CN106878283B - Authentication method and device - Google Patents

Authentication method and device Download PDF

Info

Publication number
CN106878283B
CN106878283B CN201710023450.6A CN201710023450A CN106878283B CN 106878283 B CN106878283 B CN 106878283B CN 201710023450 A CN201710023450 A CN 201710023450A CN 106878283 B CN106878283 B CN 106878283B
Authority
CN
China
Prior art keywords
target user
authentication
authentication server
user terminal
verification code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710023450.6A
Other languages
Chinese (zh)
Other versions
CN106878283A (en
Inventor
沈竺睿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Information Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN201710023450.6A priority Critical patent/CN106878283B/en
Publication of CN106878283A publication Critical patent/CN106878283A/en
Application granted granted Critical
Publication of CN106878283B publication Critical patent/CN106878283B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Information Transfer Between Computers (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the application discloses an authentication method and an authentication device, relates to the technical field of internet, and is applied to access point equipment, wherein the method comprises the following steps: when a target user terminal is accessed to a network for the first time, receiving a network connection request sent by a target user through a third-party application client, and analyzing and storing a verification code from the received network connection request; after the target user passes the authentication, sending the analyzed verification code to an authentication server; when the target user terminal accesses the network again, acquiring a verification code and an access token from the authentication server as a first access token; and if the verification code returned by the authentication server is the same as the locally stored verification code, acquiring the identity information of the target user from the authentication server according to the first access token, and determining that the target user passes the authentication. By applying the scheme provided by the embodiment of the application to authentication, the authentication process is simplified, and the user experience is improved.

Description

Authentication method and device
Technical Field
The present application relates to the field of internet technologies, and in particular, to an authentication method and apparatus.
Background
With the increasing use of distributed network services and cloud computing, many third-party application clients need to access resources hosted by some servers, but these resources are generally protected, and a resource owner needs to authenticate a target user used when a target user terminal where the third-party application client is located accesses a network through a private certificate (a user name, a password, and the like).
In order to enable the third-party application client to access the protected resource, the resource owner needs to disclose his private certificate to the third-party application client, which may cause the third-party application client to possess excessive usage rights for the resource, and further cause the user resource to be leaked.
In order to meet the requirement of a third-party application client for accessing a protected resource, in the prior art, application authentication is performed in a manner of combining OAuth (Open Authorization, Open network Authorization standard) and Portal as follows, so that the third-party application client accesses the protected resource:
a target user sends a network connection request to access point equipment through a third-party application client;
after receiving the network connection request, the access point equipment feeds back a redirection address to the third-party application client;
the third party application client accesses the authentication server according to the redirection address and obtains an authorization code;
the third party application client sends an authorized login request carrying the authorization code to the access point equipment;
and the access point equipment acquires the access token from the authentication server according to the authorization code, acquires the identity information of the target user from the authentication server according to the access token and determines that the target user passes the authentication.
And after the target user passes the authentication, the third-party application client successfully accesses the protected resource.
By applying the method, the target user can be successfully authenticated, but the third-party application client needs to perform authorized login every time the third-party application client accesses the protected resource, and the process is repeated, so that the operation is complex, and the user experience is poor.
Disclosure of Invention
The embodiment of the application discloses an authentication method and an authentication device, which are used for simplifying an authentication process and improving user experience.
In order to achieve the above object, an embodiment of the present application discloses an authentication method, which is applied to an access point device, and the method includes:
when a target user terminal is accessed to a network for the first time, receiving a network connection request sent by a target user through a third-party application client, and analyzing and storing a verification code from the received network connection request;
after the target user passes the authentication, sending the analyzed verification code to an authentication server;
when the target user terminal accesses the network again, acquiring a verification code and an access token from the authentication server as a first access token;
and if the verification code returned by the authentication server is the same as the locally stored verification code, acquiring the identity information of the target user from the authentication server according to the first access token, and determining that the target user passes the authentication.
In an implementation manner of the present application, before receiving a network connection request sent by a target user through a third-party application client, the method further includes:
when a target user terminal is accessed to a network for the first time, receiving a network connection request sent by the target user terminal, wherein the received network connection request carries characteristic information of the target user terminal;
sending an authentication query request to the authentication server, wherein the authentication query request carries the characteristic information of the target user terminal;
and receiving a query result sent by the authentication server, and triggering the target user to send a network connection request through a third-party application client when the query result indicates that the authentication information of the target user corresponding to the characteristic information does not exist.
In an implementation manner of the present application, after receiving a network connection request sent by a target user through a third party application client, the method further includes:
sending a redirection address to the third-party application client so that the third-party application client can access the authentication server according to the redirection address and acquire an authorization code;
receiving an authorized login request sent by the third-party application client, wherein the authorized login request carries the authorization code;
acquiring an access token from the authentication server according to the authorization code to serve as a second access token;
and acquiring the identity information of the target user from the authentication server according to the second access token, and determining that the target user passes the authentication.
In one implementation manner of the present application, when the target user terminal accesses the network again, a verification code and an access token are obtained from the authentication server, including;
when the target user terminal accesses the network again, receiving a network connection request sent by the target user terminal, wherein the received network connection request carries the characteristic information of the target user terminal;
sending an authentication query request to the authentication server, wherein the authentication query request carries the characteristic information of the target user terminal;
and receiving a query result sent by the authentication server, wherein the query result carries the verification code and the access token of the target user corresponding to the characteristic information.
In an implementation manner of the present application, if the verification code returned by the authentication server is different from the locally stored verification code, the method further includes:
and triggering the target user to send a network connection request through a third-party application client.
In order to achieve the above object, an embodiment of the present application discloses an authentication apparatus, which is applied to an access point device, and the apparatus includes:
the storage module is used for receiving a network connection request sent by a target user through a third-party application client when a target user terminal is accessed to a network for the first time, and analyzing and storing a verification code from the received network connection request;
the sending module is used for sending the analyzed verification code to an authentication server after the target user passes the authentication;
an obtaining module, configured to obtain, when the target user terminal accesses the network again, a verification code and an access token from the authentication server as a first access token;
and the determining module is used for acquiring the identity information of the target user from the authentication server according to the first access token and determining that the target user passes the authentication if the verification code returned by the authentication server is the same as the verification code stored locally.
In one implementation manner of the present application, the authentication apparatus further includes:
the system comprises a receiving module, a judging module and a sending module, wherein the receiving module is used for receiving a network connection request sent by a target user terminal before the target user receives the network connection request sent by a third-party application client when the target user terminal is firstly accessed into a network, and the received network connection request carries characteristic information of the target user terminal;
the sending module is further configured to send an authentication query request to the authentication server, where the authentication query request carries feature information of the target user terminal;
the receiving module is further configured to receive a query result sent by the authentication server, where the query result indicates that there is no authentication information of the target user corresponding to the feature information, and triggers the target user to send a network connection request through a third-party application client.
In an implementation manner of the present application, the receiving module is further configured to send a redirection address to a third-party application client after the storing module receives a network connection request sent by a target user through the third-party application client, so that the third-party application client accesses the authentication server according to the redirection address and obtains an authorization code;
the receiving module is further configured to receive an authorized login request sent by the third-party application client, where the authorized login request carries the authorization code;
the obtaining module is further configured to obtain an access token from the authentication server according to the authorization code, and use the access token as a second access token;
the determining module is further configured to obtain the identity information of the target user from the authentication server according to the second access token, and determine that the target user passes authentication.
In an implementation manner of the present application, the obtaining module includes;
the device comprises a receiving unit and a processing unit, wherein the receiving unit is used for receiving a network connection request sent by a target user terminal when the target user terminal accesses a network again, and the received network connection request carries characteristic information of the target user terminal;
a sending unit, configured to send an authentication query request to the authentication server, where the authentication query request carries feature information of the target user terminal;
the receiving unit is further configured to receive a query result sent by the authentication server, where the query result carries the verification code and the access token of the target user corresponding to the feature information.
In one implementation manner of the present application, the authentication apparatus further includes:
and the triggering module is also used for triggering the target user to send a network connection request through a third-party application client when the verification code returned by the authentication server is different from the locally stored verification code.
As can be seen from the above, in the solution provided in the embodiment of the present application, when a target user terminal first accesses a network, an access point device receives a network connection request sent by a target user through a third-party application client, and parses and stores a verification code from the network connection request; after the target user passes the authentication, sending the analyzed verification code to an authentication server; when the target user terminal accesses the network again, the access point equipment acquires the verification code and the access token from the authentication server as a first access token; and if the verification code returned by the authentication server is the same as the locally stored verification code, acquiring the identity information of the target user from the authentication server according to the first access token, and determining that the target user passes the authentication. Therefore, compared with the prior art, in the scheme provided by the embodiment of the application, when the target user terminal accesses the network again, the access point device does not obtain the access token by initiating the authorized login request, but directly obtains the access token, so that the authentication process is simplified, and the user experience is improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of a first application authentication method according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a second application authentication method according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a first application authentication apparatus according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a second application authentication apparatus according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Fig. 1 is a schematic flowchart of a first authentication method provided in an embodiment of the present application, where the method is applied to an access point device, and includes:
s101: when the target user terminal is accessed to the network for the first time, the network connection request sent by the target user through the third-party application client is received, and the verification code is analyzed from the received network connection request and stored.
The target user terminal may be understood as: and the third party applies the terminal where the client is located.
In addition, when the user terminal accesses the network, the user terminal generally accesses the network through a private certificate composed of information such as a user name and a password, and therefore, the target user can be understood as: the target user terminal is for a user accessing the network.
When the user terminal accesses the network for the first time through the target user, the target user is the unauthenticated user because the authorized login is not performed in the authentication server. In view of this, when the access point device finds that the target user terminal is first accessed to the network, the target user terminal may be notified to actively authenticate the target user.
Specifically, when a target user terminal accesses a network for the first time, after receiving a network connection request sent by the target user terminal, an access point device sends an authentication query request to an authentication server, after receiving the authentication query request, the authentication server queries whether authentication information of the target user corresponding to characteristic information of the target user terminal exists or not, and feeds back a query result to the access point device, after receiving the query result, if the query result indicates that the authentication information of the target user does not exist, the access point device triggers the target user to send the network connection request through a third-party application client, further, the access point receives the network connection request sent by the target user through the third-party application client, and starts a process of actively authenticating the target user.
The network connection request sent by the target user terminal carries the characteristic information of the target user terminal; the authentication query request carries characteristic information of the target user terminal.
When the access point equipment finds that the authentication information of the target user does not exist in the target authentication server, the access point equipment triggers the third party application client to generate a verification code and sends the verification code to the access point equipment besides triggering the target user to send a network connection request to the access point equipment through the third party application client.
Specifically, the verification code may be sent to the access point device along with a network connection request sent by the target user through the third-party application client.
The third-party application client may generate the verification code in a random manner, or set a password set by the user as the verification code, and the like, which is not limited in the present application.
S102: and after the target user passes the authentication, sending the analyzed verification code to an authentication server.
In one implementation manner of the present application, whether the target user passes the authentication may be determined by:
the method comprises the steps that after receiving a network connection request sent by a target user through a third-party application client, an access point device sends a redirection address to the third-party application client, after receiving the redirection address, the third-party application client accesses an authentication server according to the redirection address, requests the authentication server to perform authorized login on the authentication server, obtains an authorization code from the authentication server, then sends an authorized login request carrying the authorization code to the access point device, after receiving the authorized login request, the access point device obtains an access token from the authentication server according to the authorization code carried in the access token to serve as a second access token, then obtains identity information of the target user from the authentication server according to the second access token, and determines that the target user passes authentication.
After the access point device determines that the target user passes the authentication, it indicates to a certain extent that the verification code obtained from the third-party application client is valid, and in order to facilitate subsequent re-authentication of the target user, the verification code needs to be sent to the authentication server, so that the authentication server can store the verification code.
S103: and when the target user terminal accesses the network again, acquiring the verification code and the access token from the authentication server as a first access token.
In an implementation manner of the present application, referring to fig. 2, a flowchart of a second authentication method is provided, and compared with the foregoing embodiment, in this embodiment, when the target user terminal accesses the network again, the verification code and the access token are obtained from the authentication server (S103), including;
S103A: and when the target user terminal accesses the network again, receiving a network connection request sent by the target user terminal.
Wherein, the received network connection request carries the characteristic information of the target user terminal.
The characteristic information may include: a Media Access Control (MAC) address, an Internet Protocol (IP) address, and the like, and may also include other information, which is not limited in this application.
S103B: and sending an authentication inquiry request to an authentication server.
Wherein, the authentication inquiry request carries the characteristic information of the target user terminal.
After receiving the authentication query request, the authentication server can perform data query according to the characteristic information carried in the request, and determine whether the target user is an authenticated user. When the target user terminal accesses the network for the first time, after the target user is authenticated, the access point device sends the verification code to the authentication server, so that the authentication server may locally store the verification code sent by the access point before. When the authentication server confirms that the target user is the authenticated user, a query result can be generated according to the locally stored verification code corresponding to the target user, and the query result is sent to the access point device.
In addition, the target user is authenticated, the access point device also needs to obtain the access token from the authentication server, and since information such as the access token and the like related in the user authentication process generally has a certain validity period, values in the validity period are kept unchanged, and the information may change only after the validity period is reached or user information such as a user password and authority is changed, under the condition that the authentication server confirms that the target user is the authenticated user, the access token adopted in the previous authentication of the target user can be considered to be sent to the access point device to authenticate the target user, and based on the above, the query result can also carry the access token corresponding to the target user together, so as to reduce interaction between the access point device and the authentication server, thereby simplifying the authentication process.
Specifically, the authentication query request may be an http request.
S103C: and receiving the query result sent by the authentication server.
And the query result carries the verification code and the access token of the target user corresponding to the characteristic information.
S104: and if the verification code returned by the authentication server is the same as the locally stored verification code, acquiring the identity information of the target user from the authentication server according to the first access token, and determining that the target user passes the authentication.
Specifically, the identity information of the user may include: a user name, an authentication result URL (Uniform resource locator), and the like.
After the access point equipment receives the identity information of the target user, the authentication of the target user can be directly determined to pass.
In addition, after the access point device receives the identity information of the target user, it can also verify whether the received information is correct information, that is, verify whether the received information belongs to the content corresponding to the identity information of the user.
After the access point device determines that the target user passes the authentication, the access point device can also send a notification message to the authentication server to inform the authentication server that the target user passes the authentication.
After the target user passes the authentication, the successful notification message of the access network can be sent to the target user terminal, and certainly, the target user terminal can directly access the network without sending any notification message.
Therefore, when the target user terminal accesses the network again, the authentication process of the target user does not need the participation of the user, and therefore the non-perception authentication is realized.
As will be understood by those skilled in the art, in consideration of information security, validity period of information such as an access token involved in an authentication process, and the like, the authentication service may periodically and actively perform aging processing on its locally stored verification code, or the target user terminal may periodically notify the authentication server to update or delete its locally stored verification code, or the access point device may periodically perform aging processing on its locally stored verification code.
In view of the above, there may be a case where the verification code returned by the authentication server is different from the locally stored verification code, and at this time, the target user may be triggered to send a network connection request through the third-party application client, so as to authenticate the target user in a manner of active authentication by the user.
As can be seen from the above, in the solutions provided in the above embodiments, when a target user terminal first accesses a network, an access point device receives a network connection request sent by a target user through a third-party application client, and parses and stores a verification code from the network connection request; after the target user passes the authentication, sending the analyzed verification code to an authentication server; when the target user terminal accesses the network again, the access point equipment acquires the verification code and the access token from the authentication server as a first access token; and if the verification code returned by the authentication server is the same as the locally stored verification code, acquiring the identity information of the target user from the authentication server according to the first access token, and determining that the target user passes the authentication. Therefore, compared with the prior art, in the solutions provided in the above embodiments, when the target user terminal accesses the network again, the access point device does not obtain the access token by initiating the authorized login request, but directly obtains the access token, thereby simplifying the authentication process and further improving the user experience.
Corresponding to the authentication method, the embodiment of the application also provides an authentication device.
Fig. 3 is a schematic structural diagram of a first authentication apparatus provided in an embodiment of the present application, where the apparatus is applied to an access point device, and includes:
the saving module 301 is configured to receive a network connection request sent by a target user through a third-party application client when a target user terminal first accesses a network, and parse and save a verification code from the received network connection request;
a sending module 302, configured to send the parsed verification code to an authentication server after the target user passes authentication;
an obtaining module 303, configured to obtain, when the target user terminal accesses the network again, a verification code and an access token from the authentication server as a first access token;
a determining module 304, configured to, if the verification code returned by the authentication server is the same as the locally stored verification code, obtain, according to the first access token, the identity information of the target user from the authentication server, and determine that the target user passes authentication.
Specifically, the authentication device may further include:
the system comprises a receiving module, a judging module and a sending module, wherein the receiving module is used for receiving a network connection request sent by a target user terminal before the target user receives the network connection request sent by a third-party application client when the target user terminal is firstly accessed into a network, and the received network connection request carries characteristic information of the target user terminal;
the sending module is further configured to send an authentication query request to the authentication server, where the authentication query request carries feature information of the target user terminal;
the receiving module is further configured to receive a query result sent by the authentication server, where the query result indicates that there is no authentication information of the target user corresponding to the feature information, and triggers the target user to send a network connection request through a third-party application client.
Specifically, the receiving module is further configured to send a redirection address to a third-party application client after the storage module receives a network connection request sent by a target user through the third-party application client, so that the third-party application client accesses the authentication server according to the redirection address and obtains an authorization code;
the receiving module is further configured to receive an authorized login request sent by the third-party application client, where the authorized login request carries the authorization code;
the obtaining module is further configured to obtain an access token from the authentication server according to the authorization code, and use the access token as a second access token;
the determining module is further configured to obtain the identity information of the target user from the authentication server according to the second access token, and determine that the target user passes authentication.
In an implementation manner of the present application, referring to fig. 4, a schematic structural diagram of a second authentication apparatus is provided, and compared with the foregoing embodiment, in this embodiment, the obtaining module 303 includes;
a receiving unit 303A, configured to receive a network connection request sent by a target user terminal when the target user terminal accesses a network again, where the received network connection request carries feature information of the target user terminal;
a sending unit 303B, configured to send an authentication query request to the authentication server, where the authentication query request carries feature information of the target user terminal;
the receiving unit 303A is further configured to receive a query result sent by the authentication server, where the query result carries the verification code and the access token of the target user corresponding to the feature information.
Specifically, the authentication device may further include:
and the triggering module is also used for triggering the target user to send a network connection request through a third-party application client when the verification code returned by the authentication server is different from the locally stored verification code.
As can be seen from the above, in the solutions provided in the above embodiments, when a target user terminal first accesses a network, an access point device receives a network connection request sent by a target user through a third-party application client, and parses and stores a verification code from the network connection request; after the target user passes the authentication, sending the analyzed verification code to an authentication server; when the target user terminal accesses the network again, the access point equipment acquires the verification code and the access token from the authentication server as a first access token; and if the verification code returned by the authentication server is the same as the locally stored verification code, acquiring the identity information of the target user from the authentication server according to the first access token, and determining that the target user passes the authentication. Therefore, compared with the prior art, in the solutions provided in the above embodiments, when the target user terminal accesses the network again, the access point device does not obtain the access token by initiating the authorized login request, but directly obtains the access token, thereby simplifying the authentication process and further improving the user experience.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Those skilled in the art will appreciate that all or part of the steps in the above method embodiments may be implemented by a program to instruct relevant hardware to perform the steps, and the program may be stored in a computer-readable storage medium, which is referred to herein as a storage medium, such as: ROM/RAM, magnetic disk, optical disk, etc.
The above description is only for the preferred embodiment of the present application, and is not intended to limit the scope of the present application. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application are included in the protection scope of the present application.

Claims (10)

1. An authentication method applied to an access point device, the method comprising:
when a target user terminal is accessed to a network for the first time, receiving a network connection request sent by a target user through a third-party application client, and analyzing and storing a verification code from the received network connection request;
after the target user passes the authentication, sending the analyzed verification code to an authentication server;
when the target user terminal accesses the network again, acquiring a verification code and an access token from the authentication server, and taking the acquired access token as a first access token;
and if the verification code returned by the authentication server is the same as the locally stored verification code, acquiring the identity information of the target user from the authentication server according to the first access token, and determining that the target user passes the authentication.
2. The method of claim 1, wherein prior to receiving the network connection request sent by the target user through the third-party application client, the method further comprises:
when a target user terminal is accessed to a network for the first time, receiving a network connection request sent by the target user terminal, wherein the received network connection request carries characteristic information of the target user terminal;
sending an authentication query request to the authentication server, wherein the authentication query request carries the characteristic information of the target user terminal;
and receiving a query result sent by the authentication server, and triggering the target user to send a network connection request through a third-party application client when the query result indicates that the authentication information of the target user corresponding to the characteristic information does not exist.
3. The method of claim 2, wherein after receiving the network connection request sent by the target user through the third-party application client, the method further comprises:
sending a redirection address to the third-party application client so that the third-party application client can access the authentication server according to the redirection address and acquire an authorization code;
receiving an authorized login request sent by the third-party application client, wherein the authorized login request carries the authorization code;
acquiring an access token from the authentication server according to the authorization code to serve as a second access token;
and acquiring the identity information of the target user from the authentication server according to the second access token, and determining that the target user passes the authentication.
4. The method of claim 1, wherein when the target user terminal accesses the network again, obtaining a verification code and an access token from the authentication server, including;
when the target user terminal accesses the network again, receiving a network connection request sent by the target user terminal, wherein the received network connection request carries the characteristic information of the target user terminal;
sending an authentication query request to the authentication server, wherein the authentication query request carries the characteristic information of the target user terminal;
and receiving a query result sent by the authentication server, wherein the query result carries the verification code and the access token of the target user corresponding to the characteristic information.
5. The method of claim 4, wherein if the verification code returned by the authentication server is not the same as the locally stored verification code, the method further comprises:
and triggering the target user to send a network connection request through a third-party application client.
6. An authentication apparatus applied to an access point device, the apparatus comprising:
the storage module is used for receiving a network connection request sent by a target user through a third-party application client when a target user terminal is accessed to a network for the first time, and analyzing and storing a verification code from the received network connection request;
the sending module is used for sending the analyzed verification code to an authentication server after the target user passes the authentication;
an obtaining module, configured to obtain a verification code and an access token from the authentication server when the target user terminal accesses the network again, and use the obtained access token as a first access token;
and the determining module is used for acquiring the identity information of the target user from the authentication server according to the first access token and determining that the target user passes the authentication if the verification code returned by the authentication server is the same as the verification code stored locally.
7. The apparatus of claim 6, further comprising:
the system comprises a receiving module, a judging module and a sending module, wherein the receiving module is used for receiving a network connection request sent by a target user terminal before the target user receives the network connection request sent by a third-party application client when the target user terminal is firstly accessed into a network, and the received network connection request carries characteristic information of the target user terminal;
the sending module is further configured to send an authentication query request to the authentication server, where the authentication query request carries feature information of the target user terminal;
the receiving module is further configured to receive a query result sent by the authentication server, where the query result indicates that there is no authentication information of the target user corresponding to the feature information, and triggers the target user to send a network connection request through a third-party application client.
8. The apparatus of claim 7,
the receiving module is further configured to send a redirection address to a third-party application client after the storage module receives a network connection request sent by a target user through the third-party application client, so that the third-party application client accesses the authentication server according to the redirection address and obtains an authorization code;
the receiving module is further configured to receive an authorized login request sent by the third-party application client, where the authorized login request carries the authorization code;
the obtaining module is further configured to obtain an access token from the authentication server according to the authorization code, and use the access token as a second access token;
the determining module is further configured to obtain the identity information of the target user from the authentication server according to the second access token, and determine that the target user passes authentication.
9. The apparatus of claim 6, wherein the obtaining module comprises;
the device comprises a receiving unit and a processing unit, wherein the receiving unit is used for receiving a network connection request sent by a target user terminal when the target user terminal accesses a network again, and the received network connection request carries characteristic information of the target user terminal;
a sending unit, configured to send an authentication query request to the authentication server, where the authentication query request carries feature information of the target user terminal;
the receiving unit is further configured to receive a query result sent by the authentication server, where the query result carries the verification code and the access token of the target user corresponding to the feature information.
10. The apparatus of claim 9, further comprising:
and the triggering module is also used for triggering the target user to send a network connection request through a third-party application client when the verification code returned by the authentication server is different from the locally stored verification code.
CN201710023450.6A 2017-01-13 2017-01-13 Authentication method and device Active CN106878283B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710023450.6A CN106878283B (en) 2017-01-13 2017-01-13 Authentication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710023450.6A CN106878283B (en) 2017-01-13 2017-01-13 Authentication method and device

Publications (2)

Publication Number Publication Date
CN106878283A CN106878283A (en) 2017-06-20
CN106878283B true CN106878283B (en) 2020-06-26

Family

ID=59157546

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710023450.6A Active CN106878283B (en) 2017-01-13 2017-01-13 Authentication method and device

Country Status (1)

Country Link
CN (1) CN106878283B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483419B (en) * 2017-07-28 2020-06-09 深圳市优克联新技术有限公司 Method, device and system for authenticating access terminal by server, server and computer readable storage medium
CN107580321A (en) * 2017-09-07 2018-01-12 上海斐讯数据通信技术有限公司 A kind of authorization and authentication method and system
CN108494821B (en) * 2018-02-12 2019-06-11 刘志鹏 The integrated method for opening image of Dropbox
CN112491776B (en) * 2019-09-11 2022-10-18 华为云计算技术有限公司 Security authentication method and related equipment
CN111787642B (en) * 2020-07-29 2022-08-09 成都飞鱼星科技股份有限公司 Third-party application based authentication networking method and device
CN112311797B (en) * 2020-10-30 2022-05-24 新华三大数据技术有限公司 Authentication method and device and authentication server
CN114567451B (en) * 2020-11-27 2023-05-05 腾讯科技(深圳)有限公司 Identity verification method, identity verification device, computer equipment and storage medium
CN112836202A (en) * 2021-02-01 2021-05-25 长沙市到家悠享网络科技有限公司 Information processing method and device and server
CN116542663A (en) * 2021-06-23 2023-08-04 支付宝(中国)网络技术有限公司 Method, device, equipment and medium for accessing payment page of aggregation code
CN114050901B (en) * 2021-09-28 2023-10-27 新华三大数据技术有限公司 Authentication method and device of terminal, electronic equipment and readable storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013049461A2 (en) * 2011-09-29 2013-04-04 Oracle International Corporation Oauth framework
CN103051630A (en) * 2012-12-21 2013-04-17 微梦创科网络科技(中国)有限公司 Method, device and system for implementing authorization of third-party application based on open platform
CN105162779A (en) * 2015-08-20 2015-12-16 南威软件股份有限公司 Method for using uniform user authentication in multiple systems
CN105656856A (en) * 2014-11-14 2016-06-08 中兴通讯股份有限公司 Resource management method and device
CN105959267A (en) * 2016-04-25 2016-09-21 北京九州云腾科技有限公司 Primary token acquiring method of single sign on technology, single sign on method, and single sign on system
CN106209749A (en) * 2015-05-08 2016-12-07 阿里巴巴集团控股有限公司 Single-point logging method and the processing method and processing device of device, relevant device and application
CN106295394A (en) * 2016-07-22 2017-01-04 飞天诚信科技股份有限公司 Resource authorization method and system and authorization server and method of work

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013049461A2 (en) * 2011-09-29 2013-04-04 Oracle International Corporation Oauth framework
CN103051630A (en) * 2012-12-21 2013-04-17 微梦创科网络科技(中国)有限公司 Method, device and system for implementing authorization of third-party application based on open platform
CN105656856A (en) * 2014-11-14 2016-06-08 中兴通讯股份有限公司 Resource management method and device
CN106209749A (en) * 2015-05-08 2016-12-07 阿里巴巴集团控股有限公司 Single-point logging method and the processing method and processing device of device, relevant device and application
CN105162779A (en) * 2015-08-20 2015-12-16 南威软件股份有限公司 Method for using uniform user authentication in multiple systems
CN105959267A (en) * 2016-04-25 2016-09-21 北京九州云腾科技有限公司 Primary token acquiring method of single sign on technology, single sign on method, and single sign on system
CN106295394A (en) * 2016-07-22 2017-01-04 飞天诚信科技股份有限公司 Resource authorization method and system and authorization server and method of work

Also Published As

Publication number Publication date
CN106878283A (en) 2017-06-20

Similar Documents

Publication Publication Date Title
CN106878283B (en) Authentication method and device
CN109587133B (en) Single sign-on system and method
CN111556006B (en) Third-party application system login method, device, terminal and SSO service platform
US10397239B2 (en) Secure access to cloud-based services
US20220239637A1 (en) Secure authentication for accessing remote resources
US11201778B2 (en) Authorization processing method, device, and system
US8319984B2 (en) Image forming system, apparatus, and method executing a process designated by a service request after token validation
US9608814B2 (en) System and method for centralized key distribution
CN105991614B (en) It is a kind of it is open authorization, resource access method and device, server
WO2016188290A1 (en) Safety authentication method, device and system for api calling
CN107517179B (en) Authentication method, device and system
CN104954330B (en) A kind of methods, devices and systems to be conducted interviews to data resource
EP1976181A1 (en) A method, apparatus and data download system for controlling the validity of the download transaction
EP2779529A1 (en) Method and device for controlling resources
US20160381001A1 (en) Method and apparatus for identity authentication between systems
CN111030812A (en) Token verification method, device, storage medium and server
WO2011144081A2 (en) Method, system and server for user service authentication
US20150065089A1 (en) Network application function authorisation in a generic bootstrapping architecture
CN112491890A (en) Access method and device
US8875244B1 (en) Method and apparatus for authenticating a user using dynamic client-side storage values
CN112560102A (en) Resource sharing method, resource accessing method, resource sharing equipment and computer readable storage medium
CN111935151B (en) Cross-domain unified login method and device, electronic equipment and storage medium
CN112134705A (en) Data authentication method and device, storage medium and electronic device
CN113726807B (en) Network camera access method, device, system and storage medium
US20240338426A1 (en) Methods and devices for controlling access to a software asset

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20230616

Address after: 310052 11th Floor, 466 Changhe Road, Binjiang District, Hangzhou City, Zhejiang Province

Patentee after: H3C INFORMATION TECHNOLOGY Co.,Ltd.

Address before: 310052 Changhe Road, Binjiang District, Hangzhou, Zhejiang Province, No. 466

Patentee before: NEW H3C TECHNOLOGIES Co.,Ltd.

TR01 Transfer of patent right