CN111371725A - Method for improving security of session mechanism, terminal equipment and storage medium - Google Patents
Method for improving security of session mechanism, terminal equipment and storage medium Download PDFInfo
- Publication number
- CN111371725A CN111371725A CN201811586749.3A CN201811586749A CN111371725A CN 111371725 A CN111371725 A CN 111371725A CN 201811586749 A CN201811586749 A CN 201811586749A CN 111371725 A CN111371725 A CN 111371725A
- Authority
- CN
- China
- Prior art keywords
- token
- user
- session information
- database
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
Abstract
The application discloses a method for improving the security of a session mechanism, terminal equipment and a storage medium, wherein the method comprises the following steps: generating a token for a user logging in a client, and returning the token to the client; generating session information based on the user information in the token and storing the session information in a database; loading a first time limit for the session information stored in the database and timing; deleting the session information stored in the database in response to an event that a first expiration timer for the session information expires; and responding to a service request containing the token from the client, and performing timing refreshing on the first time limit of the session information matched with the user information in the token in the database. According to the embodiment of the application, the expiration time limit of the session information is stored in the database, and the expiration time limit is updated, so that a user can obtain the target resource in time, and the user experience is improved.
Description
Technical Field
The present application relates to the field of mobile communications, and in particular, to a method, a terminal device, and a storage medium for improving security of a session mechanism.
Background
JSON Web Tokens (JWT) is a JSON-based development standard (RFC 7519) implemented for delivering declarations between Web application environments, and is particularly suitable for Single Sign On (SSO) scenarios of distributed sites due to its compact and secure nature. The assertion of JWT is typically used to pass authenticated user identity information between the identity provider and the service provider to facilitate resource acquisition from the resource server, and may add some additional assertion information necessary for other business logic, either directly for authentication or encrypted.
JWT is typically used for authentication, and when a user logs in, each subsequent request will contain a JWT to allow the user to access the routes, services and resources allowed by the token. Because the overhead of JWT is small and it can be easily used across different domains, JWT can be widely used in such single sign-on. In addition, since JWT is one of preferable modes for securely transmitting information between parties, JWT is also widely used for information exchange.
In the existing JWT session mechanism, after a user normally logs in, if the timeout of a token is reached, the user must log in again, which affects the user experience.
Disclosure of Invention
The embodiment of the application provides a method for improving the security of a session mechanism, terminal equipment and a storage medium. The method comprises the following steps:
generating a token for a user logging in a client, and returning the token to the client;
generating session information based on the user information in the token and storing the session information in a database;
loading a first time limit for the session information stored in the database and timing;
deleting the session information stored in the database in response to an event that a first expiration timer for the session information expires;
and responding to a service request containing the token from the client, and performing timing refreshing on the first time limit of the session information matched with the user information in the token in the database.
Optionally, after receiving a service request containing the token sent by the user, the token is verified.
Optionally, when the verification result of the token verification is failed, a prompt message indicating that the access is denied is returned to the client.
Optionally, when a verification result of verifying the token passes, matching the user information in the token with the corresponding session information in the database, where the user information includes a user name, login time, and a user ID, and the session information includes a user name, login time, a client IP address, and a user ID;
and when the user information in the token is successfully matched with the corresponding session information and the client IP address sent by the user is consistent with the client IP address in the session information, returning the target resource corresponding to the service request to the client.
Optionally, when the user information in the token fails to match with the corresponding session information in the database, a prompt message indicating that access is denied is returned to the client.
Optionally, when the user logs out at the client, deleting the session information matched with the corresponding user information in the database.
In another embodiment of the present invention, a terminal device is provided, which includes a processor configured to:
generating a token for a user logging in a client, and returning the token to the client;
generating session information based on the user information in the token and storing the session information in a database;
loading a first time limit for the session information stored in the database and timing;
deleting the session information stored in the database in response to an event that a first expiration timer for the session information expires;
and responding to a service request containing the token from the client, and performing timing refreshing on the first time limit of the session information matched with the user information in the token in the database.
Optionally, the processor is further configured to: and after receiving a service request which is sent by a user and contains the token, verifying the token.
In another embodiment of the present invention, a non-transitory computer readable storage medium is provided that stores instructions that, when executed by a processor, cause the processor to:
generating a token for a user logging in a client, and returning the token to the client;
generating session information based on the user information in the token and storing the session information in a database;
loading a first time limit for the session information stored in the database and timing;
deleting the session information stored in the database in response to an event that a first expiration timer for the session information expires;
and responding to a service request containing the token from the client, and performing timing refreshing on the first time limit of the session information matched with the user information in the token in the database.
Optionally, the instructions, when executed by the processor, further cause the processor to:
and after receiving a service request which is sent by a user and contains the token, verifying the token.
As can be seen from the above, based on the above embodiment, a token is first generated for a user who logs in to a client, and the token is returned to the client, and at the same time, session information is generated based on user information in the token and stored in a database. Secondly, loading a first time limit for the session information stored in the database and timing, and in response to the event that the first time limit timing of the session information is overtime, deleting the session information stored in the database. And finally, responding to a service request containing the token from the client, and executing timing refreshing on the first time limit of the session information matched with the user information in the token in the database. According to the embodiment of the application, the session information generated according to the user information is stored in the database, the first time limit is loaded for the session information, and the first time limit is refreshed when the session information is matched with the user information in the token, so that the server side can automatically refresh the expiration time limit, the user does not need to log in again after the token is expired, and the use experience of the user is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a flowchart illustrating a method for improving security of a session mechanism according to an embodiment of the present application;
fig. 2 shows a specific flowchart of a method for enhancing security of a session mechanism according to an embodiment of the present application;
fig. 3 is a schematic diagram illustrating an apparatus for enhancing security of a session mechanism according to an embodiment of the present application;
fig. 4 shows a schematic diagram of a terminal device provided in an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings and examples.
The JWT session mechanism generally stores the token in the client, and when the server receives the service request from the client, the token is carried in the request header of the service request, and the server does not store any user information, so the server is completely uncontrollable for the user information. So when the expiration time limit of the token expires during normal operation of the user, the user must re-log in. If the expiration time limit of a token is reset, a token needs to be regenerated, which increases costs. Moreover, after the user logs out, the attacker holding the token whose user is not due can still access the target resource, which brings about a serious potential safety hazard. "
In view of the foregoing problems, an embodiment of the present application provides a method for improving security of a session mechanism, which is shown in fig. 1 and includes the following detailed steps:
s11, generating a token for the user logging in the client, and returning the token to the client.
In the step, after a user logs in at a client, a server authenticates a pass such as an account number and a password input by the user, a token object is generated and sent back to the client, the token is stored in a localstorage by the client, and then when the user communicates with the server, the token is carried by the client when the client accesses a target resource, and the server determines the identity of the user by means of the token. In a compact form, the token is mainly composed of a header, payload, and signature. Wherein the header part of the token contains the type of token and the employed encryption algorithm. In particular, the type of token, JWT, is a commonly used encryption algorithm such as HMAC SHA256, SHA-512, or RSA. The json of the Header section is encoded by Base64Url, forming the first part of the token. The payload section stores user information of the user. the token's signature is used to verify the identity of the requester sending the request, and needs to be encrypted by using the Base64Url encoded header and payload and a key, and at the same time, the signature is signed by using a specified algorithm in the header.
When the client receives the returned token, the token may be stored in the cookie or the localstorage. Using token for user authentication is a stateless authentication mechanism because the user state is not stored in the memory of the server. The server protected route will check for a valid token in the authorization header and if present, allow the user to access the protected resource. Meanwhile, because the token is independent and necessary user information about the user is carried in the token, the requirement of inquiring the user information for many times is reduced.
S12, generating session information based on the user information in the token and storing the session information in the database.
In this step, the generated token carries the user information, and the user information is stored in the payload part of the token. And generating session information according to the user information in the token, and storing the session information in a database. Wherein the database is preferably a redis database.
Here, the session information generated from the user information in the token is of the same type as that in the user information, and includes user information such as a user name, login time, client IP address, and user ID of the user.
And S13, loading a first time limit for the conversation information stored in the database and timing.
In this step, after the session information generated based on the user information in the token is stored in the data, a first time limit is loaded for the session information stored in the database. The first time limit is the expiration time of the session information in the database, and the session information in the database is in a valid state within the first time limit. Meanwhile, after the first time limit is loaded for the session information, timing is started.
S14, in response to the event that the first expiration timer for the session information expires, deleting the session information stored in the database.
In this step, after the first time limit loaded for the session information in the database in the above step expires, the session information stored in the database is deleted.
S15, responding to the service request containing token from the client, and executing timing refreshing to the first time limit of the session information matched with the user information in the token in the database.
In this step, after receiving a service request containing a token sent by a user at a client, the received token is verified first. Specifically, the token is returned to the client as a part of the service request cookie, and before the cookie is invalid or deleted, each time the user accesses the target resource, the server receives the cookie containing the token, so that the token in the cookie is extracted, and the token is authenticated, that is, the validity of the token is checked. The token is authenticated mainly by checking whether the signature is correct. And when the token is not verified to be passed, returning prompt information representing access refusal to the client.
And when the verification result of the token verification is passed, that is, the token is determined to be valid, matching the user information in the token with the corresponding session information in the database, and returning the target resource corresponding to the service request sent by the user to the client when the user information in the token and the corresponding session information are all successfully matched.
Specifically, after confirming that the token is valid, the token performs Base64 decoding, and then reads the user ID of the user, i.e., the user _ ID attribute, in the payload. Matching according to the user ID in the user information in the token and the user ID in the session information in the database, matching other user information with the corresponding session information when the user IDs are determined to be the same, matching the login time and the user name in the user information with the corresponding login time and the corresponding user name in the session information respectively, matching the client IP address received along with the service request of the user with the client IP address in the session information, and returning the target resource corresponding to the service request of the user to the client when all types are successfully matched.
In addition, each type corresponding to the user information in the token and the session information stored in the database should all match. And when the certain type has the condition of mismatch, not returning the target resource corresponding to the service request. And meanwhile, when the matching of the user information in the token and the sent IP address of the client with the corresponding session information in the database fails, returning prompt information indicating that the access is denied to the client. After each successful login, the login time of the user is stored in a redis database as a part of session information, and the login time is stored in the token returned to the client. The user needs to log in again after modifying the password. If the user holds the previous token to access the target resource, the server side considers that the login time in the token is not matched with the login time stored in the redis database, and therefore the target resource is not released. Meanwhile, after logging in successfully each time, the ip address of the client of the user is stored in a redis database as a part of session information, and after token authentication is carried out on each access request of the user, the server side compares whether the ip address of the client is matched with the ip address of the client in the redis database. And further, the potential safety hazard that when the same account of the user logs in two computers, the two computers can access the target resource is prevented.
And when the user information in the token and the sent IP address of the client are matched with the corresponding session information successfully, performing timing refreshing on the first time limit of the session information matched with the user information in the token in the database, specifically, reloading the first time limit of the session information in the database, and restarting timing. And if the session information corresponding to the user cannot be inquired, considering that the token is expired.
And when the user logs out at the client, deleting the session information matched with the corresponding user information in the database.
Based on the above embodiment of the application, the session information generated according to the user information in the token is stored in the database, the first time limit is loaded for the session information in the database, timing is performed, and the session information stored in the database is deleted after the first time limit expires. According to the embodiment of the application, the first time limit is loaded for the session information stored in the database, and when the user information in the token is completely matched with the session information in the corresponding database, the first time limit is refreshed, so that the server side can automatically refresh the expiration time of the session information, the user does not need to log in again, and the use experience of the user is improved.
As shown in fig. 2, a specific flowchart of a method for improving security of a session mechanism according to an embodiment of the present application is shown, and the detailed steps are as follows:
s21, the user inputs the account password to log in the client, the client generates a token and returns the token containing the user information to the client;
s22, generating session information based on the user information in the token, storing the session information in a database, loading a first time limit for the session information, starting timing, and deleting the session information stored in the database after the first time limit is timed out;
s23, receiving a service request containing a token sent by a user, and authenticating the received token;
s24, when the token is not authenticated, returning prompt information representing access refusal to the client;
s25, when the token passes the authentication, matching the user information in the token with the session information in the database;
s26, when the user information in the token and the received client IP address are successfully matched with each type of the session information in the database, including the user name, the login time, the client IP address, the user ID and the like, respectively, the target resource corresponding to the service request is returned to the client, and meanwhile, the first time limit of the session information is refreshed;
s27, when the matching between the user information in the token and the corresponding session information in the database fails, returning prompt information representing access refusal to the client;
and S28, when the user logs out from the client successfully, deleting the session information matched with the corresponding user information in the database.
In the method for improving the security of the session mechanism provided by the embodiment of the application, the session information generated according to the user information is stored in the database, the first time limit is loaded for the session information, that is, the expiration time limit of the token is stored in the database as a part of the session information, and the expiration time limit of the session information is automatically refreshed according to the first time limit, so that the user does not need to log in again. At the same time, the user's login time is stored in the token returned to the client, and also stored in the database as part of the session information, for determining whether the token was generated before or after the password was modified. In addition, the ip address of the user is stored in the database as a part of the session information, so that the same account can only log in on one device, and the operation safety and the user experience of the user are improved.
Based on the same inventive concept, an embodiment of the present application further provides a device for improving security of a session mechanism, where as shown in fig. 3, the device includes:
the generating module 31 is configured to generate a token for a user logging in a client, and return the token to the client;
the storage module 32 is used for generating session information based on the user information in the token and storing the session information in the database;
a timing module 33, configured to load a first time limit for the session information stored in the database and time;
a deleting module 34, configured to delete the session information stored in the database in response to an event that the first time limit of the session information expires;
and the timing refreshing module 35 is configured to perform timing refreshing on the first time limit of the session information in the database, which is matched with the user information in the token, in response to a service request containing the token from the client.
In this embodiment, specific functions and interaction manners of the generating module 31, the storing module 32, the timing module 33, the deleting module 34, and the timing refreshing module 35 may refer to the description of the embodiment corresponding to fig. 1, and are not described herein again.
As shown in fig. 4, another embodiment of the present application further provides a terminal device, which includes a processor 40, where the processor 40 is configured to:
generating a token for a user logging in a client, and returning the token to the client;
generating session information based on the user information in the token and storing the session information in a database;
loading a first time limit for the session information stored in the database and timing;
deleting the session information stored in the database in response to an event that a first expiration timer for the session information expires;
and responding to a service request containing the token from the client, and performing timing refreshing on the first time limit of the session information matched with the user information in the token in the database.
Optionally, the processor 40 is further configured to:
and after receiving a service request which is sent by a user and contains the token, verifying the token.
As can also be seen from fig. 4, the terminal device provided in the foregoing embodiment further includes a non-transitory computer-readable storage medium 41, where the non-transitory computer-readable storage medium 41 stores thereon a computer program, which when executed by the processor 41, performs the steps of the above method for improving the handover performance of the public and private networks, where the instructions, when executed by the processor, cause the processor to:
generating a token for a user logging in a client, and returning the token to the client;
generating session information based on the user information in the token and storing the session information in a database;
loading a first time limit for the session information stored in the database and timing;
deleting the session information stored in the database in response to an event that a first expiration timer for the session information expires;
and responding to a service request containing the token from the client, and performing timing refreshing on the first time limit of the session information matched with the user information in the token in the database.
The instructions, when executed by a processor, further cause the processor to:
and after receiving a service request which is sent by a user and contains the token, verifying the token.
Specifically, the storage medium can be a general storage medium, such as a mobile disk, a hard disk, a FLASH memory, and the like, and when a computer program on the storage medium is run, the method for improving the security of the session mechanism can be executed, so that the expiration time limit of the session information is stored in the database, the server can automatically refresh the expiration time limit, and the effect of improving the use experience of the user is achieved.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present application, and are used for illustrating the technical solutions of the present application, but not limiting the same, and the scope of the present application is not limited thereto, and although the present application is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope disclosed in the present application; such modifications, changes or substitutions do not depart from the spirit and scope of the exemplary embodiments of the present application, and are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A method for improving security of a session mechanism, comprising:
generating a token for a user logging in a client, and returning the token to the client;
generating session information based on the user information in the token and storing the session information in a database;
loading a first time limit for the session information stored in the database and timing;
deleting the session information stored in the database in response to an event that a first expiration timer for the session information expires;
and responding to a service request containing the token from the client, and performing timing refreshing on the first time limit of the session information matched with the user information in the token in the database.
2. The method of claim 1, further comprising:
and after receiving a service request which is sent by a user and contains the token, verifying the token.
3. The method of claim 2, further comprising:
and when the verification result of the token verification is failed, returning prompt information representing access refusal to the client.
4. The method of claim 2, further comprising:
when the token passes the verification result of the verification, matching the user information in the token with the corresponding session information in the database, wherein the user information comprises a user name, login time and a user ID, and the session information comprises the user name, the login time, a client IP address and the user ID;
and when the user information in the token is successfully matched with the corresponding session information and the client IP address sent by the user is consistent with the client IP address in the session information, returning the target resource corresponding to the service request to the client.
5. The method of claim 4, further comprising:
and when the user information in the token is failed to be matched with the corresponding session information in the database, returning prompt information representing access refusal to the client.
6. The method of claim 1, further comprising:
and when the user logs out at the client, deleting the session information matched with the corresponding user information in the database.
7. A terminal device, comprising a processor configured to:
generating a token for a user logging in a client, and returning the token to the client;
generating session information based on the user information in the token and storing the session information in a database;
loading a first time limit for the session information stored in the database and timing;
deleting the session information stored in the database in response to an event that a first expiration timer for the session information expires;
and responding to a service request containing the token from the client, and performing timing refreshing on the first time limit of the session information matched with the user information in the token in the database.
8. The terminal device of claim 7, wherein the processor is further configured to:
and after receiving a service request which is sent by a user and contains the token, verifying the token.
9. A non-transitory computer readable storage medium storing instructions that, when executed by a processor, cause the processor to:
generating a token for a user logging in a client, and returning the token to the client;
generating session information based on the user information in the token and storing the session information in a database;
loading a first time limit for the session information stored in the database and timing;
deleting the session information stored in the database in response to an event that a first expiration timer for the session information expires;
and responding to a service request containing the token from the client, and performing timing refreshing on the first time limit of the session information matched with the user information in the token in the database.
10. The non-transitory computer readable storage medium of claim 9, wherein the instructions, when executed by a processor, further cause the processor to:
and after receiving a service request which is sent by a user and contains the token, verifying the token.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811586749.3A CN111371725A (en) | 2018-12-25 | 2018-12-25 | Method for improving security of session mechanism, terminal equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811586749.3A CN111371725A (en) | 2018-12-25 | 2018-12-25 | Method for improving security of session mechanism, terminal equipment and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111371725A true CN111371725A (en) | 2020-07-03 |
Family
ID=71209768
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811586749.3A Pending CN111371725A (en) | 2018-12-25 | 2018-12-25 | Method for improving security of session mechanism, terminal equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111371725A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111814130A (en) * | 2020-07-06 | 2020-10-23 | 新华智云科技有限公司 | Single sign-on method and system |
CN112929378A (en) * | 2021-02-19 | 2021-06-08 | 广东云智安信科技有限公司 | Cross-domain single-point login service saving and acquiring method, system, device and medium |
CN113139169A (en) * | 2021-04-23 | 2021-07-20 | 上海中通吉网络技术有限公司 | Non-invasive authority control system |
CN113938323A (en) * | 2021-12-16 | 2022-01-14 | 深圳竹云科技有限公司 | JWT (Java virtual machine-based) based replay attack prevention method, device, equipment and storage medium |
CN114499907A (en) * | 2020-11-13 | 2022-05-13 | 中盈优创资讯科技有限公司 | Method and device for realizing Session pooling of network equipment protocol |
CN117103122A (en) * | 2023-10-08 | 2023-11-24 | 宜兴市科兴光电材料有限公司 | Molybdenum sheet polishing detection conveying device and working method thereof |
WO2023241064A1 (en) * | 2022-06-14 | 2023-12-21 | 中兴通讯股份有限公司 | Service request processing method, electronic device, and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5884312A (en) * | 1997-02-28 | 1999-03-16 | Electronic Data Systems Corporation | System and method for securely accessing information from disparate data sources through a network |
US20150373015A1 (en) * | 2014-06-18 | 2015-12-24 | Ca, Inc. | Authentication and authorization using device-based validation |
WO2018036314A1 (en) * | 2016-08-22 | 2018-03-01 | 中兴通讯股份有限公司 | Single-sign-on authentication method and apparatus, and storage medium |
-
2018
- 2018-12-25 CN CN201811586749.3A patent/CN111371725A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5884312A (en) * | 1997-02-28 | 1999-03-16 | Electronic Data Systems Corporation | System and method for securely accessing information from disparate data sources through a network |
US20150373015A1 (en) * | 2014-06-18 | 2015-12-24 | Ca, Inc. | Authentication and authorization using device-based validation |
WO2018036314A1 (en) * | 2016-08-22 | 2018-03-01 | 中兴通讯股份有限公司 | Single-sign-on authentication method and apparatus, and storage medium |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111814130A (en) * | 2020-07-06 | 2020-10-23 | 新华智云科技有限公司 | Single sign-on method and system |
CN111814130B (en) * | 2020-07-06 | 2024-03-26 | 新华智云科技有限公司 | Single sign-on method and system |
CN114499907A (en) * | 2020-11-13 | 2022-05-13 | 中盈优创资讯科技有限公司 | Method and device for realizing Session pooling of network equipment protocol |
CN114499907B (en) * | 2020-11-13 | 2023-06-23 | 中盈优创资讯科技有限公司 | Method and device for realizing network equipment protocol Session pooling |
CN112929378A (en) * | 2021-02-19 | 2021-06-08 | 广东云智安信科技有限公司 | Cross-domain single-point login service saving and acquiring method, system, device and medium |
CN113139169A (en) * | 2021-04-23 | 2021-07-20 | 上海中通吉网络技术有限公司 | Non-invasive authority control system |
CN113938323A (en) * | 2021-12-16 | 2022-01-14 | 深圳竹云科技有限公司 | JWT (Java virtual machine-based) based replay attack prevention method, device, equipment and storage medium |
CN113938323B (en) * | 2021-12-16 | 2022-03-25 | 深圳竹云科技有限公司 | JWT (Java virtual machine-based) based replay attack prevention method, device, equipment and storage medium |
WO2023241064A1 (en) * | 2022-06-14 | 2023-12-21 | 中兴通讯股份有限公司 | Service request processing method, electronic device, and storage medium |
CN117103122A (en) * | 2023-10-08 | 2023-11-24 | 宜兴市科兴光电材料有限公司 | Molybdenum sheet polishing detection conveying device and working method thereof |
CN117103122B (en) * | 2023-10-08 | 2024-02-23 | 宜兴市科兴光电材料有限公司 | Molybdenum sheet polishing detection conveying device and working method thereof |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109309683B (en) | Token-based client identity authentication method and system | |
CN111371725A (en) | Method for improving security of session mechanism, terminal equipment and storage medium | |
US10187797B2 (en) | Code-based authorization of mobile device | |
US8478998B2 (en) | Authenticated communication using a shared unpredictable secret | |
CN107948204B (en) | One-key login method and system, related equipment and computer readable storage medium | |
KR102313859B1 (en) | Authority transfer system, control method therefor, and client | |
CN102201915B (en) | Terminal authentication method and device based on single sign-on | |
CN109815656A (en) | Login authentication method, device, equipment and computer readable storage medium | |
US20160381001A1 (en) | Method and apparatus for identity authentication between systems | |
CN106161348B (en) | Single sign-on method, system and terminal | |
CN110266642A (en) | Identity identifying method and server, electronic equipment | |
US20160241536A1 (en) | System and methods for user authentication across multiple domains | |
CN106161475B (en) | Method and device for realizing user authentication | |
CN112711759A (en) | Method and system for preventing replay attack vulnerability security protection | |
CN111355713A (en) | Proxy access method, device, proxy gateway and readable storage medium | |
CN114301617A (en) | Identity authentication method and device for multi-cloud application gateway, computer equipment and medium | |
CN112600674A (en) | User security authentication method and device for front-end and back-end separation system and storage medium | |
CN112883357A (en) | Stateless login authentication method and device | |
CN114553480B (en) | Cross-domain single sign-on method and device, electronic equipment and readable storage medium | |
US8832812B1 (en) | Methods and apparatus for authenticating a user multiple times during a session | |
CN111614458A (en) | Method, system and storage medium for generating gateway JWT | |
CN112929388B (en) | Network identity cross-device application rapid authentication method and system, and user agent device | |
EP3036674B1 (en) | Proof of possession for web browser cookie based security tokens | |
CN107590662B (en) | Authentication method for calling online bank system, authentication server and system | |
CN107483466B (en) | User login verification method and device in Web application |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20200703 |