CN104378210A - Cross-trust-domain identity authentication method - Google Patents

Cross-trust-domain identity authentication method Download PDF

Info

Publication number
CN104378210A
CN104378210A CN201410690822.7A CN201410690822A CN104378210A CN 104378210 A CN104378210 A CN 104378210A CN 201410690822 A CN201410690822 A CN 201410690822A CN 104378210 A CN104378210 A CN 104378210A
Authority
CN
China
Prior art keywords
token
identity
authentication
certificate
application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410690822.7A
Other languages
Chinese (zh)
Other versions
CN104378210B (en
Inventor
方鸣睿
汪仕兵
杨宇
秦凯
刘小华
邢朝阳
原蓓蓓
吴荣政
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CHENGDU WESTONE INFORMATION SAFETY TECHNOLOGY Co Ltd
Original Assignee
CHENGDU WESTONE INFORMATION SAFETY TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CHENGDU WESTONE INFORMATION SAFETY TECHNOLOGY Co Ltd filed Critical CHENGDU WESTONE INFORMATION SAFETY TECHNOLOGY Co Ltd
Priority to CN201410690822.7A priority Critical patent/CN104378210B/en
Publication of CN104378210A publication Critical patent/CN104378210A/en
Application granted granted Critical
Publication of CN104378210B publication Critical patent/CN104378210B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a cross-trust-domain identity authentication method. An identity authentication service module and an authentication terminal module are involved in the method. The identity authentication service module provides an issuing service and a verification service for an identity token, the issuing service of the identity token includes the steps of accepting the application for the identity token, packaging the identity token and issuing the identity token, and the verification service of the identity token includes the steps of verifying the identity token based on a challenge, returning user application system information depending on a valid token and excluding identity tokens of non-valid users through synchronization with an LDAP or a CRL. The authentication terminal module comprises an identity token application module and a client side password module. The identity token application module is in charge of identity token application and maintenance, and the client side password module provides a client side certification and password operation. A user can have access to a whole network through identity authentication at one place, and the trust problem existing in the prior is solved.

Description

Across the identity identifying method of trust domain
Technical field
The present invention relates to the identity identifying technology field in information network, be specifically related to a kind of identity identifying method across trust domain, by authentication token, realize in trust domain or access across trust domain.
Background technology
Current in the group such as government affairs, commercial affairs macroreticular environment, many times there is the trust systems that different Web vector graphic is different, as different CA, different operation systems, in time exchanging visits between each subnet, for security mechanism, all need to carry out repeatedly certification at each subnet, there is very large information barrier, the information sharing between inconvenient each subnet is with mutual.
Summary of the invention
In order to overcome the above-mentioned shortcoming of prior art, the invention provides a kind of identity identifying method across trust domain, realizing place certification, network-wide access, solving the trust problem of current existence.
The technical solution adopted for the present invention to solve the technical problems is: a kind of identity identifying method across trust domain, comprises identity authentication service module and certification terminal module;
Described identity authentication service module provides issuing of identity token to serve and the service for checking credentials; The service of issuing of described identity token comprises the accepting of identity token application, the encapsulation of identity token and issuing of identity token; The service for checking credentials of described identity token provides the checking of the identity token based on challenge, and with legal token for foundation returns user's application system information, and the identity token checking of disabled user is got rid of by synchronous LDAP or CRL;
Described certification terminal module comprises identity token application module and client password module; The application of described identity token application module in charge identity token and maintenance; Described client password module provides client certificate and crypto-operation.
Compared with prior art, good effect of the present invention is: the present invention is with PKI technology for core, and identity token is carrier, realizes in territory or the single-sign-on of inter-realm authentication and application system based on Windows and Linux platform.Tool has the following advantages:
1) the interdepartmental identity roaming problem of user's cross-system is solved;
2) authentication question of user across certificate territory is solved;
3) transmission capacity of trust is provided;
4) authentication question of the large-scale application system of synergetic is solved;
5) identification authentication mode of Regular application system, simplifies application system authentication development process;
6) single-sign-on between multiple application system is realized.
7) carrier of identity token--Authentication Client supports windows platform and Linux platform.
8) identity token across hardware and software platform, across language, extensibility.
Accompanying drawing explanation
Examples of the present invention will be described by way of reference to the accompanying drawings, wherein:
Fig. 1 is that application system carries out the flow chart of authentication to user.
Embodiment
The present invention is based on:
1, the digital signature technology of PKI, realizes the signature of identity token, ensures the validity of identity token, for cross-domain certification provides basis.
2, XML language specification, realizes the encapsulation of identity token, realize token cross-platform, across language, easily extensible.
3, WebService technology, realizes across hardware and software platform, the identity token service for checking credentials across language.
4, OPENID technology, realizes the standardization of identity authentication protocol.
5, COM technology, the token interface realizing Window platform is called.
6, FireFox plug-in part technology, the token interface realizing Linux platform is called.
Across an identity identifying method for trust domain, comprising: the identity token of authentication server issues service, token authentication service; Based on Windows Authentication Client identity token application module, call com interface based on the token of Windows; Based on Linux Authentication Client identity token application module, call plug-in unit based on the firefox token of linux; Client password module; Wherein:
Identity token: be similar to the resident identification card in life, comprise personal information (encryption, signing certificate etc.), sign originator information, stamped signature (signing the signature of originator), effective time scope, identity token adopt XML language encapsulate, allow identity token have cross-platform, across the advanced feature such as language, extensibility.
Identity token issues service: provide accepting identity token application, the encapsulation of token, issuing of token.
The identity token service for checking credentials: the checking of identity token based on challenge is provided, and with legal token for according to the function returning user's application system information; And the identity token checking of disabled user can be got rid of by synchronous LDAP or CRL.
Identity token application module: support Windows and Linux platform, application identity token, safeguards identity token, and the term of validity of real-time inspection token, ensure the available of identity token.
Token based on Windows calls com interface: provide the token based on windows platform to call relevant com interface, convenient calling across language token based on Windows application.
Firefox token based on Linux calls plug-in unit: provide and call relevant interface based on the token under Linux platform, the convenient application call based on Linux.
Client password module: client certificate is provided, the crypto-operations such as signature sign test are provided.
The present invention adopts and carries out authentication based on digital certificate X.509V3.Digital certificate is a statement of being signed and issued by CA, the unique corresponding relation of the PKI comprised in certification main body (" certificate Requestor " namely becomes after being issued certificate " certificate main body ") and certificate.Certificate comprises the content such as title and relevant information, the PKI of applicant, the digital signature of the CA of grant a certificate and the term of validity of certificate of certificate Requestor.Traditional potential safety hazard brought based on the authentication mode of user name, password can be stopped by the authentication mode of digital certificate.
Authentication module is technical foundation with PKI, take certificate verification as foundation of trust.User is after on a certificate server, certification is passed through, and can be that user issues a voucher relevant with certificate to PKI technology by this certificate server.User relies on this voucher, can obtain the trust of authentication service facility that other supports authentication protocol standard of the present invention, thus realizes user can unrestrictedly roam into other trust domain after a portal login.
Authentication module provides second development interface for various application system.Application system is transformed according to interface specification, can use the identity authentication service that authentication module provides.
Application system is after use identity authentication service, and user is without the need to carrying out certification separately in each application system.User only need after on certificate server, certification be passed through, application program rely on identity authentication service to differentiate user identity obtains user profile.
Authentication module can for each application system for user creates account mapping relations.Application system can rely on user identity authority and the application identities of self from authentication service, obtain the accounts information of user in its own system.This function can be used for solving existing application system and retains existing user profile when transforming.
Adopt C/S framework based on the identity authorization system across trust domain ID authentication mechanism, terminal computer needs dispose authentication client software.Authentication client software as the UI program with user interactions, simultaneously for dispatching security encryption device (USBKey).User carries out PKI and certificate verification by authentication client software and authentication server, certification by after be that client issues identity token (comprise the identity information of user, certificate information, the relevant information of certificate server and certificate in token, and by certificate server private key signature) by certificate server.By means of this token, user can prove self identity in different authenticated domain.
Authentication module also defines interface specification and the application system development specification of complete set.Application system is developed according to specification, can rely on the authentication that identity authentication service realizes self application system.Different application systems shares same identity authentication service, and authentication module can provide unified identity information and the authentication state of user to application system, simplifies the authentication operation of user, realizes single-sign-on.
Authentication module is externally in two forms for application system provides authentication service: based on SOA mode with based on OpenID mode.SOA mode is supported all operations system, is supported all software development languages, but does not support to carry out unified login, application unified management by united portal; OpenID only supports that Web applies, but can carry out unified login by united portal, unified management.
Based on SOA mode
Authentication module provides WebService to serve in authentication service, in terminal for user provides COM control or FireFox plug-in unit.Application system carries out the flow process of authentication as shown in Figure 1 to user, comprises the steps:
Step is 1.: Authentication Client login authentication server carries out certification;
Step is 2.: after logining successfully, certificate server issues token to Authentication Client, comprises the identity information of user, certificate information, the relevant information of certificate server and certificate in token, and by certificate server private key signature.
Step is 3.: applications client (as IE browser) request access application server;
Step is 4.: application server produces a random number R by self program, initiates random number challenge to applications client;
Step is 5.: the random number R that applications client is produced by invokes authentication client-side interface application server is signed, and obtaining step 2. in certificate server be handed down to the token of Authentication Client;
Step is 6.: Authentication Client by step 2. in the signature value Sign (R) of the certificate server token and random number R that are handed down to Authentication Client be submitted to applications client (IE browser);
Step is 7.: the signature value Sign (R) of random number R and token are submitted to application server by applications client;
Step is 8.: random number R, random number signature value Sign (R) and token are submitted to certificate server by the api interface of webservice and verify by application server;
Step is 9.: certificate server is by preset root certificate chain file, and in checking token, mark signs and issues the validity of the certificate server certificate of this token, and according to the token that the mandate of keeper judges self whether should trust this certificate server and signs and issues; As met above-mentioned condition, certificate server extracts certificate server PKI from this certificate, verifies the validity of this token, and extract from token client public key to step 8. in information verify and produce authentication result.Authentication result comprises the signature of certification whether success, subscriber identity information and certificate server; Authentication result is returned to application server by webservice by certificate server.
The authentication result that application server authentication verification server returns, if step 9. in, by checking, application server extracts the operation flow of user profile for self from authentication result.
Based on OpenID mode
Authentication mode based on OpenID needs to dispose authentication plug-in unit on the application server; The authentication mode of OpenID can rely on the authentication mode of SOA, and its solution is as follows:
1) authentication plug-in unit and certificate server certification is called when application system starts and negotiation communication key;
2) user opens IE browser access application server;
3) application server detection user does not carry out certification jumps to certificate server authentication service by user's request;
4) certificate server certification page opens authentication client by calling COM control;
5) user is at authentication client input USBKey, and triggers itself and certificate server certification;
6) authentication client certificate obtains token from certificate server after passing through;
7) certification page adopts and differentiates user identity based on the flow process of SOA mode certification, and obtains subscriber identity information from authentication service;
8) certification page utilizes the double secret key user profile of consulting with application server plug-in unit to produce bill according to OpenID protocol specification;
9) bill is placed in the session of browser and application server is returned in redirect by certification page;
10) application server obtains bill from session, and utilizes the validity verifying bill with the communication key of certificate server;
11) if bill is effective, application server obtains user profile from bill, starts the operation flow of self.

Claims (5)

1., across an identity identifying method for trust domain, comprise identity authentication service module and certification terminal module, it is characterized in that:
Described identity authentication service module provides issuing of identity token to serve and the service for checking credentials; The service of issuing of described identity token comprises the accepting of identity token application, the encapsulation of identity token and issuing of identity token; The service for checking credentials of described identity token provides the checking of the identity token based on challenge, and with legal token for foundation returns user's application system information, and the identity token checking of disabled user is got rid of by synchronous LDAP or CRL;
Described certification terminal module comprises identity token application module and client password module; The application of described identity token application module in charge identity token and maintenance; Described client password module provides client certificate and crypto-operation.
2. the identity identifying method across trust domain according to claim 1, is characterized in that: described identity token application module comprises the identity token application module based on Windows Authentication Client and the identity token application module based on Linux Authentication Client.
3. the identity identifying method across trust domain according to claim 1, is characterized in that: described identity token adopts XML language to encapsulate.
4. the identity identifying method across trust domain according to claim 1, is characterized in that: described authentication module externally provides authentication service in the mode based on SOA for application system, and concrete steps are as follows:
Step is 1.: Authentication Client login authentication server carries out certification;
Step is 2.: after logining successfully, certificate server issues token to Authentication Client, comprises the identity information of user, certificate information, the relevant information of certificate server and certificate in token, and by certificate server private key signature;
Step is 3.: applications client request access application server;
Step is 4.: application server produces a random number R by self program, initiates random number challenge to applications client;
Step is 5.: the random number R that applications client is produced by invokes authentication client-side interface application server is signed, and obtaining step 2. in certificate server be handed down to the token of Authentication Client;
Step is 6.: Authentication Client by step 2. in the signature value Sign (R) of the certificate server token and random number R that are handed down to Authentication Client be submitted to applications client;
Step is 7.: the signature value Sign (R) of random number R and token are submitted to application server by applications client;
Step is 8.: random number R, random number signature value Sign (R) and token are submitted to certificate server by the api interface of webservice and verify by application server;
Step is 9.: certificate server is by preset root certificate chain file, and in checking token, mark signs and issues the validity of the certificate server certificate of this token, and judges whether to trust according to the mandate of keeper the token that this certificate server signs and issues; If trusted, then certificate server extracts certificate server PKI from this certificate, verify the validity of this token, then extract from token client public key to step 8. in information verify and produce authentication result, authentication result is returned to application server by webservice; Application server is verified authentication result: if step 9. in, by checking, then application server extracts the operation flow of user profile for self from authentication result.
5. the identity identifying method across trust domain according to claim 4, is characterized in that: described authentication module externally provides authentication service in the mode based on OpenID for application system, and concrete steps are as follows:
1) authentication plug-in unit and certificate server certification is called when application system starts and negotiation communication key;
2) user opens IE browser access application server;
3) when application server detects that user does not carry out certification, then user's request is jumped to the authentication service of certificate server;
4) certificate server certification page opens authentication client by calling COM control;
5) user is at authentication client input USBKey, and triggers itself and certificate server certification;
6) authentication client certificate obtains token from certificate server after passing through;
7) certification page adopts and differentiates user identity based on the flow process of SOA mode certification, and obtains subscriber identity information from authentication service;
8) certification page utilizes the double secret key user profile of consulting with application server plug-in unit to produce bill according to OpenID protocol specification;
9) bill is placed in the session of browser and application server is returned in redirect by certification page;
10) application server obtains bill from session, and utilizes the validity verifying bill with the communication key of certificate server;
11) if bill is effective, application server obtains user profile from bill, starts the operation flow of self.
CN201410690822.7A 2014-11-26 2014-11-26 Across the identity identifying method of trust domain Active CN104378210B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410690822.7A CN104378210B (en) 2014-11-26 2014-11-26 Across the identity identifying method of trust domain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410690822.7A CN104378210B (en) 2014-11-26 2014-11-26 Across the identity identifying method of trust domain

Publications (2)

Publication Number Publication Date
CN104378210A true CN104378210A (en) 2015-02-25
CN104378210B CN104378210B (en) 2018-01-26

Family

ID=52556891

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410690822.7A Active CN104378210B (en) 2014-11-26 2014-11-26 Across the identity identifying method of trust domain

Country Status (1)

Country Link
CN (1) CN104378210B (en)

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105791259A (en) * 2015-10-26 2016-07-20 北京中金国盛认证有限公司 Method for protecting personal information
CN105978855A (en) * 2016-04-18 2016-09-28 南开大学 System and method for protecting personal information security in real-name system
CN107454077A (en) * 2017-08-01 2017-12-08 北京迪曼森科技有限公司 A kind of single-point logging method based on IKI ID authentications
CN107800725A (en) * 2017-12-11 2018-03-13 公安部第研究所 A kind of digital certificate remote online managing device and method
CN107798233A (en) * 2016-09-06 2018-03-13 信特尼有限公司 It is classified the following constraint of trust chain
CN107995185A (en) * 2017-11-28 2018-05-04 北京信安世纪科技有限公司 A kind of authentication method and device
CN108476216A (en) * 2016-03-31 2018-08-31 甲骨文国际公司 For integrating system and method for the transaction middleware platform with centralized access manager for the single-sign-on in enterprise-level computing environment
CN108574576A (en) * 2018-04-26 2018-09-25 中科边缘智慧信息科技(苏州)有限公司 Across high in the clouds authentication method based on Kerberos systems
CN109150862A (en) * 2018-08-03 2019-01-04 福建天泉教育科技有限公司 A kind of method and server-side for realizing token roaming
CN109274694A (en) * 2018-11-14 2019-01-25 天津市国瑞数码安全系统股份有限公司 A kind of general cross-domain authentication method based on mark
CN109347857A (en) * 2018-11-14 2019-02-15 天津市国瑞数码安全系统股份有限公司 A kind of general inter-network authentication method based on mark
CN109388937A (en) * 2018-11-05 2019-02-26 用友网络科技股份有限公司 A kind of single-point logging method and login system of multiple-factor authentication
CN109688098A (en) * 2018-09-07 2019-04-26 平安科技(深圳)有限公司 Safety communicating method, device, equipment and the computer readable storage medium of data
CN109792441A (en) * 2016-10-13 2019-05-21 霍尼韦尔国际公司 Across safe floor secure communication
CN111213339A (en) * 2017-10-19 2020-05-29 T移动美国公司 Authentication token with client key
CN111464535A (en) * 2020-03-31 2020-07-28 中国电子科技集团公司第三十研究所 Cross-domain trust transfer method based on block chain
CN111541658A (en) * 2020-04-14 2020-08-14 许艺明 PCIE prevents hot wall
CN111865598A (en) * 2019-04-28 2020-10-30 华为技术有限公司 Identity verification method and related device for network function service
CN113420282A (en) * 2021-06-12 2021-09-21 济南浪潮数据技术有限公司 Cross-site single sign-on method and device
CN113626840A (en) * 2021-07-23 2021-11-09 曙光信息产业(北京)有限公司 Interface authentication method and device, computer equipment and storage medium
CN114363015A (en) * 2021-12-17 2022-04-15 上海大智慧申久信息技术有限公司 Client identity authentication method and system under multi-account system
CN114900344A (en) * 2022-04-26 2022-08-12 四川智能建造科技股份有限公司 Identity authentication method, system, terminal and computer readable storage medium
CN116049802A (en) * 2023-03-31 2023-05-02 深圳竹云科技股份有限公司 Application single sign-on method, system, computer equipment and storage medium
CN111541658B (en) * 2020-04-14 2024-05-31 许艺明 PCIE firewall

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242272A (en) * 2008-03-11 2008-08-13 南京邮电大学 Realization method for cross-grid secure platform based on mobile agent, assertion
CN101534192A (en) * 2008-03-14 2009-09-16 西门子公司 System used for providing cross-domain token and method thereof
CN103701823A (en) * 2013-12-31 2014-04-02 曙光云计算技术有限公司 Single-point logging in method and device
US20140189827A1 (en) * 2012-12-27 2014-07-03 Motorola Solutions, Inc. System and method for scoping a user identity assertion to collaborative devices

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242272A (en) * 2008-03-11 2008-08-13 南京邮电大学 Realization method for cross-grid secure platform based on mobile agent, assertion
CN101534192A (en) * 2008-03-14 2009-09-16 西门子公司 System used for providing cross-domain token and method thereof
US20140189827A1 (en) * 2012-12-27 2014-07-03 Motorola Solutions, Inc. System and method for scoping a user identity assertion to collaborative devices
CN103701823A (en) * 2013-12-31 2014-04-02 曙光云计算技术有限公司 Single-point logging in method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
杨宇: "基于PKI身份认证系统的研究和实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105791259A (en) * 2015-10-26 2016-07-20 北京中金国盛认证有限公司 Method for protecting personal information
CN105791259B (en) * 2015-10-26 2018-11-16 北京中金国盛认证有限公司 A kind of method of personal information protection
CN108476216A (en) * 2016-03-31 2018-08-31 甲骨文国际公司 For integrating system and method for the transaction middleware platform with centralized access manager for the single-sign-on in enterprise-level computing environment
CN108476216B (en) * 2016-03-31 2021-01-22 甲骨文国际公司 System and method for integrating a transactional middleware platform with a centralized access manager for single sign-on in an enterprise-class computing environment
CN105978855A (en) * 2016-04-18 2016-09-28 南开大学 System and method for protecting personal information security in real-name system
CN105978855B (en) * 2016-04-18 2018-11-23 南开大学 Personal information safety protection system and method under a kind of system of real name
CN107798233B (en) * 2016-09-06 2022-01-07 信特尼有限公司 Method and electronic device for configuring target domains of hierarchical trust chain
CN107798233A (en) * 2016-09-06 2018-03-13 信特尼有限公司 It is classified the following constraint of trust chain
CN109792441A (en) * 2016-10-13 2019-05-21 霍尼韦尔国际公司 Across safe floor secure communication
CN107454077A (en) * 2017-08-01 2017-12-08 北京迪曼森科技有限公司 A kind of single-point logging method based on IKI ID authentications
CN107454077B (en) * 2017-08-01 2020-05-19 北京迪曼森科技有限公司 Single sign-on method based on IKI identification authentication
CN111213339B (en) * 2017-10-19 2023-05-16 T移动美国公司 Authentication token with client key
CN111213339A (en) * 2017-10-19 2020-05-29 T移动美国公司 Authentication token with client key
CN107995185A (en) * 2017-11-28 2018-05-04 北京信安世纪科技有限公司 A kind of authentication method and device
CN107800725B (en) * 2017-12-11 2023-08-29 公安部第一研究所 Remote online management device and method for digital certificates
CN107800725A (en) * 2017-12-11 2018-03-13 公安部第研究所 A kind of digital certificate remote online managing device and method
CN108574576A (en) * 2018-04-26 2018-09-25 中科边缘智慧信息科技(苏州)有限公司 Across high in the clouds authentication method based on Kerberos systems
CN108574576B (en) * 2018-04-26 2021-05-28 中科边缘智慧信息科技(苏州)有限公司 Cross-cloud-boundary authentication method based on Kerberos system
CN109150862A (en) * 2018-08-03 2019-01-04 福建天泉教育科技有限公司 A kind of method and server-side for realizing token roaming
CN109150862B (en) * 2018-08-03 2021-06-08 福建天泉教育科技有限公司 Method and server for realizing token roaming
CN109688098A (en) * 2018-09-07 2019-04-26 平安科技(深圳)有限公司 Safety communicating method, device, equipment and the computer readable storage medium of data
CN109388937A (en) * 2018-11-05 2019-02-26 用友网络科技股份有限公司 A kind of single-point logging method and login system of multiple-factor authentication
CN109347857A (en) * 2018-11-14 2019-02-15 天津市国瑞数码安全系统股份有限公司 A kind of general inter-network authentication method based on mark
CN109274694A (en) * 2018-11-14 2019-01-25 天津市国瑞数码安全系统股份有限公司 A kind of general cross-domain authentication method based on mark
WO2020220865A1 (en) * 2019-04-28 2020-11-05 华为技术有限公司 Identity check method for network function service, and related device
CN111865598A (en) * 2019-04-28 2020-10-30 华为技术有限公司 Identity verification method and related device for network function service
CN111865598B (en) * 2019-04-28 2022-05-10 华为技术有限公司 Identity verification method and related device for network function service
CN111464535A (en) * 2020-03-31 2020-07-28 中国电子科技集团公司第三十研究所 Cross-domain trust transfer method based on block chain
CN111541658A (en) * 2020-04-14 2020-08-14 许艺明 PCIE prevents hot wall
CN111541658B (en) * 2020-04-14 2024-05-31 许艺明 PCIE firewall
CN113420282A (en) * 2021-06-12 2021-09-21 济南浪潮数据技术有限公司 Cross-site single sign-on method and device
CN113626840A (en) * 2021-07-23 2021-11-09 曙光信息产业(北京)有限公司 Interface authentication method and device, computer equipment and storage medium
CN114363015A (en) * 2021-12-17 2022-04-15 上海大智慧申久信息技术有限公司 Client identity authentication method and system under multi-account system
CN114363015B (en) * 2021-12-17 2024-03-15 上海大智慧申久信息技术有限公司 Customer identity authentication method and system under multi-account system
CN114900344A (en) * 2022-04-26 2022-08-12 四川智能建造科技股份有限公司 Identity authentication method, system, terminal and computer readable storage medium
CN116049802A (en) * 2023-03-31 2023-05-02 深圳竹云科技股份有限公司 Application single sign-on method, system, computer equipment and storage medium
CN116049802B (en) * 2023-03-31 2023-07-18 深圳竹云科技股份有限公司 Application single sign-on method, system, computer equipment and storage medium

Also Published As

Publication number Publication date
CN104378210B (en) 2018-01-26

Similar Documents

Publication Publication Date Title
CN104378210A (en) Cross-trust-domain identity authentication method
CN102984127B (en) User-centered mobile internet identity managing and identifying method
CN105917630B (en) Use single-sign-on bootstrapping to the redirection for checking agency
EP2939386B1 (en) Method and apparatus for single sign-on collaboration among mobile devices
CN104753881B (en) A kind of WebService safety certification access control method based on software digital certificate and timestamp
EP2770662A1 (en) Centralized security management method and system for third party application and corresponding communication system
CN110267270B (en) Identity authentication method for sensor terminal access edge gateway in transformer substation
GB2547472A (en) Method and system for authentication
CN103780397A (en) Multi-screen multi-factor WEB identity authentication method convenient and fast to implement
EP3286893A1 (en) Secure transmission of a session identifier during service authentication
US20170070353A1 (en) Method of managing credentials in a server and a client system
CN113285807B (en) Network access authentication method and system for intelligent equipment
WO2013101358A1 (en) System and method for secure network login
EP2391083A1 (en) Method for realizing authentication center and authentication system
WO2014110877A1 (en) Mobile terminal device and user authentication method based on pki technology
CN104283886A (en) Web safety access implementation method based on intelligent terminal local authentication
US10601809B2 (en) System and method for providing a certificate by way of a browser extension
EP2979420B1 (en) Network system comprising a security management server and a home network, and method for including a device in the network system
CN110278084B (en) eID establishing method, related device and system
CN105681259A (en) Open authorization method and apparatus and open platform
CN102916965A (en) Safety authentication mechanism and safety authentication system thereof for cloud service interfaces
CN108011873A (en) A kind of illegal connection determination methods based on set covering
CN104683107A (en) Digital certificate storage method and device, and digital signature method and device
CN109274579A (en) It is a kind of that user's uniform authentication method is applied based on wechat platform more
CN104936177B (en) A kind of access authentication method and access authentication system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant