CN107508837A - A kind of cross-platform heterogeneous system login method based on intelligent code key certification - Google Patents
A kind of cross-platform heterogeneous system login method based on intelligent code key certification Download PDFInfo
- Publication number
- CN107508837A CN107508837A CN201710898258.1A CN201710898258A CN107508837A CN 107508837 A CN107508837 A CN 107508837A CN 201710898258 A CN201710898258 A CN 201710898258A CN 107508837 A CN107508837 A CN 107508837A
- Authority
- CN
- China
- Prior art keywords
- user
- platform
- operation system
- certification
- code key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 230000008569 process Effects 0.000 claims abstract description 16
- 230000010354 integration Effects 0.000 claims abstract description 6
- 230000007246 mechanism Effects 0.000 claims abstract description 4
- 235000014510 cooky Nutrition 0.000 claims description 7
- 238000013507 mapping Methods 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 6
- 238000004891 communication Methods 0.000 claims description 3
- 238000009434 installation Methods 0.000 claims description 2
- 238000012795 verification Methods 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 230000000712 assembly Effects 0.000 description 2
- 238000000429 assembly Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000007935 neutral effect Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 238000007596 consolidation process Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention provides a kind of cross-platform heterogeneous system login method based on intelligent code key certification, methods described is based on PKI theoretical systems, utilize intelligent code key, digital signature and digital Certificate Authentication Mechanism, unified certification service platform is provided for multiservice system user, pass through conformity of business operation system and content, unified certification and access control to user identity, realize the integration of the single-sign-on and information resources of each operation system.Enterprise staff is in the access process of application system, it is only necessary to remembers a password, it is possible to log in multiple heterogeneous systems;Unified subscriber identity information is provided, information sharing can also be carried out by not united even if each application system user (asu) identity information content and data format, realized and interconnected;After intelligent code key authenticated encryption, it is ensured that it is original text that user, which transmits data, is not maliciously tampered, and can confirm that the identity of user.
Description
Technical field
The present invention relates to technical field of system security, and in particular to a kind of based on the cross-platform different of intelligent code key certification
Construction system login method.
Background technology
Current information epoch people are for the authenticity of information, accuracy, promptness more and more higher, the side to obtaining information
Formula proposes higher requirement, and along with the development of computer information technology, people are able to more convenient acquisition information.
The mode that people generally obtain information is by computer system, and higher want thus is proposed to computer information system
Ask, not only authenticity, accuracy and promptness, the requirement more and more higher to security.
In enterprises, computer network and information technology are developed rapidly so that the degree of IT application in enterprises constantly carries
Height, in the Process of Information of enterprise, the increasing operation system such as OA, CRM, HCM, MES, ERP is arisen at the historic moment, and is carried
The managerial skills and operational efficiency of Gao Liao enterprises.At the same time, each application system has the authentication system of oneself, and system
Also height is different for level of security, and these system architectures are different, are broadly divided into Liang great camps:.NET platform and JAVA platforms.
If enterprise does not build application system security authentic authentication platform, can there are following numerous serious problems and security risk:
1. enterprise staff is in the access process of application system, it has to remember substantial amounts of account password, and password pole
Easily forget or reveal, loss is brought for enterprise.
2. the acquiring way of company information is on the increase, but is a lack of carrying out these information the platform of overview display.
3. each application system user (asu) identity information content and data format disunity, ununified user identity letter
Breath, can not carry out information sharing, can not realize interconnection and interflow.
4. secure data area lack integrality, it is impossible to it is real original text to ensure file, if be not intended to or maliciously
Distort, whether be consistent with initial data in content and length, lack the authenticity and non-repudiation of data source,
Sender can deny that he once sent out this part of file, it is impossible to confirm the source of file, strictly conveyer after file is sent out
I, is forged by others.
5. but as the Opening degree raising of closed system, increasing information security issue also emerge simultaneously
Come.
User of the enterprise staff as information system, it may be desirable to these information systems processing company affair is often logged in,
Thus the convenience to enterprise information system and security propose higher requirement.
The content of the invention
In order to solve the above technical problems, the present invention proposes a kind of cross-platform isomery based on intelligent code key certification
System login method.
The technical scheme is that:
A kind of cross-platform heterogeneous system login method based on intelligent code key certification, it is characterised in that methods described
Based on PKI (Public Key Infrastructure) theoretical system, demonstrate,proved using intelligent code key, digital signature and numeral
Book authentication mechanism, unified certification service platform is provided for the multiservice system user such as door, OA, by conformity of business operation system and interior
Hold, unified certification and access control to user identity, more safely realize the single-sign-on and information resources of each operation system
Integration.
The unified certification of the user identity ensures security using SSL encryption passage, and certificate server is responsible for SSL encryption
The foundation of passage.
1) for password authentication mode, certificate server is configured to unidirectional SSL encryption passage, and client does not need certificate;
2) for intelligent code key authentication mode, certificate server is configured to two-way SSL encryption passage, and client is necessary
User certificate is provided, and the verification to user certificate and user identity is completed by certificate server.
The work that receiving the operation system of unified certification needs to complete includes:
Installation operation system accesses preposition and configures certificate and private key, to establish between client and operation system
SSL encryption passage, and the user authentication information of the ciphering signature of receiving and processing platform offer;
Associated interface is provided and accesses checking interface, and is configured in platform;
The related information is that platform unifies account and operation system user profile (including the user name of operation system and close
Code) corresponding relation.
User is by certification, and during first time access service system, unified certification service platform is according to the configuration of operation system
Automatically generate the business association page, it is desirable to which user is associated:
1) user profile (including operation system username and password) of user's incoming traffic system;
2) related information is encrypted and signed (operation system certificate together with timestamp by the access control server of platform
Encryption, platform private key signature, timestamp are used to prevent Replay Attack);
3) related information of ciphering signature is by SSL encryption passage, be transferred to operation system access it is preposition, and by its progress
Operation system checking is given after decryption verification;
4) related information is verified, then user is unified account pass corresponding with the foundation of operation system user profile by platform
System, in case being used during normal access service system.
When user is accessed operation system, if user completes associating for unified account and operation system user profile,
Then in access service system after by unified certification service platform certification:
1) user of the platform in the operation system ID to be accessed and session (session) unifies account, inquires about user
Operation system related information;
2) corresponding information and timestamp are passed through into SSL encryption by access control server ciphering signature and via client
Passage, be transferred to operation system access it is preposition, and by its be decrypted checking after give operation system checking;
3) after operation system is verified, redirect automatically into operation system.
User can directly access each application system authorized after by unified certification service platform certification, realize not
Authentication with application system is shared, so as to reach the single-sign-on of multi-application system.
The single-sign-on process uses SAML (Security Assertion Markup Language, security assertions
Markup language) agreement ensures communication security between remote machine, implementation process is as follows:
1st step:User, which is normally accessed above resource url, does not have token;
2nd step:Filter (filter) checks whether user logs in, if do not logged in, is redirected to authentication center;
3rd step:Authentication center checks whether there is token, if not provided, returning to login interface;
If user has had token, new service token is produced, and service token is attached to behind url, then is held
The step of row the 6th;
4th step:User inputs username and password;
5th step:Authentication center's certification success, generation ticket are write in Cookie, and by ticket generations once
The service token that property uses is attached to behind url;
6th step:It is redirected to the resource of user's access;
7th step:Service token is got from url;
8th step:Application system is verified using service token and authentication center;
9th step:After verifying successfully, the user account that is returned;
10th step:Custom system creates user session, Successful login using this account.
The unified certification service platform stores the essential information and certificate information of user, and all application systems can
These information are made full use of, reduce the repetition typing of user profile.
User completes user's registration in unified certification service platform, obtains the unified account of oneself while associates corresponding industry
Business system account;
Keeper licenses to pipe in intelligent code key information, the function corresponding to unified certification service platform registered user
Reason person;
Unified certification services platform user establishes mapping relations, sso (single-sign-on) module management with application system user (asu)
User's mapping relations.
Registered user sends de-registration request and arrives certificate server again to application server by nullifying local session;
Certificate server receives de-registration request, nullifies session, and removes browser cookie, completes to nullify.
Beneficial effects of the present invention are:
The function and have the beneficial effect that the inventive method is realized:
Enterprise staff is in the access process of application system, it is only necessary to remembers a password, it is possible to log in multiple isomeries
System;
Unified subscriber identity information is provided, even if each application system user (asu) identity information content and data format are not united
Information sharing can also be carried out, realizes and interconnects;
After intelligent code key authenticated encryption, it is ensured that it is original text that user, which transmits data, is not usurped maliciously
Change, and can confirm that the identity of user.
Brief description of the drawings
Fig. 1 is in the cross-platform heterogeneous system graph of a relation of intelligent code key certification;
Fig. 2 is Union user management and operation system user's mapping graph;
Fig. 3 is login process flow chart;
Fig. 4 is log off procedure flow chart.
Description of reference numerals:1 in Fig. 3, access resource, 2, be redirected to authentication center, 3, return to login interface, 4 inputs
User name, password, 5, write COOKIE and generate service token and be attached on URL, 6, be re-introduced into the resource of access, 7, from URL
Middle acquisition service token, 8, go authentication center's certification using server token, 9, return to user profile, 10, into system.
Embodiment
With reference to Figure of description, more detailed elaboration is carried out to present disclosure:
Embodiment 1
As shown in figure 1, unified certification service platform of the methods described based on intelligent code key, is integrated into operation system
Target, based on intelligent code key certification and PKI technologies, by the unified certification to user identity and access control, more
The integration of the single-sign-on and information resources of each operation system is safely realized, particular content includes:
First, user management
Including subscriber information management, user's intelligent code key information, authorize application system etc..User in access platform and
During each application system, all using identical authority (i.e. comprising user certificate and its hardware protection password PIN), and numeral label are utilized
Name technology carries out authentication in platform, it was demonstrated that the authenticity of its identity;
1st, user's registration
1) user completes user's registration in platform, obtains the unified account of oneself while associates corresponding operation system account
Family;
2) keeper licenses to keeper in intelligent code key information corresponding to platform registered user, this function;
3) platform user establishes mapping relations, sso module management user's mapping relations with application system user (asu);
2nd, unified authorization
1) user of registration is grouped by keeper, and according to the corresponding operation system access rights of grouping and setting;
2) platform is that user uniformly issues digital certificate, as the authority of user's access platform and each application system, and it is right
The authority that user accesses application system is authorized;
3) intelligent key system is that platform user signs and issues digital certificate, and corresponding with the unified account of user;
2nd, unified certification
The present invention is based on PKI (Public Key Infrastructure) theoretical system, utilizes intelligent code key, number
Word is signed and digital Certificate Authentication Mechanism, and unified identity authentication and security service are provided for the multiservice system user such as door, OA
Comprehensive platform.This programme is the unified certification service platform solution based on intelligent code key certification, with resource consolidation
(operation system is integrated and content integration) is target, based on intelligent code key certification and PKI technologies, by user's body
The unified certification of part and access control, more safely realize the integration of the single-sign-on and information resources of each operation system.
Platform compatibility password authentication, intelligent code key authentication mode, and using SSL encryption passage, encrypted message key
The safe practices such as signature, access control policy ensure the security of authentication and operation system access process.
1st, intelligent code key certificate management
Authentication service, applying digital certificate are provided, signs and issues and manages.
2nd, authentication mode
User's unified certification process ensures security using SSL encryption passage.Certificate server is responsible for SSL encryption passage
Establish;
1) for password authentication mode, certificate server is configured to unidirectional SSL encryption passage, and client does not need certificate;
2) for intelligent code key authentication mode, certificate server is configured to two-way SSL encryption passage, and client is necessary
User certificate is provided, and the verification to user certificate and user identity is completed by certificate server.
3rd, intelligent code key service is shared
1) HTTPS agreements, certificate server and platform application service are used between client browser and certificate server
Http protocol is used between device;
2) platform provides independent intelligent code key service, is individually called for application system.
3rd, application system management
1st, the registration of operation system
Operation system is registered, empowerment management.
2nd, the configuration of operation system
As shown in Fig. 2 following work must be completed by receiving the operation system of unified certification:
1) operation system is installed to access preposition and configure certificate and private key, to establish between client and operation system
SSL encryption passage, and the user authentication information of the ciphering signature of receiving and processing platform offer;
2) associated interface is provided and accesses checking interface, and is configured in platform.Related information is mainly that platform is unified
Account and the corresponding relation of operation system user profile (username and password that operation system may be included).
3rd, user associates to operation system
After user is by platform authentication, during first time access service system, platform is given birth to automatically according to the configuration of operation system
Into the business association page, it is desirable to which user is associated:
1) user profile (operation system username and password may be included) of user's incoming traffic system.
2) related information is encrypted and signed (operation system certificate together with timestamp by the access control server of platform
Encryption, platform private key signature, timestamp are used to prevent Replay Attack);
3) related information of ciphering signature is by SSL encryption passage, be transferred to operation system access it is preposition, and by its progress
Operation system checking is given after decryption verification;
4) related information is verified, then user is unified account pass corresponding with the foundation of operation system user profile by platform
System, in case being used during normal access service system.
4th, access of the user to operation system
If user, which completes platform, unifies associating for account and operation system user profile, after by platform authentication
During access service system:
1) user of the platform in the operation system ID to be accessed and session (session) unifies account, inquires about user
Operation system related information.
2) corresponding information and timestamp are passed through into SSL encryption by access control server ciphering signature and via client
Passage, be transferred to operation system access it is preposition, and by its be decrypted checking after give operation system checking.
3) after operation system is verified, redirect automatically into operation system.
In access service system, the equal binding time stamp of transmission, encrypted message key signature and the SSL encryption of relevant information
Passage technology, after the completion of automated validation, operation system can set whether continue to walk SSL encryption passage as needed.Both ensured
The confidentiality and authenticity of information transmission, effectively prevent Replay Attack, have taken into account operation system again during single-sign-on
The safety and efficiency of access.
4th, single-sign-on
User can directly access each application system authorized, realize different application systems after by platform authentication
Authentication is shared, so as to reach the single-sign-on of multi-application system.
1st, login process
Single-sign-on uses SAML (Security Assertion Markup Language, security assertion markup language)
Agreement ensures the communication security between remote machine, as shown in figure 3, once the implementation process of complete single-sign-on is as follows:
1st step:User normally accesses resource, does not have token above url;
2nd step:Filter (filter) checks whether user logs in, if do not logged in, is redirected to authentication center;
3rd step:Authentication center checks whether there is token, if not provided, returning to login interface;
4th step:User inputs username and password;
5th step:Authentication center's certification success, generation ticket are write in Cookie, and by ticket generations once
The service token that property uses is attached to behind url;
6th step:It is redirected to the resource of user's access;
7th step:Service token is got from url;
8th step:Application system is verified using service token and authentication center;
9th step:After verifying successfully, the user account that is returned;
10th step:Custom system creates user session, Successful login using this account.
User again single-sign-on when, 1,2, two step is first carried out, can find that user has deposited when to 3 step
There is token, new service token can be produced, and service token is attached to behind url, then perform 6,7,8,9,10.
2nd, log off procedure, as shown in Figure 4:
1st step:Click on and nullify;
2nd step:Local session is nullified, and sends de-registration request and arrives certificate server again to application server;
3rd step:Certificate server receives de-registration request, nullifies session, and remove browser cookie;
4th step:Return to the page specified
5th, data sharing
Authentication platform stores the essential information and certificate information of user, and all application systems can make full use of these
Information, reduce the repetition typing of user profile.
Embodiment 2
Methods described is by any of following two verification modes, to call unified certification service platform (CACS) portion
The service for checking credentials of administration, safety certification is realized, and the service platform of operation system can be jumped directly to:
First, the first verification mode (POST)
1st, NET platforms are implemented
1) need to add Process intelligent code keys SysInfoPage.aspx texts in the solution of operation system
Part and corresponding Process intelligent code keys SysInfoPage.aspx.cs files.In function, addition can be recognized
After legal login, your application system needs the processing done, and jumps to main interface.
2) web.config use-case selected parts are referred to:
2nd, JAVA platforms are implemented
1) the Process intelligent code key SysInfoPage.jsp pages are added in operation system, and in LIB files
The following several JAR bags of folder addition are quoted:
axis.jar;
axis-ant.jar;
dom4j-1.6.1.jar;
jaxen-1.1-beta-6.jar;
jaxrpc.jar;
wsdl4j-1.5.1.jar;
2) you is write in method after this authentication and logins successfully the processing that rear system is done, and jump to main interface
2nd, second of verification mode (GET)
This verification mode is cross-platform solution, it is necessary to which operation system provides login interface, interface format citing
For:http://localhost:/WebSite/login.aspxUsercode=zhangsan&password=123456
Embodiment 3
Unified certification service platform disposes explanation:
1st, the .CS files of unified certification service platform CACS files and the inside are put into App_Code files;
2nd, CACS site files are folded up under WEBPAGE/EXTERNAL files;
3rd, Web.Config files are changed
1) exist<system.web>Under configuration section<Compilation debug=" true ">Added under configuration section<add
DirectoryName=" CACS "/>
2) exist<system.web>Under configuration section<assemblies>Two rows are added under configuration section:
<Add assembly=" System.Web.Extensions, Version=3.5.0.0, Culture=
Neutral, PublicKeyToken=31BF3856AD364E35 "/>
<Add assembly=" System.Web.Extensions.Design, Version=3.5.0.0, Culture
=neutral, PublicKeyToken=31BF3856AD364E35 "/></assemblies>
4th, isneedCA (bool) field is increased in user's table
User opens login interface, entry address http using browser:// [IP address]/WebPage/
External/CACS/Login.aspx
User name password login is inputted, after logining successfully, system can open CACS main interfaces.
The preferred implementation method of the present invention is the foregoing is only, but is not limited to this, it will be understood by those skilled in the art that this
Invention implementation method can have various change.Within the spirit and principles of the invention, any modification for being made, equally replace
Change, improve, should be included in the scope of the protection.
Claims (10)
- A kind of 1. cross-platform heterogeneous system login method based on intelligent code key certification, it is characterised in that methods described base In PKI theoretical systems, using intelligent code key, digital signature and digital Certificate Authentication Mechanism, carried for multiservice system user For unified certification service platform, by conformity of business operation system and content, unified certification and access control to user identity, realize The integration of the single-sign-on and information resources of each operation system.
- 2. a kind of cross-platform heterogeneous system login method based on intelligent code key certification according to claim 1, its It is characterised by, the unified certification of the user identity uses SSL encryption passage, and certificate server is responsible for building for SSL encryption passage It is vertical.
- 3. a kind of cross-platform heterogeneous system login method based on intelligent code key certification according to claim 2, its It is characterised by, the work that receiving the operation system of unified certification needs to complete includes:Installation operation system accesses preposition and configures certificate and private key, and the SSL to establish between client and operation system adds Close passage, and the user authentication information of the ciphering signature of receiving and processing platform offer;Associated interface is provided and accesses checking interface, and is configured in platform;The related information is the corresponding relation that platform unifies account and operation system user profile.
- 4. a kind of cross-platform heterogeneous system login method based on intelligent code key certification according to claim 3, its It is characterised by, user is by certification, and during first time access service system, unified certification service platform is according to the configuration of operation system Automatically generate the business association page, it is desirable to which user is associated:1) user profile of user's incoming traffic system;2) related information is encrypted and signed by the access control server of platform together with timestamp;3) related information of ciphering signature is by SSL encryption passage, is transferred to operation system and accesses preposition, and is decrypted by it Operation system checking is given after checking;4) related information is verified, then user is unified account by platform and operation system user profile establishes corresponding relation, with Used during standby normal access service system.
- 5. a kind of cross-platform heterogeneous system login method based on intelligent code key certification according to claim 4, its It is characterised by, when user is accessed operation system, if user completes associating for unified account and operation system user profile, Then in access service system after by unified certification service platform certification:1) user of the platform in the operation system ID and session to be accessed unifies account, inquires about the operation system of user Related information;2) by corresponding information and timestamp by access control server ciphering signature and via client, by SSL encryption passage, It is preposition to be transferred to operation system access, and is decrypted by it after checking and gives operation system checking;3) after operation system is verified, redirect automatically into operation system.
- 6. a kind of cross-platform heterogeneous system login method based on intelligent code key certification according to claim 5, its It is characterised by, user can directly access each application system authorized after by unified certification service platform certification, realize not Authentication with application system is shared, so as to reach the single-sign-on of multi-application system.
- 7. a kind of cross-platform heterogeneous system login method based on intelligent code key certification according to claim 6, its It is characterised by, the single-sign-on process is as follows using the communication security between SAML agreements guarantee remote machine, implementation process:1st step:User, which is normally accessed above resource url, does not have token;2nd step:Filter checks whether user logs in, if do not logged in, is redirected to authentication center;3rd step:Authentication center checks whether there is token, if not provided, returning to login interface;If user has had token, new service token is produced, and service token is attached to behind url, then performs the 6th Step;4th step:User inputs username and password;5th step:Authentication center's certification success, generation ticket are write in Cookie, and are disposably made by ticket generations Service token is attached to behind url;6th step:It is redirected to the resource of user's access;7th step:Service token is got from url;8th step:Application system is verified using service token and authentication center;9th step:After verifying successfully, the user account that is returned;10th step:Custom system creates user session, Successful login using this account.
- 8. a kind of cross-platform heterogeneous system login method based on intelligent code key certification according to claim 7, its It is characterised by, the unified certification service platform stores the essential information and certificate information of user.
- 9. a kind of cross-platform heterogeneous system login method based on intelligent code key certification according to claim 8, its It is characterised by, user completes user's registration in unified certification service platform, and unified account while the association for obtaining oneself are corresponding Operation system account;Keeper is in intelligent code key information corresponding to unified certification service platform registered user;Unified certification services platform user establishes mapping relations with application system user (asu).
- 10. a kind of cross-platform heterogeneous system login method based on intelligent code key certification according to claim 9, its It is characterised by, registered user sends de-registration request and arrive authentication service again to application server by nullifying local session Device;Certificate server receives de-registration request, nullifies session, and removes browser cookie, completes to nullify.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710898258.1A CN107508837A (en) | 2017-09-28 | 2017-09-28 | A kind of cross-platform heterogeneous system login method based on intelligent code key certification |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710898258.1A CN107508837A (en) | 2017-09-28 | 2017-09-28 | A kind of cross-platform heterogeneous system login method based on intelligent code key certification |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107508837A true CN107508837A (en) | 2017-12-22 |
Family
ID=60699104
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710898258.1A Pending CN107508837A (en) | 2017-09-28 | 2017-09-28 | A kind of cross-platform heterogeneous system login method based on intelligent code key certification |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107508837A (en) |
Cited By (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108322468A (en) * | 2018-02-02 | 2018-07-24 | 广州南洋理工职业学院 | Identity authorization system |
CN108449361A (en) * | 2018-04-25 | 2018-08-24 | 苏州云坤信息科技有限公司 | It is a kind of that login identity identifying method is exempted from based on application gateway |
CN109831408A (en) * | 2018-12-13 | 2019-05-31 | 平安万家医疗投资管理有限责任公司 | Single-sign-on subsystem publishes method and system |
CN110334489A (en) * | 2019-07-12 | 2019-10-15 | 广州大白互联网科技有限公司 | A kind of unified single sign-on system and method |
CN110706143A (en) * | 2019-09-26 | 2020-01-17 | 中电万维信息技术有限责任公司 | Identity authentication method and device based on government affair service |
CN110830493A (en) * | 2019-11-14 | 2020-02-21 | 北京京航计算通讯研究所 | Single sign-on implementation method based on intelligent enterprise portal |
CN111107063A (en) * | 2019-12-04 | 2020-05-05 | 海南新软软件有限公司 | Login method and device |
CN111107055A (en) * | 2019-11-22 | 2020-05-05 | 航天信息股份有限公司 | Method and system for realizing user authentication login of CA unified authentication platform |
CN111444499A (en) * | 2020-03-31 | 2020-07-24 | 中国人民解放军海军潜艇学院 | User identity authentication method and system |
CN111797378A (en) * | 2020-07-06 | 2020-10-20 | 遵义科晟云达科技有限公司 | Multiple identity management authentication platform of people's society information |
CN111881443A (en) * | 2020-06-16 | 2020-11-03 | 苏州浪潮智能科技有限公司 | Multi-user authentication method and system based on AI training management platform |
CN112800411A (en) * | 2021-02-19 | 2021-05-14 | 浪潮云信息技术股份公司 | Multi-protocol and multi-mode supporting safe and reliable identity authentication method and device |
CN112818333A (en) * | 2021-01-30 | 2021-05-18 | 郑州信大捷安信息技术股份有限公司 | Switching login authentication and communication method and system for intelligent password key |
CN113037686A (en) * | 2019-12-24 | 2021-06-25 | 中国电信股份有限公司 | Multi-database secure communication method and system, computer readable storage medium |
CN114338224A (en) * | 2022-01-17 | 2022-04-12 | 广东好太太智能家居有限公司 | Intelligent hardware cross-platform control method and system |
CN115001777A (en) * | 2022-05-25 | 2022-09-02 | 公安部户政管理研究中心 | Cross-service portal system management method |
CN115118454A (en) * | 2022-05-25 | 2022-09-27 | 四川中电启明星信息技术有限公司 | Cascade authentication system and method based on mobile application |
CN115225323A (en) * | 2022-06-15 | 2022-10-21 | 福建海峡基石科技集团有限公司 | Public certificate-based password-free authentication method |
CN116233122A (en) * | 2023-05-06 | 2023-06-06 | 上海观安信息技术股份有限公司 | Heterogeneous server login method, device, equipment and medium |
CN117040927A (en) * | 2023-10-08 | 2023-11-10 | 深圳奥联信息安全技术有限公司 | Password service monitoring system and method |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101771722A (en) * | 2009-12-25 | 2010-07-07 | 中兴通讯股份有限公司 | System and method for WAPI terminal to access Web application site |
CN102655494A (en) * | 2011-03-01 | 2012-09-05 | 广州从兴电子开发有限公司 | SAML (Security Assertion Markup Language)-based authentication platform designed in single log-in mode |
US8745718B1 (en) * | 2012-08-20 | 2014-06-03 | Jericho Systems Corporation | Delivery of authentication information to a RESTful service using token validation scheme |
-
2017
- 2017-09-28 CN CN201710898258.1A patent/CN107508837A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101771722A (en) * | 2009-12-25 | 2010-07-07 | 中兴通讯股份有限公司 | System and method for WAPI terminal to access Web application site |
CN102655494A (en) * | 2011-03-01 | 2012-09-05 | 广州从兴电子开发有限公司 | SAML (Security Assertion Markup Language)-based authentication platform designed in single log-in mode |
US8745718B1 (en) * | 2012-08-20 | 2014-06-03 | Jericho Systems Corporation | Delivery of authentication information to a RESTful service using token validation scheme |
Non-Patent Citations (2)
Title |
---|
刘秉凯: "基于PKI的统一身份认证服务系统的设计与实现", 《中国优秀硕士学位论文全文数据库(电子期刊)信息科技辑》 * |
杜乐: "重庆市地勘系统数据安全研究", 《中国优秀硕士学位论文全文数据库(电子期刊)信息科技辑》 * |
Cited By (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108322468A (en) * | 2018-02-02 | 2018-07-24 | 广州南洋理工职业学院 | Identity authorization system |
CN108449361A (en) * | 2018-04-25 | 2018-08-24 | 苏州云坤信息科技有限公司 | It is a kind of that login identity identifying method is exempted from based on application gateway |
CN109831408A (en) * | 2018-12-13 | 2019-05-31 | 平安万家医疗投资管理有限责任公司 | Single-sign-on subsystem publishes method and system |
CN110334489A (en) * | 2019-07-12 | 2019-10-15 | 广州大白互联网科技有限公司 | A kind of unified single sign-on system and method |
CN110706143A (en) * | 2019-09-26 | 2020-01-17 | 中电万维信息技术有限责任公司 | Identity authentication method and device based on government affair service |
CN110830493A (en) * | 2019-11-14 | 2020-02-21 | 北京京航计算通讯研究所 | Single sign-on implementation method based on intelligent enterprise portal |
CN110830493B (en) * | 2019-11-14 | 2022-02-25 | 北京京航计算通讯研究所 | Single sign-on implementation method based on intelligent enterprise portal |
CN111107055A (en) * | 2019-11-22 | 2020-05-05 | 航天信息股份有限公司 | Method and system for realizing user authentication login of CA unified authentication platform |
CN111107055B (en) * | 2019-11-22 | 2023-01-10 | 航天信息股份有限公司 | Method and system for realizing user authentication login of CA unified authentication platform |
CN111107063A (en) * | 2019-12-04 | 2020-05-05 | 海南新软软件有限公司 | Login method and device |
CN111107063B (en) * | 2019-12-04 | 2022-04-22 | 海南新软软件有限公司 | Login method and device |
CN113037686A (en) * | 2019-12-24 | 2021-06-25 | 中国电信股份有限公司 | Multi-database secure communication method and system, computer readable storage medium |
CN113037686B (en) * | 2019-12-24 | 2022-11-29 | 中国电信股份有限公司 | Multi-database secure communication method and system, computer readable storage medium |
CN111444499A (en) * | 2020-03-31 | 2020-07-24 | 中国人民解放军海军潜艇学院 | User identity authentication method and system |
CN111444499B (en) * | 2020-03-31 | 2022-12-06 | 中国人民解放军海军潜艇学院 | User identity authentication method and system |
CN111881443A (en) * | 2020-06-16 | 2020-11-03 | 苏州浪潮智能科技有限公司 | Multi-user authentication method and system based on AI training management platform |
CN111797378A (en) * | 2020-07-06 | 2020-10-20 | 遵义科晟云达科技有限公司 | Multiple identity management authentication platform of people's society information |
CN112818333B (en) * | 2021-01-30 | 2022-04-05 | 郑州信大捷安信息技术股份有限公司 | Switching login authentication and communication method and system for intelligent password key |
CN112818333A (en) * | 2021-01-30 | 2021-05-18 | 郑州信大捷安信息技术股份有限公司 | Switching login authentication and communication method and system for intelligent password key |
CN112800411A (en) * | 2021-02-19 | 2021-05-14 | 浪潮云信息技术股份公司 | Multi-protocol and multi-mode supporting safe and reliable identity authentication method and device |
CN114338224A (en) * | 2022-01-17 | 2022-04-12 | 广东好太太智能家居有限公司 | Intelligent hardware cross-platform control method and system |
CN114338224B (en) * | 2022-01-17 | 2024-04-12 | 广东好太太智能家居有限公司 | Cross-platform control method and system for intelligent hardware |
CN115001777A (en) * | 2022-05-25 | 2022-09-02 | 公安部户政管理研究中心 | Cross-service portal system management method |
CN115118454A (en) * | 2022-05-25 | 2022-09-27 | 四川中电启明星信息技术有限公司 | Cascade authentication system and method based on mobile application |
CN115118454B (en) * | 2022-05-25 | 2023-06-30 | 四川中电启明星信息技术有限公司 | Cascade authentication system and authentication method based on mobile application |
CN115225323A (en) * | 2022-06-15 | 2022-10-21 | 福建海峡基石科技集团有限公司 | Public certificate-based password-free authentication method |
CN116233122B (en) * | 2023-05-06 | 2023-07-04 | 上海观安信息技术股份有限公司 | Heterogeneous server login method, device, equipment and medium |
CN116233122A (en) * | 2023-05-06 | 2023-06-06 | 上海观安信息技术股份有限公司 | Heterogeneous server login method, device, equipment and medium |
CN117040927A (en) * | 2023-10-08 | 2023-11-10 | 深圳奥联信息安全技术有限公司 | Password service monitoring system and method |
CN117040927B (en) * | 2023-10-08 | 2024-02-06 | 深圳奥联信息安全技术有限公司 | Password service monitoring system and method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107508837A (en) | A kind of cross-platform heterogeneous system login method based on intelligent code key certification | |
CN102333075B (en) | VPN network client for mobile device having fast reconnect | |
CN102316093B (en) | Dual-Mode Multi-Service VPN Network Client for Mobile Device | |
CN102333110B (en) | VPN network client for mobile device having fast reconnect | |
CN102316092B (en) | VPN network client for mobile device having fast reconnect | |
US8751794B2 (en) | System and method for secure nework login | |
US9300653B1 (en) | Delivery of authentication information to a RESTful service using token validation scheme | |
CN102316153B (en) | VPN network client for mobile device having dynamically constructed display for native access to web mail | |
CN107294916B (en) | Single-point logging method, single-sign-on terminal and single-node login system | |
CN101902327B (en) | Method and device for realizing single-point log-in and system thereof | |
CN106063308B (en) | Device, identity and event management system based on user identifier | |
CN105556894A (en) | Network connection automation | |
CN107733861A (en) | It is a kind of based on enterprise-level intranet and extranet environment without password login implementation method | |
CN104378210A (en) | Cross-trust-domain identity authentication method | |
CN102638454A (en) | Plug-in type SSO (single signon) integration method oriented to HTTP (hypertext transfer protocol) identity authentication protocol | |
CN103152179A (en) | Uniform identity authentication method suitable for multiple application systems | |
Berbecaru et al. | Providing login and Wi-Fi access services with the eIDAS network: A practical approach | |
CN102893575B (en) | By means of the disposal password of IPSEC and IKE the 1st edition certification | |
CN102655494A (en) | SAML (Security Assertion Markup Language)-based authentication platform designed in single log-in mode | |
US10601809B2 (en) | System and method for providing a certificate by way of a browser extension | |
CN109040069A (en) | A kind of dissemination method, delivery system and the access method of cloud application program | |
CN103023856A (en) | Single sign-on method, single sign-on system, information processing method and information processing system | |
CN109587100A (en) | A kind of cloud computing platform user authentication process method and system | |
CN102420808B (en) | Method for realizing single signon on telecom on-line business hall | |
CN103716280A (en) | Data transmission method, server and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171222 |