CN105991602A - Data access method and data access system - Google Patents
Data access method and data access system Download PDFInfo
- Publication number
- CN105991602A CN105991602A CN201510088641.1A CN201510088641A CN105991602A CN 105991602 A CN105991602 A CN 105991602A CN 201510088641 A CN201510088641 A CN 201510088641A CN 105991602 A CN105991602 A CN 105991602A
- Authority
- CN
- China
- Prior art keywords
- roaming
- application
- authentication platform
- bill
- roaming bill
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention discloses a data access method and a data access system. The method comprises: a local authentication platform receives an access request sent by a local application belonging to a local authentication platform, and the access request carries a target authentication platform and the target application belonging to the target authentication platform; the local authentication platform generates a first roaming bill application request according to the access request; the first roaming bill application request is sent to the target authentication platform to allow the target authentication platform to generate a corresponding first roaming bill according to the application request in the first roaming bill; the local authentication platform receives the first roaming bill returned back by the target authentication platform; and the first roaming bill is sent to the local application to allow the local application to carry the first roaming bill for access the target application. The data access method performs roaming bill generation and forwarding through an authentication platform so as to effectively improve the roaming access speed between safety regions.
Description
Technical field
The present invention relates to technical field of network security, particularly relate to the data access method between a kind of Multi-security domain and data
Access system.
Background technology
Security domain refers to the interior character according to information of same system, the difference using the elements such as main body, Security Target and strategy
The Different Logic subnet dividing or network, have inside each logic region identical safeguard protection demand, have identical
Safe access control and boundary Control strategy, there is between logic region the relation of trusting each other, and identical security domain it
Between share identical security strategy.
In prior art, when needing roaming access (i.e. cross-domain access is applied) between multiple security domains, general by overflowing
Trip bill is centrally generated and forwards bill, specifically can be referring to shown in Fig. 1, and one roams the corresponding multiple security domains in bill center
(accompanying drawing only showing two security domains as example), and this roaming bill central store has the application of each security domain corresponding
The authentication information etc. of the resource number of resource, resource IP and account, thus (A security domain is referred to as at a security domain
For access domain) in application have access in another security domain (B security domain, referred to as aiming field) application when, A
Security domain needs first to roaming bill center application billing information, and this roaming bill center receives the authentication platform of A security domain
The roaming ticket requests that sends simultaneously will roam bill and be forwarded to the authentication platform of A security domain accordingly;And then, A safety
The authentication platform in territory carries the application that roaming bill accesses in B security domain on authentication platform, according to roaming bill B security domain
Authentication platform to roaming bill center send verification application, this roaming bill center receive verification roaming bill verification Shen
Please and carry out verifying certification to roaming bill, answering on authentication platform in A security domain after roaming bill verifies successfully
Conduct interviews with the application entering in B security domain on authentication platform.
But, in existing roaming access method, if the authentication platform in multiple security domain needs to access other simultaneously
In security domain during application on authentication platform, thus the certification in multiple security domain can only be received by roaming bill center and put down
Platform sends request and the verification certification of roaming bill, may seriously cause at roaming bill central information bearing capacity and data
Reason ability is significantly greatly increased, and then easily causes the reduction of roaming access speed and roaming bill central information bearing capacity excess load
Cause the problems such as systemic breakdown.
Content of the invention
The embodiment of the present invention provides the data access method between a kind of Multi-security domain and data access system, existing to solve
During having the roaming access between the security domain in technology, need to receive multiple security domain owing to roaming bill center simultaneously
The request of interior authentication platform transmission roaming bill, and roam bill to generating and forwarding and the verification roaming bill is recognized
Card, may cause roaming bill central information bearing capacity and data-handling capacity to be significantly greatly increased, and then easily causes roaming visit
Ask that speed reduces and roaming bill central information bearing capacity excess load causes the problems such as systemic breakdown.
In order to solve above-mentioned technical problem, the embodiment of the invention discloses following technical scheme:
First aspect, the embodiment of the present invention provides a kind of data access method, comprising:
Receive locally applied the sent access request belonging to local authentication platform, in described access request, carry mesh
Mark authentication platform and the intended application belonging to described target authentication platform;
Generate the first roaming bill application request according to described access request;
Send described first roaming bill application request to described target authentication platform, so that described target authentication platform root
Generate the corresponding first roaming bill according to described first roaming bill application request;
Receive the first roaming bill that described target authentication platform returns;
Send described first roaming bill to described locally applied, locally applied carry the described first roaming ticket so that described
According to the described intended application of access.
In conjunction with first aspect, in the first possible implementation of first aspect, described data access method also includes:
Receiving the second roaming bill application request that the 3rd authentication platform sends, described second roaming bill application request is institute
State what the 3rd authentication platform generated according to the sent access request of the 3rd application belonging to described 3rd authentication platform;
According to described second roaming bill application request, generate the corresponding second roaming bill;
Send described second roaming bill to described 3rd authentication platform, so that described 3rd authentication platform is by described second
Roaming bill sends to described 3rd application, and described 3rd application carry the described second roaming bill access described this locality should
With.
In conjunction with the first possible implementation of first aspect, in the possible implementation of first aspect the second, described
Data access method also includes:
Receiving the certification request of locally applied transmission, described certification request accesses described for locally applied according to the 3rd application
The second roaming bill that ground application is carried generates;
According to described certification request verification certification, second roams bill, and described 3rd application accesses described this locality and answers
With.
In conjunction with the first possible implementation of first aspect, in the third possible implementation of first aspect, described
Generate the corresponding second roaming bill, comprising:
Search and confirm the type of the described second roaming bill application request;
Ask corresponding money according to the described second roaming bill application that described type search local authentication platform internal memory stores up
Source information;
Search according to described resource information and draw the corresponding second roaming bill.
In conjunction with the possible implementation of first aspect the second, in the 4th kind of possible implementation of first aspect, described
The second roaming bill according to verification certification is asked in described certification, and described 3rd application access is described locally applied, bag
Include:
Judge whether the described second roaming bill verifies certification success, and send verification authentication result to the 3rd application;
If described second roaming bill verification certification success, then described 3rd application redirect access described locally applied;
If described second roaming bill verification authentification failure, return identity authentication error data, and should by the described 3rd
With jumping to authentication wrong data.
Second aspect, the embodiment of the present invention provides a kind of data access system, comprising:
Access request receiver module, for receiving locally applied the sent access request belonging to local authentication platform,
Carry target authentication platform in described access request and belong to the intended application of described target authentication platform;
Ticket requests generation module, for generating the first roaming bill application request according to described access request;
Ticket requests sending module, for putting down the generate first roaming bill application request transmission to described target authentication
Platform;
Roaming ticket recipient module, for receiving the first roaming bill that described target authentication platform returns;
First roaming bill sending module, sends to belonging to local authentication platform for the first roaming bill that will receive
Locally applied.
In conjunction with second aspect, in the first possible implementation of second aspect, described data access system also includes:
Ticket requests receiver module, for receiving the second roaming bill application request that the 3rd authentication platform sends, described the
Two roaming bill application requests are sent out according to the 3rd application belonging to described 3rd authentication platform by described 3rd authentication platform
The access request sent generates;
Roaming bill generation module, for according to described second roaming bill application request, generating the corresponding second roaming ticket
According to;
Second roaming bill sending module, sends to described 3rd authentication platform for roaming bill by described second, so that
Described 3rd authentication platform sends described second roaming bill to described 3rd application, and described 3rd application is carried described
Second roaming bill accesses described locally applied.
In conjunction with the first possible implementation of second aspect, in the possible implementation of second aspect the second, described
Data access system also includes:
Receiver module is asked in certification, and for receiving the certification request of locally applied transmission, described certification request is locally applied
Access what described locally applied the second roaming bill carrying generated according to the 3rd application;
Verification authentication module, for the second roaming bill according to described certification request verification certification, and the described 3rd should
Described locally applied with accessing.
In conjunction with the first possible implementation of second aspect, in the third possible implementation of second aspect, described
Roaming bill generation module includes:
First lookup unit, for searching and confirming the type of the described second roaming bill application request;
Second lookup unit, for the described second roaming bill Shen stored up according to described type search local authentication platform internal memory
Please ask corresponding resource information;
Roaming bill acquiring unit, draws the corresponding second roaming bill for searching according to described resource information.
In conjunction with the possible implementation of second aspect the second, in the 4th kind of possible implementation of second aspect, described
Verification authentication module includes:
Judging unit, is used for judging whether the described second roaming bill verifies certification success, and sends verification authentication result
To the 3rd application;
First jump-transfer unit, if for described second roaming bill verification certification success, then described 3rd application redirects visit
Ask described locally applied;
Second jump-transfer unit, if for described second roaming bill verification authentification failure, returning an identity authentication error number
According to, and described 3rd application is jumped to authentication wrong data.
The data access method being provided from above technical scheme, the embodiment of the present invention, in this locality of local authentication platform
When application accesses the intended application of target authentication platform, local authentication platform receives from locally applied access intended application
Access request, this access request carries target authentication platform and intended application, it is simple to local authentication platform generates correspondence
First roaming bill application request of intended application, and send to corresponding target authentication platform, so that target authentication platform
Generate the corresponding first roaming bill according to the first roaming bill application request receiving and the first roaming bill is back to
Local authentication platform;Local authentication platform receive return first roaming bill after send it to locally applied, by this
Ground application is carried this first roaming bill and is accessed intended application.The data access method being provided by the application, belongs to this
When the locally applied needs of ground authentication platform access the intended application of different security domain, can be direct by local authentication platform
Send the first roaming bill application request of corresponding access request to target authentication platform, thus receive by target authentication platform
The the first roaming bill generating according to the first roaming bill application request, and to carry the first roaming bill direct by locally applied
Access intended application.Thus it is prevented effectively from when carrying out roaming access between multiple security domain, the local authentication in each security domain
Platform needs to carry out roaming ticket requests to bill roaming center respectively, thus increases the burden at bill roaming center, reduces
The speed that security domain internetwork roaming accesses.
Further, in the data access method that the application provides, local authentication platform can receive the 3rd authentication platform
It (is different from the 3rd authentication platform of local authentication platform and target authentication platform, and this three authentication platforms are respectively positioned on difference
Security domain) the 3rd application that the 3rd authentication platform generates that belongs to that sends accesses the locally applied second roaming bill Shen
Please ask, meanwhile, generate the corresponding second roaming bill according to the second roaming bill application request, and by this second roaming
Bill forwards and sends to the 3rd authentication platform.Generated by the authentication platform in security domain and forward in requisition for access
The roaming bill of application, thus avoid prior art being concentrated through roam the side that bill was centrally generated and forwarded roaming bill
Formula, greatly reduces the data process load at roaming bill center, it is to avoid roaming bill central concentrated load is easily caused more greatly safety
Cannot be carried out roaming access between territory, and effectively improve the speed of roaming access between security domain.
In addition, in the data access method of the application offer, local authentication platform is receiving carrying of locally applied generation
After having the certification request of roaming bill, the roaming bill that meeting is carried when asking and access locally applied according to certification to the 3rd application
Carry out verifying certification, and after verification certification success, it is locally applied that the 3rd application redirects access.Implemented by the application
Example, can make authentication platform in security domain to needing the locally applied roaming carried belonging to this authentication platform that accesses
Bill carries out verifying certification, it is to avoid be authenticated unified for certification request transmission to bill roaming center, and by authentication result
Situation about being forwarded by authentication platform, thus saved data transmission stream journey, improve roaming access speed.
Brief description
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
In technology description, the accompanying drawing of required use is briefly described, it should be apparent that, for those of ordinary skill in the art
Speech, on the premise of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
The schematic flow sheet of one embodiment of the data access method that Fig. 1 provides for the present invention;
The schematic flow sheet of another embodiment of the data access method that Fig. 2 provides for the present invention;
The schematic flow sheet of another embodiment of the data access method that Fig. 3 provides for the present invention;
The schematic flow sheet of another embodiment of the data access method that Fig. 4 provides for the present invention;
The schematic flow sheet of another embodiment of the data access method that Fig. 5 provides for the present invention;
The application structure schematic diagram of the data access method that Fig. 6 provides for the embodiment of the present invention;
The structural representation of one embodiment of the data access system that Fig. 7 provides for the present invention;
The structural representation of another embodiment of the data access system that Fig. 8 provides for the present invention;
The structural representation of another embodiment of the data access system that Fig. 9 provides for the present invention;
The structural representation of another embodiment of the data access system that Figure 10 provides for the present invention;
The structural representation of another embodiment of the data access system that Figure 11 provides for the present invention.
Detailed description of the invention
For the technical scheme making those skilled in the art be more fully understood that in the present invention, implement below in conjunction with the present invention
Accompanying drawing in example, is clearly and completely described to the technical scheme in the embodiment of the present invention, it is clear that described reality
Executing example is only a part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, ability
The every other embodiment that territory those of ordinary skill is obtained under the premise of not making creative work, all should belong to this
The scope of invention protection.
See Fig. 1, for the schematic flow sheet of a kind of data access method that the embodiment of the present invention provides.
As it is shown in figure 1, the data access method that disclosure embodiment provides includes:
Step S101: receive locally applied the sent access request belonging to local authentication platform, described access request
Inside carry target authentication platform and belong to the intended application of described target authentication platform;
Local authentication platform and target authentication platform all can be located in different security domains in implementation process, locally applied return
Belonging to local authentication platform, intended application belongs to target authentication platform;In the present embodiment, with this local authentication platform
The security domain at place is access domain, with the security domain at target authentication platform place as aiming field, is i.e. recognized by belonging to this locality
The locally applied access of card platform belongs to the intended application of target authentication platform.During conducting interviews, locally applied
The access instruction that user sends can be received, thus locally applied by the access instruction generation access request according to user, should
Access request carries the target authentication platform needing to access and the intended application belonging to target authentication platform, specifically,
Access request carries the specifying information of target authentication platform and intended application, so that local authentication platform receives this access
Request, it is simple to local authentication platform can generate corresponding roaming bill application request according to the access request receiving, and
Roaming bill application request is sent to corresponding authentication platform exactly.
Step S102: generate the first roaming bill application request according to described access request;
Wherein, in the data access method that the present embodiment provides, local authentication platform can carry mesh according to receive
Mark authentication platform and the access request of intended application belonging to target authentication platform, generate the corresponding to access request
One roaming bill application request;Concrete, target authentication platform and belong to the intended application of target authentication platform and pass through
IP address etc. is identified, consequently facilitating the first roaming bill application request that local authentication platform can directly will generate.
The concrete mode generating the first roaming bill application request does not elaborate in embodiments of the present invention.
Step S103: send described first roaming bill application request to described target authentication platform, so that described target
Authentication platform generates the corresponding first roaming bill according to described first roaming bill application request;
Wherein, after local authentication platform generates the first roaming bill application request, this local authentication platform is according to the first roaming
The corresponding target authentication platform of bill application request, local authentication platform sends the first roaming bill application request to target
Authentication platform, is received this first roaming bill application request by target authentication platform, and by target authentication platform according to first
Roaming bill application request generates the first corresponding roaming bill.
Target authentication platform and belong to the intended application of target authentication platform and be identified by IP address etc., thus
It is easy to local authentication platform can directly the first roaming bill application request transmission generating be put down to correct target authentication
Platform, and according to the IP address of intended application, enable target authentication platform to generate first corresponding with intended application and overflow
Trip bill, the information carrier with authentication role that this first roaming bill is formed for form according to the rules, money can be included
Source information, authentication information, timestamp and password etc..
Step S104: receive the first roaming bill that described target authentication platform returns;
Wherein, send the first roaming bill application request generating to target authentication platform, target at local authentication platform
Authentication platform generates the corresponding first roaming bill and forwards transmission to local authentication platform;Local authentication platform receive this
One roaming bill.Wherein, the embodiment of corresponding target authentication platform generation the first roaming bill does not enters in the present embodiment
Row elaborates.
Step S105: send described first roaming bill to described locally applied so that described locally applied carry described
First roaming bill accesses described intended application;
In order to ensure locally applied can directly to access intended application, this first roaming bill is sent extremely by local authentication platform
Locally applied.In implementation process, locally applied receive the first roaming bill after, locally applied carry this first roaming
Bill directly accesses intended application, owing to the first roaming bill represents the authentication information of locally applied access intended application,
Therefore, when intended application receives the locally applied access carrying the first roaming bill, intended application can be according to first
The information of roaming bill sends corresponding certification asks to target authentication platform, it is simple to target authentication platform is to the first roaming ticket
According to carrying out verifying certification, so that locally applied can redirect access intended application.
It should be noted that in the data access method that the embodiment of the present invention provides, local authentication platform is stored with ownership
The resource information of all application of Internet access in local authentication platform, and the resource information pair according to application that is stored with
Roaming bill after should changing;Target authentication platform is stored with and belongs to all application of Internet access in target authentication platform
Resource information, and the roaming bill after the resource information corresponding conversion according to this application that is stored with.Pass through local authentication
Platform and target authentication storage belong to the corresponding bill of application in self platform, consequently facilitating under belonging to self platform
Application be accessed in the case of, self platform can corresponding generate roaming bill.
In addition, in the present embodiment, also can be with switched access between this local authentication platform and target authentication platform, i.e. originally
Security domain belonging to authentication platform for the ground is aiming field, and the security domain belonging to target authentication platform is access domain, belongs to target
The intended application of authentication platform also cross-domain access can belong to locally applied (now, the local authentication of local authentication platform
Platform is the target platform needing to access), this locality that the embodiment of this target authentication platform proposes with above-described embodiment is recognized
The embodiment of card platform is identical, and specific embodiment is no longer described in detail in the present embodiment.
Use the data access method that the embodiment of the present invention provides, owing to local authentication platform is able to receive that belonging to this locality recognizes
The access request of the locally applied transmission of card platform, thus generate roaming bill application request according to access request, this locality is recognized
Card platform directly sends roaming bill application request to the target authentication platform that can generate roaming bill, and is directly connecing
Send extremely locally applied, so that locally applied carry the first roaming after receiving the first roaming bill that target authentication platform returns
Bill accesses intended application.The data access method being provided by the present embodiment such that it is able to remove bill roaming center,
Directly being sent by carrying out roaming bill between two authentication platforms and receiving, being prevented effectively from bill roaming center needs to receive
The roaming bill application that in all security domains, authentication platform sends is asked and the corresponding process generating and forwarding roaming bill,
Can be directly by carrying out roaming the life of the transmission of bill application request and roaming bill between the authentication platform in security domain
Become, forward, thus accelerate data access speed.
See Fig. 2, show the schematic flow sheet of the another kind of data access method that the embodiment of the present invention provides.
As in figure 2 it is shown, the data access method that the embodiment of the present application provides includes:
Step S201: receive the second roaming bill application request that the 3rd authentication platform sends, described second roaming bill Shen
Please ask to apply sent access request by described 3rd authentication platform according to the belong to described 3rd authentication platform the 3rd
Generate;
In the data access method that the embodiment of the present application provides, the 3rd authentication platform is in the present embodiment for being different from this locality
Another authentication platform of authentication platform and target authentication platform, the 3rd authentication platform is as the authentication platform of access domain, originally
Ground authentication platform is as the authentication platform of aiming field, thus in implementation process, belong to the 3rd authentication platform the 3rd should
Carry, with the access instruction receiving user generation, the local authentication platform needing to access and locally applied access please
Asking, this access request is sent by the 3rd application, is received this access request by the 3rd authentication platform, and please according to accessing
Seek survival into corresponding to needing the second locally applied roaming bill application request accessing, by the second roaming bill application request
Send to local authentication platform.
Wherein, local authentication platform internal memory contains the locally applied resource letter belonging to local authentication platform, Internet access
Breath, and the roaming billing information becoming according to resource information corresponding conversion, thus local authentication platform receives the second roaming
After bill application request, owing to the second roaming bill application request is for needing to access locally applied access according to the 3rd application
Request generates, and therefore, the second roaming bill application request carries local authentication platform and locally applied mark (for example
IP address etc.) so that local authentication platform can directly generate corresponding second according to the second roaming bill application request and overflow
Trip bill, and forward transmission to the 3rd authentication platform by local authentication platform;And then, the 3rd authentication platform receives
After two roaming bills, send the second roaming bill to the 3rd application, after the 3rd application receives the second roaming bill, should
3rd application is carried the second roaming bill and is directly accessed locally applied.
It should be noted that the 3rd application carry the second roaming bill directly access locally applied during, need to the
The second roaming bill that three application are carried carries out bill verification certification, does not make at the present embodiment for bill verification certification
Many elaborations, can be referring to the description of other related embodiment once.
Step S202: according to described second roaming bill application request, generate the corresponding second roaming bill;
The application request that second roaming bill application request sends for the 3rd authentication platform in step S201, wherein, second
That roaming bill application request is mainly used in asking to belong to is that the 3rd application of the 3rd authentication platform needs to access, belong to this
The locally applied roaming bill (locally applied authentication information) of ground authentication platform, thus, local authentication platform root
According to the second roaming bill application request, generate the second roaming bill corresponding to the second roaming bill application request.
Concrete, it with reference to Fig. 3, show the schematic flow sheet of the another kind of data access method that the embodiment of the present application provides,
Specifically, local authentication platform generates the schematic flow sheet of the second roaming bill.
As it is shown on figure 3, the method that the local authentication platform that the embodiment of the present application provides generates the second roaming bill includes:
Step S2021: search and confirm the type of the described second roaming bill application request;
The type of the roaming bill application request that the local authentication platform in the embodiment of the present application offer is stored with different, specifically
The the second roaming bill accessing can be needed corresponding locally applied for what application request was carried, thus by the second roaming bill
Application request determine need to access locally applied (belonging to local authentication platform locally applied has multiple application, often
The corresponding IP address of individual application is different, accordingly, it would be desirable to which application confirms is).
Step S2022: the described second roaming bill application request stored up according to described type search local authentication platform internal memory
Corresponding resource information;
Wherein, it is provided with the resource letter of the application of the Internet access belonging in local authentication platform in local authentication platform
Breath, thus after step S2021 confirms the type of the second roaming bill application request, local authentication platform is according to confirmation
3rd application needs the locally applied of access, searches and draw the described second roaming bill application request in local authentication platform
Corresponding resource information, and then generate the second roaming bill according to resource information;
If it should be noted that locally applied not the having the right in the storage of local authentication platform internal memory that local authentication platform confirms
In the row of the application accessing, then it represents that authentication mistake or the 3rd application do not access locally applied authority;Otherwise turn
To step S2023.
Step S2023: search according to described resource information and draw the corresponding second roaming bill;
Wherein, owing to local authentication platform can directly generate corresponding according to the resource information of the application of the Internet access of storage
Roaming bill, and by corresponding roaming bill be stored in local authentication platform, thus step S2022 search draw
After the resource information of corresponding second roaming bill application request, search corresponding roaming bill according to this resource information,
It is the second roaming bill.
Belonged to the resource information of the application of local authentication platform Internet access, Yi Jizi by this local authentication platform storage
The roaming bill of source information corresponding conversion, it is simple to local authentication platform can quickly generate unrestrained according to roaming bill application request
Trip bill, and can accelerate to generate the speed of roaming bill by way of searching, effectively improve the speed of roaming access.
Step S203: send described second roaming bill to described 3rd authentication platform, so that described 3rd authentication platform
Send described second roaming bill to described 3rd application, and described 3rd application is carried the described second roaming bill and accessed
Described locally applied;
Wherein, after local authentication platform generates the second roaming bill, can be right according to sending the second roaming bill application request
Second roaming bill is forwarded and sends to the 3rd authentication platform, it is simple to the 3rd authentication platform receives by the 3rd authentication platform answered
The second roaming bill corresponding with the second roaming bill application request of feedback;So that the 3rd authentication platform overflows second
Trip bill is sent to the 3rd application, and the 3rd application is carried the second roaming bill and directly accessed locally applied.
It should be noted that in this application, the 3rd authentication platform is also stored with and belongs to the 3rd authentication platform and have the right
It is accessed for the resource information of application, and the roaming bill according to resource information corresponding conversion;And, the 3rd certification
Platform also can be conducted interviews by other application as aiming field, and detailed description of the invention can be put down referring to related local authentication
The embodiment of platform.
Using the data access method that the embodiment of the present invention provides, local authentication platform can receive the 3rd authentication platform and send out
The 3rd application belonging to the 3rd authentication platform generation sent accesses the second locally applied roaming bill application request, simultaneously
Generate the corresponding second roaming bill and be forwarded to the 3rd authentication platform.By embodiments herein, local authentication
Platform can generate and forward corresponding roaming bill, belongs in local authentication platform owing to local authentication platform is stored with
Have the right to be accessed for the resource information of application and the corresponding roaming bill changed, thus avoid bill roaming center to need to concentrate
Storage belongs to the resource information having the right to be accessed for application of authentication platform in each security domain, reduces bill roaming center
Data-handling capacity, accelerate the speed belonging to mutual cross-domain access between the application of authentication platform between security domain simultaneously
Degree.
See Fig. 4, show the another kind of data access method that the embodiment of the present invention provides.
As shown in Figure 4, local authentication platform, target authentication platform and the 3rd authentication platform providing in the embodiment of the present invention
All can directly carry out verifying certification to roaming bill, it is to avoid local authentication platform, target authentication platform and the 3rd certification are put down
Platform needs to send the certification request of roaming bill to outside, as carried out verifying certification by bill roaming center, reduces behaviour
Make flow process, effectively improve data access speed.In the present embodiment, with local authentication platform, school is carried out to the second roaming bill
As a example by testing certification, and in implementation process, each of the above authentication platform (local authentication platform, target authentication platform and
Three authentication platforms) be respectively positioned in different security domains, then data access method includes:
Step S301: receive the certification request of locally applied transmission, described certification request is applied according to the 3rd for locally applied
Access what described locally applied the second roaming bill carrying generated;
Wherein, as a example by local authentication platform, belong to the 3rd of the 3rd authentication platform and apply cross-domain access to belong to this locality
Authentication platform locally applied, receive in the 3rd application and the second roaming bill that the 3rd authentication platform sends (is used for energy
Enough access locally applied authentication information) after, the 3rd application can be carried the second roaming bill and directly be accessed locally applied;
Be positioned at different security domain due to locally applied from the 3rd application, then locally applied receiving carries the second roaming bill
In the case that 3rd application accesses, locally applied needs confirms whether the 3rd application has access rights, second i.e. carrying
Whether the authentication of roaming bill, policy validation or Authority Verification etc. are qualified;Therefore, locally applied needs should to this locality
Send the certification request about the second roaming bill with the local authentication platform of ownership.
Due to local authentication platform internal memory contain belong to local authentication platform have the right be accessed for application resource information,
And the roaming bill of resource information corresponding conversion, then local authentication platform is asked in the certification receiving locally applied transmission
After, according to the second roaming bill, in the roaming bill or resource information of the storage of local authentication platform internal memory, search corresponding money
Whether source information is identical with the second roaming bill, thus carries out verifying certification to the second roaming bill.
Step S302: second roams bill according to verification certification is asked in described certification, and described 3rd application accesses institute
State locally applied;
Owing to carrying the second roaming bill when the 3rd application accesses locally applied, this is locally applied receives the 3rd application
During access, corresponding certification can be generated according to the second roaming bill and ask and send to local authentication platform;Due to certification
Request carries the information of the related second roaming bill, then local authentication platform carries the second roaming ticket according to receive
According to certification request after, carry out verifying certification to the second roaming bill, and send verification authentication result to locally applied.
Concrete, see Fig. 5, show in step S302 and carry out verifying the flow process of verification process to the second roaming bill and show
It is intended to.
As shown in Figure 5, it is known that step S302 farther includes:
Step S3021: judge whether the described second roaming bill verifies certification success, and verification authentication result is sent extremely
3rd application;
Wherein, local authentication platform is stored with the letter roaming bill changed according to the resource information that Internet access is applied
Breath, therefore, after local authentication platform receives the certification request carrying the second roaming bill of locally applied transmission,
The roaming bill related to the second roaming bill is searched in the roaming billing information of local authentication platform internal memory storage;And should
The second roaming bill that roaming bill and certification request are carried is compared, and overflows with second if had in local authentication platform
The identical roaming bill of trip bill, then it represents that the second roaming bill verifies successfully, then the 3rd application has access locally applied
Authority;If not roaming the identical roaming bill of bill in local authentication platform with second, then it represents that the second roaming ticket
According to verifying unsuccessfully, then the 3rd application does not access locally applied authority.Meanwhile, roam to second at local authentication platform
After bill carries out verification certification, send the result of verification certification to the 3rd application.
In implementation process, this second roaming bill as a example by eight-digit binary number character string, then can be deposited in local authentication platform
The roaming bill of the application of 0-255 Internet access of storage, if this second roaming bill is 01011001, then needs
0-255 roaming bill searches whether comparison has identical character string, if having identical character string, then it represents that the
Two roaming bills verify successfully, and otherwise, the second roaming bill verifies unsuccessfully;These are only the illustration to roaming bill,
The form of this roaming bill is not limited to the embodiment mentioned in the present embodiment.
Step S3022: if described second roams bill verification certification success, then described 3rd application redirects described in access
Locally applied;
After step S3021 carries out verification certification to the second roaming bill, obtain the verification authentication result being related to, if
Fruit verification certification success, then local authentication platform will be sent to the successful feedback information of locally applied verification, the i.e. the 3rd application
Authentication success, has and accesses locally applied authority, then can directly to redirect access locally applied in the 3rd application.
Step S3023: if described second roaming bill verification authentification failure, return identity authentication error data, and
Described 3rd application is jumped to authentication wrong data;
Wherein, after verifying authentification failure to the second roaming bill in step S3021, the i.e. the 3rd application does not have access this locality
The authority of application, then cannot directly redirect access this is locally applied in the 3rd application;Meanwhile, for the ease of reminding user, just
Can intuitively observe in user, then local authentication platform returns an identity authentication error information, and the 3rd application then jumps to body
The page of part authentication error.
Use the data access system that the embodiment of the present invention provides, can be by this local authentication platform directly to carrying roaming
Bill certification request carry out verify certification, and verification authentication result is sent directly to locally applied in, thus avoid show
Have in technology, in the case of carrying out verification certification to roaming bill, need to send the certification request carrying roaming bill
Roam center to bill, and forward certification request and authentication result by local authentication platform.Therefore, bill is not only removed
Roaming center, and, when realizing roaming access, only raw by carrying out bill between the authentication platform in two security domains
Become, bill forwards and bill identification, effectively improves access speed, reduces the access time.
It should be noted that above example only carries out as a example by local authentication platform the description of embodiment, but,
In implementation process, this target authentication platform and the 3rd authentication platform are all identical with the function and structure of local authentication platform,
It is identical with local authentication platform embodiment in implementation process, and detailed description of the invention can be referring to above example, at this
No longer elaborate.
By the description of above embodiment of the method, those skilled in the art is it can be understood that can borrow to the present invention
The mode helping software to add required general hardware platform realizes, naturally it is also possible to by hardware, but a lot of in the case of the former
It is more preferably embodiment.Based on such understanding, prior art is substantially made by technical scheme in other words
The part of contribution can embody with the form of software product, and this computer software product is stored in a storage medium,
Including some instructions are with so that a computer equipment (can be personal computer, server, or the network equipment etc.)
Perform all or part of step of method described in each embodiment of the present invention.And aforesaid storage medium includes: read-only storage
The various media that can store program code such as device (ROM), random access memory (RAM), magnetic disc or CD.
Corresponding with the data access method embodiment that the present invention provides, present invention also offers a kind of data access system
Embodiment.
See Fig. 6, show the structural representation of the data access method application process that the embodiment of the present invention provides, such as figure
Shown in 6, locally applied 40 belong to local authentication platform 10, and intended application 50 belongs to target authentication platform 20, the
Three application 60 belong to the 3rd authentication platform 30, and, this local authentication platform the 10th, target authentication platform the 20th, the 3rd
Authentication platform 30 can be respectively positioned on different security domains, thus the access between applying is cross-domain, roaming access.Its
In, the function that each authentication platform is arranged is all identical, and the security domain that i.e. each authentication platform is positioned at both can be as access
The application of other security domains of domain browsing, it is also possible to accessed by the application of other security domains as aiming field.In the present embodiment,
It is described in detail with the system architecture that data access system is arranged on local authentication platform 10.
See Fig. 7, show the structural representation of a kind of data access system that the embodiment of the present invention provides, specially set
Put the data access system on local authentication platform.As it is shown in fig. 7, this data access system includes:
Access request receiver module 11: this access request receiver module 11 is for receiving the basis belonging to local authentication platform
The sent access request of ground application, specially locally applied access belongs to the access request of the application of another authentication platform,
Wherein, as a example by local authentication platform and target authentication platform, it is known that, it is arranged on the access request on local authentication platform
Receiver module 11 is for receiving the access request of the locally applied access intended application of locally applied generation.
Ticket requests generation module 12: this ticket requests generation module 12 receives according to access request receiver module 11
Access request generation is corresponding with access request roams bill application request, so that roaming bill application request sends to another
On authentication platform;Wherein, as a example by local authentication platform and target authentication platform, this access request is locally applied for carrying
Need the request of the identification information of target authentication platform and the intended application accessing, so that this ticket requests generation module 12
Corresponding this roaming bill application of generation can ask, and roaming bill application request includes the target needing transmission to reach and recognizes
The mark of card platform, it is simple to directly send roaming bill application request to target authentication platform.
Ticket requests sending module 13: after ticket requests generation module 12 generates roaming bill application request, due to life
The target that belongs to that the roaming bill application request becoming carries the locally applied needs access belonging to local authentication platform is recognized
The address (such as the IP address etc. of the target authentication platform that intended application is belonged to) of the intended application of card platform, then bill please
Sending module 13 is asked to send roaming bill application request to the target authentication platform of intended application ownership, it is simple to target authentication
Platform generates corresponding roaming bill according to roaming bill application request.Wherein, target authentication platform generates roaming bill
Method can be referring to other related embodiment.
Roaming ticket recipient module 14: bill application request will be roamed at ticket requests sending module 13 and send to accordingly
After target authentication platform, target authentication platform according to roaming bill application request generate corresponding first roaming bill and will
First roaming bill is forwarded to local authentication platform, receives this first roaming bill by this roaming ticket recipient module 14,
And the first roaming bill is sent extremely locally applied.
First roaming bill sending module 15, receives what target authentication platform sent for roaming ticket recipient module 14
After first roaming bill, corresponding first roaming bill is sent extremely locally applied by this first roaming bill sending module 15,
And first roaming bill and locally applied generation need the access request of access intended application corresponding.
Use the data access system that the present embodiment provides, by including that access request receiver module the 11st, ticket requests generates
The 13rd, module the 12nd, ticket requests sending module roams ticket recipient module 14 and first and roams bill sending module 15, energy
Enough according to the locally applied access request needing the intended application accessing to generate, roam accordingly to target authentication platform request
Roaming bill is simultaneously forwarded to locally applied by bill, so that locally applied directly access intended application;Pass through the present embodiment
The application of the roaming bill being capable of between authentication platform, it is to avoid roaming bill center focuses on.
See Fig. 8, show the structural representation of data access system that the embodiment of the present invention provides, in the present embodiment,
Still as a example by local authentication platform, this data access system is arranged on local authentication platform, and specially data access system is raw
Become roaming bill and forward the system architecture of roaming bill.The present embodiment is described in detail as a example by local authentication platform,
Wherein, cross-domain access is applied to belong to the locally applied of local authentication platform by belong to the 3rd authentication platform the 3rd.
As shown in Figure 8, the data access system that the present embodiment provides includes:
Ticket requests receiver module 21: the roaming bill application sending for receiving the 3rd authentication platform is asked, so that this
Ground authentication platform can generate corresponding roaming bill according to the roaming billing information that roaming bill application request is carried.
Roaming bill generation module 22: after ticket requests receiver module 21 receives roaming bill application request, should
Roaming bill generation module 22 generates second corresponding with roaming bill application request according to roaming bill application request and overflows
Trip bill, owing to roaming bill application request carries the locally applied address information that the 3rd application needs to access, then overflows
The trip direct roaming bill searched on local authentication platform corresponding thereto of bill generation module 22.
Wherein, Fig. 9 is seen, the concrete structure schematic diagram of shown roaming bill generation module 22, as it is shown in figure 9, should
Roaming bill generation module 22 also includes:
First lookup unit 221: this first lookup unit 221 is for searching the unrestrained of this ticket requests receiver module 21 reception
The type of trip bill application request;Wherein, this locality that the 3rd application carried according to the second roaming bill application request accesses
The IP address etc. of application, searches the type of the second roaming bill application request, thus according to the second roaming bill application request
Type draw roaming bill.
Second lookup unit 222: this second lookup unit 222 is for looking into according to the type of the second roaming bill application request
The the described second roaming bill application looking for local authentication platform internal memory to store up asks corresponding resource information, so that it is determined that the 3rd should
By the locally applied address information etc. needing access;
Wherein, in specific implementation process, being provided with memory cell in local authentication platform, this memory cell is mainly used in
Storage has the right in belonging to local authentication platform to be accessed for the resource information of application and according to resource information corresponding conversion
Roaming bill;Thus, after this first lookup unit 221 finds the type of roaming bill application request, can basis
The type of roaming bill application request, is confirmed address locally applied in local authentication platform by the second lookup unit 221,
And then search corresponding locally applied resource information.This memory cell can store related application with the form of database
Resource information and roaming bill, it is simple to this first lookup unit 221 and roaming bill acquiring unit 223 are called, are searched.
Roaming bill acquiring unit 223: find basis corresponding with roaming bill application request at the first lookup unit 221
After the resource information of ground application, corresponding with corresponding second roaming bill by locally applied resource information, then this roaming ticket
Can directly obtain the corresponding second roaming bill of locally applied resource information according to acquiring unit 223.
Second roaming bill sending module 23: this second roaming bill sending module 23 is at roaming bill generation module 22
After generating the second roaming bill, the second roaming bill is forwarded and sends to the 3rd authentication platform, so that the 3rd authentication platform
The the second roaming bill receiving is sent to the 3rd application so that the 3rd application is carried the second roaming bill and directly accessed this
Ground application;Wherein, the detailed description of the invention of this second roaming bill sending module 23, no longer elaborates at this, can join
See above-mentioned related embodiment.
Use the data access system that the present embodiment provides, can be by this roaming bill generation module 22 according to roaming ticket
Generate the corresponding second roaming bill according to application request, and forwarded transmission to recognize to the 3rd by the second roaming bill sending module 23
Card platform, thus in realizing authentication platform, can generate and forward roaming bill, it is to avoid must be by roaming ticket in prior art
According to being centrally generated and forward roaming bill, thus effectively improve roaming access speed.
See Figure 10, show the structural representation of another data access system that the embodiment of the present invention provides, with this locality
As a example by authentication platform, this data access system is arranged on this local authentication platform, is specially this local authentication platform to unrestrained
Trip bill carries out verifying the structural representation of certification.
As shown in Figure 10, the data access system that the present embodiment provides includes:
Receiver module 31 is asked in certification: receive, at the 3rd authentication platform, the roaming bill that local authentication platform generates, forwards
After, roaming bill is sent to the 3rd application by the 3rd authentication platform, and the 3rd application is carried roaming bill and accessed local answering
With, locally applied receive carry roaming bill the 3rd application access after, locally applied according to roaming bill generate
The certification carrying roaming bill is asked and sends to local authentication platform, thus is received by this certification request receiver module 31
This carries the certification request of roaming bill;Wherein, certification request receiver module 31 can be proposition in above-described embodiment
Access request receiver module 11, detailed description of the invention can be referring to above-mentioned related embodiment, and in this not go into detail.
Verification authentication module 32: this verification authentication module 32 carries second according to what certification request receiver module 31 received
The certification request of roaming bill, carries out verifying certification to the second roaming bill, concrete, can be according to roaming bill in this locality
Authentication platform is searched storage belong to local authentication platform in have the right to be accessed for the roaming bill of application, and with reception
To the second roaming bill contrast, send this comparison result to locally applied, so that locally applied can be according to check results
Determine whether the 3rd application can redirect access locally applied.
Wherein, this verification authentication module 32 by that local authentication platform is stored, belong to local authentication platform in have
The locally applied roaming bill that power is accessed by the 3rd application is inquired about, and with above-mentioned certification request, this roaming bill is received mould
According to comparison result, the second roaming bill comparison carried in the access request that block 31 receives, judges whether the 3rd application has
Access locally applied authority;If both are consistent, then verify certification success;If both are inconsistent, then verify certification
Failure.
Concrete, see Figure 11, show the concrete structure schematic diagram of verification authentication module 32, as shown in figure 11, be somebody's turn to do
Verification authentication module 32 includes:
Judging unit 321: for judging roaming bill that local authentication platform internal memory stores up by this verification authentication module 32 and recognizing
The second roaming bill that the certification request that card request receiver module 31 receives is carried is compared result, thus judge this second
Roam whether bill verifies certification success, and verification authentication result is sent extremely locally applied;Wherein, both comparisons are identical
In the case of, the second roaming bill verification certification success, in the case that both comparisons are different, the second roaming bill verification is recognized
Demonstrate,prove unsuccessfully.
First jump-transfer unit 322: receive this second roaming bill verification successful school of certification that this judging unit 321 sends
Test authentication result, thus this successful result of verification certification is sent extremely locally applied;
Wherein, the successful result of verification certification that this first jump-transfer unit 322 sends carries the 3rd application and accesses this locality
The access information of application, then redirect access this is locally applied in the 3rd application.
Second jump-transfer unit 323: if for the second roaming bill verification authentification failure, returning an identity authentication error number
According to, and the 3rd application is jumped to authentication wrong data;
Wherein, if the second roaming bill that this judging unit 321 judges verifies authentification failure, then it represents that the 3rd application
Do not have and access locally applied authority, then this second jump-transfer unit 323 send identity authentication error data to local should
With the 3rd application, according to the authentication wrong data receiving, jumps to the authentication error interface being related to, i.e.
User, authentication mistake can be reminded, it is impossible to carry out cross-domain access.
Use the data access system that the present embodiment provides, by verification authentication module 32, school is directly carried out to roaming bill
Test, so that it is determined that belong to the 3rd authentication platform the 3rd application whether can redirect access locally applied, it is to avoid existing skill
Art needs bill roaming center carry out verifying certification to roaming bill, and authentication platform is mainly used in receiving and forwards verification
The result of certification, thus effectively improve roaming access speed.
It should be noted that in embodiment described above, be the integrated corresponding functional module of energy between unit,
And be integrated in authentication platform, and above-mentioned only as a example by local authentication platform, but it is not limited to this, such as target authentication platform
All including above unit and module with the 3rd authentication platform etc., in this not go into detail for detailed description of the invention, can
With referring to above related embodiment.
For convenience of description, it is divided into various unit to be respectively described with function when describing apparatus above.Certainly, this is being implemented
The function of each unit can be realized in same or multiple softwares and/or hardware during invention.
Each embodiment in this specification all uses the mode gone forward one by one to describe, identical similar part between each embodiment
Seeing mutually, what each embodiment stressed is the difference with other embodiments.Especially for device
Or for system embodiment, owing to it is substantially similar to embodiment of the method, so describing fairly simple, related part ginseng
See that the part of embodiment of the method illustrates.Apparatus and system embodiment described above is only schematically, wherein
The described unit illustrating as separating component can be or may not be physically separate, the portion showing as unit
Part can be or may not be physical location, i.e. may be located at a place, or also can be distributed to multiple network
On unit.Some or all of module therein can be selected according to the actual needs to realize the purpose of the present embodiment scheme.
Those of ordinary skill in the art, in the case of not paying creative work, are i.e. appreciated that and implement.
It is understood that the present invention can be used in numerous general or special purpose computing system environment or configuration.For example: individual
People's computer, server computer, handheld device or portable set, laptop device, multicomputer system, based on
The system of microprocessor, set top box, programmable consumer-elcetronics devices, network PC, minicom, mainframe computer,
Including DCE of any of the above system or equipment etc..
The present invention can be described in the general context of computer executable instructions, such as program mould
Block.Usually, program module include perform particular task or realize the routine of particular abstract data type, program, object,
Assembly, data structure etc..Also the present invention can be put into practice in a distributed computing environment, at these DCEs
In, the remote processing devices connected by communication network is performed task.In a distributed computing environment, program
Module may be located in the local and remote computer-readable storage medium including storage device.
It should be noted that herein, the such as relational terms of " first " and " second " or the like be used merely to by
One entity or operation separate with another entity or operating space, and not necessarily require or imply these entities or behaviour
There is relation or the order of any this reality between work.And, term " includes ", "comprising" or it is any
Other variants are intended to comprising of nonexcludability so that include the process of a series of key element, method, article or
Equipment not only includes those key elements, but also includes other key elements being not expressly set out, or also includes for this mistake
The intrinsic key element of journey, method, article or equipment.In the case of there is no more restriction, statement " is included one
It is individual ... " key element that limits, it is not excluded that there is also in process, method, article or the equipment include described key element
Other identical element.
The above is only the detailed description of the invention of the present invention, makes skilled artisans appreciate that or realizes the present invention.
Multiple modifications to these embodiments will be apparent to one skilled in the art, and as defined herein one
As principle can realize in other embodiments without departing from the spirit or scope of the present invention.Therefore, this
The bright the embodiments shown herein that is not intended to be limited to, and be to fit to and principles disclosed herein and features of novelty
Consistent scope the widest.
Claims (10)
1. a data access method, it is characterised in that include:
Receive locally applied the sent access request belonging to local authentication platform, in described access request, carry mesh
Mark authentication platform and the intended application belonging to described target authentication platform;
Generate the first roaming bill application request according to described access request;
Send described first roaming bill application request to described target authentication platform, so that described target authentication platform root
Generate the corresponding first roaming bill according to described first roaming bill application request;
Receive the first roaming bill that described target authentication platform returns;
Send described first roaming bill to described locally applied, locally applied carry the described first roaming ticket so that described
According to the described intended application of access.
2. data access method according to claim 1, it is characterised in that also include:
Receiving the second roaming bill application request that the 3rd authentication platform sends, described second roaming bill application request is institute
State what the 3rd authentication platform generated according to the sent access request of the 3rd application belonging to described 3rd authentication platform;
According to described second roaming bill application request, generate the corresponding second roaming bill;
Send described second roaming bill to described 3rd authentication platform, so that described 3rd authentication platform is by described second
Roaming bill sends to described 3rd application, and described 3rd application carry the described second roaming bill access described this locality should
With.
3. data access method according to claim 2, it is characterised in that also include:
Receiving the certification request of locally applied transmission, described certification request accesses described for locally applied according to the 3rd application
The second roaming bill that ground application is carried generates;
The second roaming bill according to verification certification is asked in described certification, and described 3rd application access is described locally applied.
4. data access method according to claim 2, it is characterised in that the corresponding second roaming ticket of described generation
According to, comprising:
Search and confirm the type of the described second roaming bill application request;
Ask corresponding resource according to the described second roaming bill application that described type search local authentication platform internal memory stores up
Information;
Search according to described resource information and draw the corresponding second roaming bill.
5. data access method according to claim 3, it is characterised in that described according to described certification request verification
Second roaming bill described in certification, and described 3rd application access is described locally applied, comprising:
Judge whether the described second roaming bill verifies certification success, and send verification authentication result to the 3rd application;
If described second roaming bill verification certification success, then described 3rd application redirect access described locally applied;
If described second roaming bill verification authentification failure, return identity authentication error data, and should by the described 3rd
With jumping to authentication wrong data.
6. a data access system, it is characterised in that include:
Access request receiver module, for receiving locally applied the sent access request belonging to local authentication platform,
Carry target authentication platform in described access request and belong to the intended application of described target authentication platform;
Ticket requests generation module, for generating the first roaming bill application request according to described access request;
Ticket requests sending module, sends to described target authentication platform for the first roaming bill application request that will generate;
Roaming ticket recipient module, for receiving the first roaming bill that described target authentication platform returns;
First roaming bill sending module, sends to belonging to local authentication platform for the first roaming bill that will receive
Locally applied.
7. data access system according to claim 6, it is characterised in that also include:
Ticket requests receiver module, for receiving the second roaming bill application request that the 3rd authentication platform sends, described the
Two roaming bill application requests are sent out according to the 3rd application belonging to described 3rd authentication platform by described 3rd authentication platform
The access request sent generates;
Roaming bill generation module, for according to described second roaming bill application request, generating the corresponding second roaming ticket
According to;
Second roaming bill sending module, sends to described 3rd authentication platform for roaming bill by described second, so that
Described 3rd authentication platform sends described second roaming bill to described 3rd application, and described 3rd application is carried described
Second roaming bill accesses described locally applied.
8. data access system according to claim 7, it is characterised in that also include:
Receiver module is asked in certification, and for receiving the certification request of locally applied transmission, described certification request is locally applied
Access what described locally applied the second roaming bill carrying generated according to the 3rd application;
Verification authentication module, for the second roaming bill according to described certification request verification certification, and the described 3rd should
Described locally applied with accessing.
9. data access system according to claim 7, it is characterised in that described roaming bill generation module includes:
First lookup unit, for searching and confirming the type of the described second roaming bill application request;
Second lookup unit, for the described second roaming bill Shen stored up according to described type search local authentication platform internal memory
Please ask corresponding resource information;
Roaming bill acquiring unit, draws the corresponding second roaming bill for searching according to described resource information.
10. data access system according to claim 8, it is characterised in that described verification authentication module includes:
Judging unit, is used for judging whether the described second roaming bill verifies certification success, and sends verification authentication result
To the 3rd application;
First jump-transfer unit, if for described second roaming bill verification certification success, then described 3rd application redirects visit
Ask described locally applied;
Second jump-transfer unit, if for described second roaming bill verification authentification failure, returning an identity authentication error number
According to, and described 3rd application is jumped to authentication wrong data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510088641.1A CN105991602A (en) | 2015-02-26 | 2015-02-26 | Data access method and data access system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510088641.1A CN105991602A (en) | 2015-02-26 | 2015-02-26 | Data access method and data access system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105991602A true CN105991602A (en) | 2016-10-05 |
Family
ID=57038270
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510088641.1A Pending CN105991602A (en) | 2015-02-26 | 2015-02-26 | Data access method and data access system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105991602A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115017498A (en) * | 2021-11-19 | 2022-09-06 | 荣耀终端有限公司 | Method for operating applet and electronic device |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2003049000A1 (en) * | 2001-12-04 | 2003-06-12 | Sun Microsystems, Inc. | Distributed network identity |
US20060230438A1 (en) * | 2005-04-06 | 2006-10-12 | Ericom Software Ltd. | Single sign-on to remote server sessions using the credentials of the local client |
CN101399671A (en) * | 2008-11-18 | 2009-04-01 | 中国科学院软件研究所 | Cross-domain authentication method and system thereof |
CN101621374A (en) * | 2008-06-30 | 2010-01-06 | 华为技术有限公司 | Method, device and system for network authentication and server |
CN103716292A (en) * | 2012-09-29 | 2014-04-09 | 西门子公司 | Cross-domain single-point login method and device thereof |
CN104281801A (en) * | 2014-10-28 | 2015-01-14 | 杭州东方通信软件技术有限公司 | Single sign-on control method and device |
-
2015
- 2015-02-26 CN CN201510088641.1A patent/CN105991602A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2003049000A1 (en) * | 2001-12-04 | 2003-06-12 | Sun Microsystems, Inc. | Distributed network identity |
US20060230438A1 (en) * | 2005-04-06 | 2006-10-12 | Ericom Software Ltd. | Single sign-on to remote server sessions using the credentials of the local client |
CN101621374A (en) * | 2008-06-30 | 2010-01-06 | 华为技术有限公司 | Method, device and system for network authentication and server |
CN101399671A (en) * | 2008-11-18 | 2009-04-01 | 中国科学院软件研究所 | Cross-domain authentication method and system thereof |
CN103716292A (en) * | 2012-09-29 | 2014-04-09 | 西门子公司 | Cross-domain single-point login method and device thereof |
CN104281801A (en) * | 2014-10-28 | 2015-01-14 | 杭州东方通信软件技术有限公司 | Single sign-on control method and device |
Non-Patent Citations (1)
Title |
---|
GUANGSONG LI,等: ""A Novel Localized Authentication Protocol in 3G-WLAN Integrated Networks"", 《2010 INTERNATIONAL CONFERENCE ON E-BUSINESS AND E-GOVERNMENT》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115017498A (en) * | 2021-11-19 | 2022-09-06 | 荣耀终端有限公司 | Method for operating applet and electronic device |
CN115017498B (en) * | 2021-11-19 | 2023-02-28 | 荣耀终端有限公司 | Method for operating applet and electronic device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103944737B (en) | Method for authenticating user identity, Third Party Authentication platform, carrier authorization platform | |
CN108200050A (en) | Single logging-on server, method and computer readable storage medium | |
US10460309B2 (en) | Payment verification method, apparatus and system | |
CN105516195B (en) | A kind of security certification system and its authentication method based on application platform login | |
CN104767715B (en) | Access control method and equipment | |
CN103069774B (en) | Access the service notified safely | |
CN104158824B (en) | Genuine cyber identification authentication method and system | |
BR112019015066A2 (en) | BCHAIN UNIVERSAL CONNECTIONS SYSTEM ALL / EVERYTHING / EVERY PART | |
CN109194673A (en) | Authentication method, system, equipment and storage medium based on authorized user message | |
CN105246073B (en) | The access authentication method and server of wireless network | |
CN106533696A (en) | Block chain-based identity authentication methods, authentication server and user terminal | |
CN107172054A (en) | A kind of purview certification method based on CAS, apparatus and system | |
CN103828291B (en) | The method that application service is provided | |
CN106789897B (en) | Digital certificate authentication method and system for application program for mobile terminal | |
CN110149328A (en) | Interface method for authenticating, device, equipment and computer readable storage medium | |
CN106936772A (en) | A kind of access method, the apparatus and system of cloud platform resource | |
US9680812B1 (en) | Enrolling a user in a new authentication procdure only if trusted | |
CN105897696A (en) | Terminal, server side, and terminal access management method | |
CN106897586A (en) | A kind of application programming interface API right management methods and device | |
CN109559136A (en) | Information management system and method | |
CN110362533A (en) | A kind of archives storage and shared system based on alliance's chain | |
CN106161475A (en) | The implementation method of subscription authentication and device | |
CN105354482A (en) | Single sign-on method and device | |
CN107182042A (en) | Short message channel method for evaluating quality, device, medium and system | |
CN104618356B (en) | Auth method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161005 |