Service Ticket, and whether the two is corresponding, and not corresponding words just can not authenticate by service side.For example: in customer identification information and Service Ticket, can all comprise that user is in service side's user name or same random number.Again for example: Service Ticket is that PKI and customer identification information are to calculate by corresponding private key the information generating.
Wherein, when party intermediary forwards Service Ticket by user terminal to service side, customer identification information and Service Ticket can be that same information or both are included in same information.For example: described Service Ticket is that party intermediary first sends to user terminal, user terminal sends to Service Ticket service side again together with customer identification information.Again for example: Service Ticket sends to user terminal by user terminal, to send to service side again by party intermediary, in this Service Ticket, comprise user in service side's user name and random number, and user is exactly customer identification information in service side's user name and random number.
Wherein, in customer identification information, can comprise this user in the information of service side's account.Wherein, in customer identification information, can comprise the information about service side.
Wherein, while only having authentication procedure to keep operation, user terminal could send customer identification information.Wherein, customer identification information be by authentication procedure, generated or send.
Wherein, user terminal is the respective service of access service side and being connected without party intermediary of service side's foundation after authenticating by service side.
Wherein, service side, authenticate middle user terminal and can forward the Service Ticket from party intermediary to service side, or, service side, authenticating middle user terminal can be sent based on user terminal and party intermediary engagement arithmetic between the two and be calculated the authentication information generating by service orientation party intermediary, or, service side, authenticate middle user terminal, between service side and party intermediary three, can come authentication verification information whether to carry out the starting point of self-closing transmission by the closed terminal that transmits an authentication information and transmitted by closure, or, service side, authenticating middle user terminal can send based on user terminal and service side's engagement arithmetic between the two and calculate the authentication information generating to service side.
Wherein, service side, authenticating middle user terminal can be sent based on user terminal and party intermediary engagement arithmetic between the two and be calculated the authentication information generating by service orientation party intermediary.Wherein, described engagement arithmetic is encrypting and decrypting algorithm.Wherein, user, use after authentication procedure in terminal login party intermediary, party intermediary and user terminal can have respectively in the pair of secret keys of described engagement arithmetic.Wherein, pair of secret keys is the pair of secret keys of asymmetric encryption.Wherein, user terminal has this to the private key in key, and party intermediary has this to the PKI in key.Wherein, only have party intermediary correct with this authentication information of this public key verifications, service side authenticates and could pass through.
Wherein, service side, authenticate between middle user terminal, service side and party intermediary three and can come authentication verification information whether to carry out the starting point of self-closing transmission by the closed terminal that transmits an authentication information and transmitted by closure.Wherein, only have closed transmission to be successfully completed, service side authenticates and could pass through.
Wherein, service side, authenticating middle user terminal can send based on user terminal and service side's engagement arithmetic between the two and calculate the authentication information generating to service side.Wherein, described engagement arithmetic is encrypting and decrypting algorithm.Wherein, user, use after authentication procedure in terminal login party intermediary, party intermediary and user terminal can have respectively in the pair of secret keys of described engagement arithmetic.Wherein, pair of secret keys is the pair of secret keys of asymmetric encryption.Wherein, user terminal has this to the private key in key, and party intermediary has this to the PKI in key.Wherein, in service side authenticates, service side can receive the PKI corresponding with the private key of user terminal, user terminal can mail to service side by calculate the authentication information generating based on private key, service side can verify that whether the authentication information of receiving from user terminal is correct according to the PKI of receiving, while only having authentication information correct, service side authenticates and could pass through.
Wherein, the program of the respective service of user access service side or program object are not authentication procedures.Wherein, the program of the respective service of user access service side or program object are program or the program objects that user asks access service Fang Houxin operation on the interface of authentication procedure.
Wherein, user has respectively user account service side and party intermediary, and service side's user account and the user account of party intermediary have mutual corresponding relation.This corresponding relation can be one to one or one-to-many or many-to-one corresponding relation.Wherein, man-to-man corresponding relation is for example: first user registers the user account of party intermediary, then user is by the user account of the direct registration service side of user account of party intermediary, user is exactly by party intermediary, to pass to service side's user in user account or the user identification code of party intermediary during in registration service side at service side's user account, and the also user account phase relation two sides by user when the user account of user by party intermediary registration service side.Wherein, the corresponding relation of one-to-many for example: user has a plurality of user accounts in party intermediary, and these user accounts are the same user account service side corresponding to user.Wherein, many-to-one corresponding system for example: user has a plurality of user accounts service side, and these user accounts are the same user account in party intermediary corresponding to user.
Wherein, in service side authenticates, user terminal, service side and party intermediary can complete the closure transmission of an information, the closed terminal one transmitting can enough verify two information in closure transmission be all whether same the dot generation of being transmitted by this closure or send.For example: in party intermediary, generate a random string as Service Ticket, party intermediary directly sends to service side by character string, simultaneously, party intermediary is by turning to service side to send character string in user terminal, and whether whether two character strings that service side receives by comparison are all authentication verification mutually correct.
Wherein, the connection that the respective service of user terminal access service side is set up is without party intermediary.
Wherein, Service Ticket can directly send to service side by party intermediary.Wherein, the route directly sending is without user terminal.Wherein, the mode of described direct transmission is without user terminal.For example: this Service Ticket comprises a PKI, and the authentication procedure of user terminal has corresponding private key, service side verifies that by the right corresponding relation of this key whether described Service Ticket is correct.
Wherein, Service Ticket can be that party intermediary is transmitted to service side by user terminal.For example: this Service Ticket comprises the digital signature of party intermediary, whether service side is correct by this Service Ticket of this digital signature authentication.
Wherein, Service Ticket also comprises the information about the rise time, and the Service Ticket that surpasses the term of validity can lose efficacy.
Wherein, when authentication procedure is stopped running, user terminal also can be ended service side's access.Authentication procedure is when ending, and party intermediary can be ended the access of user terminal to service side in notification service side, and the program object of user terminal login service side is out of service.
Wherein, user terminal, service side and party intermediary are connected by the Internet.Wherein, tripartite's information passes through the Internet and carries out.
Wherein, each Service Ticket can only complete a service side a service side and authenticates.
Wherein, party intermediary has corresponding engagement arithmetic with service side, and whether the Service Ticket that service side can receive by the engagement arithmetic checking having is correct.Wherein, described engagement arithmetic can be encrypting and decrypting algorithm or Digital Signature Algorithm or one-way function algorithm or dynamic password algorithm etc.
Wherein, Service Ticket can be an information, also can be comprised of two information that send respectively.
Wherein, service side authenticates by rear service side and can allow from connection of user terminal or port login or with corresponding authority login or use special services, and this connection or port are that user terminal forwards that port or the connection of Service Ticket to service side.
Wherein, described access, specifically refers to login or connects.
Wherein, service side provides the computer system of resource and service or website etc. by the Internet to user terminal.
Wherein, party intermediary is to carry out on the internet the computer system of Third Party Authentication.
Wherein, terminal, service side and party intermediary are the equipment with computer function, as: PC, mobile phone, server, server farm etc.
Wherein, user has user account APID service side, and user also has user account AUID in party intermediary.Wherein, user is associated APID and AUID.Wherein, there is corresponding relation in APID and AUID.Wherein, this corresponding relation is by service side or party intermediary or above all both are preserved.
Wherein, party intermediary can consist of together a plurality of servers or a plurality of server farm.Wherein, the role of party intermediary or function can be born respectively by a plurality of servers or a plurality of server farm.For example: the server A of user terminal login party intermediary, user terminal keeps being connected with the server B of party intermediary, user terminal obtains scrip from the server C of party intermediary, user terminal exchanges Service Ticket from the server D of party intermediary for scrip, and user terminal goes to login service side with Service Ticket.
Wherein, it can be different forming the different server of party intermediary or the network address of different server group.Wherein, different server or the different server group of composition party intermediary belong to different operator.
Wherein, the result of the respective service of access service side is that user terminal can connect with service side or the side by service side's credit.For example: user terminal sends Service Ticket to service side, service orientation user terminal returns to service side's voucher, and user terminal is with service side's voucher the opposing party of login service side's credit again.
Accompanying drawing explanation
Fig. 1 is the schematic network structure of the embodiment of the present invention 1.
Embodiment
Embodiment 1
User terminal is a computer, and service side comprises three websites: e-commerce website A, search website B and instant messaging website Q, party intermediary is Third Party Authentication provider.There is X in the administrative procurement department of an existing unit, Y, Z is 3 people altogether, everyone of this department needs to go shopping to e-commerce website A for unit, can be by user account of director X de-electromation business web site registration or user's group, then X arrives user's group of party intermediary registration again, and X is again by both are associated above.In this user's group, except keeper's account of X, add Y and Z at the user account of party intermediary, keeper's X-direction Y and Z invest the authority of user's group on the A of website again.The unified account number that 3 people that so just can realize this department utilize company is purchased for company at website A.
User uses the flow process of user account of terminal login service side as follows:
1) register account number and associated account number:
1.1) X, Y, Z register respectively user account separately in party intermediary,
1.2) X organizes BUYER-A at user account of website A registration or user,
1.3) X be take and own at the user account of party intermediary, as keeper registers a user, organized BUYER-AU,
1.4) X is associated BUYER-A and BUYER-AU, wherein, a financial payments account of X Hai Ba company is bound mutually with BUYER-AU, and this financial payments account of purchasing Dou Jiangyou company with the identity of BUYER-A like this pays,
1.5) X joins BUYER-AU by Y and Z at the user account of party intermediary;
2) go service side A purchases by website:
2.1) X or Y or Z move authentication procedure in terminal, and use authentication procedure to login party intermediary with party intermediary account separately:
2.2) party intermediary is to authentication procedure return data, comprising: X or Y or Z associated service side A and the user of party intermediary organize account BUYER-AU.
2.3) X or Y or Z select to login A with the member of BUYER-AU user's group on authentication procedure interface, and authentication procedure sends request the request of login A to party intermediary;
2.4) user terminal, service side A and party intermediary AU carry out authenticating about the service side of service side A: a, whether party intermediary keeps operation with question and answer response verification authentication procedure, only have authentication procedure to keep operation just to carry out next step, b, party intermediary sends Service Ticket in the mode directly with by user terminal to service side A respectively, in Service Ticket, comprise user and organize BUYER-AU and X or Y or Z corresponding to the user identification code of service side A, service side receives that whether check two Service Ticket after Service Ticket identical, wherein, the Service Ticket sending by user terminal is included in user terminal in the customer identification information of service side's transmission, this customer identification information also comprises that user is in service side's account, party intermediary title and service party name, only have Service Ticket and customer identification information all under correct condition, just to carry out next step, c, user terminal authenticate by service side,
2.5) after the service side of user terminal by service side A authenticates, just can be with BUYER-A access service side A;
2.6) after X or Y or Z user terminal access service side A, just can purchase at service side A.
3) user terminal is ended the login to service side's respective service:
3.1) authentication procedure on user terminal can show service side and the respective service that the user of all these terminals has accessed by party intermediary,
3.2) user selects to end access service side or a respective service on the interface of authentication procedure, authentication procedure send to be ended the request of access and party intermediary sends the request of ending access to service side to party intermediary, service side receives that the request of the termination access that party intermediary sends will end the access of this user terminal to service side or respective service, in the request of the termination access that wherein, party intermediary sends to service side, comprise user identification code AID-AUID.
3.3) when authentication procedure is stopped running on user terminal, authentication procedure also can be sent one to party intermediary and end access request, party intermediary can give notice to end the access of this user terminal to all service sides and respective service to all service sides of this user terminal access, or, when party intermediary fails to receive the heartbeat response of authentication procedure or question and answer response, also can end the access of this user terminal to all service sides and respective service.
4) user exits user's group:
4.1) user terminal can show to authentication procedure transmission and on authentication procedure interface in login party intermediary Hou, intermediary all user's groups that this user account of party intermediary has added in party intermediary,
4.2) user can select to exit added user's group on the interface of authentication procedure, or the keeper of user's group can delete the group membership of user's group in group administration interface.
Claims (10)
1. one kind has Third Party Authentication system or the method that user organizes, it is characterized in that, the respective service of this user terminal ability access service side after user uses terminal to authenticate by service side, service side authenticates by party intermediary and completes, wherein, user logins an authentication procedure of moving on user terminal after party intermediary and can authenticate by party intermediary, after authentication procedure authenticates by party intermediary, user terminal just can carry out service side and authenticates, under the condition that a program object PRO who only has this authentication procedure or this authentication procedure to start still keeps moving, user terminal could authenticate by service side, wherein, carry out service side while authenticating party intermediary can directly send or forward a Service Ticket by user terminal to service side, after only having service side to receive correct Service Ticket, this service side authenticates and could pass through, wherein, carry out service side while authenticating user terminal can send a customer identification information to service side, while only having service side to receive correct customer identification information, this service side authenticates and could pass through, wherein, service side, authenticate by rear, service side can allow a port of user terminal or connect the respective service of access service side, this port or connection are exactly that user terminal sends port or the connection of Service Ticket or customer identification information to service side, wherein, in party intermediary, can set up user's group, the member of user's group is the user account of party intermediary, wherein, user's group of party intermediary can be associated with service side, wherein, after user's group is associated with service side, the member who is composed power in this user organizes just can inherit has this user's group in service side had and compose authority from power to this member, wherein, if this user's group has the authority of a service side's of access respective service, this user organizes the interior member who is invested respective right and just can carry out the respective service that service side authenticated and accessed this service side by party intermediary so, wherein, the interpolation of the keeper of user's group to the member of this user's group, deleting and compose power manages.
2. a kind of Third Party Authentication system or method with user group according to claim 1, it is characterized in that, the keeper of user group can be also the service side's that is associated keeper, or has registered the user of user account or user's group and service side's user account or user's group are associated with user's group of party intermediary service side.
3. a kind of Third Party Authentication system or method with user group according to claim 1, it is characterized in that, user Group administrators is to user group membership's interpolation, deletion and tax power, can be that the user that user account that keeper directly searches party intermediary adds by this user account again confirms, can be also that the user of party intermediary files a request and by keeper, request confirmed to keeper.
4. a kind of Third Party Authentication system or method with user group according to claim 1, it is characterized in that, after user group is associated with service side, the member of user's group can be no longer register with associated and can be directly carry out service side by party intermediary and authenticate and access the respective service of being organized the service side that tax weighs by user service side.
5. a kind of Third Party Authentication system or method with user group according to claim 1, it is characterized in that, service side's account of user and party intermediary account need first interrelated, and then user could complete service side by party intermediary and authenticate the also respective service of access service side.
6. a kind of Third Party Authentication system or method with user group according to claim 1, it is characterized in that, after service side's account of user and party intermediary account are interrelated, service side's user account and the user account of party intermediary have mutual corresponding relation, and this corresponding relation is specifically preserved by service side and party intermediary both sides.
7. a kind of Third Party Authentication system or method with user group according to claim 1, it is characterized in that, user uses the concrete steps of terminal access service side respective service to be: on 1> user terminal, move authentication procedure, user uses authentication procedure login party intermediary, 2> user selects request access service side on the interface of authentication procedure, whether 3> party intermediary authentication verification program keeps operation, only have this to be verified just and can carry out next step, 4> user terminal, service side and party intermediary complete service side and authenticate, only have service side to authenticate by just carrying out next step, the respective service of 5> user access service side.
8. a kind of Third Party Authentication system or method with user's group according to claim 1, is characterized in that, after user terminal is ended service side's access, user terminal need to authenticate access service side again by party intermediary again.
9. a kind of Third Party Authentication system or method with user's group according to claim 1, is characterized in that, after authentication procedure is stopped running, authentication procedure need to be carried out after party intermediary authentication again, and user terminal could carry out service side again and authenticate.
10. a kind of Third Party Authentication system or method with user group according to claim 1, this Verification System or method have or several in following characteristics:
1) user logins these two steps that party intermediary and authentication procedure authenticate by party intermediary, can be specifically same step or the different step of simultaneously carrying out or the different step of carrying out when different,
2) user terminal is after login party intermediary, this user account that intermediary can show to authentication procedure transmission and on authentication procedure interface party intermediary is the service side of party intermediary association or at service side's user account, user can ask the respective service or the request that access one of them service side with user, at a service side's a user account, to access this service side's respective service by enterprising line operate at the interface of authentication procedure
3) this user account of party intermediary has also comprised that the service side of party intermediary association user's group at the user account place of this party intermediary composes the service side of power or service side's respective service to this user account,
4) on described authentication procedure interface, can show service side that this user terminal has accessed by party intermediary or service side's respective service or at service side's user account, user can end the service side of wherein demonstration or the access of respective service or user account on authentication procedure interface
5) when user selects the service side who has accessed by party intermediary that shows on aborts authentication program interface or service side's respective service on authentication procedure interface, authentication procedure can be sent one to party intermediary and end access request, party intermediary can be sent and end access notice to corresponding service side, service side receives and ends will end the access of this user terminal to this service side or this service side's respective service after access notice
6) user terminal is after login party intermediary, intermediary can show to authentication procedure transmission and on authentication procedure interface user's group that this user account of party intermediary has added in party intermediary, user can on the interface of authentication procedure, select to exit one of them user's group or user's group keeper can user organize on administration interface, select to delete user's group member or above both all can
7) user terminal, after login party intermediary, can show or search on authentication procedure interface and can carry out with this party intermediary associated service side or service side's respective service,
8) user terminal is after login party intermediary, and user can directly register a service side's that can be associated user account and this user account is associated with to this user at the user account of party intermediary on authentication procedure interface,
9) program of the respective service of user access service side or program object are not authentication procedures,
10) in service side authenticates, user terminal, service side and party intermediary can complete the closure transmission of an information, the closed terminal one transmitting can enough verify two information in closure transmission be all whether same the dot generation of being transmitted by this closure or send
11) can not by known customer identification information know by inference later or unknown or other or new customer identification information,
12) can not be by known users identifying information customer identification information that know other by inference or that later service side authenticates,
13) customer identification information is included as this service side and authenticates the content of random generation or comprise time that this service side authenticate and the information of computations,
14) customer identification information only authenticates for a service side,
15) the free term of validity of each customer identification information, expired customer identification information can lose efficacy and cannot complete service side and authenticate,
16) user terminal is the respective service of access service side and being connected without party intermediary of service side's foundation after authenticating by service side,
17) service side, authenticate middle user terminal and can forward the Service Ticket from party intermediary to service side, or, service side, authenticating middle user terminal can be sent based on user terminal and party intermediary engagement arithmetic between the two and be calculated the authentication information generating by service orientation party intermediary, or, service side, authenticate middle user terminal, between service side and party intermediary three, can come authentication verification information whether to carry out the starting point of self-closing transmission by the closed terminal that transmits an authentication information and transmitted by closure, or, service side, authenticating middle user terminal can send based on user terminal and service side's engagement arithmetic between the two and calculate the authentication information generating to service side,
18) party intermediary can consist of together a plurality of servers or a plurality of server farm,
19) result of the respective service of access service side is that user terminal can connect with service side or the side by service side's credit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310460798.3A CN103546290B (en) | 2013-10-08 | 2013-10-08 | Third Party Authentication system or method with user group |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310460798.3A CN103546290B (en) | 2013-10-08 | 2013-10-08 | Third Party Authentication system or method with user group |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103546290A true CN103546290A (en) | 2014-01-29 |
| CN103546290B CN103546290B (en) | 2019-06-18 |
Family
ID=49969370
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310460798.3A Expired - Fee Related CN103546290B (en) | 2013-10-08 | 2013-10-08 | Third Party Authentication system or method with user group |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103546290B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104954330A (en) * | 2014-03-27 | 2015-09-30 | 华为软件技术有限公司 | Method of accessing data resources, device and system |
| WO2015180298A1 (en) * | 2014-05-28 | 2015-12-03 | 中兴通讯股份有限公司 | Service authentication processing method and apparatus |
| CN105635109A (en) * | 2015-12-10 | 2016-06-01 | 中青冠岳科技(北京)有限公司 | Mobile terminal instant messaging group member control method and device |
| CN106797390A (en) * | 2016-02-18 | 2017-05-31 | 任少华 | The system and method for authentication center |
| CN108960903A (en) * | 2018-06-14 | 2018-12-07 | 万翼科技有限公司 | Processing method, device and the computer readable storage medium for the customer information that fails |
| CN109905407A (en) * | 2019-04-03 | 2019-06-18 | 北京奇安信科技有限公司 | Management method, system, equipment and medium based on vpn server access Intranet |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006107713A1 (en) * | 2005-04-04 | 2006-10-12 | Cisco Technology, Inc. | System and method for multi-session establishment |
| CN101978650A (en) * | 2008-01-10 | 2011-02-16 | 任少华 | A system and method of secure network authentication |
| CN102006286A (en) * | 2010-10-29 | 2011-04-06 | 北京星网锐捷网络技术有限公司 | Access management method, device and system as well as access device for information system |
| CN102333085A (en) * | 2008-07-04 | 2012-01-25 | 任少华 | Security network authentication system and method |
| CN102510336A (en) * | 2011-12-05 | 2012-06-20 | 任少华 | Security certification system or method |
-
2013
- 2013-10-08 CN CN201310460798.3A patent/CN103546290B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006107713A1 (en) * | 2005-04-04 | 2006-10-12 | Cisco Technology, Inc. | System and method for multi-session establishment |
| CN101978650A (en) * | 2008-01-10 | 2011-02-16 | 任少华 | A system and method of secure network authentication |
| CN102333085A (en) * | 2008-07-04 | 2012-01-25 | 任少华 | Security network authentication system and method |
| CN102006286A (en) * | 2010-10-29 | 2011-04-06 | 北京星网锐捷网络技术有限公司 | Access management method, device and system as well as access device for information system |
| CN102510336A (en) * | 2011-12-05 | 2012-06-20 | 任少华 | Security certification system or method |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104954330A (en) * | 2014-03-27 | 2015-09-30 | 华为软件技术有限公司 | Method of accessing data resources, device and system |
| WO2015180298A1 (en) * | 2014-05-28 | 2015-12-03 | 中兴通讯股份有限公司 | Service authentication processing method and apparatus |
| CN105635109A (en) * | 2015-12-10 | 2016-06-01 | 中青冠岳科技(北京)有限公司 | Mobile terminal instant messaging group member control method and device |
| CN106797390A (en) * | 2016-02-18 | 2017-05-31 | 任少华 | The system and method for authentication center |
| CN108960903A (en) * | 2018-06-14 | 2018-12-07 | 万翼科技有限公司 | Processing method, device and the computer readable storage medium for the customer information that fails |
| CN109905407A (en) * | 2019-04-03 | 2019-06-18 | 北京奇安信科技有限公司 | Management method, system, equipment and medium based on vpn server access Intranet |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103546290B (en) | 2019-06-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA3015695C (en) | Systems and methods for distributed data sharing with asynchronous third-party attestation | |
| WO2020061923A1 (en) | Blockchain-based account management system and management method, and storage medium | |
| CN108959911A (en) | A kind of key chain generates, verification method and its device | |
| CN103546290A (en) | Third party certification system with user groups or third party certification method | |
| CN105577612B (en) | Identity authentication method, third-party server, merchant server and user terminal | |
| CN102685749B (en) | Wireless safety authentication method orienting to mobile terminal | |
| CN103269270A (en) | Real-name authentication safe login method and system based on cell phone number | |
| KR102460299B1 (en) | Anonymous credential authentication system and method thereof | |
| CN102333085B (en) | Security network authentication system and method | |
| CN110493237A (en) | Identity management method, device, computer equipment and storage medium | |
| CN109741068A (en) | Internetbank inter-bank contracting method, apparatus and system | |
| CN101304318A (en) | Safe network authentication system and method | |
| CN103546292A (en) | Third-party certification system or method with multiple identification codes | |
| CN108400962A (en) | A kind of Authentication and Key Agreement method under multiserver framework | |
| CN103368831B (en) | A kind of anonymous instant communicating system identified based on frequent visitor | |
| Khattak et al. | Analysis of open environment sign-in schemes-privacy enhanced & trustworthy approach | |
| CN103379119A (en) | Network multi-authentication system or network multi-authentication method | |
| US20120066497A1 (en) | Method and device for enabling portable user reputation | |
| Me et al. | A mobile based approach to strong authentication on Web | |
| Zhang et al. | Efficient privacy protection authentication protocol for vehicle network in 5G | |
| CN101252438A (en) | Third party identification authentication system based on mobile type IC | |
| CN103546293A (en) | Third party certification system or method | |
| CN107682380A (en) | A kind of method and device of cross-certification | |
| CN103546462A (en) | Third party certification system with specific associated processes or third party certification method | |
| Mandal et al. | Design of electronic payment system based on authenticated key exchange |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20190618 Termination date: 20211008 |