CN111327574B - Single machine login system allowing network address change and method thereof - Google Patents

Single machine login system allowing network address change and method thereof Download PDF

Info

Publication number
CN111327574B
CN111327574B CN201811535259.0A CN201811535259A CN111327574B CN 111327574 B CN111327574 B CN 111327574B CN 201811535259 A CN201811535259 A CN 201811535259A CN 111327574 B CN111327574 B CN 111327574B
Authority
CN
China
Prior art keywords
client
token information
server
request
echo request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811535259.0A
Other languages
Chinese (zh)
Other versions
CN111327574A (en
Inventor
陈龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inventec Pudong Technology Corp
Inventec Corp
Original Assignee
Inventec Pudong Technology Corp
Inventec Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inventec Pudong Technology Corp, Inventec Corp filed Critical Inventec Pudong Technology Corp
Priority to CN201811535259.0A priority Critical patent/CN111327574B/en
Publication of CN111327574A publication Critical patent/CN111327574A/en
Application granted granted Critical
Publication of CN111327574B publication Critical patent/CN111327574B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos

Abstract

The invention provides a single machine login system and method allowing network address change, which generates corresponding token information by a server end and provides the token information to a client end when the client end logs in the server end, so that the client end can embed the token information to be used for user identification of single machine login when transmitting a client end request, and the client end continuously sends echo information containing the token information to the server end in a fixed sending period, so that the client end can immediately obtain feedback of the server end when the token information fails, and the token information is updated to ensure single machine login when the server end receives the echo request in advance, thereby achieving the technical effect of improving the applicability of single machine login.

Description

Single machine login system allowing network address change and method thereof
Technical Field
The invention relates to a single machine login system and a method thereof, in particular to a single machine login system allowing network address change and a method thereof.
Background
In recent years, with the popularization and vigorous development of the internet, various systems and websites emerge like bamboo shoots in the spring after rain, and single login becomes one of the most spotlighted solutions to solve the problem that one account is operated by multiple persons at the same time, which causes resource safety, authorization or consumption of hardware resources.
Generally, a conventional single-machine login method usually records a network Address (IP Address) of an account when the login is successful, and checks whether the network addresses are consistent when a subsequent request is received, and if the network addresses are not consistent, the login is forced. However, the single-machine login of this method is only applicable to a simple network environment, and when the network environment where the client is located frequently has a network address drift, it will cause a situation of misjudgment, so that the client still needs to log in again frequently, that is, it is not applicable to a more complicated network environment, and therefore the single-machine login is not applicable well.
In view of the above, manufacturers have proposed a technical means of using a hardware key as a single machine login, which uses the key set in the chip as a certificate for verification and does not need to use the traditional account password for login. However, this method does not require inputting account number and password, so it needs to make corresponding adjustment on the login machine of the server, and it cannot be directly applied to the network environment without adjustment, and the hardware key may be lost or damaged, so it still has the problem of poor applicability of single machine login.
In view of the above, it is known that the prior art has a problem that the applicability of single machine registration is not good for a long time, and therefore, it is necessary to provide an improved technical means to solve the problem.
Disclosure of Invention
The invention provides a single machine login system allowing network address change and a method thereof.
First, the present invention provides a single machine login system allowing network address change, the system comprises: client and server. On the part of the client, it includes: a transmission module and an execution module. The transmission module is used for receiving the token information for storage and transmitting a plurality of client requests, wherein each client request is embedded with the stored token information during transmission; the execution module is used for continuously sending an echo request in a fixed sending period after successful login, wherein the echo request comprises token information.
At the server side, a portion comprising: a login module and an update module. The login module is used for allowing the client to log in, and after the client logs in successfully, corresponding token information is generated to be transmitted to the corresponding client; the updating module is used for updating the token information when the echo request is received in advance in a non-sending period, and transmitting the updated token information to the client side sending the echo request, so that the client side stores the updated token information.
In addition, the invention provides a single machine login method allowing network address change, which is applied to a network environment with a client and a server, and comprises the following steps: the server side provides the client side for logging in, and generates corresponding token information to be transmitted to the corresponding client side after the client side successfully logs in; the client receives the corresponding token information from the server for storage, and embeds the token information into each client request when transmitting a plurality of client requests to the server; the client side continuously sends an echo request to the server side in a fixed sending period, wherein the echo request comprises token information; when the server end receives the echo request in advance in a non-sending period, the server end updates the token information and transmits the updated token information to the client end sending the echo request, so that the client end embeds the updated token information into the client end request to be transmitted.
The system and the method disclosed by the invention are different from the prior art in that when the client logs in the server, the server generates corresponding token information and provides the token information to the client, so that the client embeds the token information to be used for user identification of single machine login when transmitting a client request, and the client continuously sends echo information containing the token information to the server in a fixed sending period, so that when the token information fails, the client can immediately obtain feedback of the server, and when the server receives the echo request in advance, the token information is updated to ensure single machine login.
Through the technical means, the invention can achieve the technical effect of improving the applicability of single machine login.
Drawings
FIG. 1 is a system block diagram of a stand-alone login system that allows network address changes in accordance with the present invention.
FIG. 2 is a flow chart of a method for allowing a single machine login with network address change according to the present invention.
FIG. 3 is a diagram illustrating a client logging on a server according to the present invention.
Fig. 4 is a schematic diagram of a prompt block for prompting a user to log in a server again by applying the present invention.
Description of the symbols:
110 client
111 transmission module
112 execution module
120 server side
121 login module
122 update module
300 login window
311 Account input block
312 password input block
321 validation element
322 cancel element
400 hint Block
410 reregister element
Step 210, the server provides the client for logging in, and generates corresponding token information to transmit to the corresponding client after the client successfully logs in
Step 220, the client receives the corresponding token information from the server for storage, and embeds the stored token information into each client request when transmitting a plurality of client requests to the server
Step 230, the client continuously sends an echo request to the server in a fixed sending period, wherein the echo request includes the token information
Step 240, when the server end receives the echo request in advance in a period other than the sending period, the server end updates the token information and transmits the updated token information to the client end sending the echo request, so that the client end embeds the updated token information into the client end request
Detailed Description
The following detailed description of the embodiments of the present invention will be provided in conjunction with the accompanying drawings and examples, so that how to implement the technical means for solving the technical problems and achieving the technical effects of the present invention can be fully understood and implemented.
Before describing the single machine login system and method allowing network address change disclosed by the present invention, a description will be given of a network environment applied by the present invention, wherein the network environment includes a wired network or a wireless network or a combination of both, so as to facilitate communication between a client and a server. The wired network can be connected by telephone lines, twisted pair lines, cable lines, optical fibers and the like; the wireless network may be implemented by wireless communication technologies such as Bluetooth (Bluetooth), Wi-Fi, LoRa, ZigBee, CoAP (managed Application Protocol), mqtt (message Queuing technical transport), and the like. In practical implementation, both the client and the server can be implemented using computer devices, such as: personal computers, notebook computers, tablet computers, smart phones, servers, and the like.
Referring to fig. 1, fig. 1 is a system block diagram of a single machine login system allowing network address change according to the present invention, wherein the system comprises: client terminal 110 and server terminal 120. On the part of client 110, it contains: a transmission module 111 and an execution module 112. The transmission module 111 is configured to receive Token (Token) information for storage and transmit client requests, where each client request is embedded with the stored Token information during transmission. In practical implementation, the transmission module 111 may further receive an error message, and when receiving the error message, generate a prompt block to prompt the user to log in the server 120 again.
The execution module 112 is configured to continuously send an echo request with a fixed sending period after successfully logging in the server 120, where the echo request includes token information. In practical implementation, the fixed transmission period refers to transmitting an echo request every few seconds, for example: every 2 seconds, every 3 seconds, etc. It should be noted that, in order to avoid the situation that the client 110 affects the transmission cycle due to reloading the web page, and thus sends the echo request to the server 120 in advance, the client 110 stops sending the first echo request (i.e. the first echo request in the round-robin) in the transmission cycle when reloading the same web page.
At the server end 120, it includes: a login module 121 and an update module 122. The login module 121 is configured to allow the client 110 to log in, and generate corresponding token information to be transmitted to the corresponding client 110 after the client 110 successfully logs in. In practical implementation, the user needs to log in the server side 120 with his/her account, and the server side 120 will generate corresponding token information for each logged-in account. In addition, the same client 110 may allow different accounts to log in the server 120, and the same account may also log in the server 120 through different clients 110, except that if the same account logs in the server 120 through different clients 110, only the last client 110 that logs in will obtain the token information updated by the server 120, and as for the existing client 110 that logs in using the same account, will obtain the error information transmitted by the server 120, prompting the user to log in again. It should be noted that the token information may be a random string generated by the server 120 and stored in both the server 120 and the client 110, wherein the client 110 stores the token information in a Cookie (Cookie).
The updating module 122 is configured to update the token information when the echo request is received in advance in the non-transmission period, and transmit the updated token information to the client 110 that transmits the echo request, so that the client 110 stores the updated token information. For example, assuming that the original client 110 transmits every 5 seconds, when an echo request of the same user is received in advance at an interval of 3 seconds, it means that the user may log in the new client 110, so the update module 122 regenerates the token information and transmits the token information to the new client 110 that transmitted the echo request. Thereafter, even though the original client 110 still transmits the echo request, the server 120 discards the echo request because the token information in the echo request does not match the token information of the server 120, and transmits an error message to the corresponding client 110 to prompt re-login. In other words, when receiving the client request or echo request embedded with the un-updated token information after updating the token information, the server side 120 discards the client request or echo request embedded with the un-updated token information and transmits the error information to the corresponding client side 110.
It should be noted that, in practical implementation, each module described in the present invention can be implemented by various manners, including software, hardware, or any combination thereof, for example, in some embodiments, the module can be implemented by software, hardware, or any combination thereof, and besides, the present invention can also be implemented partially or completely by hardware, for example, one or more modules in a System can be implemented by an integrated circuit Chip, a System on Chip (SoC), a Complex Programmable Logic Device (CPLD), a Field Programmable Gate Array (FPGA), and so on. The present invention may be a system, method and/or computer program. The computer program may include a computer readable storage medium having computer readable program instructions embodied thereon for causing a processor to implement various aspects of the present invention, the computer readable storage medium may be a tangible device that can hold and store the instructions for use by the instruction execution device. The computer readable storage medium may be, but is not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: hard disk, random access memory, read only memory, flash memory, compact disk, floppy disk, and any suitable combination of the foregoing. Computer-readable storage media as used herein is not to be construed as transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission medium (e.g., optical signals through a fiber optic cable), or electrical signals transmitted through a wire. Additionally, the computer-readable program instructions described herein may be downloaded to the various computing/processing devices from a computer-readable storage medium, or over a network, for example: the internet, the local area network, the wide area network and/or the wireless network are downloaded to the external computer equipment or the external storage equipment. The network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, hubs and/or gateways. The network card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in a computer-readable storage medium in the respective computing/processing device. The computer program instructions which carry out operations of the present invention may be combination language instructions, instruction set architecture instructions, machine dependent instructions, micro-instructions, firmware instructions, or Object Code (Object Code) written in any combination of one or more programming languages, including Object oriented programming languages such as: common Lisp, Python, C + +, Objective-C, Smalltalk, Delphi, Java, Swift, C #, Perl, Ruby, and PHP, etc., and conventional Procedural (Procedural) programming languages, such as: c or a similar programming language. The computer readable program instructions may execute entirely on the computer, partly on the computer, as a stand-alone software application, partly on the client computer and partly on the remote computer or entirely on the remote computer or server.
Referring to fig. 2, fig. 2 is a flowchart of a single-machine login method allowing network address change according to the present invention, applied to a network environment having a client 110 and a server 120, including the steps of: the server side 120 provides the client side 110 for login, and generates corresponding token information to transmit to the corresponding client side 110 after the client side 110 successfully logs in (step 210); the ue 110 receives the corresponding token information from the server 120 for storage, and embeds the stored token information into each ue request when transmitting the ue request to the server 120 (step 220); the client 110 continuously sends an echo request to the server 120 at a fixed sending period, where the echo request includes token information (step 230); and when the server side 120 receives the echo request in advance in the non-transmission period, the server side 120 updates the token information and transmits the updated token information to the client side 110 which transmits the echo request, so that the client side 110 embeds the client side request with the updated token information (step 240). Through the above steps, when the client 110 logs in the server 120, the server 120 generates and provides the corresponding token information to the client 110, so that the client 110 embeds the token information to identify the user of the stand-alone login when transmitting the client request, and the client 110 continuously sends the echo information containing the token information to the server 120 at a fixed sending period, so that the client 110 can immediately obtain the feedback of the server 120 when the token information fails, and when the server 120 receives the echo request in advance, the token information is updated to ensure the stand-alone login.
Referring to fig. 3, fig. 3 is a schematic diagram illustrating a client logging in a server according to the present invention, and fig. 4 is a schematic diagram illustrating the client logging in the server according to the present invention. In practice, when the user at the client 110 logs in the server 120, the user can input an account number in the account number input block 311 of the login window 300 and input a password in the password input block 312. Next, the click confirmation component 321 makes a login request to the server side 120, or the click cancellation component 322 selects to cancel the login to the server side 120. Then, after successfully logging on the server 120, the client 110 continuously transmits an echo request including token information to the server 120 at a fixed transmission cycle, so as to obtain feedback (i.e. error information) of the server 120 immediately when the token information fails. When the server side 120 receives the echo request transmitted by the client side 110 in advance, it is possible to log in through another client side 110 on behalf of the same account, so that the server side 120 updates the token information and transmits the updated token information to the client side 110 that transmits the echo request, so that the client side 110 and the server side 120 have the same token information.
As shown in fig. 4, fig. 4 is a schematic diagram of a prompt block for prompting a user to log in a server again by applying the present invention. In practical implementation, after updating the token information, the server side 120 discards the client request or the echo request embedded with the un-updated token information and transmits error information to the corresponding client side 110 if the client request or the echo request embedded with the un-updated token information is received. When the client 110 receives the error message, it generates a prompt block 400 as shown in fig. 4 to prompt the user to click the re-login element 410, so as to open the login window 300 as shown in fig. 3 for re-login.
In summary, it can be seen that the difference between the present invention and the prior art is that when a client logs in a server, the server generates corresponding token information and provides the token information to the client, so that when the client transmits a client request, the token information is embedded for user identification of single machine login, and the client continuously transmits echo information containing the token information to the server in a fixed transmission cycle, so that when the token information fails, the client can immediately obtain feedback from the server, and when the server receives the echo request in advance, the token information is updated to ensure single machine login.
Although the present invention has been described with reference to the foregoing embodiments, it should be understood that various changes and modifications can be made therein by those skilled in the art without departing from the spirit and scope of the invention.

Claims (10)

1. A stand-alone login system for allowing network address change, the system comprising:
at least one client, each client comprising:
a transmission module for receiving the token information for storage and transmitting a plurality of client requests, wherein each client request is embedded with the stored token information during transmission; and
the execution module is used for continuously sending an echo request in a fixed sending period after successful login, wherein the echo request comprises the token information; and
a server side, the server side comprising:
the login module is used for allowing the client to log in and generating corresponding token information to be transmitted to the corresponding client after the client successfully logs in; and
and the updating module is used for updating the token information when the echo request is received in advance in a period other than the sending period, and transmitting the updated token information to the client side sending the echo request so that the client side stores the updated token information.
2. The system of claim 1, wherein the client stops sending the first echo request during the sending period when reloading the same web page.
3. The system of claim 1, wherein the server, after updating the token information, when receiving the client request or the echo request embedded with the token information that is not updated, discards the client request or the echo request embedded with the token information that is not updated, and transmits an error message to the corresponding client.
4. The system of claim 3, wherein the client end generates a prompt block to prompt the user to log back on the server end when receiving the error message.
5. The system of claim 1, wherein the token information is a random string generated by the server and is stored in both the server and the client, and wherein the client stores the token information in a cookie.
6. A single machine login method allowing network address change is applied to a network environment with at least one client and a server, and is characterized by comprising the following steps:
the server side allows the client side to log in, and generates corresponding token information to be transmitted to the corresponding client side after the client side successfully logs in;
the client receives the corresponding token information from the server for storage, and embeds the token information into each client request when transmitting a plurality of client requests to the server;
the client side continuously sends an echo request to the server side in a fixed sending period, wherein the echo request comprises the token information; and
when the server end receives the echo request in advance in a period other than the sending period, the server end updates the token information and transmits the updated token information to the client end sending the echo request, so that the client end embeds the updated token information into the client end request.
7. The stand-alone login method for allowing network address change of claim 6, wherein the client stops sending the first echo request in the sending period when reloading the same webpage.
8. The method as claimed in claim 6, wherein the server, after updating the token information, when receiving the client request or the echo request embedded with the token information that is not updated, discards the client request or the echo request embedded with the token information that is not updated, and transmits an error message to the corresponding client.
9. The stand-alone login method of claim 8, wherein the client end generates a prompt block to prompt the user to log in the server end again when receiving the error message.
10. The method as claimed in claim 6, wherein the token information is a random string generated by the server and is stored in both the server and the client, and wherein the client stores the token information in a cookie.
CN201811535259.0A 2018-12-14 2018-12-14 Single machine login system allowing network address change and method thereof Active CN111327574B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811535259.0A CN111327574B (en) 2018-12-14 2018-12-14 Single machine login system allowing network address change and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811535259.0A CN111327574B (en) 2018-12-14 2018-12-14 Single machine login system allowing network address change and method thereof

Publications (2)

Publication Number Publication Date
CN111327574A CN111327574A (en) 2020-06-23
CN111327574B true CN111327574B (en) 2022-05-06

Family

ID=71170146

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811535259.0A Active CN111327574B (en) 2018-12-14 2018-12-14 Single machine login system allowing network address change and method thereof

Country Status (1)

Country Link
CN (1) CN111327574B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104506542A (en) * 2014-12-29 2015-04-08 深圳中兴网信科技有限公司 Security certification method and security certification system
CN105100056A (en) * 2015-06-05 2015-11-25 北京奇虎科技有限公司 Application data processing method and system
CN108833378A (en) * 2018-05-31 2018-11-16 上海康斐信息技术有限公司 A kind of processing method and system that more account numbers log in

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10015162B2 (en) * 2015-05-11 2018-07-03 Huawei Technologies Co., Ltd. Firewall authentication of controller-generated internet control message protocol (ICMP) echo requests
US10740298B2 (en) * 2016-10-12 2020-08-11 Microsoft Technology Licensing, Llc File synchronization with reduced conflicts in computing systems

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104506542A (en) * 2014-12-29 2015-04-08 深圳中兴网信科技有限公司 Security certification method and security certification system
CN105100056A (en) * 2015-06-05 2015-11-25 北京奇虎科技有限公司 Application data processing method and system
CN108833378A (en) * 2018-05-31 2018-11-16 上海康斐信息技术有限公司 A kind of processing method and system that more account numbers log in

Also Published As

Publication number Publication date
CN111327574A (en) 2020-06-23

Similar Documents

Publication Publication Date Title
CN109067728B (en) Access control method and device for application program interface, server and storage medium
EP3723341B1 (en) Single sign-on for unmanaged mobile devices
US20170251367A1 (en) Authenticating mobile applications using policy files
CN113630377B (en) Single sign-on for hosted mobile devices
CN111062024B (en) Application login method and device
US10200352B2 (en) System and method for secure application communication between networked processors
US20160366119A1 (en) Single sign-on for unmanaged mobile devices
CN102546570A (en) Processing method and system for single sign-on
CN104660409B (en) The method of system login and certificate server cluster under cluster environment
KR101556619B1 (en) System and method for sharing login status between an application platform and an application
US11303635B2 (en) Assisted third-party password authentication
CN108810896B (en) Connection authentication method and device of wireless access point
CN110365701B (en) Client terminal equipment management method and device, computing equipment and storage medium
CN112491776B (en) Security authentication method and related equipment
CN104519050A (en) Login method and login system
CN110958119A (en) Identity verification method and device
CN108900562B (en) Login state sharing method and device, electronic equipment and medium
CN111327574B (en) Single machine login system allowing network address change and method thereof
CN105704109B (en) A kind of network access verifying method and equipment
CN113992446B (en) Cross-domain browser user authentication method, system and computer storage medium
EP3329650B1 (en) Providing multi-factor authentication credentials via device notifications
TWI680658B (en) Single-user login system with allows network address changes and method thereof
CN108228280A (en) The configuration method and device of browser parameters, storage medium, electronic equipment
TWI817162B (en) Component-free signature system for mobile device and method thereof
CN112383542B (en) User login method and system, authentication end and user end

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant