CN110365483A - Cloud platform authentication method, client, middleware and system - Google Patents
Cloud platform authentication method, client, middleware and system Download PDFInfo
- Publication number
- CN110365483A CN110365483A CN201810320459.8A CN201810320459A CN110365483A CN 110365483 A CN110365483 A CN 110365483A CN 201810320459 A CN201810320459 A CN 201810320459A CN 110365483 A CN110365483 A CN 110365483A
- Authority
- CN
- China
- Prior art keywords
- token
- certification
- authentication
- information
- cloud platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the present invention provides a kind of cloud platform authentication method, client, middleware and system.The described method includes: obtaining the configuration information of token, the configuration information includes the expired time that token generates information and the token;Token authentication request is sent to certification middleware, the certification request carries the configuration information and authentication-exempt mark, so that the certification middleware is identified according to the authentication-exempt, after judging to know the certification request as non-certification for the first time, information is generated according to the token and the expired time judges whether the token is legal.The embodiment of the present invention authenticates certification middleware directly according to authentication-exempt mark to the non-token authenticated for the first time, avoid the repetition certification with certificate server, the load for reducing certificate server, improves the efficiency of authentication service, and then improves cloud platform service quality.
Description
Technical field
The present embodiments relate to field of computer technology, and in particular to a kind of cloud platform authentication method, client, centre
Part and system.
Background technique
Keystone project is an elementary item of Openstack cloud platform, it provides platform authentication service, that is, uses
Family requires to be authenticated by Keystone, verification process mainly includes before the various services provided using cloud platform
Two processes of token and authentication token of acquisition.
Firstly, the process for obtaining token includes: that user uses user name, password, tenant or domain information to Openstack
Server-side in cloud platform sends request, and server-side parses and after receiving the request of user according to token format, in progress
Portion's flow processing, finally returns to user for token in the form of ID, this token ID will be that user is subsequent to be sent out to each service
Send the legitimacy foundation of request.
During authentication token, the token ID carried in request is sent according to user, carries out the legal of user identity
Property certification.The authentication techniques of Openstack project, in addition to also be unableing to do without numerous middlewares with other than Keystone authentication service
The processing of technology, such as typical Keystone-middleware.Fig. 1 is cloud platform service authentication flow chart in the prior art, such as
Shown in Fig. 1, whether token is carried in the middleware decision request first in Openstack cloud platform, if not provided, directly returning
Do not pass through;If so, can go in the legal caching of system to have searched whether corresponding token information, if hit, check
Whether token is recovered, and passes through if authenticated without if, conversely, authentification failure;But if in legal caching and illegal caching
All there is no if token, Keystone service can be gone to carry out the certification of token according to token ID.Due to the token of Keystone
Format supports 4 kinds, and each token format, has corresponding certification driving to be handled.Therefore, keystone services meeting
It according to the format of token, finds corresponding driving and is authenticated, if certification does not pass through, be returned to failure, and by token information
In the illegal caching of deposit, interacted with reducing the subsequent certification with Keystone;Otherwise, certification passes through, and token information is added to
In legal caching.In this way, the certification of the subsequent token just directly by middleware authentication, reduces the certification with Keystone and hands over
Mutually.In current Keystone authentication service, it is the value that can be set that token, which is put into the time of legal caching, this value
Size is configured according to time situation, typically less than the expired time of token, i.e., before token failure, is just moved out of conjunction
Method caching uses to there is more spaces to leave other effective tokens for.
The authentication techniques of existing Openstack cloud platform, it is fine for the performance serviced on a small scale.In actual operations,
The services client of cloud product will be ten hundreds of users, and when excessive user is authenticated by Keystone, hold
Easily reach the Keystone service upper limit or cause Keystone service pressure excessive, in the case that pressure reaches certain, often
The case where will appear authentification failure, causes a part of token to be judged by accident, when user takes token using the identity information that oneself is created
Information, can not continue to execute operation, be directly judged token and failed, and cause cloud platform service quality poor.
Therefore, the authentication service ability for cloud platform how being improved in the case where a large number of users becomes urgently to be resolved important
Project.
Summary of the invention
For the defects in the prior art, the embodiment of the invention provides a kind of cloud platform authentication methods, client, centre
Part and system.
In a first aspect, the embodiment of the present invention provides a kind of cloud platform authentication method, comprising:
The configuration information of token is obtained, the configuration information includes the expired time that token generates information and the token;
Token authentication request is sent to certification middleware, the certification request carries the configuration information and authentication-exempt mark
Know, so that the certification middleware is identified according to the authentication-exempt, is judging to know that the certification request authenticates it to be non-for the first time
Afterwards, information is generated according to the token and the expired time judges whether the token is legal.
Second aspect, further embodiment of this invention provide a kind of cloud platform authentication method, comprising:
The token authentication request that cloud platform client is sent is received, the certification request carries the configuration information of the token
It is identified with authentication-exempt, the configuration information includes: the expired time that token generates information and the token;
The certification request is parsed, authentication-exempt mark is obtained, judges whether the certification request is non-to authenticate for the first time;
If judgement be known as it is non-authenticate for the first time, according to the token generate information judge whether token identity legal;
If judgement knows that the token identity is legal, judge whether the token is expired according to the expired time.
The third aspect, the embodiment of the present invention provide a kind of cloud platform client, comprising:
Module is obtained, for obtaining the configuration information of token, the configuration information includes that token generates information and the order
The expired time of board;
Sending module, for sending token authentication request to certification middleware, the certification request carrying is described to match confidence
Breath and authentication-exempt mark, so that the certification middleware is identified according to the authentication-exempt, know that the certification request is in judgement
After non-certification for the first time, information is generated according to the token and the expired time judges whether the token is legal.
Fourth aspect, the embodiment of the present invention provide a kind of cloud platform certification middleware, comprising:
Receiving module, the token authentication for receiving the transmission of cloud platform client are requested, described in the certification request carrying
The configuration information and authentication-exempt of token identify, and the configuration information includes: that the token generates the expired of information and the token
Time;
Judgment module obtains authentication-exempt mark, judges whether the certification request is non-for parsing the certification request
It authenticates for the first time;
First authentication module, if for judge be known as it is non-authenticate for the first time, according to the token generate information judge institute
Whether legal state token identity;
Second authentication module, if judging institute according to the expired time for judging to know that the token identity is legal
Whether expired state token.
5th aspect, the embodiment of the present invention provide a kind of cloud platform system, comprising: above-mentioned cloud platform client and above-mentioned cloud
Platform authentication middleware.
6th aspect, the embodiment of the present invention provide a kind of electronic equipment, comprising:
Memory and processor, the processor and the memory complete mutual communication by bus;It is described to deposit
Reservoir is stored with the program instruction that can be executed by the processor, and it is as follows that the processor calls described program instruction to be able to carry out
Method: obtaining the configuration information of token, and the configuration information includes the expired time that token generates information and the token;To recognizing
It demonstrate,proves middleware and sends token authentication request, the certification request carries the configuration information and authentication-exempt mark, recognizes for described
Card middleware is identified according to the authentication-exempt, after judging to know the certification request as non-certification for the first time, according to the order
Board generates information and the expired time judges whether the token is legal.
7th aspect, the embodiment of the present invention provide a kind of storage medium, are stored thereon with computer program, the computer journey
Following method is realized when sequence is executed by processor: obtaining the configuration information of token, and the configuration information includes that token generates information
With the expired time of the token;Token authentication request is sent to certification middleware, the certification request carrying is described to match confidence
Breath and authentication-exempt mark, so that the certification middleware is identified according to the authentication-exempt, know that the certification request is in judgement
After non-certification for the first time, information is generated according to the token and the expired time judges whether the token is legal.
Cloud platform authentication method provided in an embodiment of the present invention, in the certification request of token carry token generate information,
The expired time and authentication-exempt of token identify, and allow to authenticate middleware directly according to authentication-exempt mark to the non-order authenticated for the first time
Board is authenticated, and is avoided the repetition certification with certificate server, is reduced the load of certificate server, improve authentication service
Efficiency, and then improve cloud platform service quality.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is this hair
Bright some embodiments for those of ordinary skill in the art without creative efforts, can be with root
Other attached drawings are obtained according to these attached drawings.
Fig. 1 is cloud platform service authentication flow chart in the prior art;
Fig. 2 is cloud platform authentication method flow diagram provided in an embodiment of the present invention;
Fig. 3 is the cloud platform authentication method flow diagram that further embodiment of this invention provides;
Fig. 4 is the structural schematic diagram of cloud platform client provided in an embodiment of the present invention;
Fig. 5 is the structural schematic diagram that cloud platform provided in an embodiment of the present invention authenticates middleware;
Fig. 6 is the structural schematic diagram of cloud platform system provided in an embodiment of the present invention;
Fig. 7 is the structural schematic diagram of electronic equipment provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
Fig. 2 is cloud platform authentication method flow diagram provided in an embodiment of the present invention, as shown in Fig. 2, this method comprises:
Step S21, the configuration information of token is obtained, the configuration information includes the mistake that token generates information and the token
Time phase;
Specifically, cloud platform provides various services for user, when user need using a certain item service when, need using
Token is as the cloud platform pass.User is just had an opportunity after being assigned to token ID using token ID firstly the need of token is obtained
Using the various services in cloud platform, every kind of service can authenticate token before user's use, and only certification passes through it
Afterwards, user could use corresponding service.
Firstly, user, which is sent by client to cloud platform, obtains token request, cloud platform is according to pre-set distribution
Rule is the token that user distributes corresponding format, for example, the Keystone certificate server of Openstack cloud platform supports four kinds
Token format is respectively as follows: Universally Unique Identifier (UUID), public basic installations compression (PKIZ), public basic installations (PKI)
With redundancy encrypted code (Fernet), the corresponding four kinds of certifications of the tokens of these four formats are driven, for the token to corresponding format into
Row certification, it is whether legal to verify token.Cloud platform returns to token ID, later, client after token is assigned, to client
End can be used token ID and send certification request.In order to reduce the interaction with certificate server, client is sending certification request
Before, the configuration information of token can be first obtained, such as token generates the expired time (Expire) of information and token, wherein
It is related to the production method of the token, time and user information that token generates information.It is generated in token and is certified server head
After secondary certification, generating token generation information in practical applications, can be according to preset conversion for the ease of authentication checks
Token generation information is converted into the generation ID (Audit_ID) of token by rule, and each Audit_ID is related to cloud platform, can not
It forges, indicates that its identity is legal by the token that Audit_ID is authenticated.In practical applications, token is assigned and is recognized
After card server first time certification passes through, the configuration informations such as the corresponding Audit_ID of the token and expired time are generated, by this
A little configuration informations are associated with token ID, are stored in the system cache, when user needs authentication token, by searching for system cache
Obtain the configuration information of token.
Step S22, token authentication request is sent to certification middleware, the certification request carries the configuration information and exempts from
Certification mark, so that the certification middleware is identified according to the authentication-exempt, judge to know the certification request as it is non-for the first time
After certification, information is generated according to the token and the expired time judges whether the token is legal.
Specifically, after client gets token ID, certification request is sent to cloud platform, certification request carries token
ID, configuration information and authentication-exempt mark (Verify), authentication-exempt mark indicate that the token without authenticating again, works as User reliability
When very high, authentication-exempt mark is carried in certification request and shows that user sets minimum for certification policy rank, at this point, for
For cloud platform, user need to only be logged in once, and after certification, subsequent verification process does not need to be recognized with certificate server
Card interaction completes verification process by certification middleware, to reduce certificate server pressure.When certification middleware receives client hair
After the certification request sent, certification request is parsed, token ID and configuration information is obtained, judges whether to carry in certification request and exempt to recognize
Card mark, if so, then judging whether the confidence level of user can carry out authentication-exempt process, for example, whether user is that local area network is used
Family or cloud platform internal system user etc..Later, whether certification middleware judges certification request is to authenticate for the first time, generally,
It must be authenticated by certificate server due to authenticating for the first time, at this time in cloud platform caching, the configuration information of token is sky, therefore first
The configuration information carried in the token authentication request that user sends when secondary certification is sky.
When authenticate middleware determine certification request be it is non-authenticate for the first time after, according to token generate information to the identity of token into
Row safety detection generates information by parsing token first and judges that token generates the user information in information and current authentication is requested
In user information it is whether consistent, corresponding token in system cache is then searched according to token ID and generates information, both is judged
Whether consistent, i.e., whether token identity is legal or forges, if consistent with system cache, shows that token identity is legal, later, will
The expired time carried in current point in time and certification request compares, and judges whether the token expired, if identity it is legal and
Not out of date, then token is by certification, and later, the corresponding service of cloud platform can be used in user.If token identity it is illegal or
The expired time of token is alreadyd exceed, then token is unauthenticated, authenticates middleware to client feedback operation failure information.
Cloud platform authentication method provided in an embodiment of the present invention, in the certification request of token carry token generate information,
The expired time and authentication-exempt of token identify, and allow to authenticate middleware directly according to authentication-exempt mark to the non-order authenticated for the first time
Board is authenticated, and is avoided the repetition certification with certificate server, is reduced the load of certificate server, improve authentication service
Efficiency, and then improve cloud platform service quality.
On the basis of the above embodiments, further, the configuration information for obtaining token, comprising:
It is sent to certificate server and obtains token request, so that the certificate server determines that token ID, token generate letter
The expired time of breath and the token, and send the token ID;
The corresponding certification request of the token ID is sent to certification middleware, so that the certification middleware is known in judgement
The certification request is after authenticating for the first time, and Xiang Suoshu certificate server forwards the certification request, for the authentication service
Device is stored in system cache after the token is by certification, by the expired time that the token generates information and the token
In;
The token is obtained from the system cache generates information and the expired time.
Specifically, when user needs using a certain service in cloud platform, user sends to obtain to cloud platform and enable first
Board request, the certificate server in cloud platform obtains acquisition token request later, raw according to token format corresponding to the user
At the expired time of token ID and the token, then according to the production method of the token, time and user information and correspondence
Transformation rule, generate token and generate information Audit_ID, token ID is sent to client, client obtain token ID it
Afterwards, certification request is sent to cloud platform, certification request carries token ID, and the certification middleware in cloud platform receives certification first asks
It asks, judges that certification request is after authenticating for the first time, certification request to be forwarded to certificate server, to ensure that each token passes through
Certificate server certification.
Certificate server determines corresponding token format according to token ID and user information, is determined and is authenticated according to token format
Driving, by corresponding certification driving token is authenticated, if certification pass through, by token generation information, expired time and
Token ID is associated, and is stored into system cache, on the one hand, the token for ensuring to authenticate without certificate server matches confidence
Breath can not obtain, so that it is excessively primary to guarantee that each token is at least certified server authentication, on the other hand, it is ensured that user setting
The correctness of configuration information avoids and verifies process caused by error configurations information, saves authenticated time.If token does not pass through
Certification, certificate server return operation failure message to client.
In practical applications, certificate server can store unauthenticated token ID into system cache, and mark
It is unauthenticated to infuse the token.When user, which reuses token ID, sends certification request, certification middleware is slow by system
Filing for reference, it is unauthenticated to find token ID, then directly returns operation failure message to user client, avoids and takes with certification
The repetition verification process of business device.
When user sends certification request again, it is corresponding that user can search in the system cache token ID by client
Token generates information and expired time, and configuration information is arranged, and the order for carrying that configuration information and authentication-exempt identify is sent to cloud platform
Board certification request avoids the repeated interaction with certificate server.
Cloud platform authentication method provided in an embodiment of the present invention generates after the certification of token first passage certificate server
The configuration information of token carries token configuration information and authentication-exempt mark in the certification request of token later, keeps certification intermediate
Part can directly authenticate the non-token authenticated for the first time according to authentication-exempt mark, avoid the repetition with certificate server and recognize
Card, reduces the load of certificate server, improves authentication service ability, and then improve cloud platform service quality.
On the basis of the above embodiments, further, the configuration information further include: tenant's information of the token
And/or the Role Information of the token.
Specifically, in practical applications, system can return to improve the utilization rate of token before token expired time
Token is received, token is distributed to the user of needs again, for being recovered and not out of date token, is stored in system cache
Configuration information is still correct, but token has been not belonging to the user at this time, in order to avoid authenticating fault caused by this phenomenon,
User send certification request configuration information in also need carry token tenant's information (Project), wherein tenant's information by
User configures in user client, if user is to find corresponding tenant's information, default tenant information is Null.
User sends and carries tenant's information later, token generates information, the certification of token expired time and authentication-exempt mark
Request, certification middleware judge between right and wrong for the first time authenticate and by token authentication and expired time certification after, search
Pre-stored authority policy.json in system is compared in tenant's information and the authority in this certification request
Whether the corresponding tenant's information of the token ID of storage is consistent, if unanimously, certification passes through, otherwise fails to client return authentication
Message.
In addition, in configuration information, Role Information can also be carried in order to verify whether user has using token qualification
(Role), show the Role Information of the user carried in the token, default role information is angle most basic in cloud platform system
Color information member shows that user is the basic role that can obtain token.User, which sends, later carries Role Information, Zu Huxin
Breath, token generate the certification request of information, token expired time and authentication-exempt mark, and certification middleware is recognized for the first time judging between right and wrong
After demonstrate,proving and passing through token authentication, expired time certification and tenant's authentification of message, pre-stored power in lookup system
File policy.json is limited, whether compares the Role Information that stores in Role Information and authority in this certification request
Unanimously, if unanimously, certification passes through, otherwise to client return authentication failed message.In practical applications, certificate server is every
As soon as authenticating time token, an authority is updated, token information is associated with most newly assigned tenant's information and Role Information.
In practical applications, for cloud platform project, user only needs to log in once, subsequent after certification
Verification process does not need to carry out certification interaction with authentication service, it is only necessary to it is compared according to the configuration information of user, and user
The permission control that set still according to projects of operating right control.For example, the permission of user configuration is user's access item
Mesh A, but cloud platform system configuration is that project A cannot be accessed, after purview certification, so that user right is still flat with cloud
Subject to platform system.By the way that configuration information is arranged, greatly reducing each service will repeat to participate in the certification number of certificate server, subtract
The expense in service process is lacked.
Cloud platform authentication method provided in an embodiment of the present invention, order carry token configuration information in the certification request of token
With authentication-exempt identify, allow authenticate middleware directly according to authentication-exempt mark to token identity, expired time, tenant's information and
Role Information is authenticated, make full use of cloud platform cache high efficiency, promote the storage of effective token in the buffer, avoid with
The repetition of certificate server authenticates, and reduces the load of certificate server, improves authentication efficiency, and then improves cloud platform clothes
Business quality.
Fig. 3 is the cloud platform authentication method flow diagram that further embodiment of this invention provides, as shown in figure 3, this method
Include:
Step S31, the token authentication request that cloud platform client is sent is received, the certification request carries the token
Configuration information and authentication-exempt mark, the configuration information include: the expired time that token generates information and the token;
Specifically, user is sent to cloud platform by client and obtains token request, and cloud platform is according to pre-set point
It is the token that user distributes corresponding format with rule, cloud platform returns to token ID after token is assigned, to client, it
Afterwards, client can be used token ID and send certification request.In order to reduce the interaction with certificate server, client is recognized in transmission
Before card request, the configuration information of token can be first obtained, such as token generates the expired time of information and token, wherein enable
It is related to the production method of the token, time and user information that board generates information.It is generated in token and is certified server for the first time
After certification, generate token generation information in practical applications, can advise for the ease of authentication checks according to preset conversion
Token generation information is then converted into the Audit_ID of token, each Audit_ID is related to cloud platform, can not forge, pass through
The token of Audit_ID certification indicates that its identity is legal.In practical applications, token is assigned and is certified server
After certification passes through for the first time, the configuration informations such as the corresponding Audit_ID of the token and expired time are generated, these are matched into confidence
Breath is associated with token ID, and storage in the system cache, when user needs authentication token, obtains token by searching for system cache
Configuration information.
After client gets token ID, certification request is sent to cloud platform, the certification middleware in cloud platform receives
The certification request that client is sent, certification request carry token ID, configuration information and authentication-exempt mark.
Step S32, the certification request is parsed, the authentication-exempt mark is obtained, judges whether the certification request is non-
It authenticates for the first time;
Specifically, certification middleware parses certification request, obtains token ID and configuration information, judge in certification request whether
Carry authentication-exempt mark, if so, then judge whether the confidence level of user can carry out authentication-exempt process, for example, user whether be
LAN subscriber or cloud platform internal system user etc..Later, whether certification middleware judges certification request is to authenticate for the first time,
Generally, due to which certification must be authenticated by certificate server for the first time, at this time in cloud platform caching, the configuration information of token is
Sky, therefore the configuration information carried in the token authentication request that user sends when certification for the first time is sky.
If step S33, judgement be known as it is non-authenticate for the first time, according to the token generate information whether judge token identity
It is legal;
Specifically, after certification middleware determines that certification request is non-certification for the first time, information is generated to token according to token
Identity carry out safety detection, first by parsing token generate information judge token generate information in user information with currently
Whether the user information in certification request is consistent, then searches corresponding token in system cache according to token ID and generates information,
Judge whether the two is consistent, i.e., whether token identity is legal or forges, if consistent with system cache, shows that token identity is closed
Method.If inconsistent, show that token identity is illegal, return operation failure message to client.
If step S34, judgement knows that the token identity is legal, whether the token is judged according to the expired time
It is expired.
Specifically, if certification middleware verifying token identity is legal, by what is carried in current point in time and certification request
Expired time compares, and judges whether the token is expired, if identity is legal and not out of date, token is by certification, later, uses
The corresponding service of cloud platform can be used in family.If token identity is illegal or alreadys exceed the expired time of token, token
It is unauthenticated, middleware is authenticated to client feedback operation failure information.
Cloud platform authentication method provided in an embodiment of the present invention authenticates middleware according to the authentication-exempt carried in certification request
Mark and configuration information authenticate the non-token authenticated for the first time, avoid the repetition certification with certificate server, reduce
The load of certificate server, improves the efficiency of authentication service, and then improves cloud platform service quality.
On the basis of the above embodiments, further, the configuration information further include:
Tenant's information of the token and/or the Role Information of the token;
Correspondingly, the method also includes:
If judgement knows that the token identity is legal and the token is not out of date, according to preset token authority information
Judge whether tenant's information or the Role Information of the token are legal.
Specifically, in practical applications, system can return to improve the utilization rate of token before token expired time
Token is received, token is distributed to the user of needs again, for being recovered and not out of date token, is stored in system cache
Configuration information is still correct, but token has been not belonging to the user at this time, in order to avoid authenticating fault caused by this phenomenon,
Tenant's information of carrying token is also needed in the configuration information that user sends certification request, wherein tenant's information is by user in user
Client configuration, if user is to find corresponding tenant's information, default tenant information is Null.
User sends and carries tenant's information later, token generates information, the certification of token expired time and authentication-exempt mark
Request, certification middleware judge between right and wrong for the first time authenticate and by token authentication and expired time certification after, search
Pre-stored authority policy.json in system is compared in tenant's information and the authority in this certification request
Whether the corresponding tenant's information of the token ID of storage is consistent, if unanimously, certification passes through, otherwise fails to client return authentication
Message.
In addition, in configuration information, Role Information can also be carried in order to verify whether user has using token qualification
(Role), show the Role Information of the user carried in the token, default role information is angle most basic in cloud platform system
Color information member shows that user is the basic role that can obtain token.User, which sends, later carries Role Information, Zu Huxin
Breath, token generate the certification request of information, token expired time and authentication-exempt mark, and certification middleware is recognized for the first time judging between right and wrong
After demonstrate,proving and passing through token authentication, expired time certification and tenant's authentification of message, pre-stored power in lookup system
File policy.json is limited, whether compares the Role Information that stores in Role Information and authority in this certification request
Unanimously, if unanimously, certification passes through, otherwise to client return authentication failed message.In practical applications, certificate server is every
As soon as authenticating time token, an authority is updated, token information is associated with most newly assigned tenant's information and Role Information.
For example, cloud platform Openstack provides A service, B service, C service and D service, user User wants to use cloud
A service in platform, sends the request for obtaining token, Openstack receives acquisition using client to Openstack first
After request, acquisition request is forwarded to certificate server Keystone, Keystone is that user distributes token ID, and determines token
Audit_ID expired time Expire, tenant's information Project and Role Information Role.User uses token ID to A later
Service sends certification request, the flat certification middleware Keystone-middleware, Keystone- of A service call cloud
Middleware judges certification request to authenticate for the first time, certification request is forwarded to Keystone, Keystone calls corresponding
Certification driving authenticates token, and after certification passes through, token ID, Audit_ID, Expire, Project and Role are closed
It is stored in after connection in cloud platform caching, and informs A service token by certification, A service provides a user corresponding service.
Later when user reuses A service, pass through cloud platform buffer setting configuration information: Audit_ID, it is expired when
Between Expire, tenant's information Project, serviced to A and send the certification request for carrying configuration information, the certification of A service call is intermediate
Part Keystone-middleware, Keystone-middleware judge certification request for it is non-authenticate for the first time after, first from
Cloud platform caching in search Audit_ID, after judging that token identity is legal, compare expired time, judge token it is not out of date it
Afterwards, system permission file is being searched, after judging that tenant's information of token and Role Information are all legal, is showing that token passes through
Certification informs A service token by certification, and A service provides a user corresponding service.Otherwise, Keystone-middleware
Message is returned operation failure to user.
Cloud platform authentication method provided in an embodiment of the present invention authenticates middleware according to the authentication-exempt carried in certification request
Mark and configuration information authenticate the non-token authenticated for the first time, and cloud platform is made full use of to cache high efficiency, are promoted and are effectively enabled
The storage of board in the buffer avoids the repetition certification with certificate server, reduces the load of certificate server, improve and recognize
The efficiency of service is demonstrate,proved, and then improves cloud platform service quality.
Fig. 4 is the structural schematic diagram of cloud platform client provided in an embodiment of the present invention, as shown in figure 4, the client packet
It includes: obtaining module 41 and sending module 42, in which:
The configuration information that module 41 is used to obtain token is obtained, the configuration information includes that token generates information and the order
The expired time of board;Sending module 42 is used to send token authentication to certification middleware and request, described in the certification request carrying
Configuration information and authentication-exempt mark, so that the certification middleware is identified according to the authentication-exempt, know the certification in judgement
After request is non-certification for the first time, information is generated according to the token and the expired time judges whether the token is legal.
Specifically, the configuration information that module 41 searches token from system cache is obtained, such as token generates information and order
Board expired time, sending module 42 sends token authentication request to certification middleware later, and certification request carries token ID, matches
Confidence breath and authentication-exempt mark parse certification request, obtain after certification middleware receives the certification request of client transmission
Token ID and configuration information judge whether to carry authentication-exempt mark in certification request, if so, then judge certification request whether headed by
Secondary certification, when authenticate middleware determine certification request be it is non-authenticate for the first time after, according to token generate information to the identity of token into
Row safety detection generates information by parsing token first and judges that token generates the user information in information and current authentication is requested
In user information it is whether consistent, corresponding token in system cache is then searched according to token ID and generates information, both is judged
Whether consistent, i.e., whether token identity is legal or forges, if consistent with system cache, shows that token identity is legal, later, will
The expired time carried in current point in time and certification request compares, and judges whether the token expired, if identity it is legal and
Not out of date, then token is by certification, and later, the corresponding service of cloud platform can be used in user.If token identity it is illegal or
The expired time of token is alreadyd exceed, then token is unauthenticated, and certification middleware returns operation failure information.The present invention is implemented
The device that example provides, for realizing the above method, function is referring in particular to above method embodiment, and details are not described herein again.
Cloud platform client provided in an embodiment of the present invention carries token in the certification request of token and generates information, enables
The expired time and authentication-exempt of board identify, and allow to authenticate middleware directly according to authentication-exempt mark to the non-token authenticated for the first time
It is authenticated, avoids the repetition certification with certificate server, reduce the load of certificate server, improve authentication service
Efficiency, and then improve cloud platform service quality.
Fig. 5 is the structural schematic diagram that cloud platform provided in an embodiment of the present invention authenticates middleware, as shown in figure 5, the certification
Middleware includes: receiving module 51, judgment module 52, the first authentication module 53 and the second authentication module 54, in which:
The token authentication that receiving module 51 is used to receive the transmission of cloud platform client is requested, described in the certification request carrying
The configuration information and authentication-exempt of token identify, and the configuration information includes: that the token generates the expired of information and the token
Time;Judgment module 52 obtains authentication-exempt mark, judges whether the certification request is non-head for parsing the certification request
Secondary certification;If the first authentication module 53 for judge be known as it is non-authenticate for the first time, according to the token generate information judge institute
Whether legal state token identity;If the second authentication module 54 knows that the token identity is legal for judging, according to the mistake
Time phase judges whether the token is expired.
Specifically, after client gets token ID, certification request is sent to receiving module 51, receiving module 51 receives
The certification request that client is sent, certification request carry token ID, configuration information and authentication-exempt mark.Judgment module 52 parses
Certification request obtains token ID and configuration information, judges authentication-exempt mark whether is carried in certification request, if so, then judging to use
Whether the confidence level at family can carry out authentication-exempt process, for example, whether user is LAN subscriber or cloud platform internal system
User etc..Later, judgment module 52 judges whether certification request is to authenticate for the first time.When judgment module 52 determines that certification request is non-
After authenticating for the first time, the first authentication module 53 generates information according to token and carries out safety detection to the identity of token, passes through solution first
Analysis token generates information and judges that token generates the user information in information and whether the user information in current authentication request is consistent,
Then corresponding token in system cache is searched according to token ID and generates information, judge whether the two is consistent, and if system cache
Unanimously, then show that token identity is legal.If inconsistent, show that token identity is illegal.First authentication module 53 verifies token
After identity is legal, the second authentication module 54 compares the expired time carried in current point in time and certification request, sentences
Breaking, whether the token is expired, if identity is legal and not out of date, token is by certification, and later, cloud platform pair can be used in user
The service answered.If token identity is illegal or alreadys exceed the expired time of token, token is unauthenticated, feedback operation
Failure information.Device provided in an embodiment of the present invention, for realizing the above method, function is implemented referring in particular to the above method
Example, details are not described herein again.
Cloud platform provided in an embodiment of the present invention authenticates middleware, identifies and matches according to the authentication-exempt carried in certification request
Confidence breath authenticates the non-token authenticated for the first time, avoids the repetition certification with certificate server, reduces authentication service
The load of device, improves the efficiency of authentication service, and then improves cloud platform service quality.
Fig. 6 is the structural schematic diagram of cloud platform system provided in an embodiment of the present invention, as shown in fig. 6, the cloud platform system
System includes: cloud platform client 61 and cloud platform certification middleware 62, the cloud platform client 61 in the cloud platform system,
For function referring in particular to above-mentioned cloud platform client embodiment, the cloud platform in the cloud platform system authenticates middleware 62, function
Middleware embodiment can be authenticated referring in particular to above-mentioned cloud platform, details are not described herein again.
Fig. 7 is the structural schematic diagram of electronic equipment provided in an embodiment of the present invention, as shown in fig. 7, the equipment includes: place
Manage device (processor) 71, memory (memory) 72 and bus 73;
Wherein, processor 71 and memory 72 complete mutual communication by the bus 73;
Processor 71 is used to call the program instruction in memory 72, to execute side provided by above-mentioned each method embodiment
Method, for example, obtain the configuration information of token, the configuration information include token generate information and the token it is expired when
Between;Token authentication request is sent to certification middleware, the certification request carries the configuration information and authentication-exempt mark, for
The certification middleware is identified according to the authentication-exempt, after judging to know the certification request as non-certification for the first time, according to
The token generates information and the expired time judges whether the token is legal.
The embodiment of the present invention discloses a kind of computer program product, and the computer program product is non-transient including being stored in
Computer program on computer readable storage medium, the computer program include program instruction, when described program instructs quilt
When computer executes, computer is able to carry out method provided by above-mentioned each method embodiment, for example, obtains matching for token
Confidence breath, the configuration information include the expired time that token generates information and the token;Token is sent to certification middleware
Certification request, the certification request carries the configuration information and authentication-exempt mark, so that the certification middleware is according to
Authentication-exempt mark, judge to know the certification request be it is non-authenticate for the first time after, according to token generation information and described
Expired time judges whether the token is legal.
The embodiment of the present invention provides a kind of non-transient computer readable storage medium, the non-transient computer readable storage
Medium storing computer instruction, the computer instruction make the computer execute side provided by above-mentioned each method embodiment
Method, for example, obtain the configuration information of token, the configuration information include token generate information and the token it is expired when
Between;Token authentication request is sent to certification middleware, the certification request carries the configuration information and authentication-exempt mark, for
The certification middleware is identified according to the authentication-exempt, after judging to know the certification request as non-certification for the first time, according to
The token generates information and the expired time judges whether the token is legal.
Those of ordinary skill in the art will appreciate that: realize that all or part of the steps of above method embodiment can pass through
The relevant hardware of program instruction is completed, and program above-mentioned can be stored in a computer readable storage medium, the program
When being executed, step including the steps of the foregoing method embodiments is executed;And storage medium above-mentioned includes: ROM, RAM, magnetic disk or light
The various media that can store program code such as disk.
The embodiments such as device described above are only schematical, wherein the unit as illustrated by the separation member
It may or may not be physically separated, component shown as a unit may or may not be physics list
Member, it can it is in one place, or may be distributed over multiple network units.It can be selected according to the actual needs
In some or all of the modules achieve the purpose of the solution of this embodiment.Those of ordinary skill in the art are not paying creativeness
Labour in the case where, it can understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can
It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on
Stating technical solution, substantially the part that contributes to existing technology can be embodied in the form of software products in other words, should
Computer software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including several fingers
It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation
Method described in certain parts of example or embodiment.
Finally, it should be noted that the above various embodiments is only to illustrate the technical solution of the embodiment of the present invention, rather than it is right
It is limited;Although the embodiment of the present invention is described in detail referring to foregoing embodiments, the ordinary skill of this field
Personnel are it is understood that it is still possible to modify the technical solutions described in the foregoing embodiments, or to part
Or all technical features are equivalently replaced;And these are modified or replaceed, it does not separate the essence of the corresponding technical solution
The range of each embodiment technical solution of the embodiment of the present invention.
Claims (10)
1. a kind of cloud platform authentication method characterized by comprising
The configuration information of token is obtained, the configuration information includes the expired time that token generates information and the token;
Token authentication request is sent to certification middleware, the certification request carries the configuration information and authentication-exempt mark, with
It is identified for the certification middleware according to the authentication-exempt, after judging to know the certification request as non-certification for the first time, root
Information is generated according to the token and the expired time judges whether the token is legal.
2. the method according to claim 1, wherein the configuration information for obtaining token, comprising:
To certificate server send obtain token request, for the certificate server determine token ID, token generate information and
The expired time of the token, and send the token ID;
Send the corresponding certification request of the token ID to certification middleware, know in judgement for the certification middleware described in
Certification request is after authenticating for the first time, and Xiang Suoshu certificate server forwards the certification request, so that the certificate server exists
After the token is by certification, the expired time that the token generates information and the token is stored in system cache;
The token is obtained from the system cache generates information and the expired time.
3. the method according to claim 1, wherein the configuration information further include: the tenant of the token believes
The Role Information of breath and/or the token.
4. a kind of cloud platform authentication method characterized by comprising
The token authentication request that cloud platform client is sent is received, the certification request carries the configuration information of the token and exempts from
Certification mark, the configuration information include: the expired time that token generates information and the token;
The certification request is parsed, authentication-exempt mark is obtained, judges whether the certification request is non-to authenticate for the first time;
If judgement be known as it is non-authenticate for the first time, according to the token generate information judge whether token identity legal;
If judgement knows that the token identity is legal, judge whether the token is expired according to the expired time.
5. according to the method described in claim 4, it is characterized in that, the configuration information further include:
Tenant's information of the token and/or the Role Information of the token;
Correspondingly, the method also includes:
If judgement knows that the token identity is legal and the token is not out of date, judged according to preset token authority information
Whether the tenant's information or Role Information of the token are legal.
6. a kind of cloud platform client characterized by comprising
Module is obtained, for obtaining the configuration information of token, the configuration information includes that token generates information and the token
Expired time;
Sending module, for sending token authentication request to certification middleware, the certification request carry the configuration information and
Authentication-exempt mark, so that the certification middleware is identified according to the authentication-exempt, is judging to know the certification request as non-head
After secondary certification, information is generated according to the token and the expired time judges whether the token is legal.
7. a kind of cloud platform authenticates middleware characterized by comprising
Receiving module, for receiving the token authentication request of cloud platform client transmission, the certification request carries the token
Configuration information and authentication-exempt mark, the configuration information include: the expired time that the token generates information and the token;
Judgment module obtains authentication-exempt mark for parsing the certification request, judge the certification request whether be it is non-for the first time
Certification;
First authentication module, if for judge be known as it is non-authenticate for the first time, according to the token generate information judge the order
Whether board identity is legal;
Second authentication module, if judging the order according to the expired time for judging to know that the token identity is legal
Whether board is expired.
8. a kind of cloud platform system characterized by comprising cloud platform client as claimed in claim 6 and as right is wanted
Cloud platform described in asking 7 authenticates middleware.
9. a kind of electronic equipment characterized by comprising
Memory and processor, the processor and the memory complete mutual communication by bus;The memory
It is stored with the program instruction that can be executed by the processor, the processor calls described program instruction to be able to carry out right such as and wants
Seek 1 to 5 any method.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
Method as claimed in claim 1 to 5 is realized when being executed by processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810320459.8A CN110365483B (en) | 2018-04-11 | 2018-04-11 | Cloud platform authentication method, client, middleware and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810320459.8A CN110365483B (en) | 2018-04-11 | 2018-04-11 | Cloud platform authentication method, client, middleware and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110365483A true CN110365483A (en) | 2019-10-22 |
CN110365483B CN110365483B (en) | 2022-06-14 |
Family
ID=68214186
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810320459.8A Active CN110365483B (en) | 2018-04-11 | 2018-04-11 | Cloud platform authentication method, client, middleware and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110365483B (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111447220A (en) * | 2020-03-26 | 2020-07-24 | 金蝶软件(中国)有限公司 | Authentication information management method, server of application system and computer storage medium |
CN111552568A (en) * | 2020-04-28 | 2020-08-18 | 中国银行股份有限公司 | Cloud service calling method and device |
CN111698312A (en) * | 2020-06-08 | 2020-09-22 | 中国建设银行股份有限公司 | Service processing method, device, equipment and storage medium based on open platform |
CN111885057A (en) * | 2020-07-23 | 2020-11-03 | 中国平安财产保险股份有限公司 | Message middleware access method, device, equipment and storage medium |
CN112019539A (en) * | 2020-08-27 | 2020-12-01 | 苏州浪潮智能科技有限公司 | Authentication method, device, equipment and readable medium for private cloud |
CN112019343A (en) * | 2020-07-28 | 2020-12-01 | 苏州浪潮智能科技有限公司 | OpenStack token optimization method and system |
CN112600831A (en) * | 2020-12-11 | 2021-04-02 | 析云网络科技(苏州)有限公司 | Network client identity authentication system and method |
CN114499977A (en) * | 2021-12-28 | 2022-05-13 | 天翼云科技有限公司 | Authentication method and device |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080052245A1 (en) * | 2006-08-23 | 2008-02-28 | Richard Love | Advanced multi-factor authentication methods |
CN103188242A (en) * | 2011-12-30 | 2013-07-03 | 中国移动通信集团广东有限公司 | Data protecting method, data protecting server and system |
CN105871854A (en) * | 2016-04-11 | 2016-08-17 | 浙江工业大学 | Self-adaptive cloud access control method based on dynamic authorization mechanism |
-
2018
- 2018-04-11 CN CN201810320459.8A patent/CN110365483B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080052245A1 (en) * | 2006-08-23 | 2008-02-28 | Richard Love | Advanced multi-factor authentication methods |
CN103188242A (en) * | 2011-12-30 | 2013-07-03 | 中国移动通信集团广东有限公司 | Data protecting method, data protecting server and system |
CN105871854A (en) * | 2016-04-11 | 2016-08-17 | 浙江工业大学 | Self-adaptive cloud access control method based on dynamic authorization mechanism |
Non-Patent Citations (1)
Title |
---|
MISS_YANG_CLOUD: "keystone 认证深度研究分析", 《HTTPS://BLOG.CSDN.NET/MISS_YANG_CLOUD/ARTICLE/DETAILS/72902760》 * |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111447220B (en) * | 2020-03-26 | 2022-08-23 | 金蝶软件(中国)有限公司 | Authentication information management method, server of application system and computer storage medium |
CN111447220A (en) * | 2020-03-26 | 2020-07-24 | 金蝶软件(中国)有限公司 | Authentication information management method, server of application system and computer storage medium |
CN111552568A (en) * | 2020-04-28 | 2020-08-18 | 中国银行股份有限公司 | Cloud service calling method and device |
CN111552568B (en) * | 2020-04-28 | 2023-11-21 | 中国银行股份有限公司 | Cloud service calling method and device |
CN111698312A (en) * | 2020-06-08 | 2020-09-22 | 中国建设银行股份有限公司 | Service processing method, device, equipment and storage medium based on open platform |
CN111698312B (en) * | 2020-06-08 | 2022-10-21 | 中国建设银行股份有限公司 | Service processing method, device, equipment and storage medium based on open platform |
CN111885057A (en) * | 2020-07-23 | 2020-11-03 | 中国平安财产保险股份有限公司 | Message middleware access method, device, equipment and storage medium |
CN112019343A (en) * | 2020-07-28 | 2020-12-01 | 苏州浪潮智能科技有限公司 | OpenStack token optimization method and system |
CN112019343B (en) * | 2020-07-28 | 2022-12-23 | 苏州浪潮智能科技有限公司 | OpenStack token optimization method and system |
CN112019539B (en) * | 2020-08-27 | 2023-01-06 | 苏州浪潮智能科技有限公司 | Authentication method, device, equipment and readable medium for private cloud |
CN112019539A (en) * | 2020-08-27 | 2020-12-01 | 苏州浪潮智能科技有限公司 | Authentication method, device, equipment and readable medium for private cloud |
CN112600831A (en) * | 2020-12-11 | 2021-04-02 | 析云网络科技(苏州)有限公司 | Network client identity authentication system and method |
CN114499977A (en) * | 2021-12-28 | 2022-05-13 | 天翼云科技有限公司 | Authentication method and device |
CN114499977B (en) * | 2021-12-28 | 2023-08-08 | 天翼云科技有限公司 | Authentication method and device |
Also Published As
Publication number | Publication date |
---|---|
CN110365483B (en) | 2022-06-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110365483A (en) | Cloud platform authentication method, client, middleware and system | |
CN110958118B (en) | Certificate authentication management method, device, equipment and computer readable storage medium | |
CN107239688B (en) | The purview certification method and system in Docker mirror image warehouse | |
CN107294916B (en) | Single-point logging method, single-sign-on terminal and single-node login system | |
CN106170964B (en) | User virtual identity based on different identity services | |
US9065828B2 (en) | System for delegation of authority, access management service system, medium, and method for controlling the system for delegation of authority | |
CN104539615B (en) | Cascade connection authentication method based on CAS | |
US11811952B2 (en) | Authentication system and working method thereof | |
EP3609152A1 (en) | Internet-of-things authentication system and internet-of-things authentication method | |
CN105828329B (en) | Mobile terminal authentication management method | |
CN107241336B (en) | Identity verification method and device | |
CN110958119A (en) | Identity verification method and device | |
CN105871838A (en) | Third party account login control method and user center platform | |
CN108965341A (en) | The method, apparatus and system of login authentication | |
CN111404695B (en) | Token request verification method and device | |
CN109067785A (en) | Cluster authentication method, device | |
CN107453872A (en) | A kind of unified safety authentication method and system based on Mesos container cloud platforms | |
CN109726545A (en) | A kind of information display method, equipment, computer readable storage medium and device | |
CN106453321A (en) | Authentication server, system and method, and to-be-authenticated terminal | |
US20240364523A1 (en) | Identity authentication based on time-based one-time password algorithm | |
CN102255904A (en) | Communication network and terminal authentication method thereof | |
CN103428161A (en) | Phone authentication service system | |
US10735399B2 (en) | System, service providing apparatus, control method for system, and storage medium | |
Kim et al. | Puf-based iot device authentication scheme on iot open platform | |
CN110166471A (en) | A kind of portal authentication method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |