CN107222460B - A kind of method and device that server data memory space is shared - Google Patents
A kind of method and device that server data memory space is shared Download PDFInfo
- Publication number
- CN107222460B CN107222460B CN201710304801.0A CN201710304801A CN107222460B CN 107222460 B CN107222460 B CN 107222460B CN 201710304801 A CN201710304801 A CN 201710304801A CN 107222460 B CN107222460 B CN 107222460B
- Authority
- CN
- China
- Prior art keywords
- module
- token
- server
- mobile terminal
- serial number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1004—Server selection for load balancing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/55—Push-based network services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention discloses a kind of method and device that server data memory space is shared, belongs to information security field.The described method includes: certificate server generates challenging value when receiving the certification request of application server transmission, the user information in certification request is obtained, searches token serial number corresponding with user information;Pushing certification request is generated according to challenging value, user information and token serial number, and is sent to mobile terminal token, by challenging value preservation corresponding with token serial number to cache server.Using technical solution of the present invention, it will be not necessarily to persistence and the data for needing frequently to access saved into cache server, concurrently accessed for more certificate servers, reduce data processing difficulty, the space for saving certificate server memory block shortens the time of reading data.
Description
Technical field
The present invention relates to information security field more particularly to a kind of server data memory space shared methods and dress
It sets.
Background technique
With the covering and propagation of network, cloud service is more more and more universal in real life, nowadays, to meet more use
Family use cloud service, therefore cloud service be on the internet in the form of cluster existing for.
And in the prior art, the single machine processing capacity and memory space of server are limited, if unconfined will ask
It asks and is sent to single server, it is likely that the processing capacity for substantially exceeding server leads to server crash, and can not stablize can hold
Continuous is that user provides reliable service, not only wastes space, but also expend the time in reading data.
Summary of the invention
The purpose of the present invention is to solve problems of the prior art, and it is empty to provide a kind of server data storage
Between share method and device.
The technical solution adopted by the present invention is that:
On the one hand, a kind of shared method of server data memory space, method include:
When receiving the certification request of application server transmission, certificate server generates challenging value, obtains certification request
In user information, search corresponding with user information token serial number;According to the challenging value of generation, the user information got
And the token serial number found generates pushing certification request, sends pushing certification and requests to mobile terminal token, and will give birth to
At challenging value corresponding with the token serial number found save to cache server;
When receiving the pushing certification response of mobile terminal token transmission, certificate server searches mobile terminal token pair
The server seed key answered obtains challenging value from cache server according to token serial number, according to the server kind found
Sub-key and the challenging value got generate response value;Judge the response value generated is with the response value in pushing certification response
No matching is then to send certification success response to application server, otherwise sends authentication failure response to application server.
Specifically, when receiving the certification request of application server transmission, further includes: obtain the application in certification request
Mark, and application message is obtained according to application identities;
Wherein, it is generated and is pushed according to the challenging value of generation, the user information got and the token serial number found
Certification request, specifically: according to the challenging value of generation, the user information got, the token serial number and application found
Information generates pushing certification request.
Further, it sends pushing certification to request to before mobile terminal token, further includes: certificate server is according to token
Sequence number obtains corresponding certificate server IP from cache server, and the certificate server IP for judging itself IP and getting
It is whether identical, it is that pushing certification request is sent to mobile terminal token, otherwise pushing certification request is sent to and is got
The corresponding certificate server of certificate server IP;
Specifically, method further include: when receiving the pushing certification request that another certificate server is sent, authentication service
The pushing certification received request is sent to mobile terminal token by device.
Further, further includes: when receiving the token serial number of mobile terminal token transmission, certificate server will be certainly
Body IP is associated with preservation to cache server with token serial number foundation.
Further, after itself IP is associated with preservation to cache server with token serial number foundation by certificate server,
Further include: certificate server obtains certificate server IP according to token serial number, and with according to token serial number from buffer service
Corresponding certificate server IP is obtained in device to compare, if identical, without updating, is terminated;Otherwise, certificate server
Associated certificate server IP is established with token serial number by updating, is terminated.
Optionally, it sends pushing certification to request to before mobile terminal token, further includes: certificate server, which sends push, to be recognized
Card request is to cache server and generates authentication notification data, and authentication notification data are sent to mobile terminal token;
Specifically, method further include: after receiving the information for obtaining pushing certification request of mobile terminal token return,
Certificate server obtains token serial number from obtaining in the information that pushing certification is requested, according to token serial number from cache server
Middle acquisition pushing certification request, and push request certification is sent to mobile terminal token.
More specifically, authentication notification data are sent to mobile terminal token, specifically include: certificate server is according to token
Sequence number obtains mobile terminal identification from cache server, and authentication notification data and mobile terminal identification are sent to
Authentication notification data are sent to the corresponding mobile terminal of mobile terminal identification according to mobile terminal identification and enabled by iCloud, iCloud
Board.
Wherein, when receiving the token serial number and mobile terminal identification of the transmission of mobile terminal token, certificate server
Token serial number is associated with preservation to cache server with mobile terminal identification foundation.
Wherein, after token serial number being associated with preservation to cache server with mobile terminal identification foundation, further includes: certification
Server obtains mobile terminal identification according to token serial number, and corresponding with being obtained from cache server according to token serial number
Mobile terminal identification compare, if identical, without update, terminate;Otherwise, certificate server will update and token sequence
Row number establishes associated mobile terminal identification, terminates.
Optionally, when receiving the token serial number of mobile terminal token transmission, further includes: certificate server and movement
Terminal token establishes network data link.
Further, after certificate server and mobile terminal token establish network data link, further includes: certificate server
The corresponding network data link mark of mobile terminal token is obtained, and network data link mark and token serial number are established and closed
UNPROFOR is deposited to the memory block of certificate server.
Further, it sends pushing certification to request to before mobile terminal token, further includes: certificate server is according to order
Card sequence number obtains corresponding network data link mark from the memory block of certificate server, and according to network data link mark
Know and obtains corresponding network data link;
Wherein, pushing certification is sent to request to mobile terminal token, specifically: certificate server is according to network data link
Mark obtains corresponding network data link, sends pushing certification by network data link and requests to mobile terminal token.
Specifically, it saves the challenging value of generation is corresponding with the token serial number found to cache server, specifically:
Certificate server sends the request of storage challenging value to buffer service, buffer service according to preset storage rule by challenging value and
Token serial number is stored into the list of cache server;
Specifically, challenging value is obtained from cache server according to token serial number, specifically: certificate server, which is sent, to be obtained
The request of challenging value is to buffer service, buffer service query token sequence from the list of cache server according to token serial number
Number corresponding challenging value, and return to certificate server.
Optionally, it by after the preservation to cache server corresponding with the token serial number found of the challenging value of generation, also wraps
Include: certificate server setting challenging value is stored in the effective time of cache server, is more than effective time, cache server will be chosen
War value is deleted.
Specifically, after judging whether the response value generated matches with the response value in pushing certification response, further includes: recognize
Server is demonstrate,proved to delete the challenging value corresponding with token serial number saved in cache server.
On the other hand, the present invention provides the devices that a kind of server data memory space is shared, comprising:
First receiving module, for receiving the certification request of application server transmission;
First generation module generates when for receiving the certification request of application server transmission when the first receiving module
Challenging value;
First obtains module, for obtaining the user information in certification request;
First searching module, for searching token serial number corresponding with user information;
Second generation module, the use that challenging value, the first acquisition module for being generated according to the first generation module are got
The token serial number that family information and the first searching module are found generates pushing certification request;
First sending module is requested for sending pushing certification to mobile terminal token;
First preserving module, the token that challenging value and the first searching module for generating the first generation module are found
Sequence number is corresponding to be saved to cache server;
Second receiving module, for receiving the pushing certification response of mobile terminal token transmission;
Second searching module, for searching the corresponding server seed key of mobile terminal token;
Second obtains module, and the token serial number for being obtained according to the first searching module is obtained from cache server and challenged
Value;
Third generation module, server seed key and second for being found according to the second searching module obtain mould
The challenging value that block is got generates response value;
First judgment module, the response value for judging that third generation module generates are pushed away with what the second receiving module received
Send whether the response value in authentication response matches;
Second sending module, for judging that the response value that third generation module generates and second receives when first judgment module
When response value successful match in the response of pushing certification that module receives, certification success response is sent to application server;
Third sending module, for judging that the response value that third generation module generates and second receives when first judgment module
Response value in the response of pushing certification that module receives sends authentication failure response to application server when it fails to match.
Specifically, device further include: third obtains module, for obtaining the application identities in certification request;
4th obtains module, obtains application message for obtaining the application identities that module is got according to third;
Further, the second generation module is specifically used for: being obtained according to the challenging value of the first generation module generation, first
What the token serial number and the 4th acquisition module that user information that module is got, the first searching module are found were got answers
It is requested with information at pushing certification.
Wherein, device further include: the 5th obtains module, the 4th sending module of the second judgment module and the 5th sending module;
5th obtains module, obtains corresponding certificate server from cache server according to token serial number for device
IP;
Whether the second judgment module is identical for judgment means IP and the 5th IP that gets of acquisition module;
4th sending module, the authentication service got for the acquisition of the second judgment module judgment means IP and the 5th module
When device IP is identical, pushing certification request is sent to mobile terminal token;
5th sending module, the authentication service got for the acquisition of the second judgment module judgment means IP and the 5th module
When device IP is not identical, pushing certification request is sent to the corresponding device of certificate server IP that the 5th acquisition module is got;
6th receiving module, the pushing certification request sent for receiving another device;
6th sending module, for will push away when the 6th receiving module receives the pushing certification request that another device is sent
Certification request is sent to be sent to mobile terminal token.
Specifically, device further include: the 7th receiving module and the second preserving module;
7th receiving module, for receiving the token serial number of mobile terminal token transmission;
Second preserving module, for when receiving the token serial number of mobile terminal token transmission, device to be by itself IP
Preservation is associated with to cache server with token serial number foundation.
Further, device further include: the 7th, which obtains module, the 8th acquisition module, the first contrast module and first, updates
Module;
7th obtains module, for according to token serial number acquisition device IP;
8th obtain module, for according to token serial number from cache server acquisition device IP;
First contrast module obtains the device that module obtains for comparing the device IP and the 8th that the 7th acquisition module obtains
Whether IP is identical;
First update module, for being obtained when the first contrast module comparison the 7th obtains the device IP and the 8th that module obtains
It when the device IP difference that module obtains, updates and establishes associated device IP with token serial number, terminate.
Specifically, device further include: the 4th generation module, the 7th sending module, the 9th obtain module, the tenth acquisition module
With the 8th sending module;
4th generation module requests to cache server for sending pushing certification and generates authentication notification data;
7th sending module, the authentication notification data for generating the 4th generation module are sent to mobile terminal token;
9th obtain module, for when receive mobile terminal token return obtain pushing certification request information after,
Token serial number is obtained from obtaining in the information that pushing certification is requested;
Tenth obtains module, for being obtained from cache server according to the token serial number obtained in the 9th acquisition module
Pushing certification is taken to request;
8th sending module, the push request certification for obtaining the tenth acquisition module are sent to mobile terminal token.
Further, the 7th sending module specifically includes: first acquisition unit and the first transmission unit;
First acquisition unit, for obtaining mobile terminal identification from cache server according to token serial number;
First transmission unit, for authentication notification data and mobile terminal identification to be sent to iCloud, iCloud according to
Authentication notification data are sent to the corresponding mobile terminal token of mobile terminal identification by mobile terminal identification.
Specifically, exist further include: third preserving module;
Third preserving module, for when the token serial number and mobile terminal identification for receiving the transmission of mobile terminal token
When, token serial number is associated with preservation to cache server with mobile terminal identification foundation.
Accordingly, device further include: the 11st obtains module, the 12nd acquisition module, the second contrast module and second more
New module
11st obtains module, for token serial number to be associated with guarantor with mobile terminal identification foundation when third preserving module
It deposits to cache server, mobile terminal identification is obtained according to token serial number;
12nd obtains module, for obtaining corresponding mobile terminal mark from cache server according to token serial number
Know;
Second contrast module obtains the mobile terminal identification of module acquisition for comparing the 11st acquisition module and the 12nd
It is whether identical;
Second update module, for being obtained when the 11st acquisition module of the second contrast module comparison and the 12nd acquisition module
Mobile terminal identification difference when, update with token serial number establish associated mobile terminal identification, terminate.
Wherein, device further include: establish module, for when receive mobile terminal token transmission token serial number when,
Device and mobile terminal token establish network data link.
Specifically, device further include: the 13rd obtains module and the 4th preserving module;
13rd obtains module, and for establishing after module establishes network data link, it is corresponding to obtain mobile terminal token
Network data link mark;
4th preserving module saves depositing to device for network data link mark to be associated with token serial number foundation
Storage area.
Specifically, device further include: the 14th obtains module;
14th obtains module, for obtaining corresponding network data chain from the memory block of device according to token serial number
Line, and corresponding network data link is obtained according to network data link mark;
Further, the first sending module is specifically used for: obtaining the network data link mark that module obtains according to the 14th
Know and obtain corresponding network data link, pushing certification is sent by network data link and is requested to mobile terminal token.
Further, in the first preserving module, it is specifically used for: sends the request of storage challenging value to buffer service, delay
The service of depositing stores challenging value and token serial number into the list of cache server according to preset storage rule;
Further, second module is obtained, be specifically used for: sent the request for obtaining challenging value to buffer service, cache
Service corresponding challenging value of query token sequence number from the list of cache server according to token serial number, and return to certification
Server.
Optionally, device further include: setup module;
Setup module, the effective time for being stored in cache server for challenging value to be arranged, when challenging value is more than to cache
When the effective time of server, cache server deletes challenging value.
Optionally, device can also include: removing module;
Whether removing module judges the response value in the response value generated and pushing certification response for first judgment module
After matching, the challenging value corresponding with token serial number saved in cache server is deleted.
The beneficial effect that the present invention obtains is: using technical method of the invention, equilibrium treatment is used by the way of cluster
The request at family, it would not be necessary to which the persistence and data for needing frequently to access are saved into cache server authenticates for more
Server concurrently accesses, and greatly alleviates the pressure of rear end storage, simplifies flow chart of data processing, reduces data processing difficulty,
Guarantee that the data of every server storage can be saved the space of certificate server memory block, be shortened reading data by intercommunication
Time.
Detailed description of the invention
Illustrate the embodiment of the present invention or technical solution in the prior art in order to clearer, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is the method stream that server data memory space is shared in a kind of activation of the offer of the embodiment of the present invention 2
Cheng Tu;
Fig. 2 is the side that server data memory space is shared during a kind of pushing certification that the embodiment of the present invention 3 provides
Operational flowchart when mobile terminal token starts in method;
Fig. 3 and Fig. 4 is that server data memory space is shared during a kind of pushing certification that the embodiment of the present invention 3 provides
Method flow diagram;
Fig. 5 is the side that server data memory space is shared during a kind of pushing certification that the embodiment of the present invention 4 provides
Operational flowchart when mobile terminal token starts in method;
Fig. 6 is the side that server data memory space is shared during a kind of pushing certification that the embodiment of the present invention 4 provides
Method flow chart;
Fig. 7 is the side that server data memory space is shared during a kind of simple challenge that the embodiment of the present invention 5 provides
Method flow chart;
Fig. 8 is the schematic diagram for the device that a kind of server data memory space that the embodiment of the present invention 6 provides is shared.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
The data of certificate server can set enough quantity according to demand in the present invention, with certificate server for 4
Illustrate for platform, illustrate herein, 4 certificate servers are respectively designated as No.1 certificate server, No. two certificate servers, three
Number certificate server and No. four certificate servers, wherein No.1 certificate server IP is 192.168.3.28, No. two authentication services
Device IP is 192.168.5.21, No. three certificate server IP are 192.168.45.48, No. four certificate server IP are
192.168.52.15, wherein 4 certificate servers individually can carry out additions and deletions to cache server and change the operation looked into;
The embodiment of the present invention 1 describes a kind of method that server data memory space is shared, and embodiment 2 describes
A kind of shared method of server data memory space in activation, embodiment 3 describe during a kind of pushing certification
The shared method of server data memory space, described in embodiment 4 is that server data stores during a kind of pushing certification
The shared method in space, embodiment 5 describes the method that server data memory space during a kind of simple challenge is shared,
Embodiment 6 describes a kind of device that server data memory space is shared.
Embodiment 1
The embodiment of the present invention 1 provides a kind of method that server data memory space is shared, comprising:
When receiving the certification request of application server transmission, certificate server generates challenging value, obtains certification request
In user information, search corresponding with user information token serial number;According to the challenging value of generation, the user information got
And the token serial number found generates pushing certification request, sends pushing certification and requests to mobile terminal token, and will give birth to
At challenging value corresponding with the token serial number found save to cache server;
When receiving the pushing certification response of mobile terminal token transmission, certificate server searches mobile terminal token pair
The server seed key answered obtains challenging value from cache server according to token serial number, according to the server kind found
Sub-key and the challenging value got generate response value;Judge the response value generated is with the response value in pushing certification response
No matching is then to send certification success response to application server, otherwise sends authentication failure response to application server.
Specifically, when receiving the certification request of application server transmission, further includes: obtain the application in certification request
Mark, and application message is obtained according to application identities;
Wherein, it is generated and is pushed according to the challenging value of generation, the user information got and the token serial number found
Certification request, specifically: according to the challenging value of generation, the user information got, the token serial number and application found
Information generates pushing certification request.
Further, it sends pushing certification to request to before mobile terminal token, further includes: certificate server is according to token
Sequence number obtains corresponding certificate server IP from cache server, and the certificate server IP for judging itself IP and getting
It is whether identical, it is that pushing certification request is sent to mobile terminal token, otherwise pushing certification request is sent to and is got
The corresponding certificate server of certificate server IP;
Specifically, method further include: when receiving the pushing certification request that another certificate server is sent, authentication service
The pushing certification received request is sent to mobile terminal token by device.
Further, further includes: when receiving the token serial number of mobile terminal token transmission, certificate server will be certainly
Body IP is associated with preservation to cache server with token serial number foundation.
Further, after itself IP is associated with preservation to cache server with token serial number foundation by certificate server,
Further include: certificate server obtains certificate server IP according to token serial number, and with according to token serial number from buffer service
Corresponding certificate server IP is obtained in device to compare, if identical, without updating, is terminated;Otherwise, certificate server will
It updates and establishes associated certificate server IP with token serial number, terminate.
Optionally, it sends pushing certification to request to before mobile terminal token, further includes: certificate server, which sends push, to be recognized
Card request is to cache server and generates authentication notification data, and authentication notification data are sent to mobile terminal token;
Specifically, method further include: after receiving the information for obtaining pushing certification request of mobile terminal token return,
Certificate server obtains token serial number from obtaining in the information that pushing certification is requested, according to token serial number from cache server
Middle acquisition pushing certification request, and push request certification is sent to mobile terminal token.
More specifically, authentication notification data are sent to mobile terminal token, specifically include: certificate server is according to token
Sequence number obtains mobile terminal identification from cache server, and authentication notification data and mobile terminal identification are sent to
Authentication notification data are sent to the corresponding mobile terminal of mobile terminal identification according to mobile terminal identification and enabled by iCloud, iCloud
Board.
Wherein, when receiving the token serial number and mobile terminal identification of the transmission of mobile terminal token, certificate server
Token serial number is associated with preservation to cache server with mobile terminal identification foundation.
Wherein, after token serial number being associated with preservation to cache server with mobile terminal identification foundation, further includes: certification
Server obtains mobile terminal identification according to token serial number, and corresponding with being obtained from cache server according to token serial number
Mobile terminal identification compare, if identical, without update, terminate;Otherwise, certificate server will update and token sequence
Row number establishes associated mobile terminal identification, terminates.
Optionally, when receiving the token serial number of mobile terminal token transmission, further includes: certificate server and movement
Terminal token establishes network data link.
Further, after certificate server and mobile terminal token establish network data link, further includes: certificate server
The corresponding network data link mark of mobile terminal token is obtained, and network data link mark and token serial number are established and closed
UNPROFOR is deposited to the memory block of certificate server.
Further, it sends pushing certification to request to before mobile terminal token, further includes: certificate server is according to order
Card sequence number obtains corresponding network data link mark from the memory block of certificate server, and according to network data link mark
Know and obtains corresponding network data link;
Wherein, pushing certification is sent to request to mobile terminal token, specifically: certificate server is according to network data link
Mark obtains corresponding network data link, sends pushing certification by network data link and requests to mobile terminal token.
Specifically, it saves the challenging value of generation is corresponding with the token serial number found to cache server, specifically:
Certificate server sends the request of storage challenging value to buffer service, buffer service according to preset storage rule by challenging value and
Token serial number is stored into the list of cache server;
Specifically, challenging value is obtained from cache server according to token serial number, specifically: certificate server, which is sent, to be obtained
The request of challenging value is to buffer service, buffer service query token sequence from the list of cache server according to token serial number
Number corresponding challenging value, and return to certificate server.
Optionally, it by after the preservation to cache server corresponding with the token serial number found of the challenging value of generation, also wraps
Include: certificate server setting challenging value is stored in the effective time of cache server, is more than effective time, cache server will be chosen
War value is deleted.
Specifically, after judging whether the response value generated matches with the response value in pushing certification response, further includes: recognize
Server is demonstrate,proved to delete the challenging value corresponding with token serial number saved in cache server.
Embodiment 2
The method shared the present embodiment provides server data memory space in a kind of activation is applied to referring to Fig. 1
In system including authentication management platform, certificate server and mobile terminal token, specifically include:
Step 101: authentication management platform generates the first activation request according to the user information in user record;
Before this step further include: authentication management platform receives the user record that the needs of administrator's selection activate, according to
User record judges whether that corresponding user information can be obtained, if so, thening follow the steps 101, otherwise prompt information is endless
It is whole, terminate;
In the present embodiment, after executing step 101 further include: judge whether that corresponding token identifications code can be got, move
Dynamic terminal system version, if so, thening follow the steps 102, otherwise prompt information is imperfect, terminates;
Wherein, authentication management platform is in user's registration, it is desirable that user inputs token identifications code and mobile terminal system version
This;
For example, authentication management platform receives the user record of administrator's selection are as follows:
User information includes: user name: abc@test.com, password: 168408afag
User mobile phone number: 01234567890
User name: abc
Subscriber mailbox: 123456789@163.com
Mobile terminal number: 18912345678
Token identifications code: 57987117827971672588
Mobile terminal system version: 1
Further, in the present embodiment, before step 101 further include:
Step 100-1: authentication management platform receives the activator button that administrator clicks;
Step 100-2: authentication management platform judges whether that last time activationary time can be got, if it is, executing step
Rapid 101-3, it is no to then follow the steps 101;
Step 100-3: authentication management platform obtains present system time, judges present system time and last time activationary time
Difference whether be greater than preset duration, if so, then follow the steps 101, otherwise return to not reproducible activation response, terminate;
Step 102: the first activation request is sent to certificate server by authentication management platform;
Step 103: certificate server obtains user information from the first activation request, calls random number generation function, raw
At the first random number, ID is requested using the first random number as activation;
In the present embodiment, it is preferred that in order to guarantee safety, it is desirable that two-dimension code image can only be effective in the given time, because
This, after certificate server generates activation request ID, activation request ID is saved into server memory block, and record server system
It unites the time.
For example, the activation request ID generated is fasdcvxvdsafdsfzcxcsdfsdafcxz, when recording server system
Between be 1417502570.
Step 104: after activation request ID is associated with by certificate server with user information foundation, by activation request ID and user
Information is sent to cache server;
Step 105: certificate server generates the first activation and responds and return to authentication management platform;
Specifically, in the present embodiment, certificate server receives the first activation request from authentication management platform, before presetting
Sew and is identified as yunxin: //, preset domain name are as follows: api-6 enterprises identify .cloudentify.com;
The the first activation response generated are as follows:
Does yunxin: //api-6 enterprise identify .cloudentify.com? reqid=activation request ID;
For example, certificate server identifies yunxin according to default prefix: //, the enterprise that gets identify dfserv, preset
Domain name api-6 enterprise mark .cloudentify.com and activation request IDfasdcvxvdsafdsfzcxcsdfsdafcxz;
The the first activation response generated are as follows:
Yunxin: //api-dfserv.cloudentify.com? reqid=
fasdcvxvdsafdsfzcxcsdfsdafcxz。
Step 106: authentication management platform generates two-dimension code image according to the first activation response received;
Specifically, in the present embodiment, authentication management platform is using e-mail activation mode according to the first activation received
Response generates two-dimension code image.
Step 107: mobile terminal token scans the two-dimensional code, obtain terminal prot number, according to default domain name, enterprise mark and
Terminal prot number obtains activation URL, by activation URL access registrar server, establishes network data link with certificate server,
And the second activation is generated according to activation request ID and is requested;
In the present embodiment, mobile terminal token scans the two-dimensional code, and obtains the first activation response according to two-dimension code image, from
Default domain name, enterprise's mark and activation request ID are obtained in first activation response.For example, mobile terminal token is rung from the first activation
The activation request ID got in answering is fasdcvxvdsafdsfzcxcsdfsdafcxz;
Terminal is specially that pc machine, iPad, mobile phone (terminal device of the mobile terminal token off board) etc. can receive
The terminal device of mail.For example, the terminal prot number that mobile terminal token is got is 1843, domain name and enterprise's mark are preset
api-dfserv.cloudentify.com;
Obtained activation URL are as follows:
api-dfserv.cloudentify.com:1843/fasdcvxvdsafdsfzcxcsdfsdafcxz;By this
URL access registrar server is activated, establishes network data link, specially TCP connection with certificate server, transmission data are preferred
Using JSON data format;
In the present embodiment, this step further include: mobile terminal token obtains default activation line request type, obtains and saves
Token identifications code and token release number, call and obtain system type function, mobile terminal system type is obtained, then to default
Activation line request type, activation request ID, token identifications code, mobile terminal system type and token release number carry out the school mac
It tests, obtains mac check code;
For example, the terminal prot number obtained is 1843, the default activation line request type got is 6, i.e., "
reqtype":"6";The token identifications code got is 57,987,117,827,971 672588, i.e., " udid ": "
57987117827971672588";The token release number got is 2.5, i.e. app_version ": " 2.5 ";It calls and obtains system
It unites type of functions, the mobile terminal system type got is Android system, then mobile terminal system type is set to 1 (if
For IOS system, then 2) mobile terminal system type is set to, i.e. " os ": " 1 ";The mac check code being calculated is e532607
9df79129b8bd599301a1b9efb360b0cc6;Then according to default domain name, enterprise's mark, activation request ID and terminal end
The second activation request that slogan generates are as follows:
{"os":"1","reqid":"fasdcvxvdsafdsfzcxcsdfsdafcxz","reqtype":"6","
udid":"57987117827971672588",app_version":"2.5","mac":"e5326079df79129b8bd59
9301a1b9efb360b0cc6"};
Step 108: the second activation request is sent to certificate server by network data link by mobile terminal token;
Step 109: after certificate server receives the second activation request data, obtaining activation from the second activation request and ask
ID is sought, judges whether activation request ID is correct and effective, if it is thening follow the steps 110, otherwise reports an error, terminates.
In the present embodiment, judge whether activation request ID is correct and effective, specifically: judgement activation request ID and server
Whether the activation request ID saved in memory block is identical, if it is, activation request ID is correct, otherwise activation request ID is being not just
Really;And judge whether the difference of the system time saved in server system time and server memory block is (excellent in preset range
It is selected as 120s) in, if it is, activation request ID is effective, the activation request ID otherwise received is invalid, deletes server storage
ID is requested in activation in area;
In the present embodiment, step 109 further include: certificate server obtains token identifications code from the second activation request data
With mobile terminal system type, and the Terminal Equipment Identifier of preservation is obtained from certificate server memory block according to activation request ID
Code and mobile terminal system type, judge whether to match, if so, thening follow the steps 110, otherwise report an error, and terminate;
Step 110: certificate server obtains user information according to activation request ID from cache server;
Step 111: certificate server generates a token serial number according to token serial number generation method;
In the present embodiment, it is preferred that according to the genesis sequence of token serial number, generating a length is for OTP authentication center
10 token serial numbers, in addition to this it is possible to are as follows: default operation is carried out to user name, generates token serial number;
Wherein, it is preferred that token serial number generation method, specifically: according to the genesis sequence of token serial number, according to from
0000000001 sequence for starting to increase every time 1 generates a token serial number;
For example, activated token serial number is 1000000009, then this token serial number generated is
1000000010;
Step 112: token serial number, activation request ID are associated with by certificate server with user information foundation, are closed establishing
The information preservation of connection is to cache server;
Step 113: certificate server calls random number generation function, generates the second random number, which is made
The factor is generated for seed, the factor is generated according to seed and generates server seed key;
In the present embodiment, it is preferred that random number generation function calls in OTP authentication center, and Random.nextInt (10) is raw
It is 10 metric second random numbers at length, generates the factor as seed;
For example, it is 30750849669824758444 that the second random number that certificate server generates, i.e. seed, which generate the factor,;
In the present embodiment, certificate server application is default to derive algorithm, generates the factor to seed and derives, is serviced
Device seed key, it is preferred that certificate server application PBKDF2 derives algorithm, obtains the server seed key of 20 bytes,
In addition to this it is possible to derive algorithm etc. for BF;
For example, it is 6595781253 that the second random number that certificate server generates, i.e. seed, which generate the factor,;
It generates the factor to seed to derive, obtained server seed key are as follows:
FB80ECDA5EDF464CF7715EE66A25ED079122D429。
Step 114: certificate server obtains corresponding enterprise's key according to user name, using enterprise's key pair server kind
Sub-key is encrypted, and encryption server seed key is obtained, and encryption server seed key is associated with simultaneously with user name foundation
It saves into certificate server memory block;
Specifically: certificate server carries out server seed key according to token serial number, using predetermined encryption algorithm
Encryption, obtains binary encryption server seed key, then carries out to binary encryption server seed key
Base64 conversion, obtains character string, it is preferred that predetermined encryption algorithm is 3DES algorithm, in addition to this it is possible to be SM3, RSA
Algorithm etc.;
For example, enterprise's key that certificate server is got are as follows:
1F3D4E3A12459372B837193177913782;
The encryption server seed key for encrypting and being obtained after conversion using enterprise's key pair server seed key are as follows:
PL96EUSWSdPP2gj8fr6m-YXBpLWE0OTJjN2Q3LmR1b3NlY3VyaXR5LmNvbQ;
In the present embodiment, the generating process of the enterprise's key saved in certificate server is as follows:
Step 1: the administrator key of key operation platform reception key holder;
It wherein, is the safety for guaranteeing administrator key, the administrator key of key holder needs to regularly replace;
Step 2: key operation platform carries out default operation to administrator key, obtains master key, by master key save to
In memory block;
Step 3: certificate server timing obtains master key to key operation platform, judges the master key got and service
Whether the master key saved in device memory block is identical, if so, thening follow the steps 4, otherwise updates the master in server memory block
Key executes step 4;
In the present embodiment, since administrator key needs to regularly replace, it is therefore preferred that certificate server is at intervals of two minutes
The request for obtaining master key is sent to key operation platform, receives the current master key that key operation platform returns;
Step 4: certificate server obtains corresponding enterprise ID according to user name, carries out hash fortune to master key and enterprise ID
It calculates, obtains enterprise's key, enterprise's key is saved into cache server;
Wherein, enterprise ID is in administrator's registration, and authentication management platform is the enterprise ID that the enterprise is randomly assigned, and with
Multiple user names, which are established, to be associated with and saves into cache server;
In the present embodiment, since server seed key is encrypted using enterprise ID, work as some server
When seed key is cracked, the server seed key of other enterprises can not be cracked simultaneously, and safety is more preferably;
Step 115: certificate server generates the factor according to token serial number and seed, using default building form, generates
Second activation response;
In the present embodiment, it is preferred that certificate server generates the factor to seed according to token identifications code and encrypts, and obtains
Encryption seed generates the factor;
This step further include: certificate server obtains password generated algorithm, according to the password generated algorithm got, setting
Algorithm ID obtains present system time;
For example, it is 30750849669824758444 that the encryption seed that certificate server obtains, which generates the factor,;It gets
Password generated algorithm is SM3 password generated algorithm, then sets 00 (if the password generated algorithm got is for algorithm ID
01) AUTH password generated algorithm, then set algorithm ID to;To activation line request type, activation request ID, algorithm ID, enable
Card sequence number, encryption seed generate the factor, user name, enterprise's mark and server system time and carry out mac verification, obtain mac
Check code;
Further, certificate server according to activation line request type, activation request ID, algorithm ID, token serial number,
Encryption seed generates the factor, user name, enterprise's mark, server system time and mac check code and forms response data, using pre-
If arranging key encrypts response data, the second activation response is obtained;
For example, the response data generated is
{"data":"pushtype":"6","reqid":"fasdcvxvdsafdsfzcxcsdfsdafcxz","
algid":"00","token":"1000000010","factor":"30750849669824758444","userid":"
abc","compname":"dfserv","time":"1417502589"};
The second activation obtained after response data encryption is responded using default arranging key are as follows:
{"data":"591f86917938bb30066991c78f1e2b4c63a125ea90d8800418fa3e07dc2
d1187f7c64bac023a34d7dc58dcf7c79e99fccc874de6fba79a0eb50614fe73624d69b95fd92
d3cf83c1d2894355e790b2ff6dcce8892ed153681eb478521843eaf6f3a5623236754a7bb0b7
d709be74d79cd57a20d4a9af495e9c84918920dc0d1f94d032fd8f2baa4e6d8c230b2802e777
7a07e47fef374444b77412890c204fb729e6e10fd7fa658db115c32f713b53e1bbbba92d366c
0b69e7b70a87eeb564c51","mac":"f09749aa775b9eb84c0931e7250c95ea84ec901a"};
Step 116: the second activation response is sent to mobile terminal token by network data link by certificate server;
Step 117: mobile terminal token obtains seed from the second activation response and generates the factor and token serial number, according to
Seed generates the factor and generates token seed key, and token seed key and built-in dynamic factor are calculated, and generates dynamic mouth
It enables and token sequence number encrypts token seed key, crypto token seed key is obtained, by crypto token seed
Key and token serial number are saved into token memory block;
This step specifically includes: the default arranging key of mobile terminal token application solves the second activation response data
It is close, response data is obtained, seed is obtained from response data and generates the factor and token serial number;
This step, further includes: mobile terminal token acquisition algorithm ID from the second activation response, according to algorithm ID acquisition pair
The password generated algorithm answered, from second activation response in obtain the server system time, according to the server system time calculate with
The drift value of mobile terminal time, according to the password generated algorithm of the drift value application selection to token seed key and built-in
Dynamic factor is calculated, and dynamic password is generated;
Before this step further include: mobile terminal token obtains activation request ID from the second activation response, judges to activate
It requests the activation saved in ID and token request ID whether identical, if so, thening follow the steps 116, otherwise reports an error, terminate;
It is derived for example, mobile terminal of mobile telephone token generates the factor to seed, obtained token seed key is FB80
ECDA5EDF464CF7715EE66A25ED079122D429;
Getting corresponding password generated algorithm according to algorithm ID is OATH time type algorithm, in addition to this can also be state
Close time type algorithm SM3 algorithm etc., the dynamic password of generation are 179059;
Step 118: mobile terminal token generates third activation according to dynamic password, token serial number and activation request ID and asks
It asks;
In the present embodiment, it is preferred that mobile terminal token is requested ID according to default activation line request type, activation, swashed
Success or failure result, token release number, token serial number and dynamic password living generate third activation request;
For example, the third generated activates request are as follows:
{"result":"1","reqtype":"7","otp":"179059","token":"1000000010","
reqid":"fasdcvx vdsafdsfzcxcsdfsdafcxz"};
In the present embodiment, since a mobile phone can be equipped with multiple token programs, the corresponding order of each token programs
Card sequence number, after token serial number is sent to certificate server by mobile terminal token, certificate server is obtained and the token sequence
The corresponding all information of row number, in addition to this, can not also on send token serial number, then certificate server according to activation request ID
Obtain corresponding all information;
Step 119: third activation request is sent to certificate server by network data link by mobile terminal token;
Step 120: after certificate server receives third activation request, obtaining activation request from third activation request
ID judges whether activation request ID is correct and effective, if it is thening follow the steps 121, otherwise reports an error, terminates;
Specifically: whether the activation request ID saved in certificate server ID and certificate server memory block is identical, if
It is then to activate request ID correct, otherwise activation request ID is incorrect;
Step 121: certificate server obtains dynamic password from the third activation request received;
Step 122: certificate server calculates server seed key and built-in dynamic factor, generates dynamic mouth
It enables;
In the present embodiment, specifically, certificate server obtains encryption server seed key and enterprise's key, using enterprise
Industry key pair encryption server seed key is decrypted, and obtains server seed key, is generated according to server seed key
Dynamic password;
For example, certificate server gets corresponding encryption seed server key according to user name ft are as follows:
PL96EUSWSdPP2gj8fr6m-YXBpLWE0OTJjN2Q3LmR1b3NlY3VyaXR5LmNvbQ;
The enterprise's key got are as follows:
1F3D4E3A12459372B837193177913782;
Decryption obtains server seed key are as follows:
FB80ECDA5EDF464CF7715EE66A25ED079122D429;
The dynamic password of generation is 179059;
Before this step further include: after certificate server receives third activation request, obtained from third activation request
Activation request ID is taken, judges whether activation request ID is correct, if so, thening follow the steps 122, otherwise reports an error, terminates;
Specifically: certificate server judge in activation request ID and server memory block the activation that saves request ID whether phase
Together, if it is, activation request ID is correct, otherwise activation request ID is incorrect;
Step 123: the dynamic password that certificate server judgement generates and the dynamic mouth got from third activation request
It enables and whether matching, if so, thening follow the steps 125, otherwise activate response to the third that mobile terminal token returns to activation failure,
Terminate;
In the present embodiment, after step 123 further include: the data in the server that empties the cache;
Specifically, certificate server notice cache server clears data;
Step 124: certificate server, which generates, activates successful third activation response;
Specifically, online activation result type, activationary time are preset in certificate server acquisition, according to default activation line class
Type, activation request ID, activation successful result and activationary time generate third activation response;
For example, certificate server, which generates, activates successful third activation response are as follows:
{"pushtype":"7","reqid":"fasdcvxvdsafdsfzcxcsdfsdafcxz","result":"
1","time":"1417502590"};
Further, this step further include: certificate server obtains present system time, using present system time as upper
Secondary activationary time saves;
Step 125: third activation response is sent to mobile terminal token by certificate server;
In the present embodiment, third activation response is sent to mobile terminal by network data link and enabled by certificate server
Board;
Step 126: after mobile terminal token receives third activation response, judging whether third activation response activates into
Function then activates completion if it is activating successfully, terminates, if it is failure response, then activates failure, terminates;
In this step, when activation fails further include: display activation failure information;When activation is completed further include: mobile terminal
Token display activation successful information.
Embodiment 3
The embodiment of the present invention 3 provides a kind of shared method of server buffer during pushing certification, applied to including
In the system of application server, certificate server and mobile terminal token, comprising:
Referring to fig. 2, when mobile terminal token starts, following operation is executed:
Step a1: mobile terminal token obtains the internal access address saved, is built according to access address and certificate server
Vertical network data link;
Specifically, in the present embodiment, mobile terminal token obtains the internal access address saved, as internal preservation
Domain name, such as: www.ftsafe.com.cn.After mobile terminal token obtains the internal access address saved, access is requested access to
Network data link is established with certificate server automatically in address.
Step a2: the token serial number that inside saves is sent to load balancer by mobile terminal token;
Step a3: load balancer is sent to corresponding certificate server according to the default method of salary distribution, by token serial number;
In the present embodiment, token serial number is sent to idle certification according to default load balancing mode by load balancer
Server will according to the sequence made an appointment after load balancer receives the token serial number of mobile terminal token transmission
Token serial number is sent to certificate server, for example, token serial number is first sent to No.1 and is recognized according to the sequence from one to four
Server is demonstrate,proved, if No.1 certificate server is idle, No.1 server handles token serial number, if No.1 authenticates
Server is in running order, then token serial number is successively sent to No. two certificate servers, and so on.
Step a4: after certificate server receives token serial number, and token serial number and certificate server IP are uploaded
To cache server, token serial number is established with network data link mark and is associated with, is saved to certificate server memory block;
In the present embodiment, network data link mark is a string of numbers, can be found by network data link mark
Number corresponding network data link.
Step a5: cache server judges whether can to get and sequence of tokens according to the token serial number received
Otherwise number corresponding certificate server IP is protected token serial number and certificate server IP are corresponding if so, then follow the steps a6
It deposits, terminates;
Step a6: certificate server obtains certificate server IP from cache server according to token serial number, judges to obtain
The certificate server IP and certificate server IP that is uploaded to cache server it is whether identical, if it is, without updating, knot
Beam, it is no to then follow the steps a7;
Step a7: cache server is according to the token serial number and certificate server IP received, update and sequence of tokens
Number corresponding certificate server IP terminates.
As shown in Figure 3 and Figure 4, when application interface receives the user information of user's input, and receive user click it is true
After recognizing button, following operation is executed:
Step 201: application server receives the user information from application interface;
In the present embodiment, user information can be user name, or username and password, the present embodiment are believed with user
It ceases to illustrate for username and password;
For example, user information includes: user name: abc@test.com, password: 168408afag, user mobile phone number:
01234567890。
In the present embodiment, further includes: after application server receives user information, judge username and password whether just
Really, if so, thening follow the steps 202, error message otherwise is returned to application interface, after application interface receives error message,
The incorrect prompt information of user information is exported, is terminated;
Wherein, when username and password is incorrect, further includes: update verifying number, judge updated verifying number
Whether preset times are reached, if it is, report an error, otherwise return step 201;
It further, further include that output prompt is again defeated after the application interface output incorrect prompt information of user information
The prompt information of access customer information.
Step 202: application server generates certification request according to user information and the internal application identities saved;
For example, application interface is WEBSDK login interface, corresponding application identities are yiwnzh-ajg.
Step 203: certification request is sent to No.1 certificate server using load balancing mode by application server;
In the present embodiment, illustrate for there are 4 certificate servers, illustrate again, server can according to need
Set enough quantity;
4 certificate servers are respectively designated as No.1 server, No. two servers, route server and No. four servers,
Wherein, 4 certificate servers individually can change the operation looked into cache server progress additions and deletions, when application server takes to certification
It is engaged in after device sends certification request, certification request is sent to certificate server according to the sequence made an appointment, for example, according to from one
To four sequence, certification request is first sent to No.1 certificate server, if No.1 certificate server is idle, No.1 service
Device executes authentication operation and certification request is successively sent to No. two certifications if No.1 certificate server is in running order
Server, and so on;
Step 204: after No.1 certificate server receives certification request, generating challenging value, obtain and recognize from certification request
User information and application identities in card request, corresponding token sequence is obtained according to user information from certificate server memory block
Row number, and corresponding application message is obtained according to application identities;
In the present embodiment, preserved in certificate server memory block user information, server seed key, application message and
Token serial number;
This step further include: judge application corresponding with application identities whether can be found from certificate server memory block
Otherwise information returns to application server if it is, continuing and applies unregistered information;
In the present embodiment, it is preferred that generate the challenging value of preset length, preset length is 6 decimal datas;Wherein,
Generating challenging value can be to call random number generation function to generate random number, using random number as challenging value, or: according to
User name obtains corresponding server seed key from server memory block, calculates server seed key, generates
Challenging value;
Wherein, server seed key is calculated, generates challenging value, specifically: using preset algorithm to server
Seed key is calculated, and generates the metric challenging value that length is 6, it is preferred that preset algorithm is SM3 algorithm, may be used also
Think OATH algorithm etc.;
For example, the challenging value generated is 308962.
Step 205: challenging value is associated with token serial number foundation and saves to cache server by No.1 certificate server;
Specifically, challenging value and token serial number are sent to buffer service by No.1 certificate server.
Step 206: No.1 certificate server obtains corresponding guarantor according to the token serial number received from cache server
The information for the mobile terminal token deposited, certificate server IP;
Before this step further include: certificate server calls random number generation function, generates random number, which is made
For certification request mark, it is associated with and is saved into cache server with user information foundation;
Further, further includes: certificate server obtains the current server time, using the current server time as certification
The generation time of request mark saves into server memory block;
For example, the certification request mark that certificate server generates are as follows:
02c0e8b4-be19-49f6-aab6-273b38522cea;
The generation time of certification request mark is 1419325026;
Then, pushing certification request is generated according to challenging value, user information, token serial number and application message, specifically: it obtains
The current server time is taken, according to challenging value, token serial number, user information, current server time, application message and certification
Request mark generates pushing certification request;
For example, the pushing certification request generated are as follows:
{"appname":"WEBSDK","challenge":"308962","pushtype":"1","reqid":"
02c0e8b4-be19-49f6-aab6-273b38522cea","time":"1419325027","token":"
1000000003","userid":"abc@test.com"}。
Step 207: No.1 certificate server is pushed away according to the generation of challenging value, user information, token serial number and application message
Send certification request;
Step 208: No.1 certificate server judges that the certificate server IP saved in cache server and No.1 certification take
Whether business device IP is identical, if so, 209 are thened follow the steps, it is no to then follow the steps 211;
In the present embodiment, if No.1 certificate server IP is 192.168.3.28, and got from cache server
Certificate server IP be 192.168.5.21, corresponding is No. two certificate server IP, indicate No.1 certificate server be not
The certificate server that network data link is established with mobile terminal token, thens follow the steps 211.
Step 209: No.1 certificate server obtains corresponding network number according to token serial number from the server buffer
According to link identification;
Step 210: pushing certification request is sent to pair by No.1 certificate server by the network data link that gets
The mobile terminal token answered, mobile terminal token execute step 214;
Step 211: pushing certification is requested the certificate server IP being sent in cache server by No.1 certificate server
Corresponding No. two certificate servers;
Step 212: No. two certificate servers obtain corresponding network number according to token serial number from the server buffer
According to link identification;
Step 213: pushing certification request is sent to pair by No. two certificate servers by the network data link that gets
The mobile terminal token answered, mobile terminal token execute step 214;
Step 214: mobile terminal token obtains challenging value, user information and application message and is shown from pushing certification request
Show, selection of the user to be received to display information is waited to then follow the steps 215 if user selects confirmation to log in, otherwise terminate;
In the present embodiment, mobile terminal token is current according to challenging value, user information, application message and the token that gets
Time is filled preset format, obtains display information.
Step 215: mobile terminal token calculates challenging value and the internal token seed key saved, generates first
Response value generates pushing certification response data according to the first response value;
Wherein, mobile terminal token is according to login result, token current time, auth type, the first response value, token sequence
Row number and certification request mark generate pushing certification response data;
For example, the first response value that mobile terminal token generates is 677165, then the pushing certification response data generated are as follows:
{"result":"1","time":"1419325027","reqtype":"2","otp":"677165","
token":"1000000003","reqid":"02c0e8b4-be19-49f6-aab6-273b38522cea"};
Wherein, login result 1 is expressed as allowing to log in, and token current time is 1419325027, auth type 2,
As pushing certification type, the first response value are 677165, and token serial number 1000000003, certification request is identified as
02c0e8b4-be19-49f6-aab6-273b38522cea。
Step 216: mobile terminal token will be sent to No.1 in pushing certification response data by network data link and be authenticated
Server;
Likewise, it is also using load balancing that pushing certification response data is sent to certificate server by mobile terminal token
Mode carry out.
Step 217: No.1 certificate server obtains the challenging value of preservation from cache server;
Step 218: No.1 certificate server obtains the first response value from pushing certification response data, according to pushing certification
Token serial number in response data obtains corresponding server seed key from server database;
Step 219: No.1 certificate server generates the second response value according to challenging value and server seed key, judges the
Whether one response value and the second response value match, if so, thening follow the steps 220, otherwise generate authentication failure response, and should
Authentication failure response is back to application server, terminates;
This step further include: No.1 certificate server deletes the data of the secondary certification saved in cache server, tool
Body includes: to delete challenging value, certification request mark etc.;
In the present embodiment, when determining that the first response value and the second response value mismatch, further includes: No.1 certificate server
To application server return authentication failure response, authentication failure response is back to application interface again by application server, using boundary
After face receives authentication failure response, authentication output failure information terminates;
Further, after application interface authentication output failure information, it can also include: display login interface, continue
User to be received inputs user information.
Step 220: No.1 certificate server generates certification success response, and the certification success response is back to using clothes
Business device, certification terminate;
In the present embodiment, after application server receives certification success response, certification success response is back to using boundary
Face, application interface allow user to access application, and show using the interface after logining successfully, and terminate using login authentication process.
Embodiment 4
The embodiment of the present invention 4 provides a kind of method that server buffer is shared, is applied to including application server, certification
In the system of server, iCloud and mobile terminal token, comprising:
Referring to Fig. 5, when the starting of mobile terminal token, following operation is executed:
Step b1: mobile terminal token obtains the internal access address saved, is built according to access address and certificate server
Vertical network data link;
Step b2: the token serial number that inside saves and mobile terminal identification are sent to load balancing by mobile terminal token
Device;
For example, mobile terminal identification are as follows: 154654541fhah;
Step b3: token serial number and mobile terminal identification are sent to pair according to the default method of salary distribution by load balancer
The certificate server answered;
Wherein, it is identical as the operation of step a3 in embodiment 3 to preset distribution method, is not repeating herein;
Step b4: after certificate server receives token serial number and mobile terminal identification, by token serial number and movement
Terminal iidentification is sent to cache server;
Step b5: cache server judges whether can to get and sequence of tokens according to the token serial number received
Otherwise number corresponding mobile terminal identification is protected token serial number and mobile terminal identification are corresponding if so, then follow the steps b6
It deposits, terminates;
Step b6: certificate server obtains mobile terminal identification from cache server according to token number, judges the shifting obtained
Whether dynamic terminal iidentification and the mobile terminal identification for being uploaded to cache server are identical, if it is, terminate without updating, it is no
Then follow the steps b7;
Step b7: cache server is according to the token serial number and mobile terminal identification received, update and sequence of tokens
Number corresponding mobile terminal identification terminates.
As shown in fig. 6, when application interface receives the user information of user's input, and receive user and click ACK button
Afterwards, following operation is executed:
Step 301: application server receives the user information from application interface;
In the present embodiment, user information can be user name, or username and password, the present embodiment are believed with user
It ceases to illustrate for user name;
For example, user information includes: user name: abc@test.com;
In the present embodiment, further includes: after application server receives user name, judge be from application server for storage area
It is no to find the user name, if so, thening follow the steps 302, error message, application interface otherwise are returned to application interface
After receiving error message, the incorrect prompt information of user information is exported, is terminated;
It further, further include that output prompt is again defeated after the application interface output incorrect prompt information of user information
Enter the prompt information of validated user information.
Step 302: application server generates certification request according to user information and the internal application identities saved;
For example, application interface is WEBSDK login interface, corresponding application identities are yiwnzh-ajg.
Step 303: certification request is sent to certificate server using load balancing mode by application server;
This step is identical as step 203 in embodiment 3, and details are not described herein.
Step 304: certificate server generates challenging value after receiving certification request, and challenging value is saved to buffer service
Device;
In the present embodiment, it is preferred that generate the challenging value of preset length, preset length is 6 decimal datas;Wherein,
Generating challenging value can be to call random number generation function to generate random number, using random number as challenging value, or: according to
User name obtains corresponding server seed key from server memory block, calculates server seed key, generates
Challenging value;
Wherein, server seed key is calculated, generates challenging value, specifically: using preset algorithm to server
Seed key is calculated, and generates the metric challenging value that length is 6, it is preferred that preset algorithm is SM3 algorithm, may be used also
Think OATH algorithm etc.;
For example, the challenging value generated is 308962.
Step 305: certificate server from certification request obtain certification request in user information and application identities, according to
Application identities obtain corresponding application message;
This step further include: judge application letter corresponding with application identities whether can be found from server memory block
Otherwise breath returns to application server if it is, continuing and applies unregistered information;
Step 306: certificate server obtains corresponding token serial number according to user information from server database;
User information, server seed key, application message and token are preserved in the present embodiment, in server database
Sequence number.
Step 307: certificate server, which generates push according to challenging value, user information, token serial number and application message, to be recognized
Card request;
Before this step further include: certificate server calls random number generation function, generates random number, which is made
For certification request mark, it is associated with and is saved into cache server with user information foundation;
Further, further includes: certificate server obtains the current server time, using the current server time as certification
The generation time of request mark saves into server memory block;
For example, the certification request mark that certificate server generates are as follows:
02c0e8b4-be19-49f6-aab6-273b38522cea;
The generation time of certification request mark is 1419325026;
In the present embodiment, pushing certification is generated according to challenging value, user information, token serial number and application message to ask
It asks, specifically: the current server time is obtained, according to challenging value, token serial number, user information, the current server time, is answered
It is identified with information, mobile terminal identification and certification request and generates pushing certification request;
For example, the pushing certification request generated are as follows:
{"appname":"WEBSDK","challenge":"308962","pushtype":"1","reqid":"
02c0e8b4-be19-49f6-aab6-273b38522cea","time":"1419325027","token":"
1000000003","userid":"abc@test.com","phoneid":"154654541fhah"}。
Step 308: certificate server obtains mobile terminal identification according to token serial number from cache server;
Step 309: pushing certification is requested deposit cache server by certificate server;
Wherein, authentication notification data are used to indicate pushing certification and request the position in cache server.
Step 310: certificate server requests to generate authentication notification data according to pushing certification;
Step 311: authentication notification data and mobile terminal identification are sent to iCloud by certificate server;
Authentication notification data are sent to the mobile terminal identification and corresponded to by step 312:iCloud according to mobile terminal identification
Mobile terminal token in;
Step 313: mobile terminal token, which is generated, obtains the information of pushing certification request comprising authentication notification data, and leads to
It crosses network data link and is sent to certificate server;
Step 314: after certificate server receives the information for obtaining pushing certification request comprising authentication notification data, from
Push request certification is obtained in cache server;
Step 315: pushing certification request is sent to mobile terminal token by certificate server;
Step 316: mobile terminal token obtains challenging value, user information and application message and is shown from pushing certification request
Show, selection of the user to be received to display information is waited to then follow the steps 317 if user selects confirmation to log in, otherwise terminate;
In the present embodiment, mobile terminal token is current according to challenging value, user information, application message and the token that gets
Time is filled preset format, obtains display information.
Step 317: mobile terminal token calculates challenging value and the internal token seed key saved, generates first
Response value generates pushing certification response data according to the first response value;
Wherein, mobile terminal token is according to login result, token current time, auth type, the first response value, token sequence
Row number and certification request mark generate pushing certification response data;
For example, the first response value that mobile terminal token generates is 677165, then the pushing certification response data generated are as follows:
{"result":"1","time":"1419325027","reqtype":"2","otp":"677165","
token":"1000000003","reqid":"02c0e8b4-be19-49f6-aab6-273b38522cea"};
Wherein, login result 1 is expressed as allowing to log in, and token current time is 1419325027, auth type 2,
As pushing certification type, the first response value are 677165, and token serial number 1000000003, certification request is identified as
02c0e8b4-be19-49f6-aab6-273b38522cea。
Step 318: mobile terminal token will be sent in pushing certification response data to authentication service by network data link
Device;
Step 319: certificate server obtains the challenging value of preservation from cache server;
Step 320: certificate server obtains the first response value from pushing certification response data, and according to authentication response number
Token serial number in obtains corresponding server seed key from server database;
Step 321: certificate server generates the second response value according to challenging value and server seed key, judges that first answers
It answers value and whether the second response value matches, if so, thening follow the steps 322, otherwise terminate;
This step further include: No.1 certificate server deletes the data of the secondary certification saved in cache server, tool
Body includes: to delete challenging value, certification request mark etc.;
In the present embodiment, when determining that the first response value and the second response value mismatch, further includes: No.1 certificate server
To application server return authentication failure response, authentication failure response is back to application interface again by application server, using boundary
After face receives authentication failure response, authentication output failure information terminates;
Further, after application interface authentication output failure information, it can also include: display login interface, continue
User to be received inputs user information.
Step 322: certificate server generates certification success response, and the certification success response is back to application service
Device, certification terminate.
In the present embodiment, after application server receives certification success response, certification success response is back to using boundary
Face, application interface allow user to access application, and show using the interface after logining successfully, and terminate using login authentication process.
Embodiment 5
The embodiment of the present invention 5 provides a kind of shared method of server data memory space during simple challenge, answers
For include application server, certificate server and mobile device token system in, as shown in fig. 7, comprises:
Step 401: application server receives the user information from application interface;
In the present embodiment, user information can be user name, or username and password, the present embodiment are believed with user
It ceases to illustrate for user name;
For example, user information includes: user name: abc@test.com;
In the present embodiment, further includes: after application server receives user name, judge be from application server for storage area
It is no to find the user name, if so, thening follow the steps 302, error message, application interface otherwise are returned to application interface
After receiving error message, the incorrect prompt information of user information is exported, is terminated;
It further, further include that output prompt is again defeated after the application interface output incorrect prompt information of user information
Enter the prompt information of validated user information.
Step 402: application server generates certification request according to user information and the internal application identities saved;
For example, application interface is WEBSDK login interface, corresponding application identities are yiwnzh-ajg.
Step 403: certification request is sent to certificate server using load balancing mode by application server;
Step 404: after certificate server receives certification request, from the user's letter obtained in certification request in certification request
Breath and application identities, obtain corresponding token serial number according to user information, and according to application from certificate server memory block
Mark obtains corresponding application message;
This step further include: judge application letter corresponding with application identities whether can be found from server memory block
Otherwise breath returns to application server if it is, continuing and applies unregistered information;
In the present embodiment, it is preferred that generate the challenging value of preset length, preset length is 6 decimal datas;Wherein,
Generating challenging value can be to call random number generation function to generate random number, using random number as challenging value, or: according to
User name obtains corresponding server seed key from server memory block, calculates server seed key, generates
Challenging value;
Wherein, server seed key is calculated, generates challenging value, specifically: using preset algorithm to server
Seed key is calculated, and generates the metric challenging value that length is 6, it is preferred that preset algorithm is SM3 algorithm, may be used also
Think OATH algorithm etc.;
For example, the challenging value generated is 308962.
Step 405: certificate server generates challenging value, and sends cache server for token serial number, challenging value;
Specifically, in the present embodiment, token serial number and challenging value are in the form of " token serial number: challenging value " list
It is sent to cache server.
Step 406: certificate server, which generates push according to challenging value, token serial number, user information and Apply Names, to be recognized
Card request;
Before this step further include: certificate server calls random number generation function, generates random number, which is made
For certification request mark, it is associated with and is saved into cache server with user information foundation;
Further, further includes: certificate server obtains the current server time, using the current server time as certification
The generation time of request mark saves into server memory block;
For example, the certification request mark that certificate server generates are as follows:
02c0e8b4-be19-49f6-aab6-273b38522cea;
The generation time of certification request mark is 1419325026;
Then, pushing certification request is generated according to challenging value, user information, token serial number and application message, specifically: it obtains
The current server time is taken, according to challenging value, token serial number, user information, current server time, application message, movement
Terminal iidentification and certification request mark generate pushing certification request;
For example, the pushing certification request generated are as follows:
{"appname":"WEBSDK","challenge":"308962","pushtype":"1","reqid":"
02c0e8b4-be19-49f6-aab6-273b38522cea","time":"1419325027","token":"
1000000003","userid":"abc@test.com","phoneid":"154654541fhah"}。
Step 407: certificate server obtains corresponding network data chain according to token serial number from the server buffer
Line;
Step 408: pushing certification request is sent to corresponding by certificate server by the network data link got
Mobile terminal token;
Step 409: mobile terminal token obtains challenging value, user information and application message and is shown from pushing certification request
Show, selection of the user to be received to display information is waited to then follow the steps 410 if user selects confirmation to log in, otherwise terminate;
In the present embodiment, mobile terminal token is current according to challenging value, user information, application message and the token that gets
Time is filled preset format, obtains display information.
Step 410: mobile terminal token calculates challenging value and the internal token seed key saved, generates first
Response value generates pushing certification response data according to the first response value;
Wherein, mobile terminal token is according to login result, token current time, auth type, the first response value, token sequence
Row number and certification request mark generate pushing certification response data;
For example, the first response value that mobile terminal token generates is 677165, then the pushing certification response data generated are as follows:
{"result":"1","time":"1419325027","reqtype":"2","otp":"677165","
token":"1000000003","reqid":"02c0e8b4-be19-49f6-aab6-273b38522cea"};
Wherein, login result 1 is expressed as allowing to log in, and token current time is 1419325027, auth type 2,
As pushing certification type, the first response value are 677165, and token serial number 1000000003, certification request is identified as
02c0e8b4-be19-49f6-aab6-273b38522cea。
Step 411: mobile terminal token will be sent in pushing certification response data to authentication service by network data link
Device;
Step 412: certificate server gets client push authentication response data, obtains from pushing certification response data
The first response value is taken, according to the token number in authentication response data, the challenging value of preservation is obtained from cache server;
In the present embodiment, there is certification to identify in pushing certification response data, therefrom obtain the " token in cache server
Sequence number: challenging value " list is obtained from " token serial number: challenging value " list according to the token number in authentication response data
Challenging value.
Step 413: certificate server obtains the seed in certificate server with the token serial number in authentication response data
Key;
Step 414: certificate server generates the second response value according to challenging value and server seed key, judges that first answers
It answers value and whether the second response value matches, if so, thening follow the steps 415, otherwise terminate;
This step further include: No.1 certificate server deletes the data of the secondary certification saved in cache server, tool
Body includes: to delete pushing certification response data, challenging value, " token serial number: challenging value " list, certification request mark etc.;
In the present embodiment, when determining that the first response value and the second response value mismatch, further includes: No.1 certificate server
To application server return authentication failure response, authentication failure response is back to application interface again by application server, using boundary
After face receives authentication failure response, authentication output failure information terminates;
Further, after application interface authentication output failure information, it can also include: display login interface, continue
User to be received inputs user information.
Step 415: certificate server generates certification success response, and the certification success response is back to application service
Device, certification terminate.
In the present embodiment, after application server receives certification success response, certification success response is back to using boundary
Face, application interface allow user to access application, and show using the interface after logining successfully, and terminate using login authentication process.
In the present invention, in addition to the transmission mode in embodiment, application interface and application server, application server and certification
Communication data between server, certificate server and terminal token is the algorithm negotiated in advance by both sides and key handling mistake
's;Further, the communication data between them can also include length and check bit, and recipient passes through the length in communication data
Whether the communication data that degree and check bit judgement receive is correct, normal operating process is carried out if correct, if incorrect lead to
Know sender's error in data, sender retransmits communication data;Further, the communication data between them can also be into
Row network encryption or use secret software transmission etc., to guarantee the peace of the communication data between application server and application interface
Quan Xing.
Embodiment 6
The embodiment of the present invention 6 provides a kind of device that server data memory space is shared, as shown in Figure 8, comprising:
First receiving module 101, for receiving the certification request of application server transmission;
First generation module 102, for receiving the certification request of application server transmission when the first receiving module 101
When, generate challenging value;
First obtains module 103, for obtaining the user information in certification request;
First searching module 104, for searching token serial number corresponding with user information;
Second generation module 105, challenging value, the first acquisition module 103 for being generated according to the first generation module 102 obtain
The token serial number that the user information and the first searching module 104 got are found generates pushing certification request;
First sending module 106 is requested for sending pushing certification to mobile terminal token;
First preserving module 107, the challenging value for generating the first generation module 102 are looked into the first searching module 104
The token serial number found is corresponding to be saved to cache server;
Second receiving module 108, for receiving the pushing certification response of mobile terminal token transmission;
Second searching module 109, for searching the corresponding server seed key of mobile terminal token;
Second obtains module 110, and the token serial number for being obtained according to the first searching module 104 is obtained from cache server
Take challenging value;
Third generation module 111, the server seed key and second for being found according to the second searching module 109
It obtains the challenging value that module 110 is got and generates response value;
First judgment module 112, the response value and the second receiving module 108 generated for judging third generation module 111
Whether the response value in pushing certification response received matches;
Second sending module 113, for judging the response value that third generation module 111 generates when first judgment module 112
When response value successful match in the pushing certification response received with the second receiving module 108, recognize to application server transmission
Demonstrate,prove success response;
Third sending module 114, for judging the response value that third generation module 111 generates when first judgment module 112
The response value in pushing certification response received with the second receiving module 108 is recognized to application server transmission when it fails to match
Demonstrate,prove failure response.
Specifically, the device in the present embodiment further include: third obtains module, for obtaining the application mark in certification request
Know;
4th obtains module, obtains application message for obtaining the application identities that module is got according to third;
Further, in the present embodiment, the second generation module 105, is specifically used for: raw according to the first generation module 102
At challenging value, the token serial number that finds of the first acquisition module 103 user information, the first searching module 104 for getting
And the 4th the application message that gets of acquisition module requested at pushing certification.
In the present embodiment, device further include: the 5th obtains module, the 4th sending module of the second judgment module and the 5th hair
Send module;
5th obtains module, obtains corresponding certificate server from cache server according to token serial number for device
IP;
Whether the second judgment module is identical for judgment means IP and the 5th IP that gets of acquisition module;
4th sending module, the authentication service got for the acquisition of the second judgment module judgment means IP and the 5th module
When device IP is identical, pushing certification request is sent to mobile terminal token;
5th sending module, the authentication service got for the acquisition of the second judgment module judgment means IP and the 5th module
When device IP is not identical, pushing certification request is sent to the corresponding device of certificate server IP that the 5th acquisition module is got;
6th receiving module, the pushing certification request sent for receiving another device;
6th sending module, for will push away when the 6th receiving module receives the pushing certification request that another device is sent
Certification request is sent to be sent to mobile terminal token.
Specifically, in the present embodiment, device further include:: the 7th receiving module and the second preserving module;
7th receiving module, for receiving the token serial number of mobile terminal token transmission;
Second preserving module, for when receiving the token serial number of mobile terminal token transmission, device to be by itself IP
Preservation is associated with to cache server with token serial number foundation.
Further, in the present embodiment, device further include: the 7th obtains module, the 8th acquisition module, the first comparison mould
Block and the first update module;
7th obtains module, for according to token serial number acquisition device IP;
8th obtain module, for according to token serial number from cache server acquisition device IP;
First contrast module obtains the device that module obtains for comparing the device IP and the 8th that the 7th acquisition module obtains
Whether IP is identical;
First update module, for being obtained when the first contrast module comparison the 7th obtains the device IP and the 8th that module obtains
It when the device IP difference that module obtains, updates and establishes associated device IP with token serial number, terminate.
Specifically, in the present embodiment, device further include: the 4th generation module, the 7th sending module, the 9th obtain mould
Block, the tenth obtain module and the 8th sending module;
4th generation module requests to cache server for sending pushing certification and generates authentication notification data;
7th sending module, the authentication notification data for generating the 4th generation module are sent to mobile terminal token;
9th obtain module, for when receive mobile terminal token return obtain pushing certification request information after,
Token serial number is obtained from obtaining in the information that pushing certification is requested;
Tenth obtains module, for being obtained from cache server according to the token serial number obtained in the 9th acquisition module
Pushing certification is taken to request;
8th sending module, the push request certification for obtaining the tenth acquisition module are sent to mobile terminal token.
Further, in the present embodiment, the 7th sending module specifically includes: first acquisition unit and first is sent
Unit;
First acquisition unit, for obtaining mobile terminal identification from cache server according to token serial number;
First transmission unit, for authentication notification data and mobile terminal identification to be sent to iCloud, iCloud according to
Authentication notification data are sent to the corresponding mobile terminal token of mobile terminal identification by mobile terminal identification.
Specifically, in the present embodiment further include: third preserving module;
Third preserving module, for when the token serial number and mobile terminal identification for receiving the transmission of mobile terminal token
When, token serial number is associated with preservation to cache server with mobile terminal identification foundation.
Accordingly, in the present embodiment, device further include: the 11st obtains module, the 12nd acquisition module, the second comparison
Module and the second update module
11st obtains module, for token serial number to be associated with guarantor with mobile terminal identification foundation when third preserving module
It deposits to cache server, mobile terminal identification is obtained according to token serial number;
12nd obtains module, for obtaining corresponding mobile terminal mark from cache server according to token serial number
Know;
Second contrast module obtains the mobile terminal identification of module acquisition for comparing the 11st acquisition module and the 12nd
It is whether identical;
Second update module, for being obtained when the 11st acquisition module of the second contrast module comparison and the 12nd acquisition module
Mobile terminal identification difference when, update with token serial number establish associated mobile terminal identification, terminate.
In the present embodiment, device further include: module is established, for when the token sequence for receiving the transmission of mobile terminal token
When row number, device and mobile terminal token establish network data link.
In the present embodiment, device further include: the 13rd obtains module and the 4th preserving module;
13rd obtains module, and for establishing after module establishes network data link, it is corresponding to obtain mobile terminal token
Network data link mark;
4th preserving module saves depositing to device for network data link mark to be associated with token serial number foundation
Storage area.
Specifically, in the present embodiment, device further include: the 14th obtains module;
14th obtains module, for obtaining corresponding network data chain from the memory block of device according to token serial number
Line, and corresponding network data link is obtained according to network data link mark;
Further, the first sending module 106, is specifically used for: obtaining the network data chain that module obtains according to the 14th
Line obtains corresponding network data link, sends pushing certification by network data link and requests to mobile terminal token.
Further, in the present embodiment, in the first preserving module 107, it is specifically used for: sends asking for storage challenging value
It asks to buffer service, buffer service stores challenging value and token serial number to cache server according to preset storage rule
In list;
Further, in the present embodiment, second module 110 is obtained, be specifically used for: sending the request for obtaining challenging value
To buffer service, buffer service corresponding challenge of query token sequence number from the list of cache server according to token serial number
Value, and return to certificate server.
Optionally, in the present embodiment, device further include: setup module;
Setup module, the effective time for being stored in cache server for challenging value to be arranged, when challenging value is more than to cache
When the effective time of server, cache server deletes challenging value.
Optionally, in the present embodiment, device can also include: removing module;
Whether removing module judges the response value in the response value generated and pushing certification response for first judgment module
After matching, the challenging value corresponding with token serial number saved in cache server is deleted.
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto,
Anyone skilled in the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, all
It is covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be subject to the protection scope in claims.
Claims (28)
1. a kind of shared method of server data memory space, which is characterized in that the described method includes:
When receiving the certification request of application server transmission, certificate server generates challenging value, obtains the certification request
In user information, search corresponding with user information token serial number;According to the challenging value of generation, the user got
Information and the token serial number found generate pushing certification request, send the pushing certification and request to mobile terminal to enable
Board, and save the challenging value of the generation is corresponding with the token serial number found to cache server;
When receiving the pushing certification response of mobile terminal token transmission, it is corresponding that certificate server searches mobile terminal token
Server seed key obtains challenging value from cache server according to token serial number, close according to the server seed found
Key and the challenging value got generate response value;Judge the response value generated is with the response value in pushing certification response
No matching is then to send certification success response to application server, otherwise sends authentication failure response to application server;
The transmission pushing certification is requested to before mobile terminal token, further includes: the certificate server sends push
Certification request is to cache server and generates authentication notification data, and the authentication notification data are sent to mobile terminal token;
The method also includes: after receiving the information for obtaining pushing certification request of mobile terminal token return, certification clothes
Business device obtains token serial number from the information that the acquisition pushing certification is requested, according to the token serial number from buffer service
The pushing certification request is obtained in device, and push request certification is sent to mobile terminal token.
2. the method according to claim 1, wherein described when the certification request for receiving application server transmission
When, further includes: the application identities in the certification request are obtained, and obtain application message according to the application identities;
The challenging value according to generation, the user information got and the token serial number found generate pushing certification and ask
It asks, specifically: believed according to the challenging value of generation, the user information got, the token serial number found and the application
Breath generates pushing certification request.
3. requesting the method according to claim 1, wherein the certificate server sends pushing certification to caching
Server simultaneously generates authentication notification data, the authentication notification data is sent to the replacement of mobile terminal token are as follows: the certification
Server obtains corresponding certificate server IP according to the token serial number from cache server, and judges itself IP and obtain
Whether the certificate server IP got is identical, is, pushing certification request is sent to mobile terminal token, otherwise by institute
It states pushing certification request and is sent to the corresponding certificate server of certificate server IP got;
After receiving the information for obtaining pushing certification request of mobile terminal token return, certificate server is pushed away from the acquisition
It send and obtains token serial number in the information of certification request, the push is obtained from cache server according to the token serial number
Certification request, and push request certification is sent to mobile terminal token, it replaces are as follows: when receiving another certificate server
When the pushing certification request of transmission, the pushing certification received request is sent to mobile terminal token by certificate server.
4. according to the method described in claim 3, it is characterized in that, the method also includes: when receiving mobile terminal token
When the token serial number of transmission, itself IP is associated with preservation to buffer service with token serial number foundation by certificate server
Device.
5. according to the method described in claim 4, it is characterized in that, the certificate server is by itself IP and the sequence of tokens
Number establishing association saves to after cache server, further includes: the certificate server is obtained according to the token serial number and authenticated
Server ip, and compared with corresponding certificate server IP is obtained from cache server according to the token serial number,
If identical, without updating, terminate;Otherwise, the certificate server will update establish with the token serial number it is associated
Certificate server IP terminates.
6. the method according to claim 1, wherein described be sent to mobile terminal for the authentication notification data
Token specifically includes: the certificate server obtains mobile terminal identification from cache server according to the token serial number, and
Authentication notification data and the mobile terminal identification are sent to iCloud, the iCloud will according to the mobile terminal identification
The authentication notification data are sent to the corresponding mobile terminal token of the mobile terminal identification.
7. according to the method described in claim 6, it is characterized in that, the method also includes: when receiving mobile terminal token
When the token serial number and mobile terminal identification of transmission, certificate server is by the token serial number and the mobile terminal identification
Association is established to save to cache server.
8. the method according to the description of claim 7 is characterized in that described by the token serial number and the mobile terminal mark
Know after establishing association preservation to cache server, further includes: the certificate server is obtained according to the token serial number and moved
Terminal iidentification, and compared with corresponding mobile terminal identification is obtained from cache server according to the token serial number,
If identical, without updating, terminate;Otherwise, the certificate server will update establish with the token serial number it is associated
Mobile terminal identification terminates.
9. the method according to claim 4 or 7, which is characterized in that when the token sequence for receiving the transmission of mobile terminal token
When row number, further includes: certificate server and the mobile terminal token establish network data link.
10. according to the method described in claim 9, it is characterized in that, the certificate server and the mobile terminal token are built
After vertical network data link, further includes: the certificate server obtains the corresponding network data link of the mobile terminal token
Mark, and network data link mark is associated with token serial number foundation and saves depositing to the certificate server
Storage area.
11. according to the method described in claim 10, it is characterized in that,
The transmission pushing certification is requested to before mobile terminal token, further includes: the certificate server is according to
Token serial number obtains corresponding network data link mark from the memory block of the certificate server, and according to the network
Data link identity obtains corresponding network data link;
The transmission pushing certification is requested to mobile terminal token, specifically: the certificate server is according to the network
Data link identity obtains corresponding network data link, by the network data link send the pushing certification request to
Mobile terminal token.
12. the method according to claim 1, wherein the challenging value by the generation is found with described
Token serial number it is corresponding save to cache server, specifically: the certificate server sends the request of storage challenging value extremely
Buffer service, the buffer service store the challenging value and the token serial number to caching according to preset storage rule
In the list of server;
It is described that challenging value is obtained from cache server according to token serial number, specifically: the certificate server sends to obtain and choose
The request of war value to buffer service, the buffer service inquires the order according to token serial number from the list of cache server
The corresponding challenging value of card sequence number, and return to the certificate server.
13. the method according to claim 1, wherein the challenging value by the generation is found with described
Token serial number corresponding save to cache server, further includes: certificate server be arranged the challenging value be stored in it is described
The effective time of cache server, is more than effective time, and the cache server deletes the challenging value.
14. the method according to claim 1, wherein response value and the pushing certification that the judgement generates
After whether the response value in response matches, further includes: the certificate server in cache server by saving with the order
The corresponding challenging value of card sequence number is deleted.
15. a kind of shared device of server data memory space characterized by comprising
First receiving module, for receiving the certification request of application server transmission;
First generation module generates when for receiving the certification request of application server transmission when first receiving module
Challenging value;
First obtains module, for obtaining the user information in the certification request;
First searching module, for searching token serial number corresponding with the user information;
Second generation module, the challenging value, the first acquisition module for being generated according to first generation module obtain
The token serial number that the user information and first searching module got are found generates pushing certification request;
First sending module is requested for sending the pushing certification to mobile terminal token;
First preserving module, what challenging value and first searching module for generating first generation module were found
The token serial number is corresponding to be saved to cache server;
Second receiving module, for receiving the pushing certification response of mobile terminal token transmission;
Second searching module, for searching the corresponding server seed key of the mobile terminal token;
Second obtains module, and the token serial number for being obtained according to first searching module is obtained from cache server
The challenging value;
Third generation module, server seed key and described second for being found according to second searching module obtain
The challenging value that modulus block is got generates response value;
First judgment module, the response value for judging that the third generation module generates connect with second receiving module
Whether the response value in pushing certification response received matches;
Second sending module, for when the first judgment module judge the response value that the third generation module generates with
When response value successful match in the response of the pushing certification that second receiving module receives, sent to application server
Authenticate success response;
Third sending module, for when the first judgment module judge the response value that the third generation module generates with
Response value in the response of the pushing certification that second receiving module receives is sent to application server when it fails to match
Authentication failure response;
Described device, further includes: the 4th generation module, the 7th sending module, the 9th obtain module, the tenth acquisition module and the 8th
Sending module;
4th generation module requests to cache server for sending pushing certification and generates authentication notification data;
7th sending module, the authentication notification data for generating the 4th generation module are sent to mobile whole
Hold token;
It is described 9th obtain module, for when receive mobile terminal token return obtain pushing certification request information after,
Token serial number is obtained from the information that the acquisition pushing certification is requested;
Described tenth obtains module, for being taken from caching according to the token serial number obtained in the 9th acquisition module
The pushing certification request is obtained in business device;
8th sending module, the push request certification for obtaining the tenth acquisition module, which is sent to mobile terminal, to be enabled
Board.
16. device according to claim 15, which is characterized in that further include: third obtains module and the 4th and obtains module;
The third obtains module, for obtaining the application identities in the certification request;
Described 4th obtains module, obtains application message for obtaining the application identities that module is got according to the third;
Second generation module, is specifically used for: challenging value, the first acquisition mould generated according to first generation module
The token serial number and the described 4th that user information that block is got, first searching module are found obtain module and obtain
To application message requested at pushing certification.
17. device according to claim 15, which is characterized in that further include: the 5th obtain module, the second judgment module,
4th sending module and the 5th sending module;It further include the 6th sending module and the 6th receiving module;
Described 5th obtains module, for obtaining corresponding certificate server from cache server according to the token serial number
IP;
Second judgment module, the certificate server IP got for judging described device IP and the 5th acquisition module
It is whether identical;
4th sending module judges that described device IP and the described 5th obtains module and obtains for second judgment module
When the certificate server IP arrived is identical, pushing certification request is sent to mobile terminal token;
5th sending module judges that described device IP and the described 5th obtains module and obtains for second judgment module
When the certificate server IP arrived is not identical, pushing certification request is sent to the certification that the 5th acquisition module is got
The corresponding device of server ip;
6th receiving module, the pushing certification request sent for receiving another device;
6th sending module, when for receiving the pushing certification request of another device transmission when the 6th receiving module,
Pushing certification request is sent to mobile terminal token.
18. device according to claim 17, which is characterized in that further include: the 7th receiving module and the second preserving module;
7th receiving module, for receiving the token serial number of mobile terminal token transmission;
Second preserving module, for receiving the token serial number of mobile terminal token transmission when the 7th receiving module
When, itself IP is associated with preservation to cache server with token serial number foundation by described device.
19. device according to claim 17, which is characterized in that further include: the 7th obtain module, the 8th obtain module,
First contrast module and the first update module;
Described 7th obtains module, for according to the token serial number acquisition device IP;
It is described 8th obtain module, for according to the token serial number from cache server acquisition device IP;
First contrast module obtains what the acquisition module of device IP and the 8th that module obtains obtained for comparing the described 7th
Whether device IP is identical;
First update module, for when first contrast module compare it is described 7th obtain module obtain device IP with
When the device IP difference that the 8th acquisition module obtains, updates and establish associated device IP with the token serial number, terminate.
20. device according to claim 19, which is characterized in that the 7th sending module specifically includes: first obtains
Unit and the first transmission unit;
The first acquisition unit, for obtaining mobile terminal identification from cache server according to the token serial number;
First transmission unit, for the authentication notification data and the mobile terminal identification to be sent to iCloud, institute
It states iCloud and the authentication notification data is sent to by the corresponding shifting of the mobile terminal identification according to the mobile terminal identification
Dynamic terminal token.
21. device according to claim 20, which is characterized in that described device further include: third preserving module;
The third preserving module, for when the token serial number and mobile terminal identification for receiving the transmission of mobile terminal token
When, the token serial number is associated with preservation to cache server with mobile terminal identification foundation.
22. device according to claim 21, which is characterized in that further include: the 11st obtains module, the 12nd acquisition mould
Block, the second contrast module and the second update module
Described 11st obtains module, for working as the third preserving module for the token serial number and the mobile terminal mark
Know after establishing association preservation to cache server, mobile terminal identification is obtained according to the token serial number;
Described 12nd obtains module, for obtaining corresponding mobile terminal from cache server according to the token serial number
Mark;
Second contrast module obtains the movement that module and the 12nd acquisition module obtain for comparing the described 11st
Whether terminal iidentification is identical;
Second update module, for obtaining module and the described 12nd when second contrast module comparison the described 11st
When obtaining the mobile terminal identification difference that module obtains, updates and establish associated mobile terminal identification with the token serial number.
23. device described in 7 or 21 according to claim 1, which is characterized in that further include:
Module is established, for when receiving the token serial number of mobile terminal token transmission, described device and the movement to be eventually
End token establishes network data link.
24. device according to claim 23, which is characterized in that further include: the 13rd, which obtains module and the 4th, saves mould
Block;
Described 13rd obtains module, establishes after module establishes network data link for described, obtains the mobile terminal and enable
The corresponding network data link mark of board;
4th preserving module, for network data link mark to be associated with preservation extremely with token serial number foundation
The memory block of described device.
25. device according to claim 24, which is characterized in that further include: the 14th obtains module;
Described 14th obtains module, for obtaining corresponding net from the memory block of described device according to the token serial number
Network data link identity, and corresponding network data link is obtained according to network data link mark;
First sending module, is specifically used for: obtaining the network data link mark that module obtains according to the described 14th
Know and obtain corresponding network data link, the pushing certification is sent by the network data link and requests to mobile terminal to enable
Board.
26. device according to claim 15, which is characterized in that first preserving module is specifically used for: sending storage
The request of challenging value is to buffer service, and the buffer service is according to preset storage rule by the challenging value and the token sequence
Row number is stored into the list of cache server;
Described second obtains module, is specifically used for: send the request for obtaining challenging value to buffer service, the buffer service according to
Token serial number inquires the corresponding challenging value of the token serial number from the list of cache server, and returns to the certification
Server.
27. device according to claim 15, which is characterized in that further include: setup module;
The setup module, the effective time for being stored in the cache server for the challenging value to be arranged, when the challenge
Value is more than in the effective time of the cache server, and the cache server deletes the challenging value.
28. device according to claim 15, which is characterized in that further include: removing module;
The removing module, the response value generated for first judgment module judgement and answering in pushing certification response
It answers after whether value match, the challenging value corresponding with the token serial number saved in cache server is deleted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710304801.0A CN107222460B (en) | 2017-05-03 | 2017-05-03 | A kind of method and device that server data memory space is shared |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710304801.0A CN107222460B (en) | 2017-05-03 | 2017-05-03 | A kind of method and device that server data memory space is shared |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107222460A CN107222460A (en) | 2017-09-29 |
| CN107222460B true CN107222460B (en) | 2019-10-08 |
Family
ID=59943831
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710304801.0A Active CN107222460B (en) | 2017-05-03 | 2017-05-03 | A kind of method and device that server data memory space is shared |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107222460B (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108696509B (en) * | 2018-04-11 | 2020-09-11 | 海信集团有限公司 | Access processing method and device for terminal |
| CN110460567B (en) * | 2019-06-28 | 2020-11-06 | 华为技术有限公司 | Identity authentication method and device |
| CN110767291A (en) * | 2019-10-15 | 2020-02-07 | 武汉联影医疗科技有限公司 | Medical image processing method, apparatus and storage medium |
| CN110765168B (en) * | 2019-11-01 | 2022-11-11 | 福建顶点软件股份有限公司 | Data searching method and device based on user information |
| CN111447220B (en) * | 2020-03-26 | 2022-08-23 | 金蝶软件(中国)有限公司 | Authentication information management method, server of application system and computer storage medium |
| US11811776B2 (en) * | 2020-06-30 | 2023-11-07 | Western Digital Technologies, Inc. | Accessing shared pariiiions on a storage drive of a remote device |
| CN111522516B (en) * | 2020-07-06 | 2020-10-27 | 飞天诚信科技股份有限公司 | Processing method and system for cloud broadcast print data |
| CN114050901B (en) * | 2021-09-28 | 2023-10-27 | 新华三大数据技术有限公司 | Authentication method and device of terminal, electronic equipment and readable storage medium |
| CN115529314A (en) * | 2022-09-20 | 2022-12-27 | 北京恩吉鸿业能源科技有限责任公司 | Communication method based on Netty server cluster |
| CN116738508B (en) * | 2023-06-07 | 2024-02-09 | 杭州派迩信息技术有限公司 | Data storage method and system based on group collaboration |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1937498A (en) * | 2006-10-09 | 2007-03-28 | 网之易信息技术(北京)有限公司 | Dynamic cipher authentication method, system and device |
| CN101847296A (en) * | 2009-03-25 | 2010-09-29 | 索尼公司 | Integrated circuit, encrypt communication apparatus, system and method and information processing method |
| CN103346885A (en) * | 2013-06-26 | 2013-10-09 | 飞天诚信科技股份有限公司 | Method for activating token equipment |
| CN104639562A (en) * | 2015-02-27 | 2015-05-20 | 飞天诚信科技股份有限公司 | Work method of authentication pushing system and equipment |
| CN104660416A (en) * | 2015-02-13 | 2015-05-27 | 飞天诚信科技股份有限公司 | Work methods of voice certification system and equipment |
-
2017
- 2017-05-03 CN CN201710304801.0A patent/CN107222460B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1937498A (en) * | 2006-10-09 | 2007-03-28 | 网之易信息技术(北京)有限公司 | Dynamic cipher authentication method, system and device |
| CN101847296A (en) * | 2009-03-25 | 2010-09-29 | 索尼公司 | Integrated circuit, encrypt communication apparatus, system and method and information processing method |
| CN103346885A (en) * | 2013-06-26 | 2013-10-09 | 飞天诚信科技股份有限公司 | Method for activating token equipment |
| CN104660416A (en) * | 2015-02-13 | 2015-05-27 | 飞天诚信科技股份有限公司 | Work methods of voice certification system and equipment |
| CN104639562A (en) * | 2015-02-27 | 2015-05-20 | 飞天诚信科技股份有限公司 | Work method of authentication pushing system and equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107222460A (en) | 2017-09-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107222460B (en) | A kind of method and device that server data memory space is shared | |
| CN104639562B (en) | A kind of system of pushing certification and the method for work of equipment | |
| CN104539701B (en) | A kind of equipment of activation line mobile terminal token and the method for work of system | |
| CN105376216B (en) | A kind of remote access method, proxy server and client | |
| US10887103B2 (en) | Operating method for push authentication system and device | |
| CN104205891B (en) | Virtual SIM card cloud platform | |
| CN105577691B (en) | A kind of safety access method and server | |
| JP4770494B2 (en) | Cryptographic communication method and system | |
| CN109815656A (en) | Login authentication method, device, equipment and computer readable storage medium | |
| WO2018145605A1 (en) | Authentication method and server, and access control device | |
| US20120284506A1 (en) | Methods and apparatus for preventing crimeware attacks | |
| US11343243B2 (en) | Machine-to-machine streaming authentication of network elements | |
| KR20200107931A (en) | System and method for key generation and storage for multi-point authentication | |
| JP2018525947A (en) | Confirmation information update method and apparatus | |
| WO2007104243A1 (en) | The managing system of accounts security based on the instant message and its method | |
| WO2012151312A1 (en) | System and method for providing access credentials | |
| US9608971B2 (en) | Method and apparatus for using a bootstrapping protocol to secure communication between a terminal and cooperating servers | |
| RU2008144205A (en) | DEVICE AND METHOD FOR PROTECTED DATA TRANSFER | |
| DK2924944T3 (en) | Presence authentication | |
| CN107251528A (en) | It is used as the network identity of service | |
| CN108347428A (en) | Accreditation System, the method and apparatus of application program based on block chain | |
| CN108134787A (en) | A kind of identity identifying method and authentication device | |
| US20120102319A1 (en) | System and Method for Reliably Authenticating an Appliance | |
| WO2019170026A1 (en) | Wearable device-based identity authentication method and system | |
| CN106453321A (en) | Authentication server, system and method, and to-be-authenticated terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |