CN112929388B - Network identity cross-device application rapid authentication method and system, and user agent device - Google Patents

Network identity cross-device application rapid authentication method and system, and user agent device Download PDF

Info

Publication number
CN112929388B
CN112929388B CN202110259933.2A CN202110259933A CN112929388B CN 112929388 B CN112929388 B CN 112929388B CN 202110259933 A CN202110259933 A CN 202110259933A CN 112929388 B CN112929388 B CN 112929388B
Authority
CN
China
Prior art keywords
terminal extension
authentication
server
internet
authentication request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110259933.2A
Other languages
Chinese (zh)
Other versions
CN112929388A (en
Inventor
刘文印
吴泽楷
林禄滨
王凯
凡帅
戚宗城
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong University of Technology
Original Assignee
Guangdong University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong University of Technology filed Critical Guangdong University of Technology
Priority to CN202110259933.2A priority Critical patent/CN112929388B/en
Publication of CN112929388A publication Critical patent/CN112929388A/en
Application granted granted Critical
Publication of CN112929388B publication Critical patent/CN112929388B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a method and a system for quickly authenticating network identity by cross-device application and user agent equipment, which comprise the following steps: acquiring an internet surfing terminal extension identifier; sending an authentication request to a website server according to prestored target website identity information and registration information to acquire authentication request feedback information, or forwarding the target website identity information and the registration information through a trusted server agent/terminal extension server; and sending the authentication request feedback information or the target website identity information and the registration information to an internet terminal extension corresponding to the internet terminal extension identifier, so that the internet terminal extension sends an authentication request to a website server by using the authentication request feedback information or the target website identity information and the registration information to complete authentication operation. By adopting the technical scheme of the invention, the method is safer and more convenient, reduces operation steps, can send out a login command from the easy App for login, and realizes the opening of a webpage or application and the successful login of a related account on another computer or mobile phone.

Description

Network identity cross-device application rapid authentication method and system, and user agent device
Technical Field
The invention relates to the technical field of information security, in particular to a method and a system for quickly authenticating network identity by cross-device application and user agent equipment.
Background
With the expansion of the internet scale and the increase of the use demand of users, the development of network space brings convenience and rapidness to people and also brings new challenges to individuals, and the traditional network identity authentication management mechanism based on character type 'user name-password' becomes the current mainstream network identity authentication management mechanism due to the simple use, strong reliability, easy deployment and low cost.
Today, however, a single user needs to face a scenario of registering a network identity on multiple websites while managing multiple network identities, and thus may be exposed to a series of serious network security threats such as password fatigue, phishing, vault-bumping attacks, and the like.
For example, a user registers network identities on multiple websites, and different network identities need to set different user names and passwords to improve security. Therefore, the user needs to memorize a plurality of user names and passwords at the same time, so that the confusion of the user names and the passwords is easy to cause, and the user experience is very poor. This is the so-called "password fatigue" problem. And when a user wants to access a plurality of web applications simultaneously, a plurality of websites need to be opened simultaneously, and a corresponding user name and password are respectively input into each website, so that the process not only causes the problem of password fatigue, but also affects the working efficiency of the user.
For convenience, most users select the same or similar user name and share a password, which, while easy to remember, is less secure. Once an account is stolen, all accounts are at risk of being compromised. Hackers can illegally obtain a large amount of user network identity information by attempting to log in using the leaked identity information or a common password. This is a so-called "pool-hit" attack.
Therefore, how to improve the security and convenience of network identity authentication on the premise of avoiding the fatigue of passwords is a problem to be solved by those skilled in the art.
Disclosure of Invention
The invention aims to provide a method, a system and user agent equipment for quickly authenticating a network identity cross-equipment application, which are safer, more convenient and less in operation steps, can send a login command from a login easy App, and can open a webpage or an application and successfully log in a related account on another computer or a mobile phone.
In order to achieve the purpose, the invention adopts the following technical scheme:
a network identity cross-device application rapid authentication method comprises the following steps:
a user agent acquires an internet access terminal extension identifier;
sending an authentication request to a website server according to prestored target website identity information and registration information to acquire authentication request feedback information, or forwarding the target website identity information and the registration information through a trusted server agent/terminal extension server;
and sending the authentication request feedback information or the target website identity information and the registration information to an internet terminal extension corresponding to the internet terminal extension identifier, so that the internet terminal extension sends an authentication request to a website server by using the authentication request feedback information or the target website identity information and the registration information to complete authentication operation.
Preferably, the sending the authentication request feedback information to the internet access terminal extension corresponding to the internet access terminal extension identifier includes:
the user agent sends the identity information of the target website, the registration information and the internet access terminal extension identification to the trusted server agent;
the trusted server agent sends an authentication request to the website server according to prestored target website identity information and registration information to acquire authentication request feedback information;
and the trusted server agent sends the authentication request feedback information and the pre-stored authentication check callback address to the internet access terminal extension corresponding to the internet access terminal extension identifier, so that the internet access terminal extension sends an authentication request to the website server to complete authentication operation.
Preferably, the sending the authentication request feedback information to the internet access terminal extension corresponding to the internet access terminal extension identifier includes:
the user agent sends the target website identity information and the registration information to a website server to obtain authentication request feedback information;
and the user agent sends the authentication request feedback information to the internet access terminal extension corresponding to the internet access terminal extension identifier so that the internet access terminal extension sends an authentication request to the website server to complete authentication operation.
Preferably, the sending the identity information and the registration information of the target website to the internet access terminal extension corresponding to the internet access terminal extension identifier includes:
the user agent sends the identity information of the target website, the registration information and the internet access terminal extension identifier to a trusted server agent or a terminal extension server;
and the trusted server agent or the terminal extension server sends the target website identity information, the registration information and the pre-stored authentication check callback address to the internet terminal extension corresponding to the internet terminal extension identifier, so that the internet terminal extension sends an authentication request to the website server to complete authentication operation.
Preferably, the sending the authentication request feedback information to the internet access terminal extension corresponding to the internet access terminal extension identifier includes:
the user agent sends the identity information of the target website, the registration information and the internet access terminal extension identification to the trusted server agent;
the internet access terminal extension sends the generated random number state to the trusted server agent according to the request for monitoring the trusted server agent;
the trusted server agent sends an authentication request to the website server according to prestored target website identity information, registration information and a random number state to acquire authentication request feedback information;
and the trusted server agent sends the authentication request feedback information and the pre-stored authentication check callback address to the internet access terminal extension corresponding to the internet access terminal extension identifier, so that the internet access terminal extension sends an authentication request to the website server to complete authentication operation.
Preferably, the obtaining of the internet access terminal extension identifier includes:
the user logs in/activates the user agent through the main password;
the Internet access terminal extension generates a temporary unique UUID, and sends the UUID to the user agent and the terminal extension server after waiting for an authorization request of the user agent;
after receiving the UUID sent by the internet-surfing terminal extension, the user agent forwards the UUID to the terminal extension server, and the terminal extension server performs UUID verification;
and the terminal extension server identifies and matches the UUID obtained from the Internet access terminal extension and the user agent, and if the matching is successful, the terminal extension server generates and returns an Internet access terminal extension identifier to the user agent according to the UUID.
Preferably, the obtaining of the internet access terminal extension identifier includes:
a user logs in/activates a user agent through a main password and records user _ id;
the internet-accessing terminal expands to generate a temporary unique UUID, sends the UUID to the user agent and the terminal expansion server after waiting for an authorization request of the user agent, and records a user _ id sent when the user agent authorizes;
the terminal extension server receives the UUID sent by the internet access terminal extension, records the unique extension identifier and establishes a mapping relation between the UUID and the unique extension identifier;
the user agent receives the UUID sent by the internet access terminal extension, sends the user _ id and the UUID to the terminal extension server, and the terminal extension server checks the UUID;
the terminal extension server receives the user _ id and the UUID sent by the user agent, identifies and matches the UUID obtained from the internet access terminal extension and the user agent, establishes a mapping relation between the user _ id and the unique extension identifier if matching is successful, deletes the mapping relation between the UUID and the unique extension identifier in the first step, and performs expiration processing on the UUID;
when the user agent wants to perform relevant authentication operation, the user _ id is sent to the terminal expansion server, the terminal expansion server inquires the mapping relation between the user _ id and the expansion unique identifier, and if the inquiry is successful, the internet access terminal expansion identifier is returned to the user agent.
Preferably, the user agent sends the pre-stored accessible address of the target website to the internet access terminal extension, so that the internet access terminal can expand and newly establish a page window of the target website.
Preferably, the internet access terminal is used for monitoring the request of the trusted server agent in an extended mode and receiving the authentication request feedback information and the pre-stored authentication check callback address.
Preferably, the authentication request feedback information includes: feeding back login authentication information and a token which can be used for verifying the login authorization state; the token is an identification token for verifying whether the user logs in the authorization or not by the website server.
Preferably, the internet access terminal extension monitors the request of the trusted server agent or the terminal extension server, and receives the target website identity information, the registration information and the pre-stored authentication check callback address.
The invention also provides a network identity cross-device application rapid authentication system, which comprises:
the acquisition module is used for acquiring the internet surfing terminal extension identification by the user agent;
the processing module is used for sending an authentication request to the website server according to the prestored target website identity information and registration information to acquire an authentication request feedback token, or forwarding the target website identity information and the registration information through a trusted server agent/terminal expansion server;
and the authentication module is used for sending authentication request feedback information or target website identity information and registration information to the internet terminal extension corresponding to the internet terminal extension identifier, so that the internet terminal extension sends an authentication request to the website server by using the authentication request feedback information or the target website identity information and the registration information to complete authentication operation.
Preferably, the authentication module is configured to: and sending an authentication request to the website server by a trusted server agent according to the identity information and the registration information to acquire authentication request feedback information, and sending the authentication request feedback information and a prestored authentication check callback address to an internet terminal extension corresponding to the internet terminal extension identifier so that the internet terminal extension sends the authentication request to the website server to complete authentication operation.
Preferably, the authentication module is configured to: and sending an authentication request to a website server by the identity information and the registration information to acquire authentication request feedback information, and sending the authentication request feedback information to an internet terminal extension corresponding to the internet terminal extension identifier so that the internet terminal extension sends an authentication request to the website server to complete authentication operation.
Preferably, the authentication module is configured to: sending the identity information, the registration information and the extension identification of the target website to a trusted server agent or a terminal extension server; and forwarding the identity information and the registration information of the target website to an internet terminal extension corresponding to the internet terminal extension identifier, so that the internet terminal extension sends an authentication request to the website server to complete authentication operation.
The present invention also provides a user agent device, comprising:
a memory for storing a network identity authentication program;
and the processor is used for realizing the network identity cross-device application rapid authentication method when the network identity authentication program is executed.
The invention also provides a computer readable storage medium, on which a network identity authentication program is stored, and when being executed by a processor, the network identity authentication program realizes a network identity cross-device application rapid authentication method.
The invention relates to a network identity cross-device application rapid authentication method, a system and user agent equipment.A user agent can store an accessible address of a target website and authentication identity information such as a user name and a password required by accessing the website in advance for a user on each target website needing to be logged in or registered, the user does not need to remember the address, the user name and the password of the target website, when the target website needs to be logged in or registered, a required application program does not need to be downloaded from the target website, an authentication request is directly activated through the user agent, the server agent directly sends the network identity information to a website server to execute authentication processing, and a target website page is quickly opened and the authentication operation is automatically completed by means of internet access terminal expansion.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flowchart of a method for applying fast authentication across devices for network identity in an embodiment of the present invention;
fig. 2 is a schematic diagram of a preferred method for applying a fast authentication method across devices for network identity according to an embodiment of the present invention;
fig. 3 is a schematic diagram illustrating another preferred method for applying a fast authentication method across devices for network identity according to an embodiment of the present invention;
fig. 4 is a schematic diagram illustrating another preferred method for applying a fast authentication method across devices for network identity according to an embodiment of the present invention;
fig. 5 is a schematic diagram of another preferred method for applying a fast authentication method across devices for network identity according to an embodiment of the present invention;
fig. 6 is a schematic diagram illustrating another preferred method for applying a fast authentication method across devices for network identity according to an embodiment of the present invention;
fig. 7 is a flowchart of acquiring an internet access terminal extension identifier according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a network identity cross-device application rapid authentication system according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, a method for quickly authenticating a network identity across device applications is provided, in which a user can quickly and automatically create a new application page window on the premise of avoiding password fatigue, and complete network identity authentication request operations such as login and registration, thereby improving the security of the network identity and improving the working efficiency, and the method includes:
s1, a user agent acquires an internet access terminal extension identifier;
s2, sending an authentication request to a website server according to prestored target website identity information and registration information to acquire authentication request feedback information, or forwarding the target website identity information and the registration information through a trusted server agent/terminal expansion server;
s3, sending authentication request feedback information or target website identity information and registration information to an internet terminal extension corresponding to the internet terminal extension identifier, so that the internet terminal extension sends an authentication request to a website server by using the authentication request feedback information or the target website identity information and the registration information to complete authentication operation; the website server is a website server which a user wants to access a target website.
According to the method for quickly authenticating the network identity by the cross-device application, provided by the embodiment of the invention, the user agent can store the identity information and the registration information of the target website in advance for each target website needing to be logged in or registered by the user. The target website identity information comprises an accessible address and/or the following part or all of the following parts: server address, IP address, port, domain name, URL, URI, etc. of the website or application. The registration information includes authentication identity information, such as a user name and password, required by the user to access the website. The user does not need to remember the address, the user name and the password of the target website, when the target website needs to be registered or logged in, the user does not need to download the required application program from the target website, the authentication request is directly triggered or activated through the user agent, the server agent directly sends the registration information to the website server to execute authentication processing, and the web page of the target website is quickly opened and the authentication operation is automatically completed through the expansion of the internet access terminal.
In the embodiment of the invention, a user agent stores an accessible address of a target website in advance, and identity information of the target website or registration information of the target website is automatically generated in advance according to a registration rule of the target website; the registration information may include a username and password to log into the target website. The identity information includes user session information and the like. The accessible address comprises a network address and the like which can be directly accessed to a target website through a specific application;
it should be noted that the user agent is a computer system that can be trusted by the user to help the user automatically generate account information. Multiple user agents may be authorized for each user, but one user agent can only serve one user. The user may authorize and activate the user agent in advance, through which the accessible address, registration information, and identity information of the target website are stored in advance. There are various ways for the user authorized user agent to store the authentication information, which are not specifically limited herein, and those skilled in the art can flexibly select the authentication information according to actual situations. For example, the user agent may automatically complete the generation of account information (i.e., username and password) in lieu of the user based on the registration rules of the target website. The user can also add a newly registered account number or delete an old account number which is registered once in the user agent according to the actual requirement of the user, and backup and synchronization between the cloud and the user agents are realized.
This step is the initiation step of this embodiment, and the default user agent has been authorized and activated by the user. There are many ways in which the user may activate the user agent, and this is not limited in this regard. For example, the user may set a master password for the user agent, and activate the user agent by entering the master password. For another example, the user may activate the user agent by inputting authorized biometric signs, which may include iris information, fingerprint information, audio information, etc. of the user, and is not limited in this respect.
The internet surfing terminal extension identification is a unique token which is generated by the internet surfing terminal extension and uniquely identifies the terminal extension, and the interaction between the subsequent steps and the internet surfing terminal extension needs to be performed by means of the unique identification for session check.
As shown in fig. 2, in a preferred mode of the implementation of the present invention, the sending the authentication request feedback information to the internet access terminal extension corresponding to the internet access terminal extension identifier includes:
the user agent sends the identity information of the target website, the registration information and the internet access terminal extension identification to the trusted server agent;
the trusted server agent sends an authentication request to the website server according to prestored target website identity information and registration information to acquire authentication request feedback information; the method specifically comprises the following steps: in a specific implementation, the trusted server agent is used for sending an authentication request to the website server, wherein the authentication request can be a registration request or a login request. If the authentication is successful, the website server returns an authentication request feedback token to the trusted server agent; authentication failure will return a reasonable error feedback, which is notified to the user agent by the trusted server agent. The website server may generate the authentication request feedback token in various ways, which are not limited in detail herein, and those skilled in the art may select the token flexibly according to actual situations. For example, a unique session identifier (session ID) may be generated by the website server, a globally unique identifier generated by using a UUID method, or a token ciphertext generated based on an encryption algorithm such as RSA, so as to establish a more sophisticated security mechanism.
The trusted server agent sends the authentication request feedback information and the prestored authentication check callback address to the internet access terminal extension corresponding to the internet access terminal extension identifier, so that the internet access terminal extension sends an authentication request to the website server to complete authentication operation; and the internet access terminal is used for monitoring the request of the trusted server agent in an extended mode and receiving the authentication request feedback information and the prestored authentication check callback address. The method comprises the following specific steps: the authentication check callback address is a redirection check interface of a trusted server agent authorized by a target website in advance, the interface address is mainly used for checking the correctness of an authentication request of the internet terminal extension, and if the authentication request passes the check, an authentication state of the internet terminal extension is created, namely, a request of logging in, registering or modifying a password is completed. In specific implementation, after receiving a target website accessible address, an authentication request feedback token and an authentication check callback address sent by a trusted server agent, an internet access terminal expansion creates a new application label page according to the accessible address, and after the page is loaded successfully, requests the callback address by using the authentication request feedback token as a request parameter, waits for authentication information feedback of the callback address, and records an authentication state according to the feedback information. The callback address points to an authentication check interface of the website server and is mainly used for identifying and matching an authentication feedback token sent by the internet access terminal extension, if the matching is successful, an authentication state authorizing the internet access terminal extension is established, a request for logging in, registering or modifying a password is completed, correct authentication information is fed back, the authentication information can be redirected, and the internet access terminal extension is controlled to automatically jump to a correct accessible label page.
As shown in fig. 3, in a preferred mode of the implementation of the present invention, the sending the authentication request feedback information to the internet access terminal extension corresponding to the internet access terminal extension identifier includes:
the user agent sends the identity information of the target website, the registration information and the internet surfing terminal extension identification to the trusted server agent;
the internet access terminal extension sends the generated random number state to the trusted server agent according to the request for monitoring the trusted server agent;
it should be noted that the random number state is a parameter for preventing CSRF attack, and is generated by the internet access terminal in an extended random manner. In a specific implementation, there are various ways for generating the random number state, which are not limited herein, and those skilled in the art can flexibly select the random number state according to the actual situation. The generated state is sent to a trusted server agent for authentication request parameters in subsequent steps, and the network access terminal extension is temporarily written into a local storage, wherein the specific storage mode is not specifically limited, and a person skilled in the art can flexibly select the state according to actual conditions, such as cookies and the like. And when the internet surfing terminal expands and executes the subsequent steps, the internet surfing terminal is taken out and is used as one of the verification parameters of the certification verification callback address to be sent to the website server, so that the website server can judge whether the request is a safe and reasonable request.
The trusted server agent sends an authentication request to the website server according to prestored target website identity information, registration information and random number state to acquire authentication request feedback information;
and the trusted server agent sends the authentication request feedback information and the pre-stored authentication check callback address to the internet access terminal extension corresponding to the internet access terminal extension identifier, so that the internet access terminal extension sends an authentication request to the website server to complete authentication operation. Namely: and the internet access terminal expands an accessible address based on the target website to create a page window, and simultaneously sends identity information and registration information to the website server according to the authentication check callback address to complete authentication operation and receive feedback authentication information.
As shown in fig. 4, in a preferred mode of the implementation of the present invention, the sending the authentication request feedback information to the internet access terminal extension corresponding to the internet access terminal extension identifier includes:
the user agent sends an authentication request to a website server for obtaining authentication request feedback information by sending target website identity information and registration information to the website server, wherein the authentication request feedback information comprises: feeding back login authentication information and a token which can be used for verifying a login authorization state; the token is an identification token for verifying whether the user has logged in the authorization by the website server, and the generation mode is in various modes, which are not specifically limited herein, and those skilled in the art can flexibly select the token according to the actual situation, such as cookie commonly used by the browser application.
The user agent completes authentication operation based on the authentication request feedback information, and when the user selects cross-device application to access the target website, the accessible address of the target website and the token are sent to the internet terminal extension based on the internet terminal extension identification;
and the user agent sends the authentication request feedback information to the internet surfing terminal extension corresponding to the internet surfing terminal extension identifier so that the internet surfing terminal extension sends an authentication request to the website server to complete authentication operation. Namely: and the internet terminal expands an accessible address based on the target website to create a page window, accesses the website server by using the received token to verify login authorization, and receives login authentication information fed back by the website server if the login authentication information passes the verification.
As shown in fig. 5 and 6, in a preferred mode of the present invention, the sending the identity information and the registration information of the target website to the internet access terminal extension corresponding to the internet access terminal extension identifier includes:
the user agent sends the identity information of the target website, the registration information and the internet access terminal extension identifier to a trusted server agent or a terminal extension server;
and the trusted server agent or the terminal extension server sends the target website identity information, the registration information and the pre-stored authentication check callback address to an internet terminal extension corresponding to the internet terminal extension identifier so that the internet terminal extension sends an authentication request to the website server to complete authentication operation, wherein the internet terminal extension monitors the request of the trusted server agent or the terminal extension server and receives the target website identity information, the registration information and the pre-stored authentication check callback address. And the internet access terminal expands an accessible address based on the target website to create a page window, and simultaneously sends identity information and registration information to the website server according to the authentication check callback address to complete authentication operation and receive feedback authentication information.
As shown in fig. 7, in this embodiment, in step S1, acquiring the internet access terminal extension identifier includes:
s11, a user logs in/activates a user agent through a main password;
s12, the Internet access terminal expands to generate a temporary unique UUID, and sends the UUID to the user agent and the terminal expansion server after waiting for an authorization request of the user agent;
s13, after receiving the UUID sent by the internet access terminal extension, the user agent forwards the UUID to a terminal extension server, and the terminal extension server performs UUID verification;
and S14, the terminal extension server identifies and matches the UUID obtained from the internet access terminal extension and the user agent, and if the matching is successful, the terminal extension server generates and returns the internet access terminal extension identifier to the user agent according to the UUID.
In this embodiment, the obtaining the internet surfing terminal extension identifier in step S1 includes:
s111, logging in/activating a user agent by a user through a main password, and recording a user _ id;
s112, the Internet access terminal extension generates a temporary unique UUID, sends the UUID to the user agent and the terminal extension server after waiting for an authorization request of the user agent, and simultaneously records a user _ id sent when the user agent authorizes;
s113, the terminal extension server receives the UUID sent by the internet access terminal extension, records the unique extension identifier and establishes a mapping relation between the UUID and the unique extension identifier;
it should be noted that the unique extension identifier may be an extension id that uniquely points to an extension of the internet access terminal, or may be a network link identifier that can establish a long connection with the extension, such as a long connection socket of a websocket, which is not specifically limited herein, and a person skilled in the art may flexibly select the unique extension identifier according to an actual situation.
S114, the user agent receives the UUID sent by the internet-surfing terminal extension, the user _ id and the UUID are sent to a terminal extension server, and the UUID is verified by the terminal extension server;
s115, the terminal extension server receives the user _ id and the UUID sent by the user agent, identifies and matches the UUID obtained from the internet access terminal extension and the user agent, if the matching is successful, a mapping relation between the user _ id and the unique extension identifier is established, meanwhile, the mapping relation between the UUID and the unique extension identifier in the first step is deleted, and the UUID is subjected to overdue processing;
in a specific implementation, the internet access terminal extension may periodically update the mapping relationship between the user _ id and the extended unique identifier in the terminal extension server based on the user _ id stored in S502, so as to ensure the uniqueness and the real-time property of the extended unique identifier. Meanwhile, the terminal expansion server can set a certain recording time limit for the mapping relation between the user _ id and the expansion unique identifier in the storage, and the user agent is required to re-authorize the internet access terminal expansion after a certain time, so that the safety is improved.
And S116, when the user agent wants to perform related authentication operation, sending the user _ id to the terminal extension server, inquiring the mapping relation between the user _ id and the extension unique identifier by the terminal extension server, and returning the extension unique identifier to the user agent if the inquiry is successful.
As shown in fig. 8, the present invention further provides a network identity cross-device application fast authentication system, which includes:
the acquisition module is used for acquiring the internet surfing terminal extension identification by the user agent;
the processing module is used for sending an authentication request to the website server according to prestored target website identity information and registration information to acquire an authentication request feedback token, or forwarding the target website identity information and the registration information through a trusted server agent/terminal expansion server;
and the authentication module is used for sending authentication request feedback information or target website identity information and registration information to the internet terminal extension corresponding to the internet terminal extension identifier, so that the internet terminal extension sends an authentication request to the website server by using the authentication request feedback information or the target website identity information and the registration information to complete authentication operation.
Preferably, the authentication module is configured to: and sending an authentication request to the website server by a trusted server agent according to the identity information and the registration information to acquire authentication request feedback information, and sending the authentication request feedback information and a prestored authentication check callback address to an internet terminal extension corresponding to the internet terminal extension identifier so that the internet terminal extension sends the authentication request to the website server to complete authentication operation.
Preferably, the authentication module is configured to: and sending an authentication request to a website server by the identity information and the registration information to acquire authentication request feedback information, and sending the authentication request feedback information to an internet terminal extension corresponding to the internet terminal extension identifier so that the internet terminal extension sends an authentication request to the website server to complete authentication operation.
Preferably, the authentication module is configured to: sending the identity information, the registration information and the extension identification of the target website to a trusted server agent or a terminal extension server; and forwarding the identity information and the registration information of the target website to an internet terminal extension corresponding to the internet terminal extension identifier, so that the internet terminal extension sends an authentication request to the website server to complete authentication operation.
The present invention also provides a user agent device, comprising:
a memory for storing a network identity authentication program;
and the processor is used for realizing the network identity cross-device application rapid authentication method when the network identity authentication program is executed.
The invention also provides a computer readable storage medium, on which a network identity authentication program is stored, and when being executed by a processor, the network identity authentication program realizes a network identity cross-device application rapid authentication method.
It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the invention. It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that modifications and variations can be made without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (5)

1. A network identity cross-device application rapid authentication method is characterized by comprising the following steps:
a user agent acquires an internet access terminal extension identifier;
sending an authentication request to a website server according to prestored target website identity information and registration information to acquire authentication request feedback information, or forwarding the target website identity information and the registration information through a trusted server agent;
sending authentication request feedback information or target website identity information and registration information to an internet terminal extension corresponding to the internet terminal extension identifier, so that the internet terminal extension sends an authentication request to a website server by using the authentication request feedback information or the target website identity information and the registration information to complete authentication operation;
the method for acquiring the internet surfing terminal extension identifier comprises the following steps:
a user logs in or activates a user agent;
the Internet accessing terminal expands to generate a temporary unique UUID, and sends the UUID to the user agent and the terminal expansion server after waiting for an authorization request of the user agent;
after receiving the UUID sent by the Internet access terminal extension, the user agent forwards the UUID to a terminal extension server, and the terminal extension server performs UUID verification;
the terminal extension server identifies and matches the UUID obtained from the internet access terminal extension and the user agent, and if the matching is successful, the terminal extension server generates and returns an internet access terminal extension identifier to the user agent according to the UUID;
or, the obtaining of the internet access terminal extension identifier includes:
a user logs in or activates a user agent and records user _ id;
the internet-accessing terminal expands to generate a temporary unique UUID, sends the UUID to the user agent and the terminal expansion server after waiting for an authorization request of the user agent, and records a user _ id sent when the user agent authorizes;
the terminal extension server receives the UUID sent by the internet access terminal extension, records the unique extension identifier and establishes a mapping relation between the UUID and the unique extension identifier;
the user agent receives the UUID sent by the internet access terminal extension, sends the user _ id and the UUID to the terminal extension server, and the terminal extension server checks the UUID;
the terminal extension server receives the user _ id and the UUID sent by the user agent, identifies and matches the UUID obtained from the internet access terminal extension and the user agent, establishes a mapping relation between the user _ id and the unique extension identifier if matching is successful, deletes the mapping relation between the UUID and the unique extension identifier in the first step, and performs expiration processing on the UUID;
when the user agent wants to perform the relevant authentication operation, the user _ id is sent to the terminal expansion server, the terminal expansion server inquires the mapping relation between the user _ id and the expansion unique identifier, if the inquiry is successful, the internet access terminal expansion identifier is returned to the user agent,
wherein, sending the authentication request feedback information to the internet access terminal extension corresponding to the internet access terminal extension identifier comprises:
the user agent sends the identity information of the target website, the registration information and the internet access terminal extension identification to the trusted server agent;
the trusted server agent sends an authentication request to the website server according to prestored target website identity information and registration information to acquire authentication request feedback information;
the trusted server agent sends the authentication request feedback information and the prestored authentication check callback address to the internet access terminal extension corresponding to the internet access terminal extension identifier, so that the internet access terminal extension sends an authentication request to the website server to complete authentication operation;
or, the sending the authentication request feedback information to the internet access terminal extension corresponding to the internet access terminal extension identifier includes:
the user agent sends the target website identity information and the registration information to a website server to obtain authentication request feedback information;
the user agent sends the authentication request feedback information to an internet surfing terminal extension corresponding to the internet surfing terminal extension identification, so that the internet surfing terminal extension sends an authentication request to the website server to complete authentication operation;
or, the sending the authentication request feedback information to the internet access terminal extension corresponding to the internet access terminal extension identifier includes:
the user agent sends the identity information of the target website, the registration information and the internet access terminal extension identification to the trusted server agent;
the internet access terminal extension sends a generated random number state to the trusted server agent according to a request for monitoring the trusted server agent;
the trusted server agent sends an authentication request to the website server according to prestored target website identity information, registration information and random number state to acquire authentication request feedback information;
the trusted server agent sends the authentication request feedback information and the prestored authentication check callback address to the internet access terminal extension corresponding to the internet access terminal extension identifier, so that the internet access terminal extension sends an authentication request to the website server to complete authentication operation;
the user agent sends the pre-stored accessible address of the target website to the internet surfing terminal expansion so that the internet surfing terminal expands and creates a new target website page window;
the internet surfing terminal is used for monitoring the request of the trusted server agent in an extended mode and receiving the authentication request feedback information and the prestored authentication check callback address;
the authentication request feedback information includes: feeding back login authentication information and a token which can be used for verifying the login authorization state; the token is an identification token for verifying whether the user logs in the authorization or not by the website server.
2. A network identity cross-device application rapid authentication system is characterized by comprising:
the acquisition module is used for acquiring the internet surfing terminal extension identification by the user agent;
the processing module is used for sending an authentication request to the website server according to the prestored target website identity information and registration information to acquire authentication request feedback information, or forwarding the target website identity information and the registration information through a trusted server agent;
the authentication module is used for sending authentication request feedback information or target website identity information and registration information to an internet terminal extension corresponding to the internet terminal extension identifier, so that the internet terminal extension sends an authentication request to a website server by using the authentication request feedback information or the target website identity information and the registration information to complete authentication operation; the user agent sends the pre-stored accessible address of the target website to the internet surfing terminal expansion so that the internet surfing terminal expands and creates a new target website page window;
the authentication module is configured to: sending the identity information and the registration information of the target website to the internet surfing terminal extension corresponding to the internet surfing terminal extension identifier comprises the following steps: and sending an authentication request to the website server through a trusted server agent according to the identity information and the registration information to acquire authentication request feedback information, and sending the authentication request feedback information and a prestored authentication check callback address to an internet terminal extension corresponding to the internet terminal extension identifier so that the internet terminal extension sends the authentication request to the website server to complete authentication operation.
3. The network identity cross-device application rapid authentication system according to claim 2, wherein the authentication module is configured to: sending the identity information and the registration information of the target website to the internet access terminal extension corresponding to the internet access terminal extension identifier comprises the following steps: sending the identity information, the registration information and the internet surfing terminal extension identification of the target website to a trusted server agent; and forwarding the identity information and the registration information of the target website to an internet terminal extension corresponding to the internet terminal extension identifier, so that the internet terminal extension sends an authentication request to the website server to complete authentication operation.
4. A user agent device, comprising:
a memory for storing a network identity authentication program;
a processor for implementing the steps of the network identity cross-device application fast authentication method as claimed in claim 1 when executing the network identity authentication procedure.
5. A computer-readable storage medium, wherein a network authentication program is stored on the computer-readable storage medium, and when executed by a processor, the network authentication program implements the network identity cross-device application fast authentication method as claimed in claim 1.
CN202110259933.2A 2021-03-10 2021-03-10 Network identity cross-device application rapid authentication method and system, and user agent device Active CN112929388B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110259933.2A CN112929388B (en) 2021-03-10 2021-03-10 Network identity cross-device application rapid authentication method and system, and user agent device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110259933.2A CN112929388B (en) 2021-03-10 2021-03-10 Network identity cross-device application rapid authentication method and system, and user agent device

Publications (2)

Publication Number Publication Date
CN112929388A CN112929388A (en) 2021-06-08
CN112929388B true CN112929388B (en) 2022-11-01

Family

ID=76172380

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110259933.2A Active CN112929388B (en) 2021-03-10 2021-03-10 Network identity cross-device application rapid authentication method and system, and user agent device

Country Status (1)

Country Link
CN (1) CN112929388B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114553573B (en) * 2022-02-23 2024-05-28 中国工商银行股份有限公司 Identity authentication method and device
CN115022068A (en) * 2022-06-17 2022-09-06 武汉思普崚技术有限公司 Authentication method and system based on user nail

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013001573A1 (en) * 2011-06-29 2013-01-03 パイオニア株式会社 Account management system, and account management system control method and program
CN104270338A (en) * 2014-09-01 2015-01-07 刘文印 A method and system of electronic identity registration and authentication login
WO2016078419A1 (en) * 2014-11-20 2016-05-26 中兴通讯股份有限公司 Open authorization method, device and open platform
CN105871878A (en) * 2016-05-06 2016-08-17 张红军 Login method and system

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SG11201405282RA (en) * 2012-04-01 2014-09-26 Authentify Inc Secure authentication in a multi-party system
US9038138B2 (en) * 2012-09-10 2015-05-19 Adobe Systems Incorporated Device token protocol for authorization and persistent authentication shared across applications
CN102984127B (en) * 2012-11-05 2015-06-03 武汉大学 User-centered mobile internet identity managing and identifying method
CN103856446B (en) * 2012-11-30 2018-01-09 腾讯科技(深圳)有限公司 A kind of login method, device and open platform system
CN107070945B (en) * 2013-06-19 2021-06-22 华为技术有限公司 Identity login method and equipment
CN108270764B (en) * 2017-01-04 2020-06-02 腾讯科技(深圳)有限公司 Application login method, server and mobile terminal
US20190028460A1 (en) * 2017-07-19 2019-01-24 JumpCloud, Inc. Low-overhead single sign on
CN207442908U (en) * 2017-11-16 2018-06-01 广东工业大学 A kind of network ID authentication device and a kind of logger
CN107809438A (en) * 2017-11-16 2018-03-16 广东工业大学 A kind of network authentication method, system and its user agent device used
KR102105110B1 (en) * 2018-04-11 2020-04-27 주식회사 수퍼블리 Method and system for simple login service and apparatus therefor

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013001573A1 (en) * 2011-06-29 2013-01-03 パイオニア株式会社 Account management system, and account management system control method and program
CN104270338A (en) * 2014-09-01 2015-01-07 刘文印 A method and system of electronic identity registration and authentication login
CN107302539A (en) * 2014-09-01 2017-10-27 刘文印 Method and its system that a kind of electronic identity registration and certification are logged in
WO2016078419A1 (en) * 2014-11-20 2016-05-26 中兴通讯股份有限公司 Open authorization method, device and open platform
CN105871878A (en) * 2016-05-06 2016-08-17 张红军 Login method and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
一种在Android移动终端实现单点登录的新方法;田野等;《计算机技术与发展》;20170307(第04期);全文 *
基于xPON+EOC面向NGB的认证方式优化;舒兴勇;《网络新媒体技术》;20130715(第04期);全文 *

Also Published As

Publication number Publication date
CN112929388A (en) 2021-06-08

Similar Documents

Publication Publication Date Title
CN112597472B (en) Single sign-on method, device and storage medium
CA2689847C (en) Network transaction verification and authentication
CN109547458B (en) Login verification method and device, computer equipment and storage medium
US7886346B2 (en) Flexible and adjustable authentication in cyberspace
US8191123B2 (en) Provisioning a network appliance
US8191122B2 (en) Provisioning a network appliance
CN108259502A (en) For obtaining the identification method of interface access rights, server-side and storage medium
CN111953681B (en) DNS identity authentication method and terminal
CN100512107C (en) Security identification method
CN113341798A (en) Method, system, device, equipment and storage medium for remotely accessing application
CN112929388B (en) Network identity cross-device application rapid authentication method and system, and user agent device
CN111371725A (en) Method for improving security of session mechanism, terminal equipment and storage medium
CN108111486B (en) Method and device for avoiding repeated login
CN114301617A (en) Identity authentication method and device for multi-cloud application gateway, computer equipment and medium
CN112118238A (en) Method, device, system, equipment and storage medium for authentication login
CN112966242A (en) User name and password authentication method, device and equipment and readable storage medium
CN114500074B (en) Single-point system security access method and device and related equipment
CN113114464B (en) Unified security management system and identity authentication method
JP2018037025A (en) Program, authentication system, and authentication cooperative system
US20230315830A1 (en) Web-based authentication for desktop applications
CN116962088B (en) Login authentication method, zero trust controller and electronic equipment
US11533306B2 (en) Processes and method for safe of use, monitoring and management of device accounts in terminal manner
JP7507186B2 (en) How to handle network systems and single sign-on
KR100406292B1 (en) Password Transmission system and method in Terminal Communications
WO2023191777A1 (en) Web-based authentication for desktop applications

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant