CN112671707A - Multi-factor fusion authentication identity recognition model based on JWT (just-in-the-word) - Google Patents
Multi-factor fusion authentication identity recognition model based on JWT (just-in-the-word) Download PDFInfo
- Publication number
- CN112671707A CN112671707A CN202011337979.3A CN202011337979A CN112671707A CN 112671707 A CN112671707 A CN 112671707A CN 202011337979 A CN202011337979 A CN 202011337979A CN 112671707 A CN112671707 A CN 112671707A
- Authority
- CN
- China
- Prior art keywords
- authentication
- context
- jwt
- model
- constructing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000004927 fusion Effects 0.000 title claims abstract description 10
- 238000012795 verification Methods 0.000 claims abstract description 17
- 230000004044 response Effects 0.000 claims abstract description 4
- 238000013507 mapping Methods 0.000 claims description 11
- 238000000034 method Methods 0.000 claims description 6
- 238000006243 chemical reaction Methods 0.000 claims description 3
- 238000004140 cleaning Methods 0.000 claims description 3
- 238000010276 construction Methods 0.000 claims description 3
- 239000013589 supplement Substances 0.000 claims description 3
- 239000002131 composite material Substances 0.000 abstract description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000003032 molecular docking Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001502 supplementing effect Effects 0.000 description 1
Images
Landscapes
- Telephonic Communication Services (AREA)
Abstract
The invention provides a JWT-based multi-factor fusion authentication identity recognition model, which comprises the following steps: s1, constructing an authentication Context according to the request information and the service call; s2, according to the Context of the authentication, adapting the most suitable authentication model of the current request; s3, selecting corresponding authentication model service according to the adapted authentication model, and executing authentication operation; s4, if the authentication is successful, analyzing the authentication Context again, and matching whether an enhanced authentication element exists or not to increase the authentication security; s5, if the enhanced verification requirement exists, extracting the enhanced authentication element and constructing a new request Context; s6, repeating the steps S2-S5 until all the authentication elements are verified; and S7, if all the authentication elements pass the verification, constructing an authentication response according to the JWT standard protocol. The JWT-based multi-factor fusion authentication identity recognition model achieves the purposes of shielding the difference of various authentication modes and has the capability of diversified composite authentication models by constructing a unified authentication model.
Description
Technical Field
The invention belongs to the technical field of software identity verification, and particularly relates to a JWT-based multi-factor fusion authentication identity recognition model.
Background
In a software scene, user management is almost indispensable, and the traditional application can meet the authentication requirement on the basis of password pair verification. Under the scenes of the internet and the emerging internet of things, terminal equipment is diversified, and authentication requirements are also diversified. And a unified authentication model is constructed, so that the rapid docking multi-scenario authentication application is facilitated. The method and the device finish a multi-scenario multi-factor unified authentication model by means of JWT standards, shield a complex authentication scenario at the rear end, and integrate an enhanced authentication model.
Disclosure of Invention
In view of this, the present invention is directed to provide a JWT-based multi-factor fusion authentication identity recognition model to complete a multi-scenario multi-factor unified authentication model, shield a complicated authentication scenario at the back end, and integrate an enhanced authentication model.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
a JWT-based multi-factor fusion authentication identity recognition model comprises the following steps:
s1, constructing an authentication Context according to the request information and the service call;
s2, according to the Context of the authentication, adapting the most suitable authentication model of the current request;
s3, selecting corresponding authentication model service according to the adapted authentication model, and executing authentication operation;
s4, if the authentication is successful, analyzing the authentication Context again, and matching whether an enhanced authentication element exists or not to increase the authentication security; if the authentication is unsuccessful, interrupting the authentication;
s5, if the enhanced verification requirement exists, extracting the enhanced authentication element and constructing a new request Context;
s6, repeating the steps S2-S5 until all the authentication elements are verified;
and S7, if all the authentication elements pass the verification, constructing an authentication response according to the JWT standard protocol.
Further, the specific implementation method of step S1 is as follows:
context encapsulates the parameters, URL, source channel and formulated protocol of the current request;
according to the authentication rule configured by the source channel in the unified authentication service center, completing the conversion and cleaning operations of parameter name mapping, parameter path mapping and request default value supplement parameter values; the step of following the request information is combined with the configuration information of the access system in the unified authentication service center to complete the construction of the standard authentication Context.
Further, the parameter name mapping method comprises the following steps: the request parameter is userName, the built-in standard parameter name is name, and the userName is converted into the name through mapping operation.
Compared with the prior art, the JWT-based multi-factor fusion authentication identity recognition model has the following advantages:
the invention shields the difference of various authentication modes by constructing the uniform authentication model, has the capability of various composite authentication models, and has the following advantages: the method is simple and easy to use, provides a uniform authentication API to the outside, and shields and adjusts the difference of multiple authentication modes; the flexible enhanced authentication mode is realized, and various authentication modes are combined at will; flexible third party authentication access, and organized access definition; and the multithreading asynchronous mode has the advantages of high execution efficiency and the like.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
FIG. 1 is a flow chart of identity authentication according to the present invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
Although the current unified authentication provides a plurality of authentication scenes, flexible and efficient multi-factor enhanced authentication, particularly a dynamic switching verification mode, is lacked. Such as a user/password combination random code, dynamic password. Or dynamically switching the authentication password according to the risk level in the financial transaction mode, or adding the verification again. The invention fully meets the scenes, is flexible and convenient, and has high execution efficiency.
The invention constructs a unified authentication model by abstracting common attributes and behaviors of various authentication modes such as a user/password, a short message, a mailbox, a human face, a biological fingerprint, an equipment position, a voiceprint, a secret key, a CA certificate, a two-dimensional code, a WeChat, a nail, an LADP, an OAUTH2, a CAS and the like, so that the invention can shield the difference of various authentication modes and has the capability of diversified composite authentication models.
As shown in fig. 1, when an authentication request is received:
1. constructing an authentication Context according to the request information and service call, wherein the Context encapsulates current request parameters, URLs, source channels and formulated protocols; and according to the authentication rule configured in the unified authentication service center by the source channel, completing parameter name mapping (if the request parameter is userName, the built-in standard parameter name is name, the userName is converted into the name through mapping operation), parameter path mapping, request default value supplement and other parameter value conversion cleaning operations. The step of following the request information is combined with the configuration information of the access system in the unified authentication service center to complete the construction of the standard authentication Context.
2. And according to the authentication Context constructed in the first step, adapting the most suitable authentication model of the current request. If the request parameter contains the mobile phone number, the short message code verification model is preferred, and if the biological feature information such as the face exists, the face recognition verification model is selected.
3. And selecting the corresponding authentication model service according to the adapted authentication model, and executing authentication operation. If the authentication service fails, the authentication is interrupted.
4. If the authentication is successful, analyzing the authentication Context again, and matching whether enhanced authentication elements exist, if the current request is the preferred short message code authentication, but the password needs to be input again for model verification so as to increase the authentication security, then the enhanced authentication needs to be executed. Whether the enhanced authentication is needed or not can be that a certain URL is specified in the unified authentication service to be enhanced; or configuring a rule, and supplementing and enhancing authentication when triggering the rule, for example, logging in a user U at a working day when a device A of the mobile phone logs in, and if logging in the user U at a morning on a certain day, requesting the user U to perform password verification again when the user U logs in the device A regularly.
5. And if the enhanced verification requirement exists, extracting the enhanced authentication elements and constructing a new request context.
6. And circulating 2-6 until the authentication elements completely execute verification.
7. And if all the elements pass the verification, constructing an authentication response according to a JWT standard protocol.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the present invention, and they should be construed as being included in the following claims and description.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (3)
1. A JWT-based multi-factor fusion authentication identity recognition model is characterized by comprising the following steps:
s1, constructing an authentication Context according to the request information and the service call;
s2, according to the Context of the authentication, adapting the most suitable authentication model of the current request;
s3, selecting corresponding authentication model service according to the adapted authentication model, and executing authentication operation;
s4, if the authentication is successful, analyzing the authentication Context again, and matching whether an enhanced authentication element exists or not to increase the authentication security; if the authentication is unsuccessful, interrupting the authentication;
s5, if the enhanced verification requirement exists, extracting the enhanced authentication element and constructing a new request Context;
s6, repeating the steps S2-S5 until all the authentication elements are verified;
and S7, if all the authentication elements pass the verification, constructing an authentication response according to the JWT standard protocol.
2. The JWT-based multi-factor fusion authentication identity recognition model of claim 1, wherein the specific implementation method of step S1 is as follows:
context encapsulates the parameters, URL, source channel and formulated protocol of the current request;
according to the authentication rule configured by the source channel in the unified authentication service center, completing the conversion and cleaning operations of parameter name mapping, parameter path mapping and request default value supplement parameter values; the step of following the request information is combined with the configuration information of the access system in the unified authentication service center to complete the construction of the standard authentication Context.
3. The JWT-based multi-factor converged authentication identity recognition model of claim 2, wherein: the parameter name mapping method comprises the following steps: the request parameter is userName, the built-in standard parameter name is name, and the userName is converted into the name through mapping operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011337979.3A CN112671707A (en) | 2020-11-25 | 2020-11-25 | Multi-factor fusion authentication identity recognition model based on JWT (just-in-the-word) |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011337979.3A CN112671707A (en) | 2020-11-25 | 2020-11-25 | Multi-factor fusion authentication identity recognition model based on JWT (just-in-the-word) |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112671707A true CN112671707A (en) | 2021-04-16 |
Family
ID=75402919
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011337979.3A Pending CN112671707A (en) | 2020-11-25 | 2020-11-25 | Multi-factor fusion authentication identity recognition model based on JWT (just-in-the-word) |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112671707A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117040927A (en) * | 2023-10-08 | 2023-11-10 | 深圳奥联信息安全技术有限公司 | Password service monitoring system and method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107172084A (en) * | 2017-06-30 | 2017-09-15 | 广州三星通信技术研究有限公司 | A kind of method and apparatus of authentication |
| CN108055137A (en) * | 2017-12-25 | 2018-05-18 | 山东渔翁信息技术股份有限公司 | Identity identifying method and device |
| CN109274683A (en) * | 2018-10-30 | 2019-01-25 | 国网安徽省电力有限公司信息通信分公司 | A kind of combined crosswise Verification System and its authentication method |
| CN109450959A (en) * | 2019-01-08 | 2019-03-08 | 四川九洲电器集团有限责任公司 | A kind of multiple-factor identity identifying method based on threat level |
| CN110769009A (en) * | 2019-12-29 | 2020-02-07 | 深圳竹云科技有限公司 | User identity authentication method and system |
-
2020
- 2020-11-25 CN CN202011337979.3A patent/CN112671707A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107172084A (en) * | 2017-06-30 | 2017-09-15 | 广州三星通信技术研究有限公司 | A kind of method and apparatus of authentication |
| CN108055137A (en) * | 2017-12-25 | 2018-05-18 | 山东渔翁信息技术股份有限公司 | Identity identifying method and device |
| CN109274683A (en) * | 2018-10-30 | 2019-01-25 | 国网安徽省电力有限公司信息通信分公司 | A kind of combined crosswise Verification System and its authentication method |
| CN109450959A (en) * | 2019-01-08 | 2019-03-08 | 四川九洲电器集团有限责任公司 | A kind of multiple-factor identity identifying method based on threat level |
| CN110769009A (en) * | 2019-12-29 | 2020-02-07 | 深圳竹云科技有限公司 | User identity authentication method and system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117040927A (en) * | 2023-10-08 | 2023-11-10 | 深圳奥联信息安全技术有限公司 | Password service monitoring system and method |
| CN117040927B (en) * | 2023-10-08 | 2024-02-06 | 深圳奥联信息安全技术有限公司 | Password service monitoring system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11937081B2 (en) | Quorum-based secure authentication | |
| US10798081B2 (en) | Method, apparatus, and system for providing a security check | |
| CN103402203A (en) | Biological recognition-based rapid access method and device | |
| CN109815666B (en) | Identity authentication method and device based on FIDO protocol, storage medium and electronic equipment | |
| CA2384066C (en) | Remote assembly of messages for distributed applications | |
| CN112671707A (en) | Multi-factor fusion authentication identity recognition model based on JWT (just-in-the-word) | |
| WO2015179640A1 (en) | Method, apparatus, and system for providing a security check | |
| CN102255904A (en) | Communication network and terminal authentication method thereof | |
| CN108024241A (en) | Terminal accessing authentication method, system and authentication server | |
| WO2017054110A1 (en) | User identity authentication method and device | |
| CN106936686A (en) | A kind of immediate communication platform for supporting safety moving to handle official business | |
| CN103841125A (en) | Heath data sharing method and system | |
| CN109919603A (en) | Generation method, system, mobile device and the server of virtual radiofiequency card | |
| CN106537962A (en) | Method, device, and equipment for wireless network configuration, access, and visit | |
| WO2023029476A1 (en) | Method for determining account information when user is in non-login state, and system | |
| EP1540914B1 (en) | Method for requesting user access to an application | |
| WO2012041781A1 (en) | Fraud prevention system and method using unstructured supplementary service data (ussd) | |
| CN112492599A (en) | Terminal control method, system, electronic device and storage medium | |
| CN105915696B (en) | A kind of communication connection method for building up and terminal | |
| KR102639787B1 (en) | System of multi-connection module in application and method performing the same | |
| CN116015747B (en) | Safety authentication system and method for end-to-end encryption chat of edge computing equipment | |
| CN112423249B (en) | User short message sending method, device and system | |
| CN109587165B (en) | User authentication method based on IP address | |
| CN102131191A (en) | Method, authentication server, terminal and system for realizing key mapping | |
| Guiga et al. | Privacy Aura for Transparent Authentication on Multiple Smart Devices. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210416 |