CN104378210A - Cross-trust-domain identity authentication method - Google Patents
Cross-trust-domain identity authentication method Download PDFInfo
- Publication number
- CN104378210A CN104378210A CN201410690822.7A CN201410690822A CN104378210A CN 104378210 A CN104378210 A CN 104378210A CN 201410690822 A CN201410690822 A CN 201410690822A CN 104378210 A CN104378210 A CN 104378210A
- Authority
- CN
- China
- Prior art keywords
- token
- identity
- authentication
- certificate
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a cross-trust-domain identity authentication method. An identity authentication service module and an authentication terminal module are involved in the method. The identity authentication service module provides an issuing service and a verification service for an identity token, the issuing service of the identity token includes the steps of accepting the application for the identity token, packaging the identity token and issuing the identity token, and the verification service of the identity token includes the steps of verifying the identity token based on a challenge, returning user application system information depending on a valid token and excluding identity tokens of non-valid users through synchronization with an LDAP or a CRL. The authentication terminal module comprises an identity token application module and a client side password module. The identity token application module is in charge of identity token application and maintenance, and the client side password module provides a client side certification and password operation. A user can have access to a whole network through identity authentication at one place, and the trust problem existing in the prior is solved.
Description
Technical field
The present invention relates to the identity identifying technology field in information network, be specifically related to a kind of identity identifying method across trust domain, by authentication token, realize in trust domain or access across trust domain.
Background technology
Current in the group such as government affairs, commercial affairs macroreticular environment, many times there is the trust systems that different Web vector graphic is different, as different CA, different operation systems, in time exchanging visits between each subnet, for security mechanism, all need to carry out repeatedly certification at each subnet, there is very large information barrier, the information sharing between inconvenient each subnet is with mutual.
Summary of the invention
In order to overcome the above-mentioned shortcoming of prior art, the invention provides a kind of identity identifying method across trust domain, realizing place certification, network-wide access, solving the trust problem of current existence.
The technical solution adopted for the present invention to solve the technical problems is: a kind of identity identifying method across trust domain, comprises identity authentication service module and certification terminal module;
Described identity authentication service module provides issuing of identity token to serve and the service for checking credentials; The service of issuing of described identity token comprises the accepting of identity token application, the encapsulation of identity token and issuing of identity token; The service for checking credentials of described identity token provides the checking of the identity token based on challenge, and with legal token for foundation returns user's application system information, and the identity token checking of disabled user is got rid of by synchronous LDAP or CRL;
Described certification terminal module comprises identity token application module and client password module; The application of described identity token application module in charge identity token and maintenance; Described client password module provides client certificate and crypto-operation.
Compared with prior art, good effect of the present invention is: the present invention is with PKI technology for core, and identity token is carrier, realizes in territory or the single-sign-on of inter-realm authentication and application system based on Windows and Linux platform.Tool has the following advantages:
1) the interdepartmental identity roaming problem of user's cross-system is solved;
2) authentication question of user across certificate territory is solved;
3) transmission capacity of trust is provided;
4) authentication question of the large-scale application system of synergetic is solved;
5) identification authentication mode of Regular application system, simplifies application system authentication development process;
6) single-sign-on between multiple application system is realized.
7) carrier of identity token--Authentication Client supports windows platform and Linux platform.
8) identity token across hardware and software platform, across language, extensibility.
Accompanying drawing explanation
Examples of the present invention will be described by way of reference to the accompanying drawings, wherein:
Fig. 1 is that application system carries out the flow chart of authentication to user.
Embodiment
The present invention is based on:
1, the digital signature technology of PKI, realizes the signature of identity token, ensures the validity of identity token, for cross-domain certification provides basis.
2, XML language specification, realizes the encapsulation of identity token, realize token cross-platform, across language, easily extensible.
3, WebService technology, realizes across hardware and software platform, the identity token service for checking credentials across language.
4, OPENID technology, realizes the standardization of identity authentication protocol.
5, COM technology, the token interface realizing Window platform is called.
6, FireFox plug-in part technology, the token interface realizing Linux platform is called.
Across an identity identifying method for trust domain, comprising: the identity token of authentication server issues service, token authentication service; Based on Windows Authentication Client identity token application module, call com interface based on the token of Windows; Based on Linux Authentication Client identity token application module, call plug-in unit based on the firefox token of linux; Client password module; Wherein:
Identity token: be similar to the resident identification card in life, comprise personal information (encryption, signing certificate etc.), sign originator information, stamped signature (signing the signature of originator), effective time scope, identity token adopt XML language encapsulate, allow identity token have cross-platform, across the advanced feature such as language, extensibility.
Identity token issues service: provide accepting identity token application, the encapsulation of token, issuing of token.
The identity token service for checking credentials: the checking of identity token based on challenge is provided, and with legal token for according to the function returning user's application system information; And the identity token checking of disabled user can be got rid of by synchronous LDAP or CRL.
Identity token application module: support Windows and Linux platform, application identity token, safeguards identity token, and the term of validity of real-time inspection token, ensure the available of identity token.
Token based on Windows calls com interface: provide the token based on windows platform to call relevant com interface, convenient calling across language token based on Windows application.
Firefox token based on Linux calls plug-in unit: provide and call relevant interface based on the token under Linux platform, the convenient application call based on Linux.
Client password module: client certificate is provided, the crypto-operations such as signature sign test are provided.
The present invention adopts and carries out authentication based on digital certificate X.509V3.Digital certificate is a statement of being signed and issued by CA, the unique corresponding relation of the PKI comprised in certification main body (" certificate Requestor " namely becomes after being issued certificate " certificate main body ") and certificate.Certificate comprises the content such as title and relevant information, the PKI of applicant, the digital signature of the CA of grant a certificate and the term of validity of certificate of certificate Requestor.Traditional potential safety hazard brought based on the authentication mode of user name, password can be stopped by the authentication mode of digital certificate.
Authentication module is technical foundation with PKI, take certificate verification as foundation of trust.User is after on a certificate server, certification is passed through, and can be that user issues a voucher relevant with certificate to PKI technology by this certificate server.User relies on this voucher, can obtain the trust of authentication service facility that other supports authentication protocol standard of the present invention, thus realizes user can unrestrictedly roam into other trust domain after a portal login.
Authentication module provides second development interface for various application system.Application system is transformed according to interface specification, can use the identity authentication service that authentication module provides.
Application system is after use identity authentication service, and user is without the need to carrying out certification separately in each application system.User only need after on certificate server, certification be passed through, application program rely on identity authentication service to differentiate user identity obtains user profile.
Authentication module can for each application system for user creates account mapping relations.Application system can rely on user identity authority and the application identities of self from authentication service, obtain the accounts information of user in its own system.This function can be used for solving existing application system and retains existing user profile when transforming.
Adopt C/S framework based on the identity authorization system across trust domain ID authentication mechanism, terminal computer needs dispose authentication client software.Authentication client software as the UI program with user interactions, simultaneously for dispatching security encryption device (USBKey).User carries out PKI and certificate verification by authentication client software and authentication server, certification by after be that client issues identity token (comprise the identity information of user, certificate information, the relevant information of certificate server and certificate in token, and by certificate server private key signature) by certificate server.By means of this token, user can prove self identity in different authenticated domain.
Authentication module also defines interface specification and the application system development specification of complete set.Application system is developed according to specification, can rely on the authentication that identity authentication service realizes self application system.Different application systems shares same identity authentication service, and authentication module can provide unified identity information and the authentication state of user to application system, simplifies the authentication operation of user, realizes single-sign-on.
Authentication module is externally in two forms for application system provides authentication service: based on SOA mode with based on OpenID mode.SOA mode is supported all operations system, is supported all software development languages, but does not support to carry out unified login, application unified management by united portal; OpenID only supports that Web applies, but can carry out unified login by united portal, unified management.
Based on SOA mode
Authentication module provides WebService to serve in authentication service, in terminal for user provides COM control or FireFox plug-in unit.Application system carries out the flow process of authentication as shown in Figure 1 to user, comprises the steps:
Step is 1.: Authentication Client login authentication server carries out certification;
Step is 2.: after logining successfully, certificate server issues token to Authentication Client, comprises the identity information of user, certificate information, the relevant information of certificate server and certificate in token, and by certificate server private key signature.
Step is 3.: applications client (as IE browser) request access application server;
Step is 4.: application server produces a random number R by self program, initiates random number challenge to applications client;
Step is 5.: the random number R that applications client is produced by invokes authentication client-side interface application server is signed, and obtaining step 2. in certificate server be handed down to the token of Authentication Client;
Step is 6.: Authentication Client by step 2. in the signature value Sign (R) of the certificate server token and random number R that are handed down to Authentication Client be submitted to applications client (IE browser);
Step is 7.: the signature value Sign (R) of random number R and token are submitted to application server by applications client;
Step is 8.: random number R, random number signature value Sign (R) and token are submitted to certificate server by the api interface of webservice and verify by application server;
Step is 9.: certificate server is by preset root certificate chain file, and in checking token, mark signs and issues the validity of the certificate server certificate of this token, and according to the token that the mandate of keeper judges self whether should trust this certificate server and signs and issues; As met above-mentioned condition, certificate server extracts certificate server PKI from this certificate, verifies the validity of this token, and extract from token client public key to step 8. in information verify and produce authentication result.Authentication result comprises the signature of certification whether success, subscriber identity information and certificate server; Authentication result is returned to application server by webservice by certificate server.
The authentication result that application server authentication verification server returns, if step 9. in, by checking, application server extracts the operation flow of user profile for self from authentication result.
Based on OpenID mode
Authentication mode based on OpenID needs to dispose authentication plug-in unit on the application server; The authentication mode of OpenID can rely on the authentication mode of SOA, and its solution is as follows:
1) authentication plug-in unit and certificate server certification is called when application system starts and negotiation communication key;
2) user opens IE browser access application server;
3) application server detection user does not carry out certification jumps to certificate server authentication service by user's request;
4) certificate server certification page opens authentication client by calling COM control;
5) user is at authentication client input USBKey, and triggers itself and certificate server certification;
6) authentication client certificate obtains token from certificate server after passing through;
7) certification page adopts and differentiates user identity based on the flow process of SOA mode certification, and obtains subscriber identity information from authentication service;
8) certification page utilizes the double secret key user profile of consulting with application server plug-in unit to produce bill according to OpenID protocol specification;
9) bill is placed in the session of browser and application server is returned in redirect by certification page;
10) application server obtains bill from session, and utilizes the validity verifying bill with the communication key of certificate server;
11) if bill is effective, application server obtains user profile from bill, starts the operation flow of self.
Claims (5)
1., across an identity identifying method for trust domain, comprise identity authentication service module and certification terminal module, it is characterized in that:
Described identity authentication service module provides issuing of identity token to serve and the service for checking credentials; The service of issuing of described identity token comprises the accepting of identity token application, the encapsulation of identity token and issuing of identity token; The service for checking credentials of described identity token provides the checking of the identity token based on challenge, and with legal token for foundation returns user's application system information, and the identity token checking of disabled user is got rid of by synchronous LDAP or CRL;
Described certification terminal module comprises identity token application module and client password module; The application of described identity token application module in charge identity token and maintenance; Described client password module provides client certificate and crypto-operation.
2. the identity identifying method across trust domain according to claim 1, is characterized in that: described identity token application module comprises the identity token application module based on Windows Authentication Client and the identity token application module based on Linux Authentication Client.
3. the identity identifying method across trust domain according to claim 1, is characterized in that: described identity token adopts XML language to encapsulate.
4. the identity identifying method across trust domain according to claim 1, is characterized in that: described authentication module externally provides authentication service in the mode based on SOA for application system, and concrete steps are as follows:
Step is 1.: Authentication Client login authentication server carries out certification;
Step is 2.: after logining successfully, certificate server issues token to Authentication Client, comprises the identity information of user, certificate information, the relevant information of certificate server and certificate in token, and by certificate server private key signature;
Step is 3.: applications client request access application server;
Step is 4.: application server produces a random number R by self program, initiates random number challenge to applications client;
Step is 5.: the random number R that applications client is produced by invokes authentication client-side interface application server is signed, and obtaining step 2. in certificate server be handed down to the token of Authentication Client;
Step is 6.: Authentication Client by step 2. in the signature value Sign (R) of the certificate server token and random number R that are handed down to Authentication Client be submitted to applications client;
Step is 7.: the signature value Sign (R) of random number R and token are submitted to application server by applications client;
Step is 8.: random number R, random number signature value Sign (R) and token are submitted to certificate server by the api interface of webservice and verify by application server;
Step is 9.: certificate server is by preset root certificate chain file, and in checking token, mark signs and issues the validity of the certificate server certificate of this token, and judges whether to trust according to the mandate of keeper the token that this certificate server signs and issues; If trusted, then certificate server extracts certificate server PKI from this certificate, verify the validity of this token, then extract from token client public key to step 8. in information verify and produce authentication result, authentication result is returned to application server by webservice; Application server is verified authentication result: if step 9. in, by checking, then application server extracts the operation flow of user profile for self from authentication result.
5. the identity identifying method across trust domain according to claim 4, is characterized in that: described authentication module externally provides authentication service in the mode based on OpenID for application system, and concrete steps are as follows:
1) authentication plug-in unit and certificate server certification is called when application system starts and negotiation communication key;
2) user opens IE browser access application server;
3) when application server detects that user does not carry out certification, then user's request is jumped to the authentication service of certificate server;
4) certificate server certification page opens authentication client by calling COM control;
5) user is at authentication client input USBKey, and triggers itself and certificate server certification;
6) authentication client certificate obtains token from certificate server after passing through;
7) certification page adopts and differentiates user identity based on the flow process of SOA mode certification, and obtains subscriber identity information from authentication service;
8) certification page utilizes the double secret key user profile of consulting with application server plug-in unit to produce bill according to OpenID protocol specification;
9) bill is placed in the session of browser and application server is returned in redirect by certification page;
10) application server obtains bill from session, and utilizes the validity verifying bill with the communication key of certificate server;
11) if bill is effective, application server obtains user profile from bill, starts the operation flow of self.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410690822.7A CN104378210B (en) | 2014-11-26 | 2014-11-26 | Across the identity identifying method of trust domain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410690822.7A CN104378210B (en) | 2014-11-26 | 2014-11-26 | Across the identity identifying method of trust domain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104378210A true CN104378210A (en) | 2015-02-25 |
| CN104378210B CN104378210B (en) | 2018-01-26 |
Family
ID=52556891
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410690822.7A Active CN104378210B (en) | 2014-11-26 | 2014-11-26 | Across the identity identifying method of trust domain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104378210B (en) |
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105791259A (en) * | 2015-10-26 | 2016-07-20 | 北京中金国盛认证有限公司 | Method for protecting personal information |
| CN105978855A (en) * | 2016-04-18 | 2016-09-28 | 南开大学 | System and method for protecting personal information security in real-name system |
| CN107454077A (en) * | 2017-08-01 | 2017-12-08 | 北京迪曼森科技有限公司 | A kind of single-point logging method based on IKI ID authentications |
| CN107798233A (en) * | 2016-09-06 | 2018-03-13 | 信特尼有限公司 | It is classified the following constraint of trust chain |
| CN107800725A (en) * | 2017-12-11 | 2018-03-13 | 公安部第研究所 | A kind of digital certificate remote online managing device and method |
| CN107995185A (en) * | 2017-11-28 | 2018-05-04 | 北京信安世纪科技有限公司 | A kind of authentication method and device |
| CN108476216A (en) * | 2016-03-31 | 2018-08-31 | 甲骨文国际公司 | For integrating system and method for the transaction middleware platform with centralized access manager for the single-sign-on in enterprise-level computing environment |
| CN108574576A (en) * | 2018-04-26 | 2018-09-25 | 中科边缘智慧信息科技(苏州)有限公司 | Across high in the clouds authentication method based on Kerberos systems |
| CN109150862A (en) * | 2018-08-03 | 2019-01-04 | 福建天泉教育科技有限公司 | A kind of method and server-side for realizing token roaming |
| CN109274694A (en) * | 2018-11-14 | 2019-01-25 | 天津市国瑞数码安全系统股份有限公司 | A kind of general cross-domain authentication method based on mark |
| CN109347857A (en) * | 2018-11-14 | 2019-02-15 | 天津市国瑞数码安全系统股份有限公司 | A kind of general inter-network authentication method based on mark |
| CN109388937A (en) * | 2018-11-05 | 2019-02-26 | 用友网络科技股份有限公司 | A kind of single-point logging method and login system of multiple-factor authentication |
| CN109688098A (en) * | 2018-09-07 | 2019-04-26 | 平安科技(深圳)有限公司 | Safety communicating method, device, equipment and the computer readable storage medium of data |
| CN109792441A (en) * | 2016-10-13 | 2019-05-21 | 霍尼韦尔国际公司 | Across safe floor secure communication |
| CN111213339A (en) * | 2017-10-19 | 2020-05-29 | T移动美国公司 | Authentication token with client key |
| CN111464535A (en) * | 2020-03-31 | 2020-07-28 | 中国电子科技集团公司第三十研究所 | Cross-domain trust transfer method based on block chain |
| CN111541658A (en) * | 2020-04-14 | 2020-08-14 | 许艺明 | PCIE prevents hot wall |
| CN111865598A (en) * | 2019-04-28 | 2020-10-30 | 华为技术有限公司 | Identity verification method and related device for network function service |
| CN113420282A (en) * | 2021-06-12 | 2021-09-21 | 济南浪潮数据技术有限公司 | Cross-site single sign-on method and device |
| CN113626840A (en) * | 2021-07-23 | 2021-11-09 | 曙光信息产业(北京)有限公司 | Interface authentication method and device, computer equipment and storage medium |
| CN114363015A (en) * | 2021-12-17 | 2022-04-15 | 上海大智慧申久信息技术有限公司 | Client identity authentication method and system under multi-account system |
| CN114666076A (en) * | 2020-12-08 | 2022-06-24 | 永中软件股份有限公司 | Cloud service cross-terminal authentication method and service system |
| CN114900344A (en) * | 2022-04-26 | 2022-08-12 | 四川智能建造科技股份有限公司 | Identity authentication method, system, terminal and computer readable storage medium |
| CN116049802A (en) * | 2023-03-31 | 2023-05-02 | 深圳竹云科技股份有限公司 | Application single sign-on method, system, computer equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101242272A (en) * | 2008-03-11 | 2008-08-13 | 南京邮电大学 | Realization method for cross-grid secure platform based on mobile agent, assertion |
| CN101534192A (en) * | 2008-03-14 | 2009-09-16 | 西门子公司 | System used for providing cross-domain token and method thereof |
| CN103701823A (en) * | 2013-12-31 | 2014-04-02 | 曙光云计算技术有限公司 | Single-point logging in method and device |
| US20140189827A1 (en) * | 2012-12-27 | 2014-07-03 | Motorola Solutions, Inc. | System and method for scoping a user identity assertion to collaborative devices |
-
2014
- 2014-11-26 CN CN201410690822.7A patent/CN104378210B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101242272A (en) * | 2008-03-11 | 2008-08-13 | 南京邮电大学 | Realization method for cross-grid secure platform based on mobile agent, assertion |
| CN101534192A (en) * | 2008-03-14 | 2009-09-16 | 西门子公司 | System used for providing cross-domain token and method thereof |
| US20140189827A1 (en) * | 2012-12-27 | 2014-07-03 | Motorola Solutions, Inc. | System and method for scoping a user identity assertion to collaborative devices |
| CN103701823A (en) * | 2013-12-31 | 2014-04-02 | 曙光云计算技术有限公司 | Single-point logging in method and device |
Non-Patent Citations (1)
| Title |
|---|
| 杨宇: "基于PKI身份认证系统的研究和实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (38)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105791259A (en) * | 2015-10-26 | 2016-07-20 | 北京中金国盛认证有限公司 | Method for protecting personal information |
| CN105791259B (en) * | 2015-10-26 | 2018-11-16 | 北京中金国盛认证有限公司 | A kind of method of personal information protection |
| CN108476216A (en) * | 2016-03-31 | 2018-08-31 | 甲骨文国际公司 | For integrating system and method for the transaction middleware platform with centralized access manager for the single-sign-on in enterprise-level computing environment |
| CN108476216B (en) * | 2016-03-31 | 2021-01-22 | 甲骨文国际公司 | System and method for integrating a transactional middleware platform with a centralized access manager for single sign-on in an enterprise-class computing environment |
| CN105978855A (en) * | 2016-04-18 | 2016-09-28 | 南开大学 | System and method for protecting personal information security in real-name system |
| CN105978855B (en) * | 2016-04-18 | 2018-11-23 | 南开大学 | Personal information safety protection system and method under a kind of system of real name |
| CN107798233B (en) * | 2016-09-06 | 2022-01-07 | 信特尼有限公司 | Method and electronic device for configuring target domains of hierarchical trust chain |
| CN107798233A (en) * | 2016-09-06 | 2018-03-13 | 信特尼有限公司 | It is classified the following constraint of trust chain |
| CN109792441A (en) * | 2016-10-13 | 2019-05-21 | 霍尼韦尔国际公司 | Across safe floor secure communication |
| CN107454077A (en) * | 2017-08-01 | 2017-12-08 | 北京迪曼森科技有限公司 | A kind of single-point logging method based on IKI ID authentications |
| CN107454077B (en) * | 2017-08-01 | 2020-05-19 | 北京迪曼森科技有限公司 | Single sign-on method based on IKI identification authentication |
| CN111213339B (en) * | 2017-10-19 | 2023-05-16 | T移动美国公司 | Authentication token with client key |
| CN111213339A (en) * | 2017-10-19 | 2020-05-29 | T移动美国公司 | Authentication token with client key |
| CN107995185A (en) * | 2017-11-28 | 2018-05-04 | 北京信安世纪科技有限公司 | A kind of authentication method and device |
| CN107800725B (en) * | 2017-12-11 | 2023-08-29 | 公安部第一研究所 | Remote online management device and method for digital certificates |
| CN107800725A (en) * | 2017-12-11 | 2018-03-13 | 公安部第研究所 | A kind of digital certificate remote online managing device and method |
| CN108574576A (en) * | 2018-04-26 | 2018-09-25 | 中科边缘智慧信息科技(苏州)有限公司 | Across high in the clouds authentication method based on Kerberos systems |
| CN108574576B (en) * | 2018-04-26 | 2021-05-28 | 中科边缘智慧信息科技(苏州)有限公司 | Cross-cloud-boundary authentication method based on Kerberos system |
| CN109150862A (en) * | 2018-08-03 | 2019-01-04 | 福建天泉教育科技有限公司 | A kind of method and server-side for realizing token roaming |
| CN109150862B (en) * | 2018-08-03 | 2021-06-08 | 福建天泉教育科技有限公司 | Method and server for realizing token roaming |
| CN109688098A (en) * | 2018-09-07 | 2019-04-26 | 平安科技(深圳)有限公司 | Safety communicating method, device, equipment and the computer readable storage medium of data |
| CN109388937A (en) * | 2018-11-05 | 2019-02-26 | 用友网络科技股份有限公司 | A kind of single-point logging method and login system of multiple-factor authentication |
| CN109347857A (en) * | 2018-11-14 | 2019-02-15 | 天津市国瑞数码安全系统股份有限公司 | A kind of general inter-network authentication method based on mark |
| CN109274694A (en) * | 2018-11-14 | 2019-01-25 | 天津市国瑞数码安全系统股份有限公司 | A kind of general cross-domain authentication method based on mark |
| WO2020220865A1 (en) * | 2019-04-28 | 2020-11-05 | 华为技术有限公司 | Identity check method for network function service, and related device |
| CN111865598A (en) * | 2019-04-28 | 2020-10-30 | 华为技术有限公司 | Identity verification method and related device for network function service |
| CN111865598B (en) * | 2019-04-28 | 2022-05-10 | 华为技术有限公司 | Identity verification method and related device for network function service |
| CN111464535A (en) * | 2020-03-31 | 2020-07-28 | 中国电子科技集团公司第三十研究所 | Cross-domain trust transfer method based on block chain |
| CN111541658B (en) * | 2020-04-14 | 2024-05-31 | 许艺明 | PCIE firewall |
| CN111541658A (en) * | 2020-04-14 | 2020-08-14 | 许艺明 | PCIE prevents hot wall |
| CN114666076A (en) * | 2020-12-08 | 2022-06-24 | 永中软件股份有限公司 | Cloud service cross-terminal authentication method and service system |
| CN113420282A (en) * | 2021-06-12 | 2021-09-21 | 济南浪潮数据技术有限公司 | Cross-site single sign-on method and device |
| CN113626840A (en) * | 2021-07-23 | 2021-11-09 | 曙光信息产业(北京)有限公司 | Interface authentication method and device, computer equipment and storage medium |
| CN114363015A (en) * | 2021-12-17 | 2022-04-15 | 上海大智慧申久信息技术有限公司 | Client identity authentication method and system under multi-account system |
| CN114363015B (en) * | 2021-12-17 | 2024-03-15 | 上海大智慧申久信息技术有限公司 | Customer identity authentication method and system under multi-account system |
| CN114900344A (en) * | 2022-04-26 | 2022-08-12 | 四川智能建造科技股份有限公司 | Identity authentication method, system, terminal and computer readable storage medium |
| CN116049802B (en) * | 2023-03-31 | 2023-07-18 | 深圳竹云科技股份有限公司 | Application single sign-on method, system, computer equipment and storage medium |
| CN116049802A (en) * | 2023-03-31 | 2023-05-02 | 深圳竹云科技股份有限公司 | Application single sign-on method, system, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104378210B (en) | 2018-01-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104378210A (en) | Cross-trust-domain identity authentication method | |
| CN102984127B (en) | User-centered mobile internet identity managing and identifying method | |
| CN105917630B (en) | Use single-sign-on bootstrapping to the redirection for checking agency | |
| US8955081B2 (en) | Method and apparatus for single sign-on collaboraton among mobile devices | |
| EP2770662A1 (en) | Centralized security management method and system for third party application and corresponding communication system | |
| CN110267270B (en) | Identity authentication method for sensor terminal access edge gateway in transformer substation | |
| GB2547472A (en) | Method and system for authentication | |
| CN103780397A (en) | Multi-screen multi-factor WEB identity authentication method convenient and fast to implement | |
| WO2016160457A1 (en) | Secure transmission of a session identifier during service authentication | |
| CN113285807B (en) | Network access authentication method and system for intelligent equipment | |
| WO2013101358A1 (en) | System and method for secure network login | |
| EP2391083A1 (en) | Method for realizing authentication center and authentication system | |
| WO2014110877A1 (en) | Mobile terminal device and user authentication method based on pki technology | |
| CN104753881A (en) | WebService security certification access control method based on software digital certificate and timestamp | |
| CN104283886A (en) | Web safety access implementation method based on intelligent terminal local authentication | |
| EP2979420B1 (en) | Network system comprising a security management server and a home network, and method for including a device in the network system | |
| CN110278084B (en) | eID establishing method, related device and system | |
| US20160212123A1 (en) | System and method for providing a certificate by way of a browser extension | |
| CN102916965A (en) | Safety authentication mechanism and safety authentication system thereof for cloud service interfaces | |
| CN105681259A (en) | Open authorization method and apparatus and open platform | |
| CN108011873A (en) | A kind of illegal connection determination methods based on set covering | |
| CN104683107A (en) | Digital certificate storage method and device, and digital signature method and device | |
| JP2009118110A (en) | Method and system for provisioning meta data of authentication system, its program and recording medium | |
| CN104936177B (en) | A kind of access authentication method and access authentication system | |
| CN102412969B (en) | Method for carrying out authentication by remotely using certificate and secret key, apparatus and system thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |