CN112260841A - Controllable authentication method and system based on token technology in integral system - Google Patents

Controllable authentication method and system based on token technology in integral system Download PDF

Info

Publication number
CN112260841A
CN112260841A CN202011148814.1A CN202011148814A CN112260841A CN 112260841 A CN112260841 A CN 112260841A CN 202011148814 A CN202011148814 A CN 202011148814A CN 112260841 A CN112260841 A CN 112260841A
Authority
CN
China
Prior art keywords
token
module
service
service system
setting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011148814.1A
Other languages
Chinese (zh)
Inventor
单文杰
田彬
金文钦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yijifen eCommerce Co Ltd
Original Assignee
Yijifen eCommerce Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yijifen eCommerce Co Ltd filed Critical Yijifen eCommerce Co Ltd
Priority to CN202011148814.1A priority Critical patent/CN112260841A/en
Publication of CN112260841A publication Critical patent/CN112260841A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The token service system is constructed by facing to a point service system and comprises a token accepting module, a token distributing module, a token verifying module, a token storing module and a token managing module. The token management module is used for different encryption modes set for different service types, token hierarchical storage, token timeliness management and the like, so that the service system can provide safe, controllable and efficient authentication service when accessing a token and verifying service. The system comprises a token accepting module, a token distributing module, a token verifying module, a token storing module, a token managing module and a main business process.

Description

Controllable authentication method and system based on token technology in integral system
Technical Field
The invention relates to the technical field of internet, in particular to a token technology-based controllable authentication method and system in a scoring system.
Background
With the rapid development of internet technology, internet services have been fully and mature applied. For better service users, most internet services use authentication technology and service facing to user terminals. Common user authentication techniques include cookie, session, token techniques, and the like. The cookie is generated by the server and sent to the browser, the browser stores the cookie in a text file in a certain directory in a K-V mode, and the cookie is sent to the server when the same website is requested next time. Since cookies exist on the client side, the browser adds some limitations to ensure that cookies cannot be used maliciously and do not occupy too much disk space, so the number of cookies per domain is limited, cannot cross domains, and is more limited. The session is that the server uses the session to temporarily store the information of the user on the server, and the session is destroyed after the user leaves the website. The user information storage mode is safer compared with the cookie, and if the web servers are in load balance, the session is lost when the next operation request arrives at another server. And each time the authenticated user initiates a request, the server needs to create a record to store the information. The memory overhead is also increasing as more and more users make requests. token technology has been used in recent years due to its advantages of being stateless, extensible, supporting cross-domain services, being compatible with multiple browsers, etc. However, for different levels of service access, token encryption management, token storage management, and the like are weak. Therefore, in the scoring system, a token technology-based controllable authentication method and a token technology-based controllable authentication system can be invented, so that the token technology can be safely and effectively used, and meanwhile, tokens can be managed and controlled according to needs and operated efficiently.
Disclosure of Invention
The invention provides a token technology-based controllable authentication method and system in an integral system. The token service system is constructed by facing to a point service system and comprises a token accepting module, a token distributing module, a token verifying module, a token storing module and a token managing module. The token management module is used for different encryption modes set for different service types, token hierarchical storage, token timeliness management and the like, so that the service system can provide safe, controllable and efficient authentication service when accessing a token and verifying service. The system comprises a token accepting module, a token distributing module, a token verifying module, a token storing module, a token managing module and a main business process.
1. A token acceptance module: and the service-oriented system provides unified token request and token authentication access service. And the acceptance module flexibly calls the internal module according to different request parameters sent by the service system.
2. token distribution module: and the token accepting module calls the token distributing module to process when judging that the service system needs to generate the token for the first time. the token distribution module sets a corresponding encryption mode according to the service type and the token management module, and after the token is generated, the token is stored in the token storage module and is returned to the service system through the token acceptance module.
3. token verification module: the token processing module is responsible for verifying the token when the service system requests authentication each time, and is cooperated with the token storage module to complete token extraction and verification, and the verification result is returned to the service system through the token accepting module.
4. token storage module: providing independent token real-time read-write service, receiving new token data write of a token distribution module, and reading of a token verification module; according to the setting of the token management module, tokens of different service levels are stored in a grading way, and overdue tokens are deleted logically or physically, etc.
5. token management module: and the system is responsible for managing a generation mechanism, a storage mechanism and the like of the global token. The method comprises the steps of setting different token encryption modes according to different service levels (for example, setting a high-level encryption mode for services with high security requirements such as payment verification), performing hierarchical storage setting on tokens of different service levels (for example, performing memory storage on high-concurrent tokens, and the like), and performing logical or physical deletion setting on overdue tokens, and the like.
6. The main business process is as follows: 1) firstly, a token management module completes management setting of a global token, including setting different token encryption modes for different service levels, performing hierarchical storage setting on tokens of different service levels, and performing logic or physical deletion setting on an overdue token; 2) the service system carries an authentication parameter request token accepting module; 3) the acceptance module acquires service system information and calls the token distribution module to process the service system information; 4) the token distribution module generates a token according to the setting requirement, sends the token to the token storage module for storage, and returns the token to the service system through the token acceptance module; 5) the service system carries a token request token accepting module and calls a token verifying module to carry out verification processing; 6) the token verification module extracts token information from the token storage module and checks the token information, and returns a check result to the service system through the token acceptance module.
Drawings
Fig. 1 is a structure diagram of a controllable authentication method and system based on token technology in an integral system.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, in an embodiment of the present invention, a token-technology-based controllable authentication method and a system structure diagram in a scoring system include a token accepting module (1), a token distributing module (2), a token verifying module (3), a token storing module (4), a token managing module (5), a main service process, and a main service process.
1. token acceptance module (1): and the service-oriented system provides unified token request and token authentication access service. And the acceptance module flexibly calls the internal module according to different request parameters sent by the service system. the step of receiving the authentication parameters sent by the service system by the token acceptance module comprises the following steps:
authentication parameters Service ID Account Cipher code token
Description of the parameters Globally unique
Description of the drawings: the service ID needs to be globally unique, so that the token distribution module can conveniently acquire a corresponding encryption mode. The account and the password are set according to the service, the token and the account/password do not exist simultaneously, and account password parameters need to be provided when the token does not exist, so that the initial authentication is represented.
2. token distribution module (2): and the token accepting module calls the token distributing module to process when judging that the service system needs to generate the token for the first time. the token distribution module sets a corresponding encryption mode according to the service type and the token management module, and after the token is generated, the token is stored in the token storage module and is returned to the service system through the token acceptance module. the token distribution module generates the key mechanism setting as follows:
control parameter Service ID Encryption method token value Level of security
Description of the parameters Globally unique MD5 and the like A
Description of the drawings: the encryption mode corresponds to the security level, usually, the encryption mode with a higher level needs to be set when paying high security requirements, and the specific requirements are set according to business requirements.
3. token validation module (3): the token processing module is responsible for verifying the token when the service system requests authentication each time, and is cooperated with the token storage module to complete token extraction and verification, and the verification result is returned to the service system through the token accepting module.
4. token storage module (4): providing independent token real-time read-write service, receiving new token data write of a token distribution module, and reading of a token verification module; according to the setting of the token management module, tokens of different service levels are stored in a grading way, and overdue tokens are deleted logically or physically, etc.
5. token management module (5): and the system is responsible for managing a generation mechanism, a storage mechanism and the like of the global token. The method comprises the steps of setting different token encryption modes according to different service levels (for example, setting a high-level encryption mode for services with high security requirements such as payment verification), performing hierarchical storage setting on tokens of different service levels (for example, performing memory storage on high-concurrent tokens, and the like), and performing logical or physical deletion setting on overdue tokens, and the like.
6. The main business process is as follows: 1) firstly, a token management module (5) completes management setting of the global token, including setting different token encryption modes for different service levels, performing hierarchical storage setting on the tokens of different service levels, and performing logic or physical deletion setting on an expired token; 2) the service system carries an authentication parameter request token accepting module (1); 3) the token accepting module (1) acquires service system information and calls the token distributing module (2) to process; 4) the token distribution module (2) generates a token according to the setting requirement, sends the token to the token storage module (4) for storage, and returns the token to the service system through the token acceptance module (1); 5) the service system carries a token request token accepting module (1) and calls a token verifying module (3) to carry out verification processing; 6) the token verification module (3) extracts token information from the token storage module (4) and checks the token information, and returns a check result to the service system through the token acceptance module (1).

Claims (9)

1. A token technology-based controllable authentication method and system in an integral system are characterized by comprising the following steps: the token service system is constructed by facing to a point service system and comprises a token accepting module, a token distributing module, a token verifying module, a token storing module and a token managing module.
2. The token management module is used for different encryption modes set for different service types, token hierarchical storage, token timeliness management and the like, so that the service system can provide safe, controllable and efficient authentication service when accessing a token and verifying service.
3. The system comprises a token accepting module, a token distributing module, a token verifying module, a token storing module, a token managing module and a main business process.
4. The method of claim 1, wherein the token acceptance module: the service-oriented system provides a unified token request and a token authentication access service; and the acceptance module flexibly calls the internal module according to different request parameters sent by the service system.
5. The method of claim 1, wherein the token distribution module: the token accepting module calls the token distributing module to process when judging that the service system needs to generate the token for the first time; the token distribution module sets a corresponding encryption mode according to the service type and the token management module, and after the token is generated, the token is stored in the token storage module and is returned to the service system through the token acceptance module.
6. The method of claim 1, wherein the token validation module: the token processing module is responsible for verifying the token when the service system requests authentication each time, and is cooperated with the token storage module to complete token extraction and verification, and the verification result is returned to the service system through the token accepting module.
7. The method of claim 1, wherein the token storage module: providing independent token real-time read-write service, receiving new token data write of a token distribution module, and reading of a token verification module; according to the setting of the token management module, tokens of different service levels are stored in a grading way, and overdue tokens are deleted logically or physically, etc.
8. The method of claim 1, wherein the token management module: the system is responsible for managing a generation mechanism, a storage mechanism and the like of the global token; the method comprises the steps of setting different token encryption modes according to different service levels (for example, setting a high-level encryption mode for services with high security requirements such as payment verification), performing hierarchical storage setting on tokens of different service levels (for example, performing memory storage on high-concurrent tokens, and the like), and performing logical or physical deletion setting on overdue tokens, and the like.
9. The method of claim 1, wherein the main business process is: 1) firstly, a token management module completes management setting of a global token, including setting different token encryption modes for different service levels, performing hierarchical storage setting on tokens of different service levels, and performing logic or physical deletion setting on an overdue token; 2) the service system carries an authentication parameter request token accepting module; 3) the acceptance module acquires service system information and calls the token distribution module to process the service system information; 4) the token distribution module generates a token according to the setting requirement, sends the token to the token storage module for storage, and returns the token to the service system through the token acceptance module; 5) the service system carries a token request token accepting module and calls a token verifying module to carry out verification processing; 6) the token verification module extracts token information from the token storage module and checks the token information, and returns a check result to the service system through the token acceptance module.
CN202011148814.1A 2020-10-23 2020-10-23 Controllable authentication method and system based on token technology in integral system Pending CN112260841A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011148814.1A CN112260841A (en) 2020-10-23 2020-10-23 Controllable authentication method and system based on token technology in integral system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011148814.1A CN112260841A (en) 2020-10-23 2020-10-23 Controllable authentication method and system based on token technology in integral system

Publications (1)

Publication Number Publication Date
CN112260841A true CN112260841A (en) 2021-01-22

Family

ID=74261053

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011148814.1A Pending CN112260841A (en) 2020-10-23 2020-10-23 Controllable authentication method and system based on token technology in integral system

Country Status (1)

Country Link
CN (1) CN112260841A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110708281A (en) * 2019-08-26 2020-01-17 上海商米科技集团股份有限公司 Service request processing method and device
CN111669386A (en) * 2020-05-29 2020-09-15 武汉理工大学 Access control method and device based on token and supporting object attribute

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110708281A (en) * 2019-08-26 2020-01-17 上海商米科技集团股份有限公司 Service request processing method and device
CN111669386A (en) * 2020-05-29 2020-09-15 武汉理工大学 Access control method and device based on token and supporting object attribute

Similar Documents

Publication Publication Date Title
AU2019206006B2 (en) System and method for biometric protocol standards
US10454918B1 (en) Method for SSO service using PKI based on blockchain networks, and device and server using the same
CN108701145B (en) System and method for digital identity management and admissions control in distributed network node
KR102414732B1 (en) Method for managing Digital Identity based on Blockchain
US11757641B2 (en) Decentralized data authentication
KR102237014B1 (en) System and method for blockchain-based authentication
CN101310286B (en) Improved single sign on
US20180039770A1 (en) Multi-Factor Profile and Security Fingerprint Analysis
US7861287B2 (en) System and method for utilizing audit information for challenge/response during a password reset process
KR102236341B1 (en) System and method for blockchain-based data management
CN107277049B (en) Access method and device of application system
CN108920494A (en) Isolation access method, server-side and the storage medium of multi-tenant database
US9037849B2 (en) System and method for managing network access based on a history of a certificate
CN108632241B (en) Unified login method and device for multiple application systems
CN101208702A (en) Architecture for computer-implemented authentication and authorization
CN105978855B (en) Personal information safety protection system and method under a kind of system of real name
CN101827101A (en) Information asset protection method based on credible isolated operating environment
CN109495486B (en) Single-page Web application integration CAS method based on JWT
CN105812350A (en) Cross-platform single-point registration system
US20080163191A1 (en) System and method for file transfer management
CN110086813A (en) Access right control method and device
CN112511316A (en) Single sign-on access method and device, computer equipment and readable storage medium
US8386775B2 (en) Tolerant key verification method
CN106529216B (en) Software authorization system and software authorization method based on public storage platform
US20210133301A1 (en) System and Method for Enhancing IT System Access Security with Smart Cloud Service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 200060 5th floor, 1207 Jiangning Road, Putuo District, Shanghai

Applicant after: Yijifen (Shanghai) Digital Technology Co.,Ltd.

Address before: 200060 5th floor, 1207 Jiangning Road, Putuo District, Shanghai

Applicant before: Yijifen e-commerce (Shanghai) Co.,Ltd.

SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination