CN103546290B - Third Party Authentication system or method with user group - Google Patents

Third Party Authentication system or method with user group Download PDF

Info

Publication number
CN103546290B
CN103546290B CN201310460798.3A CN201310460798A CN103546290B CN 103546290 B CN103546290 B CN 103546290B CN 201310460798 A CN201310460798 A CN 201310460798A CN 103546290 B CN103546290 B CN 103546290B
Authority
CN
China
Prior art keywords
service side
user
party
service
user group
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201310460798.3A
Other languages
Chinese (zh)
Other versions
CN103546290A (en
Inventor
任少华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201310460798.3A priority Critical patent/CN103546290B/en
Publication of CN103546290A publication Critical patent/CN103546290A/en
Application granted granted Critical
Publication of CN103546290B publication Critical patent/CN103546290B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Information Transfer Between Computers (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention relates to a kind of Third Party Authentication system or method with user group, wherein, user terminal needs to authenticate ability login service side by service side or using the service of service side, service side's certification is completed by party intermediary, it also needs in service side's certification using authentication procedure, service side's certification could pass through under conditions of only authentication procedure remains operational, wherein, by the user group that party intermediary is added, the user account of different party intermediaries can share the permission and resource of same user group, enhance the management function of Third Party Authentication system.

Description

Third Party Authentication system or method with user group
Technical field
The present invention relates to a kind of Third Party Authentication system or method with user group.
Background technique
The quantity of resource and service that internet provides is very huge and increases rapidly, and internet has become people's acquisition The main channel of information resources and information service, many internet resources and service provider require user to log in and verify, The problem of this generates convenience and safeties.Authentication method by third party or party intermediary is that one kind solves these problems Effective way.
Summary of the invention
The invention is realized in this way a kind of Third Party Authentication system or method with user group, which is characterized in that use After family using terminal is authenticated by service side the user terminal could access service side respective service, service side's certification passes through Jie side completes, wherein user, which logs in the authentication procedure run after party intermediary on user terminal, to be recognized by party intermediary Card, authentication procedure by party intermediary authenticate after user terminal just can be carried out service side authenticate, only the authentication procedure or this recognize User terminal could be authenticated by service side under conditions of one program object PRO of card program starting still maintains operation, In, when carrying out service side's certification, party intermediary can directly transmit to service side or forward a Service Ticket by user terminal, Service side certification could pass through after only service side receives correct Service Ticket, wherein use when carrying out service side's certification Family terminal can send a customer identification information, service when only service side receives correct customer identification information to service side Side's certification could pass through, wherein after service side's certification passes through, service side can allow a port of user terminal or connection to connect Enter the respective service of service side, the port or connection are exactly user terminal to service side's transmission Service Ticket or customer identification information Port or connection, wherein user group can be set up in party intermediary, the member of user group is the user account of party intermediary, In, a user group of party intermediary can be associated with service side, wherein after user group is associated with service side, in the user group Can be inherited by entitled member has the user group possessed by the service side and to the entitled permission of the member, In, if the user group has the permission of the respective service of one service side of access, corresponding power is invested in the user group The member of benefit can carry out service side's certification by party intermediary and access the respective service of the service side, wherein user group Administrator is managed the addition of the member of the user group, deletion and tax power.
Wherein, user group can be set up in party intermediary, the member of user group is the user account of party intermediary, wherein in One user group of Jie side can be associated with service side, wherein after user group is associated with service side, is assigned and is weighed in the user group Member can inherit and have the user group possessed by the service side and to the entitled permission of the member, wherein such as The fruit user group have access one service side respective service permission, then the user group in invested respective right at Member can carry out service side's certification by party intermediary and access the respective service of the service side, wherein the administrator of user group The addition of the member of the user group, deletion and tax power are managed.
Wherein, the administrator of user group is also possible to the administrator of associated service side, or registers in service side The user of the user account or user group and user account of service side or user group is associated with the user group of party intermediary.
Wherein, user Group administrators to the addition of user group membership, deletion and assign power, can be in administrator's direct search The user account of Jie side is added to be confirmed by the user of the user account again, is also possible to the user of party intermediary to management Member, which files a request, again confirms request by administrator.
Wherein, after user group is associated with service side, the member of user group no longer can register and be associated in service side And service side's certification directly can be carried out by party intermediary and accessed by the respective service of the entitled service side of user group.
Wherein, the service side's account and party intermediary account of user needs first interrelated, and then user could pass through intermediary Complete the respective service of service side's certification and access service side in side.Wherein, service side's account of user refers to the service side of user The user group of service side where account or service side's account of user.Wherein, the party intermediary account of user refers in user The user group of party intermediary where Jie side's account or the party intermediary account of user.Wherein, the service side's account and party intermediary of user Account is interrelated to be referred to, the party intermediary account of service side's account of user or the user group of the service side where it and user or It is interrelated between the user group of party intermediary where it.
Wherein, after the service side's account and party intermediary account of user are interrelated, the user account and party intermediary of service side User account there is reciprocal correspondence relationship, this corresponding relationship is specifically saved by service side and party intermediary both sides.
Wherein, the specific steps of user's using terminal access service side respective service are as follows: certification is run on 1 > user terminal Program, user using authentication procedure log in party intermediary, 2 > user select on the interface of authentication procedure request access service side, 3 > Whether party intermediary authentication verification program remains operational, and only this, which is verified, just can be carried out in next step, 4 > user terminal, service side Service side's certification is completed with party intermediary, only service side's certification is by just can be carried out in next step, the phase of 5 > user access service side It should service.
Wherein, after user terminal stops the access of service side, user terminal needs are recognized again through party intermediary Card could access service side again.
Wherein, after authentication procedure is stopped running, after authentication procedure needs to carry out party intermediary certification again, user terminal ability Service side's certification is carried out again.
Wherein, user logs in the two steps that party intermediary and authentication procedure are authenticated by party intermediary, specifically can be same The different step that one step is performed simultaneously or the different step not being performed simultaneously.
Wherein, authentication procedure by party intermediary authenticate, in particular to: user use identity of the authentication procedure by party intermediary Certification or authentication procedure are carried out and by establishing another program of connection with party intermediary by party intermediary certification.Example Such as: user establishes secure connection by the dedicated program after a dedicated program login party intermediary and party intermediary, and authentication procedure is logical Cross the secure connection carry out and by party intermediary certification (such as: authentication procedure, the dedicated program and party intermediary three are closed transmitting One authentication information, authentication procedure establish one with party intermediary by closure transmitting and newly connect and authenticated by party intermediary).
Wherein, the process that authentication procedure is authenticated by party intermediary can include that user's using terminal passes through party intermediary simultaneously Authentication and authentication procedure carried out by establishing another program of connection with party intermediary and authenticated by party intermediary. Such as: user logs in party intermediary using dedicated program and establishes connection, and authentication procedure is based on the connection and is authenticated again by party intermediary And establish between authentication procedure and party intermediary new connection --- above procedure is included in user terminal and carries out in primary During Jie side authenticates.
Wherein, after logging in party intermediary, intermediary can transmit and on authentication procedure interface user terminal to authentication procedure The user account of party intermediary is shown in the associated service side of party intermediary or in the user account of service side, user can be Request is operable on the interface of authentication procedure to access the respective service of one of service side or request with user at one The user account of service side accesses the respective service of the service side.
Wherein, the user account of party intermediary also includes the user of the party intermediary in the associated service side of party intermediary User group where account is to the respective service of the entitled all service sides of the user account or service side.
Wherein, service side or clothes of the user terminal by party intermediary access can be shown on the authentication procedure interface The respective service of business side or user account in service side, user can stop on authentication procedure interface to the clothes wherein shown The access of business side or respective service or user account.
Wherein, user can select to terminate on authentication procedure interface having passed through of showing on authentication procedure interface It is one or several or whole among the respective service of service side or service side that Jie side accesses.
Wherein, select what is shown on aborts authentication program interface to connect by party intermediary on authentication procedure interface as user When the respective service of the service side or service side that enter, authentication procedure can issue a suspension access request, party intermediary to party intermediary It can then be issued to corresponding service side and stop access notice, service side will stop the user terminal after receiving suspension access notice Access to the respective service of the service side or the service side.
Wherein, after logging in party intermediary, intermediary can transmit and on authentication procedure interface user terminal to authentication procedure Show the user group that the user account of party intermediary has been added in party intermediary, user can select on the interface of authentication procedure The administrator for exiting one of user group or user group can select to delete user group on user group administration interface One member or both of the above.
Wherein, can show or search for after logging in party intermediary, on authentication procedure interface can be with the intermediary for user terminal The respective service of the service side or service side that are just associated.
Wherein, user terminal is after logging in party intermediary, and user can directly registration can be associated on authentication procedure interface The user account is simultaneously associated with the user in the user account of party intermediary by the user account of one service side.
Wherein, later or unknown or other or new user cannot be deduced by known customer identification information Identification information.
Wherein, it cannot deduce that the user of other or later service side's certifications identifies letter by known users identification information Breath.
Wherein, customer identification information is included as that the secondary service side authenticates the content generated at random or comprising the secondary service side The time of certification and the information of computations.Such as: customer identification information includes the generation time of the information and carries out digital label Name.
Wherein, a customer identification information is served only for service side's certification.
Wherein, each customer identification information having time validity period, expired customer identification information can fail and can not be complete It is authenticated at service side.
Wherein, when party intermediary directly sends Service Ticket to service side, customer identification information can have with Service Ticket The corresponding relationship that can verify that.Wherein, whether corresponding service side can verify both customer identification information and Service Ticket, not right It cannot be authenticated by service side if answering.Such as: it can all include that user is servicing in customer identification information and Service Ticket The user name or same random number of side.Another example is: Service Ticket is public key and customer identification information is to be calculated to give birth to corresponding private key At information.
Wherein, when party intermediary forwards Service Ticket to service side by user terminal, customer identification information and Service Ticket The two can be same information or both included in same information.Such as: the Service Ticket is that party intermediary is first sent to Service Ticket and customer identification information are sent jointly to service side again by user terminal, user terminal.Another example is: Service Ticket is User terminal is sent to by party intermediary, service side is sent to by user terminal again, comprising user in service side in the Service Ticket User name and random number, and user is exactly customer identification information in the user name and random number of service side.
Wherein, it may include the user in customer identification information in the information of the account of service side.Wherein, user identifies letter It may include the information about service side in breath.
Wherein, when only authentication procedure remains operational, user terminal could send customer identification information.Wherein, Yong Hushi Other information is by authentication procedure generation or transmission.
Wherein, the company that the respective service after user terminal is authenticated by service side for access service side is established with service side It connects without party intermediary.
Wherein, user terminal can forward the Service Ticket from party intermediary to service side in service side's certification, alternatively, User terminal can be sent by service orientation party intermediary based on user terminal and the pact of party intermediary between the two in service side's certification Determine algorithm and calculate the authentication information generated, alternatively, in meeting between user terminal, service side and party intermediary three in service side's certification Closure one authentication information of transmitting and the starting point for whether carrying out self-closing transmitting come authentication verification information by the terminal of closure transmitting, or Person, user terminal can be sent to service side based on user terminal and the engagement arithmetic of service side between the two in service side's certification Calculate the authentication information generated.
Wherein, user terminal can be sent by service orientation party intermediary and be based on user terminal and intermediary in service side's certification The engagement arithmetic of side between the two calculates the authentication information generated.Wherein, the engagement arithmetic is encryption-decryption algorithm.Wherein, After the authentication procedure in user's using terminal logs in party intermediary, party intermediary and user terminal can be respectively provided with the engagement arithmetic A pair of secret keys in one.Wherein, a pair of secret keys is a pair of secret keys of asymmetric encryption.Wherein, user terminal has this right Private key in key, party intermediary have this to the public key in key.Wherein, only party intermediary is with the public key verifications authentication information Correctly, service side's certification could pass through.
Wherein, one certification of transmitting can be closed between user terminal, service side and party intermediary three in service side's certification Information and the starting point for whether carrying out self-closing transmitting come authentication verification information by the terminal of closure transmitting.Wherein, only closure transmitting It has been successfully completed that, service side's certification could pass through.
Wherein, user terminal can send to service side and be based on user terminal and service side between the two in service side's certification Engagement arithmetic calculate generate authentication information.Wherein, the engagement arithmetic is encryption-decryption algorithm.Wherein, it is used in user After authentication procedure in terminal logs in party intermediary, party intermediary and user terminal can be respectively provided with a pair of secret keys of the engagement arithmetic In one.Wherein, a pair of secret keys is a pair of secret keys of asymmetric encryption.Wherein, user terminal has this to the private in key Key, party intermediary have this to the public key in key.Wherein, in service side's certification, service side will receive the private with user terminal The corresponding public key of key, user terminal then can be sent to service side for the authentication information generated is calculated based on private key, and service side understands root Verify whether the authentication information received from user terminal is correct, and service side recognizes when only authentication information is correct according to the public key received Card could pass through.
Wherein, the program of the respective service of user access service side or program object are not authentication procedures.Wherein, Yong Hujie The program or program object for entering the respective service of service side are that user requests access service Fang Houxin on the interface of authentication procedure A program or program object for operation.
Wherein, user is respectively provided with user account in service side and party intermediary, the user account of service side and party intermediary User account has reciprocal correspondence relationship.This corresponding relationship can be one-to-one or one-to-many or many-to-one corresponding pass System.Wherein, one-to-one corresponding relationship is for example: user registers with the user account of party intermediary first, and then user passes through intermediary The user account of the direct registration service side of user account of side, user is when the user account of service side is exactly in registration service side User account or CUSTOMER ID of the user in party intermediary of service side are passed to by party intermediary, and user is registered by party intermediary While the user account of service side also by user two sides user account phase relation.Wherein, one-to-many corresponding relationship example Such as: user possesses multiple user accounts in party intermediary, these user accounts correspond to user in same user's account of service side Number.Wherein, many-to-one correspondence is for example: user possesses multiple user accounts in service side, these user accounts, which correspond to, to be used Same user account of the family in party intermediary.
Wherein, in service side's certification, user terminal, service side and party intermediary can complete the closure transmitting an of information, Closure transmitting one side of terminal be able to verify that closure transmitting in two information whether be all transmitted by the closure it is same together It is that point generates or sending.Such as: a random string is generated as Service Ticket in party intermediary, and party intermediary is straight by character string Service side is given in sending and receiving, meanwhile, party intermediary sends character string by turning to service side in user terminal, and service side is received by comparing To two character strings whether be mutually all whether authentication verification correct.
Wherein, the connection that the respective service of user terminal access service side is established is without party intermediary.
Wherein, Service Ticket can be transmitted directly to service side by party intermediary.Wherein, the routing directly transmitted without with Family terminal.Wherein, the mode directly transmitted is without user terminal.Such as: the Service Ticket includes a public key, user The authentication procedure of terminal has corresponding private key, and whether service side verifies the Service Ticket by the corresponding relationship of the key pair Correctly.
Wherein, Service Ticket can be party intermediary and be transmitted to service side by user terminal.Such as: the Service Ticket includes Whether the digital signature of party intermediary, service side are correct by the digital signature authentication Service Ticket.
Wherein, Service Ticket further includes about the information for generating the time, and the Service Ticket more than validity period can fail.
Wherein, when authentication procedure is stopped running, user terminal can also stop the access of service side.Authentication procedure is in When only, party intermediary is notified that service side stops access of the user terminal to service side, the program pair of user terminal login service side As out of service.
Wherein, user terminal, service side and party intermediary are connected by internet.Wherein, the information of tripartite passes through Internet carries out.
Wherein, each Service Ticket can only complete service side's certification in a service side.
Wherein, party intermediary and service side possess corresponding engagement arithmetic, and service side can be by the engagement arithmetic that possesses Whether correct verify the Service Ticket received.Wherein, the engagement arithmetic can be encryption-decryption algorithm or digital signature is calculated Method or one-way function algorithm or dynamic password algorithm etc..
Wherein, Service Ticket can be an information, and the information for being also possible to be sent respectively by two forms.
Wherein, service side's certification by rear service side can allow come one of user terminal connection or port login or with Corresponding authority logs in or uses special services, and the connection or port are that ends that user terminal forwards Service Ticket to service side Mouth or connection.
Wherein, the access, in particular to login or connection.
Wherein, service side, which can be, provides computer system or the website of resource and service to user terminal by internet Deng.
Wherein, party intermediary is to carry out the computer system of Third Party Authentication on the internet.
Wherein, terminal, service side and party intermediary are that have the equipment of computer function, such as: PC machine, mobile phone, server, clothes Wu Qi group etc..
Wherein, user has user account APID in service side, and user also has user account AUID in party intermediary.Its In, APID and AUID are associated by user.Wherein, there are corresponding relationships with AUID by APID.Wherein, the corresponding relationship is by taking Business side or both party intermediary or all of the above are saved.
Wherein, party intermediary can be is made of multiple servers or multiple server farms together.Wherein, party intermediary Role or function can be to be undertaken by multiple servers or multiple server farms respectively.Such as: user terminal logs in intermediary The server B of the server A of side, user terminal and party intermediary keeps connecting, and user terminal faces from the server C of party intermediary acquisition When voucher, user terminal exchanges Service Ticket for from the server D of party intermediary with scrip, and user terminal goes to step on Service Ticket Record service side.
Wherein, the network address of the different server or different server group that form party intermediary can be different.Its In, the different server or different server group for forming party intermediary, which can be, belongs to different operators.
Wherein, the respective service of access service side the result is that user terminal can with service side or pass through service side's credit One side establishes connection.Such as: user terminal sends Service Ticket to service side, and service orientation user terminal returns to a service side Voucher, user terminal is with another party of service side's voucher login service side's credit again.
Detailed description of the invention
Fig. 1 is the schematic network structure of the embodiment of the present invention 1.
Specific embodiment
Embodiment 1
User terminal is a computer, and service side includes three websites: e-commerce website A, search website B and immediately Website Q is communicated, party intermediary is Third Party Authentication provider.There are X, Y in the administrative procurement department of an existing unit, and Z has 3 people altogether, this Everyone of a department requires to be gone shopping to e-commerce website A for unit, then can be by responsible person's X de-electromation business web site A user account or user group are registered, then X arrives party intermediary again and registers a user group, and both of the above is associated by X again.? Y and Z are added in the user group other than administrator's account of X in the user account of party intermediary, administrator X invests use to Y and Z Permission of the family group on the A of website.It is public affairs in website A that 3 people of the department, which thus may be implemented, using the unified account number of company Department is purchased.
The process of the user account of user's using terminal login service side is as follows:
1) register account number and associated account number:
1.1) X, Y, Z register respective user account in party intermediary respectively,
1.2) X registers a user account or user group BUYER-A in website A,
1.3) X registers a user group BUYER-AU the user account of party intermediary is administrator with oneself,
1.4) X is associated by both BUYER-A and BUYER-AU, wherein X also a financial payments account of company with BUYER-AU phase is bound, and being purchased with the identity of BUYER-A will all be paid in this way by the financial payments account of company,
1.5) Y and Z is added to BUYER-AU in the user account of party intermediary by X;
2) service side's A purchases by website are gone:
2.1) X or Y or Z runs authentication procedure at the terminal, and is logged in using authentication procedure with respective party intermediary account Party intermediary:
2.2) intermediary direction authentication procedure returned data, including: X or Y or Z associated service side A and intermediary The user group account BUYER-AU of side.
2.3) the member login A that X or Y or Z is selected on authentication procedure interface with BUYER-AU user group, authentication procedure to Party intermediary sends the request that request logs in A;
2.4) user terminal, service side A and party intermediary AU authenticate about the service side of service side A: a, party intermediary with Whether question and answer response verification authentication procedure remains operational, and only authentication procedure, which remains operational, just carries out in next step, b, party intermediary point Service Ticket is not sent to service side A in a manner of directly and by user terminal, includes user group BUYER- in Service Ticket AU and X or Y or Z corresponds to the CUSTOMER ID of service side A, and whether service side checks two Service Ticket after receiving Service Ticket It is identical, wherein the Service Ticket sent by user terminal is included in the customer identification information that user terminal is sent to service side In, which further includes account, party intermediary title and service side title of the user in service side, only Service Ticket With customer identification information all correctly under the conditions of just carry out in next step;C, user terminal is authenticated by service side;
It 2.5), can be with the access service side BUYER-A A after service side's certification that user terminal passes through service side A;
2.6) X or Y or Z can be purchased using after user terminal access service side A in service side A.
3) user terminal stops the login to the respective service of service side:
3.1) authentication procedure on user terminal can show the clothes that the user of all terminals has been accessed by party intermediary Business side and respective service,
3.2) user selects to stop access service side or a respective service, authentication procedure on the interface of authentication procedure The request of the request for stopping access and intermediary direction service side transmission suspension access is sent to party intermediary, service side receives party intermediary The request for the suspension access sent will stop access of the user terminal to service side or respective service, wherein intermediary direction It include CUSTOMER ID AID-AUID in the request for the suspension access that service side sends.
3.3) when authentication procedure is stopped running on the subscriber terminal, authentication procedure can also issue a suspension to party intermediary Access request, party intermediary can be given notice to all service sides that the user terminal accesses to stop the user terminal to all clothes The access of business side and respective service, alternatively, also can when party intermediary fails the heartbeat response for receiving authentication procedure or question and answer respond Stop access of the user terminal to all service sides and respective service.
4) user exits a user group:
4.1) after logging in party intermediary, intermediary can transmit to authentication procedure and show on authentication procedure interface user terminal Show all user groups that the user account of party intermediary has been added in party intermediary,
4.2) user can select to exit an added user group on the interface of authentication procedure, alternatively, user group Administrator the group membership of user group can be deleted in group administration interface.

Claims (62)

1. a kind of Third Party Authentication system with user group, which is characterized in that after user's using terminal is authenticated by service side The respective service of terminal ability access service side, service side's certification are completed by party intermediary, wherein user transports at the terminal Row authentication procedure simultaneously logs in party intermediary using authentication procedure, and when authentication procedure has logged on party intermediary, user be can request that with user The member access service side of group, wherein user runs authentication procedure at the terminal and recognizes after logging in party intermediary using authentication procedure Card program can be authenticated by party intermediary, and terminal just can be carried out service side's certification after authentication procedure is authenticated by party intermediary, only Terminal could be authenticated by service side under conditions of having the authentication procedure to still maintain operation, wherein carry out service side's certification When party intermediary can be directly transmitted to service side or a Service Ticket is forwarded by terminal, only service side receives correct certification Service side certification could pass through after voucher, wherein when carrying out service side's certification, terminal can send a user to service side Identification information, service side certification could pass through when only service side receives correct customer identification information, wherein in service side After certification passes through, service side can allow a port of terminal or connect with the corresponding clothes of the member access service side of user group Business, the port or connection are exactly port or the connection that terminal sends Service Ticket or customer identification information to service side, wherein are appointed What user can register respectively respective user account in party intermediary, any user can be set up in party intermediary with oneself As the user group of administrator, the administrator of user group can distinguish other users in party intermediary each the user account that party intermediary is registered It is added in the user group from the user account of registration, the member of user group is the user account of party intermediary, wherein party intermediary One user group can be associated with service side, wherein after user group is associated with service side, by entitled member in the user group Can inherit has the user group possessed by the service side and to the entitled permission of the member, wherein if the use As soon as family group has the permission of the respective service of access service side, then being invested member's energy of respective right in the user group Service side's certification is enough carried out by party intermediary and accesses the respective service of the service side with the member of the user group, is recognized in service side Service therefrom can learn the user group account of the user group and the CUSTOMER ID of the user group membership in the side of Jie in card, wherein The administrator of user group is managed the addition of the member of the user group, deletion and tax power.
2. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that the pipe of user group Reason person be service side have registered the user of user account or user group and the user by oneself service side user account Or user group is associated with the user group that oneself sets up in party intermediary.
3. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that user group management Member is to the addition of user group membership, deletion and assigns power, and the user account that can be administrator's direct search party intermediary is added Confirmed again by the user of the user account, the user for being also possible to party intermediary files a request again to administrator by administrator couple Request is confirmed.
4. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that user group and clothes After the association of business side, the member of user group can no longer register with being associated in service side and can directly be carried out by party intermediary Service side authenticates and accesses by the respective service of the entitled service side of user group.
5. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that the service of user Square account and party intermediary account needs are first interrelated, and then user could be authenticated by party intermediary completion service side and access clothes The respective service of business side.
6. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that the service of user After square account and party intermediary account are interrelated, there is reciprocal correspondence to close for the user account of service side and the user account of party intermediary System, this corresponding relationship are specifically saved by service side and party intermediary both sides.
7. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that user uses eventually Terminate the specific steps into service side's respective service are as follows: authentication procedure is run in 1 > terminal, user uses in authentication procedure login Jie side, 2 > user select request access service side on the interface of authentication procedure, and whether 3 > party intermediary authentication verification program keeps Operation, only this, which is verified, just can be carried out in next step, and 4 > terminal, service side and party intermediary complete service side's certification, only take The certification of business side is by just can be carried out in next step, the respective service of 5 > user access service side.
8. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that in terminal to clothes After the access of business side stops, terminal needs to carry out certification again through party intermediary could access service side again.
9. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that in authentication procedure After only running, after authentication procedure needs to carry out party intermediary certification again, terminal could carry out service side's certification again.
10. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that user logs in The two steps that party intermediary and authentication procedure are authenticated by party intermediary, specifically can be same step or are performed simultaneously not The different step not being performed simultaneously with step or.
11. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that terminal is being stepped on After recording party intermediary, intermediary can transmit to authentication procedure and show the user account of party intermediary on authentication procedure interface In the associated service side of party intermediary or in the user account of service side, user can be operable on the interface of authentication procedure Request is accessed respective service or the request of one of service side and is accessed with user in the user account of a service side The respective service of the service side.
12. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that party intermediary The user account also include the user account of the party intermediary in the associated service side of party intermediary where user group To the respective service of the entitled service side of the user account or service side.
13. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that the certification The respective service for the service side or service side that the terminal has been accessed by party intermediary can be shown on program interface or in service side User account, user can stop on authentication procedure interface to the service side or respective service that wherein show or user account Access.
14. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that when user exists The service side or service side accessed by party intermediary shown on aborts authentication program interface is selected on authentication procedure interface When respective service, authentication procedure can issue a suspension access request to party intermediary, and party intermediary can then be sent out to corresponding service side Stop access notice out, service side will stop the terminal to the phase of the service side or the service side after receiving suspension access notice The access that should be serviced.
15. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that terminal is being stepped on After recording party intermediary, intermediary can transmit to authentication procedure and show the user account of party intermediary on authentication procedure interface In the user group that party intermediary is added, user can select to exit on the interface of authentication procedure one of user group and/or The administrator of user group can select to delete a member of user group on user group administration interface.
16. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that terminal is being stepped on After recording party intermediary, the service side or service side that can be associated with the party intermediary can be shown or searched on authentication procedure interface Respective service.
17. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that terminal is being stepped on After recording party intermediary, user can directly register the user account of the associated service side of energy on authentication procedure interface and should User account is associated with the user in the user account of party intermediary.
18. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that user's access The program or program object of the respective service of service side are not authentication procedures.
19. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that in service side In certification, terminal, service side and party intermediary can complete the closure transmitting an of information, and one side of terminal for being closed transmitting is able to verify that Whether two information in closure transmitting are all that the same starting point transmitted by the closure generates or sending.
20. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that cannot be by The customer identification information known deduces later or unknown or other or new customer identification information.
21. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that cannot be by Know that customer identification information deduces the customer identification information of other or later service side's certifications.
22. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that user's identification Information is included as the content that this service side certification generates at random or time and computations comprising this service side certification Information.
23. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that a user Identification information is served only for service side's certification.
24. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that each user Identification information all having time validity periods, expired customer identification information can fail and be unable to complete service side certification.
25. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that terminal passes through Service side certification after for access service side respective service and with service side establish connection without party intermediary.
26. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that in service side Terminal can forward the Service Ticket from party intermediary to service side in certification, alternatively, terminal can pass through clothes in service side's certification Direction party intermediary of being engaged in, which is sent, calculates the authentication information generated based on the engagement arithmetic of terminal and party intermediary between the two, alternatively, One authentication information of transmitting can be closed in service side's certification between terminal, service side and party intermediary three and by the end of closure transmitting Point carrys out the starting point whether authentication verification information carrys out self-closing transmitting, alternatively, terminal can be sent to service side in service side's certification Engagement arithmetic based on terminal and service side between the two calculates the authentication information generated.
27. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that party intermediary can With what is be made of together multiple servers or multiple server farms.
28. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that access service Side respective service the result is that terminal can establish connection with service side or by a side of service side's credit.
29. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that party intermediary is straight It connects when sending Service Ticket to service side, customer identification information and Service Ticket can have the corresponding relationship that can verify that, wherein Whether service side can verify both customer identification information and Service Ticket corresponding, cannot pass through service side if not corresponding Certification.
30. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that only authenticate When program remains operational, terminal could send customer identification information, wherein user can be selected on authentication procedure interface with certainly The identity logs of member of user group some service side that oneself is added in the user account of party intermediary.
31. a kind of Third Party Authentication system with user group according to claim 1, which is characterized in that each certification Voucher can only complete service side's certification in a service side.
32. a kind of third party authentication method with user group, which is characterized in that after user's using terminal is authenticated by service side The respective service of terminal ability access service side, service side's certification are completed by party intermediary, wherein user transports at the terminal Row authentication procedure simultaneously logs in party intermediary using authentication procedure, and when authentication procedure has logged on party intermediary, user be can request that with user The member access service side of group, wherein user runs authentication procedure at the terminal and recognizes after logging in party intermediary using authentication procedure Card program can be authenticated by party intermediary, and terminal just can be carried out service side's certification after authentication procedure is authenticated by party intermediary, only Terminal could be authenticated by service side under conditions of having the authentication procedure to still maintain operation, wherein carry out service side's certification When party intermediary can be directly transmitted to service side or a Service Ticket is forwarded by terminal, only service side receives correct certification Service side certification could pass through after voucher, wherein when carrying out service side's certification, terminal can send a user to service side Identification information, service side certification could pass through when only service side receives correct customer identification information, wherein in service side After certification passes through, service side can allow a port of terminal or connect with the corresponding clothes of the member access service side of user group Business, the port or connection are exactly port or the connection that terminal sends Service Ticket or customer identification information to service side, wherein are used Family can set up user group in party intermediary, and the member of user group is the user account that other users register in party intermediary, wherein One user group of party intermediary can be associated with service side, wherein after user group is associated with service side, is assigned in the user group The member of power, which can inherit, has the user group possessed by the service side and to the entitled permission of the member, wherein If the user group has the permission of the respective service of one service side of access, respective right is invested in the user group Member can be carried out service side's certification by party intermediary and be accessed the respective service of the service side with the member of the user group, Service therefrom can learn that the user group account of the user group and the user of the user group membership identify in the side of Jie in service side's certification Code, wherein the administrator of user group is managed the addition of the member of the user group, deletion and tax power, wherein including as follows Step: 1) multiple users register any one use in respective user account and multiple user in party intermediary respectively The user account that family can be registered with oneself in party intermediary registers user group as administrator, 2) administrator of user group can should Other users in multiple users are in the member that the user account that party intermediary is respectively registered respectively is added to the user group.
33. a kind of third party authentication method with user group according to claim 32, which is characterized in that user group Administrator be service side have registered the user of user account or user group and the user by oneself service side user's account Number or user group it is associated with the user group that oneself sets up in party intermediary.
34. a kind of third party authentication method with user group according to claim 32, which is characterized in that user group pipe Reason person is to the addition of user group membership, deletion and assigns power, and the user account that can be administrator's direct search party intermediary adds Add and confirmed again by the user of the user account, the user for being also possible to party intermediary files a request again to administrator by administrator Request is confirmed.
35. a kind of third party authentication method with user group according to claim 32, which is characterized in that user group with After service side's association, the member of user group can no longer service side register be associated with and can directly by party intermediary into Row service side authenticates and accesses by the respective service of the entitled service side of user group.
36. a kind of third party authentication method with user group according to claim 32, which is characterized in that the clothes of user Business side's account and party intermediary account needs are first interrelated, and then user could be authenticated and be accessed by party intermediary completion service side The respective service of service side.
37. a kind of third party authentication method with user group according to claim 32, which is characterized in that the clothes of user After business side's account and party intermediary account are interrelated, the user account of service side and the user account of party intermediary have reciprocal correspondence Relationship, this corresponding relationship are specifically saved by service side and party intermediary both sides.
38. a kind of third party authentication method with user group according to claim 32, which is characterized in that user uses The specific steps of terminal access service side respective service are as follows: authentication procedure is run in 1 > terminal, user is logged in using authentication procedure Party intermediary, 2 > user select request access service side on the interface of authentication procedure, and whether 3 > party intermediary authentication verification program protects Operation is held, only this, which is verified, just can be carried out in next step, and 4 > terminal, service side and party intermediary complete service side's certification, only Service side's certification is by just can be carried out in next step, the respective service of 5 > user access service side.
39. a kind of third party authentication method with user group according to claim 32, which is characterized in that in terminal pair After the access of service side stops, terminal needs to carry out certification again through party intermediary could access service side again.
40. a kind of third party authentication method with user group according to claim 32, which is characterized in that authentication procedure After stopping running, after authentication procedure needs to carry out party intermediary certification again, terminal could carry out service side's certification again.
41. a kind of third party authentication method with user group according to claim 32, which is characterized in that user logs in The two steps that party intermediary and authentication procedure are authenticated by party intermediary, specifically can be same step or are performed simultaneously not The different step not being performed simultaneously with step or.
42. a kind of third party authentication method with user group according to claim 32, which is characterized in that terminal is being stepped on After recording party intermediary, intermediary can transmit to authentication procedure and show the user account of party intermediary on authentication procedure interface In the associated service side of party intermediary or in the user account of service side, user can be operable on the interface of authentication procedure Request is accessed respective service or the request of one of service side and is accessed with user in the user account of a service side The respective service of the service side.
43. a kind of third party authentication method with user group according to claim 32, which is characterized in that party intermediary The user account also include the user account of the party intermediary in the associated service side of party intermediary where user group To the respective service of the entitled service side of the user account or service side.
44. a kind of third party authentication method with user group according to claim 32, which is characterized in that the certification The respective service for the service side or service side that the terminal has been accessed by party intermediary can be shown on program interface or in service side User account, user can stop on authentication procedure interface to the service side or respective service that wherein show or user account Access.
45. a kind of third party authentication method with user group according to claim 32, which is characterized in that when user exists The service side or service side accessed by party intermediary shown on aborts authentication program interface is selected on authentication procedure interface When respective service, authentication procedure can issue a suspension access request to party intermediary, and party intermediary can then be sent out to corresponding service side Stop access notice out, service side will stop the terminal to the phase of the service side or the service side after receiving suspension access notice The access that should be serviced.
46. a kind of third party authentication method with user group according to claim 32, which is characterized in that terminal is being stepped on After recording party intermediary, intermediary can transmit to authentication procedure and show the user account of party intermediary on authentication procedure interface In the user group that party intermediary is added, user can select to exit on the interface of authentication procedure one of user group and/or The administrator of user group can select to delete a member of user group on user group administration interface.
47. a kind of third party authentication method with user group according to claim 32, which is characterized in that terminal is being stepped on After recording party intermediary, the service side or service side that can be associated with the party intermediary can be shown or searched on authentication procedure interface Respective service.
48. a kind of third party authentication method with user group according to claim 32, which is characterized in that terminal is being stepped on After recording party intermediary, user can directly register the user account of the associated service side of energy on authentication procedure interface and should User account is associated with the user in the user account of party intermediary.
49. a kind of third party authentication method with user group according to claim 32, which is characterized in that user's access The program or program object of the respective service of service side are not authentication procedures.
50. a kind of third party authentication method with user group according to claim 32, which is characterized in that in service side In certification, terminal, service side and party intermediary can complete the closure transmitting an of information, and one side of terminal for being closed transmitting is able to verify that Whether two information in closure transmitting are all that the same starting point transmitted by the closure generates or sending.
51. a kind of third party authentication method with user group according to claim 32, which is characterized in that cannot be by The customer identification information known deduces later or unknown or other or new customer identification information.
52. a kind of third party authentication method with user group according to claim 32, which is characterized in that cannot be by Know that customer identification information deduces the customer identification information of other or later service side's certifications.
53. a kind of third party authentication method with user group according to claim 32, which is characterized in that user's identification Information is included as the content that this service side certification generates at random or time and computations comprising this service side certification Information.
54. a kind of third party authentication method with user group according to claim 32, which is characterized in that a user Identification information is served only for service side's certification.
55. a kind of third party authentication method with user group according to claim 32, which is characterized in that each user Identification information all having time validity periods, expired customer identification information can fail and be unable to complete service side certification.
56. a kind of third party authentication method with user group according to claim 32, which is characterized in that terminal passes through Service side certification after for access service side respective service and with service side establish connection without party intermediary.
57. a kind of third party authentication method with user group according to claim 32, which is characterized in that in service side Terminal can forward the Service Ticket from party intermediary to service side in certification, alternatively, terminal can pass through clothes in service side's certification Direction party intermediary of being engaged in, which is sent, calculates the authentication information generated based on the engagement arithmetic of terminal and party intermediary between the two, alternatively, One authentication information of transmitting can be closed in service side's certification between terminal, service side and party intermediary three and by the end of closure transmitting Point carrys out the starting point whether authentication verification information carrys out self-closing transmitting, alternatively, terminal can be sent to service side in service side's certification Engagement arithmetic based on terminal and service side between the two calculates the authentication information generated.
58. a kind of third party authentication method with user group according to claim 32, which is characterized in that party intermediary can With what is be made of together multiple servers or multiple server farms.
59. a kind of third party authentication method with user group according to claim 32, which is characterized in that access service Side respective service the result is that terminal can establish connection with service side or by a side of service side's credit.
60. a kind of third party authentication method with user group according to claim 32, which is characterized in that party intermediary is straight It connects when sending Service Ticket to service side, customer identification information and Service Ticket can have the corresponding relationship that can verify that, wherein Whether service side can verify both customer identification information and Service Ticket corresponding, cannot pass through service side if not corresponding Certification.
61. a kind of third party authentication method with user group according to claim 32, which is characterized in that only authenticate When program remains operational, terminal could send customer identification information, wherein user can be selected on authentication procedure interface with certainly The identity logs of member of user group some service side that oneself is added in the user account of party intermediary.
62. a kind of third party authentication method with user group according to claim 32, which is characterized in that each certification Voucher can only complete service side's certification in a service side.
CN201310460798.3A 2013-10-08 2013-10-08 Third Party Authentication system or method with user group Expired - Fee Related CN103546290B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310460798.3A CN103546290B (en) 2013-10-08 2013-10-08 Third Party Authentication system or method with user group

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310460798.3A CN103546290B (en) 2013-10-08 2013-10-08 Third Party Authentication system or method with user group

Publications (2)

Publication Number Publication Date
CN103546290A CN103546290A (en) 2014-01-29
CN103546290B true CN103546290B (en) 2019-06-18

Family

ID=49969370

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310460798.3A Expired - Fee Related CN103546290B (en) 2013-10-08 2013-10-08 Third Party Authentication system or method with user group

Country Status (1)

Country Link
CN (1) CN103546290B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104954330B (en) * 2014-03-27 2018-03-16 华为软件技术有限公司 A kind of methods, devices and systems to be conducted interviews to data resource
CN105282180B (en) * 2014-05-28 2019-08-09 南京中兴软件有限责任公司 The processing method and processing device of service authentication
CN105635109A (en) * 2015-12-10 2016-06-01 中青冠岳科技(北京)有限公司 Mobile terminal instant messaging group member control method and device
CN106797390B (en) * 2016-02-18 2020-09-01 任少华 System and method for authentication center
CN108960903A (en) * 2018-06-14 2018-12-07 万翼科技有限公司 Processing method, device and the computer readable storage medium for the customer information that fails
CN109905407B (en) * 2019-04-03 2021-01-29 奇安信科技集团股份有限公司 Management method, system, equipment and medium for accessing intranet based on VPN server

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006107713A1 (en) * 2005-04-04 2006-10-12 Cisco Technology, Inc. System and method for multi-session establishment
CN101978650A (en) * 2008-01-10 2011-02-16 任少华 A system and method of secure network authentication
CN102006286A (en) * 2010-10-29 2011-04-06 北京星网锐捷网络技术有限公司 Access management method, device and system as well as access device for information system
CN102333085A (en) * 2008-07-04 2012-01-25 任少华 Security network authentication system and method
CN102510336A (en) * 2011-12-05 2012-06-20 任少华 Security certification system or method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006107713A1 (en) * 2005-04-04 2006-10-12 Cisco Technology, Inc. System and method for multi-session establishment
CN101978650A (en) * 2008-01-10 2011-02-16 任少华 A system and method of secure network authentication
CN102333085A (en) * 2008-07-04 2012-01-25 任少华 Security network authentication system and method
CN102006286A (en) * 2010-10-29 2011-04-06 北京星网锐捷网络技术有限公司 Access management method, device and system as well as access device for information system
CN102510336A (en) * 2011-12-05 2012-06-20 任少华 Security certification system or method

Also Published As

Publication number Publication date
CN103546290A (en) 2014-01-29

Similar Documents

Publication Publication Date Title
CN105187431B (en) Login method, server, client and the communication system of third-party application
CN101616136B (en) Method for supplying internet service and service integrated platform system
CN103546290B (en) Third Party Authentication system or method with user group
CN101626369B (en) Method, device and system for single sign-on
CN108965230A (en) A kind of safety communicating method, system and terminal device
CN104283886B (en) A kind of implementation method of the web secure access based on intelligent terminal local authentication
CN103259663A (en) User unified authentication method in cloud computing environment
CN107733861A (en) It is a kind of based on enterprise-level intranet and extranet environment without password login implementation method
CN105556894A (en) Network connection automation
CN107835176A (en) A kind of network authentication method and platform based on eID
CN103986584A (en) Double-factor identity verification method based on intelligent equipment
CN103414684A (en) Single sign-on method and system
CN110891060A (en) Unified authentication system based on multi-service system integration
US20030135734A1 (en) Secure mutual authentication system
CN101540757A (en) Method and system for identifying network and identification equipment
CN102209046A (en) Network resource integration system and method
CN106921481A (en) A kind of system and method for tenant's division and purview certification based on PKI
US20170104748A1 (en) System and method for managing network access with a certificate having soft expiration
CN112383401B (en) User name generation method and system for providing identity authentication service
US12061686B2 (en) Pre-registration of authentication devices
CN108400962A (en) A kind of Authentication and Key Agreement method under multiserver framework
CN104125230A (en) Short message authentication service system and authentication method
CN103546292A (en) Third-party certification system or method with multiple identification codes
Khattak et al. Analysis of open environment sign-in schemes-privacy enhanced & trustworthy approach
CN115600230A (en) Personnel management system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20190618

Termination date: 20211008

CF01 Termination of patent right due to non-payment of annual fee