CN108023874A - Calibration equipment, method and the computer-readable recording medium of single-sign-on - Google Patents
Calibration equipment, method and the computer-readable recording medium of single-sign-on Download PDFInfo
- Publication number
- CN108023874A CN108023874A CN201711131291.8A CN201711131291A CN108023874A CN 108023874 A CN108023874 A CN 108023874A CN 201711131291 A CN201711131291 A CN 201711131291A CN 108023874 A CN108023874 A CN 108023874A
- Authority
- CN
- China
- Prior art keywords
- token information
- logging request
- user data
- sign
- time
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Abstract
The invention discloses a kind of calibration equipment of single-sign-on, including memory and processor, the checking routine for the single-sign-on that can be run on a processor is stored with memory, which realizes following steps when being executed by processor:Judge whether include token information in the logging request that user terminal is sent;If so, then obtaining token information and user data from logging request, and record the time for receiving the logging request;Token information is decrypted using key, to obtain the user data included in token information and voucher creation time;If the user data included in logging request is consistent with the user data included in token information and time difference between the time and voucher creation time of record is less than predetermined threshold value, judgement verification passes through;Otherwise, it is determined that verification failure.The present invention also proposes a kind of method of calibration of single-sign-on and a kind of computer-readable recording medium.The present invention reduces the data volume that needs are safeguarded, and improve the verification efficiency of single-sign-on.
Description
Technical field
The present invention relates to field of computer technology, more particularly to a kind of calibration equipment of single-sign-on, method and computer
Readable storage medium storing program for executing.
Background technology
In existing Single Sign-On Technology Used, it realizes that the scheme of verification is usually:Certain application is first logged into user terminal
During system, server can generate a unique token information (token), and the account of the token information and the login is established and is reflected
Relation is penetrated, and the token information is sent to user terminal, when logging in other application system login for SS later, is taken
Verified with the token information, can no longer input the information such as account, password, realized that user only needs to log in and once can
Access the application system of all mutual trusts.
, it is necessary to establish database in server end in the program, the account information of substantial amounts of user is safeguarded and for its point
The token information matched somebody with somebody and the mapping relations between them, it is when receiving the logging request for including token information, it is necessary to logical
The correspondence between this token information and user in inquiry database is crossed, just can inquire user information, and then to user
Logon rights verified, but scheme not only needs to safeguard substantial amounts of data in server end, but also verifies all need every time
To cause verification efficiency low from data base querying mapping relations.
The content of the invention
The present invention provides a kind of calibration equipment of single-sign-on, method and computer-readable recording medium, its main purpose
It is to reduce the data volume that server end is safeguarded, and improves the verification efficiency of single-sign-on.
To achieve the above object, the present invention provides a kind of calibration equipment of single-sign-on, which includes memory and place
Device is managed, the checking routine for the single-sign-on that can be run on the processor, the single-sign-on are stored with the memory
Checking routine realize following steps when being performed by the processor:
When receiving the logging request of user terminal transmission, judge whether to include in the logging request described
Token information;
If including token information in the logging request, obtained from the logging request token information and
User data, and record the time for receiving the logging request;
Using decipherment algorithm corresponding with the first predetermined encryption algorithm and the key prestored, the token is believed
Breath decryption, to obtain the user data included in the token information and voucher creation time;
The user data included in the user data included in the logging request and the token information is carried out pair
Than, and judge whether the time difference between the time of record and the voucher creation time is less than predetermined threshold value;
If the user data included in the logging request it is consistent with the user data included in the token information and
The time difference is less than predetermined threshold value, then judges that verification passes through;
Otherwise, it is determined that verification failure.
Alternatively, the checking routine of the single-sign-on can also be performed by the processor, ought be received described
During the logging request that user terminal is sent, after the step of judging whether to include the token information in the logging request,
To realize following steps:
If not having token information in the logging request, user data is obtained from the logging request, wherein, institute
State to include at least in user data and have subscriber identity information and operation system mark;
Using current time as the voucher creation time, and obtain the key prestored;
Based on the key and the first predetermined encryption algorithm, the user data and the voucher creation time are added
Close processing;
The obtained character string of encryption is obtained, using the character string as token information, and by the token information
Send to the user terminal.
Alternatively, it is described to be based on the key and the first predetermined encryption algorithm, the user data and the voucher are created
Building the step of being encrypted time includes:
The user data is encrypted based on the key and the first predetermined encryption algorithm to generate the first encryption knot
Fruit, encrypts to generate the second encrypted result the voucher creation time based on the second predetermined encryption algorithm;
First encrypted result and second encrypted result are synthesized into a character string;
Based on second predetermined encryption algorithm to the character string encryption.
Alternatively, first Encryption Algorithm is Advanced Encryption Standard aes algorithm, the second encryption predetermined encryption algorithm
For BASE64 algorithms.
Alternatively, the checking routine of the single-sign-on can also be performed by the processor, ought receive use described
During the logging request that family terminal is sent, before the step of judging whether to include the token information in the logging request, also
Realize following steps:
Current time is obtained, variable factor is generated according to current time and default fiducial time;
A random string is obtained from encryption equipment, using the 3rd predetermined encryption algorithm to the random string and institute
Variable factor encryption is stated, to generate the key and store.
In addition, to achieve the above object, the present invention also provides a kind of method of calibration of single-sign-on, this method includes:
When receiving the logging request of user terminal transmission, judge whether to include in the logging request described
Token information;
If it is not, user data then is obtained from the logging request, wherein, being included at least in the user data has user
Identity information and operation system mark;
Using current time as the voucher creation time, and obtain the key prestored;
Based on the key and the first predetermined encryption algorithm, the user data and the voucher creation time are added
Close processing;
The obtained character string of encryption is obtained, using the character string as token information, and by the token information
Send to the user terminal.
Alternatively, it is described when receiving the logging request of user terminal transmission, judge whether wrapped in the logging request
After the step of token information, the method further includes following steps:
If including token information in the logging request, obtained from the logging request token information and
User data, and record the time for receiving the logging request;
Using decipherment algorithm corresponding with first predetermined encryption algorithm and the key to the token information solution
It is close, to obtain the user data included in the token information and voucher creation time;
The user data included in the user data included in the logging request and the token information is carried out pair
Than, and judge whether the time difference between the time of record and the voucher creation time is less than predetermined threshold value;
If the user data included in the logging request it is consistent with the user data included in the token information and
The time difference is less than predetermined threshold value, then judges that verification passes through;
Otherwise, it is determined that verification failure.
Alternatively, it is described to be based on the key and the first predetermined encryption algorithm, the user data and the voucher are created
Building the step of being encrypted time includes:
The user data is encrypted based on the key and the first predetermined encryption algorithm to generate the first encryption knot
Fruit, encrypts to generate the second encrypted result the voucher creation time based on the second predetermined encryption algorithm;
First encrypted result and second encrypted result are synthesized into a character string;
Based on second predetermined encryption algorithm to the character string encryption.
Alternatively, it is described when receiving the logging request of user terminal transmission, judge whether wrapped in the logging request
Before the step of token information, the method further includes following steps:
Current time is obtained, variable factor is generated according to current time and default fiducial time;
A random string is obtained from encryption equipment, using the 3rd predetermined encryption algorithm to the random string and institute
Variable factor encryption is stated, to generate the key and store.
In addition, to achieve the above object, it is described computer-readable the present invention also provides a kind of computer-readable recording medium
The checking routine of single-sign-on is stored with storage medium, the checking routine of the single-sign-on can be handled by one or more
Device performs, the step of to realize the method for calibration of single-sign-on as described above.
Calibration equipment, method and the computer-readable recording medium of single-sign-on proposed by the present invention, when user terminal is sent out
When carrying token information in the logger request sent, user data and token information are obtained from logging request, and record
The time of the logging request is received, uses decipherment algorithm corresponding with the first predetermined encryption algorithm and the key prestored
Token information is decrypted and obtains user data wherein included and voucher creation time, will be included in logging request
User data contrasted with the user included in token information, while judge record time and the establishment that gets with
Whether the time difference between the card time is less than predetermined threshold value, if so, then judging that the token message is legal, therefore judges that verification passes through,
Otherwise, it is determined that verification failure, from such scheme as can be seen that what is carried in logging request is used to verify the token information of authority
Include the user data by encryption, and a voucher generated time, after the token information decryption processings, i.e.,
User data and voucher generated time therein can be got, so that the user data with being included in logging request is contrasted,
To realize verification to token information legitimacies, the program need not server end safeguard token information and user data it
Between mapping relations, it is not required that verification needs all according to the corresponding user information of mapping relationship searching so as to fulfill reducing every time
The data volume to be safeguarded, and improve the effect of the verification efficiency of single-sign-on.
Brief description of the drawings
Fig. 1 is the schematic diagram of the calibration equipment preferred embodiment of single-sign-on of the present invention;
Fig. 2 shows for the program module of the checking routine of single-sign-on in one embodiment of calibration equipment of single-sign-on of the present invention
It is intended to;
Fig. 3 is the flow chart of the method for calibration preferred embodiment of single-sign-on of the present invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
The present invention provides a kind of calibration equipment of single-sign-on.It is that the verification of single-sign-on of the present invention fills with reference to shown in Fig. 1
Put the schematic diagram of preferred embodiment.
In the present embodiment, the calibration equipment of the single-sign-on includes at least memory 11, processor 12, communication bus
13, and network interface 14.
Wherein, memory 11 includes at least a type of readable storage medium storing program for executing, the readable storage medium storing program for executing include flash memory,
Hard disk, multimedia card, card-type memory (for example, SD or DX memories etc.), magnetic storage, disk, CD etc..Memory 11
Can be the internal storage unit of the calibration equipment of single-sign-on in certain embodiments, such as the calibration equipment of the single-sign-on
Hard disk.Memory 11 can also be the External memory equipment of the calibration equipment of single-sign-on in further embodiments, such as
The plug-in type hard disk being equipped with the calibration equipment of single-sign-on, intelligent memory card (Smart Media Card, SMC), safe number
Word (Secure Digital, SD) blocks, flash card (Flash Card) etc..Further, memory 11 can also both include single
The internal storage unit for the calibration equipment that point logs in also includes External memory equipment.Memory 11 can be not only used for storage installation
In the application software and Various types of data of the calibration equipment of single-sign-on, such as code of the checking routine of single-sign-on etc., may be used also
For temporarily storing the data that has exported or will export.
Processor 12 can be in certain embodiments a central processing unit (Central Processing Unit,
CPU), controller, microcontroller, microprocessor or other data processing chips, for the program stored in run memory 11
Code or processing data, such as perform the checking routine of single-sign-on etc..
Communication bus 13 is used for realization the connection communication between these components.
Network interface 14 can optionally include standard wireline interface and wireless interface (such as WI-FI interfaces), be commonly used in
Communication connection is established between the device and other electronic equipments.
Fig. 1 illustrate only the calibration equipment of the single-sign-on of the checking routine with component 11-14 and single-sign-on, but
It is that should be understood that, it is not required that implement all components shown, the more or less component of the implementation that can be substituted.
Alternatively, which can also include user interface, and user interface can include display (Display), input
Unit such as keyboard (Keyboard), optional user interface can also include standard wireline interface and wireless interface.It is optional
Ground, in certain embodiments, display can be light-emitting diode display, liquid crystal display, touch-control liquid crystal display and OLED
(Organic Light-Emitting Diode, Organic Light Emitting Diode) touches device etc..Wherein, what display can also be suitably
Referred to as display screen or display unit, for being shown in the information that is handled in the calibration equipment of single-sign-on and visual for showing
The user interface of change.
In the device embodiment shown in Fig. 1, the checking routine of single-sign-on is stored with memory 11;Processor 12 is held
Following steps are realized during the checking routine of the single-sign-on stored in line storage 11:
When receiving the logging request of user terminal transmission, judge whether to include in the logging request described
Token information.
If including token information in the logging request, obtained from the logging request token information and
User data, and record the time for receiving the logging request.
The calibration equipment for the single-sign-on that the embodiment proposes can be single logging-on server.What calibration equipment received
Logging request can be that user terminal directly transmits or user terminal is sent to operation system, by operation system
It is redirected to calibration equipment.Whether calibration equipment detects token information in the logging request, if including token information,
Then illustrate that this login of the user's terminal does not first log into, above-mentioned token information is when logging in before, by calibration equipment
For its distribution.
Above-mentioned calibration equipment is that the implementation of user terminal distribution token information is:Industry is first logged into user terminal
During business system, or when detecting the token carried in logging request failures, token is distributed for user terminal.
Specifically,, please from the login if there is no token information in the logging request as a kind of embodiment
Middle acquisition user data is sought, wherein, being included at least in the user data has subscriber identity information and operation system mark;Ought
The preceding time obtains the key prestored as the voucher creation time;It is right based on the key and the first predetermined encryption algorithm
The user data and the voucher creation time are encrypted;The character string that encryption obtains is obtained, by the word
Symbol string is used as token information, and the token information is sent to the user terminal.
In certain embodiments, above-mentioned user data can include but is not limited to data below:Subscriber identity information, business
The information such as IP address of host where system banner, IP address, single logging-on server packet, agency.From logging request
Middle acquisition above- mentioned information, above- mentioned information is combined, wherein, utilize " | " to distinguish between information.Getting number of users
According to rear, obtain the key prestored in server, and using the key and the first predetermined encryption algorithm to user data and with
Card creation time is encrypted, wherein, the voucher creation time is current time, that is, time when being encrypted.Can
Selection of land, in certain embodiments, after user data and voucher creation time being distinguished encryption, then the combination to them
As a result one-time pad encryption processing is carried out again.
Specifically, based on the key and the first predetermined encryption algorithm, during to the user data and the voucher creation
Between the step of being encrypted include:
The user data is encrypted based on the key and the first predetermined encryption algorithm to generate the first encryption knot
Fruit, encrypts to generate the second encrypted result the voucher creation time based on the second predetermined encryption algorithm;Described first is added
Close result and second encrypted result synthesize a character string;Based on second predetermined encryption algorithm to the character string
Encryption.
For example, key is PK (V), the voucher creation time is cTime, then according to the knot obtained after above-mentioned steps encryption
Fruit Entoken=BASE64 ((AES (PK (V), Detoken) | | BASE64 (cTime)), wherein, Detoken is user data.
Above-mentioned first predetermined encryption algorithm can be aes algorithm, and the second predetermined encryption algorithm can be BASE64 algorithms, in other implementations
In example, other Encryption Algorithm can be selected as needed.
On the key used in the above process, stored after key can be obtained from other channels by calibration equipment, or
Person generates key by calibration equipment according to following steps:
Current time is obtained, variable factor is generated according to current time and default fiducial time;Obtained from encryption equipment
A random string is taken, using the 3rd predetermined encryption algorithm to the random string and the variable factor encryption,
To generate the key and store.
Specifically, current time cTime and default fiducial time bTime is obtained, calculates variable factor V=
(cTime-bTime)/bTime, obtains a random string SEED, to variable factor V and random words from encryption equipment
Symbol string SEED encryptions, wherein the 3rd predetermined encryption algorithm can be HMAC_SHA_1 algorithms.Generate the detailed process of key
It is as follows:
PK (V)=HOTP (SEED, V) | | HOTP (SEED, V+1), wherein, " | | " it is connector;
HOTP (K, C)=(HMAC_SHA_1 (K ', C ') &0x7FFFFFFF) mod 10d, wherein, K ' is the hash number of K
According to the hash data that, C ' is C, using SEED and V as K, C value bring into above-mentioned formula be calculated HOTP (SEED, V) and
HOTP (SEED, V+1).HASH hash is carried out using HMAC_SHA_1 algorithms, the hexadecimal of 20 byte 40 can be obtained
Numeral, mod are complementation, and the d power modular arithmetics with 10 obtain a numerical password of d.Wherein, HOTP is that one kind is based on
The one-time password algorithm of HMAC, HMAC (Hash Message Authentication Code, Hashed Message Authorization Code) are calculated
Method mainly utilizes hash algorithm, using a key and a message as input, generates an eap-message digest as output, it can
Used with being bundled with any iteration hash function, for example, with SHA_1 (Secure Hash Algorithm, secure Hash hash)
Algorithm binding uses composition HMAC_SHA_1 algorithms.
After generating token information in the manner described above, calibration equipment is using the result that encryption obtains as token information
User terminal is sent to be stored, user terminal carries the token information in the logging request subsequently sent, for example, to
When other operation systems with trusting relationship send logging request between above-mentioned operation system, the token information is carried, can
Only need to log in the application system that can once access all mutual trusts to realize.
If including token information in logging request, the token information included in request and user data are obtained, together
Shi Jilu receives the time during logging request, and next the legitimacy of the token information to getting verifies.
Using decipherment algorithm corresponding with the first predetermined encryption algorithm and the key prestored, the token is believed
Breath decryption, to obtain the user data included in the token information and voucher creation time.
The user data included in the user data included in the logging request and the token information is carried out pair
Than, and judge whether the time difference between the time of record and the voucher creation time is less than predetermined threshold value.
If the user data included in the logging request it is consistent with the user data included in the token information and
The time difference is less than predetermined threshold value, then judges that verification passes through.
Otherwise, it is determined that verification failure.
Token information is decrypted, is an inverse operation to above-mentioned ciphering process on the process nature of decryption,
It is decrypted according to the first predetermined encryption algorithm and the key prestored.
By taking Entoken=BASE64 [AES (PK (V), Detoken) | | BASE64 (cTime)] as an example, then when decrypting, press
According to following process:
According to BASE64.decode (BASE64 [and AES (PK (V), Detoken) | | BASE64 (cTime)) computing, obtain
AES (PK (V), Detoken) and BASE64 (cTime), then obtain user data Detoken wherein included by following computing
With voucher creation time cTime:
DeToken=BASE64.decode (AES.decode (DeToken ')), wherein, DeToken '=AES (PK
(V), Detoken);
CTime=BASE64.decode (cTime '), wherein, cTime '=BASE64 (cTime).
The user data got from token information and the user data included in logging request are contrasted, together
When judge time difference between voucher creation time for being included in token information and current time with whether being less than the default threshold
Value, if the user data got in token information is consistent with the user data included in logging request, and the time difference is less than this
Predetermined threshold value, then verification pass through, it is allowed to the direct registering service system of user, if the user data included in logging request with
The user data included in token information is inconsistent and/or the time difference is greater than or equal to predetermined threshold value, judges verification failure, to
User terminal returns to login interface, is logged in again after inputting account and password for user.It should be noted that above-mentioned default threshold
It is worth the term of validity of a token information to be set at calibration equipment, when beyond this threshold value, then it is assumed that the token information is lost
Effect is, it is necessary to which user terminal re-authentication, reacquires new token information.
The calibration equipment for the single-sign-on that the present embodiment proposes, carries when in the logger request that user terminal is sent
During token information, user data and token information are obtained from logging request, and records the time for receiving the logging request,
Token information is decrypted using decipherment algorithm corresponding with the first predetermined encryption algorithm and the key prestored
User data wherein included and voucher creation time are obtained, by the user data included in logging request and token information
Comprising user contrasted, while judge record time and get create the voucher time between time difference it is whether small
In predetermined threshold value, if so, then judge that the token message is legal, therefore judge that verification passes through, otherwise, it is determined that verification failure, from above-mentioned
Scheme can be seen that the token packets for being used to verify authority carried in logging request and contain user by encryption
Data, and a voucher generated time, after the token information decryption processings, you can get user data therein and
Voucher generated time, so that the user data with being included in logging request is contrasted, to realize to token information legitimacies
Verification, the program need not safeguard mapping relations between token information and user data in server end, it is not required that every time
Verification all according to the corresponding user information of mapping relationship searching, so as to fulfill the data volume that needs are safeguarded is reduced, and improves single
The effect for the verification efficiency that point logs in.
Alternatively, in other examples, the checking routine of single-sign-on can also be divided into one or more
Module, one or more module are stored in memory 11, and (the present embodiment is processor by one or more processors
12) performed to complete the present invention, the module alleged by the present invention is the series of computation machine program for referring to complete specific function
Instruction segment, for describing implementation procedure of the checking routine of single-sign-on in the calibration equipment of single-sign-on.
For example, referring to shown in Fig. 2, be single-sign-on of the present invention one embodiment of calibration equipment in single-sign-on verification
The program module schematic diagram of program, in the embodiment, the checking routine of single-sign-on can be divided into judgment module 10, obtain
Module 20, deciphering module 30 and correction verification module 40, exemplarily:
Judgment module 10 is used for:When receive user terminal transmission logging request when, judge be in the logging request
It is no to include the token information;
Acquisition module 20 is used for:If including token information in the logging request, obtained from the logging request
The token information and user data, and record the time for receiving the logging request;
Deciphering module 30 is used for:Using decipherment algorithm corresponding with the first predetermined encryption algorithm and prestore close
Key, decrypts the token information, to obtain the user data included in the token information and voucher creation time;
Correction verification module 40 is used for:By what is included in the user data included in the logging request and the token information
User data is contrasted, and judges whether the time difference between the time of record and the voucher creation time is less than default threshold
Value;
And if the user data included in the logging request and the user data one included in the token information
Cause and the time difference is less than predetermined threshold value, then judge that verification passes through;Otherwise, it is determined that verification failure.
The program modules such as above-mentioned judgment module 10, acquisition module 20, deciphering module 30 and correction verification module 40 are performed institute
Functions or operations step and above-described embodiment of realization are substantially the same, and details are not described herein.
In addition, the present invention also provides a kind of method of calibration of single-sign-on.It is single-sign-on of the present invention with reference to shown in Fig. 3
Method of calibration preferred embodiment flow chart.This method can be performed by device, which can be by software and/or hard
Part is realized.
In the present embodiment, the method for calibration of single-sign-on includes:
Step S10, when receiving the logging request of user terminal transmission, judges whether include in the logging request
The token information.
Step S20, if including token information in the logging request, from the logging request described in acquisition
Token information and user data, and record the time for receiving the logging request.
The method of calibration of the single-sign-on proposed below using single logging-on server as executive agent to embodiment is said
It is bright.The logging request that single logging-on server receives can be that user terminal directly transmits or user terminal is sent out
Send to operation system, single logging-on server is redirected to by operation system.Single logging-on server detects the login please
Whether there is token information in asking, if including token information, illustrate that this login of the user's terminal does not first log into,
Above-mentioned token information is when logging in before, is its distribution by single logging-on server.
Above-mentioned single logging-on server is that the implementation of user terminal distribution token information is:In user terminal first
During registering service system, or when detecting the token carried in logging request failures, token is distributed for user terminal.
Specifically,, please from the login if there is no token information in the logging request as a kind of embodiment
Middle acquisition user data is sought, wherein, being included at least in the user data has subscriber identity information and operation system mark;Ought
The preceding time obtains the key prestored as the voucher creation time;It is right based on the key and the first predetermined encryption algorithm
The user data and the voucher creation time are encrypted;The character string that encryption obtains is obtained, by the word
Symbol string is used as token information, and the token information is sent to the user terminal.
In certain embodiments, above-mentioned user data can include but is not limited to data below:Subscriber identity information, business
The information such as IP address of host where system banner, IP address, single logging-on server packet, agency.From logging request
Middle acquisition above- mentioned information, above- mentioned information is combined, wherein, utilize " | " to distinguish between information.Getting number of users
According to rear, obtain the key prestored in server, and using the key and the first predetermined encryption algorithm to user data and with
Card creation time is encrypted, wherein, the voucher creation time is current time, that is, time when being encrypted.Can
Selection of land, in certain embodiments, after user data and voucher creation time being distinguished encryption, then the combination to them
As a result one-time pad encryption processing is carried out again.
Specifically, based on the key and the first predetermined encryption algorithm, during to the user data and the voucher creation
Between the step of being encrypted include:
The user data is encrypted based on the key and the first predetermined encryption algorithm to generate the first encryption knot
Fruit, encrypts to generate the second encrypted result the voucher creation time based on the second predetermined encryption algorithm;Described first is added
Close result and second encrypted result synthesize a character string;Based on second predetermined encryption algorithm to the character string
Encryption.
For example, key is PK (V), the voucher creation time is cTime, then according to the knot obtained after above-mentioned steps encryption
Fruit Entoken=BASE64 ((AES (PK (V), Detoken) | | BASE64 (cTime)), wherein, Detoken is user data.
Above-mentioned first predetermined encryption algorithm can be aes algorithm, and the second predetermined encryption algorithm can be BASE64 algorithms, in other implementations
In example, other Encryption Algorithm can be selected as needed.
On the key used in the above process, deposited after key can be obtained from other channels by single logging-on server
Storage, or by single logging-on server key is generated according to following steps:
Current time is obtained, variable factor is generated according to current time and default fiducial time;Obtained from encryption equipment
A random string is taken, using the 3rd predetermined encryption algorithm to the random string and the variable factor encryption,
To generate the key and store.
Specifically, current time cTime and default fiducial time bTime is obtained, calculates variable factor V=
(cTime-bTime)/bTime, obtains a random string SEED, to variable factor V and random words from encryption equipment
Symbol string SEED encryptions, wherein the 3rd predetermined encryption algorithm can be HMAC_SHA_1 algorithms.Generate the detailed process of key
It is as follows:
PK (V)=HOTP (SEED, V) | | HOTP (SEED, V+1), wherein, " | | " it is connector;
HOTP (K, C)=(HMAC_SHA_1 (K ', C ') &0x7FFFFFFF) mod 10d, wherein, K ' is the hash number of K
According to the hash data that, C ' is C, using SEED and V as K, C value bring into above-mentioned formula be calculated HOTP (SEED, V) and
HOTP (SEED, V+1).HASH hash is carried out using HMAC_SHA_1 algorithms, the hexadecimal of 20 byte 40 can be obtained
Numeral, mod are complementation, and the d power modular arithmetics with 10 obtain a numerical password of d.Wherein, HOTP is that one kind is based on
The one-time password algorithm of HMAC, HMAC (Hash Message Authentication Code, Hashed Message Authorization Code) are calculated
Method mainly utilizes hash algorithm, using a key and a message as input, generates an eap-message digest as output, it can
Used with being bundled with any iteration hash function, for example, with SHA_1 (Secure Hash Algorithm, secure Hash hash)
Algorithm binding uses composition HMAC_SHA_1 algorithms.
In the manner described above generate token information after, single logging-on server using the result that encryption obtains as
Token information is sent to user terminal and is stored, and user terminal carries token letters in the logging request subsequently sent
Breath, for example, to when there are other operation systems of trusting relationship to send logging request between above-mentioned operation system, carrying should
Token information, it is possible to achieve only need to log in the application system that can once access all mutual trusts.
If including token information in logging request, the token information included in request and user data are obtained, together
Shi Jilu receives the time during logging request, and next the legitimacy of the token information to getting verifies.
Step S30, using decipherment algorithm corresponding with the first predetermined encryption algorithm and the key prestored, to described
Token information is decrypted, to obtain the user data included in the token information and voucher creation time.
Step S40, the user data that will be included in the user data included in the logging request and the token information
Contrasted, and judge whether the time difference between the time of record and the voucher creation time is less than predetermined threshold value.
Step S50, if the user data included in the logging request and the user data included in the token information
Unanimously and the time difference is less than predetermined threshold value, then judges that verification passes through.
Step S60, otherwise, it is determined that verification failure.
Token information is decrypted, is an inverse operation to above-mentioned ciphering process on the process nature of decryption,
It is decrypted according to the first predetermined encryption algorithm and the key prestored.
By taking Entoken=BASE64 [AES (PK (V), Detoken) | | BASE64 (cTime)] as an example, then when decrypting, press
According to following process:
According to BASE64.decode (BASE64 [and AES (PK (V), Detoken) | | BASE64 (cTime)) computing, obtain
AES (PK (V), Detoken) and BASE64 (cTime), then obtain user data Detoken wherein included by following computing
With voucher creation time cTime:
DeToken=BASE64.decode (AES.decode (DeToken ')), wherein, DeToken '=AES (PK
(V), Detoken);
CTime=BASE64.decode (cTime '), wherein, cTime '=BASE64 (cTime).
The user data got from token information and the user data included in logging request are contrasted, together
When judge time difference between voucher creation time for being included in token information and current time with whether being less than the default threshold
Value, if the user data got in token information is consistent with the user data included in logging request, and the time difference is less than this
Predetermined threshold value, then verification pass through, it is allowed to the direct registering service system of user, if the user data included in logging request with
The user data included in token information is inconsistent and/or the time difference is greater than or equal to predetermined threshold value, judges verification failure, to
User terminal returns to login interface, is logged in again after inputting account and password for user.It should be noted that above-mentioned default threshold
It is worth the term of validity of a token information to be set at single logging-on server, when beyond this threshold value, then it is assumed that the token
Information fails, it is necessary to which user terminal re-authentication, reacquires new token information.
The method of calibration for the single-sign-on that the present embodiment proposes, carries when in the logger request that user terminal is sent
During token information, user data and token information are obtained from logging request, and records the time for receiving the logging request,
Token information is decrypted using decipherment algorithm corresponding with the first predetermined encryption algorithm and the key prestored
User data wherein included and voucher creation time are obtained, by the user data included in logging request and token information
Comprising user contrasted, while judge record time and get create the voucher time between time difference it is whether small
In predetermined threshold value, if so, then judge that the token message is legal, therefore judge that verification passes through, otherwise, it is determined that verification failure, from above-mentioned
Scheme can be seen that the token packets for being used to verify authority carried in logging request and contain user by encryption
Data, and a voucher generated time, after the token information decryption processings, you can get user data therein and
Voucher generated time, so that the user data with being included in logging request is contrasted, to realize to token information legitimacies
Verification, the program need not safeguard mapping relations between token information and user data in server end, it is not required that every time
Verification all according to the corresponding user information of mapping relationship searching, so as to fulfill the data volume that needs are safeguarded is reduced, and improves single
The effect for the verification efficiency that point logs in.
In addition, the embodiment of the present invention also proposes a kind of computer-readable recording medium, the computer-readable recording medium
On be stored with the checking routine of single-sign-on, the checking routine of the single-sign-on can be executed by one or more processors, with
Realize following operation:
When receiving the logging request of user terminal transmission, judge whether to include in the logging request described
Token information;
If including token information in the logging request, obtained from the logging request token information and
User data, and record the time for receiving the logging request;
Using decipherment algorithm corresponding with the first predetermined encryption algorithm and the key prestored, the token is believed
Breath decryption, to obtain the user data included in the token information and voucher creation time;
The user data included in the user data included in the logging request and the token information is carried out pair
Than, and judge whether the time difference between the time of record and the voucher creation time is less than predetermined threshold value;
If the user data included in the logging request it is consistent with the user data included in the token information and
The time difference is less than predetermined threshold value, then judges that verification passes through;
Otherwise, it is determined that verification failure.
Further, following operation is also realized when the checking routine of the single-sign-on is executed by processor:
If not having token information in the logging request, user data is obtained from the logging request, wherein, institute
State to include at least in user data and have subscriber identity information and operation system mark;
Using current time as the voucher creation time, and obtain the key prestored;
Based on the key and the first predetermined encryption algorithm, the user data and the voucher creation time are added
Close processing;
The obtained character string of encryption is obtained, using the character string as token information, and by the token information
Send to the user terminal.
Further, it is described to be based on the key and the first predetermined encryption algorithm, to the user data and the voucher
The step of creation time is encrypted includes:
The user data is encrypted based on the key and the first predetermined encryption algorithm to generate the first encryption knot
Fruit, encrypts to generate the second encrypted result the voucher creation time based on the second predetermined encryption algorithm;
First encrypted result and second encrypted result are synthesized into a character string;
Based on second predetermined encryption algorithm to the character string encryption.
The calibration equipment and method of computer-readable recording medium embodiment of the present invention and above-mentioned single-sign-on are each
Embodiment is essentially identical, does not make tired state herein.
It should be noted that the embodiments of the present invention are for illustration only, the quality of embodiment is not represented.And
Term " comprising " herein, "comprising" or any other variant thereof is intended to cover non-exclusive inclusion, so that bag
To include process, device, article or the method for a series of elements not only include those key elements, but also including being not explicitly listed
Other element, or further include as this process, device, article or the intrinsic key element of method.Do not limiting more
In the case of, the key element that is limited by sentence "including a ...", it is not excluded that in the process including the key element, device, article
Or also there are other identical element in method.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on such understanding, technical scheme substantially in other words does the prior art
Going out the part of contribution can be embodied in the form of software product, which is stored in one as described above
In storage medium (such as ROM/RAM, magnetic disc, CD), including some instructions use so that a station terminal equipment (can be mobile phone,
Computer, server, or network equipment etc.) perform method described in each embodiment of the present invention.
It these are only the preferred embodiment of the present invention, be not intended to limit the scope of the invention, it is every to utilize this hair
The equivalent structure or equivalent flow shift that bright specification and accompanying drawing content are made, is directly or indirectly used in other relevant skills
Art field, is included within the scope of the present invention.
Claims (10)
1. a kind of calibration equipment of single-sign-on, it is characterised in that described device includes memory and processor, the memory
On be stored with the checking routine of the single-sign-on that can be run on the processor, the checking routine of the single-sign-on is described
Processor realizes following steps when performing:
When receiving the logging request of user terminal transmission, judge whether include the token letters in the logging request
Breath;
If including token information in the logging request, the token information and user are obtained from the logging request
Data, and record the time for receiving the logging request;
Using decipherment algorithm corresponding with the first predetermined encryption algorithm and the key prestored, to the token information solution
It is close, to obtain the user data included in the token information and voucher creation time;
The user data included in the logging request is contrasted with the user data included in the token information, and
Judge whether the time difference between the time of record and the voucher creation time is less than predetermined threshold value;
If the user data included in the logging request and the user data included in the token information are consistent and described
Time difference is less than predetermined threshold value, then judges that verification passes through;
Otherwise, it is determined that verification failure.
2. the calibration equipment of single-sign-on as claimed in claim 1, it is characterised in that the checking routine of the single-sign-on is also
It can be performed by the processor, when receiving the logging request of user terminal transmission, to judge that the login please described
After asking the step of whether including the token information, to realize following steps:
If not having token information in the logging request, user data is obtained from the logging request, wherein, the use
Being included at least in user data has subscriber identity information and operation system mark;
Using current time as the voucher creation time, and obtain the key prestored;
Based on the key and the first predetermined encryption algorithm, place is encrypted to the user data and the voucher creation time
Reason;
The character string that encryption obtains is obtained, using the character string as token information, and the token information is sent
To the user terminal.
3. the calibration equipment of single-sign-on as claimed in claim 2, it is characterised in that described pre- based on the key and first
If Encryption Algorithm, the step of user data and the voucher creation time are encrypted, includes:
The user data is encrypted based on the key and the first predetermined encryption algorithm to generate the first encrypted result, base
The voucher creation time is encrypted to generate the second encrypted result in the second predetermined encryption algorithm;
First encrypted result and second encrypted result are synthesized into a character string;
Based on second predetermined encryption algorithm to the character string encryption.
4. the calibration equipment of single-sign-on as claimed in claim 3, it is characterised in that first Encryption Algorithm adds to be advanced
Data Encryption Standard aes algorithm, the second encryption predetermined encryption algorithm is BASE64 algorithms.
5. the calibration equipment of single-sign-on according to any one of claims 1 to 4, it is characterised in that the single-sign-on
Checking routine can also be performed by the processor, with it is described when receive user terminal transmission logging request when, judge
Before the step of whether including the token information in the logging request, following steps are also realized:
Current time is obtained, variable factor is generated according to current time and default fiducial time;
From encryption equipment obtain a random string, using the 3rd predetermined encryption algorithm to the random string and it is described can
Variable factor encryption, to generate the key and store.
A kind of 6. method of calibration of single-sign-on, it is characterised in that the described method includes:
When receiving the logging request of user terminal transmission, judge whether include the token letters in the logging request
Breath;
If including token information in the logging request, the token information and user are obtained from the logging request
Data, and record the time for receiving the logging request;
Using decipherment algorithm corresponding with the first predetermined encryption algorithm and the key prestored, to the token information solution
It is close, to obtain the user data included in the token information and voucher creation time;
The user data included in the logging request is contrasted with the user data included in the token information, and
Judge whether the time difference between the time of record and the voucher creation time is less than predetermined threshold value;
If the user data included in the logging request and the user data included in the token information are consistent and described
Time difference is less than predetermined threshold value, then judges that verification passes through;
Otherwise, it is determined that verification failure.
7. the method for calibration of single-sign-on as claimed in claim 6, it is characterised in that described to receive user terminal transmission
Logging request when, after the step of judging whether to include the token information in the logging request, the method is also wrapped
Include following steps:
If not having token information in the logging request, user data is obtained from the logging request, wherein, the use
Being included at least in user data has subscriber identity information and operation system mark;
Using current time as the voucher creation time, and obtain the key prestored;
Based on the key and the first predetermined encryption algorithm, place is encrypted to the user data and the voucher creation time
Reason;
The character string that encryption obtains is obtained, using the character string as token information, and the token information is sent
To the user terminal.
8. the method for calibration of single-sign-on as claimed in claim 7, it is characterised in that described pre- based on the key and first
If Encryption Algorithm, the step of user data and the voucher creation time are encrypted, includes:
The user data is encrypted based on the key and the first predetermined encryption algorithm to generate the first encrypted result, base
The voucher creation time is encrypted to generate the second encrypted result in the second predetermined encryption algorithm;
First encrypted result and second encrypted result are synthesized into a character string;
Based on second predetermined encryption algorithm to the character string encryption.
9. the method for calibration of the single-sign-on as any one of claim 6 to 8, it is characterised in that described to receive
During the logging request that user terminal is sent, before the step of judging whether to include the token information in the logging request,
The method further includes following steps:
Current time is obtained, variable factor is generated according to current time and default fiducial time;
From encryption equipment obtain a random string, using the 3rd predetermined encryption algorithm to the random string and it is described can
Variable factor encryption, to generate the key and store.
10. a kind of computer-readable recording medium, it is characterised in that be stored with single-point on the computer-readable recording medium and step on
The checking routine of record, the checking routine of the single-sign-on can be performed by one or more processor, to realize that right such as will
The step of seeking the method for calibration of the single-sign-on any one of 6 to 9.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711131291.8A CN108023874B (en) | 2017-11-15 | 2017-11-15 | Single sign-on verification device and method and computer readable storage medium |
PCT/CN2018/076107 WO2019095567A1 (en) | 2017-11-15 | 2018-02-10 | Single sign-on verification device, method, and computer readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711131291.8A CN108023874B (en) | 2017-11-15 | 2017-11-15 | Single sign-on verification device and method and computer readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108023874A true CN108023874A (en) | 2018-05-11 |
CN108023874B CN108023874B (en) | 2020-11-03 |
Family
ID=62079914
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711131291.8A Active CN108023874B (en) | 2017-11-15 | 2017-11-15 | Single sign-on verification device and method and computer readable storage medium |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN108023874B (en) |
WO (1) | WO2019095567A1 (en) |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108809991A (en) * | 2018-06-15 | 2018-11-13 | 北京云枢网络科技有限公司 | A method of the client side verification based on SDK dynamic watermarks |
CN109190341A (en) * | 2018-07-26 | 2019-01-11 | 平安科技(深圳)有限公司 | A kind of login management system and method |
CN109639711A (en) * | 2018-12-29 | 2019-04-16 | 成都康赛信息技术有限公司 | A kind of Distributed C AS authentication method based on privately owned chain session id |
CN109948333A (en) * | 2019-03-08 | 2019-06-28 | 北京顺丰同城科技有限公司 | A kind of safety defense method and device of account attack |
CN110191090A (en) * | 2019-04-25 | 2019-08-30 | 平安科技(深圳)有限公司 | Method of calibration, device, computer equipment and the storage medium of single-sign-on |
CN110417906A (en) * | 2019-08-05 | 2019-11-05 | 中国联合网络通信集团有限公司 | Information call method and equipment |
CN111061718A (en) * | 2019-12-19 | 2020-04-24 | 中国建设银行股份有限公司 | Data checking method and device |
CN112019505A (en) * | 2020-07-22 | 2020-12-01 | 北京达佳互联信息技术有限公司 | Login method, device, server, electronic equipment and storage medium |
CN112836206A (en) * | 2019-11-22 | 2021-05-25 | 腾讯科技(深圳)有限公司 | Login method, device, storage medium and computer equipment |
CN113812125A (en) * | 2019-08-15 | 2021-12-17 | 奇安信安全技术(珠海)有限公司 | Login behavior verification method, device and system, storage medium and electronic device |
CN114124534A (en) * | 2021-11-24 | 2022-03-01 | 航天信息股份有限公司 | Data interaction system and method |
CN114338196A (en) * | 2021-12-30 | 2022-04-12 | 湖南快乐阳光互动娱乐传媒有限公司 | User identity authentication method and device |
CN114363090A (en) * | 2022-03-02 | 2022-04-15 | 工业互联网创新中心(上海)有限公司 | Method for realizing single sign-on platform of multi-application system and management system |
CN114500097A (en) * | 2022-03-03 | 2022-05-13 | 中国农业银行股份有限公司四川省分行 | Verification mechanism based on single sign-on of Web system |
CN115225354A (en) * | 2022-07-07 | 2022-10-21 | 通号智慧城市研究设计院有限公司 | Multi-application single sign-on method, device, computer equipment and medium |
CN117336102A (en) * | 2023-11-30 | 2024-01-02 | 北京冠程科技有限公司 | Identity authentication system with multiple verification and authentication method thereof |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1323508C (en) * | 2003-12-17 | 2007-06-27 | 上海市高级人民法院 | A Single Sign On method based on digital certificate |
CN101060520A (en) * | 2006-04-21 | 2007-10-24 | 盛趣信息技术(上海)有限公司 | Token-based SSO authentication system |
US20140082715A1 (en) * | 2012-09-19 | 2014-03-20 | Secureauth Corporation | Mobile multifactor single-sign-on authentication |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103139200B (en) * | 2013-01-06 | 2016-06-15 | 深圳市元征科技股份有限公司 | A kind of method of Web service single-sign-on |
CN107070880A (en) * | 2017-02-16 | 2017-08-18 | 济南浪潮高新科技投资发展有限公司 | A kind of method and system of single-sign-on, a kind of authentication center's server |
-
2017
- 2017-11-15 CN CN201711131291.8A patent/CN108023874B/en active Active
-
2018
- 2018-02-10 WO PCT/CN2018/076107 patent/WO2019095567A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1323508C (en) * | 2003-12-17 | 2007-06-27 | 上海市高级人民法院 | A Single Sign On method based on digital certificate |
CN101060520A (en) * | 2006-04-21 | 2007-10-24 | 盛趣信息技术(上海)有限公司 | Token-based SSO authentication system |
US20140082715A1 (en) * | 2012-09-19 | 2014-03-20 | Secureauth Corporation | Mobile multifactor single-sign-on authentication |
Cited By (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108809991A (en) * | 2018-06-15 | 2018-11-13 | 北京云枢网络科技有限公司 | A method of the client side verification based on SDK dynamic watermarks |
CN109190341A (en) * | 2018-07-26 | 2019-01-11 | 平安科技(深圳)有限公司 | A kind of login management system and method |
CN109190341B (en) * | 2018-07-26 | 2024-03-15 | 平安科技(深圳)有限公司 | Login management system and method |
CN109639711A (en) * | 2018-12-29 | 2019-04-16 | 成都康赛信息技术有限公司 | A kind of Distributed C AS authentication method based on privately owned chain session id |
CN109948333A (en) * | 2019-03-08 | 2019-06-28 | 北京顺丰同城科技有限公司 | A kind of safety defense method and device of account attack |
CN110191090A (en) * | 2019-04-25 | 2019-08-30 | 平安科技(深圳)有限公司 | Method of calibration, device, computer equipment and the storage medium of single-sign-on |
WO2020215698A1 (en) * | 2019-04-25 | 2020-10-29 | 平安科技(深圳)有限公司 | Single sign-on verification method, device, computer apparatus, and storage medium |
CN110417906A (en) * | 2019-08-05 | 2019-11-05 | 中国联合网络通信集团有限公司 | Information call method and equipment |
CN113812125A (en) * | 2019-08-15 | 2021-12-17 | 奇安信安全技术(珠海)有限公司 | Login behavior verification method, device and system, storage medium and electronic device |
CN113812125B (en) * | 2019-08-15 | 2023-10-20 | 奇安信安全技术(珠海)有限公司 | Verification method and device for login behavior, system, storage medium and electronic device |
CN112836206A (en) * | 2019-11-22 | 2021-05-25 | 腾讯科技(深圳)有限公司 | Login method, device, storage medium and computer equipment |
CN111061718A (en) * | 2019-12-19 | 2020-04-24 | 中国建设银行股份有限公司 | Data checking method and device |
CN112019505A (en) * | 2020-07-22 | 2020-12-01 | 北京达佳互联信息技术有限公司 | Login method, device, server, electronic equipment and storage medium |
CN114124534A (en) * | 2021-11-24 | 2022-03-01 | 航天信息股份有限公司 | Data interaction system and method |
CN114338196A (en) * | 2021-12-30 | 2022-04-12 | 湖南快乐阳光互动娱乐传媒有限公司 | User identity authentication method and device |
CN114363090A (en) * | 2022-03-02 | 2022-04-15 | 工业互联网创新中心(上海)有限公司 | Method for realizing single sign-on platform of multi-application system and management system |
CN114500097A (en) * | 2022-03-03 | 2022-05-13 | 中国农业银行股份有限公司四川省分行 | Verification mechanism based on single sign-on of Web system |
CN115225354A (en) * | 2022-07-07 | 2022-10-21 | 通号智慧城市研究设计院有限公司 | Multi-application single sign-on method, device, computer equipment and medium |
CN117336102A (en) * | 2023-11-30 | 2024-01-02 | 北京冠程科技有限公司 | Identity authentication system with multiple verification and authentication method thereof |
CN117336102B (en) * | 2023-11-30 | 2024-03-01 | 北京冠程科技有限公司 | Identity authentication system with multiple verification and authentication method thereof |
Also Published As
Publication number | Publication date |
---|---|
CN108023874B (en) | 2020-11-03 |
WO2019095567A1 (en) | 2019-05-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108023874A (en) | Calibration equipment, method and the computer-readable recording medium of single-sign-on | |
CN110493197B (en) | Login processing method and related equipment | |
US8132020B2 (en) | System and method for user authentication with exposed and hidden keys | |
JP5860815B2 (en) | System and method for enforcing computer policy | |
CN110401615B (en) | Identity authentication method, device, equipment, system and readable storage medium | |
US7100048B1 (en) | Encrypted internet and intranet communication device | |
JP4240297B2 (en) | Terminal device, authentication terminal program, device authentication server, device authentication program | |
US8619986B2 (en) | Systems and methods for secure communication using a communication encryption bios based upon a message specific identifier | |
CN109150910A (en) | Log in token generation and verification method, device and storage medium | |
US20080148057A1 (en) | Security token | |
US20040177248A1 (en) | Network connection system | |
CN102595213B (en) | Security certificate method and system of credible TV terminal | |
CN107241184B (en) | Personal password generation and management method based on improved AES | |
CN101621794A (en) | Method for realizing safe authentication of wireless application service system | |
US20110078784A1 (en) | Vpn system and method of controlling operation of same | |
KR20150059347A (en) | Mobile terminal, terminal and method for authentication using security cookie | |
CN108449315A (en) | Ask calibration equipment, method and the computer readable storage medium of legitimacy | |
US7941830B1 (en) | Authentication protocol for network security services | |
CN110856170B (en) | Data transmission method and device and communication system of Internet of things | |
CN114844644A (en) | Resource request method, device, electronic equipment and storage medium | |
CN114244508A (en) | Data encryption method, device, equipment and storage medium | |
CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
US20100146605A1 (en) | Method and system for providing secure online authentication | |
CN102027728B (en) | Method and system for defeating the man in the middle computer hacking technique | |
CN106685938B (en) | A kind of method and apparatus generating protection configuration for login page |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |