CN109040030B - Single sign-on method and system - Google Patents
Single sign-on method and system Download PDFInfo
- Publication number
- CN109040030B CN109040030B CN201810783415.9A CN201810783415A CN109040030B CN 109040030 B CN109040030 B CN 109040030B CN 201810783415 A CN201810783415 A CN 201810783415A CN 109040030 B CN109040030 B CN 109040030B
- Authority
- CN
- China
- Prior art keywords
- authorization code
- authentication
- user
- application
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Telephonic Communication Services (AREA)
Abstract
The embodiment of the invention provides a single sign-on method and a single sign-on system. The system comprises: the system comprises a working area, an authentication client and an authentication server, wherein the working area is integrated with a plurality of single sign-on application systems, the authentication client is used for receiving account information or identity authentication information input by a user, and the working area is accessed when the account information or the identity authentication information is correct; the application system is used for sending a request for obtaining the authorization code to the authentication client after receiving an opening instruction of a user, receiving the authorization code sent by the authentication client and sending the authorization code to the authentication server; the authentication client is also used for obtaining the authorization code through the authentication server and returning the authorization code to the application system; the authentication server is also used for verifying the authorization code sent by the application system, and after the authorization code is successfully verified, the account information is sent to the application system so that the application system can log in. The embodiment of the invention avoids the account information from being transmitted on the network, and improves the safety.
Description
Technical Field
The embodiment of the invention relates to the technical field of computers, in particular to a single sign-on method and a single sign-on system.
Background
At present, mobile office is more and more common in large enterprises, but application systems of various services all need different identity authentication, a user needs to frequently perform identity authentication when switching from one application system to another application system, inconvenience is brought to office staff, single sign-on provides a solution for integrating mobile office services, and the user can access all mutually trusted application systems only by logging on once.
At present, single sign-on is realized by a plurality of methods, but a large number of network interaction processes are required, account information logged in by a user needs to be transmitted on the internet, the risk of being attacked by an external network exists in the transmission process, and the safety of an application system cannot be guaranteed.
Disclosure of Invention
Aiming at the problems in the prior art, the embodiment of the invention provides a single sign-on method and a single sign-on system.
In one aspect, an embodiment of the present invention provides a single sign-on system, where the system includes:
the system comprises a working area, an authentication client and an authentication server, wherein the working area is integrated with a plurality of single sign-on application systems, the authentication client is an entrance of the working area, and the authentication client is used for:
the authentication client is used for receiving account information or identity authentication information input by a user, and entering a working area when the account information or the identity authentication information input by the user is correct;
the application system is used for sending a request for obtaining the authorization code to the authentication client after receiving an opening instruction of a user, receiving the authorization code sent by the authentication client and sending the authorization code to the authentication server;
the authentication client is further configured to receive a request for obtaining an authorization code sent by an application system, obtain the authorization code through the authentication server, and return the authorization code to the application system;
the authentication server is further configured to verify the authorization code sent by the application system, and send the account information to the application system after the verification is successful, so that the application system logs in.
In another aspect, an embodiment of the present invention provides a single sign-on method, where the method includes:
the authentication client receives account information or identity authentication information input by a user, and enters a working area when the account information or the identity authentication information input by the user is correct;
after receiving an opening instruction of a user, an application system sends a request for obtaining an authorization code to an authentication client;
the authentication client receives a request for obtaining the authorization code sent by the application system, obtains the authorization code through the authentication server, and returns the authorization code to the application system;
the application system receives an authorization code sent by the authentication client and sends the authorization code to the authentication server;
the authentication server verifies the authorization code sent by the application system, and after the authorization code is successfully verified, the account information is sent to the application system so that the application system can log in.
In another aspect, an embodiment of the present invention further provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the single sign-on method when executing the program.
In another aspect, an embodiment of the present invention further provides a non-transitory computer readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the single sign-on method as described above.
The embodiment of the invention verifies the application system through the authentication server, thereby avoiding the transmission of account information on the network and improving the security of single sign-on.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a single sign-on system according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a single sign-on method according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating a single sign-on method according to another embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
Fig. 1 shows a schematic structural diagram of a single sign-on system according to an embodiment of the present invention.
The single sign-on system provided by the embodiment of the invention comprises: the single sign-on system comprises a working area, an authentication client and an authentication server, wherein the working area is integrated with a plurality of single sign-on application systems, the authentication client is an entrance of the working area, and referring to fig. 1, a structural schematic diagram of the single sign-on system provided by the embodiment of the invention is illustrated by taking one application system as an example:
the authentication client is used for receiving account information or identity authentication information input by a user, and entering a working area when the account information or the identity authentication information input by the user is correct;
the application system is used for sending a request for obtaining the authorization code to the authentication client after receiving an opening instruction of a user, receiving the authorization code sent by the authentication client and sending the authorization code to the authentication server;
the authentication client is further configured to receive a request for obtaining an authorization code sent by an application system, obtain the authorization code through the authentication server, and return the authorization code to the application system;
the authentication server is further configured to verify the authorization code sent by the application system, and send the account information to the application system after the verification is successful, so that the application system logs in.
The embodiment of the invention verifies the application system through the authentication server, thereby avoiding the transmission of account information on the network and improving the security of single sign-on.
The working area provided by the embodiment of the invention provides the single sign-on capability for trusted applications, all application systems for performing single sign-on are integrated in the working area, the authentication client is an entrance of the working area, and before a user enters the working area, the user can unlock the interface of the working area by inputting an account password or specific identity authentication (such as gesture authentication and the like), so that each application in the working area is used, and the authentication client provides security guarantee for caller identity for the working area.
After receiving an opening instruction of a user, each application system in the working area obtains an authorization code from the authentication client. After receiving a request for obtaining an authorization code sent by an application system, an authentication client requests an authentication server to obtain the authorization code by carrying an identifier of the application system, and then sends the obtained authorization code to the application system. After obtaining the authorization code, the application system sends the authorization code to the authentication server to verify whether the application is a trusted application. And after the authentication server completes the authentication of the application system, if the authentication is successful, the account information registered by the user is sent to the application system, so that the single-point login of the application system is realized.
The working area provides single sign-on for all application systems, for example, aiming at mobile office business, the working area provides a whole set of mobile office single sign-on, only once login is needed in the working area, all mobile office applications do not need to log in by self, and the mobile office applications can work by directly opening.
It should be noted that the above interaction processes are all background operations, and the user does not perceive the interaction processes, thereby improving the user experience.
The single sign-on system provided by the embodiment of the invention verifies the application system through the authentication server, and opens the trusted application system in the working area without frequently inputting passwords, so that the single sign-on of each application system is realized, and the single sign-on system is safe and efficient.
Specifically, after receiving a request for obtaining an authorization code sent by an application system, the authentication client sends the request for obtaining the authorization code carrying the application system identifier (such as an application system package name) to the authentication server;
and the authentication server receives a request for obtaining the authorization code sent by the authentication client, randomly generates an encrypted authorization code, and sends the generated authorization code to the authentication client.
In a specific implementation process, an authorization code acquired by an application system from an authentication client is acquired by the authentication client through an authentication service and is an encrypted character string code randomly generated by an authentication server, so that when the application system carries the authorization code to verify the authentication server, the authentication server can recognize that the authorization code is the authentication code issued by the authentication server, a user who opens the application system can be considered as a trusted user, account information registered by the user is sent to the application system, the application system logs in, the application system can be directly opened without inputting the account information, and single-point login is realized.
On the basis of the above embodiment, the application system includes: an application client and an application server, wherein:
the application client is used for sending a request for obtaining the authorization code to the authentication client after receiving an opening instruction of a user, and is also used for sending the authorization code to the corresponding application server after receiving the authorization code sent by the authentication client;
the application server is used for receiving the authorization code sent by the application client and sending the authorization code to the authentication server;
and the authentication server is used for verifying the authorization code sent by the application server, and sending the account information to the application server after the authorization code is successfully verified so as to log in the application server.
In the interaction process, the authentication of the authorization code and the interaction of the account information are both performed between the application server and the authentication server, and the account information is not transmitted on the internet in the interaction process of realizing single sign-on, so that the security of the account information is improved.
Usually, the authentication server is deployed in an intranet, and the application server can be deployed in a public network or an intranet, so that the authentication server only interacts with the application server of a fixed IP, the probability that the authentication server is attacked by an extranet can be reduced, and the security of a network channel is improved. The application server is deployed in the intranet, so that the interaction of the account information can be carried out between the intranets, and the safety and the speed can be guaranteed.
The authentication server is further configured to destroy the authorization code after the authorization code sent by the application server is verified.
Specifically, the authorization code is a disposable random code, the working area and the application client are not stored, and the authentication server completes direct destruction after verification, so that the authorization code can be prevented from being stolen, and the verification safety is improved.
On the basis of the above embodiment, the embodiment of the present invention further includes:
the working area is used for starting the authentication client after receiving an opening instruction of a user;
the authentication client is used for receiving account information input by a user during first login, receiving identity authentication information set by the user, and verifying the identity authentication information input by the user when the user logs in again within no more than specified days;
and the system is also used for prompting the user to re-input the account information and verifying the account information input by the user when the user logs in again after the specified number of days is exceeded.
Specifically, the working area needs to be provided with an authentication client at first, the authentication client is called when the registration working area is activated for the first time, the user is prompted to input account information (including a user name and a password), the user is prompted to set identity authentication information after the account information is passed, and the user enters the working area after the identity authentication information is set.
When the user enters the working area again, the user can enter the working area only by inputting the identity authentication information once; if the number of days is more than a certain number, the user logs in again and needs to input the user name and the password again.
Specifically, the identity authentication information set by the user includes: gestures, passwords, and fingerprints.
The embodiment of the invention also provides a single sign-on method.
Fig. 2 shows a schematic flow chart of the single sign-on method according to the embodiment of the present invention.
Referring to fig. 2, the single sign-on method provided in the embodiment of the present invention specifically includes the following steps:
s11, the authentication client receives the account information or the identity authentication information input by the user, and enters a working area when the account information or the identity authentication information input by the user is correct;
s12, after receiving the opening instruction of the user, the application system sends a request for obtaining the authorization code to the authentication client;
s13, the authentication client receives a request for obtaining the authorization code sent by the application system, obtains the authorization code through the authentication server, and returns the authorization code to the application system;
s14, the application system receives the authorization code sent by the authentication client and sends the authorization code to the authentication server;
and S15, the authentication server verifies the authorization code sent by the application system, and after the verification is successful, the account information is sent to the application system so that the application system can log in.
According to the single sign-on method provided by the embodiment of the invention, the application system is verified through the authentication server, so that the account information is prevented from being transmitted on the network, and the safety of the single sign-on is improved.
Specifically, the obtaining, by the authentication client, the authorization code through the authentication server includes:
after receiving a request for obtaining an authorization code sent by an application system, an authentication client sends the request for obtaining the authorization code carrying an application system identifier to the authentication server;
and the authentication server receives a request for obtaining the authorization code sent by the authentication client, randomly generates an encrypted authorization code, and sends the generated authorization code to the authentication client.
Specifically, the method further comprises:
the application client sends a request for obtaining an authorization code to the authentication client after receiving an opening instruction of a user, and sends the authorization code to a corresponding application server after receiving the authorization code sent by the authentication client;
the application server receives an authorization code sent by the application client and sends the authorization code to the authentication server;
the authentication server verifies the authorization code sent by the application server, and after verification is successful, the account information is sent to the application server so that the application server can log in.
Specifically, the method further comprises:
and the authentication server destroys the authorization code after the authorization code sent by the application server is verified.
Specifically, the method further comprises:
after receiving an opening instruction of a user, the working area starts the authentication client;
the authentication client receives account information input by a user when logging in for the first time, receives identity authentication information set by the user, and verifies the identity authentication information input by the user when the user logs in again within no more than specified days;
and when the user logs in again after the number of days exceeds the specified number, the authentication client prompts the user to input account information again and verifies the account information input by the user.
Specifically, the identity authentication information set by the user includes: gestures, passwords, and fingerprints.
The single sign-on method provided by the embodiment of the invention is explained in detail by using specific examples.
Fig. 3 is a flowchart illustrating a single sign-on method according to another embodiment of the present invention.
Referring to fig. 3, 360ID is an authentication client, 360ID server is an authentication server, OA application is an APP of a cell phone workspace, and the cell phone workspace provides single sign-on capability for all application systems.
The single sign-on method provided by the embodiment of the invention specifically comprises a process of entering the celestial computer working area and a process of opening the OA system.
The process of entering the celestial body working area specifically comprises the following steps:
a user opens a celestial computer working area; the 360ID client is automatically awakened; the 360ID client side carries out identity authentication to the 360ID server; and entering a celestial machine working area after the verification is successful.
The process of opening the OA system specifically includes the following steps:
the user opens the OA application; the OA application invokes 360 the ID client; the 360ID client side obtains the authorization code through the 360ID server; the 360ID client transmits the authorization code to the OA application; the OA application will transmit the authorization code to the OA server; the OA application transmits the authorization code to the OA server; the OA server sends the authorization code to the 360ID server; and after the 360ID server successfully verifies, the account information is sent to the OA server for logging in.
An embodiment of the present invention further provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the method shown in fig. 2 is implemented.
Fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
As shown in fig. 4, the electronic device provided by the embodiment of the present invention includes a memory 21, a processor 22, a bus 23, and a computer program stored on the memory 21 and executable on the processor 22. The memory 21 and the processor 22 complete communication with each other through the bus 23.
The processor 22 is used to call the program instructions in the memory 21 to implement the method of fig. 2 when executing the program.
For example, the processor implements the following method when executing the program:
the authentication client receives account information or identity authentication information input by a user, and enters a working area when the account information or the identity authentication information input by the user is correct;
after receiving an opening instruction of a user, an application system sends a request for obtaining an authorization code to an authentication client;
the authentication client receives a request for obtaining the authorization code sent by the application system, obtains the authorization code through the authentication server, and returns the authorization code to the application system;
the application system receives an authorization code sent by the authentication client and sends the authorization code to the authentication server;
the authentication server verifies the authorization code sent by the application system, and after the authorization code is successfully verified, the account information is sent to the application system so that the application system can log in.
According to the electronic equipment provided by the embodiment of the invention, the application system is verified through the authentication server, so that account information is prevented from being transmitted on the network, and the security of single sign-on is improved.
An embodiment of the present invention also provides a non-transitory computer readable storage medium, on which a computer program is stored, and the program, when executed by a processor, implements the steps of fig. 2.
For example, the processor implements the following method when executing the program:
the authentication client receives account information or identity authentication information input by a user, and enters a working area when the account information or the identity authentication information input by the user is correct;
after receiving an opening instruction of a user, an application system sends a request for obtaining an authorization code to an authentication client;
the authentication client receives a request for obtaining the authorization code sent by the application system, obtains the authorization code through the authentication server, and returns the authorization code to the application system;
the application system receives an authorization code sent by the authentication client and sends the authorization code to the authentication server;
the authentication server verifies the authorization code sent by the application system, and after the authorization code is successfully verified, the account information is sent to the application system so that the application system can log in.
The non-transitory computer readable storage medium provided by the embodiment of the invention verifies the application system through the authentication server, so that the account information is prevented from being transmitted on the network, and the security of single sign-on is improved.
An embodiment of the present invention discloses a computer program product, the computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions, which when executed by a computer, enable the computer to perform the method provided by the above method embodiments, for example, including:
the authentication client receives account information or identity authentication information input by a user, and enters a working area when the account information or the identity authentication information input by the user is correct;
after receiving an opening instruction of a user, an application system sends a request for obtaining an authorization code to an authentication client;
the authentication client receives a request for obtaining the authorization code sent by the application system, obtains the authorization code through the authentication server, and returns the authorization code to the application system;
the application system receives an authorization code sent by the authentication client and sends the authorization code to the authentication server;
the authentication server verifies the authorization code sent by the application system, and after the authorization code is successfully verified, the account information is sent to the application system so that the application system can log in.
Those skilled in the art will appreciate that although some embodiments described herein include some features included in other embodiments, rather than others, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and of course, can also be implemented by hardware. With this understanding in mind, the above technical solutions may be embodied in the form of a software product, which can be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute the method according to the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A single sign-on system, the system comprising:
the system comprises a working area, an authentication client and an authentication server, wherein the working area is integrated with a plurality of single sign-on application systems, the authentication client is an entrance of the working area, and the authentication client is used for:
the authentication client is used for receiving account information or identity authentication information input by a user, and entering a working area when the account information or the identity authentication information input by the user is correct;
the application system is used for sending a request for obtaining an authorization code to the authentication client after receiving an opening instruction of a user, receiving the authorization code sent by the authentication client and sending the authorization code to the authentication server;
the authentication client is further configured to receive a request for obtaining an authorization code sent by an application system, obtain the authorization code through the authentication server, and return the authorization code to the application system;
the authentication server is also used for verifying the authorization code sent by the application system, and after the authorization code is successfully verified, the account information is sent to the application system so that the application system can log in;
after receiving a request for obtaining an authorization code sent by an application system, the authentication client sends the request for obtaining the authorization code carrying the application system identifier to the authentication server;
the authentication server receives a request for obtaining an authorization code sent by the authentication client, randomly generates an encrypted authorization code, and sends the generated authorization code to the authentication client;
wherein the application system comprises: an application client and an application server, wherein:
the application client is used for sending a request for obtaining the authorization code to the authentication client after receiving an opening instruction of a user, and is also used for sending the authorization code to the corresponding application server after receiving the authorization code sent by the authentication client;
the application server is used for receiving the authorization code sent by the application client and sending the authorization code to the authentication server;
the authentication server is used for verifying the authorization code sent by the application server, and after the authorization code is successfully verified, the account information is sent to the application server so that the application server can log in;
the authentication server is deployed in an intranet, and the application server is deployed in the intranet.
2. The system of claim 1,
the authentication server is further configured to destroy the authorization code after the authorization code sent by the application server is verified.
3. The system of claim 1,
the working area is used for starting the authentication client after receiving an opening instruction of a user;
the authentication client is used for receiving account information input by a user during first login, receiving identity authentication information set by the user, and verifying the identity authentication information input by the user when the user logs in again within no more than specified days;
and the system is also used for prompting the user to re-input the account information and verifying the account information input by the user when the user logs in again after the specified number of days is exceeded.
4. The system according to claim 3, wherein the identity authentication information set by the user comprises: gestures, passwords, and fingerprints.
5. A method of single sign-on, the method comprising:
the authentication client receives account information or identity authentication information input by a user, and enters a working area when the account information or the identity authentication information input by the user is correct;
after receiving an opening instruction of a user, an application system sends a request for obtaining an authorization code to an authentication client;
the authentication client receives a request for obtaining the authorization code sent by the application system, obtains the authorization code through the authentication server, and returns the authorization code to the application system;
the application system receives an authorization code sent by an authentication client and sends the authorization code to the authentication server;
the authentication server verifies the authorization code sent by the application system, and after the authorization code is successfully verified, the account information is sent to the application system so that the application system can log in;
wherein the authentication client obtaining the authorization code through the authentication server includes:
after receiving a request for obtaining an authorization code sent by an application system, an authentication client sends the request for obtaining the authorization code carrying an application system identifier to an authentication server;
the authentication server receives a request for obtaining an authorization code sent by the authentication client, randomly generates an encrypted authorization code, and sends the generated authorization code to the authentication client;
wherein the application system comprises: an application client and an application server, the method further comprising:
the application client sends a request for obtaining an authorization code to the authentication client after receiving an opening instruction of a user, and sends the authorization code to the corresponding application server after receiving the authorization code sent by the authentication client;
the application server receives an authorization code sent by the application client and sends the authorization code to the authentication server;
the authentication server verifies the authorization code sent by the application server, and after the authorization code is successfully verified, the account information is sent to the application server so that the application server can log in;
the authentication server is deployed in an intranet, and the application server is deployed in the intranet.
6. The method of claim 5, further comprising:
and the authentication server destroys the authorization code after the authorization code sent by the application server is verified.
7. The method of claim 5, further comprising:
after receiving an opening instruction of a user, the working area starts the authentication client;
the authentication client receives account information input by a user when logging in for the first time, receives identity authentication information set by the user, and verifies the identity authentication information input by the user when the user logs in again within no more than specified days;
and when the user logs in again after the number of days exceeds the specified number, the authentication client prompts the user to input account information again and verifies the account information input by the user.
8. The method according to claim 7, wherein the identity authentication information set by the user comprises: gestures, passwords, and fingerprints.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the steps of the single sign-on method of any one of claims 5 to 8 are performed by the processor when executing the program.
10. A non-transitory computer readable storage medium, having stored thereon a computer program, wherein the computer program, when executed by a processor, performs the steps of the single sign-on method of any one of claims 5 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810783415.9A CN109040030B (en) | 2018-07-17 | 2018-07-17 | Single sign-on method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810783415.9A CN109040030B (en) | 2018-07-17 | 2018-07-17 | Single sign-on method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109040030A CN109040030A (en) | 2018-12-18 |
| CN109040030B true CN109040030B (en) | 2021-08-27 |
Family
ID=64642982
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810783415.9A Active CN109040030B (en) | 2018-07-17 | 2018-07-17 | Single sign-on method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109040030B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111178995B (en) * | 2019-12-31 | 2023-12-01 | 航天信息股份有限公司企业服务分公司 | Method and system for processing bill based on cloud bill system |
| CN111342964B (en) * | 2020-05-15 | 2020-08-11 | 深圳竹云科技有限公司 | Single sign-on method, device and system |
| CN113572789A (en) * | 2021-08-17 | 2021-10-29 | 四川启睿克科技有限公司 | Secret-free login system and method for Internet of things intelligent equipment application |
| CN114978702B (en) * | 2022-05-24 | 2024-03-19 | 上海哔哩哔哩科技有限公司 | Account management method, platform and system, computing device and readable storage medium |
| CN115002057B (en) * | 2022-05-26 | 2024-04-12 | 威艾特科技(深圳)有限公司 | Distributed multi-server instant messaging method |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101202753B (en) * | 2007-11-29 | 2010-11-17 | 中国电信股份有限公司 | Method and device for accessing plug-in connector applied system by client terminal |
| CN103227799A (en) * | 2013-05-13 | 2013-07-31 | 山东临沂烟草有限公司 | Implementing method of unified user management and single sign-on platform based on multiple application systems |
| CN103929421A (en) * | 2014-04-03 | 2014-07-16 | 深圳英飞拓科技股份有限公司 | Single sign-on system and method of security and protection system |
| JP6710230B2 (en) * | 2018-02-16 | 2020-06-17 | 株式会社アクシオ | Authentication system and authentication method |
-
2018
- 2018-07-17 CN CN201810783415.9A patent/CN109040030B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN109040030A (en) | 2018-12-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109040030B (en) | Single sign-on method and system | |
| US20180295137A1 (en) | Techniques for dynamic authentication in connection within applications and sessions | |
| CN110582768B (en) | Apparatus and method for providing secure database access | |
| US8955076B1 (en) | Controlling access to a protected resource using multiple user devices | |
| CN107332808B (en) | Cloud desktop authentication method, server and terminal | |
| US9769167B2 (en) | Authentication and authorization using device-based validation | |
| JP6401784B2 (en) | Payment authentication system, method and apparatus | |
| US20230055282A1 (en) | Multi-Factor Authentication with Increased Security | |
| US11310232B2 (en) | Network identity authentication method and system, and user agent device used thereby | |
| WO2017151867A1 (en) | Secure mobile device two-factor authentication | |
| US20170317999A1 (en) | Security credential protection with cloud services | |
| US9485255B1 (en) | Authentication using remote device locking | |
| CN105850073A (en) | Access authentication method and device for information system | |
| US20190026456A1 (en) | Methods and Apparatus for Authentication of Joint Account Login | |
| WO2020041796A1 (en) | Methods, apparatuses, and computer program products for performing identification and authentication by linking mobile device biometric confirmation with third-party mobile device account association | |
| CN106161475B (en) | Method and device for realizing user authentication | |
| US20210234850A1 (en) | System and method for accessing encrypted data remotely | |
| CN107241329B (en) | Account login processing method and device | |
| US9660981B2 (en) | Strong authentication method | |
| WO2017166689A1 (en) | Privacy protection method and device | |
| CN105429943B (en) | Information processing method and terminal thereof | |
| CN111405036A (en) | Service access method, device, related equipment and computer readable storage medium | |
| CN105577619B (en) | Client login method, client and system | |
| KR20220167366A (en) | Cross authentication method and system between online service server and client | |
| EP2775658A2 (en) | A password based security method, systems and devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Applicant after: Qianxin Technology Group Co.,Ltd. Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Applicant before: Beijing Qi'anxin Technology Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |