CN112260841A - Controllable authentication method and system based on token technology in integral system - Google Patents
Controllable authentication method and system based on token technology in integral system Download PDFInfo
- Publication number
- CN112260841A CN112260841A CN202011148814.1A CN202011148814A CN112260841A CN 112260841 A CN112260841 A CN 112260841A CN 202011148814 A CN202011148814 A CN 202011148814A CN 112260841 A CN112260841 A CN 112260841A
- Authority
- CN
- China
- Prior art keywords
- token
- module
- service
- service system
- setting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 238000012795 verification Methods 0.000 claims description 19
- 238000012217 deletion Methods 0.000 claims description 6
- 230000037430 deletion Effects 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 6
- 239000000284 extract Substances 0.000 claims description 3
- 238000000605 extraction Methods 0.000 claims description 3
- 230000005055 memory storage Effects 0.000 claims description 3
- 238000010200 validation analysis Methods 0.000 claims description 2
- 235000014510 cooky Nutrition 0.000 description 8
- 238000010586 diagram Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The token service system is constructed by facing to a point service system and comprises a token accepting module, a token distributing module, a token verifying module, a token storing module and a token managing module. The token management module is used for different encryption modes set for different service types, token hierarchical storage, token timeliness management and the like, so that the service system can provide safe, controllable and efficient authentication service when accessing a token and verifying service. The system comprises a token accepting module, a token distributing module, a token verifying module, a token storing module, a token managing module and a main business process.
Description
Technical Field
The invention relates to the technical field of internet, in particular to a token technology-based controllable authentication method and system in a scoring system.
Background
With the rapid development of internet technology, internet services have been fully and mature applied. For better service users, most internet services use authentication technology and service facing to user terminals. Common user authentication techniques include cookie, session, token techniques, and the like. The cookie is generated by the server and sent to the browser, the browser stores the cookie in a text file in a certain directory in a K-V mode, and the cookie is sent to the server when the same website is requested next time. Since cookies exist on the client side, the browser adds some limitations to ensure that cookies cannot be used maliciously and do not occupy too much disk space, so the number of cookies per domain is limited, cannot cross domains, and is more limited. The session is that the server uses the session to temporarily store the information of the user on the server, and the session is destroyed after the user leaves the website. The user information storage mode is safer compared with the cookie, and if the web servers are in load balance, the session is lost when the next operation request arrives at another server. And each time the authenticated user initiates a request, the server needs to create a record to store the information. The memory overhead is also increasing as more and more users make requests. token technology has been used in recent years due to its advantages of being stateless, extensible, supporting cross-domain services, being compatible with multiple browsers, etc. However, for different levels of service access, token encryption management, token storage management, and the like are weak. Therefore, in the scoring system, a token technology-based controllable authentication method and a token technology-based controllable authentication system can be invented, so that the token technology can be safely and effectively used, and meanwhile, tokens can be managed and controlled according to needs and operated efficiently.
Disclosure of Invention
The invention provides a token technology-based controllable authentication method and system in an integral system. The token service system is constructed by facing to a point service system and comprises a token accepting module, a token distributing module, a token verifying module, a token storing module and a token managing module. The token management module is used for different encryption modes set for different service types, token hierarchical storage, token timeliness management and the like, so that the service system can provide safe, controllable and efficient authentication service when accessing a token and verifying service. The system comprises a token accepting module, a token distributing module, a token verifying module, a token storing module, a token managing module and a main business process.
1. A token acceptance module: and the service-oriented system provides unified token request and token authentication access service. And the acceptance module flexibly calls the internal module according to different request parameters sent by the service system.
2. token distribution module: and the token accepting module calls the token distributing module to process when judging that the service system needs to generate the token for the first time. the token distribution module sets a corresponding encryption mode according to the service type and the token management module, and after the token is generated, the token is stored in the token storage module and is returned to the service system through the token acceptance module.
3. token verification module: the token processing module is responsible for verifying the token when the service system requests authentication each time, and is cooperated with the token storage module to complete token extraction and verification, and the verification result is returned to the service system through the token accepting module.
4. token storage module: providing independent token real-time read-write service, receiving new token data write of a token distribution module, and reading of a token verification module; according to the setting of the token management module, tokens of different service levels are stored in a grading way, and overdue tokens are deleted logically or physically, etc.
5. token management module: and the system is responsible for managing a generation mechanism, a storage mechanism and the like of the global token. The method comprises the steps of setting different token encryption modes according to different service levels (for example, setting a high-level encryption mode for services with high security requirements such as payment verification), performing hierarchical storage setting on tokens of different service levels (for example, performing memory storage on high-concurrent tokens, and the like), and performing logical or physical deletion setting on overdue tokens, and the like.
6. The main business process is as follows: 1) firstly, a token management module completes management setting of a global token, including setting different token encryption modes for different service levels, performing hierarchical storage setting on tokens of different service levels, and performing logic or physical deletion setting on an overdue token; 2) the service system carries an authentication parameter request token accepting module; 3) the acceptance module acquires service system information and calls the token distribution module to process the service system information; 4) the token distribution module generates a token according to the setting requirement, sends the token to the token storage module for storage, and returns the token to the service system through the token acceptance module; 5) the service system carries a token request token accepting module and calls a token verifying module to carry out verification processing; 6) the token verification module extracts token information from the token storage module and checks the token information, and returns a check result to the service system through the token acceptance module.
Drawings
Fig. 1 is a structure diagram of a controllable authentication method and system based on token technology in an integral system.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, in an embodiment of the present invention, a token-technology-based controllable authentication method and a system structure diagram in a scoring system include a token accepting module (1), a token distributing module (2), a token verifying module (3), a token storing module (4), a token managing module (5), a main service process, and a main service process.
1. token acceptance module (1): and the service-oriented system provides unified token request and token authentication access service. And the acceptance module flexibly calls the internal module according to different request parameters sent by the service system. the step of receiving the authentication parameters sent by the service system by the token acceptance module comprises the following steps:
authentication parameters | Service ID | Account | Cipher code | token |
Description of the parameters | Globally unique |
Description of the drawings: the service ID needs to be globally unique, so that the token distribution module can conveniently acquire a corresponding encryption mode. The account and the password are set according to the service, the token and the account/password do not exist simultaneously, and account password parameters need to be provided when the token does not exist, so that the initial authentication is represented.
2. token distribution module (2): and the token accepting module calls the token distributing module to process when judging that the service system needs to generate the token for the first time. the token distribution module sets a corresponding encryption mode according to the service type and the token management module, and after the token is generated, the token is stored in the token storage module and is returned to the service system through the token acceptance module. the token distribution module generates the key mechanism setting as follows:
control parameter | Service ID | Encryption method | token value | Level of security |
Description of the parameters | Globally unique | MD5 and the like | A |
Description of the drawings: the encryption mode corresponds to the security level, usually, the encryption mode with a higher level needs to be set when paying high security requirements, and the specific requirements are set according to business requirements.
3. token validation module (3): the token processing module is responsible for verifying the token when the service system requests authentication each time, and is cooperated with the token storage module to complete token extraction and verification, and the verification result is returned to the service system through the token accepting module.
4. token storage module (4): providing independent token real-time read-write service, receiving new token data write of a token distribution module, and reading of a token verification module; according to the setting of the token management module, tokens of different service levels are stored in a grading way, and overdue tokens are deleted logically or physically, etc.
5. token management module (5): and the system is responsible for managing a generation mechanism, a storage mechanism and the like of the global token. The method comprises the steps of setting different token encryption modes according to different service levels (for example, setting a high-level encryption mode for services with high security requirements such as payment verification), performing hierarchical storage setting on tokens of different service levels (for example, performing memory storage on high-concurrent tokens, and the like), and performing logical or physical deletion setting on overdue tokens, and the like.
6. The main business process is as follows: 1) firstly, a token management module (5) completes management setting of the global token, including setting different token encryption modes for different service levels, performing hierarchical storage setting on the tokens of different service levels, and performing logic or physical deletion setting on an expired token; 2) the service system carries an authentication parameter request token accepting module (1); 3) the token accepting module (1) acquires service system information and calls the token distributing module (2) to process; 4) the token distribution module (2) generates a token according to the setting requirement, sends the token to the token storage module (4) for storage, and returns the token to the service system through the token acceptance module (1); 5) the service system carries a token request token accepting module (1) and calls a token verifying module (3) to carry out verification processing; 6) the token verification module (3) extracts token information from the token storage module (4) and checks the token information, and returns a check result to the service system through the token acceptance module (1).
Claims (9)
1. A token technology-based controllable authentication method and system in an integral system are characterized by comprising the following steps: the token service system is constructed by facing to a point service system and comprises a token accepting module, a token distributing module, a token verifying module, a token storing module and a token managing module.
2. The token management module is used for different encryption modes set for different service types, token hierarchical storage, token timeliness management and the like, so that the service system can provide safe, controllable and efficient authentication service when accessing a token and verifying service.
3. The system comprises a token accepting module, a token distributing module, a token verifying module, a token storing module, a token managing module and a main business process.
4. The method of claim 1, wherein the token acceptance module: the service-oriented system provides a unified token request and a token authentication access service; and the acceptance module flexibly calls the internal module according to different request parameters sent by the service system.
5. The method of claim 1, wherein the token distribution module: the token accepting module calls the token distributing module to process when judging that the service system needs to generate the token for the first time; the token distribution module sets a corresponding encryption mode according to the service type and the token management module, and after the token is generated, the token is stored in the token storage module and is returned to the service system through the token acceptance module.
6. The method of claim 1, wherein the token validation module: the token processing module is responsible for verifying the token when the service system requests authentication each time, and is cooperated with the token storage module to complete token extraction and verification, and the verification result is returned to the service system through the token accepting module.
7. The method of claim 1, wherein the token storage module: providing independent token real-time read-write service, receiving new token data write of a token distribution module, and reading of a token verification module; according to the setting of the token management module, tokens of different service levels are stored in a grading way, and overdue tokens are deleted logically or physically, etc.
8. The method of claim 1, wherein the token management module: the system is responsible for managing a generation mechanism, a storage mechanism and the like of the global token; the method comprises the steps of setting different token encryption modes according to different service levels (for example, setting a high-level encryption mode for services with high security requirements such as payment verification), performing hierarchical storage setting on tokens of different service levels (for example, performing memory storage on high-concurrent tokens, and the like), and performing logical or physical deletion setting on overdue tokens, and the like.
9. The method of claim 1, wherein the main business process is: 1) firstly, a token management module completes management setting of a global token, including setting different token encryption modes for different service levels, performing hierarchical storage setting on tokens of different service levels, and performing logic or physical deletion setting on an overdue token; 2) the service system carries an authentication parameter request token accepting module; 3) the acceptance module acquires service system information and calls the token distribution module to process the service system information; 4) the token distribution module generates a token according to the setting requirement, sends the token to the token storage module for storage, and returns the token to the service system through the token acceptance module; 5) the service system carries a token request token accepting module and calls a token verifying module to carry out verification processing; 6) the token verification module extracts token information from the token storage module and checks the token information, and returns a check result to the service system through the token acceptance module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011148814.1A CN112260841A (en) | 2020-10-23 | 2020-10-23 | Controllable authentication method and system based on token technology in integral system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011148814.1A CN112260841A (en) | 2020-10-23 | 2020-10-23 | Controllable authentication method and system based on token technology in integral system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112260841A true CN112260841A (en) | 2021-01-22 |
Family
ID=74261053
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011148814.1A Pending CN112260841A (en) | 2020-10-23 | 2020-10-23 | Controllable authentication method and system based on token technology in integral system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112260841A (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110708281A (en) * | 2019-08-26 | 2020-01-17 | 上海商米科技集团股份有限公司 | Service request processing method and device |
CN111669386A (en) * | 2020-05-29 | 2020-09-15 | 武汉理工大学 | Access control method and device based on token and supporting object attribute |
-
2020
- 2020-10-23 CN CN202011148814.1A patent/CN112260841A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110708281A (en) * | 2019-08-26 | 2020-01-17 | 上海商米科技集团股份有限公司 | Service request processing method and device |
CN111669386A (en) * | 2020-05-29 | 2020-09-15 | 武汉理工大学 | Access control method and device based on token and supporting object attribute |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU2019206006B2 (en) | System and method for biometric protocol standards | |
US10454918B1 (en) | Method for SSO service using PKI based on blockchain networks, and device and server using the same | |
CN108701145B (en) | System and method for digital identity management and admissions control in distributed network node | |
KR102414732B1 (en) | Method for managing Digital Identity based on Blockchain | |
US11757641B2 (en) | Decentralized data authentication | |
KR102237014B1 (en) | System and method for blockchain-based authentication | |
CN101310286B (en) | Improved single sign on | |
US20180039770A1 (en) | Multi-Factor Profile and Security Fingerprint Analysis | |
US7861287B2 (en) | System and method for utilizing audit information for challenge/response during a password reset process | |
KR102236341B1 (en) | System and method for blockchain-based data management | |
CN107277049B (en) | Access method and device of application system | |
CN108920494A (en) | Isolation access method, server-side and the storage medium of multi-tenant database | |
US9037849B2 (en) | System and method for managing network access based on a history of a certificate | |
CN108632241B (en) | Unified login method and device for multiple application systems | |
CN101208702A (en) | Architecture for computer-implemented authentication and authorization | |
CN105978855B (en) | Personal information safety protection system and method under a kind of system of real name | |
CN101827101A (en) | Information asset protection method based on credible isolated operating environment | |
CN109495486B (en) | Single-page Web application integration CAS method based on JWT | |
CN105812350A (en) | Cross-platform single-point registration system | |
US20080163191A1 (en) | System and method for file transfer management | |
CN110086813A (en) | Access right control method and device | |
CN112511316A (en) | Single sign-on access method and device, computer equipment and readable storage medium | |
US8386775B2 (en) | Tolerant key verification method | |
CN106529216B (en) | Software authorization system and software authorization method based on public storage platform | |
US20210133301A1 (en) | System and Method for Enhancing IT System Access Security with Smart Cloud Service |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 200060 5th floor, 1207 Jiangning Road, Putuo District, Shanghai Applicant after: Yijifen (Shanghai) Digital Technology Co.,Ltd. Address before: 200060 5th floor, 1207 Jiangning Road, Putuo District, Shanghai Applicant before: Yijifen e-commerce (Shanghai) Co.,Ltd. |
|
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |