CN107733861A - It is a kind of based on enterprise-level intranet and extranet environment without password login implementation method - Google Patents

It is a kind of based on enterprise-level intranet and extranet environment without password login implementation method Download PDF

Info

Publication number
CN107733861A
CN107733861A CN201710790919.9A CN201710790919A CN107733861A CN 107733861 A CN107733861 A CN 107733861A CN 201710790919 A CN201710790919 A CN 201710790919A CN 107733861 A CN107733861 A CN 107733861A
Authority
CN
China
Prior art keywords
intranet
quick response
response code
information
enterprise
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710790919.9A
Other languages
Chinese (zh)
Inventor
杨德胜
彭永勇
张晓韬
张捷
郭晶
曾强
何林
王先兵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SICHUAN ZHONGDIAN VENUS INFORMATION TECHNOLOGY Co Ltd
Original Assignee
SICHUAN ZHONGDIAN VENUS INFORMATION TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SICHUAN ZHONGDIAN VENUS INFORMATION TECHNOLOGY Co Ltd filed Critical SICHUAN ZHONGDIAN VENUS INFORMATION TECHNOLOGY Co Ltd
Priority to CN201710790919.9A priority Critical patent/CN107733861A/en
Publication of CN107733861A publication Critical patent/CN107733861A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • H04L69/162Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms

Abstract

The invention discloses, without password login implementation method, specifically include following steps based on enterprise-level intranet and extranet environment:Step S100, using any communication electronic equipment with barcode scanning function, dimension code is scanned by APP;Step S200, log in Quick Response Code and obtain the information in Quick Response Code, sent by encription algorithms approved by the State Password Administration Committee Office algorithm SM4 data encryption modes to the mobile interaction platform of enterprise;The Quick Response Code scanned in step S300, judgment step S100 is the Intranet authentication service or outer net authentication service directly linked, then carries out routing policy matching, step S310, if Quick Response Code is outer net authentication service, request outer net authority platform is authenticated;If Quick Response Code is Intranet authentication service, intranet data storehouse is accessed by way of isolating device SQL is penetrated;Complete authentication service;The present invention using Quick Response Code identification login avoids traditional forms of enterprises Intranet and logged in be authenticated by inputting account number cipher, improves security, while is avoided by asking to intercept, and the non-technical means leakage such as seizes on both sides by the arms.

Description

It is a kind of based on enterprise-level intranet and extranet environment without password login implementation method
Technical field
The present invention relates to the convenient login method field of LAN subscriber, more particularly to enterprise-level Intranet or local area network applications Without close login method field, specifically, be it is a kind of based on enterprise-level intranet and extranet environment without password login implementation method.
Background technology
With national information construction and the development of internet, the information-based systems construction of Chinese large enterprise also begin to Use for reference useful experience in internet.Most of website requires that user logs in reading, and for a user, each website will be remembered A firmly account number cipher, it is very troublesome;Although 4A the or IAM systems in enterprise are as domestic enterprise's unified certification synthesis Solution, solve the problems, such as the more accounts of corporate intranet multisystem, realized unified identity authentication mandate, but need User is wanted to carry out login authentication using account number cipher, the process that certification logs in is again without simplification.Therefore, fundamentally to solve The realistic problem such as user cipher memory problems and password weak passwurd, the present invention fundamentally kill password, allow conventional cipher to log in As alternative rather than main select scheme.
Traditional website is generally all that the username and password that website is provided into field by way of registration is stored in net In site server data, every time by inputting correct username and password, comparing is carried out by Website server, to sentence Whether do not have permission into website.Today's society, each large enterprises are automatic for the Effec-tive Function of guarantee company's system and office Change, generally can all build the enterprise-level database application system run in LAN, be so on the one hand advantageous to enterprise's office Automate, be intelligent and efficient;It the circulation of company information is in comparatively safe state all the time simultaneously, avoid bright Code information, which is held as a hostage or intercepted, applies mechanically.
Existing enterprise application system still also realizes that user right identifies by the way of user and password combine, and makees For the certification necessary condition of login, but it is most obvious in this way the drawbacks of with regard to the unique certification entrance of system, visited on peak When asking the period, very huge visit capacity is had, flow pressure is huge, and system card easily occurs in traditional password input mode It is stagnant, influence the system login time.On the other hand, because password and user name must be very easy to pass through skill by being manually entered Art means and non-technical means are illegally obtained and usurped, such as are intercepted, and the leak case such as seize on both sides by the arms;Meanwhile for user name With the security of password, present major application system generally can all provide field length and type, and this is also to people memory side Face proposes high request.
Current common technology has following several:
1) OpenID is the one kind proposed earliest without password login.Its imagination is such:Each net on internet Location (URL), a unique webpage is all pointed to, this explanation network address has uniqueness.Therefore, use can be identified with network address Family.So using OpenID website, do not require that user inputs " user name ", and require user and input one and represent its identity Network address.Then, solved to the network address, if be confirmed, allow for user to log in, " stepped on so as to realize without password Record ".OpenID has the shortcomings that two very big:First, needing server end to support, second, representing identity using network address, run counter to straight Feel, domestic consumer's indigestion.Therefore, can not be promoted all the time.
2) third party's account.Advantage of this is that relatively intuitively, user is acceptant;Shortcoming is the business of itself, from This will more or less rely on third party website.For example many websites are logged in using WeChat accounts now, once there is event in wechat Barrier, these websites can all be affected.
3) Email disposable logging-ins.When user logs in, an Email address input box is only shown.User inputs After Email addresses, website just sends an envelope mail to the address, and the inside contains one and logs in link.User clicks on this Link, turn out he/her be strictly this mailbox owner, identity is effective, so as to realize log in.Link is logged at one section It is interior effective, but by cookie user can be allowed to be in logging status for a long time.If cookie fail, again to Subscriber mailbox sends another and logs in link.Due to whole verification process, all completed by Email, thoroughly realized " Without password login ", and operating process is natural, should be readily appreciated that.Importantly, it uses existing Email agreements, it is not required to Want server end to dispose new code, there is best compatibility.Major defect is that it needs user additionally to check a postal Case, it is somewhat cumbersome;It, which is also not suitable for that user, can not open Email occasion, such as in friend's internet connection at home.Therefore, make With its website, it is necessary to dispose standby login mode.
The content of the invention
It is an object of the invention to provide it is a kind of based on enterprise-level intranet and extranet environment without password login implementation method, be used for Solve existing to log in that existing account number cipher memory is cumbersome, login process needs hand by the way of username and password combination Dynamic to input and be easily intercepted or seize on both sides by the arms, security leaves a question open, meanwhile, the problem of being unfavorable for promoting and access.
The purview certification of the invention that conducted interviews by the way of two-dimensional code scanning, it is without being keyed in by any identity information Can secure log conducted interviews to corporate intranet, and SQL is carried out by isolating device and penetrates access registrar, and information encryption and Channel encryption is set, and has been taken into account convenient and swift in the access safety and login process of information.
In order to solve the above-mentioned technical problem, expected technique effect is reached, the present invention is achieved through the following technical solutions:
First, to the present invention use solution method explanation before, to the present invention relates to noun or concept do Description below:
Without close login:Refer to be different from traditional login mode without close login, realized based on specific application scenarios A kind of a kind of login mode that account number cipher need not be used to complete login authentication, certain is not referred specifically to and logs in realization.
Quick Response Code:Quick Response Code is also known as QR Code, QR full name Quick Response, is a mobile device in recent years A kind of upper super popular coded system, it can deposit more information than traditional Bar Code bar codes, can also represent more Data type:Such as:Character, numeral, Japanese, Chinese etc..
SSO:Single Sign-on single sign-ons.
SSL:(Secure Sockets Layer SSLs) agreement, and its successor TLS (Transport Layer Security Transport Layer Securities) agreement is a kind of security protocol that safety and data integrity are provided for network service. Network connection is encrypted in transport layer by TLS and SSL, for Logistics networks data transmission security, using data encryption technology, Ensure that data will not be intercepted and eavesdrop in network transmission process.Ssl protocol turns into globalization standard, all main clear Look at device and WEB server program all supports ssl protocol, ssl protocol can be activated by installing SSL certificate.
SSL certificate is exactly the server digital certificate in accordance with ssl protocol, by certification authority (the CA machines of trust Structure), issue after authentication server identity, deployment on the server, has website authentication and encrypted transmission dual-use function.
SM4 is a packet symmetric key algorithm, and plaintext, key, ciphertext are all 16 bytes, encryption and decryption keys phase Together.Encryption and decryption are realized by the nonlinear iteration round function of 32 circulations.Including nonlinear transformation S boxes, and The linear transformation being made up of displacement XOR.
It is a kind of based on enterprise-level intranet and extranet environment without password login implementation method, be to utilize that there is scanning Quick Response Code function Mobile electronic device by way of scanning Quick Response Code, to obtain the data message for specifying corporate intranet, including as movement The communication mobile electronic device with barcode scanning function that user accesses is easy at end, and the letter of radio communication is carried out with the electronic equipment Cease outer net and information Intranet:
Described information outer net includes including the secure interactive platform to communicate by https modes, Yi Jiyu with electronic equipment Secure interactive platform carries out the outer net identity authority authentication module of data exchange;And
Described information Intranet includes the database of storage user profile, carries out data exchange with database and recognizes for Intranet Demonstrate,prove the Intranet authentication rights service module of service;
Specifically include following steps:
Step S100, using any communication mobile electronic device with barcode scanning function, by being arranged on the electronics The 2 D code information on mobile APP scanning corporate intranet servers in equipment;
Quick Response Code in step S200, login step S100 simultaneously obtains the information in Quick Response Code, meanwhile, the electronic equipment The user profile being infused in the APP and electronic device information are sent by encription algorithms approved by the State Password Administration Committee Office algorithm SM4 data encryption modes To the mobile interaction platform of enterprise;
Step S300, the Quick Response Code personal information that the mobile interaction platform is submitted according to user terminal requests, enters first Row user profile and ownership judge that the Quick Response Code scanned in obtaining step S100 is the Intranet authentication service or outer net directly linked Authentication service, then carries out routing policy matching, and the routing policy matching is total to by Intranet authentication service and outer net authentication service With composition;
Step S310, if the Quick Response Code scanned in step S300 is the outer net authentication service of link, user's barcode scanning logs in After request is submitted, it is authenticated according to the routing policy request outer net authority platform described in step S300;
Step S320, if the Quick Response Code scanned in step S300 is the Intranet authentication service of link, user's barcode scanning logs in After request is submitted, fitted through by the routing policy described in step S300 in the way of isolating device SQL is penetrated and access Intranet Database;
Step S330, Intranet authentication service complete certification clothes by parsing the intranet data storehouse described in read step S320 Business;
Step S400, the Successful login Intranet if any one group of certification success in step S310 or step S320-S330, if Authentification failure then prompts error message, login failure by the APP described in step S100.
Preferably, the step S100 also includes APP user's registrations binding step, specifically includes:
The APP logged in enterprise's barcode scanning is downloaded and installed to step S110, electronic equipment;
Step S120, for opening APP, select to be used for identity by APP scanning Intranet registration services in a manner of selecting one The Quick Response Code of binding completes registration, or directly carries out user profile registration binding by the Intranet registration service page;
Step S130, during information is submitted, described information Intranet sends word checking information to electronic equipment and noted Volume checking;
Step S140, user are given birth to by the word checking information obtained in input step S130 by checking and in APP There is the user profile stored in information intranet data storehouse into binding.
Preferably, the electronic equipment includes mobile phone.
Preferably, outer net authentication service described in the step S310 is specially:
Step S311, the Quick Response Code of electronic equipment scanning link outer net authentication service, and believed user by https modes Breath is sent to secure interactive platform, the information process request scanned by secure interactive platform processes electronic equipment by App;
Step S312, the secure interactive platform will handle request and send to mobile interaction platform, and according to request type Send to outer net authority platform;
Step S313, after outer net authority platform receives certification request, SQL data are converted the request into using isolating device Send to intranet data storehouse and the logon rights for differentiating request are compared.
Preferably, the isolating device uses SysKeeper-2000 network safety isolator forward direction types.
Preferably, Intranet authentication service described in the step S320 is specially:
Step S321, during scanning input Intranet Quick Response Code, number of users is deposited by built-in SQLLite databases temporarily it is believed that Breath, and logging request is inquired about in SQLLite databases, and logging request is encrypted by SM4 and deposited;
Step S322, the service interface that electronic equipment will be supplied to APP to access, and the APP data accessed are used into passage Encryption SSL mode carries out SQL by isolating device and penetrates access intranet data storehouse.
Preferably, the user profile includes electronic equipment code, user name, head portrait, gesture and accesses record.
The present invention compared with prior art, has advantages below and beneficial effect:
(1) present invention avoids traditional forms of enterprises's Intranet using Quick Response Code identification login and logged in by inputting account number cipher progress Certification, because authority is extremely important in enterprise, as unified authentication platform, the security of its account just shows particularly important, The mode of traditional input account number cipher, not only access speed is slower, and (request intercepts, and holds under the arm easily by non-technical means Hold) leakage.
(2) present invention, avoiding traditional forms of enterprises's Intranet user name password login authentication mode, account is manually entered, particularly The complicated password for having certain length requirement, the problem of causing memory difficulty, while complicated account number cipher is brought to user The memory problems of relative difficulty.
(3) present invention has preferable autgmentability, the mode by the use of Quick Response Code as carrying authority information, can be according to difference Personnel, different departments have a different safe classes, and docking is other without close authentication mode, such as fingerprint, face recognition, iris etc. Autgmentability design provides necessary condition.
Brief description of the drawings
Fig. 1 is the operation logic schematic diagram of the embodiment of the present invention 1;
Fig. 2 is the operation logic schematic diagram of embodiment 2;
Embodiment
The present invention is described in further detail with reference to the preferred embodiments of the present invention, but the embodiment party of the present invention Formula not limited to this.
Embodiment 1:
First, to the present invention use solution method explanation before, to the present invention relates to noun or concept do Description below:
Without close login:Refer to be different from traditional login mode without close login, realized based on specific application scenarios A kind of a kind of login mode that account number cipher need not be used to complete login authentication, certain is not referred specifically to and logs in realization.
Quick Response Code:Quick Response Code is also known as QR Code, QR full name Quick Response, is a mobile device in recent years A kind of upper super popular coded system, it can deposit more information than traditional Bar Code bar codes, can also represent more Data type:Such as:Character, numeral, Japanese, Chinese etc..
SSO:Single Sign-on single sign-ons.
SSL:(Secure Sockets Layer SSLs) agreement, and its successor TLS (Transport Layer Security Transport Layer Securities) agreement is a kind of security protocol that safety and data integrity are provided for network service. Network connection is encrypted in transport layer by TLS and SSL, for Logistics networks data transmission security, using data encryption technology, Ensure that data will not be intercepted and eavesdrop in network transmission process.Ssl protocol turns into globalization standard, all main clear Look at device and WEB server program all supports ssl protocol, ssl protocol can be activated by installing SSL certificate.
SSL certificate is exactly the server digital certificate in accordance with ssl protocol, by certification authority (the CA machines of trust Structure), issue after authentication server identity, deployment on the server, has website authentication and encrypted transmission dual-use function.
SM4 is a packet symmetric key algorithm, and plaintext, key, ciphertext are all 16 bytes, encryption and decryption keys phase Together.Encryption and decryption are realized by the nonlinear iteration round function of 32 circulations.Including nonlinear transformation S boxes, and The linear transformation being made up of displacement XOR.In addition to the S boxes of 256 bytes, other two groups of parameters FK and CK (tool are also defined Volume data reference password number board web).Basic process is that 16 byte keys are divided into 4 groups for one group according to 4 byte first, then basis Key schedule, generate 32 group of 4 byte round key;Again 16 byte datas of input also according to one group of 4 byte be divided into 4 groups it is right Carry out loop computation afterwards (this puts similar with aes algorithm).It is a simple encryption demo flow below.
With reference to shown in accompanying drawing 1, it is a kind of based on enterprise-level intranet and extranet environment without password login implementation method, be using having The mobile electronic device of Quick Response Code function is scanned by way of scanning Quick Response Code, specifies the data of corporate intranet to believe to obtain Cease, including be easy to the communication mobile electronic device with barcode scanning function of user's access as mobile terminal, with the electronic equipment Carry out the information outer net and information Intranet of radio communication:
Described information outer net includes including the secure interactive platform to communicate by https modes, Yi Jiyu with electronic equipment Secure interactive platform carries out the outer net identity authority authentication module of data exchange;And
Described information Intranet includes the database of storage user profile, carries out data exchange with database and recognizes for Intranet Demonstrate,prove the Intranet authentication rights service module of service;
Specifically include following steps:
Step S100, using any communication mobile electronic device with barcode scanning function, by being arranged on the electronics The 2 D code information on mobile APP scanning corporate intranet servers in equipment;In the present embodiment, the step S100 also includes APP user's registrations bind step, specifically include:
The APP logged in enterprise's barcode scanning is downloaded and installed to step S110, electronic equipment;
Step S120, for opening APP, select to be used for identity by APP scanning Intranet registration services in a manner of selecting one The Quick Response Code of binding completes registration, or directly carries out user profile registration binding by the Intranet registration service page;
Step S130, during information is submitted, described information Intranet sends word checking information to electronic equipment and noted Volume checking;
Step S140, user are given birth to by the word checking information obtained in input step S130 by checking and in APP There is the user profile stored in information intranet data storehouse into binding.
Quick Response Code in step S200, login step S100 simultaneously obtains the information in Quick Response Code, meanwhile, the electronic equipment The user profile being infused in the APP and electronic device information are sent by encription algorithms approved by the State Password Administration Committee Office algorithm SM4 data encryption modes To the mobile interaction platform of enterprise;
Step S300, the Quick Response Code personal information that the mobile interaction platform is submitted according to user terminal requests, enters first Row user profile and ownership judge that the Quick Response Code scanned in obtaining step S100 is the Intranet authentication service or outer net directly linked Authentication service, then carries out routing policy matching, and the routing policy matching is total to by Intranet authentication service and outer net authentication service With composition;
Step S310, if the Quick Response Code scanned in step S300 is the outer net authentication service of link, user's barcode scanning logs in After request is submitted, it is authenticated according to the routing policy request outer net authority platform described in step S300;The step S310 The outer net authentication service is specially:
Step S311, the Quick Response Code of electronic equipment scanning link outer net authentication service, and believed user by https modes Breath is sent to secure interactive platform, the information process request scanned by secure interactive platform processes electronic equipment by App;
Step S312, the secure interactive platform will handle request and send to mobile interaction platform, and according to request type Send to outer net authority platform;
Step S313, after outer net authority platform receives certification request, SQL data are converted the request into using isolating device Send to intranet data storehouse and the logon rights for differentiating request are compared.
Step S400, the Successful login Intranet if step S310 certifications success, by step S100 if authentification failure Described APP prompting error messages, login failure.
In the present embodiment, the electronic equipment includes mobile phone.
In the present embodiment, the isolating device uses SysKeeper-2000 network safety isolator forward direction types.
In the present embodiment, the user profile includes electronic equipment code, user name, head portrait, gesture and accesses record.
In the present embodiment, the SM4 algorithm flows are as follows, but to those skilled in the art it should be understood that SM4 is calculated Method is already belonging to prior art, and below scheme program is merely convenient of understanding and is used, and actual encryption algorithm can use and below scheme Equivalent multiple programs are realized, specific as follows:
Embodiment 2:
With reference to shown in accompanying drawing 2, it is a kind of based on enterprise-level intranet and extranet environment without password login implementation method, be using having The mobile electronic device of Quick Response Code function is scanned by way of scanning Quick Response Code, specifies the data of corporate intranet to believe to obtain Cease, including be easy to the communication mobile electronic device with barcode scanning function of user's access as mobile terminal, with the electronic equipment Carry out the information outer net and information Intranet of radio communication:
Described information outer net includes including the secure interactive platform to communicate by https modes, Yi Jiyu with electronic equipment Secure interactive platform carries out the outer net identity authority authentication module of data exchange;And
Described information Intranet includes the database of storage user profile, carries out data exchange with database and recognizes for Intranet Demonstrate,prove the Intranet authentication rights service module of service;
Specifically include following steps:
Step S100, using any communication mobile electronic device with barcode scanning function, by being arranged on the electronics The 2 D code information on mobile APP scanning corporate intranet servers in equipment;In the present embodiment, the step S100 also includes APP user's registrations bind step, specifically include:
The APP logged in enterprise's barcode scanning is downloaded and installed to step S110, electronic equipment;
Step S120, for opening APP, select to be used for identity by APP scanning Intranet registration services in a manner of selecting one The Quick Response Code of binding completes registration, or directly carries out user profile registration binding by the Intranet registration service page;
Step S130, during information is submitted, described information Intranet sends word checking information to electronic equipment and noted Volume checking;
Step S140, user are given birth to by the word checking information obtained in input step S130 by checking and in APP There is the user profile stored in information intranet data storehouse into binding.
Quick Response Code in step S200, login step S100 simultaneously obtains the information in Quick Response Code, meanwhile, the electronic equipment The user profile being infused in the APP and electronic device information are sent by encription algorithms approved by the State Password Administration Committee Office algorithm SM4 data encryption modes To the mobile interaction platform of enterprise;
Step S300, the Quick Response Code personal information that the mobile interaction platform is submitted according to user terminal requests, enters first Row user profile and ownership judge that the Quick Response Code scanned in obtaining step S100 is the Intranet authentication service or outer net directly linked Authentication service, then carries out routing policy matching, and the routing policy matching is total to by Intranet authentication service and outer net authentication service With composition;
Step S320, if the Quick Response Code scanned in step S300 is the Intranet authentication service of link, user's barcode scanning logs in After request is submitted, fitted through by the routing policy described in step S300 in the way of isolating device SQL is penetrated and access Intranet Database;
Step S330, Intranet authentication service complete certification clothes by parsing the intranet data storehouse described in read step S320 Business;
Step S400, the Successful login Intranet if step S320-S330 certifications success, passes through step if authentification failure APP prompting error messages described in S100, login failure.
In the present embodiment, the electronic equipment includes mobile phone.
In the present embodiment, the isolating device uses SysKeeper-2000 network safety isolator forward direction types.
In the present embodiment, Intranet authentication service described in the step S320 is specially:
Step S321, during scanning input Intranet Quick Response Code, number of users is deposited by built-in SQLLite databases temporarily it is believed that Breath, and logging request is inquired about in SQLLite databases, and logging request is encrypted by SM4 and deposited;
Step S322, the service interface that electronic equipment will be supplied to APP to access, and the APP data accessed are used into passage Encryption SSL mode carries out SQL by isolating device and penetrates access intranet data storehouse.
In the present embodiment, the user profile includes electronic equipment code, user name, head portrait, gesture and accesses record.
In the present embodiment, the SM4 algorithm flows are identical with SM4 algorithm flows described in embodiment 1, in the present embodiment Just do not repeating.
It is described above, be only presently preferred embodiments of the present invention, any formal limitation not done to the present invention, it is every according to Any simply modification, the equivalent variations made according to the technical spirit of the present invention to above example, each fall within the protection of the present invention Within the scope of.

Claims (7)

1. it is a kind of based on enterprise-level intranet and extranet environment without password login implementation method, be to utilize that there is scanning Quick Response Code function Mobile electronic device by way of scanning Quick Response Code, to obtain the user ID data information for specifying corporate intranet, it is special Sign is, including is easy to the communication mobile electronic device with barcode scanning function of user's access as mobile terminal, with the electronics Equipment carries out the information outer net and information Intranet of radio communication:
Described information outer net includes including the secure interactive platform that communicates by https modes with electronic equipment, and with safety Interaction platform carries out the flat authentication module of outer net identity authority of data exchange;And
Described information Intranet includes the database of storage user profile, and intranet and extranet carry out SQL by enterprise firewall isolating device Penetrate, and data exchange is carried out and for the Intranet authentication rights service mould of Intranet authentication service with intranet data storehouse Block;
Specifically include following steps:
Step S100, using any communication mobile electronic device with barcode scanning function, by being arranged on the electronic equipment 2 D code information on interior mobile APP scanning corporate intranet servers;
Quick Response Code in step S200, login step S100 simultaneously obtains the information in Quick Response Code, meanwhile, the electronic equipment will be noted Enter the user profile in the APP and electronic device information to send to enterprise by encription algorithms approved by the State Password Administration Committee Office algorithm SM4 data encryption modes The mobile interaction platform of industry;
Step S300, the Quick Response Code personal information that the mobile interaction platform is submitted according to user terminal requests, is used first Family information and ownership judge that the Quick Response Code scanned in obtaining step S100 is the Intranet authentication service or outer net certification directly linked Service, routing policy matching is then carried out, the routing policy matching is by Intranet authentication service and common group of outer net authentication service Into;
Step S310, if the Quick Response Code scanned in step S300 is the outer net authentication service of link, user's barcode scanning logging request After submission, it is authenticated according to the routing policy request outer net authority platform described in step S300;
Step S320, if the Quick Response Code scanned in step S300 is the Intranet authentication service of link, user's barcode scanning logging request After submission, fitted through by the routing policy described in step S300 in the way of isolating device SQL is penetrated and access intranet data Storehouse;
Step S330, Intranet authentication service complete authentication service by parsing the intranet data storehouse described in read step S320;
Step S400, the Successful login Intranet if any one group of certification success in step S310 or step S320-S330, if certification Failure then prompts error message, login failure by the APP described in step S100.
2. it is according to claim 1 it is a kind of based on enterprise-level intranet and extranet environment without password login implementation method, its feature It is, the step S100 also includes APP user's registrations binding step, specifically includes:
The APP logged in enterprise's barcode scanning is downloaded and installed to step S110, electronic equipment;
Step S120, for opening APP, select to be used for identity binding by APP scanning Intranet registration services in a manner of selecting one Quick Response Code complete registration, or by the Intranet registration service page directly carry out user profile registration binding;
Step S130, during information is submitted, described information Intranet carries out registration to electronic equipment transmission word checking information and tested Card;
Step S140, user are tied up by the word checking information obtained in input step S130 by verifying and being generated in APP Surely there is the user profile stored in information intranet data storehouse.
3. it is according to claim 1 or 2 it is a kind of based on enterprise-level intranet and extranet environment without password login implementation method, it is special Sign is that the electronic equipment includes mobile phone.
4. it is according to claim 1 it is a kind of based on enterprise-level intranet and extranet environment without password login implementation method, its feature It is, outer net authentication service described in the step S310 is specially:
Step S311, the Quick Response Code of electronic equipment scanning link outer net authentication service, and passed user profile by https modes Secure interactive platform is sent to, the information process request scanned by secure interactive platform processes electronic equipment by App;
Step S312, the secure interactive platform will handle request and send to mobile interaction platform, and be sent according to request type To outer net authority platform;
Step S313, after outer net authority platform receives certification request, convert the request into SQL data using isolating device and send The logon rights for differentiating request are compared to intranet data storehouse.
5. based on enterprise-level intranet and extranet environment without password login implementation method, it is special by a kind of according to claim 1 or 4 Sign is that the isolating device uses SysKeeper-2000 network safety isolator forward direction types.
6. according to claim 1 or 5 it is a kind of based on enterprise-level intranet and extranet environment without password login implementation method, it is special Sign is that Intranet authentication service described in the step S320 is specially:
Step S321, during scanning input Intranet Quick Response Code, user data information is deposited by built-in SQLLite databases temporarily, And inquired about logging request in SQLLite databases, and logging request is encrypted by SM4 and deposited;
Step S322, the service interface that electronic equipment will be supplied to APP to access, and the APP data accessed are used into channel encryption SSL modes carry out SQL by isolating device and penetrate access intranet data storehouse.
It is 7. a kind of real without password login based on enterprise-level intranet and extranet environment according to any one in claim 1,2,4 Existing method, it is characterised in that the user profile includes electronic equipment code, user name, head portrait, gesture and accesses record.
CN201710790919.9A 2017-09-05 2017-09-05 It is a kind of based on enterprise-level intranet and extranet environment without password login implementation method Pending CN107733861A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710790919.9A CN107733861A (en) 2017-09-05 2017-09-05 It is a kind of based on enterprise-level intranet and extranet environment without password login implementation method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710790919.9A CN107733861A (en) 2017-09-05 2017-09-05 It is a kind of based on enterprise-level intranet and extranet environment without password login implementation method

Publications (1)

Publication Number Publication Date
CN107733861A true CN107733861A (en) 2018-02-23

Family

ID=61205778

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710790919.9A Pending CN107733861A (en) 2017-09-05 2017-09-05 It is a kind of based on enterprise-level intranet and extranet environment without password login implementation method

Country Status (1)

Country Link
CN (1) CN107733861A (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108377244A (en) * 2018-02-26 2018-08-07 云南维者科技有限公司 A kind of Intranet uniform authentication method
CN108667813A (en) * 2018-04-18 2018-10-16 珠海横琴盛达兆业科技投资有限公司 Net system method in a kind of login based on small routine
CN110688637A (en) * 2019-09-29 2020-01-14 广州大白互联网科技有限公司 Authentication method and authentication system between internal and external network devices
CN110866243A (en) * 2019-10-25 2020-03-06 北京达佳互联信息技术有限公司 Login authority verification method, device, server and storage medium
CN111049880A (en) * 2019-10-24 2020-04-21 国网山东省电力公司 Internal and external network data transmission method and system based on mobile training terminal
CN111193708A (en) * 2019-11-29 2020-05-22 云深互联(北京)科技有限公司 Code scanning login method and device based on enterprise browser
CN112258103A (en) * 2020-09-27 2021-01-22 北京云杉世界信息技术有限公司 Method for accessing and monitoring environmental data of fresh and frozen product warehouse
CN112565198A (en) * 2020-11-11 2021-03-26 浪潮电子信息产业股份有限公司 Secret-free login method and device, electronic equipment and storage medium
CN112580018A (en) * 2019-09-29 2021-03-30 北京国双科技有限公司 User management mode switching method and device
CN112948800A (en) * 2021-02-26 2021-06-11 北京北大千方科技有限公司 Two-dimensional code login annunciator management platform method, device, equipment and medium
CN114080004A (en) * 2020-08-19 2022-02-22 阿里巴巴集团控股有限公司 Private network access method and device
CN114978709A (en) * 2022-05-24 2022-08-30 成都市第三人民医院 Lightweight unified security authentication system and method for medical application
CN114978588A (en) * 2022-04-12 2022-08-30 湖北华特信息技术有限公司 Verification method and system based on optical one-way information transmission
CN116506237A (en) * 2023-06-30 2023-07-28 深圳市今天国际物流技术股份有限公司 Remote identity verification and transmission method completely off-line

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685749A (en) * 2012-05-30 2012-09-19 杭州师范大学 Wireless safety authentication method orienting to mobile terminal
CN105512900A (en) * 2015-12-17 2016-04-20 厦门纳纬信息技术有限公司 Product anti-counterfeiting authenticating and product quality tracking method
CN106570751A (en) * 2016-11-08 2017-04-19 南京擎天科技有限公司 Export tax rebate reporting device based on code scanning entry and method thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685749A (en) * 2012-05-30 2012-09-19 杭州师范大学 Wireless safety authentication method orienting to mobile terminal
CN105512900A (en) * 2015-12-17 2016-04-20 厦门纳纬信息技术有限公司 Product anti-counterfeiting authenticating and product quality tracking method
CN106570751A (en) * 2016-11-08 2017-04-19 南京擎天科技有限公司 Export tax rebate reporting device based on code scanning entry and method thereof

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
彭永勇,: ""基于企业内外网场景的非涉密登录关键技术研究",", 《信息与电脑》 *

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108377244A (en) * 2018-02-26 2018-08-07 云南维者科技有限公司 A kind of Intranet uniform authentication method
CN108667813A (en) * 2018-04-18 2018-10-16 珠海横琴盛达兆业科技投资有限公司 Net system method in a kind of login based on small routine
CN110688637A (en) * 2019-09-29 2020-01-14 广州大白互联网科技有限公司 Authentication method and authentication system between internal and external network devices
CN112580018A (en) * 2019-09-29 2021-03-30 北京国双科技有限公司 User management mode switching method and device
CN111049880A (en) * 2019-10-24 2020-04-21 国网山东省电力公司 Internal and external network data transmission method and system based on mobile training terminal
CN110866243A (en) * 2019-10-25 2020-03-06 北京达佳互联信息技术有限公司 Login authority verification method, device, server and storage medium
CN110866243B (en) * 2019-10-25 2022-11-22 北京达佳互联信息技术有限公司 Login authority verification method, device, server and storage medium
CN111193708A (en) * 2019-11-29 2020-05-22 云深互联(北京)科技有限公司 Code scanning login method and device based on enterprise browser
CN114080004B (en) * 2020-08-19 2024-04-09 阿里巴巴集团控股有限公司 Private network access method and device
CN114080004A (en) * 2020-08-19 2022-02-22 阿里巴巴集团控股有限公司 Private network access method and device
CN112258103A (en) * 2020-09-27 2021-01-22 北京云杉世界信息技术有限公司 Method for accessing and monitoring environmental data of fresh and frozen product warehouse
CN112565198A (en) * 2020-11-11 2021-03-26 浪潮电子信息产业股份有限公司 Secret-free login method and device, electronic equipment and storage medium
CN112948800A (en) * 2021-02-26 2021-06-11 北京北大千方科技有限公司 Two-dimensional code login annunciator management platform method, device, equipment and medium
CN112948800B (en) * 2021-02-26 2024-04-12 北京北大千方科技有限公司 Two-dimensional code log-in annunciator management platform method, device, equipment and medium
CN114978588A (en) * 2022-04-12 2022-08-30 湖北华特信息技术有限公司 Verification method and system based on optical one-way information transmission
CN114978709A (en) * 2022-05-24 2022-08-30 成都市第三人民医院 Lightweight unified security authentication system and method for medical application
CN114978709B (en) * 2022-05-24 2023-06-27 成都市第三人民医院 Lightweight unified security authentication method for medical application
CN116506237B (en) * 2023-06-30 2023-09-22 深圳市今天国际物流技术股份有限公司 Remote identity verification and transmission method completely off-line
CN116506237A (en) * 2023-06-30 2023-07-28 深圳市今天国际物流技术股份有限公司 Remote identity verification and transmission method completely off-line

Similar Documents

Publication Publication Date Title
CN107733861A (en) It is a kind of based on enterprise-level intranet and extranet environment without password login implementation method
CN105376216B (en) A kind of remote access method, proxy server and client
JP5926441B2 (en) Secure authentication in multi-party systems
CN102638454B (en) Plug-in type SSO (single signon) integration method oriented to HTTP (hypertext transfer protocol) identity authentication protocol
CN101202753B (en) Method and device for accessing plug-in connector applied system by client terminal
US8572712B2 (en) Device independent authentication system and method
CN102655494B (en) SAML (Security Assertion Markup Language)-based authentication platform designed in single log-in mode
CN104767731B (en) A kind of Restful move transactions system identity certification means of defence
CN104283886B (en) A kind of implementation method of the web secure access based on intelligent terminal local authentication
US9122865B2 (en) System and method to establish and use credentials for a common lightweight identity through digital certificates
US20090307486A1 (en) System and method for secured network access utilizing a client .net software component
CN105306211B (en) A kind of identity identifying method of client software
CN103986584A (en) Double-factor identity verification method based on intelligent equipment
CN108964885A (en) Method for authenticating, device, system and storage medium
CN101986598B (en) Authentication method, server and system
CN107872455A (en) A kind of cross-domain single login system and its method
CN101448001A (en) System for realizing WAP mobile banking transaction security control and method thereof
CN103384198A (en) User identity identification service method and system on basis of mailbox
US20160212123A1 (en) System and method for providing a certificate by way of a browser extension
CN104469736B (en) A kind of data processing method, server and terminal
CN104702562B (en) Terminal fused business cut-in method, system and terminal
CN105100093B (en) A kind of identity authentication method and server
US20040083296A1 (en) Apparatus and method for controlling user access
US20230306103A1 (en) Pre-registration of authentication devices
CN106529216B (en) Software authorization system and software authorization method based on public storage platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180223