CN104113412A - PaaS platform-based identity authentication method and identity authentication apparatus - Google Patents
PaaS platform-based identity authentication method and identity authentication apparatus Download PDFInfo
- Publication number
- CN104113412A CN104113412A CN201310139856.2A CN201310139856A CN104113412A CN 104113412 A CN104113412 A CN 104113412A CN 201310139856 A CN201310139856 A CN 201310139856A CN 104113412 A CN104113412 A CN 104113412A
- Authority
- CN
- China
- Prior art keywords
- user
- identity
- permission ticket
- application
- bill
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
- H04L9/0844—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses an identity authentication apparatus on a PaaS platform. The identity authentication apparatus is used for authenticating the identities of users who are to access applications on the PaaS platform; the identity authentication apparatus includes a key distribution center which is used for authenticating the users according to access strategies made by the developers of the applications, and distributing tickets; the key distribution center includes an authentication server; and the authentication server is configured to receive verification requests from the users, to determine protocols to which the identities of the users belong, to determine the verification modes of the users according to the protocols and transmit first granting tickets to the users after successful verification. The invention also discloses a PaaS platform-based identity authentication method.
Description
Technical field
the present invention relates to cloud computing security fields, particularly a kind of identity identifying method and ID authentication device based on PaaS platform.
Background technology
paaS is the abbreviation of Platform-as-a-Service, and the meaning is that platform serves, the pattern that server platform is provided as a kind of service.The service of being carried out program and being provided by network is referred to as SaaS (Software as a Service), and corresponding server platform of cloud computing epoch or development environment provide and just become PaaS as service.
developer is in the time utilizing PaaS to develop, dispose its application, often wish that calling PaaS provides interface, to user is carried out to authentication, provide similar IPMaaS (Identity and Policy Management as a Service) service.But the present situation of the authentication service that PaaS provides is not fully up to expectations.For PaaS service provider, its authentication service providing multiple identity of compatible user simultaneously at present, for example local identity (identity of registering on PaaS platform) and OpenID identity.In addition, also existing user need repeatedly authenticate, the inadequate problem of the collaborative degree of certification between same developer's different application.
Summary of the invention
for addressing the above problem, according to an aspect of the present invention, provide a kind of identity identifying method based on PaaS platform, comprising: receive the checking request from the user of the described PaaS platform of use; Determine described user's the affiliated agreement of identity; And determine described user's verification mode according to described agreement.
above-mentioned identity identifying method also can comprise: after being proved to be successful, send the first permission ticket to described user.
above-mentioned identity identifying method also can comprise: receive the bill request for the application of first PaaS platform from described user, comprise described the first permission ticket in described bill request; Send the second permission ticket for described the first application to described user, make described user rely on this second permission ticket can obtain the service of described the first application; Receive the bill request for the application of second PaaS platform from described user, in described bill request, comprise described the first permission ticket; And send the 3rd permission ticket for described the second application to described user, make described user rely on this 3rd permission ticket can obtain the service of described the second application.
in above-mentioned identity identifying method, described the first permission ticket is bill permission ticket TGT, and described the second permission ticket and described the 3rd permission ticket are serving grant bill.
in above-mentioned identity identifying method, the agreement under described user's identity can be Kerberos agreement or OpenID agreement.
in above-mentioned identity identifying method, in the time that the agreement under the identity of determining described user is OpenID agreement, authentication server, OpenID provider and described user tripartite in PaaS platform authenticate according to the consensus standard of OpenID.
in above-mentioned identity identifying method, described user and described authentication server utilize Diffie-Hellman algorithm to calculate shared key.
according to another aspect of the present invention, ID authentication device on a kind of PaaS platform is provided, described ID authentication device is for carrying out authentication to the user who prepares the application on the described PaaS platform of access, described ID authentication device comprises: KDC, for the access strategy of formulating according to the developer of the application on PaaS platform, user is authenticated and distributing bills, wherein, described KDC comprises authentication server, and described authentication server is configured to receive the checking request from described user; Determine described user's the affiliated agreement of identity; Determine described user's verification mode and send the first permission ticket to described user after being proved to be successful according to described agreement.
in above-mentioned ID authentication device, described KDC also comprises: ticket-granting server, described ticket-granting server is configured to receive the bill request for the application of first PaaS platform from described user, comprises described the first permission ticket in described bill request; Send the second permission ticket for described the first application to described user, make described user rely on this second permission ticket can obtain the service of described the first application.Described ticket-granting server can further be configured to receive the bill request for the application of second PaaS platform from described user, comprises described the first permission ticket in described bill request; And send the 3rd permission ticket for described the second application to described user, make described user rely on this 3rd permission ticket can obtain the service of described the second application.
in above-mentioned ID authentication device, described the first permission ticket is bill permission ticket TGT, and described the second permission ticket and described the 3rd permission ticket are serving grant bill.
in above-mentioned ID authentication device, the agreement under described user's identity can be Kerberos agreement or OpenID agreement.
in above-mentioned ID authentication device, when the agreement under described authentication server is determined described user's identity is OpenID agreement, described authentication server, OpenID provider and described user tripartite authenticate according to the consensus standard of OpenID.
in above-mentioned ID authentication device, described user and described authentication server utilize Diffie-Hellman algorithm to calculate shared key.
above-mentioned identity identifying method based on PaaS platform and ID authentication device make PaaS service provider provide the identity authentication service of high efficient and flexible for the application program on it.But meet same developer this identity identifying method and equipment energy low-cost and develop multiple relatively independent but demands of identical/close authentication.And this identity identifying method and equipment can compatible local identity and are represented the OpenID identity of combined identity certification trend, and have good autgmentability with the more multi-class identity of compatibility.Whole verification process can reach the similar low certification number of times effect of Kerberos agreement.
Brief description of the drawings
after having read the specific embodiment of the present invention with reference to accompanying drawing, those skilled in the art will become apparent various aspects of the present invention.Those skilled in the art should be understood that: these accompanying drawings are only for coordinating embodiment that technical scheme of the present invention is described, and are not intended to protection scope of the present invention to be construed as limiting.
fig. 1 is the schematic diagram of identity authentication service model according to an embodiment of the invention;
fig. 2 is the schematic diagram of the identity identifying method according to one embodiment of present invention, based on PaaS platform.
Embodiment
what introduce below is some in multiple possibility embodiment of the present invention, aims to provide basic understanding of the present invention, is not intended to confirm key of the present invention or conclusive key element or limits claimed scope.Easily understand, according to technical scheme of the present invention, do not changing under connotation of the present invention other implementation that one of ordinary skill in the art can propose mutually to replace.Therefore, below embodiment and accompanying drawing be only the exemplary illustration to technical scheme of the present invention, and should not be considered as of the present invention all or be considered as restriction or the restriction to technical solution of the present invention.
for PaaS, only support the PaaS of local identity in its business development, to run into bottleneck.Allow user save the step of registration the trend that the existing identity of direct compatible user is Future Internet development, wherein most representative combined identity certification agreement is OpenID.For example, login one and support that the website of OpenID is very simple, only need to input the OpenID user name of registered in advance, then the website of login can jump to OpenID site for service.After inputting password (or other information that need to fill in) be verified in OpenID site for service, the website of login and at this moment successfully login are returned in redirect.OpenID can be applicable to all places that need authentication, both can be applied to single-node login system, also can be for sharing authentication when sensitive data.Thereby the PaaS of compatible local identity and OpenID identity (or other identity) is desirable.
for application program (Application, App) developer, it has developed own application program on PaaS cloud platform, for example App1 and App2.Application program is relatively independent in function, and uses different language developments, but its authentication demand is close conventionally.Along with increasing of identity kind, it is complicated all the more that Verify Your Identity questions become.Developer often wishes that PaaS platform can provide identity authentication service, just can carry out authentication to user to make developer only need simply call API.As an example, the access strategy of configurable its application program of developer, for example: for App1, developer wishes to only have local identity just can access; For App2, developer wishes that local identity and OpenID identity can access.
for using developer application's user, no matter its identity having how, authenticates number of times Zong wish to reduce in the time of access application.The minimizing of certification number of times means the decline of key frequency of utilization, and this point, except improving system effectiveness, can also significantly improve fail safe.
for the multiple identity of compatibility, meet the demand of the upper application program of PaaS to authentication and reduce certification number of times, ID authentication device on PaaS platform and the identity identifying method based on PaaS platform are provided herein.The identity authentication service that provides the cloud computing service business of PaaS service to provide efficiently, flexibly, easily to expand for the application on it by this ID authentication device and method.
fig. 1 shows the schematic diagram of the Model of Identity Authentication System based under PaaS environment.This Model of Identity Authentication System has comprised three parts: user, developer and PaaS platform.Next coming in order are simply introduced it.
as shown in Figure 1, user (custom, C) comprises local user, OpenID user and other users.Wherein, local user refers to the user in the registration of PaaS platform, and OpenID user refers to the identity in certain OpenID provider place's registration according to OpenID agreement, and other users refer to the user of other multiple identity of expansion.
developer is that it can formulate to PaaS platform the access strategy of the application program of its exploitation by the personnel of cloud platform development application App service.
paaS cloud platform provides PaaS to serve with disposing application program to developer on the one hand, on the other hand the user of the application program in access platform is carried out to authentication.As shown in Figure 1, PaaS cloud platform can comprise program pond and KDC.
program pond in Fig. 1 is only shown with two application programs: the first application program (app1) and the second application program (app2), but it will be appreciated by those skilled in the art that in program pond and can comprise more or less program, and be not merely limited to two.
in a specific embodiment, ID authentication device as herein described can be realized by the KDC on PaaS platform.This KDC is for authenticating and distributing bills user according to developer's access strategy.
as shown in Figure 1, KDC can comprise for being responsible for authenticated user identity, and the authentication server (Authentication Server, AS) of distributing bills permission ticket (Ticket Granting Ticket, TGT).In a specific embodiment, authentication server can be configured to receive the checking request from user, determines user's the affiliated agreement of identity, determines user's verification mode and is being proved to be successful rear line transmission bill permission ticket according to agreement.It is important to point out, the agreement under user's identity can be the agreement of Kerberos agreement, OpenID agreement or other expansions.
continue with reference to figure 1, KDC also can comprise the ticket-granting server (Ticket Granting Server, TGS) of the serving grant bill for verifying bill permission ticket (TGT) responsible distribution of access App.In a specific embodiment, ticket-granting server can be configured to receive the bill request for the first application program (app1) PaaS platform from user, in this bill request, comprises bill permission ticket; Send the serving grant bill for the first application program to user, make user rely on this serving grant bill can obtain the service of the first application program.Ticket-granting server can further be configured to receive the bill request for the second application program (app2) PaaS platform from user, in this bill request, comprises equally bill permission ticket; And send the serving grant bill for the second application program to user, make user rely on this serving grant bill can obtain the service of the second application program.
table 1 shows important mutual in Model of Identity Authentication System.
table 1
it is the core of Model of Identity Authentication System that user authenticates.According to a specific embodiment of the present invention, user's access application is mainly through three large steps.
the first step, differentiates access exchange: the authentication server of user's access key Distribution Center is with identity verification and obtain bill permission ticket, and the mode of checking is different and difference to some extent according to the agreement under its identity.Second step, bill licensed service exchange: the ticket-granting server of user's access key Distribution Center, exchanges serving grant bill for by bill permission ticket.The 3rd step, client/server is differentiated exchange: with the service of serving grant bill access application.
differentiate that in the first step in access exchange, user both can log in and also can use OpenID identity to log in by local identity, log in along with the expansion of system can also be used more other identity.If use local identity, user class is like traditional approach in the registration of PaaS service provider so, and the shared password creating when after this user and AS are according to registration authenticates according to the discriminating access exchange agreement of Kerberos V5.If use OpenID identity, the authentication need of work of user and cloud platform has been assisted by OpenID provider.The prerequisite of the discriminating access exchange of Kerberos V5 agreement is user and authentication server shared key, and in OpenID agreement, is another kind of scene.User, in place of OpenID provider registration OpenID identity, makes to only have OpenID provider to have the ability that user is authenticated.Now user accesses as RP(Relying Party, relying party) PaaS service provider, RP is not and user's shared key.RP must introduce according to OpenID agreement the assistance of OpenID provider side to user's authentication.Need to modify to the discriminating access exchange of Kerberos based on above-mentioned consideration, concrete identifying procedure is as follows:
(1) user utilizes Diffie-Hellman agreement to calculate public private key pair;
(2) user sends request to authentication server, and request comprises user ID mark, ticket-granting server mark, user side clock and user side's PKI;
(3) authentication server, OpenID provider and user tripartite authenticate according to the consensus standard of OpenID, and after success identity, authentication server trust user meets the identity that it is claimed;
(4) authentication server utilize Diffie-Hellman agreement calculate public private key pair with and and user between shared key;
(5) authentication server sends bill permission ticket to user, wherein comprise authentication server side's PKI, and by the content of secret key encryption shared between authentication server and user, this content comprises that the term of validity of the time of signing and issuing, serving grant bill of user and the shared key of ticket-granting server, ticket-granting server mark, serving grant bill and user are used for the bill of access tickets permit server.Wherein, user is used for the bill of access tickets permit server and can further comprises the second content of encrypting by permanent key shared between ticket-granting server and authentication server.Second content comprises user and the interim shared key generating of ticket-granting server, user ID mark, ticket-granting server mark, the time of signing and issuing of this bill and the term of validity of this bill.
in the prior art, Kerberos is a kind of many application identity authentication solution, but its limitation is the password of the each user of hypothesis before kerberos authentication and has been stored in certificate server end, both sides' certification is that this point has limited the application of Kerberos based on the pre-password of sharing.It is important to point out, in an embodiment of the present invention, between user and authentication server, the interim shared key generating can effectively make up user and authentication server transmitting the problem that there is no shared key before asking, and has realized confidentiality.
if wish to support the more identity of PaaS platform support with access application, only need differentiate access switching phase according to the protocol modification of identity institute reference, this has embodied the extensibility of this model for more identity classifications.
after differentiating that access switching phase finishes, user has obtained bill permission ticket.
for the exchange of second step bill licensed service, the flow process of its realization can be as follows:
(1) client sends request for accessing certain program V to ticket-granting server, this request comprises that mark, the user of application program V are used for the bill (this bill for example can obtain from differentiate the 5th step of access exchange) of access tickets permit server, content by user's generating identification self, this content comprise with user and ticket-granting server temporarily the shared key of generation user ID and user are applied for to the content that the time of serving grant bill is encrypted;
(2) ticket-granting server returns to the bill in order to access program V to user, and this bill comprises mark, the time of this issue of bill and the content that user is encrypted in order to the bill of access application V to the shared key between user and application program, program V with user and the interim shared key generating of ticket-granting server.User can further comprise the content time of signing and issuing of the shared key between user and application program V, user ID, application program V mark and this bill being encrypted with the key of application program V in order to the bill of access application V.
the exchange of bill licensed service is independent of the discrimination process of authentication server.Developer's predefined of application program the strategy of access, and by this strategy of ticket-granting server storage mandate.In bill licensed service switching phase, ticket-granting server is distributed the serving grant bill of concrete application according to the authorization message of developer's definition.
differentiate exchange for the 3rd step user/server, user uses serving grant bill to visit application program V.Specifically, user sends access request to application program, content user ID being encrypted comprising serving grant bill and by the shared key between user and application program.
the identity identifying method based on PaaS platform shown in Fig. 2 has been shown above-mentioned three large steps well.Request TGT, authentication shown in Fig. 2, return TGT step schematically illustrate before described discriminating dial-tone stage, the request ticket shown in Fig. 2, return to ticket step and schematically illustrated bill licensed service switching phase.Finally, the access application step shown in Fig. 2 belongs to user/server discriminating switching phase.
to sum up, adopt identity identifying method and the ID authentication device based on PaaS platform of the present invention can obtain following advantage:
1) traditional identity authentication mode is accessed each application needs independently authentication.When in the present invention, the design of AS and TGS makes different App application that user repeatedly accesses same position developer without repeatedly carrying out authentication.User only need, by one-time identity authentication to obtain TGT, exchange ticket corresponding to application program for different App for TGT subsequently, has reduced the usage frequency of user password.
2) with more existing across compared with application identity authentication mode, compatible local identity and OpenID, and other identity compatibility is also had to good autgmentability and flexibility.In the time that system need to be supported more identity classification, only need to differentiate that access switching phase increases authentication mode.
3) identity authentication service of the PaaS of the present invention's design frees application developer from complicated all the more Verify Your Identity questions, can be absorbed in the exploitation of application.
4) minimize certification expense, reduced the usage frequency of user password, user experiences more friendly.
above, describe the specific embodiment of the present invention with reference to the accompanying drawings.But those skilled in the art can understand, without departing from the spirit and scope of the present invention in the situation that, can also do various changes and replacement to the specific embodiment of the present invention.These changes and replacement all drop in the claims in the present invention book limited range.
Claims (19)
1. the identity identifying method based on PaaS platform, comprising:
Receive the checking request from the user of the described PaaS platform of use;
Determine described user's the affiliated agreement of identity; And
Determine described user's verification mode according to described agreement.
2. identity identifying method as claimed in claim 1, also comprises:
After being proved to be successful, send the first permission ticket to described user.
3. identity identifying method as claimed in claim 2, also comprises:
Receive the bill request for the application of first PaaS platform from described user, in described bill request, comprise described the first permission ticket; And
Send the second permission ticket for described the first application to described user, make described user rely on this second permission ticket can obtain the service of described the first application.
4. identity identifying method as claimed in claim 3, further comprises:
Receive the bill request for the application of second PaaS platform from described user, in described bill request, comprise described the first permission ticket; And
Send the 3rd permission ticket for described the second application to described user, make described user rely on this 3rd permission ticket can obtain the service of described the second application.
5. the identity identifying method as described in any one in claim 2 to 4, wherein, described the first permission ticket is bill permission ticket TGT.
6. identity identifying method as claimed in claim 3, wherein, described the second permission ticket is serving grant bill.
7. identity identifying method as claimed in claim 4, wherein, described the 3rd permission ticket is serving grant bill.
8. identity identifying method as claimed in claim 1, wherein, the agreement under described user's identity can be Kerberos agreement or OpenID agreement.
9. identity identifying method as claimed in claim 8, wherein, in the time that the agreement under the identity of determining described user is OpenID agreement, authentication server, OpenID provider and described user tripartite in PaaS platform authenticate according to the consensus standard of OpenID.
10. identity identifying method as claimed in claim 9, wherein, described user and described authentication server utilize Diffie-Hellman algorithm to calculate shared key.
ID authentication device on 11. 1 kinds of PaaS platforms, described ID authentication device is for carrying out authentication to the user who prepares the application on the described PaaS platform of access, and described ID authentication device comprises:
KDC, for the access strategy of formulating according to the developer of the application on PaaS platform, user is authenticated and distributing bills, wherein, described KDC comprises authentication server, and described authentication server is configured to receive the checking request from described user; Determine described user's the affiliated agreement of identity; Determine described user's verification mode and send the first permission ticket to described user after being proved to be successful according to described agreement.
12. ID authentication devices as claimed in claim 11, wherein, described KDC also comprises: ticket-granting server, described ticket-granting server is configured to receive the bill request for the application of first PaaS platform from described user, comprises described the first permission ticket in described bill request; Send the second permission ticket for described the first application to described user, make described user rely on this second permission ticket can obtain the service of described the first application.
13. ID authentication devices as claimed in claim 12, wherein, described ticket-granting server is also configured to receive the bill request for the application of second PaaS platform from described user, comprises described the first permission ticket in described bill request; And send the 3rd permission ticket for described the second application to described user, make described user rely on this 3rd permission ticket can obtain the service of described the second application.
14. ID authentication devices as described in any one in claim 11 to 13, wherein, described the first permission ticket is bill permission ticket TGT.
15. ID authentication devices as claimed in claim 12, wherein said the second permission ticket is serving grant bill.
16. ID authentication devices as claimed in claim 13, wherein said the 3rd permission ticket is serving grant bill.
17. ID authentication devices as claimed in claim 11, wherein, the agreement under described user's identity can be Kerberos agreement or OpenID agreement.
18. ID authentication devices as claimed in claim 17, wherein, when agreement under described authentication server is determined described user's identity is OpenID agreement, described authentication server, OpenID provider and described user tripartite authenticate according to the consensus standard of OpenID.
19. ID authentication devices as claimed in claim 18, wherein, described user and described authentication server utilize Diffie-Hellman algorithm to calculate shared key.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310139856.2A CN104113412A (en) | 2013-04-22 | 2013-04-22 | PaaS platform-based identity authentication method and identity authentication apparatus |
| PCT/CN2014/075883 WO2014173278A1 (en) | 2013-04-22 | 2014-04-22 | Identity authentication method and identity authentication device based on paas platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310139856.2A CN104113412A (en) | 2013-04-22 | 2013-04-22 | PaaS platform-based identity authentication method and identity authentication apparatus |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104113412A true CN104113412A (en) | 2014-10-22 |
Family
ID=51710051
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310139856.2A Pending CN104113412A (en) | 2013-04-22 | 2013-04-22 | PaaS platform-based identity authentication method and identity authentication apparatus |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN104113412A (en) |
| WO (1) | WO2014173278A1 (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104660583A (en) * | 2014-12-29 | 2015-05-27 | 国家电网公司 | Encryption service method based on Web encryption service |
| CN105072138A (en) * | 2015-01-16 | 2015-11-18 | 北京科技大学 | Cloud system safe access method, device and system |
| CN105429991A (en) * | 2015-12-02 | 2016-03-23 | 成都汇合乾元科技有限公司 | Efficient data transmission method for mobile terminal |
| CN105635132A (en) * | 2015-12-24 | 2016-06-01 | 浪潮软件集团有限公司 | User authentication method and system |
| CN108243158A (en) * | 2016-12-26 | 2018-07-03 | 中移(苏州)软件技术有限公司 | A kind of method and apparatus of safety certification |
| CN108574576A (en) * | 2018-04-26 | 2018-09-25 | 中科边缘智慧信息科技(苏州)有限公司 | Across high in the clouds authentication method based on Kerberos systems |
| CN109120397A (en) * | 2018-07-18 | 2019-01-01 | 郑州信大捷安信息技术股份有限公司 | A kind of document discrimination method and system based on id password |
| CN110612528A (en) * | 2017-05-10 | 2019-12-24 | 微软技术许可有限责任公司 | Securely authenticating an automated program user |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102457376A (en) * | 2010-10-29 | 2012-05-16 | 中兴通讯股份有限公司 | Method and system for uniformly authenticating cloud computing services |
| CN102571948A (en) * | 2011-12-29 | 2012-07-11 | 国云科技股份有限公司 | Cloud-computing-based platform as a service (PaaS) platform system and implementation method thereof |
| US20130007845A1 (en) * | 2011-06-30 | 2013-01-03 | International Business Machines Corporation | Authentication and authorization methods for cloud computing security platform |
-
2013
- 2013-04-22 CN CN201310139856.2A patent/CN104113412A/en active Pending
-
2014
- 2014-04-22 WO PCT/CN2014/075883 patent/WO2014173278A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102457376A (en) * | 2010-10-29 | 2012-05-16 | 中兴通讯股份有限公司 | Method and system for uniformly authenticating cloud computing services |
| US20130007845A1 (en) * | 2011-06-30 | 2013-01-03 | International Business Machines Corporation | Authentication and authorization methods for cloud computing security platform |
| CN102571948A (en) * | 2011-12-29 | 2012-07-11 | 国云科技股份有限公司 | Cloud-computing-based platform as a service (PaaS) platform system and implementation method thereof |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104660583A (en) * | 2014-12-29 | 2015-05-27 | 国家电网公司 | Encryption service method based on Web encryption service |
| CN104660583B (en) * | 2014-12-29 | 2018-05-29 | 国家电网公司 | A kind of cryptographic services method based on Web cryptographic services |
| CN105072138B (en) * | 2015-01-16 | 2018-07-10 | 北京科技大学 | A kind of cloud system safety access method |
| CN105072138A (en) * | 2015-01-16 | 2015-11-18 | 北京科技大学 | Cloud system safe access method, device and system |
| CN105429991A (en) * | 2015-12-02 | 2016-03-23 | 成都汇合乾元科技有限公司 | Efficient data transmission method for mobile terminal |
| CN105635132A (en) * | 2015-12-24 | 2016-06-01 | 浪潮软件集团有限公司 | User authentication method and system |
| CN105635132B (en) * | 2015-12-24 | 2018-09-07 | 浪潮软件集团有限公司 | User authentication method and system |
| CN108243158A (en) * | 2016-12-26 | 2018-07-03 | 中移(苏州)软件技术有限公司 | A kind of method and apparatus of safety certification |
| CN110612528A (en) * | 2017-05-10 | 2019-12-24 | 微软技术许可有限责任公司 | Securely authenticating an automated program user |
| CN110612528B (en) * | 2017-05-10 | 2023-07-14 | 微软技术许可有限责任公司 | Method, system and computer storage medium for securely authenticating an automated program user |
| CN108574576A (en) * | 2018-04-26 | 2018-09-25 | 中科边缘智慧信息科技(苏州)有限公司 | Across high in the clouds authentication method based on Kerberos systems |
| CN108574576B (en) * | 2018-04-26 | 2021-05-28 | 中科边缘智慧信息科技(苏州)有限公司 | Cross-cloud-boundary authentication method based on Kerberos system |
| CN109120397A (en) * | 2018-07-18 | 2019-01-01 | 郑州信大捷安信息技术股份有限公司 | A kind of document discrimination method and system based on id password |
| CN109120397B (en) * | 2018-07-18 | 2020-12-11 | 郑州信大捷安信息技术股份有限公司 | Document authentication method and system based on identification password |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2014173278A1 (en) | 2014-10-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10454918B1 (en) | Method for SSO service using PKI based on blockchain networks, and device and server using the same | |
| CN104113412A (en) | PaaS platform-based identity authentication method and identity authentication apparatus | |
| CN102457507B (en) | Cloud computing resources secure sharing method, Apparatus and system | |
| JP6586446B2 (en) | Method for confirming identification information of user of communication terminal and related system | |
| CN103563294B (en) | Certification and authorization method for cloud computing platform security | |
| US8819437B2 (en) | Cryptographic device that binds an additional authentication factor to multiple identities | |
| WO2017107976A1 (en) | Client apparatus, server apparatus and access control system for authorized access | |
| CN103475666B (en) | A kind of digital signature authentication method of Internet of Things resource | |
| TW200833060A (en) | Authentication delegation based on re-verification of cryptographic evidence | |
| CN103259663A (en) | User unified authentication method in cloud computing environment | |
| CN101527634B (en) | System and method for binding account information with certificates | |
| Huang et al. | An efficient authentication and key agreement protocol for IoT-enabled devices in distributed cloud computing architecture | |
| Abraham et al. | SSI Strong Authentication using a Mobile-phone based Identity Wallet Reaching a High Level of Assurance. | |
| Thomas et al. | Single sign-on in cloud federation using CloudSim | |
| Vossaert et al. | User-centric identity management using trusted modules | |
| LU93150B1 (en) | Method for providing secure digital signatures | |
| Tiwari et al. | Design and Implementation of Enhanced Security Algorithm for Hybrid Cloud using Kerberos | |
| JP2003338816A (en) | Service providing system for verifying personal information | |
| CN105379176B (en) | System and method for verifying the request of SCEP certificate registration | |
| Yee et al. | Ensuring privacy for e-health services | |
| Kim et al. | Secure user authentication based on the trusted platform for mobile devices | |
| Fugkeaw et al. | A robust single sign-on model based on multi-agent system and PKI | |
| Limbasiya et al. | Secure and energy-efficient key-agreement protocol for multi-server architecture | |
| WO2021073383A1 (en) | User registration method, user login method and corresponding device | |
| KR102542840B1 (en) | Method and system for providing finance authentication service based on open api |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20141022 |